AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix dupe race condition with ticket, invoice, quote, project, recurring ticket numbering when being created in parallel Atomically update and get the next ticket number in one SQL query everywhere.

This commit is contained in:
johnnyq 2025-11-28 14:14:46 -05:00
parent f09d8ffe05
commit 99e2487d2b
13 changed files with 378 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
agent/modals/quote/quote_to_invoice.php
View File

@ -9,10 +9,9 @@
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
<input type="hidden" name="client_net_terms" value="<?php echo $client_net_terms; ?>">
<div class="modal-body">
<div class="form-group">
<label>Invoice Date <strong class="text-danger">*</strong></label>
<div class="input-group">
@ -22,7 +21,7 @@
<input type="date" class="form-control" name="date" max="2999-12-31" value="<?php echo date("Y-m-d"); ?>" required>
</div>
</div>
</div>
<div class="modal-footer">
<button type="submit" name="add_quote_to_invoice" class="btn btn-primary text-bold"><strong><i class="fas fa-check mr-2"></i>Create Invoice</button>
@ -31,4 +30,4 @@
</form>
</div>
</div>
</div>
</div>

118
agent/post/client.php
View File

@ -237,7 +237,7 @@ if (isset($_POST['add_client'])) {
$client_id
);
mysqli_stmt_execute($query);
$extended_log_description .= ", SSL certificate $website added";
}
}
@ -245,7 +245,7 @@ if (isset($_POST['add_client'])) {
logAction("Client", "Create", "$session_name created client $name$extended_log_description", $client_id, $client_id);
flash_alert("Client <strong>$name</strong> created");
redirect();
}
@ -774,10 +774,16 @@ if (isset($_POST['bulk_add_client_ticket'])) {
$client_name = sanitizeInput($row['client_name']);
// Get the next Ticket Number and update the config
$sql_ticket_number = mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1");
$ticket_number_row = mysqli_fetch_array($sql_ticket_number);
$ticket_number = intval($ticket_number_row['config_ticket_next_number']);
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix);
@ -788,18 +794,10 @@ if (isset($_POST['bulk_add_client_ticket'])) {
//Generate a unique URL key for clients to access
$url_key = randomString(156);
// Increment the config ticket next number
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
$ticket_id = mysqli_insert_id($mysqli);
// Update the next ticket number in the database
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Add Tasks
if (!empty($_POST['tasks'])) {
foreach ($_POST['tasks'] as $task) {
@ -1021,8 +1019,8 @@ if (isset($_POST['bulk_send_client_email']) && isset($_POST['client_ids'])) {
$client_ids_str = implode(',', $client_ids);
// SQL to fetch matching contacts
$sql = "SELECT * FROM contacts
WHERE contact_client_id IN ($client_ids_str)
$sql = "SELECT * FROM contacts
WHERE contact_client_id IN ($client_ids_str)
$contact_filter_query";
$result = mysqli_query($mysqli, $sql);
@ -1181,7 +1179,7 @@ if (isset($_POST["export_client_pdf"])) {
logAction("Client", "Export", "$session_name exported client data to a PDF file", $client_id, $client_id);
// Get client record (joining primary contact and primary location)
$sql = mysqli_query($mysqli, "SELECT * FROM clients
$sql = mysqli_query($mysqli, "SELECT * FROM clients
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1
WHERE client_id = $client_id
@ -1208,53 +1206,53 @@ if (isset($_POST["export_client_pdf"])) {
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id AND location_archived_at IS NULL ORDER BY location_name ASC");
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
$sql_credentials = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_client_id = $client_id ORDER BY credential_name ASC");
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND asset_archived_at IS NULL
ORDER BY asset_type ASC"
);
$sql_asset_workstations = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND (asset_type = 'desktop' OR asset_type = 'laptop')
AND asset_archived_at IS NULL
$sql_asset_workstations = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND (asset_type = 'desktop' OR asset_type = 'laptop')
AND asset_archived_at IS NULL
ORDER BY asset_name ASC"
);
$sql_asset_servers = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND asset_type = 'server'
AND asset_archived_at IS NULL
$sql_asset_servers = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND asset_type = 'server'
AND asset_archived_at IS NULL
ORDER BY asset_name ASC"
);
$sql_asset_vms = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND asset_type = 'virtual machine'
AND asset_archived_at IS NULL
$sql_asset_vms = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND asset_type = 'virtual machine'
AND asset_archived_at IS NULL
ORDER BY asset_name ASC"
);
$sql_asset_network = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND (asset_type = 'Firewall/Router' OR asset_type = 'Switch' OR asset_type = 'Access Point')
AND asset_archived_at IS NULL
$sql_asset_network = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND (asset_type = 'Firewall/Router' OR asset_type = 'Switch' OR asset_type = 'Access Point')
AND asset_archived_at IS NULL
ORDER BY asset_type ASC"
);
$sql_asset_other = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND (asset_type NOT LIKE 'laptop' AND asset_type NOT LIKE 'desktop' AND asset_type NOT LIKE 'server' AND asset_type NOT LIKE 'virtual machine' AND asset_type NOT LIKE 'firewall/router' AND asset_type NOT LIKE 'switch' AND asset_type NOT LIKE 'access point')
AND asset_archived_at IS NULL
$sql_asset_other = mysqli_query($mysqli, "SELECT * FROM assets
LEFT JOIN contacts ON asset_contact_id = contact_id
LEFT JOIN locations ON asset_location_id = location_id
LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1
WHERE asset_client_id = $client_id
AND (asset_type NOT LIKE 'laptop' AND asset_type NOT LIKE 'desktop' AND asset_type NOT LIKE 'server' AND asset_type NOT LIKE 'virtual machine' AND asset_type NOT LIKE 'firewall/router' AND asset_type NOT LIKE 'switch' AND asset_type NOT LIKE 'access point')
AND asset_archived_at IS NULL
ORDER BY asset_type ASC"
);
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id = $client_id AND network_archived_at IS NULL ORDER BY network_name ASC");
@ -1263,38 +1261,38 @@ if (isset($_POST["export_client_pdf"])) {
$sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id AND software_archived_at IS NULL ORDER BY software_name ASC");
$sql_user_licenses = mysqli_query($mysqli, "
SELECT
SELECT
contact_name,
software_name
FROM
FROM
software_contacts
JOIN
JOIN
contacts ON software_contacts.contact_id = contacts.contact_id
JOIN
JOIN
software ON software_contacts.software_id = software.software_id
WHERE software_archived_at IS NULL
AND contact_archived_at IS NULL
AND software_client_id = $client_id
AND contact_client_id = $client_id
ORDER BY
ORDER BY
contact_name, software_name;"
);
$sql_asset_licenses = mysqli_query($mysqli, "
SELECT
SELECT
asset_name,
software_name
FROM
FROM
software_assets
JOIN
JOIN
assets ON software_assets.asset_id = assets.asset_id
JOIN
JOIN
software ON software_assets.software_id = software.software_id
WHERE software_archived_at IS NULL
AND asset_archived_at IS NULL
AND software_client_id = $client_id
AND asset_client_id = $client_id
ORDER BY
ORDER BY
asset_name, software_name;"
);

64
agent/post/invoice.php
View File

@ -17,16 +17,22 @@ if (isset($_POST['add_invoice'])) {
// Get Net Terms
$client_net_terms = intval(getFieldById('clients', $client_id, 'client_net_terms'));
//Get the last Invoice Number and add 1 for the new invoice number
$invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$url_key = randomString(156);
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount', invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
$invoice_id = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created', history_invoice_id = $invoice_id");
@ -81,16 +87,9 @@ if (isset($_POST['add_invoice_copy'])) {
$date = sanitizeInput($_POST['date']);
//Get Net Terms
$sql = mysqli_query($mysqli,"SELECT client_net_terms FROM clients, invoices WHERE client_id = invoice_client_id AND invoice_id = $invoice_id");
$sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE client_id = invoice_client_id AND invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$client_net_terms = intval($row['client_net_terms']);
$new_invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
$sql = mysqli_query($mysqli,"SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$invoice_scope = sanitizeInput($row['invoice_scope']);
$invoice_discount_amount = floatval($row['invoice_discount_amount']);
$invoice_amount = floatval($row['invoice_amount']);
@ -101,6 +100,17 @@ if (isset($_POST['add_invoice_copy'])) {
$old_invoice_prefix = sanitizeInput($row['invoice_prefix']);
$old_invoice_number = intval($row['invoice_number']);
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$new_invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$url_key = randomString(156);
@ -206,7 +216,7 @@ if (isset($_GET['cancel_invoice'])) {
}
if (isset($_GET['delete_invoice'])) {
$invoice_id = intval($_GET['delete_invoice']);
// Get Invoice Number and Prefix and Client ID for Logging
@ -251,7 +261,7 @@ if (isset($_GET['delete_invoice'])) {
}
if (isset($_POST['add_invoice_item'])) {
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
@ -264,7 +274,7 @@ if (isset($_POST['add_invoice_item'])) {
$product_id = intval($_POST['product_id']);
$subtotal = $price * $qty;
// Update Product Inventory
if ($product_id) {
// Only enforce stock for tangible products
@ -334,7 +344,7 @@ if (isset($_POST['add_invoice_item'])) {
}
if (isset($_POST['invoice_note'])) {
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
@ -358,7 +368,7 @@ if (isset($_POST['invoice_note'])) {
}
if (isset($_POST['edit_item'])) {
enforceUserPermission('module_sales', 2);
$item_id = intval($_POST['item_id']);
@ -405,7 +415,7 @@ if (isset($_POST['edit_item'])) {
$row = mysqli_fetch_array($sql_invoice_total);
$new_invoice_amount = floatval($row['invoice_total']) - $invoice_discount;
mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
@ -458,7 +468,7 @@ if (isset($_POST['edit_item'])) {
}
if (isset($_GET['delete_invoice_item'])) {
enforceUserPermission('module_sales', 2);
$item_id = intval($_GET['delete_invoice_item']);
@ -499,7 +509,7 @@ if (isset($_GET['delete_invoice_item'])) {
}
if (isset($_GET['email_invoice'])) {
$invoice_id = intval($_GET['email_invoice']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices
@ -577,7 +587,7 @@ if (isset($_GET['email_invoice'])) {
$email_id = mysqli_insert_id($mysqli);
flash_alert("Invoice sent!");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id");
// Don't change the status to sent if the status is anything but draft
@ -627,7 +637,7 @@ if (isset($_GET['email_invoice'])) {
if (isset($_POST['export_invoices_csv'])) {
enforceUserPermission('module_sales');
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
@ -690,7 +700,7 @@ if (isset($_POST['export_invoices_csv'])) {
}
if (isset($_POST['link_invoice_to_ticket'])) {
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
@ -703,7 +713,7 @@ if (isset($_POST['link_invoice_to_ticket'])) {
}
if (isset($_POST['add_ticket_to_invoice'])) {
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
@ -874,7 +884,7 @@ if (isset($_GET['export_invoice_pdf'])) {
// Load items
$sub_total = 0;
$total_tax = 0;
$sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_order ASC");
while ($item = mysqli_fetch_array($sql_items)) {
$name = $item['item_name'];
@ -933,7 +943,7 @@ if (isset($_GET['export_invoice_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}");
$pdf->Output("$filename.pdf", 'I');
exit;
}

31
agent/post/project.php
View File

@ -20,11 +20,16 @@ if (isset($_POST['add_project'])) {
// Sanitize Project Prefix
$config_project_prefix = sanitizeInput($config_project_prefix);
// Get the next Project Number and add 1 for the new Project number
$project_number = $config_project_next_number;
$new_config_project_next_number = $config_project_next_number + 1;
// Atomically increment and get the new project number
mysqli_query($mysqli, "
UPDATE settings
SET
config_project_next_number = LAST_INSERT_ID(config_project_next_number),
config_project_next_number = config_project_next_number + 1
WHERE company_id = 1
");
mysqli_query($mysqli, "UPDATE settings SET config_project_next_number = $new_config_project_next_number WHERE company_id = 1");
$project_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "INSERT INTO projects SET project_prefix = '$config_project_prefix', project_number = $project_number, project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id");
@ -44,15 +49,19 @@ if (isset($_POST['add_project'])) {
$ticket_template_subject = sanitizeInput($row['ticket_template_subject']);
$ticket_template_details = mysqli_escape_string($mysqli, $row['ticket_template_details']);
// Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$ticket_template_subject', ticket_details = '$ticket_template_details', ticket_priority = 'Low', ticket_status = 1, ticket_created_by = $session_user_id, ticket_client_id = $client_id, ticket_project_id = $project_id");
$config_ticket_next_number = $config_ticket_next_number + 1;
$ticket_id = mysqli_insert_id($mysqli);
// Task Templates for Ticket template and add the to the ticket
@ -263,7 +272,7 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
flash_alert("Ticket added to <strong>$project_name</strong>");
redirect();
}

63
agent/post/quote.php
View File

@ -14,10 +14,16 @@ if (isset($_POST['add_quote'])) {
$client_id = intval($_POST['client']);
//Get the last Quote Number and add 1 for the new Quote number
$quote_number = $config_quote_next_number;
$new_config_quote_next_number = $config_quote_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_quote_next_number = $new_config_quote_next_number WHERE company_id = 1");
// Atomically increment and get the new quote number
mysqli_query($mysqli, "
UPDATE settings
SET
config_quote_next_number = LAST_INSERT_ID(config_quote_next_number),
config_quote_next_number = config_quote_next_number + 1
WHERE company_id = 1
");
$quote_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$quote_url_key = randomString(156);
@ -49,10 +55,16 @@ if (isset($_POST['add_quote_copy'])) {
$config_quote_prefix = sanitizeInput($config_quote_prefix);
//Get the last Invoice Number and add 1 for the new invoice number
$quote_number = $config_quote_next_number;
$new_config_quote_next_number = $config_quote_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_quote_next_number = $new_config_quote_next_number WHERE company_id = 1");
// Atomically increment and get the new quote number
mysqli_query($mysqli, "
UPDATE settings
SET
config_quote_next_number = LAST_INSERT_ID(config_quote_next_number),
config_quote_next_number = config_quote_next_number + 1
WHERE company_id = 1
");
$quote_number = mysqli_insert_id($mysqli);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
@ -106,16 +118,10 @@ if (isset($_POST['add_quote_to_invoice'])) {
$quote_id = intval($_POST['quote_id']);
$date = sanitizeInput($_POST['date']);
$client_net_terms = intval($_POST['client_net_terms']);
$config_invoice_prefix = sanitizeInput($config_invoice_prefix);
$invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
$sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id");
$sql = mysqli_query($mysqli,"SELECT * FROM clients, quotes WHERE client_id = quote_client_id AND quote_id = $quote_id");
$row = mysqli_fetch_array($sql);
$client_net_terms = intval($row['client_net_terms']);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$quote_discount_amount = floatval($row['quote_discount_amount']);
@ -127,6 +133,19 @@ if (isset($_POST['add_quote_to_invoice'])) {
$client_id = intval($row['quote_client_id']);
$category_id = intval($row['quote_category_id']);
$config_invoice_prefix = sanitizeInput($config_invoice_prefix);
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$url_key = randomString(156);
@ -153,7 +172,7 @@ if (isset($_POST['add_quote_to_invoice'])) {
}
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Invoiced' WHERE quote_id = $quote_id");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote invoiced as $config_invoice_prefix$invoice_number', history_quote_id = $quote_id");
logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from quote $config_quote_prefix$quote_number", $client_id, $new_invoice_id);
@ -339,7 +358,7 @@ if (isset($_GET['delete_quote_item'])) {
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = sanitizeInput($row['quote_number']);
$client_id = intval($row['quote_client_id']);
$new_quote_amount = floatval($row['quote_amount']) - $item_total;
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
@ -494,7 +513,7 @@ if (isset($_GET['email_quote'])) {
// Update History
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Quote', history_quote_id = $quote_id");
logAction("Quote", "Email", "$session_name emailed quote $quote_prefix$quote_number to $contact_email", $client_id, $quote_id);
flash_alert("Quote sent!");
@ -549,7 +568,7 @@ if(isset($_POST['export_quotes_csv'])){
}
$sql = mysqli_query($mysqli,"SELECT * FROM quotes $client_query ORDER BY quote_number ASC");
$num_rows = mysqli_num_rows($sql);
if($num_rows > 0){
@ -581,7 +600,7 @@ if(isset($_POST['export_quotes_csv'])){
//output all remaining data on a file pointer
fpassthru($f);
}
logAction("Quote", "Export", "$session_name exported $num_rows quote(s) to a CSV file");
flash_alert("Exported <strong>$num_rows</strong> quote(s)");
@ -796,7 +815,7 @@ if (isset($_GET['export_quote_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$quote_date}_{$company_name}_{$client_name}_Quote_{$quote_prefix}{$quote_number}");
$pdf->Output("$filename.pdf", 'I');
exit;
}

58
agent/post/recurring_invoice.php
View File

@ -23,10 +23,16 @@ if (isset($_POST['add_invoice_recurring'])) {
$client_id = intval($row['invoice_client_id']);
$category_id = intval($row['invoice_category_id']);
//Get the last Recurring Invoice Number and add 1 for the new Recurring Invoice number
$recurring_invoice_number = $config_recurring_invoice_next_number;
$new_config_recurring_invoice_next_number = $config_recurring_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_recurring_invoice_next_number = $new_config_recurring_invoice_next_number WHERE company_id = 1");
// Atomically increment and get the new recurring_invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_recurring_invoice_next_number = LAST_INSERT_ID(config_recurring_invoice_next_number),
config_recurring_invoice_next_number = config_recurring_invoice_next_number + 1
WHERE company_id = 1
");
$recurring_invoice_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO recurring_invoices SET recurring_invoice_prefix = '$config_recurring_invoice_prefix', recurring_invoice_number = $recurring_invoice_number, recurring_invoice_scope = '$invoice_scope', recurring_invoice_frequency = '$recurring_invoice_frequency', recurring_invoice_next_date = DATE_ADD('$invoice_date', INTERVAL 1 $recurring_invoice_frequency), recurring_invoice_status = 1, recurring_invoice_amount = $invoice_amount, recurring_invoice_currency_code = '$invoice_currency_code', recurring_invoice_note = '$invoice_note', recurring_invoice_category_id = $category_id, recurring_invoice_client_id = $client_id");
@ -66,10 +72,16 @@ if (isset($_POST['add_recurring_invoice'])) {
$category = intval($_POST['category']);
$scope = sanitizeInput($_POST['scope']);
//Get the last Recurring Number and add 1 for the new Recurring number
$recurring_invoice_number = $config_recurring_invoice_next_number;
$new_config_recurring_invoice_next_number = $config_recurring_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_recurring_invoice_next_number = $new_config_recurring_invoice_next_number WHERE company_id = 1");
// Atomically increment and get the new recurring_invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_recurring_invoice_next_number = LAST_INSERT_ID(config_recurring_invoice_next_number),
config_recurring_invoice_next_number = config_recurring_invoice_next_number + 1
WHERE company_id = 1
");
$recurring_invoice_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli,"INSERT INTO recurring_invoices SET recurring_invoice_prefix = '$config_recurring_invoice_prefix', recurring_invoice_number = $recurring_invoice_number, recurring_invoice_scope = '$scope', recurring_invoice_frequency = '$frequency', recurring_invoice_next_date = '$start_date', recurring_invoice_category_id = $category, recurring_invoice_status = 1, recurring_invoice_currency_code = '$session_company_currency', recurring_invoice_client_id = $client_id");
@ -124,7 +136,7 @@ if (isset($_POST['edit_recurring_invoice'])) {
}
if (isset($_GET['delete_recurring_invoice'])) {
$recurring_invoice_id = intval($_GET['delete_recurring_invoice']);
// Get Recurring Invoice Details and Client ID for Logging
@ -234,7 +246,7 @@ if (isset($_POST['recurring_invoice_note'])) {
}
if (isset($_GET['delete_recurring_invoice_item'])) {
$item_id = intval($_GET['delete_recurring_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
@ -250,7 +262,7 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
$recurring_invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']);
$recurring_invoice_number = intval($row['recurring_invoice_number']);
$client_id = intval($row['recurring_invoice_client_id']);
$new_recurring_invoice_amount = floatval($row['recurring_invoice_amount']) - $item_total;
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $new_recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
@ -266,7 +278,7 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
}
if (isset($_GET['force_recurring'])) {
$recurring_invoice_id = intval($_GET['force_recurring']);
$sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id");
@ -286,10 +298,16 @@ if (isset($_GET['force_recurring'])) {
$client_id = intval($row['recurring_invoice_client_id']);
$client_net_terms = intval($row['client_net_terms']);
//Get the last Invoice Number and add 1 for the new invoice number
$new_invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$new_invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$url_key = randomString(156);
@ -472,7 +490,7 @@ if (isset($_POST['set_recurring_payment'])) {
}
if (isset($_POST['export_client_recurring_invoice_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
@ -482,7 +500,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
$client_name = $row['client_name'];
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_client_id = $client_id ORDER BY recurring_invoice_number ASC");
$num_rows = mysqli_num_rows($sql);
if ($num_rows > 0) {
@ -520,7 +538,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
}
if (isset($_GET['recurring_invoice_email_notify'])) {
$recurring_invoice_email_notify = intval($_GET['recurring_invoice_email_notify']);
$recurring_invoice_id = intval($_GET['recurring_invoice_id']);
@ -535,7 +553,7 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
// Wording
if ($recurring_invoice_email_notify) {
$notify_wording = "On";
} else {
} else {
$notify_wording = "Off";
}

29
agent/post/recurring_ticket.php
View File

@ -103,11 +103,16 @@ if (isset($_POST['bulk_force_recurring_tickets'])) {
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
// Assign this new ticket the next ticket number & increment config_ticket_next_number by 1 (for the next ticket)
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"));
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']);
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");
@ -236,10 +241,16 @@ if (isset($_GET['force_recurring_ticket'])) {
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
// Assign this new ticket the next ticket number & increment config_ticket_next_number by 1 (for the next ticket)
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");

37
agent/post/ticket.php
View File

@ -1503,10 +1503,16 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
$subject_asset_prepended = "$asset_name - $subject";
// Get the next Ticket Number and update the config
$sql_ticket_number = mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1");
$ticket_number_row = mysqli_fetch_array($sql_ticket_number);
$ticket_number = intval($ticket_number_row['config_ticket_next_number']);
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix);
@ -1517,18 +1523,10 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
//Generate a unique URL key for clients to access
$url_key = randomString(156);
// Increment the config ticket next number
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
$ticket_id = mysqli_insert_id($mysqli);
// Update the next ticket number in the database
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Add Tasks
if (!empty($_POST['tasks'])) {
foreach ($_POST['tasks'] as $task) {
@ -2155,11 +2153,18 @@ if (isset($_POST['add_invoice_from_ticket'])) {
if ($invoice_id == 0) {
//Get the last Invoice Number and add 1 for the new invoice number
$invoice_number = $config_invoice_next_number;
$invoice_prefix = sanitizeInput($config_invoice_prefix);
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$url_key = randomString(156);

12
agent/ticket.php
View File

@ -274,7 +274,7 @@ if (isset($_GET['ticket_id'])) {
// Get ticket replies
$sql_ticket_replies = mysqli_query($mysqli, "SELECT * FROM ticket_replies
$sql_ticket_replies = mysqli_query($mysqli, "SELECT * FROM ticket_replies
LEFT JOIN users ON ticket_reply_by = user_id
LEFT JOIN contacts ON ticket_reply_by = contact_id
WHERE ticket_reply_ticket_id = $ticket_id
@ -340,7 +340,7 @@ if (isset($_GET['ticket_id'])) {
$sql_ticket_collaborators = mysqli_query($mysqli, "
SELECT GROUP_CONCAT(DISTINCT user_name SEPARATOR ', ') AS user_names
FROM users
LEFT JOIN ticket_replies ON user_id = ticket_reply_by
LEFT JOIN ticket_replies ON user_id = ticket_reply_by
WHERE ticket_reply_archived_at IS NULL AND ticket_reply_ticket_id = $ticket_id
");
@ -461,7 +461,7 @@ if (isset($_GET['ticket_id'])) {
<div class="card-group mb-3">
<div class="card card-body">
<div title="<?php echo $ticket_updated_at; ?>">
<i class="fa fa-fw fa-history text-secondary mr-2"></i>Updated: <strong><?php echo $ticket_updated_at_ago; ?></strong>
</div>
@ -587,7 +587,7 @@ if (isset($_GET['ticket_id'])) {
<!-- Only show ticket reply modal if status is not closed -->
<?php if (lookupUserPermission("module_support") >= 2 && empty($ticket_resolved_at) && empty($ticket_closed_at)) { ?>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="ticket_id" id="ticket_id" value="<?php echo $ticket_id; ?>">
@ -677,7 +677,7 @@ if (isset($_GET['ticket_id'])) {
</div>
</form>
<!-- End IF for reply modal -->
<?php } ?>
@ -813,7 +813,7 @@ if (isset($_GET['ticket_id'])) {
<div class="card <?php if(!$ticket_resolved_at) { echo "collapsed-card"; } ?>">
<div class="card-header">
<h5 class="card-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Ticket Details</h5>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="collapse">
<i class="fas fa-chevron-down"></i>

14
api/v1/tickets/create.php
View File

@ -32,10 +32,16 @@ if (!empty($subject)) {
$contact = intval($row['contact_id']);
}
//Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Insert ticket
$url_key = randomString(156);

184
client/post.php
View File

@ -34,10 +34,16 @@ if (isset($_POST['add_ticket'])) {
$priority = sanitizeInput($_POST['priority']);
}
// Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Portal', ticket_category = $category, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = $session_user_id, ticket_contact_id = $session_contact_id, ticket_asset_id = $asset, ticket_url_key = '$url_key', ticket_client_id = $session_client_id");
$ticket_id = mysqli_insert_id($mysqli);
@ -180,7 +186,7 @@ if (isset($_POST['add_ticket_comment'])) {
}
if (isset($_POST['add_ticket_feedback'])) {
$ticket_id = intval($_POST['ticket_id']);
$feedback = sanitizeInput($_POST['add_ticket_feedback']);
@ -210,7 +216,7 @@ if (isset($_POST['add_ticket_feedback'])) {
}
if (isset($_GET['resolve_ticket'])) {
$ticket_id = intval($_GET['resolve_ticket']);
// Get ticket details for logging
@ -275,7 +281,7 @@ if (isset($_GET['reopen_ticket'])) {
}
if (isset($_GET['close_ticket'])) {
$ticket_id = intval($_GET['close_ticket']);
// Get ticket details for logging
@ -299,7 +305,7 @@ if (isset($_GET['close_ticket'])) {
customAction('ticket_close', $ticket_id);
redirect("ticket.php?id=" . $ticket_id);
} else {
// The client does not have access to this ticket - send them home
redirect("index.php");
@ -307,7 +313,7 @@ if (isset($_GET['close_ticket'])) {
}
if (isset($_GET['logout'])) {
setcookie("PHPSESSID", '', time() - 3600, "/");
unset($_COOKIE['PHPSESSID']);
@ -319,9 +325,9 @@ if (isset($_GET['logout'])) {
}
if (isset($_POST['edit_profile'])) {
$new_password = $_POST['new_password'];
if (!empty($new_password)) {
$password_hash = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE users SET user_password = '$password_hash' WHERE user_id = $session_user_id");
@ -329,7 +335,7 @@ if (isset($_POST['edit_profile'])) {
// Logging
logAction("Contact", "Edit", "Client contact $session_contact_name edited their profile/password in the client portal", $session_client_id, $session_contact_id);
}
redirect('index.php');
}
@ -362,12 +368,12 @@ if (isset($_POST['add_contact'])) {
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$password_hash', user_auth_method = '$contact_auth_method', user_type = 2");
$contact_user_id = mysqli_insert_id($mysqli);
}
// Create contact record
mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical, contact_client_id = $session_client_id, contact_user_id = $contact_user_id");
$contact_id = mysqli_insert_id($mysqli);
// Logging
@ -613,15 +619,15 @@ if (isset($_GET['add_payment_by_provider'])) {
customAction('invoice_pay', $invoice_id);
flash_alert("The amount " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " paid Invoice $invoice_prefix$invoice_number");
redirect();
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
flash_alert("Payment failed", 'error');
redirect();
}
@ -635,9 +641,9 @@ if (isset($_POST['create_stripe_customer'])) {
// Get Stripe provider
$stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
LIMIT 1
");
@ -657,10 +663,10 @@ if (isset($_POST['create_stripe_customer'])) {
// Check if client already has a Stripe customer
$existing_customer = mysqli_fetch_array(mysqli_query($mysqli, "
SELECT payment_provider_client
FROM client_payment_provider
WHERE client_id = $session_client_id
AND payment_provider_id = $stripe_provider_id
SELECT payment_provider_client
FROM client_payment_provider
WHERE client_id = $session_client_id
AND payment_provider_id = $stripe_provider_id
LIMIT 1
"));
@ -684,10 +690,10 @@ if (isset($_POST['create_stripe_customer'])) {
// Insert customer into client_payment_provider
mysqli_query($mysqli, "
INSERT INTO client_payment_provider
SET client_id = $session_client_id,
payment_provider_id = $stripe_provider_id,
payment_provider_client = '$stripe_customer_id',
INSERT INTO client_payment_provider
SET client_id = $session_client_id,
payment_provider_id = $stripe_provider_id,
payment_provider_client = '$stripe_customer_id',
client_payment_provider_created_at = NOW()
");
@ -697,9 +703,9 @@ if (isset($_POST['create_stripe_customer'])) {
} catch (Exception $e) {
$error = $e->getMessage();
error_log("Stripe error while creating customer for $session_client_name: $error");
logApp("Stripe", "error", "Failed to create Stripe customer for $session_client_name: $error");
flash_alert("An error occurred while creating your Stripe customer. Please try again.", 'danger');
@ -723,9 +729,9 @@ if (isset($_GET['create_stripe_checkout'])) {
// Fetch Stripe provider info
$stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
LIMIT 1
");
@ -747,9 +753,9 @@ if (isset($_GET['create_stripe_checkout'])) {
// Get client currency
$client_currency_result = mysqli_query($mysqli, "
SELECT client_currency_code
FROM clients
WHERE client_id = $session_client_id
SELECT client_currency_code
FROM clients
WHERE client_id = $session_client_id
LIMIT 1
");
$client_currency_row = mysqli_fetch_assoc($client_currency_result);
@ -791,9 +797,9 @@ if (isset($_GET['stripe_save_card'])) {
// Get Stripe provider
$stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
LIMIT 1
");
@ -813,10 +819,10 @@ if (isset($_GET['stripe_save_card'])) {
// Get client's Stripe customer ID
$client_provider_query = mysqli_query($mysqli, "
SELECT payment_provider_client
FROM client_payment_provider
WHERE client_id = $session_client_id
AND payment_provider_id = $stripe_provider_id
SELECT payment_provider_client
FROM client_payment_provider
WHERE client_id = $session_client_id
AND payment_provider_id = $stripe_provider_id
LIMIT 1
");
$client_provider = mysqli_fetch_array($client_provider_query);
@ -854,8 +860,8 @@ if (isset($_GET['stripe_save_card'])) {
// Insert into client_saved_payment_methods
mysqli_query($mysqli, "
INSERT INTO client_saved_payment_methods
SET
INSERT INTO client_saved_payment_methods
SET
saved_payment_provider_method = '$payment_method_id',
saved_payment_description = '$saved_payment_description',
saved_payment_client_id = $session_client_id,
@ -874,8 +880,8 @@ if (isset($_GET['stripe_save_card'])) {
// Email Confirmation
$sql_settings = mysqli_query($mysqli, "
SELECT * FROM companies, settings
WHERE companies.company_id = settings.company_id
SELECT * FROM companies, settings
WHERE companies.company_id = settings.company_id
AND companies.company_id = 1
");
$row = mysqli_fetch_array($sql_settings);
@ -922,9 +928,9 @@ if (isset($_GET['delete_saved_payment'])) {
// Get Stripe provider info
$stripe_provider_result = mysqli_query($mysqli, "
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
SELECT * FROM payment_providers
WHERE payment_provider_name = 'Stripe'
AND payment_provider_active = 1
LIMIT 1
");
$stripe_provider = mysqli_fetch_array($stripe_provider_result);
@ -943,11 +949,11 @@ if (isset($_GET['delete_saved_payment'])) {
}
$saved_payment_result = mysqli_query($mysqli, "
SELECT saved_payment_id, saved_payment_description, saved_payment_provider_method
FROM client_saved_payment_methods
WHERE saved_payment_id = $saved_payment_id
AND saved_payment_client_id = $session_client_id
AND saved_payment_provider_id = $stripe_provider_id
SELECT saved_payment_id, saved_payment_description, saved_payment_provider_method
FROM client_saved_payment_methods
WHERE saved_payment_id = $saved_payment_id
AND saved_payment_client_id = $session_client_id
AND saved_payment_provider_id = $stripe_provider_id
LIMIT 1
");
@ -973,27 +979,27 @@ if (isset($_GET['delete_saved_payment'])) {
} catch (Exception $e) {
$error = $e->getMessage();
error_log("Stripe error while removing payment method $payment_method_id: $error");
logApp("Stripe", "error", "Exception removing payment method $payment_method_id: $error");
flash_alert("An error occurred while removing your payment method.", 'danger');
redirect("saved_payment_methods.php");
}
// Remove saved payment method from local DB
mysqli_query($mysqli, "
DELETE FROM client_saved_payment_methods
DELETE FROM client_saved_payment_methods
WHERE saved_payment_id = $saved_payment_id
");
// Remove any auto-pay records using this payment method
$recurring_invoices = mysqli_query($mysqli, "
SELECT recurring_invoice_id
FROM recurring_invoices
SELECT recurring_invoice_id
FROM recurring_invoices
WHERE recurring_invoice_client_id = $session_client_id
");
@ -1001,8 +1007,8 @@ if (isset($_GET['delete_saved_payment'])) {
$recurring_invoice_id = intval($row['recurring_invoice_id']);
mysqli_query($mysqli, "
DELETE FROM recurring_payments
WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id
DELETE FROM recurring_payments
WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id
AND recurring_payment_saved_payment_id = $saved_payment_id
");
}
@ -1010,7 +1016,7 @@ if (isset($_GET['delete_saved_payment'])) {
logAction("Stripe", "Update", "$session_contact_name deleted Stripe payment method $saved_payment_description (PM: $payment_method_id)", $session_client_id);
flash_alert("Payment method $saved_payment_description removed.");
redirect("saved_payment_methods.php");
}
@ -1035,7 +1041,7 @@ if (isset($_POST['set_recurring_payment'])) {
LEFT JOIN client_saved_payment_methods ON saved_payment_provider_id = payment_provider_id
WHERE saved_payment_id = $saved_payment_id
AND saved_payment_client_id = $session_client_id
AND payment_provider_active = 1
AND payment_provider_active = 1
");
$row = mysqli_fetch_array($sql);
@ -1078,13 +1084,13 @@ if (isset($_POST['client_add_document'])) {
$document_content_raw = sanitizeInput($document_name . " " . strip_tags($_POST['document_content']));
// Create document
mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name',
document_description = '$document_description',
document_content = '',
document_content_raw = '$document_content_raw',
document_client_visible = 1,
document_client_id = $session_client_id,
mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name',
document_description = '$document_description',
document_content = '',
document_content_raw = '$document_content_raw',
document_client_visible = 1,
document_client_id = $session_client_id,
document_created_by = $session_contact_id");
$document_id = mysqli_insert_id($mysqli);
@ -1131,7 +1137,7 @@ if (isset($_POST['client_upload_document'])) {
// Check if file was uploaded
if (isset($_FILES['document_file']) && $_FILES['document_file']['error'] == 0) {
// Validate and get a safe file reference name
if ($file_reference_name = checkFileUpload($_FILES['document_file'], $allowedExtensions)) {
@ -1151,26 +1157,26 @@ if (isset($_POST['client_upload_document'])) {
$document_content = "<p>Uploaded file: <strong>$file_name</strong></p><p>$document_description</p>";
$document_content_raw = "$document_name $file_name $document_description";
mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name',
document_description = '$document_description',
document_content = '$document_content',
document_content_raw = '$document_content_raw',
document_client_visible = 1,
document_client_id = $session_client_id,
mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name',
document_description = '$document_description',
document_content = '$document_content',
document_content_raw = '$document_content_raw',
document_client_visible = 1,
document_client_id = $session_client_id,
document_created_by = $session_contact_id");
$document_id = mysqli_insert_id($mysqli);
// Create file entry
mysqli_query($mysqli, "INSERT INTO files SET
file_reference_name = '$file_reference_name',
file_name = '$file_name',
file_description = 'Attached to document: $document_name',
file_ext = '$file_extension',
file_mime_type = '$file_mime_type',
file_size = $file_size,
file_created_by = $session_contact_id,
mysqli_query($mysqli, "INSERT INTO files SET
file_reference_name = '$file_reference_name',
file_name = '$file_name',
file_description = 'Attached to document: $document_name',
file_ext = '$file_extension',
file_mime_type = '$file_mime_type',
file_size = $file_size,
file_created_by = $session_contact_id,
file_client_id = $session_client_id");
$file_id = mysqli_insert_id($mysqli);

31
cron/cron.php
View File

@ -317,13 +317,16 @@ if (mysqli_num_rows($sql_recurring_tickets) > 0) {
$ticket_status = 2; // Set to open if we've auto-assigned an agent
}
// Assign this new ticket the next ticket number
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"));
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']);
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
// Increment config_ticket_next_number by 1 (for the next ticket)
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
$ticket_number = mysqli_insert_id($mysqli);
// Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Recurring', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");
@ -600,14 +603,16 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
$recurring_payment_method = sanitizeInput($row['recurring_payment_method']);
$recurring_payment_account_id = intval($row['recurring_payment_account_id']);
// Get the last Invoice Number and add 1 for the new invoice number
$sql_invoice_number = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_invoice_number);
$config_invoice_next_number = intval($row['config_invoice_next_number']);
// Atomically increment and get the new invoice number
mysqli_query($mysqli, "
UPDATE settings
SET
config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number),
config_invoice_next_number = config_invoice_next_number + 1
WHERE company_id = 1
");
$new_invoice_number = $config_invoice_next_number;
$new_config_invoice_next_number = $config_invoice_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = 1");
$new_invoice_number = mysqli_insert_id($mysqli);
//Generate a unique URL key for clients to access
$url_key = randomString(156);

14
cron/ticket_email_parser.php
View File

@ -76,10 +76,16 @@ $allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf', 'txt', '
function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) {
global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions;
$ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1"));
$ticket_number = intval($ticket_number_sql['config_ticket_next_number']);
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Atomically increment and get the new ticket number
mysqli_query($mysqli, "
UPDATE settings
SET
config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
config_ticket_next_number = config_ticket_next_number + 1
WHERE company_id = 1
");
$ticket_number = mysqli_insert_id($mysqli);
// Clean up the message
$message = trim($message);