diff --git a/functions.php b/functions.php index 5231159d..c54b5f19 100644 --- a/functions.php +++ b/functions.php @@ -390,7 +390,7 @@ function getDomainRecords($name) { return $records; } - $domain = escapeshellarg($name); + $domain = escapeshellarg(str_replace('www.', '', $name)); $records['a'] = substr(trim(strip_tags(shell_exec("dig +short $domain"))), 0, 254); $records['ns'] = substr(trim(strip_tags(shell_exec("dig +short NS $domain"))), 0, 254); $records['mx'] = substr(trim(strip_tags(shell_exec("dig +short MX $domain"))), 0, 254); diff --git a/guest_ajax.php b/guest_ajax.php index f96000fb..975a767c 100644 --- a/guest_ajax.php +++ b/guest_ajax.php @@ -68,7 +68,7 @@ if (isset($_GET['stripe_create_pi'])) { } $config_stripe_secret = $row['config_stripe_secret']; - $pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $client_name"; + $pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $invoice_prefix$invoice_number"; // Create a PaymentIntent with amount, currency and client details try { diff --git a/guest_header.php b/guest_header.php index 141bb1bf..71b602a7 100644 --- a/guest_header.php +++ b/guest_header.php @@ -6,7 +6,9 @@ require_once("functions.php"); session_start(); $ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP()))); -$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT'])); +$ua = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT'])); +$os = strip_tags(mysqli_real_escape_string($mysqli, getOS($ua))); +$browser = strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($ua))); ?> diff --git a/guest_pay_invoice_stripe.php b/guest_pay_invoice_stripe.php index f072e895..b3d2e8bc 100644 --- a/guest_pay_invoice_stripe.php +++ b/guest_pay_invoice_stripe.php @@ -13,9 +13,6 @@ $config_stripe_publishable = htmlentities($stripe_vars['config_stripe_publishabl $config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']); $config_stripe_account = intval($stripe_vars['config_stripe_account']); -$os = trim(strip_tags(mysqli_real_escape_string($mysqli, getOS($user_agent)))); -$browser = trim(strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($user_agent)))); - // Check Stripe is configured if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) { echo "

Stripe payments not enabled/configured

"; @@ -223,7 +220,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent $client_name = htmlentities($row['client_name']); $contact_name = $row['contact_name']; $contact_email = $row['contact_email']; - $company_name = htmlentities($row['company_name']); + $company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name'])); $company_phone = htmlentities($row['company_phone']); $company_locale = htmlentities($row['company_locale']); @@ -250,6 +247,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = '$pi_amount_paid', payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $invoice_company_id"); + // Notify + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $pi_client_id, company_id = $invoice_company_id"); + // Logging $extended_log_desc = ''; if (!$pi_livemode) { diff --git a/guest_view_invoice.php b/guest_view_invoice.php index bdcdad30..85cf1a6d 100644 --- a/guest_view_invoice.php +++ b/guest_view_invoice.php @@ -2,937 +2,914 @@ require_once("guest_header.php"); -if (isset($_GET['invoice_id'], $_GET['url_key'])) { +if (!isset($_GET['invoice_id'], $_GET['url_key'])) { + echo "

Oops, something went wrong! Please raise a ticket if you believe this is an error.

"; + require_once("guest_footer.php"); + exit(); +} - $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']); - $invoice_id = intval($_GET['invoice_id']); +$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']); +$invoice_id = intval($_GET['invoice_id']); - $sql = mysqli_query($mysqli, "SELECT * FROM invoices - LEFT JOIN clients ON invoice_client_id = client_id - LEFT JOIN locations ON primary_location = location_id - LEFT JOIN contacts ON primary_contact = contact_id - LEFT JOIN companies ON invoices.company_id = companies.company_id - LEFT JOIN settings ON settings.company_id = companies.company_id - WHERE invoice_id = $invoice_id - AND invoice_url_key = '$url_key'" - ); +$sql = mysqli_query( + $mysqli, + "SELECT * FROM invoices + LEFT JOIN clients ON invoice_client_id = client_id + LEFT JOIN locations ON primary_location = location_id + LEFT JOIN contacts ON primary_contact = contact_id + LEFT JOIN companies ON invoices.company_id = companies.company_id + LEFT JOIN settings ON settings.company_id = companies.company_id + WHERE invoice_id = $invoice_id + AND invoice_url_key = '$url_key'" +); - if (mysqli_num_rows($sql) == 1) { +if (mysqli_num_rows($sql) !== 1) { + // Invalid invoice/key + echo "

Oops, something went wrong! Please raise a ticket if you believe this is an error.

"; + require_once("guest_footer.php"); + exit(); +} - $row = mysqli_fetch_array($sql); - $invoice_id = $row['invoice_id']; - $invoice_prefix = htmlentities($row['invoice_prefix']); - $invoice_number = htmlentities($row['invoice_number']); - $invoice_status = htmlentities($row['invoice_status']); - $invoice_date = $row['invoice_date']; - $invoice_due = $row['invoice_due']; - $invoice_amount = floatval($row['invoice_amount']); - $invoice_currency_code = htmlentities($row['invoice_currency_code']); - $invoice_note = htmlentities($row['invoice_note']); - $invoice_category_id = $row['invoice_category_id']; - $client_id = $row['client_id']; - $client_name = htmlentities($row['client_name']); - $location_address = htmlentities($row['location_address']); - $location_city = htmlentities($row['location_city']); - $location_state = htmlentities($row['location_state']); - $location_zip = htmlentities($row['location_zip']); - $contact_email = htmlentities($row['contact_email']); - $contact_phone = formatPhoneNumber($row['contact_phone']); - $contact_extension = htmlentities($row['contact_extension']); - $contact_mobile = formatPhoneNumber($row['contact_mobile']); - $client_website = htmlentities($row['client_website']); - $client_currency_code = htmlentities($row['client_currency_code']); - $client_net_terms = htmlentities($row['client_net_terms']); - if ($client_net_terms == 0) { - $client_net_terms = $config_default_net_terms; - } - $company_id = $row['company_id']; - $company_name = htmlentities($row['company_name']); - $company_address = htmlentities($row['company_address']); - $company_city = htmlentities($row['company_city']); - $company_state = htmlentities($row['company_state']); - $company_zip = htmlentities($row['company_zip']); - $company_phone = formatPhoneNumber($row['company_phone']); - $company_email = htmlentities($row['company_email']); - $company_logo = htmlentities($row['company_logo']); - if (!empty($company_logo)) { - $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); - } - $company_locale = htmlentities($row['company_locale']); - $config_invoice_footer = htmlentities($row['config_invoice_footer']); - $config_stripe_enable = $row['config_stripe_enable']; - $config_stripe_publishable = $row['config_stripe_publishable']; - $config_stripe_secret = $row['config_stripe_secret']; +$row = mysqli_fetch_array($sql); +$invoice_id = $row['invoice_id']; +$invoice_prefix = htmlentities($row['invoice_prefix']); +$invoice_number = htmlentities($row['invoice_number']); +$invoice_status = htmlentities($row['invoice_status']); +$invoice_date = $row['invoice_date']; +$invoice_due = $row['invoice_due']; +$invoice_amount = floatval($row['invoice_amount']); +$invoice_currency_code = htmlentities($row['invoice_currency_code']); +$invoice_note = htmlentities($row['invoice_note']); +$invoice_category_id = $row['invoice_category_id']; +$client_id = $row['client_id']; +$client_name = htmlentities($row['client_name']); +$location_address = htmlentities($row['location_address']); +$location_city = htmlentities($row['location_city']); +$location_state = htmlentities($row['location_state']); +$location_zip = htmlentities($row['location_zip']); +$contact_email = htmlentities($row['contact_email']); +$contact_phone = formatPhoneNumber($row['contact_phone']); +$contact_extension = htmlentities($row['contact_extension']); +$contact_mobile = formatPhoneNumber($row['contact_mobile']); +$client_website = htmlentities($row['client_website']); +$client_currency_code = htmlentities($row['client_currency_code']); +$client_net_terms = htmlentities($row['client_net_terms']); +if ($client_net_terms == 0) { + $client_net_terms = intval($row['config_default_net_terms']); +} +$company_id = $row['company_id']; +$company_name = htmlentities($row['company_name']); +$company_address = htmlentities($row['company_address']); +$company_city = htmlentities($row['company_city']); +$company_state = htmlentities($row['company_state']); +$company_zip = htmlentities($row['company_zip']); +$company_phone = formatPhoneNumber($row['company_phone']); +$company_email = htmlentities($row['company_email']); +$company_website = htmlentities($row['company_website']); +$company_logo = htmlentities($row['company_logo']); +if (!empty($company_logo)) { + $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); +} +$company_locale = htmlentities($row['company_locale']); +$config_invoice_footer = htmlentities($row['config_invoice_footer']); +$config_stripe_enable = $row['config_stripe_enable']; +$config_stripe_publishable = $row['config_stripe_publishable']; +$config_stripe_secret = $row['config_stripe_secret']; - //Set Currency Format - $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); +//Set Currency Format +$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); - $ip = strip_tags(mysqli_real_escape_string($mysqli,getIP())); +$invoice_tally_total = 0; // Default - $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); - $os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent))); - $browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent))); +//Set Badge color based off of invoice status +$invoice_badge_color = getInvoiceBadgeColor($invoice_status); - $invoice_tally_total = 0; // Default +//Update status to Viewed only if invoice_status = "Sent" +if ($invoice_status == 'Sent') { + mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Viewed' WHERE invoice_id = $invoice_id"); +} - //Set Badge color based off of invoice status - $invoice_badge_color = getInvoiceBadgeColor($invoice_status); +//Mark viewed in history +mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id"); - //Update status to Viewed only if invoice_status = "Sent" - if ($invoice_status == 'Sent') { - mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Viewed' WHERE invoice_id = $invoice_id"); - } +if ($invoice_status !== 'Paid') { + $client_name_escaped = mysqli_real_escape_string($mysqli, $row['client_name']); + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); +} +$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); - //Mark viewed in history - mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id"); +//Add up all the payments for the invoice and get the total amount paid to the invoice +$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); +$row = mysqli_fetch_array($sql_amount_paid); +$amount_paid = $row['amount_paid']; - //Prevent SQL Error if client_name has ' in their name example Bill's Market - $client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']); - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); +$balance = $invoice_amount - $amount_paid; - $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); +//check to see if overdue +$invoice_color = $invoice_badge_color; // Default +if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") { + $unixtime_invoice_due = strtotime($invoice_due) + 86400; + if ($unixtime_invoice_due < time()) { + $invoice_color = "text-danger"; + } +} - //Add up all the payments for the invoice and get the total amount paid to the invoice - $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); - $row = mysqli_fetch_array($sql_amount_paid); - $amount_paid = $row['amount_paid']; +// Invoice individual items +$sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC"); - $balance = $invoice_amount - $amount_paid; +?> - //check to see if overdue - $invoice_color = $invoice_badge_color; // Default - if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") { - $unixtime_invoice_due = strtotime($invoice_due) + 86400; - if ($unixtime_invoice_due < time()) { - $invoice_color = "text-danger"; - } - } - - ?> - -
-
-
- Invoice History - Print - ');"> Download - - - Pay Online (Coming Soon) - - -
+
+
+
+ Invoice History + Print + ');"> Download + + Pay Online (Coming Soon) + +
+
+
+
+
+ ">
-
-
-
- "> -
-
- -
-
- -
-
- -

Invoice

-
-
-
-
-
    -

    • -
    • -
    • -
    • -
    • -
- -
-
- -
    -

    • -
    • -
    • -
    • -
    • -
    • -
- -
-
-
-
-
-
- - - - - - - - - -
Date
Due
-
-
- - - -
-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - -
ProductDescriptionQtyPriceTaxTotal
-
+
+ +
+
+
-
+ +

Invoice

+
+
+
+
+
    +

    • +
    • +
    • +
    • +
    • +
-
-
- -
-
-
-
-
- -
-
- - - - - - - 0) { ?> - - - - - - 0) { ?> - - - - - - - - - - -
Subtotal
Tax
Paid
Balance
-
-
+
+
-
+
    +

    • +
    • +
    • +
    • +
    • +
    • +
-
+
+
+
+
+
+
+ + + + + + + + + +
Date
Due
- - - - - 1) { - - ?> - - -
-
- Previous Unpaid Invoices -
-
- - - - - - - - - - - - - > - - - - - - - - - -
Invoice #DateDue DateAmount
( Days Late)
-
-
- - - CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC"); - - if (mysqli_num_rows($sql) > 1) { - - ?> - - -
-
- Current Invoices -
-
- - - - - - - - - - - - - > - - - - - - - - - -
Invoice #DateDueAmount
(Due in Days)
-
-
- - - - 1) { - - ?> - - -
-
- Previous Invoices Paid -
-
- - - - - - - - - - - - - > - - - - - - - - - - - strtotime($invoice_due)) { - $payment_note = "Late"; - $difference = strtotime($payment_date) - strtotime($invoice_due); - $days = floor($difference / (60*60*24) ) . " Days"; - }else{ - $payment_note = ""; - $days = ""; - } - - - $invoice_tally_total = $invoice_amount + $invoice_tally_total; ?> - + + + + + + - - ?> - - - - -
Invoice #DateDue DateAmount
Payments
- - - -
+ + +
+
- +
+ +
+
+
+
+
+ +
+
+ + + + + + + 0) { ?> + + + + + + 0) { ?> + + + + + + + + + + +
Subtotal
Tax
Paid
Balance
+
+
+ +
+ +
+
+
+ + + + + + 1) { ?> + +
+
+ Previous Unpaid Invoices +
+
+ + + + + + + + + + + + + > + + + + + + + + + +
Invoice #DateDue DateAmount
( Days Late)
+
+
+ + CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC"); + +if (mysqli_num_rows($sql) > 1) { ?> + + +
+
+ Current Invoices +
+
+ + + + + + + + + + + + + > + + + + + + + + + +
Invoice #DateDueAmount
(Due in Days)
+
+
+ - + + 1) { ?> + +
+
+ Previous Invoices Paid +
+
+ + + + + + + + + + + + + > + + + + + + + + + + + strtotime($invoice_due)) { + $payment_note = "Late"; + $difference = strtotime($payment_date) - strtotime($invoice_due); + $days = floor($difference / (60*60*24) ) . " Days"; + } else { + $payment_note = ""; + $days = ""; + } + + + $invoice_tally_total = $invoice_amount + $invoice_tally_total; + + ?> + + + + + + + + + + +
Invoice #DateDue DateAmount
Payments
- - - -
+
+
+ +

Oops, something went wrong! Please raise a ticket if you believe this is an error.

"; + require_once("guest_footer.php"); + exit(); +} - $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']); - $quote_id = intval($_GET['quote_id']); - $sql = mysqli_query($mysqli,"SELECT * FROM quotes +$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']); +$quote_id = intval($_GET['quote_id']); + +$sql = mysqli_query( + $mysqli, + "SELECT * FROM quotes LEFT JOIN clients ON quote_client_id = client_id LEFT JOIN locations ON primary_location = location_id LEFT JOIN contacts ON primary_contact = contact_id @@ -15,636 +22,627 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) { LEFT JOIN settings ON settings.company_id = companies.company_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'" - ); +); - if (mysqli_num_rows($sql) == 1) { - - $row = mysqli_fetch_array($sql); - - $quote_id = $row['quote_id']; - $quote_prefix = htmlentities($row['quote_prefix']); - $quote_number = htmlentities($row['quote_number']); - $quote_status = htmlentities($row['quote_status']); - $quote_date = $row['quote_date']; - $quote_amount = floatval($row['quote_amount']); - $quote_currency_code = htmlentities($row['quote_currency_code']); - $quote_note = htmlentities($row['quote_note']); - $category_id = $row['category_id']; - $client_id = $row['client_id']; - $client_name = htmlentities($row['client_name']); - $location_address = htmlentities($row['location_address']); - $location_city = htmlentities($row['location_city']); - $location_state = htmlentities($row['location_state']); - $location_zip = htmlentities($row['location_zip']); - $contact_email = htmlentities($row['contact_email']); - $contact_phone = formatPhoneNumber($row['contact_phone']); - $contact_extension = htmlentities($row['contact_extension']); - $contact_mobile = formatPhoneNumber($row['contact_mobile']); - $client_website = htmlentities($row['client_website']); - $client_currency_code = htmlentities($row['client_currency_code']); - $client_net_terms = htmlentities($row['client_net_terms']); - if ($client_net_terms == 0) { - $client_net_terms = $config_default_net_terms; - } - $company_id = $row['company_id']; - $company_name = htmlentities($row['company_name']); - $company_address = htmlentities($row['company_address']); - $company_city = htmlentities($row['company_city']); - $company_state = htmlentities($row['company_state']); - $company_zip = htmlentities($row['company_zip']); - $company_phone = formatPhoneNumber($row['company_phone']); - $company_email = htmlentities($row['company_email']); - $company_logo = htmlentities($row['company_logo']); - if (!empty($company_logo)) { - $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); - } - $company_locale = htmlentities($row['company_locale']); - $config_quote_footer = htmlentities($row['config_quote_footer']); - - //Set Currency Format - $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); - - $ip = strip_tags(mysqli_real_escape_string($mysqli,getIP())); - - $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); - $os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent))); - $browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent))); - - //Update status to Viewed only if invoice_status = "Sent" - if ($quote_status == 'Sent') { - mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Viewed' WHERE quote_id = $quote_id"); - } - - //Mark viewed in history - mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id"); - - //Prevent SQL Error if client_name has ' in their name example Bill's Market - $client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']); - mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); - - ?> - -
- -
-
- - Accept - Decline - -
- -
- Print - ');"> Download -
-
-
- -
-
- "> -
-
-

Quote

-
-
- -
- -
-
    -

    • -
    • -
    • -
    • -
    • -
- -
- -
- -
    -

    • -
    • -
    • -
    • -
    • -
    • -
- -
-
-
-
-
-
- - - - - -
Date
-
-
- - - -
-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - -
ProductDescriptionQtyPriceTaxTotal
-
-
-
-
- -
-
- -
-
-
-
-
- -
- -
- - - - - - - 0) { ?> - - - - - - 0) { ?> - - - - - - - - - - -
Subtotal
Discount
Tax
Total
-
-
- -
- -
-
-
- - - - - +$row = mysqli_fetch_array($sql); - + +
+ +
+
+ + Accept + Decline + +
+ +
+ Print + ');"> Download +
+
+
+ +
+
+ "> +
+
+

Quote

+
+
+ +
+ +
+
    +

    • +
    • +
    • +
    • +
    • +
+ +
+ +
+ +
    +

    • +
    • +
    • +
    • +
    • +
    • +
+ +
+
+
+
+
+
+ + + + + +
Date
+
+
+ + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
ProductDescriptionQtyPriceTaxTotal
+
+
+
+
+ +
+
+ +
+
+
+
+
+ +
+ +
+ + + + + + + 0) { ?> + + + + + + + + + + +
Subtotal
Tax
Total
+
+
+ +
+ +
+
+
+ + + + + + +

Nothing to see here

"; - } else { + echo '

Nothing to see here

'; + require_once("footer.php"); + exit(); + } - $row = mysqli_fetch_array($sql); - $invoice_id = $row['invoice_id']; - $invoice_prefix = htmlentities($row['invoice_prefix']); - $invoice_number = htmlentities($row['invoice_number']); - $invoice_scope = htmlentities($row['invoice_scope']); - $invoice_status = htmlentities($row['invoice_status']); - $invoice_date = $row['invoice_date']; - $invoice_due = $row['invoice_due']; - $invoice_amount = floatval($row['invoice_amount']); - $invoice_currency_code = htmlentities($row['invoice_currency_code']); - $invoice_note = htmlentities($row['invoice_note']); - $invoice_url_key = htmlentities($row['invoice_url_key']); - $invoice_created_at = $row['invoice_created_at']; - $category_id = $row['invoice_category_id']; - $client_id = $row['client_id']; - $client_name = htmlentities($row['client_name']); - $location_address = htmlentities($row['location_address']); - $location_city = htmlentities($row['location_city']); - $location_state = htmlentities($row['location_state']); - $location_zip = htmlentities($row['location_zip']); - $contact_email = htmlentities($row['contact_email']); - $contact_phone = formatPhoneNumber($row['contact_phone']); - $contact_extension = htmlentities($row['contact_extension']); - $contact_mobile = formatPhoneNumber($row['contact_mobile']); - $client_website = htmlentities($row['client_website']); - $client_currency_code = htmlentities($row['client_currency_code']); - $client_net_terms = htmlentities($row['client_net_terms']); - if ($client_net_terms == 0) { - $client_net_terms = $config_default_net_terms; + $row = mysqli_fetch_array($sql); + $invoice_id = $row['invoice_id']; + $invoice_prefix = htmlentities($row['invoice_prefix']); + $invoice_number = htmlentities($row['invoice_number']); + $invoice_scope = htmlentities($row['invoice_scope']); + $invoice_status = htmlentities($row['invoice_status']); + $invoice_date = $row['invoice_date']; + $invoice_due = $row['invoice_due']; + $invoice_amount = floatval($row['invoice_amount']); + $invoice_currency_code = htmlentities($row['invoice_currency_code']); + $invoice_note = htmlentities($row['invoice_note']); + $invoice_url_key = htmlentities($row['invoice_url_key']); + $invoice_created_at = $row['invoice_created_at']; + $category_id = $row['invoice_category_id']; + $client_id = $row['client_id']; + $client_name = htmlentities($row['client_name']); + $location_address = htmlentities($row['location_address']); + $location_city = htmlentities($row['location_city']); + $location_state = htmlentities($row['location_state']); + $location_zip = htmlentities($row['location_zip']); + $contact_email = htmlentities($row['contact_email']); + $contact_phone = formatPhoneNumber($row['contact_phone']); + $contact_extension = htmlentities($row['contact_extension']); + $contact_mobile = formatPhoneNumber($row['contact_mobile']); + $client_website = htmlentities($row['client_website']); + $client_currency_code = htmlentities($row['client_currency_code']); + $client_net_terms = htmlentities($row['client_net_terms']); + if ($client_net_terms == 0) { + $client_net_terms = $config_default_net_terms; + } + $company_id = $row['company_id']; + $company_name = htmlentities($row['company_name']); + $company_country = htmlentities($row['company_country']); + $company_address = htmlentities($row['company_address']); + $company_city = htmlentities($row['company_city']); + $company_state = htmlentities($row['company_state']); + $company_zip = htmlentities($row['company_zip']); + $company_phone = formatPhoneNumber($row['company_phone']); + $company_email = htmlentities($row['company_email']); + $company_website = htmlentities($row['company_website']); + $company_logo = htmlentities($row['company_logo']); + if (!empty($company_logo)) { + $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); + } + $sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC"); + + $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); + + //Add up all the payments for the invoice and get the total amount paid to the invoice + $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); + $row = mysqli_fetch_array($sql_amount_paid); + $amount_paid = $row['amount_paid']; + + $balance = $invoice_amount - $amount_paid; + + //check to see if overdue + if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") { + $unixtime_invoice_due = strtotime($invoice_due) + 86400; + if ($unixtime_invoice_due < time()) { + $invoice_overdue = "Overdue"; } - $company_id = $row['company_id']; - $company_name = htmlentities($row['company_name']); - $company_country = htmlentities($row['company_country']); - $company_address = htmlentities($row['company_address']); - $company_city = htmlentities($row['company_city']); - $company_state = htmlentities($row['company_state']); - $company_zip = htmlentities($row['company_zip']); - $company_phone = formatPhoneNumber($row['company_phone']); - $company_email = htmlentities($row['company_email']); - $company_website = htmlentities($row['company_website']); - $company_logo = htmlentities($row['company_logo']); - if (!empty($company_logo)) { - $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); + } + + //Set Badge color based off of invoice status + $invoice_badge_color = getInvoiceBadgeColor($invoice_status); + + //Product autocomplete + $products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id"); + + if (mysqli_num_rows($products_sql) > 0) { + while ($row = mysqli_fetch_array($products_sql)) { + $products[] = $row; } - $sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC"); + $json_products = json_encode($products); + } - $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); + ?> - //Add up all the payments for the invoice and get the total amount paid to the invoice - $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); - $row = mysqli_fetch_array($sql_amount_paid); - $amount_paid = $row['amount_paid']; +
    +
  1. + Invoices +
    2. +
  2. + +
    3. +
    4. + + + +
- $balance = $invoice_amount - $amount_paid; +
- //check to see if overdue - if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") { - $unixtime_invoice_due = strtotime($invoice_due) + 86400; - if ($unixtime_invoice_due < time()) { - $invoice_overdue = "Overdue"; - } - } +
- //Set Badge color based off of invoice status - $invoice_badge_color = getInvoiceBadgeColor($invoice_status); +
- //Product autocomplete - $products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id"); - - if (mysqli_num_rows($products_sql) > 0) { - while ($row = mysqli_fetch_array($products_sql)) { - $products[] = $row; - } - $json_products = json_encode($products); - } - - ?> - -
    -
  1. - Invoices -
    2. -
  2. - -
    3. -
    4. - - - -
- -
- -
- -
- -
- - -
- - Send Email -
- - Mark Sent -
- - - - Add Payment - -
- -
- -
- -
- Edit - Copy - Recurring +
+ + +
+ + Send Email
- Print - ');">Download PDF - - Send Email - - ">Guest URL - -
- Cancel - -
+ + Mark Sent
+ + + Add Payment + +
+ +
+ +
+ +
+ Edit + Copy + Recurring +
+ Print + ');">Download PDF + + Send Email + + ">Guest URL + +
+ Cancel + +
-
- -
-
- " alt="Company logo"> -
-
-
-
- -
-
-

Invoice

-
- -
-
-
-
    -

    • -
    • -
    • -
    • -
    • -
    • -
-
-
-
    -

    • -
    • -
    • -
    • -
    • -
    • -
-
-
-
-
-
-
- - - - - - - - - -
Date
Due
-
-
- - - -
-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ItemDescriptionQtyPriceTaxTotal
- - -
- - - -
-
-
-
-
- -
-
-
-
- Notes -
- - - -
-
-
-
-
-
-
-
- - - - - - - 0) { ?> - - - - - - 0) { ?> - - - - - - - - - - -
Subtotal
Tax
Paid
Balance
-
-
- -
- -
-
-
-
-
-
- History -
- - +
+ +
+
+ " alt="Company logo"> +
+
+
+
+
-
- - - - - - - - - - Invoice
+ - while ($row = mysqli_fetch_array($sql_history)) { - $history_created_at = $row['history_created_at']; - $history_status = htmlentities($row['history_status']); - $history_description = htmlentities($row['history_description']); - - ?> - - - - - - - - -
DateStatusDescription
-
+
+
+
+
    +

    • +
    • +
    • +
    • +
    • +
    • +
+
+
+
    +

    • +
    • +
    • +
    • +
    • +
    • +
-
-
-
- Payments -
- - -
-
-
+
+
+
+
+ + + + + + + + + +
Date
Due
+
+
+ + + +
+
+
- - - - - + + + + + + + + - - - - - + + + + + + + + + + > + + + + + + + + + + +
DateAmountReferenceAccountActionItemDescriptionQtyPriceTaxTotal
+ + + + +
+ + + +
+ +
+
+
+
+ Notes +
+ + + +
+
+
+
+
+
+
+
+ + + + + + + 0) { ?> + + + + + + 0) { ?> + + + + + + + + + + +
Subtotal
Tax
Paid
Balance
+
+
+ +
+ +
+
- +
+
+
+ History +
+ + +
+
+
+ + + + + + + + + + + + + + + + + + +
DateStatusDescription
+
+
+
+
+
+
+ Payments +
+ + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + +
DateAmountReferenceAccountAction
+
+
+
+
+
+ + diff --git a/post.php b/post.php index 5a7f03b0..37a4c11b 100644 --- a/post.php +++ b/post.php @@ -2948,7 +2948,7 @@ if(isset($_GET['dismiss_all_notifications'])){ $_SESSION['alert_message'] = "$num_notifications Notifications Dismissed"; - header("Location: notifications.php"); + header("Location: " . $_SERVER["HTTP_REFERER"]); } @@ -5165,7 +5165,7 @@ if(isset($_GET['export_client_locations_csv'])){ //Locations $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id AND location_archived_at IS NULL AND company_id = $session_company_id ORDER BY location_name ASC"); - + $num_rows = mysqli_num_rows($sql); if($num_rows > 0) { @@ -5961,7 +5961,7 @@ if(isset($_GET['export_client_software_csv'])){ $client_name = $row['client_name']; $sql = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC"); - + $num_rows = mysqli_num_rows($sql); if($num_rows > 0) { @@ -6352,7 +6352,7 @@ if(isset($_GET['export_client_networks_csv'])){ $client_name = $row['client_name']; $sql = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_client_id = $client_id ORDER BY network_name ASC"); - + $num_rows = mysqli_num_rows($sql); if($num_rows > 0) { @@ -6418,7 +6418,7 @@ if(isset($_POST['add_certificate'])){ mysqli_query($mysqli,"INSERT INTO certificates SET certificate_name = '$name', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_public_key = '$public_key', certificate_domain_id = $domain_id, certificate_client_id = $client_id, company_id = $session_company_id"); - $certificate_id = mysqli_insert_id($mysqli); + $certificate_id = mysqli_insert_id($mysqli); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Certificate', log_action = 'Create', log_description = '$session_name created certificate $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $certificate_id, company_id = $session_company_id"); @@ -6504,7 +6504,7 @@ if(isset($_GET['export_client_certificates_csv'])){ $client_name = $row['client_name']; $sql = mysqli_query($mysqli,"SELECT * FROM certificates WHERE certificate_client_id = $client_id ORDER BY certificate_name ASC"); - + $num_rows = mysqli_num_rows($sql); if($num_rows > 0) { @@ -6739,7 +6739,7 @@ if(isset($_POST['add_ticket'])){ mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id"); mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_vendor_id = $vendor_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id"); - + $ticket_id = mysqli_insert_id($mysqli); // E-mail client @@ -7364,7 +7364,7 @@ if(isset($_GET['delete_scheduled_ticket'])){ $row = mysqli_fetch_array($sql); $scheduled_ticket_subject = strip_tags(mysqli_real_escape_string($mysqli, $row['scheduled_ticket_subject'])); $scheduled_ticket_frequency = strip_tags(mysqli_real_escape_string($mysqli, $row['scheduled_ticket_frequency'])); - + $client_id = $row['scheduled_ticket_client_id']; // Delete diff --git a/quote.php b/quote.php index 696d730f..7251c2ce 100644 --- a/quote.php +++ b/quote.php @@ -5,14 +5,22 @@ if (isset($_GET['quote_id'])) { $quote_id = intval($_GET['quote_id']); - $sql = mysqli_query($mysqli,"SELECT * FROM quotes - LEFT JOIN clients ON quote_client_id = client_id - LEFT JOIN locations ON primary_location = location_id - LEFT JOIN contacts ON primary_contact = contact_id - LEFT JOIN companies ON quotes.company_id = companies.company_id - WHERE quote_id = $quote_id" + $sql = mysqli_query( + $mysqli, + "SELECT * FROM quotes + LEFT JOIN clients ON quote_client_id = client_id + LEFT JOIN locations ON primary_location = location_id + LEFT JOIN contacts ON primary_contact = contact_id + LEFT JOIN companies ON quotes.company_id = companies.company_id + WHERE quote_id = $quote_id" ); + if (mysqli_num_rows($sql) == 0) { + echo '

Nothing to see here

'; + require_once("footer.php"); + exit(); + } + $row = mysqli_fetch_array($sql); $quote_id = $row['quote_id']; $quote_prefix = htmlentities($row['quote_prefix']); @@ -57,25 +65,25 @@ if (isset($_GET['quote_id'])) { $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); } - $sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC"); + $sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC"); //Set Badge color based off of quote status if ($quote_status == "Sent") { $quote_badge_color = "warning text-white"; - }elseif ($quote_status == "Viewed") { + } elseif ($quote_status == "Viewed") { $quote_badge_color = "primary"; - }elseif ($quote_status == "Accepted") { + } elseif ($quote_status == "Accepted") { $quote_badge_color = "success"; - }elseif ($quote_status == "Declined") { + } elseif ($quote_status == "Declined") { $quote_badge_color = "danger"; - }elseif ($quote_status == "Invoiced") { + } elseif ($quote_status == "Invoiced") { $quote_badge_color = "info"; - }else{ + } else { $quote_badge_color = "secondary"; } //Product autocomplete - $products_sql = mysqli_query($mysqli,"SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id"); + $products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id"); if (mysqli_num_rows($products_sql) > 0) { while ($row = mysqli_fetch_array($products_sql)) { @@ -194,7 +202,7 @@ if (isset($_GET['quote_id'])) {
- +
@@ -235,8 +243,10 @@ if (isset($_GET['quote_id'])) { - - + + + +
@@ -248,13 +258,15 @@ if (isset($_GET['quote_id'])) { - + >
@@ -267,7 +279,7 @@ if (isset($_GET['quote_id'])) {