POST code for AI and Payment Providers

2025-07-06 17:01:28 -04:00 · 2025-07-06 17:01:28 -04:00 · a011dc4dea
parent fa9acef279
commit a011dc4dea
5 changed files with 258 additions and 77 deletions
--- a/admin_payment_provider.php
+++ b/admin_payment_provider.php
@ -40,8 +40,8 @@ $num_rows = mysqli_num_rows($sql);
                        </a>
                    </th>
                    <th>
-                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=payment_provider_treshold&order=<?php echo $disp; ?>">
-                            Threshold <?php if ($sort == 'payment_provider_treshold') { echo $order_icon; } ?>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=payment_provider_threshold&order=<?php echo $disp; ?>">
+                            Threshold <?php if ($sort == 'payment_provider_threshold') { echo $order_icon; } ?>
                        </a>
                    </th>
                    <th>
@ -86,10 +86,10 @@ $num_rows = mysqli_num_rows($sql);
                            <span class="text-secondary"><?php echo $provider_description; ?></span>
                        </td>
                        <td><?php echo $account_name; ?></td>
-                        <td><?php echo numfmt_format_currency($currency_format, $threshold, $session_company_currency_code); ?></td>
+                        <td><?php echo numfmt_format_currency($currency_format, $threshold, $session_company_currency); ?></td>
                        <td><?php echo $vendor_name; ?></td>
                        <td><?php echo $category; ?></td>
-                        <td><?php echo $percent_fee; ?> + <?php echo numfmt_format_currency($currency_format, $flat_fee, $session_company_currency_code); ?></td>
+                        <td><?php echo $percent_fee; ?> + <?php echo numfmt_format_currency($currency_format, $flat_fee, $session_company_currency); ?></td>
                        <td>
                            <div class="dropdown dropleft text-center">
                                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
--- a/database_updates.php
+++ b/database_updates.php
@ -3686,20 +3686,20 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
            `ai_provider_name` VARCHAR(200) NOT NULL,
            `ai_provider_api_url` VARCHAR(200) NOT NULL,
            `ai_provider_api_key` VARCHAR(200) DEFAULT NULL,
-            `ai_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-            `ai_updated_at` DATETIME NULL ON UPDATE CURRENT_TIMESTAMP,
+            `ai_provider_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            `ai_provider_updated_at` DATETIME NULL ON UPDATE CURRENT_TIMESTAMP,
            PRIMARY KEY (`ai_provider_id`)
        )");

-        mysqli_query($mysqli, "CREATE TABLE `ai_provider_models` (
-            `ai_model_provider_id` INT(11) NOT NULL AUTO_INCREMENT,
-            `ai_model_provider_name` VARCHAR(200) NOT NULL,
+        mysqli_query($mysqli, "CREATE TABLE `ai_models` (
+            `ai_model_id` INT(11) NOT NULL AUTO_INCREMENT,
+            `ai_model_name` VARCHAR(200) NOT NULL,
            `ai_model_prompt` TEXT DEFAULT NULL,
            `ai_model_use_case` VARCHAR(200) DEFAULT NULL,
            `ai_model_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
            `ai_model_updated_at` DATETIME NULL ON UPDATE CURRENT_TIMESTAMP,
            `ai_model_ai_provider_id` INT(11) NOT NULL,
-            PRIMARY KEY (`ai_model_provider_id`)
+            PRIMARY KEY (`ai_model_id`)
        )");

        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.2.2'");
--- a/modals/admin_payment_provider_add_modal.php
+++ b/modals/admin_payment_provider_add_modal.php
@ -14,7 +14,7 @@
                <div class="modal-body bg-white">

                    <div class="alert alert-info">An income account named after the provider will always be created and used for income of payed invoices.
-                    If the "Payment Provider Expenses" option is enabled, a matching vendor will also be automatically created (if it doesn't already exist), and used for expense tracking. Additionally, an expense category named "Payment Processing" will be created if it does not already exist.
+                    If "Enable Expense" option is enabled, a matching vendor will also be automatically created (if it doesn't already exist), and used for expense tracking. Additionally, an expense category named "Payment Processing" will be created if it does not already exist.
                    </div>

                    <div class="form-group">
@ -49,75 +49,12 @@
                        </div>
                    </div>

-                    <div class="form-group">
-                        <label>Account <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fas fa-fw fa-piggy-bank"></i></span>
-                            </div>
-                            <select class="form-control select2" name="account">
-                                <option value="">- Select an Account -</option>
-                                <?php
-                                $sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
-                                while ($row = mysqli_fetch_array($sql_accounts)) {
-                                    $account_id = intval($row['account_id']);
-                                    $account_name = nullable_htmlentities($row['account_name']);
-                                    ?>
-
-                                    <option value="<?php echo $account_id ?>"><?php echo $account_name ?></option>
-                                    <?php
-                                }
-                                ?>
-                            </select>
-                        </div>
-                    </div>
-
                    <hr>

                    <div class="form-group">
-                        <label>Expense Vendor</label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
-                            </div>
-                            <select class="form-control select2" name="expense_vendor">
-                                <option value="">- Do not expense Payment Provider fees -</option>
-                                <?php
-
-                                $sql_select = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
-                                while ($row = mysqli_fetch_array($sql_select)) {
-                                    $vendor_id = intval($row['vendor_id']);
-                                    $vendor_name = nullable_htmlentities($row['vendor_name']);
-                                    ?>
-                                    <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
-                                <?php
-                                }
-                                ?>
-                            </select>
-                        </div>
-                    </div>
-
-                    <div class="form-group">
-                        <label>Expense Category</label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-list"></i></span>
-                            </div>
-                            <select class="form-control select2" name="expense_category">
-                                <option value="">- Do not expense Payment Provider fees -</option>
-                                <?php
-
-                                $sql_select = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC");
-                                while ($row = mysqli_fetch_array($sql_select)) {
-                                    $category_id = intval($row['category_id']);
-                                    $category_name = nullable_htmlentities($row['category_name']);
-                                    ?>
-                                    <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
-                                    <?php
-                                }
-
-                                ?>
-                            </select>
+                        <div class="custom-control custom-switch">
+                            <input type="checkbox" class="custom-control-input" name="enable_expense" checked value="1" id="enableExpenseSwitch">
+                            <label class="custom-control-label" for="enableExpenseSwitch">Enable Expense</label>
                        </div>
                    </div>

--- a/post/admin/admin_ai.php
+++ b/post/admin/admin_ai.php
@ -0,0 +1,137 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for AI Providers ('ai_providers')
+ */
+
+defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
+
+if (isset($_POST['add_ai_provider'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $provider = sanitizeInput($_POST['provider']);
+    $url = sanitizeInput($_POST['url']);
+    $model = sanitizeInput($_POST['model']);
+    $api_key = sanitizeInput($_POST['api_key']);
+
+
+    mysqli_query($mysqli,"INSERT INTO ai_providers SET ai_provider_name = '$name', ai_provider_url = '$url', ai_provider_api_key = '$api_key'");
+
+    $ai_provider_id = mysqli_insert_id($mysqli);
+
+    if ($model) {
+        mysqli_query($mysqli,"INSERT INTO ai_models SET ai_model_name = '$model'");
+    }
+
+    // Logging
+    logAction("AI Provider", "Create", "$session_name created AI Provider $provider");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$provider</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ai_provider'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $provider_id intval($_POST['provider_id'])
+    $provider = sanitizeInput($_POST['provider']);
+    $url = sanitizeInput($_POST['url']);
+    $api_key = sanitizeInput($_POST['api_key']);
+
+    mysqli_query($mysqli,"UPDATE ai_providers SET ai_provider_name = '$name', ai_provider_url = '$url', ai_provider_api_key = '$api_key' WHERE ai_provider_id = $provider_id");
+
+    // Logging
+    logAction("AI Provider", "Edit", "$session_name edited AI Provider $provider");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$provider</strong> edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_ai_provider'])) {
+    
+    $provider_id = intval($_GET['delete_ai_provider']);
+
+    $sql = mysqli_query($mysqli,"SELECT ai_provider_name FROM ai_providers WHERE ai_provider_id = $provider_id");
+    $row = mysqli_fetch_array($sql);
+    $provider_name = sanitizeInput($row['ai_provider_name']);
+
+    mysqli_query($mysqli,"DELETE FROM ai_providers WHERE ai_provider_id = $provider_id");
+
+    // Logging
+    logAction("AI Provider", "Delete", "$session_name deleted AI Provider $provider_name");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "AI Provider <strong>$provider_name</strong> deleted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['add_ai_model'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $provider_id = intval($_POST['provider_id']);
+    $model = sanitizeInput($_POST['model']);
+    $prompt = sanitizeInput($_POST['prompt']);
+    $use_case = sanitizeInput($_POST['use_case']);
+
+    mysqli_query($mysqli,"INSERT INTO ai_models SET ai_model_name = '$model', ai_model_prompt = '$prompt', ai_model_use_case = '$use_case', ai_model_ai_provider_id = $provider_id");
+
+    $ai_model_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    logAction("AI Model", "Create", "$session_name created AI Model $model");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$model</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ai_model'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $model_id = intval($_POST['model_id']);
+    $model = sanitizeInput($_POST['model']);
+    $prompt = sanitizeInput($_POST['prompt']);
+    $use_case = sanitizeInput($_POST['use_case']);
+
+    mysqli_query($mysqli,"UPDATE ai_models SET ai_model_name = '$model', ai_model_prompt = '$prompt', ai_model_use_case = '$use_case' WHERE ai_model_id = $model_id");
+
+    // Logging
+    logAction("AI Model", "Edit", "$session_name edited AI Model $model");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$model</strong> edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_ai_model'])) {
+    
+    $model_id = intval($_GET['delete_ai_model']);
+
+    $sql = mysqli_query($mysqli,"SELECT ai_model_name FROM ai_models WHERE ai_model_id = $model_id");
+    $row = mysqli_fetch_array($sql);
+    $model_name = sanitizeInput($row['ai_model_name']);
+
+    mysqli_query($mysqli,"DELETE FROM ai_models WHERE ai_model_id = $model_id");
+
+    // Logging
+    logAction("AI Model", "Delete", "$session_name deleted AI Model $model_name");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "AI Model <strong>$model_name</strong> deleted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
--- a/post/admin/admin_payment_provider.php
+++ b/post/admin/admin_payment_provider.php
@ -0,0 +1,107 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for AI Providers ('ai_providers')
+ */
+
+defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
+
+if (isset($_POST['add_payment_provider'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $provider = sanitizeInput($_POST['provider']);
+    $public_key = sanitizeInput($_POST['public_key']);
+    $private_key = sanitizeInput($_POST['private_key']);
+    $threshold = floatval($_POST['threshold']);
+    $enable_expense = intval($_POST['enable_expense'] ?? 0);
+    $percentage_fee = floatval($_POST['percentage_fee']) / 100;
+    $flat_fee = floatval($_POST['flat_fee']);
+
+    // Check for Stripe Account if not create it
+    $sql_account = mysqli_query($mysqli,"SELECT account_id FROM accounts WHERE account_name = '$provider' AND account_archived_at IS NULL LIMIT 1");
+    if (mysqli_num_rows($sql_account) == 0) {
+        $account_id = mysqli_insert_id($mysqli);
+    } else {
+        $row = mysqli_fetch_array($sql_account);
+        $account_id = intval($row['account_id']);
+    }
+
+    if ($enable_expense) {
+        // Category
+        $sql_category = mysqli_query($mysqli,"SELECT category_id FROM categories WHERE category_name = 'Payment Processing' AND category_type = 'Expense' AND category_archived_at IS NULL LIMIT 1");
+        if (mysqli_num_rows($sql_category) == 0) {
+            mysqli_query($mysqli,"INSERT INTO categories SET category_name = 'Processing Fee', category_type = 'Payment Processing', category_color = 'gray'");
+            $category_id = mysqli_insert_id($mysqli);
+        } else {
+            $row = mysqli_fetch_array($sql_category);
+            $category_id = intval($row['category_id']);
+        }
+        //Vendor
+        $sql_vendor = mysqli_query($mysqli,"SELECT vendor_id FROM vendors WHERE vendor_name = '$provider' AND vendor_client_id = 0 AND vendor_archived_at IS NULL LIMIT 1");
+        if (mysqli_num_rows($sql_vendor) == 0) {
+            mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$provider', vendor_descripion = 'Payment Processor Provider', vendor_client_id = 0");
+            $vendor_id = mysqli_insert_id($mysqli);
+        } else {
+            $row = mysqli_fetch_array($sql_vendor);
+            $vendor_id = intval($row['vendor_id']);
+        }
+    }
+
+    mysqli_query($mysqli,"INSERT INTO payment_providers SET payment_provider_name = '$provider', payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_account = $account_id, payment_provider_expense_vendor = $vendor_id, payment_provider_expense_category = $category_id, payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee");
+
+    $provider_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    logAction("Payment Provider", "Create", "$session_name created AI Provider $provider");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$provider</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_payment_provider'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $provider_id = intval($_POST['provider_id']);
+    $provider = sanitizeInput($_POST['provider']);
+    $description = sanitizeInput($_POST['description']);
+    $public_key = sanitizeInput($_POST['public_key']);
+    $private_key = sanitizeInput($_POST['private_key']);
+    $threshold = floatval($_POST['threshold']);
+    $enable_expense = intval($_POST['enable_expense'] ?? 0);
+    $percentage_fee = floatval($_POST['percentage_fee']) / 100;
+    $flat_fee = floatval($_POST['flat_fee']);
+
+    mysqli_query($mysqli,"UPDATE payment_providers SET payment_provider_name = '$name', payment_provider_url = '$url', payment_provider_api_key = '$api_key', payment_provider_percentage_fee = $percentage_fee, payment_provider_flat_fee = $flat_fee WHERE payment_provider_id = $provider_id");
+
+    // Logging
+    logAction("Payment Provider", "Edit", "$session_name edited Payment Provider $provider");
+
+    $_SESSION['alert_message'] = "Payment Provider <strong>$provider</strong> edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_payment_provider'])) {
+    
+    $provider_id = intval($_GET['delete_payment_provider']);
+
+    $sql = mysqli_query($mysqli,"SELECT payment_provider_name FROM payment_providers WHERE payment_provider_id = $provider_id");
+    $row = mysqli_fetch_array($sql);
+    $provider_name = sanitizeInput($row['payment_provider_name']);
+
+    mysqli_query($mysqli,"DELETE FROM payment_providers WHERE payment_provider_id = $provider_id");
+
+    // Logging
+    logAction("Payment Provider", "Delete", "$session_name deleted Payment Provider $provider_name");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "Payment Provider <strong>$provider_name</strong> deleted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}