diff --git a/clients.php b/clients.php index 15114ac8..e1543ca6 100644 --- a/clients.php +++ b/clients.php @@ -46,10 +46,10 @@ if(isset($_GET['order'])){ $order_display = "ASC"; } -if (empty($_GET['canned_date'])) { - //Prevents lots of undefined variable errors. - // $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00 - $_GET['canned_date'] = 'custom'; +if(empty($_GET['canned_date'])) { + //Prevents lots of undefined variable errors. + // $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00 + $_GET['canned_date'] = 'custom'; } //Date Filter diff --git a/expenses.php b/expenses.php index a842cbed..6ba54f7b 100644 --- a/expenses.php +++ b/expenses.php @@ -36,6 +36,12 @@ if(isset($_GET['o'])){ $disp = "ASC"; } +if(empty($_GET['canned_date'])){ + //Prevents lots of undefined variable errors. + // $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00 + $_GET['canned_date'] = 'custom'; +} + //Date Filter if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){ $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']); @@ -69,20 +75,15 @@ if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){ $dtt = "9999-00-00"; } -if(empty($_GET['canned_date'])){ - //Prevents lots of undefined variable errors. - // $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00 - $_GET['canned_date'] = 'custom'; -} - //Rebuild URL $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o))); -$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM expenses, categories, vendors, accounts - WHERE expense_category_id = category_id - AND expense_vendor_id = vendor_id - AND expense_account_id = account_id - AND expenses.company_id = $session_company_id +$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM expenses + LEFT JOIN categories ON expense_category_id = category_id + LEFT JOIN vendors ON expense_vendor_id = vendor_id + LEFT JOIN accounts ON expense_account_id = account_id + WHERE expenses.company_id = $session_company_id + AND expense_vendor_id > 0 AND DATE(expense_date) BETWEEN '$dtf' AND '$dtt' AND (vendor_name LIKE '%$q%' OR category_name LIKE '%$q%' OR account_name LIKE '%$q%' OR expense_description LIKE '%$q%' OR expense_amount LIKE '%$q%') ORDER BY $sb $o LIMIT $record_from, $record_to"); @@ -111,6 +112,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); +
+
+ + +
+
" id="advancedFilter">
@@ -222,6 +229,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); include("edit_expense_modal.php"); include("add_expense_copy_modal.php"); include("add_expense_refund_modal.php"); + include("export_expenses_modal.php"); } diff --git a/export_expenses_modal.php b/export_expenses_modal.php new file mode 100644 index 00000000..d4244767 --- /dev/null +++ b/export_expenses_modal.php @@ -0,0 +1,29 @@ + \ No newline at end of file diff --git a/login.php b/login.php index 656c356c..25c2a2f9 100644 --- a/login.php +++ b/login.php @@ -21,7 +21,7 @@ ini_set("session.cookie_httponly", True); // Tell client to only send cookie(s) over HTTPS if($config_https_only){ - ini_set("session.cookie_secure", True); + ini_set("session.cookie_secure", True); } if(isset($_POST['login'])){ diff --git a/post.php b/post.php index c01d0ed2..54d665eb 100644 --- a/post.php +++ b/post.php @@ -2394,6 +2394,62 @@ if(isset($_GET['delete_expense'])){ } +if(isset($_POST['export_expenses_csv'])){ + $date_from = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_from']))); + $date_to = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_to']))); + if(!empty($date_from) AND !empty($date_to)){ + $date_query = "AND DATE(expense_date) BETWEEN '$date_from' AND '$date_to'"; + $file_name_date = "$date_from-$date_to"; + }else{ + $date_query = ""; + $file_name_date = date('Y-m-d'); + } + + //get records from database + $sql = mysqli_query($mysqli,"SELECT * FROM expenses + LEFT JOIN categories ON expense_category_id = category_id + LEFT JOIN vendors ON expense_vendor_id = vendor_id + LEFT JOIN accounts ON expense_account_id = account_id + WHERE expenses.company_id = $session_company_id + AND expense_vendor_id > 0 + $date_query + ORDER BY expense_date DESC + "); + + if(mysqli_num_rows($sql) > 0){ + $delimiter = ","; + $filename = "$session_company_name-Expenses-$file_name_date.csv"; + + //create a file pointer + $f = fopen('php://memory', 'w'); + + //set column headers + $fields = array('Date', 'Amount', 'Vendor', 'Description', 'Category', 'Account'); + fputcsv($f, $fields, $delimiter); + + //output each row of the data, format line as csv and write to file pointer + while($row = mysqli_fetch_assoc($sql)){ + $lineData = array($row['expense_date'], $row['expense_amount'], $row['vendor_name'], $row['expense_description'], $row['category_name'], $row['account_name']); + fputcsv($f, $lineData, $delimiter); + } + + //move back to beginning of file + fseek($f, 0); + + //set headers to download file rather than displayed + header('Content-Type: text/csv'); + header('Content-Disposition: attachment; filename="' . $filename . '";'); + + //output all remaining data on a file pointer + fpassthru($f); + } + + //Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Export', log_description = '$session_name exported expenses to CSV File', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id"); + + exit; +} + if(isset($_POST['add_transfer'])){ $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));