mirror of https://github.com/itflow-org/itflow
Update/Fix Mail Functions in POST/invoice.php - sanitize POST vars instead the whole mail subject and body which prevents having a mixed of confusing redundant escaped and unescaped vars
This commit is contained in:
johnnyq
parent
d3aa2e7239
commit
a46e41ce9c
190
post/invoice.php
190
post/invoice.php
|
|
@ -631,39 +631,35 @@ if (isset($_POST['add_payment'])) {
|
|||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_prefix = $row['invoice_prefix'];
|
||||
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_url_key = $row['invoice_url_key'];
|
||||
$invoice_currency_code = $row['invoice_currency_code'];
|
||||
$invoice_url_key = sanitizeInput($row['invoice_url_key']);
|
||||
$invoice_currency_code = sanitizeInput($row['invoice_currency_code']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = $row['client_name'];
|
||||
$contact_name = $row['contact_name'];
|
||||
$contact_email = $row['contact_email'];
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$client_name = sanitizeInput($row['client_name']);
|
||||
$contact_name = sanitizeInput($row['contact_name']);
|
||||
$contact_email = sanitizeInput($row['contact_email']);
|
||||
$contact_phone = sanitizeInput(formatPhoneNumber($row['contact_phone']));
|
||||
$contact_extension = preg_replace("/[^0-9]/", '',$row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
|
||||
$invoice_prefix_escaped = sanitizeInput($row['invoice_prefix']);
|
||||
$contact_name_escaped = sanitizeInput($row['contact_name']);
|
||||
$contact_email_escaped = sanitizeInput($row['contact_email']);
|
||||
$contact_mobile = sanitizeInput(formatPhoneNumber($row['contact_mobile']));
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$company_name = $row['company_name'];
|
||||
$company_country = $row['company_country'];
|
||||
$company_address = $row['company_address'];
|
||||
$company_city = $row['company_city'];
|
||||
$company_state = $row['company_state'];
|
||||
$company_zip = $row['company_zip'];
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = $row['company_email'];
|
||||
$company_website = $row['company_website'];
|
||||
$company_logo = $row['company_logo'];
|
||||
$company_name = sanitizeInput($row['company_name']);
|
||||
$company_country = sanitizeInput($row['company_country']);
|
||||
$company_address = sanitizeInput($row['company_address']);
|
||||
$company_city = sanitizeInput($row['company_city']);
|
||||
$company_state = sanitizeInput($row['company_state']);
|
||||
$company_zip = sanitizeInput($row['company_zip']);
|
||||
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
|
||||
$company_email = sanitizeInput($row['company_email']);
|
||||
$company_website = sanitizeInput($row['company_website']);
|
||||
$company_logo = sanitizeInput($row['company_logo']);
|
||||
|
||||
// Sanitize Config vars from get_settings.php
|
||||
$config_invoice_from_name_escaped = sanitizeInput($config_invoice_from_name);
|
||||
$config_invoice_from_email_escaped = sanitizeInput($config_invoice_from_email);
|
||||
$config_invoice_from_name = sanitizeInput($config_invoice_from_name);
|
||||
$config_invoice_from_email = sanitizeInput($config_invoice_from_email);
|
||||
|
||||
//Calculate the Invoice balance
|
||||
$invoice_balance = $invoice_amount - $total_payments_amount;
|
||||
|
|
@ -677,15 +673,15 @@ if (isset($_POST['add_payment'])) {
|
|||
|
||||
if ($email_receipt == 1) {
|
||||
|
||||
$subject = sanitizeInput("Payment Received - Invoice $invoice_prefix$invoice_number");
|
||||
$body = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>We have received your payment in the amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " for invoice <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "<br>Balance: " . numfmt_format_currency($currency_format, $invoice_balance, $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone");
|
||||
$subject = "Payment Received - Invoice $invoice_prefix$invoice_number";
|
||||
$body = "Hello $contact_name\,<br><br>We have received your payment in the amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " for invoice <a href=\'https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "<br>Balance: " . numfmt_format_currency($currency_format, $invoice_balance, $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>--<br>$company_name - Billing Department<br>$config_invoice_from_email<br>$company_phone";
|
||||
|
||||
// Queue Mail
|
||||
$email = [
|
||||
'from' => $config_invoice_from_email,
|
||||
'from_name' => $config_invoice_from_name,
|
||||
'recipient' => $contact_email_escaped,
|
||||
'recipient_name' => $contact_name_escaped,
|
||||
'recipient' => $contact_email,
|
||||
'recipient_name' => $contact_name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
];
|
||||
|
|
@ -710,15 +706,15 @@ if (isset($_POST['add_payment'])) {
|
|||
if ($email_receipt == 1) {
|
||||
|
||||
|
||||
$subject = sanitizeInput("Partial Payment Recieved - Invoice $invoice_prefix$invoice_number");
|
||||
$body = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>We have recieved partial payment in the amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " and it has been applied to invoice <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "<br>Balance: " . numfmt_format_currency($currency_format, $invoice_balance, $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone");
|
||||
$subject = "Partial Payment Recieved - Invoice $invoice_prefix$invoice_number";
|
||||
$body = "Hello $contact_name\,<br><br>We have recieved partial payment in the amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " and it has been applied to invoice <a href=\'https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "<br>Balance: " . numfmt_format_currency($currency_format, $invoice_balance, $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
|
||||
|
||||
// Queue Mail
|
||||
$email = [
|
||||
'from' => $config_invoice_from_email,
|
||||
'from_name' => $config_invoice_from_name,
|
||||
'recipient' => $contact_email_escaped,
|
||||
'recipient_name' => $contact_name_escaped,
|
||||
'recipient' => $contact_email,
|
||||
'recipient_name' => $contact_name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
];
|
||||
|
|
@ -753,7 +749,7 @@ if (isset($_POST['add_payment'])) {
|
|||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = '$payment_amount', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $payment_id");
|
||||
|
||||
if ($email_receipt == 1) {
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Payment', log_action = 'Email', log_description = 'Payment receipt for invoice $invoice_prefix_escaped$invoice_number queued to $contact_email_escaped Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $payment_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Payment', log_action = 'Email', log_description = 'Payment receipt for invoice $invoice_prefix$invoice_number queued to $contact_email Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $payment_id");
|
||||
}
|
||||
|
||||
$_SESSION['alert_message'] .= "Payment added";
|
||||
|
|
@ -839,7 +835,7 @@ if (isset($_POST['add_bulk_payment'])) {
|
|||
|
||||
// Add to Email Body Invoice Portion
|
||||
|
||||
$email_body_invoices .= mysqli_real_escape_string($mysqli, "<br>Invoice <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>$invoice_prefix$invoice_number</a> - Outstanding Amount: " . numfmt_format_currency($currency_format, $invoice_balance, $currency_code) . " - Payment Applied: " . numfmt_format_currency($currency_format, $payment_amount, $currency_code) . " - New Balance: " . numfmt_format_currency($currency_format, $remaining_invoice_balance, $currency_code));
|
||||
$email_body_invoices .= "<br>Invoice <a href=\'https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a> - Outstanding Amount: " . numfmt_format_currency($currency_format, $invoice_balance, $currency_code) . " - Payment Applied: " . numfmt_format_currency($currency_format, $payment_amount, $currency_code) . " - New Balance: " . numfmt_format_currency($currency_format, $remaining_invoice_balance, $currency_code);
|
||||
|
||||
|
||||
} // End Invoice Loop
|
||||
|
|
@ -855,34 +851,31 @@ if (isset($_POST['add_bulk_payment'])) {
|
|||
);
|
||||
|
||||
$row = mysqli_fetch_array($sql_client);
|
||||
$client_name = $row['client_name'];
|
||||
$contact_name = $row['contact_name'];
|
||||
$contact_email = $row['contact_email'];
|
||||
$client_name = sanitizeInput($row['client_name']);
|
||||
$contact_name = sanitizeInput($row['contact_name']);
|
||||
$contact_email = sanitizeInput($row['contact_email']);
|
||||
|
||||
$contact_name_escaped = sanitizeInput($row['contact_name']);
|
||||
$contact_email_escaped = sanitizeInput($row['contact_email']);
|
||||
|
||||
$sql_company = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
|
||||
$sql_company = mysqli_query($mysqli,"SELECT company_name, company_phone FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql_company);
|
||||
|
||||
$company_name = $row['company_name'];
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_name = sanitizeInput($row['company_name']);
|
||||
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
|
||||
|
||||
// Sanitize Config vars from get_settings.php
|
||||
$config_invoice_from_name_escaped = sanitizeInput($config_invoice_from_name);
|
||||
$config_invoice_from_email_escaped = sanitizeInput($config_invoice_from_email);
|
||||
$config_invoice_from_name = sanitizeInput($config_invoice_from_name);
|
||||
$config_invoice_from_email = sanitizeInput($config_invoice_from_email);
|
||||
|
||||
$subject = sanitizeInput("Payment Received - Multiple Invoices");
|
||||
$body = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>Thank you for your payment of " . numfmt_format_currency($currency_format, $bulk_payment_amount_static, $currency_code) . " We've applied your payment to the following invoices, updating their balances accordingly:<br><br>$email_body_invoices<br><br><br>We appreciate your continued business!<br><br>Sincerely,<br>$company_name Billing Department<br>$config_invoice_from_email<br>$company_phone");
|
||||
$subject = "Payment Received - Multiple Invoices";
|
||||
$body = "Hello $contact_name\,<br><br>Thank you for your payment of " . numfmt_format_currency($currency_format, $bulk_payment_amount_static, $currency_code) . " We\'ve applied your payment to the following invoices\, updating their balances accordingly:<br><br>$email_body_invoices<br><br><br>We appreciate your continued business!<br><br>Sincerely\,<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
|
||||
|
||||
// Queue Mail
|
||||
mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$contact_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_invoice_from_email_escaped', email_from_name = '$config_invoice_from_name_escaped', email_subject = '$subject', email_content = '$body'");
|
||||
mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$contact_email', email_recipient_name = '$contact_name', email_from = '$config_invoice_from_email', email_from_name = '$config_invoice_from_name', email_subject = '$subject', email_content = '$body'");
|
||||
|
||||
// Get Email ID for reference
|
||||
$email_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Email Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Payment', log_action = 'Email', log_description = 'Bulk Payment receipt for multiple Invoices queued to $contact_email_escaped Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $payment_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Payment', log_action = 'Email', log_description = 'Bulk Payment receipt for multiple Invoices queued to $contact_email Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $payment_id");
|
||||
|
||||
$_SESSION['alert_message'] .= "Email receipt sent and ";
|
||||
|
||||
|
|
@ -954,39 +947,36 @@ if (isset($_GET['email_invoice'])) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$invoice_id = intval($row['invoice_id']);
|
||||
$invoice_prefix = $row['invoice_prefix'];
|
||||
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_status = $row['invoice_status'];
|
||||
$invoice_date = $row['invoice_date'];
|
||||
$invoice_due = $row['invoice_due'];
|
||||
$invoice_status = sanitizeInput($row['invoice_status']);
|
||||
$invoice_date = sanitizeInput($row['invoice_date']);
|
||||
$invoice_due = sanitizeInput($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_url_key = $row['invoice_url_key'];
|
||||
$invoice_currency_code = $row['invoice_currency_code'];
|
||||
$invoice_url_key = sanitizeInput($row['invoice_url_key']);
|
||||
$invoice_currency_code = sanitizeInput($row['invoice_currency_code']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = $row['client_name'];
|
||||
$contact_name = $row['contact_name'];
|
||||
$contact_email = $row['contact_email'];
|
||||
$invoice_prefix_escaped = sanitizeInput($row['invoice_prefix']);
|
||||
$contact_name_escaped = sanitizeInput($row['contact_name']);
|
||||
$contact_email_escaped = sanitizeInput($row['contact_email']);
|
||||
$client_name = sanitizeInput($row['client_name']);
|
||||
$contact_name = sanitizeInput($row['contact_name']);
|
||||
$contact_email = sanitizeInput($row['contact_email']);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$company_name = $row['company_name'];
|
||||
$company_country = $row['company_country'];
|
||||
$company_address = $row['company_address'];
|
||||
$company_city = $row['company_city'];
|
||||
$company_state = $row['company_state'];
|
||||
$company_zip = $row['company_zip'];
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = $row['company_email'];
|
||||
$company_website = $row['company_website'];
|
||||
$company_logo = $row['company_logo'];
|
||||
$company_name = sanitizeInput($row['company_name']);
|
||||
$company_country = sanitizeInput($row['company_country']);
|
||||
$company_address = sanitizeInput($row['company_address']);
|
||||
$company_city = sanitizeInput($row['company_city']);
|
||||
$company_state = sanitizeInput($row['company_state']);
|
||||
$company_zip = sanitizeInput($row['company_zip']);
|
||||
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
|
||||
$company_email = sanitizeInput($row['company_email']);
|
||||
$company_website = sanitizeInput($row['company_website']);
|
||||
$company_logo = sanitizeInput($row['company_logo']);
|
||||
|
||||
// Sanitize Config vars from get_settings.php
|
||||
$config_invoice_from_name_escaped = sanitizeInput($config_invoice_from_name);
|
||||
$config_invoice_from_email_escaped = sanitizeInput($config_invoice_from_email);
|
||||
$config_invoice_from_name = sanitizeInput($config_invoice_from_name);
|
||||
$config_invoice_from_email = sanitizeInput($config_invoice_from_email);
|
||||
|
||||
$sql_payments = mysqli_query($mysqli,"SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payment_id DESC");
|
||||
|
||||
|
|
@ -998,20 +988,20 @@ if (isset($_GET['email_invoice'])) {
|
|||
$balance = $invoice_amount - $amount_paid;
|
||||
|
||||
if ($invoice_status == 'Paid') {
|
||||
$subject = sanitizeInput("Invoice $invoice_prefix$invoice_number Receipt");
|
||||
$body = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>Please click on the link below to see your invoice marked <b>paid</b>.<br><br><a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>Invoice Link</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone");
|
||||
$subject = "Invoice $invoice_prefix$invoice_number Receipt";
|
||||
$body = "Hello $contact_name\,<br><br>Please click on the link below to see your invoice marked <b>paid</b>.<br><br><a href=\'https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>Invoice Link</a><br><br><br>--<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
|
||||
} else {
|
||||
$subject = sanitizeInput("Invoice $invoice_prefix$invoice_number");
|
||||
$body = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Balance Due: " . numfmt_format_currency($currency_format, $balance, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>Billing Department<br>$config_invoice_from_email<br>$company_phone");
|
||||
$subject = "Invoice $invoice_prefix$invoice_number";
|
||||
$body = "Hello $contact_name\,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "<br>Balance Due: " . numfmt_format_currency($currency_format, $balance, $invoice_currency_code) . "<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href=\'https://$config_base_url/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>here</a><br><br><br>--<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
|
||||
}
|
||||
|
||||
// Queue Mail
|
||||
$data = [
|
||||
[
|
||||
'from' => $config_invoice_from_email_escaped,
|
||||
'from_name' => $config_invoice_from_name_escaped,
|
||||
'recipient' => $contact_email_escaped,
|
||||
'recipient_name' => $contact_name_escaped,
|
||||
'from' => $config_invoice_from_email,
|
||||
'from_name' => $config_invoice_from_name,
|
||||
'recipient' => $contact_email,
|
||||
'recipient_name' => $contact_name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
]
|
||||
|
|
@ -1031,7 +1021,7 @@ if (isset($_GET['email_invoice'])) {
|
|||
}
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix_escaped$invoice_number queued to $contact_email_escaped Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix$invoice_number queued to $contact_email Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
|
||||
|
||||
// Send copies of the invoice to any additional billing contacts
|
||||
$sql_billing_contacts = mysqli_query(
|
||||
|
|
@ -1061,7 +1051,7 @@ if (isset($_GET['email_invoice'])) {
|
|||
];
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix_escaped$invoice_number queued to $billing_contact_email Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Email', log_description = 'Invoice $invoice_prefix$invoice_number queued to $billing_contact_email Email ID: $email_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $invoice_id");
|
||||
}
|
||||
|
||||
addToMailQueue($mysqli, $data);
|
||||
|
|
@ -1152,32 +1142,32 @@ if (isset($_GET['force_recurring'])) {
|
|||
);
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
$invoice_prefix = $row['invoice_prefix'];
|
||||
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
|
||||
$invoice_number = intval($row['invoice_number']);
|
||||
$invoice_scope = $row['invoice_scope'];
|
||||
$invoice_date = $row['invoice_date'];
|
||||
$invoice_due = $row['invoice_due'];
|
||||
$invoice_scope = sanitizeInput($row['invoice_scope']);
|
||||
$invoice_date = sanitizeInput($row['invoice_date']);
|
||||
$invoice_due = sanitizeInput($row['invoice_due']);
|
||||
$invoice_amount = floatval($row['invoice_amount']);
|
||||
$invoice_url_key = $row['invoice_url_key'];
|
||||
$invoice_url_key = sanitizeInput($row['invoice_url_key']);
|
||||
$client_id = intval($row['client_id']);
|
||||
$client_name = $row['client_name'];
|
||||
$contact_name = $row['contact_name'];
|
||||
$contact_email = $row['contact_email'];
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_extension = $row['contact_extension'];
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$client_name = sanitizeInput($row['client_name']);
|
||||
$contact_name = sanitizeInput($row['contact_name']);
|
||||
$contact_email = sanitizeInput($row['contact_email']);
|
||||
$contact_phone = sanitizeInput(formatPhoneNumber($row['contact_phone']));
|
||||
$contact_extension = intval($row['contact_extension']);
|
||||
$contact_mobile = sanitizeInput(formatPhoneNumber($row['contact_mobile']));
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$company_name = $row['company_name'];
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_email = $row['company_email'];
|
||||
$company_website = $row['company_website'];
|
||||
$company_name = sanitizeInput($row['company_name']);
|
||||
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
|
||||
$company_email = sanitizeInput($row['company_email']);
|
||||
$company_website = sanitizeInput($row['company_website']);
|
||||
|
||||
// Email to client
|
||||
|
||||
$subject = mysqli_real_escape_string($mysqli, "Invoice $invoice_prefix$invoice_number");
|
||||
$body = mysqli_real_escape_string($mysqli, "Hello $contact_name,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: $$invoice_amount<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href='https://$config_base_url/guest_view_invoice.php?invoice_id=$new_invoice_id&url_key=$invoice_url_key'>here</a><br><br><br>~<br>$company_name<br>$company_phone");
|
||||
$subject = "Invoice $invoice_prefix$invoice_number";
|
||||
$body = "Hello $contact_name\,<br><br>Please view the details of the invoice below.<br><br>Invoice: $invoice_prefix$invoice_number<br>Issue Date: $invoice_date<br>Total: $$invoice_amount<br>Due Date: $invoice_due<br><br><br>To view your invoice click <a href=\'https://$config_base_url/guest_view_invoice.php?invoice_id=$new_invoice_id&url_key=$invoice_url_key\'>here</a><br><br><br>--<br>$company_name - Billing<br>$company_phone";
|
||||
|
||||
|
||||
$data = [
|
||||
|
|
|
|||
Loading…
Reference in New Issue