Enforce accountant/admin roles to view financial reports

2026-02-28 02:44:53 +00:00 · 2023-02-01 21:28:17 +00:00
parent e79ba696bd
commit baf03d46ac
8 changed files with 935 additions and 919 deletions
--- a/report_income_by_client.php
+++ b/report_income_by_client.php
@@ -1,16 +1,18 @@
-<?php include("inc_all_reports.php"); ?>
-<?php 
+<?php
+
+require_once("inc_all_reports.php");
+validateAccountantRole();

 if (isset($_GET['year'])) {
-  $year = intval($_GET['year']);
-}else{
-  $year = date('Y');
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
 }

 if (isset($_GET['year'])) {
-  $year = intval($_GET['year']);
-}else{
-  $year = date('Y');
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
 }

 $sql_payment_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(payment_date) AS payment_year FROM payments WHERE company_id = $session_company_id UNION SELECT DISTINCT YEAR(revenue_date) AS payment_year FROM revenues WHERE company_id = $session_company_id ORDER BY payment_year DESC");
@@ -20,64 +22,64 @@ $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $s
 ?>

 <div class="card card-dark">
-  <div class="card-header py-2">
-    <h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Income By Client</h3>
-    <div class="card-tools">
-      <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print"></i> Print</button>
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Income By Client</h3>
+        <div class="card-tools">
+            <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print"></i> Print</button>
+        </div>
    </div>
-  </div>
-  <div class="card-body">
-    <form class="mb-3">
-      <select onchange="this.form.submit()" class="form-control" name="year">
-        <?php 
-                
-        while ($row = mysqli_fetch_array($sql_payment_years)) {
-          $payment_year = $row['payment_year'];
-        ?>
-        <option <?php if ($year == $payment_year) { ?> selected <?php } ?> > <?php echo $payment_year; ?></option>
-        
-        <?php
-        }
-        ?>
+    <div class="card-body">
+        <form class="mb-3">
+            <select onchange="this.form.submit()" class="form-control" name="year">
+                <?php

-      </select>
-    </form>
+                while ($row = mysqli_fetch_array($sql_payment_years)) {
+                    $payment_year = $row['payment_year'];
+                    ?>
+                    <option <?php if ($year == $payment_year) { ?> selected <?php } ?> > <?php echo $payment_year; ?></option>

-    <div class="table-responsive">
-      <table class="table table-striped">
-        <thead>
-          <tr>
-            <th>Client</th>
-            <th class="text-right">Paid</th>
-          </tr>
-        </thead>
-        <tbody>
-          <?php
-          while ($row = mysqli_fetch_array($sql_clients)) {
-            $client_id = $row['client_id'];
-            $client_name = htmlentities($row['client_name']);
+                    <?php
+                }
+                ?>

-            $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND invoice_client_id = $client_id");
-            $row = mysqli_fetch_array($sql_amount_paid);
-            
-            $amount_paid = floatval($row['amount_paid']);
+            </select>
+        </form>

-            if ($amount_paid > 599) {
+        <div class="table-responsive">
+            <table class="table table-striped">
+                <thead>
+                <tr>
+                    <th>Client</th>
+                    <th class="text-right">Paid</th>
+                </tr>
+                </thead>
+                <tbody>
+                <?php
+                while ($row = mysqli_fetch_array($sql_clients)) {
+                    $client_id = $row['client_id'];
+                    $client_name = htmlentities($row['client_name']);

-              ?>
+                    $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND invoice_client_id = $client_id");
+                    $row = mysqli_fetch_array($sql_amount_paid);

-              <tr>
-                <td><?php echo $client_name; ?></td>
-                <td class="text-right"><?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?></td>
-              </tr>
-              <?php 
-              } 
-            }
-            ?>
-        </tbody>
-      </table>
+                    $amount_paid = floatval($row['amount_paid']);
+
+                    if ($amount_paid > 599) {
+
+                        ?>
+
+                        <tr>
+                            <td><?php echo $client_name; ?></td>
+                            <td class="text-right"><?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?></td>
+                        </tr>
+                        <?php
+                    }
+                }
+                ?>
+                </tbody>
+            </table>
+        </div>
    </div>
-  </div>
 </div>

-<?php include("footer.php"); ?>
+<?php require_once("footer.php"); ?>