From cc4c2e6bf7650535ac6ca31bb8378f1bbbc1ca74 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 10 Apr 2022 13:42:47 +0100
Subject: [PATCH] - Enforce role check when editing/deleting scheduled tickets
 - Add scheduled tickets to client view - Add search and pagination to
 scheduled tickets - Populate scheduled ticket edit modals dynamically - Minor
 typos

---
 ajax.php                        |  65 ++++++++++
 client_domain_edit_modal.php    |   4 +-
 client_domains.php              |   2 +-
 client_routes.php               |  11 +-
 client_scheduled_tickets.php    | 150 +++++++++++++++++++++++
 client_shared_items.php         |   7 +-
 client_side_nav.php             |   7 ++
 js/scheduledTickets.js          |  63 ++++++++++
 post.php                        |  16 +--
 scheduled_ticket_edit_modal.php | 172 +++++++++++++--------------
 scheduled_tickets.php           | 203 +++++++++++++++++++-------------
 11 files changed, 511 insertions(+), 189 deletions(-)
 create mode 100644 client_scheduled_tickets.php
 create mode 100644 js/scheduledTickets.js

diff --git a/ajax.php b/ajax.php
index 8d6265c7..ff0f1cd9 100644
--- a/ajax.php
+++ b/ajax.php
@@ -58,6 +58,13 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
  * Looks up info for a given certificate ID from the database, used to dynamically populate modal fields
  */
 if(isset($_GET['certificate_get_json_details'])){
+  if($session_user_role == 1){
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "You are not permitted to do that!";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+    exit();
+  }
+
   $certificate_id = intval($_GET['certificate_id']);
   $client_id = intval($_GET['client_id']);
 
@@ -80,6 +87,13 @@ if(isset($_GET['certificate_get_json_details'])){
  * Looks up info for a given domain ID from the database, used to dynamically populate modal fields
  */
 if(isset($_GET['domain_get_json_details'])){
+  if($session_user_role == 1){
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "You are not permitted to do that!";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+    exit();
+  }
+
   $domain_id = intval($_GET['domain_id']);
   $client_id = intval($_GET['client_id']);
 
@@ -102,6 +116,13 @@ if(isset($_GET['domain_get_json_details'])){
  * Looks up info on the ticket number provided, used to populate the ticket merge modal
  */
 if(isset($_GET['merge_ticket_get_json_details'])){
+  if($session_user_role == 1){
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "You are not permitted to do that!";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+    exit();
+  }
+
   $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
 
   $sql = mysqli_query($mysqli,"SELECT * FROM tickets
@@ -123,6 +144,13 @@ if(isset($_GET['merge_ticket_get_json_details'])){
  * Looks up info for a given network ID from the database, used to dynamically populate modal fields
  */
 if(isset($_GET['network_get_json_details'])){
+  if($session_user_role == 1){
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "You are not permitted to do that!";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+    exit();
+  }
+
   $network_id = intval($_GET['network_id']);
   $client_id = intval($_GET['client_id']);
 
@@ -200,6 +228,13 @@ if(isset($_GET['ticket_query_views'])){
  * Generates public/guest links for sharing logins/docs
  */
 if(isset($_GET['share_generate_link'])){
+  if($session_user_role == 1){
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "You are not permitted to do that!";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+    exit();
+  }
+
   $client_id = intval($_GET['client_id']);
   $item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
   $item_id = intval($_GET['id']);
@@ -239,4 +274,34 @@ if(isset($_GET['share_generate_link'])){
   // Logging
   mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
 
+}
+
+/*
+ *  Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields
+ */
+if(isset($_GET['scheduled_ticket_get_json_details'])){
+  if($session_user_role == 1){
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "You are not permitted to do that!";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+    exit();
+  }
+
+  $client_id = intval($_GET['client_id']);
+  $ticket_id = intval($_GET['ticket_id']);
+
+  $ticket_sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets
+    WHERE scheduled_ticket_id = $ticket_id
+    AND scheduled_ticket_client_id = $client_id LIMIT 1");
+  while($row = mysqli_fetch_array($ticket_sql)){
+    $response['ticket'][] = $row;
+  }
+
+  $asset_sql = mysqli_query($mysqli, "SELECT asset_id, asset_name FROM assets WHERE asset_client_id = $client_id AND asset_archived_at IS NULL");
+  while($row = mysqli_fetch_array($asset_sql)){
+    $response['assets'][] = $row;
+  }
+
+  echo json_encode($response);
+
 }
\ No newline at end of file
diff --git a/client_domain_edit_modal.php b/client_domain_edit_modal.php
index 9a3c0bff..89a0f4df 100644
--- a/client_domain_edit_modal.php
+++ b/client_domain_edit_modal.php
@@ -32,7 +32,7 @@
                   <div class="input-group-prepend">
                     <span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
                   </div>
-                  <input type="text" class="form-control" name="name" id="editDomainName"  placeholder="Domain name example.com" value="" required>
+                  <input type="text" class="form-control" name="name" id="editDomainName" placeholder="Domain name example.com" value="" required>
                 </div>
               </div>
 
@@ -64,7 +64,7 @@
                   <div class="input-group-prepend">
                     <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
                   </div>
-                  <input type="date" class="form-control" id="editExpire" name="expire" value="">
+                  <input type="date" class="form-control" id="editExpire" name="expire">
                 </div>
               </div>
 
diff --git a/client_domains.php b/client_domains.php
index 30fe12db..46df0a4e 100644
--- a/client_domains.php
+++ b/client_domains.php
@@ -161,7 +161,7 @@ include("client_domain_add_modal.php");
                 // If we get a response from post.php, parse it as JSON
                 const response = JSON.parse(data);
 
-                // Access the domain info (one), registrars (multiple) and webhosts (multiple_
+                // Access the domain info (one), registrars (multiple) and webhosts (multiple)
                 const domain = response.domain[0];
                 const vendors = response.vendors;
 
diff --git a/client_routes.php b/client_routes.php
index c3c4d505..bd26b408 100644
--- a/client_routes.php
+++ b/client_routes.php
@@ -102,14 +102,17 @@ if(isset($_GET['tab'])){
   elseif($_GET['tab'] == "logs"){
       include("client_logs.php");
   }
-  elseif($_GET['tab'] == "shared-items"){
-    if($session_user_role > 1){
+  elseif($_GET['tab'] == "shared-items") {
+    if ($session_user_role > 1) {
       include("client_shared_items.php");
     }
   }
+  elseif($_GET['tab'] == "scheduled-tickets") {
+    if ($session_user_role > 1) {
+      include("client_scheduled_tickets.php");
+    }
+  }
 }
 else{
   include("client_overview.php");
 }
-
-?>
\ No newline at end of file
diff --git a/client_scheduled_tickets.php b/client_scheduled_tickets.php
new file mode 100644
index 00000000..ab6c0adc
--- /dev/null
+++ b/client_scheduled_tickets.php
@@ -0,0 +1,150 @@
+<?php
+
+//Paging
+if(isset($_GET['p'])){
+  $p = intval($_GET['p']);
+  $record_from = (($p)-1)*$_SESSION['records_per_page'];
+  $record_to = $_SESSION['records_per_page'];
+}else{
+  $record_from = 0;
+  $record_to = $_SESSION['records_per_page'];
+  $p = 1;
+}
+
+if(isset($_GET['q'])){
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+}else{
+  $q = "";
+}
+
+if(!empty($_GET['sb'])){
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+}else{
+  $sb = "scheduled_ticket_subject";
+}
+
+if(isset($_GET['o'])){
+  if($_GET['o'] == 'ASC'){
+    $o = "ASC";
+    $disp = "DESC";
+  }else{
+    $o = "DESC";
+    $disp = "ASC";
+  }
+}else{
+  $o = "ASC";
+  $disp = "DESC";
+}
+
+// Current tab
+$tab = str_replace('-', ' ', htmlentities($_GET['tab']));
+
+//Rebuild URL
+$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
+
+// SQL
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM scheduled_tickets
+  LEFT JOIN clients on scheduled_ticket_client_id = client_id
+  WHERE scheduled_ticket_client_id = $client_id 
+  AND scheduled_tickets.scheduled_ticket_subject LIKE '%$q%'
+  ORDER BY $sb $o LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+
+
+?>
+<script src="js/scheduledTickets.js"></script>
+
+<div class="card card-dark">
+  <div class="card-header">
+    <h3 class="card-title mt-2"><i class="fa fa-fw fa-sync"></i> Scheduled Tickets</h3>
+  </div>
+
+  <div class="card-body">
+
+    <form autocomplete="off">
+      <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
+      <input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
+      <div class="row">
+
+        <div class="col-md-4">
+          <div class="input-group mb-3 mb-md-0">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($tab); ?>">
+            <div class="input-group-append">
+              <button class="btn btn-dark"><i class="fa fa-search"></i></button>
+            </div>
+          </div>
+        </div>
+
+      </div>
+    </form>
+    <hr>
+
+    <div class="table-responsive">
+      <table class="table table-striped table-borderless table-hover">
+        <thead class="<?php if ($num_rows[0] == 0) {
+          echo "d-none";
+        } ?>">
+        <tr>
+          <th><a class="text-dark">Subject</a></th>
+          <th><a class="text-dark">Priority</a></th>
+          <th><a class="text-dark">Frequency</a></th>
+          <th><a class="text-dark">Next Run Date</a></th>
+
+          <th class="text-center">Action</th>
+        </tr>
+        </thead>
+        <tbody>
+        <?php
+
+        while ($row = mysqli_fetch_array($sql)) {
+          $scheduled_ticket_id = $row['scheduled_ticket_id'];
+          $scheduled_ticket_subject = $row['scheduled_ticket_subject'];
+          $scheduled_ticket_priority = $row['scheduled_ticket_priority'];
+          $scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
+          $scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
+          ?>
+
+          <tr>
+            <td><a href="#" data-toggle="modal" data-target="#editScheduledTicketModal"
+                   onclick="populateScheduledTicketEditModal(<?php echo $client_id, ",", $scheduled_ticket_id ?>)"> <?php echo $scheduled_ticket_subject ?> </a></td>
+            <td><a> <?php echo $scheduled_ticket_priority ?></a></td>
+            <td><a> <?php echo $scheduled_ticket_frequency ?></a></td>
+            <td><a> <?php echo $scheduled_ticket_next_run ?></a></td>
+
+            <td>
+              <div class="dropdown dropleft text-center">
+                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                  <i class="fas fa-ellipsis-h"></i>
+                </button>
+                <div class="dropdown-menu">
+                  <a class="dropdown-item" href="#" data-toggle="modal"
+                     data-target="#editScheduledTicketModal" onclick="populateScheduledTicketEditModal(<?php echo $client_id, ",", $scheduled_ticket_id ?>)">Edit</a>
+                  <?php
+                  if($session_user_role == 3){
+                  ?>
+                  <div class="dropdown-divider"></div>
+                  <a class="dropdown-item text-danger"
+                     href="post.php?delete_scheduled_ticket=<?php echo $scheduled_ticket_id; ?>">Delete</a>
+                </div>
+                <?php
+                }
+                ?>
+              </div>
+            </td>
+          </tr>
+
+          <?php
+        }
+        ?>
+
+        </tbody>
+      </table>
+    </div>
+    <?php
+    include('pagination.php');
+    include("scheduled_ticket_edit_modal.php")
+    ?>
+  </div>
+</div>
\ No newline at end of file
diff --git a/client_shared_items.php b/client_shared_items.php
index ee1c5fa6..8a1d6a39 100644
--- a/client_shared_items.php
+++ b/client_shared_items.php
@@ -39,6 +39,9 @@ if(isset($_GET['o'])){
   $disp = "DESC";
 }
 
+// Current tab
+$tab = str_replace('-', ' ', htmlentities($_GET['tab']));
+
 //Rebuild URL
 $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
 
@@ -60,12 +63,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
     <div class="card-body">
       <form autocomplete="off">
         <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
-        <input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
+        <input type="hidden" name="tab" value="<?php echo  strip_tags($_GET['tab']); ?>">
         <div class="row">
 
           <div class="col-md-4">
             <div class="input-group mb-3 mb-md-0">
-              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
+              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($tab); ?>">
               <div class="input-group-append">
                 <button class="btn btn-dark"><i class="fa fa-search"></i></button>
               </div>
diff --git a/client_side_nav.php b/client_side_nav.php
index 5c422a1d..90b438d6 100644
--- a/client_side_nav.php
+++ b/client_side_nav.php
@@ -306,6 +306,13 @@
           </a>
         </li>
 
+        <li class="nav-item">
+          <a href="?client_id=<?php echo $client_id; ?>&tab=scheduled-tickets" class="nav-link <?php if($_GET['tab'] == "scheduled-tickets") { echo "active"; } ?>">
+            <i class="nav-icon fas fa-sync"></i>
+            <p>Scheduled Tickets</p>
+          </a>
+        </li>
+
         <li class="nav-item">
           <a href="?client_id=<?php echo $client_id; ?>&tab=logs" class="nav-link <?php if($_GET['tab'] == "logs") { echo "active"; } ?>">
             <i class="nav-icon fas fa-eye"></i>
diff --git a/js/scheduledTickets.js b/js/scheduledTickets.js
new file mode 100644
index 00000000..8922823e
--- /dev/null
+++ b/js/scheduledTickets.js
@@ -0,0 +1,63 @@
+function populateScheduledTicketEditModal(client_id, ticket_id) {
+
+    // Send a GET request to ajax.php as ajax.php?scheduled_ticket_get_json_details=true&client_id=NUM&ticket_id=NUM
+    jQuery.get(
+        "ajax.php",
+        {scheduled_ticket_get_json_details: 'true', client_id: client_id, ticket_id: ticket_id},
+        function(data){
+
+            // If we get a response from post.php, parse it as JSON
+            const response = JSON.parse(data);
+
+            // Access the ticket info, and all potential assets
+            const ticket = response.ticket[0];
+            const assets = response.assets;
+
+            // Populate the scheduled ticket modal fields
+            document.getElementById("editHeader").innerText = " Edit Scheduled ticket: " + ticket.scheduled_ticket_subject;
+            document.getElementById("editTicketId").value = ticket_id;
+            document.getElementById("editClientId").value = client_id;
+            document.getElementById("editTicketSubject").value = ticket.scheduled_ticket_subject;
+            document.getElementById("editTicketNextRun").value = ticket.scheduled_ticket_next_run;
+            $('#editTicketDetails').summernote('code', ticket.scheduled_ticket_details);
+
+
+            // Frequency dropdown
+            var frequencyDropdown = document.querySelector("#editTicketFrequency");
+            Array.from(frequencyDropdown.options).forEach(function (option, index){
+                if(option.id === ticket.scheduled_ticket_frequency){
+                    frequencyDropdown.selectedIndex = index;
+                }
+            });
+
+            // Priority dropdown
+            var priorityDropdown = document.querySelector("#editTicketPriority");
+            Array.from(priorityDropdown.options).forEach(function (option, index){
+                if(option.id === ticket.scheduled_ticket_priority){
+                    priorityDropdown.selectedIndex = index;
+                }
+            });
+
+            // Asset dropdown
+            var assetDropdown = document.getElementById("editTicketAssetId");
+
+            // Clear asset dropdown
+            var i, L = assetDropdown.options.length -1;
+            for(i = L; i >= 0; i--) {
+                assetDropdown.remove(i);
+            }
+            assetDropdown[assetDropdown.length] = new Option('- Asset -', '0');
+
+            // Populate dropdown
+            assets.forEach(asset => {
+                if(parseInt(asset.asset_id) == parseInt(ticket.scheduled_ticket_asset_id)){
+                    // Selected asset
+                    assetDropdown[assetDropdown.length] = new Option(asset.asset_name, asset.asset_id, true, true);
+                }
+                else{
+                    assetDropdown[assetDropdown.length] = new Option(asset.asset_name, asset.asset_id);
+                }
+            });
+        }
+    );
+}
\ No newline at end of file
diff --git a/post.php b/post.php
index 4da7d7eb..61b3652e 100644
--- a/post.php
+++ b/post.php
@@ -2817,7 +2817,7 @@ if(isset($_POST['edit_transfer'])){
 if(isset($_GET['delete_transfer'])){
     $transfer_id = intval($_GET['delete_transfer']);
 
-    //Query the transfer ID to get the Pyament and Expense IDs so we can delete those as well
+    //Query the transfer ID to get the Payment and Expense IDs so we can delete those as well
     $sql = mysqli_query($mysqli,"SELECT * FROM transfers WHERE transfer_id = $transfer_id AND company_id = $session_company_id");
     $row = mysqli_fetch_array($sql);
     $expense_id = $row['transfer_expense_id'];
@@ -3802,7 +3802,7 @@ if(isset($_POST['add_payment'])){
     $amount = floatval($_POST['amount']);
     $account = intval($_POST['account']);
     $currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['currency_code'])));
-    $payment_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['payment_method'])));
+  $payment_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['payment_method'])));
     $reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference'])));
     $email_receipt = intval($_POST['email_receipt']);
     $base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
@@ -6031,7 +6031,7 @@ if(isset($_POST['edit_scheduled_ticket'])){
     mysqli_query($mysqli, "UPDATE scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_next_run = '$next_run_date', scheduled_ticket_updated_at = NOW(), scheduled_ticket_asset_id = '$asset_id', company_id = '$session_company_id' WHERE scheduled_ticket_id = '$ticket_id'");
 
     // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Updated scheduled ticket for $subject - $frequency', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Updated scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
 
     $_SESSION['alert_message'] = "Scheduled ticket updated.";
 
@@ -6041,11 +6041,11 @@ if(isset($_POST['edit_scheduled_ticket'])){
 
 if(isset($_GET['delete_scheduled_ticket'])){
 
-    if($session_user_role == 1){
-      $_SESSION['alert_type'] = "danger";
-      $_SESSION['alert_message'] = "You are not permitted to do that!";
-      header("Location: " . $_SERVER["HTTP_REFERER"]);
-      exit();
+    if($session_user_role != 3){
+        $_SESSION['alert_type'] = "danger";
+        $_SESSION['alert_message'] = "You are not permitted to do that!";
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+        exit();
     }
 
     $scheduled_ticket_id = intval($_GET['delete_scheduled_ticket']);
diff --git a/scheduled_ticket_edit_modal.php b/scheduled_ticket_edit_modal.php
index 969dede2..b6f0a13a 100644
--- a/scheduled_ticket_edit_modal.php
+++ b/scheduled_ticket_edit_modal.php
@@ -1,101 +1,91 @@
-<div class="modal" id="editScheduledTicketModal<?php echo $scheduled_ticket_id ?>" tabindex="-1">
-    <div class="modal-dialog modal-lg">
-        <div class="modal-content bg-dark">
-            <div class="modal-header">
-                <h5 class="modal-title"><i class="fa fa-fw fa-sync"></i> Edit Scheduled Ticket - <?php echo "$scheduled_ticket_subject for $scheduled_ticket_client_name "?></h5>
-                <button type="button" class="close text-white" data-dismiss="modal">
-                    <span>&times;</span>
-                </button>
+<div class="modal" id="editScheduledTicketModal" tabindex="-1">
+  <div class="modal-dialog modal-lg">
+    <div class="modal-content bg-dark">
+      <div class="modal-header">
+        <h5 class="modal-title"><i class="fa fa-fw fa-sync"></i><span id="editHeader"></span></h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+          <span>&times;</span>
+        </button>
+      </div>
+      <form action="post.php" method="post" autocomplete="off">
+        <div class="modal-body bg-white">
+          <input type="hidden" name="ticket_id" id="editTicketId"">
+          <input type="hidden" name="client_id" id="editClientId">
+
+          <div class="form-group">
+            <label>Frequency <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-calendar-plus"></i></span>
+              </div>
+              <!-- Not using select2 as couldn't get this working with Javascript modal population -->
+              <select class="form-control" name="frequency" required id="editTicketFrequency">
+                <option id="Weekly">Weekly</option>
+                <option id="Monthly">Monthly</option>
+                <option id="Quarterly">Quarterly</option>
+                <option id="Biannually">Biannually</option>
+                <option id="Annually">Annually</option>
+              </select>
             </div>
-            <form action="post.php" method="post" autocomplete="off">
-                <div class="modal-body bg-white">
-                    <input type="hidden" name="ticket_id" value="<?php echo $scheduled_ticket_id; ?>">
-                    <input type="hidden" name="client_id" value="<?php echo $scheduled_ticket_client_id; ?>">
+          </div>
 
-                    <div class="form-group">
-                        <label>Frequency <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-calendar-plus"></i></span>
-                            </div>
-                            <select class="form-control select2" name="frequency" required>
-                                <option <?php if($scheduled_ticket_frequency == "Weekly") {echo "selected";} ?>>Weekly</option>
-                                <option <?php if($scheduled_ticket_frequency == "Monthly") {echo "selected";} ?>>Monthly</option>
-                                <option <?php if($scheduled_ticket_frequency == "Quarterly") {echo "selected";} ?>>Quarterly</option>
-                                <option <?php if($scheduled_ticket_frequency == "Biannually") {echo "selected";} ?>>Biannually</option>
-                                <option <?php if($scheduled_ticket_frequency == "Annually") {echo "selected";} ?>>Annually</option>
-                            </select>
-                        </div>
-                    </div>
+          <div class="form-group">
+            <label>Next run date <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-calendar-day"></i></span>
+              </div>
+              <input class="form-control" type="date" name="next_date" id="editTicketNextRun">
+            </div>
+          </div>
 
-                    <div class="form-group">
-                        <label>Next run date <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-calendar-day"></i></span>
-                            </div>
-                            <input class="form-control" type="date" name="next_date" value="<?php echo $scheduled_ticket_next_run ?>">
-                        </div>
-                    </div>
+          <div class="form-group">
+            <label>Priority <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
+              </div>
+              <!-- Not using select2 as couldn't get this working with Javascript modal population -->
+              <select class="form-control" name="priority" required id="editTicketPriority">
+                <option id="Low">Low</option>
+                <option id="Medium">Medium</option>
+                <option id="High">High</option>
+              </select>
+            </div>
+          </div>
 
-                    <div class="form-group">
-                        <label>Priority <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
-                            </div>
-                            <select class="form-control select2" name="priority" required>
-                                <option <?php if($scheduled_ticket_priority == 'Low'){ echo "selected"; } ?> >Low</option>
-                                <option <?php if($scheduled_ticket_priority == 'Medium'){ echo "selected"; } ?> >Medium</option>
-                                <option <?php if($scheduled_ticket_priority == 'High'){ echo "selected"; } ?> >High</option>
-                            </select>
-                        </div>
-                    </div>
+          <div class="form-group">
+            <label>Subject <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+              </div>
+              <input type="text" class="form-control" name="subject" placeholder="Subject" required id="editTicketSubject">
+            </div>
+          </div>
 
-                    <div class="form-group">
-                        <label>Subject <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
-                            </div>
-                            <input type="text" class="form-control" name="subject" placeholder="Subject" required value="<?php echo $scheduled_ticket_subject?>">
-                        </div>
-                    </div>
+          <div class="form-group">
+            <label>Asset</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-desktop"></i></span>
+              </div>
+              <select class="form-control select2" name="asset" id="editTicketAssetId">
+                <option value="0">- None -</option>
+              </select>
+            </div>
+          </div>
 
-                    <div class="form-group">
-                        <label>Asset</label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-desktop"></i></span>
-                            </div>
-                            <select class="form-control select2" name="asset">
-                                <option value="0">- None -</option>
-                                <?php
+          <div class="form-group">
+            <textarea class="form-control summernote" rows="8" name="details" id="editTicketDetails"></textarea>
+          </div>
 
-                                $sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $scheduled_ticket_client_id ORDER BY asset_name ASC");
-                                while($row = mysqli_fetch_array($sql_assets)){
-                                    $asset_id_select = $row['asset_id'];
-                                    $asset_name_select = $row['asset_name'];
-                                    ?>
-                                    <option value="<?php echo $asset_id_select?>" <?php if($asset_id_select == $scheduled_ticket_asset_id){echo "selected";} ?>><?php echo $asset_name_select; ?></option>
-
-                                    <?php
-                                }
-                                ?>
-                            </select>
-                        </div>
-                    </div>
-
-                    <div class="form-group">
-                        <textarea class="form-control summernote" rows="8" name="details"><?php echo $scheduled_ticket_details ?></textarea>
-                    </div>
-
-                </div>
-                <div class="modal-footer bg-white">
-                    <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
-                    <button type="submit" name="edit_scheduled_ticket" class="btn btn-primary">Save</button>
-                </div>
-            </form>
         </div>
+        <div class="modal-footer bg-white">
+          <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+          <button type="submit" name="edit_scheduled_ticket" class="btn btn-primary">Save</button>
+        </div>
+      </form>
     </div>
+  </div>
 </div>
\ No newline at end of file
diff --git a/scheduled_tickets.php b/scheduled_tickets.php
index 03080515..c4f7cd87 100644
--- a/scheduled_tickets.php
+++ b/scheduled_tickets.php
@@ -3,102 +3,143 @@ include("inc_all.php");
 
 //Paging
 if(isset($_GET['p'])){
-    $p = intval($_GET['p']);
-    $record_from = (($p)-1)*$_SESSION['records_per_page'];
-    $record_to = $_SESSION['records_per_page'];
+  $p = intval($_GET['p']);
+  $record_from = (($p)-1)*$_SESSION['records_per_page'];
+  $record_to = $_SESSION['records_per_page'];
 }else{
-    $record_from = 0;
-    $record_to = $_SESSION['records_per_page'];
-    $p = 1;
+  $record_from = 0;
+  $record_to = $_SESSION['records_per_page'];
+  $p = 1;
 }
 
-$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM scheduled_tickets LEFT JOIN clients on scheduled_ticket_client_id = client_id");
+if(isset($_GET['q'])){
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+}else{
+  $q = "";
+}
+
+if(!empty($_GET['sb'])){
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+}else{
+  $sb = "scheduled_ticket_subject";
+}
+
+if(isset($_GET['o'])){
+  if($_GET['o'] == 'ASC'){
+    $o = "ASC";
+    $disp = "DESC";
+  }else{
+    $o = "DESC";
+    $disp = "ASC";
+  }
+}else{
+  $o = "ASC";
+  $disp = "DESC";
+}
+
+//Rebuild URL
+$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
+
+// SQL
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM scheduled_tickets
+  LEFT JOIN clients on scheduled_ticket_client_id = client_id
+  WHERE scheduled_tickets.scheduled_ticket_subject LIKE '%$q%'
+  ORDER BY $sb $o LIMIT $record_from, $record_to"
+);
+
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 ?>
 
+<script src="js/scheduledTickets.js"></script>
+
 <div class="card card-dark">
-    <div class="card-header py-2">
-        <h3 class="card-title mt-2"><i class="fa fa-fw fa-sync"></i> Scheduled Tickets</h3>
-    </div>
+  <div class="card-header">
+    <h3 class="card-title mt-2"><i class="fa fa-fw fa-sync"></i> Scheduled Tickets</h3>
+  </div>
 
-    <?php
-    if($num_rows[0] == 0){
-        echo "<center><h2 class='text-secondary mt-5'>Nothing to see here</h2><br>";
-    }
-    else {
-        ?>
-        <div class="card-body">
-            <div class="table-responsive">
-                <table class="table table-striped table-borderless table-hover">
-                    <thead class="<?php if ($num_rows[0] == 0) {
-                        echo "d-none";
-                    } ?>">
-                    <tr>
-                        <th><a class="text-dark">Client</a></th>
-                        <th><a class="text-dark">Subject</a></th>
-                        <th><a class="text-dark">Priority</a></th>
-                        <th><a class="text-dark">Frequency</a></th>
-                        <th><a class="text-dark">Next Run Date</a></th>
+  <div class="card-body">
 
-                        <th class="text-center">Action</th>
-                    </tr>
-                    </thead>
-                    <tbody>
-                    <?php
+    <form autocomplete="off">
+      <div class="row">
 
-                    while ($row = mysqli_fetch_array($sql)) {
-                        $scheduled_ticket_id = $row['scheduled_ticket_id'];
-                        $scheduled_ticket_client_id = $row['client_id'];
-                        $scheduled_ticket_category = $row['scheduled_ticket_category'];
-                        $scheduled_ticket_subject = $row['scheduled_ticket_subject'];
-                        $scheduled_ticket_details = $row['scheduled_ticket_details'];
-                        $scheduled_ticket_priority = $row['scheduled_ticket_priority'];
-                        $scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
-                        $scheduled_ticket_start_date = $row['scheduled_ticket_start_date'];
-                        $scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
-                        $scheduled_ticket_client_name = $row['client_name'];
-                        $scheduled_ticket_contact_id = $row['scheduled_ticket_contact_id'];
-                        $scheduled_ticket_asset_id = $row['scheduled_ticket_asset_id'];
-                        ?>
-
-                        <tr>
-                            <td><a> <?php echo $scheduled_ticket_client_name ?></a></td>
-                            <td><a> <?php echo $scheduled_ticket_subject ?></a></td>
-                            <td><a> <?php echo $scheduled_ticket_priority ?></a></td>
-                            <td><a> <?php echo $scheduled_ticket_frequency ?></a></td>
-                            <td><a> <?php echo $scheduled_ticket_next_run ?></a></td>
-
-                            <td>
-                                <div class="dropdown dropleft text-center">
-                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
-                                        <i class="fas fa-ellipsis-h"></i>
-                                    </button>
-                                    <div class="dropdown-menu">
-                                        <a class="dropdown-item" href="#" data-toggle="modal"
-                                           data-target="#editScheduledTicketModal<?php echo $scheduled_ticket_id; ?>">Edit</a>
-                                        <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger"
-                                           href="post.php?delete_scheduled_ticket=<?php echo $scheduled_ticket_id; ?>">Delete</a>
-                                    </div>
-                                </div>
-                            </td>
-                        </tr>
-
-                        <?php
-                        include("scheduled_ticket_edit_modal.php");
-                    }
-                    ?>
-
-                    </tbody>
-                </table>
+        <div class="col-md-4">
+          <div class="input-group mb-3 mb-md-0">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Scheduled Tickets">
+            <div class="input-group-append">
+              <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
+          </div>
         </div>
+
+      </div>
+    </form>
+    <hr>
+
+    <div class="table-responsive">
+      <table class="table table-striped table-borderless table-hover">
+        <thead class="<?php if ($num_rows[0] == 0) {
+          echo "d-none";
+        } ?>">
+        <tr>
+          <th><a class="text-dark">Client</a></th>
+          <th><a class="text-dark">Subject</a></th>
+          <th><a class="text-dark">Priority</a></th>
+          <th><a class="text-dark">Frequency</a></th>
+          <th><a class="text-dark">Next Run Date</a></th>
+
+          <th class="text-center">Action</th>
+        </tr>
+        </thead>
+        <tbody>
         <?php
-    }
+
+        while ($row = mysqli_fetch_array($sql)) {
+          $scheduled_ticket_id = $row['scheduled_ticket_id'];
+          $scheduled_ticket_client_id = $row['client_id'];
+          $scheduled_ticket_subject = $row['scheduled_ticket_subject'];
+          $scheduled_ticket_priority = $row['scheduled_ticket_priority'];
+          $scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
+          $scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
+          $scheduled_ticket_client_name = $row['client_name'];
+          ?>
+
+          <tr>
+            <td><a> <?php echo $scheduled_ticket_client_name ?></a></td>
+            <td><a href="#" data-toggle="modal" data-target="#editScheduledTicketModal"
+                   onclick="populateScheduledTicketEditModal(<?php echo $scheduled_ticket_client_id, ",", $scheduled_ticket_id ?>)"> <?php echo $scheduled_ticket_subject ?> </a></td>                            <td><a> <?php echo $scheduled_ticket_priority ?></a></td>
+            <td><a> <?php echo $scheduled_ticket_frequency ?></a></td>
+            <td><a> <?php echo $scheduled_ticket_next_run ?></a></td>
+
+            <td>
+              <div class="dropdown dropleft text-center">
+                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                  <i class="fas fa-ellipsis-h"></i>
+                </button>
+                <div class="dropdown-menu">
+                  <a class="dropdown-item" href="#" data-toggle="modal"
+                     data-target="#editScheduledTicketModal" onclick="populateScheduledTicketEditModal(<?php echo $scheduled_ticket_client_id, ",", $scheduled_ticket_id ?>)">Edit</a>
+                  <?php
+                  if($session_user_role == 3){ ?>
+                    <div class="dropdown-divider"></div>
+                      <a class="dropdown-item text-danger" href="post.php?delete_scheduled_ticket=<?php echo $scheduled_ticket_id; ?>">Delete</a>
+                    </div>
+                  <?php
+                  } ?>
+              </div>
+        <?php
+        }
+        ?>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+    <?php
+      include('pagination.php');
     ?>
+  </div>
 </div>
 
-
 <?php
-
+include("scheduled_ticket_edit_modal.php");
 include("footer.php");
\ No newline at end of file