" id="advancedFilter">
+
-
+?>
+
+
-
diff --git a/admin/modals/ai/ai_model_add.php b/admin/modals/ai/ai_model_add.php
index 32c3880d..aa40a2fb 100644
--- a/admin/modals/ai/ai_model_add.php
+++ b/admin/modals/ai/ai_model_add.php
@@ -1,73 +1,77 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
-
+
-
+$sql = mysqli_query($mysqli, "SELECT * FROM project_templates WHERE project_template_id = $project_template_id LIMIT 1");
+$row = mysqli_fetch_array($sql);
+$project_template_name = nullable_htmlentities($row['project_template_name']);
+$project_template_description = nullable_htmlentities($row['project_template_description']);
+
+ob_start();
+
+?>
+
+
-
+
+?>
+
+
+
+
+
- Creating: Payment Method
+
-
+?>
+
-
-
-
-
-
+
+
+
+
- Add Payment Provider
+
-
-
-
-
-
+
+
+
+" tabindex="-1">
- Creating Project Template
+
-
-
-
-
-
-
-
+
+
+
+
- Editing Project Template:
+
-
-
-
-
-
-
+
+
+
+
- Adding Ticket Template
+
-
-
-
-
-
+
+
+
+
- New Role
+
-
-
-
-
-
+
+
+
+
diff --git a/admin/modals/tax/tax_add.php b/admin/modals/tax/tax_add.php
index d2ac58b2..57bceba7 100644
--- a/admin/modals/tax/tax_add.php
+++ b/admin/modals/tax/tax_add.php
@@ -1,30 +1,35 @@
-New License Template
+
-
-
-
+
+
+
+
-
-
+
+
+
+
-
-
@@ -98,5 +98,4 @@ $num_rows = mysqli_num_rows($sql);
Payment Providers
-
+
@@ -135,5 +135,4 @@ $num_rows = mysqli_num_rows($sql);
open($zipFilePath, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
- error_log("Failed to open zip file: $zipFilePath");
- http_response_code(500);
- exit("Internal Server Error: Cannot open zip archive.");
- }
-
- $folderPath = realpath($folderPath);
- if (!$folderPath) {
- error_log("Invalid folder path: $folderPath");
- http_response_code(500);
- exit("Internal Server Error: Invalid folder path.");
- }
-
- $files = new RecursiveIteratorIterator(
- new RecursiveDirectoryIterator($folderPath),
- RecursiveIteratorIterator::LEAVES_ONLY
- );
-
- foreach ($files as $file) {
- if (!$file->isDir()) {
- $filePath = $file->getRealPath();
- $relativePath = substr($filePath, strlen($folderPath) + 1);
- $zip->addFile($filePath, $relativePath);
- }
- }
-
- $zip->close();
- };
-
- // === 2. Create all temp files
- $sqlFile = tempnam(sys_get_temp_dir(), $baseName . "_sql_");
- $uploadsZip = tempnam(sys_get_temp_dir(), $baseName . "_uploads_");
- $versionFile = tempnam(sys_get_temp_dir(), $baseName . "_version_");
- $finalZip = tempnam(sys_get_temp_dir(), $baseName . "_backup_");
-
- foreach ([$sqlFile, $uploadsZip, $versionFile, $finalZip] as $f) {
- $registerTempFileForCleanup($f);
- chmod($f, 0600);
+/**
+ * Stream a SQL dump of schema and data into $sqlFile.
+ * - Tables first (DROP + CREATE + INSERTs)
+ * - Views (DROP VIEW + CREATE VIEW)
+ * - Triggers (DROP TRIGGER + CREATE TRIGGER)
+ *
+ * NOTE: Routines/events are not dumped here. Add if needed.
+ */
+function dump_database_streaming(mysqli $mysqli, string $sqlFile): void {
+ $fh = fopen($sqlFile, 'wb');
+ if (!$fh) {
+ http_response_code(500);
+ exit("Cannot open dump file");
}
- // === 3. Generate SQL Dump
- $sqlContent = "-- UTF-8 + Foreign Key Safe Dump\n";
- $sqlContent .= "SET NAMES 'utf8mb4';\n";
- $sqlContent .= "SET foreign_key_checks = 0;\n\n";
+ // Preamble
+ fwrite_ln($fh, "-- UTF-8 + Foreign Key Safe Dump");
+ fwrite_ln($fh, "SET NAMES 'utf8mb4';");
+ fwrite_ln($fh, "SET FOREIGN_KEY_CHECKS = 0;");
+ fwrite_ln($fh, "SET UNIQUE_CHECKS = 0;");
+ fwrite_ln($fh, "SET AUTOCOMMIT = 0;");
+ fwrite_ln($fh, "");
+ // Gather tables and views
$tables = [];
- $res = $mysqli->query("SHOW TABLES");
+ $views = [];
+
+ $res = $mysqli->query("SHOW FULL TABLES");
if (!$res) {
- error_log("MySQL Error: " . $mysqli->error);
+ fclose($fh);
+ error_log("MySQL Error (SHOW FULL TABLES): " . $mysqli->error);
+ http_response_code(500);
exit("Error retrieving tables.");
}
+ while ($row = $res->fetch_array(MYSQLI_NUM)) {
+ $name = $row[0];
+ $type = strtoupper($row[1] ?? '');
+ if ($type === 'VIEW') {
+ $views[] = $name;
+ } else {
+ $tables[] = $name;
+ }
+ }
+ $res->close();
- while ($row = $res->fetch_row()) {
- $tables[] = $row[0];
+ // --- TABLES: structure and data ---
+ foreach ($tables as $table) {
+ $createRes = $mysqli->query("SHOW CREATE TABLE `{$mysqli->real_escape_string($table)}`");
+ if (!$createRes) {
+ error_log("MySQL Error (SHOW CREATE TABLE $table): " . $mysqli->error);
+ // continue to next table
+ continue;
+ }
+ $createRow = $createRes->fetch_assoc();
+ $createSQL = array_values($createRow)[1] ?? '';
+ $createRes->close();
+
+ fwrite_ln($fh, "-- ----------------------------");
+ fwrite_ln($fh, "-- Table structure for `{$table}`");
+ fwrite_ln($fh, "-- ----------------------------");
+ fwrite_ln($fh, "DROP TABLE IF EXISTS `{$table}`;");
+ fwrite_ln($fh, $createSQL . ";");
+ fwrite_ln($fh, "");
+
+ // Dump data in a streaming fashion
+ $dataRes = $mysqli->query("SELECT * FROM `{$mysqli->real_escape_string($table)}`", MYSQLI_USE_RESULT);
+ if ($dataRes) {
+ $wroteHeader = false;
+ while ($row = $dataRes->fetch_assoc()) {
+ if (!$wroteHeader) {
+ fwrite_ln($fh, "-- Dumping data for table `{$table}`");
+ $wroteHeader = true;
+ }
+ $cols = array_map(fn($c) => '`' . $mysqli->real_escape_string($c) . '`', array_keys($row));
+ $vals = array_map(
+ function ($v) use ($mysqli) {
+ return is_null($v) ? "NULL" : "'" . $mysqli->real_escape_string($v) . "'";
+ },
+ array_values($row)
+ );
+ fwrite_ln($fh, "INSERT INTO `{$table}` (" . implode(", ", $cols) . ") VALUES (" . implode(", ", $vals) . ");");
+ }
+ $dataRes->close();
+ if ($wroteHeader) fwrite_ln($fh, "");
+ }
}
- foreach ($tables as $table) {
- $createRes = $mysqli->query("SHOW CREATE TABLE `$table`");
- if (!$createRes) {
- error_log("MySQL Error: " . $mysqli->error);
+ // --- VIEWS ---
+ foreach ($views as $view) {
+ $escView = $mysqli->real_escape_string($view);
+ $cRes = $mysqli->query("SHOW CREATE VIEW `{$escView}`");
+ if ($cRes) {
+ $row = $cRes->fetch_assoc();
+ $createView = $row['Create View'] ?? '';
+ $cRes->close();
+
+ fwrite_ln($fh, "-- ----------------------------");
+ fwrite_ln($fh, "-- View structure for `{$view}`");
+ fwrite_ln($fh, "-- ----------------------------");
+ fwrite_ln($fh, "DROP VIEW IF EXISTS `{$view}`;");
+ // Ensure statement ends with semicolon
+ if (!str_ends_with($createView, ';')) $createView .= ';';
+ fwrite_ln($fh, $createView);
+ fwrite_ln($fh, "");
+ }
+ }
+
+ // --- TRIGGERS ---
+ $tRes = $mysqli->query("SHOW TRIGGERS");
+ if ($tRes) {
+ while ($t = $tRes->fetch_assoc()) {
+ $triggerName = $t['Trigger'];
+ $escTrig = $mysqli->real_escape_string($triggerName);
+ $crt = $mysqli->query("SHOW CREATE TRIGGER `{$escTrig}`");
+ if ($crt) {
+ $row = $crt->fetch_assoc();
+ $createTrig = $row['SQL Original Statement'] ?? ($row['Create Trigger'] ?? '');
+ $crt->close();
+
+ fwrite_ln($fh, "-- ----------------------------");
+ fwrite_ln($fh, "-- Trigger for `{$triggerName}`");
+ fwrite_ln($fh, "-- ----------------------------");
+ fwrite_ln($fh, "DROP TRIGGER IF EXISTS `{$triggerName}`;");
+ if (!str_ends_with($createTrig, ';')) $createTrig .= ';';
+ fwrite_ln($fh, $createTrig);
+ fwrite_ln($fh, "");
+ }
+ }
+ $tRes->close();
+ }
+
+ // Postamble
+ fwrite_ln($fh, "SET FOREIGN_KEY_CHECKS = 1;");
+ fwrite_ln($fh, "SET UNIQUE_CHECKS = 1;");
+ fwrite_ln($fh, "COMMIT;");
+
+ fclose($fh);
+}
+
+/**
+ * Zip a folder to $zipFilePath, skipping symlinks and dot-entries.
+ */
+function zipFolderStrict(string $folderPath, string $zipFilePath): void {
+ $zip = new ZipArchive();
+ if ($zip->open($zipFilePath, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
+ error_log("Failed to open zip file: $zipFilePath");
+ http_response_code(500);
+ exit("Internal Server Error: Cannot open zip archive.");
+ }
+
+ $folderReal = realpath($folderPath);
+ if (!$folderReal || !is_dir($folderReal)) {
+ // Create an empty archive if uploads folder doesn't exist yet
+ $zip->close();
+ return;
+ }
+
+ $files = new RecursiveIteratorIterator(
+ new RecursiveDirectoryIterator($folderReal, FilesystemIterator::SKIP_DOTS),
+ RecursiveIteratorIterator::LEAVES_ONLY
+ );
+
+ foreach ($files as $file) {
+ /** @var SplFileInfo $file */
+ if ($file->isDir()) continue;
+ if ($file->isLink()) continue; // skip symlinks
+ $filePath = $file->getRealPath();
+ if ($filePath === false) continue;
+
+ // ensure path is inside the folder boundary
+ if (strpos($filePath, $folderReal . DIRECTORY_SEPARATOR) !== 0 && $filePath !== $folderReal) {
continue;
}
- $createRow = $createRes->fetch_assoc();
- $createSQL = array_values($createRow)[1];
-
- $sqlContent .= "\n-- ----------------------------\n";
- $sqlContent .= "-- Table structure for `$table`\n";
- $sqlContent .= "-- ----------------------------\n";
- $sqlContent .= "DROP TABLE IF EXISTS `$table`;\n";
- $sqlContent .= $createSQL . ";\n\n";
-
- $dataRes = $mysqli->query("SELECT * FROM `$table`");
- if ($dataRes && $dataRes->num_rows > 0) {
- $sqlContent .= "-- Dumping data for table `$table`\n";
- while ($row = $dataRes->fetch_assoc()) {
- $columns = array_map(fn($col) => '`' . $mysqli->real_escape_string($col) . '`', array_keys($row));
- $values = array_map(function ($val) use ($mysqli) {
- return is_null($val) ? "NULL" : "'" . $mysqli->real_escape_string($val) . "'";
- }, array_values($row));
- $sqlContent .= "INSERT INTO `$table` (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $values) . ");\n";
- }
- $sqlContent .= "\n";
- }
+ $relativePath = substr($filePath, strlen($folderReal) + 1);
+ $zip->addFile($filePath, $relativePath);
}
- $sqlContent .= "SET foreign_key_checks = 1;\n";
- file_put_contents($sqlFile, $sqlContent);
+ $zip->close();
+}
- // === 4. Zip the uploads folder
- $zipFolder("../uploads", $uploadsZip);
+if (isset($_GET['download_backup'])) {
- // === 5. Create version.txt
- $commitHash = trim(shell_exec('git log -1 --format=%H')) ?: 'N/A';
- $gitBranch = trim(shell_exec('git rev-parse --abbrev-ref HEAD')) ?: 'N/A';
+ validateCSRFToken($_GET['csrf_token']);
- $versionContent = "ITFlow Backup Metadata\n";
+ $timestamp = date('YmdHis');
+ $baseName = "itflow_{$timestamp}";
+ $downloadName = $baseName . ".zip";
+
+ // === Scoped cleanup of temp files ===
+ $cleanupFiles = [];
+ $registerTempFileForCleanup = function ($file) use (&$cleanupFiles) {
+ $cleanupFiles[] = $file;
+ };
+ register_shutdown_function(function () use (&$cleanupFiles) {
+ foreach ($cleanupFiles as $file) {
+ if (is_file($file)) { @unlink($file); }
+ }
+ });
+
+ // === Create temp files ===
+ $sqlFile = tempnam(sys_get_temp_dir(), $baseName . "_sql_");
+ $uploadsZip = tempnam(sys_get_temp_dir(), $baseName . "_uploads_");
+ $versionFile = tempnam(sys_get_temp_dir(), $baseName . "_version_");
+ $finalZip = tempnam(sys_get_temp_dir(), $baseName . "_backup_");
+
+ foreach ([$sqlFile, $uploadsZip, $versionFile, $finalZip] as $f) {
+ $registerTempFileForCleanup($f);
+ @chmod($f, 0600);
+ }
+
+ // === Generate SQL Dump (streaming) ===
+ dump_database_streaming($mysqli, $sqlFile);
+
+ // === Zip the uploads folder (strict) ===
+ zipFolderStrict("../uploads", $uploadsZip);
+
+ // === Gather metadata & checksums ===
+ $commitHash = (function_exists('shell_exec') ? trim(shell_exec('git log -1 --format=%H 2>/dev/null')) : '') ?: 'N/A';
+ $gitBranch = (function_exists('shell_exec') ? trim(shell_exec('git rev-parse --abbrev-ref HEAD 2>/dev/null')) : '') ?: 'N/A';
+
+ $dbSha = hash_file('sha256', $sqlFile) ?: 'N/A';
+ $upSha = hash_file('sha256', $uploadsZip) ?: 'N/A';
+
+ $versionContent = "ITFlow Backup Metadata\n";
$versionContent .= "-----------------------------\n";
$versionContent .= "Generated: " . date('Y-m-d H:i:s') . "\n";
- $versionContent .= "Backup File: " . basename($finalZip) . "\n";
- $versionContent .= "Generated By: $session_name\n";
+ $versionContent .= "Backup File: " . $downloadName . "\n";
+ $versionContent .= "Generated By: " . ($session_name ?? 'Unknown User') . "\n";
$versionContent .= "Host: " . gethostname() . "\n";
$versionContent .= "Git Branch: $gitBranch\n";
$versionContent .= "Git Commit: $commitHash\n";
$versionContent .= "ITFlow Version: " . (defined('APP_VERSION') ? APP_VERSION : 'Unknown') . "\n";
$versionContent .= "Database Version: " . (defined('CURRENT_DATABASE_VERSION') ? CURRENT_DATABASE_VERSION : 'Unknown') . "\n";
- $versionContent .= "Checksum (SHA256): \n";
+ $versionContent .= "Checksums (SHA256):\n";
+ $versionContent .= " db.sql: $dbSha\n";
+ $versionContent .= " uploads.zip: $upSha\n";
file_put_contents($versionFile, $versionContent);
+ @chmod($versionFile, 0600);
- // === 6. Build final ZIP
+ // === Build final ZIP ===
$final = new ZipArchive();
if ($final->open($finalZip, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
error_log("Failed to create final zip: $finalZip");
http_response_code(500);
exit("Internal Server Error: Unable to create backup archive.");
}
-
$final->addFile($sqlFile, "db.sql");
$final->addFile($uploadsZip, "uploads.zip");
$final->addFile($versionFile, "version.txt");
$final->close();
- chmod($finalZip, 0600);
+ @chmod($finalZip, 0600);
- $checksum = hash_file('sha256', $finalZip);
- file_put_contents($versionFile, $versionContent . "$checksum\n");
-
- // === 7. Serve final ZIP
+ // === Serve final ZIP with a stable filename ===
header('Content-Type: application/zip');
- header('Content-Disposition: attachment; filename="' . basename($finalZip) . '"');
+ header('X-Content-Type-Options: nosniff');
+ header('Content-Disposition: attachment; filename="' . $downloadName . '"');
header('Content-Length: ' . filesize($finalZip));
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Transfer-Encoding: binary');
+ // Push file
flush();
$fp = fopen($finalZip, 'rb');
fpassthru($fp);
fclose($fp);
- logAction("System", "Backup Download", "$session_name downloaded full backup.");
+ // Log + UX
+ logAction("System", "Backup Download", ($session_name ?? 'Unknown User') . " downloaded full backup.");
flash_alert("Full backup downloaded.");
exit;
}
-
if (isset($_POST['backup_master_key'])) {
validateCSRFToken($_POST['csrf_token']);
diff --git a/admin/post/contract_template.php b/admin/post/contract_template.php
new file mode 100644
index 00000000..585e3c9e
--- /dev/null
+++ b/admin/post/contract_template.php
@@ -0,0 +1,63 @@
+$name created");
+
+ // Redirect back
+ redirect();
+}
+
+?>
diff --git a/admin/project_template.php b/admin/project_template.php
index 700578fb..999a7075 100644
--- a/admin/project_template.php
+++ b/admin/project_template.php
@@ -22,7 +22,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
Project Templates
-
+
@@ -87,7 +87,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
-
+
-
@@ -134,12 +132,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
+
@@ -109,7 +109,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
Nothing to see here
Go Back"; + echo "Nothing to see here
Go Back
-
| - + Template | -Tasks | ++ + Tasks + + | Action | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | +
@@ -112,4 +122,3 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
- Nothing to see hereGo Back"; + require_once "../includes/footer.php"; + exit(); +} + +$row = mysqli_fetch_array($sql_ticket_template); $ticket_template_name = nullable_htmlentities($row['ticket_template_name']); $ticket_template_description = nullable_htmlentities($row['ticket_template_description']); diff --git a/admin/users.php b/admin/users.php index 08feccfa..58a69210 100644 --- a/admin/users.php +++ b/admin/users.php @@ -26,16 +26,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));Users
-
@@ -233,15 +233,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
-
-
- - Vendor Templates --
-
-
-
-
-
-
-
-
+
+
+
+ + Vendor Templates ++
+
+
+
++
+
+
+
Accounts
-
+
@@ -123,6 +123,4 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
'success']);
exit;
}
+
+if (isset($_GET['client_duplicate_check'])) {
+ enforceUserPermission('module_client', 2);
+
+ $name = sanitizeInput($_GET['name']);
+
+ $response['message'] = ""; // default
+
+ if (strlen($name) >= 5) {
+ $sql_clients = mysqli_query($mysqli, "SELECT client_name FROM clients
+ WHERE client_archived_at IS NULL
+ AND client_name LIKE '%$name%'
+ ORDER BY client_id DESC LIMIT 1"
+ );
+
+ if (mysqli_num_rows($sql_clients) > 0) {
+ while ($row = mysqli_fetch_array($sql_clients)) {
+ $response['message'] = " Potential duplicate: " . nullable_htmlentities($row['client_name']) . " already exists.";
+ }
+ }
+ }
+
+ echo json_encode($response);
+}
+
+if (isset($_GET['contact_email_check'])) {
+ enforceUserPermission('module_client', 2);
+
+ $email = sanitizeInput($_GET['email']);
+ $domain = sanitizeInput(substr($_GET['email'], strpos($_GET['email'], '@') + 1));
+
+ $response['message'] = ""; // default
+
+ if (strlen($email) >= 3) {
+
+ // 1. Duplicate check
+ $sql_contacts = mysqli_query($mysqli, "SELECT contact_email FROM contacts WHERE contact_email = '$email' LIMIT 1");
+ if (mysqli_num_rows($sql_contacts) > 0) {
+ while ($row = mysqli_fetch_array($sql_contacts)) {
+ $response['message'] = " Potential duplicate: " . nullable_htmlentities($row['contact_email']) . " already exists.";
+ }
+ }
+
+ // 2. MX record check
+ if (!checkdnsrr($domain, 'MX')) {
+ $response['message'] = " E-mail domain invalid.";
+ }
+
+ }
+
+ echo json_encode($response);
+}
+
+if (isset($_GET['ai_reword'])) {
+
+ header('Content-Type: application/json');
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM ai_models LEFT JOIN ai_providers ON ai_model_ai_provider_id = ai_provider_id WHERE ai_model_use_case = 'General' LIMIT 1");
+
+ $row = mysqli_fetch_array($sql);
+ $model_name = $row['ai_model_name'];
+ $promptText = $row['ai_model_prompt'];
+ $url = $row['ai_provider_api_url'];
+ $key = $row['ai_provider_api_key'];
+
+ // Collecting the input data from the AJAX request.
+ $inputJSON = file_get_contents('php://input');
+ $input = json_decode($inputJSON, TRUE); // Convert JSON into array.
+
+ $userText = $input['text'];
+
+ // Preparing the data for the OpenAI Chat API request.
+ $data = [
+ "model" => "$model_name", // Specify the model
+ "messages" => [
+ ["role" => "system", "content" => $promptText],
+ ["role" => "user", "content" => $userText],
+ ],
+ "temperature" => 0.5
+ ];
+
+ // Initialize cURL session to the OpenAI Chat API.
+ $ch = curl_init("$url");
+
+ // Set cURL options for the request.
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_POST, true);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
+ curl_setopt($ch, CURLOPT_HTTPHEADER, [
+ 'Content-Type: application/json',
+ 'Authorization: Bearer ' . $key,
+ ]);
+
+ // Execute the cURL session and capture the response.
+ $response = curl_exec($ch);
+ curl_close($ch);
+
+ // Decode the JSON response.
+ $responseData = json_decode($response, true);
+
+ // Check if the response contains the expected data and return it.
+ if (isset($responseData['choices'][0]['message']['content'])) {
+ // Get the response content.
+ $content = $responseData['choices'][0]['message']['content'];
+
+ // Clean any leading "html" word or other unwanted text at the beginning.
+ $content = preg_replace('/^html/i', '', $content); // Remove any occurrence of 'html' at the start
+
+ // Clean the response content to remove backticks or code block markers.
+ $cleanedContent = str_replace('```', '', $content); // Remove backticks if they exist.
+
+ // Trim any leading/trailing whitespace.
+ $cleanedContent = trim($cleanedContent);
+
+ // Return the cleaned response.
+ echo json_encode(['rewordedText' => $cleanedContent]);
+ } else {
+ // Handle errors or unexpected response structure.
+ echo json_encode(['rewordedText' => 'Failed to get a response from the AI API.']);
+ }
+
+}
+
+if (isset($_GET['ai_create_document_template'])) {
+ // get_ai_document_template.php
+
+ header('Content-Type: text/html; charset=UTF-8');
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM ai_models LEFT JOIN ai_providers ON ai_model_ai_provider_id = ai_provider_id WHERE ai_model_use_case = 'General' LIMIT 1");
+
+ $row = mysqli_fetch_array($sql);
+ $model_name = $row['ai_model_name'];
+ $url = $row['ai_provider_api_url'];
+ $key = $row['ai_provider_api_key'];
+
+ $prompt = $_POST['prompt'] ?? '';
+
+ // Basic validation
+ if(empty($prompt)){
+ echo "No prompt provided.";
+ exit;
+ }
+
+ // Prepare prompt
+ $system_message = "You are a helpful IT documentation assistant. You will create a well-structured HTML template for IT documentation based on a given prompt. Include headings, subheadings, bullet points, and possibly tables for clarity. No Lorem Ipsum, use realistic placeholders and professional language.";
+ $user_message = "Create an HTML formatted IT documentation template based on the following request:\n\n\"$prompt\"\n\nThe template should be structured, professional, and useful for IT staff. Include relevant sections, instructions, prerequisites, and best practices.";
+
+ $post_data = [
+ "model" => "$model_name",
+ "messages" => [
+ ["role" => "system", "content" => $system_message],
+ ["role" => "user", "content" => $user_message]
+ ],
+ "temperature" => 0.5
+ ];
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_POST, true);
+ curl_setopt($ch, CURLOPT_HTTPHEADER, [
+ 'Content-Type: application/json',
+ 'Authorization: Bearer ' . $key
+ ]);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($post_data));
+
+ $response = curl_exec($ch);
+ if (curl_errno($ch)) {
+ echo "Error: " . curl_error($ch);
+ exit;
+ }
+ curl_close($ch);
+
+ $response_data = json_decode($response, true);
+ $template = $response_data['choices'][0]['message']['content'] ?? "No content returned from AI. "; + + // Print the generated HTML template directly + echo $template; +} + +if (isset($_GET['ai_ticket_summary'])) { + + header('Content-Type: text/html; charset=UTF-8'); + + $sql = mysqli_query($mysqli, "SELECT * FROM ai_models LEFT JOIN ai_providers ON ai_model_ai_provider_id = ai_provider_id WHERE ai_model_use_case = 'General' LIMIT 1"); + + $row = mysqli_fetch_array($sql); + $model_name = $row['ai_model_name']; + $url = $row['ai_provider_api_url']; + $key = $row['ai_provider_api_key']; + + // Retrieve the ticket_id from POST + $ticket_id = intval($_POST['ticket_id']); + + // Query the database for ticket details + $sql = mysqli_query($mysqli, " + SELECT ticket_subject, ticket_details, ticket_source, ticket_priority, ticket_status_name, category_name + FROM tickets + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + LEFT JOIN categories ON ticket_category = category_id + WHERE ticket_id = $ticket_id + LIMIT 1 + "); + $row = mysqli_fetch_assoc($sql); + $ticket_subject = $row['ticket_subject']; + $ticket_details = strip_tags($row['ticket_details']); // strip HTML for cleaner prompt + $ticket_status = $row['ticket_status_name']; + $ticket_category = $row['category_name']; + $ticket_source = $row['ticket_source']; + $ticket_priority = $row['ticket_priority']; + + // Get ticket replies + $sql_replies = mysqli_query($mysqli, " + SELECT ticket_reply, ticket_reply_type, user_name + FROM ticket_replies + LEFT JOIN users ON ticket_reply_by = user_id + WHERE ticket_reply_ticket_id = $ticket_id + AND ticket_reply_archived_at IS NULL + ORDER BY ticket_reply_id ASC + "); + + $all_replies_text = ""; + while ($reply = mysqli_fetch_assoc($sql_replies)) { + $reply_type = $reply['ticket_reply_type']; + $reply_text = strip_tags($reply['ticket_reply']); + $reply_by = $reply['user_name']; + $all_replies_text .= "\nReply Type: $reply_type Reply By: $reply_by: Reply Text: $reply_text"; + } + + $prompt = " + Summarize the following IT support ticket and its responses in a concise, clear, and professional manner. + The summary should include: + + 1. Main Issue: What was the problem reported by the user? + 2. Actions Taken: What steps were taken to address the issue? + 3. Resolution or Next Steps: Was the issue resolved or is it ongoing? + + Please ensure: + - If there are multiple issues, summarize each separately. + - Urgency: If the ticket or replies express urgency or escalation, highlight it. + - Attachments: If mentioned in the ticket, note any relevant attachments or files. + - Avoid extra explanations or unnecessary information. + + Ticket Data: + - Ticket Source: $ticket_source + - Current Ticket Status: $ticket_status + - Ticket Priority: $ticket_priority + - Ticket Category: $ticket_category + - Ticket Subject: $ticket_subject + - Ticket Details: $ticket_details + - Replies: + $all_replies_text + + Formatting instructions: + - Use valid HTML tags only. + - Use for section headers (Main Issue, Actions Taken, Resolution).
+ - Use , htmlspecialchars to prevent XSS +} + +// Stops people trying to use sub-domains in the domains tracker +if (isset($_GET['apex_domain_check'])) { + enforceUserPermission('module_support', 2); + + $domain = sanitizeInput($_GET['domain']); + + $response['message'] = ""; // default + + if (strlen($domain) >= 4) { + + // SOA record check + // This isn't 100%, as sub-domains can have their own SOA but will capture 99% + if (!checkdnsrr($domain, 'SOA')) { + $response['message'] = " Domain name is invalid."; + } + + } + + echo json_encode($response); +} diff --git a/agent/asset_details.php b/agent/asset_details.php index ac4ec904..8a5848ca 100644 --- a/agent/asset_details.php +++ b/agent/asset_details.php @@ -4,7 +4,7 @@ if (isset($_GET['client_id'])) { require_once "includes/inc_all_client.php"; $client_query = "AND asset_client_id = $client_id"; - $client_url = "AND client_id=$client_id&"; + $client_url = "client_id=$client_id&"; } else { require_once "includes/inc_client_overview_all.php"; $client_query = ''; @@ -21,525 +21,649 @@ if (isset($_GET['asset_id'])) { LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE asset_id = $asset_id $client_query + LIMIT 1 "); - $row = mysqli_fetch_array($sql); - $client_id = intval($row['client_id']); - $client_name = nullable_htmlentities($row['client_name']); - $asset_id = intval($row['asset_id']); - $asset_type = nullable_htmlentities($row['asset_type']); - $asset_name = nullable_htmlentities($row['asset_name']); - $asset_description = nullable_htmlentities($row['asset_description']); - $asset_make = nullable_htmlentities($row['asset_make']); - $asset_model = nullable_htmlentities($row['asset_model']); - $asset_serial = nullable_htmlentities($row['asset_serial']); - $asset_os = nullable_htmlentities($row['asset_os']); - $asset_uri = sanitize_url($row['asset_uri']); - $asset_uri_2 = sanitize_url($row['asset_uri_2']); - $asset_uri_client = sanitize_url($row['asset_uri_client']); - $asset_status = nullable_htmlentities($row['asset_status']); - $asset_purchase_reference = nullable_htmlentities($row['asset_purchase_reference']); - $asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']); - $asset_warranty_expire = nullable_htmlentities($row['asset_warranty_expire']); - $asset_install_date = nullable_htmlentities($row['asset_install_date']); - $asset_photo = nullable_htmlentities($row['asset_photo']); - $asset_physical_location = nullable_htmlentities($row['asset_physical_location']); - $asset_notes = nullable_htmlentities($row['asset_notes']); - $asset_created_at = nullable_htmlentities($row['asset_created_at']); - $asset_vendor_id = intval($row['asset_vendor_id']); - $asset_location_id = intval($row['asset_location_id']); - $asset_contact_id = intval($row['asset_contact_id']); + if (mysqli_num_rows($sql) == 0) { + echo " Nothing to see hereGo Back
+
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
- - -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Additional Notes-
-
-
-
-
-
-
-
-
- New Ticket
-
-
-
- New Recurring Ticket
-
-
-
- New Credential
-
-
-
- New Document
-
-
-
- Upload file(s)
-
+
+
-
+
+
+ + +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
- Interfaces-
-
-
-
-
+
-
- |