diff --git a/SECURITY.md b/SECURITY.md
index bd36785f..a5e58297 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -20,7 +20,7 @@ ITFlow is in Beta.
**Please do not report security vulnerabilities through public GitHub issues.**
-If you have discovered a security issue, please report it to us in as much detail as possible so we can fix it.
+If you have discovered a security issue, please report it to us in as much detail as possible, so we can fix it.
You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail.
Security contact:
diff --git a/check_login.php b/check_login.php
index bdac3101..5ebf73c2 100644
--- a/check_login.php
+++ b/check_login.php
@@ -71,7 +71,7 @@ $session_company_currency = $row['company_currency'];
include("get_settings.php");
-//Detects if using an apple device and uses apple maps instead of google
+//Detects if using an Apple device and uses Apple Maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
@@ -89,4 +89,4 @@ $num_notifications = $row['num'];
//Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
-?>
\ No newline at end of file
+?>
diff --git a/client_delete_modal.php b/client_delete_modal.php
index 12ed3740..41d05cf6 100644
--- a/client_delete_modal.php
+++ b/client_delete_modal.php
@@ -16,7 +16,7 @@
Are you sure?
-
Do you really want to delete and all associated data including financial data, logs, shared links etc? This process cannot be undone.
+
Do you really want to delete and all associated data including financial data, logs, shared links etc.? This process cannot be undone.
diff --git a/cron.php b/cron.php
index 465649a4..7145977b 100644
--- a/cron.php
+++ b/cron.php
@@ -254,7 +254,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
}
- //Send Recurring Invoices that match todays date and are active
+ //Send Recurring Invoices that match today's date and are active
//Loop through all recurring that match today's date and is active
$sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id");
@@ -296,8 +296,8 @@ while ($row = mysqli_fetch_array($sql_companies)) {
while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_id = $row['item_id'];
- $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape incase of ,
- $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape incase of ,
+ $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape in case of ,
+ $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape in case of ,
$item_quantity = $row['item_quantity'];
$item_price = $row['item_price'];
$item_subtotal = $row['item_subtotal'];
@@ -368,4 +368,4 @@ while ($row = mysqli_fetch_array($sql_companies)) {
} //End Company Loop through
-?>
\ No newline at end of file
+?>
diff --git a/dashboard_financial.php b/dashboard_financial.php
index 041449ff..258b655b 100644
--- a/dashboard_financial.php
+++ b/dashboard_financial.php
@@ -39,7 +39,7 @@ $largest_income_month = 0;
$sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_payments_to_invoices);
$total_payments_to_invoices = $row['total_payments_to_invoices'];
-//Do not grab transfer payment as these have an category_id of 0
+//Do not grab transfer payment as these have a category_id of 0
$sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_revenues);
$total_revenues = $row['total_revenues'];
@@ -65,7 +65,7 @@ $sql_invoice_totals_all_years = mysqli_query($mysqli,"SELECT SUM(invoice_amount)
$row = mysqli_fetch_array($sql_invoice_totals_all_years);
$invoice_totals_all_years = $row['invoice_totals_all_years'];
-$receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years;
+$receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years;
$profit = $total_income - $total_expenses;
@@ -112,8 +112,8 @@ $vendors_added = $row['vendors_added'];
+
@@ -338,19 +338,19 @@ $vendors_added = $row['vendors_added'];
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments'];
-
+
$sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id");
$row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues'];
-
+
$sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id");
$row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses'];
-
+
$balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
if ($balance == '') {
- $balance = '0.00';
+ $balance = '0.00';
}
?>
@@ -504,17 +504,17 @@ var myLineChart = new Chart(ctx, {
$revenues_for_month = $row['revenue_amount_for_month'];
$income_for_month = $payments_for_month + $revenues_for_month;
-
+
if ($income_for_month > 0 && $income_for_month > $largest_income_month) {
$largest_income_month = $income_for_month;
}
-
+
?>
-
+
@@ -543,17 +543,17 @@ var myLineChart = new Chart(ctx, {
$revenues_for_month = $row['revenue_amount_for_month'];
$income_for_month = $payments_for_month + $revenues_for_month;
-
+
if ($income_for_month > 0 && $income_for_month > $largest_income_month) {
$largest_income_month = $income_for_month;
}
-
+
?>
-
+
@@ -583,18 +583,18 @@ var myLineChart = new Chart(ctx, {
if ($invoice_for_month > 0 && $invoice_for_month > $largest_invoice_month) {
$largest_invoice_month = $invoice_for_month;
}
-
+
?>
-
+
],
- },
+ },
{
label: "Expense",
lineTension: 0.3,
@@ -608,24 +608,24 @@ var myLineChart = new Chart(ctx, {
pointBorderWidth: 2,
data: [
0 AND expenses.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = $row['expense_amount_for_month'];
-
+
if ($expenses_for_month > 0 && $expenses_for_month > $largest_expense_month) {
$largest_expense_month = $expenses_for_month;
}
-
+
?>
-
+
@@ -692,17 +692,17 @@ var myLineChart = new Chart(ctx, {
$row = mysqli_fetch_array($sql_trips);
$trip_miles_for_month = $row['trip_miles_for_month'];
$largest_trip_miles_month = 0;
-
+
if ($trip_miles_for_month > 0 && $trip_miles_for_month > $largest_trip_miles_month) {
$largest_trip_miles_month = $trip_miles_for_month;
}
-
+
?>
-
+
@@ -756,7 +756,7 @@ var myPieChart = new Chart(ctx, {
$category_name = json_encode($row['category_name']);
echo "$category_name,";
}
-
+
?>
],
@@ -772,7 +772,7 @@ var myPieChart = new Chart(ctx, {
$income_amount_for_year = $row['income_amount_for_year'];
echo "$income_amount_for_year,";
}
-
+
?>
],
@@ -783,7 +783,7 @@ var myPieChart = new Chart(ctx, {
$category_color = json_encode($row['category_color']);
echo "$category_color,";
}
-
+
?>
],
@@ -813,7 +813,7 @@ var myPieChart = new Chart(ctx, {
$category_name = json_encode($row['category_name']);
echo "$category_name,";
}
-
+
?>
],
@@ -829,7 +829,7 @@ var myPieChart = new Chart(ctx, {
$expense_amount_for_year = $row['expense_amount_for_year'];
echo "$expense_amount_for_year,";
}
-
+
?>
],
@@ -840,7 +840,7 @@ var myPieChart = new Chart(ctx, {
$category_color = json_encode($row['category_color']);
echo "$category_color,";
}
-
+
?>
],
@@ -866,7 +866,7 @@ var myPieChart = new Chart(ctx, {
$vendor_name = json_encode($row['vendor_name']);
echo "$vendor_name,";
}
-
+
?>
],
@@ -882,7 +882,7 @@ var myPieChart = new Chart(ctx, {
$expense_amount_for_year = $row['expense_amount_for_year'];
echo "$expense_amount_for_year,";
}
-
+
?>
],
@@ -893,7 +893,7 @@ var myPieChart = new Chart(ctx, {
$category_color = json_encode($row['category_color']);
echo "$category_color,";
}
-
+
?>
],
diff --git a/database_updates.php b/database_updates.php
index 8786be28..2b596dce 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -243,7 +243,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
if (CURRENT_DATABASE_VERSION == '0.1.1') {
// Insert queries here required to update to DB version 0.1.2
- // Create Many to Many Relationship tables for Assets, Contacts, Software and Vendors
+ // Create Many-to-Many Relationship tables for Assets, Contacts, Software and Vendors
mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))");
mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))");
@@ -393,7 +393,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
}
if (CURRENT_DATABASE_VERSION == '0.2.3') {
-
+
//Create New interfaces Table
mysqli_query($mysqli, "CREATE TABLE `interfaces` (`interface_id` int(11) AUTO_INCREMENT PRIMARY KEY,
`interface_number` int(11) NULL DEFAULT NULL,
@@ -410,7 +410,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
)");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.4'");
-
+
}
if (CURRENT_DATABASE_VERSION == '0.2.4') {
@@ -427,7 +427,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
if (CURRENT_DATABASE_VERSION == '0.2.6') {
// Insert queries here required to update to DB version 0.2.7
mysqli_query($mysqli, "ALTER TABLE `contacts` ADD `contact_token_expire` DATETIME NULL DEFAULT NULL AFTER `contact_password_reset_token`");
-
+
// Update config.php var with new version var for use with docker
file_put_contents("config.php", "\$repo_branch = 'master';" . PHP_EOL, FILE_APPEND);
@@ -437,19 +437,19 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
}
if (CURRENT_DATABASE_VERSION == '0.2.7') {
-
+
mysqli_query($mysqli, "ALTER TABLE `vendors` ADD `vendor_template` TINYINT(1) DEFAULT 0 AFTER `vendor_notes`");
mysqli_query($mysqli, "ALTER TABLE `software` ADD `software_template` TINYINT(1) DEFAULT 0 AFTER `software_notes`");
mysqli_query($mysqli, "ALTER TABLE `vendors` DROP `vendor_template_id`");
mysqli_query($mysqli, "DROP TABLE vendor_templates");
-
+
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.8'");
}
if (CURRENT_DATABASE_VERSION == '0.2.8') {
-
+
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_theme` VARCHAR(200) DEFAULT 'blue' AFTER `config_module_enable_ticketing`");
-
+
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.9'");
}
@@ -463,4 +463,4 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
}else{
// Up-to-date
-}
\ No newline at end of file
+}
diff --git a/functions.php b/functions.php
index dd37a0f2..048f75ca 100644
--- a/functions.php
+++ b/functions.php
@@ -68,14 +68,14 @@ function get_user_agent() {
}
function get_ip() {
-
+
if (defined("CONST_GET_IP_METHOD")) {
if (CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") {
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
-
+
else{
-
+
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
}
}
@@ -160,7 +160,7 @@ function get_device() {
}
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
$mobile_browser++;
- //Check for tablets on opera mini alternative headers
+ //Check for tablets on Opera Mini alternative headers
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
$tablet_browser++;
@@ -290,7 +290,7 @@ function decryptUserSpecificKey($user_encryption_ciphertext, $user_password) {
/*
Generates what is probably best described as a session key (ephemeral-ish)
- Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential
-- Ciphertext/IV is stored on the server in the users session, encryption key is controlled/provided by the user as a cookie
+- Ciphertext/IV is stored on the server in the users' session, encryption key is controlled/provided by the user as a cookie
- Only the user can decrypt their session ciphertext to get the master key
- Encryption key never hits the disk in cleartext
*/
@@ -446,7 +446,7 @@ function getSSL($name) {
function strto_AZaz09($string) {
$string = ucwords(strtolower($string));
-
+
// Replace spaces with _
//$string = str_replace(' ', '_', $string);
@@ -541,7 +541,7 @@ function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_
}
catch(Exception $e) {
- // If we couldn't send the message return the error so we can log it
+ // If we couldn't send the message return the error, so we can log it
return "Message not sent. Mailer Error: {$mail->ErrorInfo}";
}
}
diff --git a/login.php b/login.php
index c11f63a0..f772f7bc 100644
--- a/login.php
+++ b/login.php
@@ -78,7 +78,7 @@ if (isset($_POST['login'])) {
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
- // Set PHP session in DB so we can access the session encryption data (above)
+ // Set PHP session in DB, so we can access the session encryption data (above)
$user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
}
@@ -229,4 +229,4 @@ if (isset($_POST['login'])) {