Merge pull request #1240 from itflow-org/develop

Develop to Master for 25.10 release

.gitignore

@@ -25,6 +25,14 @@ plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/*
 xcustom/*
 !xcustom/readme.php
 post/xcustom
-custom/*
 !post/xcustom/readme.php
+admin/custom/*
+!admin/custom/readme.php
+agent/custom/*
+!agent/custom/readme.php
+client/custom/*
+!client/custom/readme.php
+guest/custom/*
+!guest/custom/readme.php
 .zed
+

CHANGELOG.md

@@ -2,6 +2,44 @@
 
 This file documents all notable changes made to ITFlow.
 
+## [25.10]
+
+### Breaking Changes
+- Renamed `/user/` directory to `/agent/`.
+- Deprecation Notice: `/scripts/cron_mail_queue.php` and `/scripts/cron_ticket_email_parser.php` are being phased out. Please transition to `/cron/mail_queue.php` and `/cron/ticket_email_parser.php`. These older scripts will be removed in the November release—update accordingly. New Installs via the script will have this already configured.
+- Custom is working now. Custom code should be placed in /admin/custom/ , /agent/custom/ , /client/custom/ /guest/custom/
+We will provide example code with directory structure for each custom directory a week after this release.
+
+### Fixes
+- Resolved issue with "Restore from Setup" not functioning correctly.
+- Corrected asset name display in logs and flash messages when editing an asset in a ticket.
+- Fixed Payment Provider Threshold not being applied.
+- Fixed issue where Threshold setting was not saving properly.
+- Various minor fixes for Payment Provider issues.
+- Removed leads from the client selection list in the "New Ticket" modal.
+- Fixed issues with the MFA modal.
+- Resolved MFA enforcement bugs.
+- Fixed KeepAlive functionality to maintain user sessions longer.
+- Fixed multiple broken links caused by the `/user/` to `/agent/` path migration.
+- Fixed Custom code directories.
+
+### Added / Changed
+- Removed "ACH" as a payment method; added "Bank Transfer" instead.
+- Replaced relative paths with absolute paths for web assets.
+- Tickets can now be resolved via the API.
+- Added a filter for Archived Users and an option to restore them.
+- Introduced a modal when archiving users, allowing reassignment of open and recurring tickets to another agent.
+- Improved logic for determining the index/root page.
+- Added "Assigned Agent" column for recurring tickets.
+- Introduced "Additional Assets" option when editing assets in tickets; modal now uses the updated AJAX method.
+- Added Gibraltar to the list of supported countries.
+- Added Custom Link Option for the Admin Nav.
+- Added Custom Link Option for the Reports Nav.
+
+### Other notes
+- Major releases will happen on the first week of every Month.
+
+
 ## [25.09.2]
 
 ### Fixes

admin/audit_log.php

@@ -266,7 +266,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         if (empty($client_name)) {
                             $client_name_display = "-";
                         } else {
-                            $client_name_display = "<a href='../user/client_overview.php?client_id=$client_id'>$client_name</a>";
+                            $client_name_display = "<a href='../agent/client_overview.php?client_id=$client_id'>$client_name</a>";
                         }
                         $log_entity_id = intval($row['log_entity_id']);
 

admin/custom/readme.php

@@ -0,0 +1,8 @@
+<?php
+
+/*
+
+- Custom Pages -
+     If you wish to add custom pages to ITFlow, add them to this directory"
+     Link to Documentation for File Directory Structure and examples
+*/

admin/custom_link.php

@@ -96,6 +96,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                             $custom_link_location_display = "Top Nav";
                         } elseif ($custom_link_location == 3) {
                             $custom_link_location_display = "Client Portal Nav";
+                        } elseif ($custom_link_location == 4) {
+                            $custom_link_location_display = "Admin Nav";
+                        } elseif ($custom_link_location == 5) {
+                            $custom_link_location_display = "Reports Nav";
                         }
 
                         ?>

admin/database_updates.php

@@ -3992,6 +3992,40 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
 
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.4'");
     }
+
+    if (CURRENT_DATABASE_VERSION == '2.3.4') {
+
+        // Add Software Keys
+        mysqli_query($mysqli, "CREATE TABLE `software_keys` (
+            `software_key_id` INT(11) NOT NULL AUTO_INCREMENT,
+            `software_key` VARCHAR(400) NOT NULL,
+            `software_key_software_id` INT(11) NOT NULL,
+            PRIMARY KEY (`software_key_id`),
+            FOREIGN KEY (`software_key_software_id`) REFERENCES `software`(`software_id`) ON DELETE CASCADE
+        )");
+
+        // Software Key Assignments to Contacts
+        mysqli_query($mysqli, "CREATE TABLE `software_key_contact_assignments` (
+            `software_key_id` INT(11) NOT NULL,
+            `contact_id` INT(11) NOT NULL,
+            `software_key_assigned_at` DATETIME DEFAULT CURRENT_TIMESTAMP,
+            PRIMARY KEY (`software_key_id`, `contact_id`),
+            FOREIGN KEY (`software_key_id`) REFERENCES `software_keys`(`software_key_id`) ON DELETE CASCADE,
+            FOREIGN KEY (`contact_id`) REFERENCES `contacts`(`contact_id`) ON DELETE CASCADE
+        )");
+
+        // Software Key Assignments to Assets
+        mysqli_query($mysqli, "CREATE TABLE `software_key_asset_assignments` (
+            `software_key_id` INT(11) NOT NULL,
+            `asset_id` INT(11) NOT NULL,
+            `software_key_assigned_at` DATETIME DEFAULT CURRENT_TIMESTAMP,
+            PRIMARY KEY (`software_key_id`, `asset_id`),
+            FOREIGN KEY (`software_key_id`) REFERENCES `software_keys`(`software_key_id`) ON DELETE CASCADE,
+            FOREIGN KEY (`asset_id`) REFERENCES `assets`(`asset_id`) ON DELETE CASCADE
+        )");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.5'");
+    }
     
     // if (CURRENT_DATABASE_VERSION == '2.3.4') {
     //     // Insert queries here required to update to DB version 2.3.4

admin/includes/inc_all_admin.php

@@ -2,7 +2,6 @@
 
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 require_once "../includes/page_title.php";
 if (!isset($session_is_admin) || !$session_is_admin) {

admin/includes/side_nav.php

@@ -1,6 +1,6 @@
 <!-- Main Sidebar Container -->
 <aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
-    <a class="brand-link pb-1 mt-1" href="../user/<?php echo $config_start_page ?>">
+    <a class="brand-link pb-1 mt-1" href="../agent/<?php echo $config_start_page ?>">
         <p class="h6">
             <i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
             <span class="brand-text">
@@ -277,6 +277,36 @@
                         </li>
                     </ul>
                 </li>
+
+                <?php
+                $sql_custom_links = mysqli_query($mysqli, "SELECT * FROM custom_links 
+                    WHERE custom_link_location = 4 AND custom_link_archived_at IS NULL
+                    ORDER BY custom_link_order ASC, custom_link_name ASC"
+                );
+
+                while ($row = mysqli_fetch_array($sql_custom_links)) {
+                    $custom_link_name = nullable_htmlentities($row['custom_link_name']);
+                    $custom_link_uri = sanitize_url($row['custom_link_uri']);
+                    $custom_link_icon = nullable_htmlentities($row['custom_link_icon']);
+                    $custom_link_new_tab = intval($row['custom_link_new_tab']);
+                    if ($custom_link_new_tab == 1) {
+                        $target = "target='_blank' rel='noopener noreferrer'";
+                    } else {
+                        $target = "";
+                    }
+
+                    ?>
+
+                <li class="nav-item">
+                    <a href="<?php echo $custom_link_uri; ?>" <?php echo $target; ?> class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == basename($custom_link_uri)) { echo "active"; } ?>">
+                        <i class="fas fa-<?php echo $custom_link_icon; ?> nav-icon"></i>
+                        <p><?php echo $custom_link_name; ?></p>
+                        <i class="fas fa-angle-right nav-icon float-right"></i>
+                    </a>
+                </li>
+
+                <?php } ?>
+
             </ul>
         </nav>
         <!-- /.sidebar-menu -->

admin/modals/custom_link/custom_link_add.php

@@ -66,6 +66,8 @@
                                 <option value="1">Main Side Nav</option>
                                 <option value="2">Top Nav (Icon Required)</option>
                                 <option value="3">Client Portal Nav</option>
+                                <option value="4">Admin Nav</option>
+                                <option value="5">Reports Nav</option>
                             </select>
                         </div>
                     </div>

admin/modals/custom_link/custom_link_edit.php

@@ -81,9 +81,11 @@ ob_start();
                     <span class="input-group-text"><i class="fa fa-fw fa-home"></i></span>
                 </div>
                 <select class="form-control select2" name="location" required>
-                    <option value="1" <?php if ($custom_link_location == 1) { echo "selected"; } ?> >Main Side Nav</option>
-                    <option value="2" <?php if ($custom_link_location == 2) { echo "selected"; } ?> >Top Nav (Icon Required)</option>
-                    <option value="3" <?php if ($custom_link_location == 3) { echo "selected"; } ?> >Client Portal Nav</option>
+                    <option value="1" <?php if ($custom_link_location === 1) { echo "selected"; } ?> >Main Side Nav</option>
+                    <option value="2" <?php if ($custom_link_location === 2) { echo "selected"; } ?> >Top Nav (Icon Required)</option>
+                    <option value="3" <?php if ($custom_link_location === 3) { echo "selected"; } ?> >Client Portal Nav</option>
+                    <option value="4" <?php if ($custom_link_location === 4) { echo "selected"; } ?> >Admin Nav</option>
+                    <option value="5" <?php if ($custom_link_location === 5) { echo "selected"; } ?> >Reports Nav</option>
                 </select>
             </div>
         </div>

admin/modals/payment_provider/payment_provider_add.php

@@ -58,7 +58,7 @@
                             </div>
                             <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="threshold" placeholder="1000.00">
                         </div>
-                        <small class="form-text text-muted">Will not show as an option at Checkout if above this number</small>
+                        <small class="form-text text-muted">Will not show as an option at Checkout if invoice amount is above this number, 0 disables the threshold check.</small>
                     </div>
 
                     <hr>

admin/modals/payment_provider/payment_provider_edit.php

@@ -58,7 +58,7 @@ ob_start();
                 <div class="input-group-prepend">
                     <span class="input-group-text"><i class="fa fa-fw fa-shopping-cart"></i></span>
                 </div>
-                <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="Threshold" placeholder="1000.00" value="<?php echo $threshold; ?>">
+                <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="threshold" placeholder="1000.00" value="<?php echo $threshold; ?>">
             </div>
             <small class="form-text text-muted">Will not show as an option at Checkout if above this number</small>
         </div>

admin/modals/user/user_archive.php

@@ -1,16 +1,83 @@
-<div class="modal" id="archiveUserModal<?php echo $user_id; ?>" tabindex="-1">
-  <div class="modal-dialog">
-    <div class="modal-content">
-      <div class="modal-body">
-        <div class="mb-4" style="text-align: center;">
-          <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
-          <h2>Are you sure?</h2>
-          <h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6>
-          <h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to log in or use ITFlow, but all associated content will remain accessible.</h6>
-          <button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
-          <a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Yes, archive!</a>
-        </div>
-      </div>
-    </div>
-  </div>
+<?php
+
+require_once '../../../includes/modal_header.php';
+
+$user_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE users.user_id = $user_id LIMIT 1");
+
+$row = mysqli_fetch_array($sql);
+$user_name = nullable_htmlentities($row['user_name']);
+$user_email = nullable_htmlentities($row['user_email']);
+$user_avatar = nullable_htmlentities($row['user_avatar']);
+$user_initials = nullable_htmlentities(initials($user_name));
+
+$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets
+    WHERE ticket_assigned_to = $user_id AND ticket_resolved_at IS NULL AND ticket_closed_at IS NULL");
+
+$ticket_count = mysqli_num_rows($sql_related_tickets);
+
+// Related Recurring Tickets Query
+$sql_related_recurring_tickets = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_assigned_to = $user_id");
+
+$recurring_ticket_count = mysqli_num_rows($sql_related_recurring_tickets);
+
+// Generate the HTML form content using output buffering.
+ob_start();
+?>
+<div class="modal-header bg-dark">
+    <h5 class="modal-title"><i class="fas fa-fw fa-user-slash mr-2"></i>Archiving user:
+        <strong><?php echo $user_name; ?></strong></h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
 </div>
+<form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+    <input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
+    <div class="modal-body">
+
+
+        <center class="mb-3">
+            <?php if (!empty($user_avatar)) { ?>
+                <img class="img-fluid" src="<?php echo "../uploads/users/$user_id/$user_avatar"; ?>">
+            <?php } else { ?>
+                <span class="fa-stack fa-4x">
+                    <i class="fa fa-circle fa-stack-2x text-secondary"></i>
+                    <span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
+                </span>
+            <?php } ?>
+        </center>
+
+
+        <div class="form-group">
+            <label>Reassign <?= $ticket_count ?> Open Tickets and <?= $recurring_ticket_count ?> Recurring Tickets To:</label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
+                </div>
+                <select class="form-control select2" name="ticket_assign" required>
+                    <option value="0">No one</option>
+                    <?php
+                    $sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_type = 1 AND user_archived_at IS NULL");
+                    while ($row = mysqli_fetch_array($sql_users)) {
+                        $user_id_select = intval($row['user_id']);
+                        $user_name_select = nullable_htmlentities($row['user_name']);
+
+                        ?>
+                        <option value="<?= $user_id_select ?>"><?= $user_name_select ?></option>
+                    <?php } ?>
+
+                </select>
+            </div>
+        </div>
+
+    </div>
+    <div class="modal-footer">
+        <button type="submit" name="archive_user" class="btn btn-danger text-bold"><i class="fas fa-archive mr-2"></i>Archive</button>
+        <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
+    </div>
+</form>
+
+<?php
+require_once "../../../includes/modal_footer.php";

admin/modals/user/user_edit.php

@@ -57,7 +57,7 @@ ob_start();
 
                 <center class="mb-3">
                     <?php if (!empty($user_avatar)) { ?>
-                        <img class="img-fluid" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
+                        <img class="img-fluid" src="<?php echo "../uploads/users/$user_id/$user_avatar"; ?>">
                     <?php } else { ?>
                         <span class="fa-stack fa-4x">
                             <i class="fa fa-circle fa-stack-2x text-secondary"></i>

admin/modals/user/user_restore.php

@@ -0,0 +1,87 @@
+<?php
+
+require_once '../../../includes/modal_header.php';
+
+$user_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id AND user_archived_at IS NOT NULL LIMIT 1");
+
+$row = mysqli_fetch_array($sql);
+$user_name = str_replace(" (archived)", "", $row['user_name']); //Removed (archived) from user_name
+$user_name = nullable_htmlentities($user_name);
+$user_email = nullable_htmlentities($row['user_email']);
+$user_avatar = nullable_htmlentities($row['user_avatar']);
+$user_initials = initials($user_name);
+$user_role_id = intval($row['user_role_id']);
+
+// Generate the HTML form content using output buffering.
+ob_start();
+?>
+<div class="modal-header bg-dark">
+    <h5 class="modal-title"><i class="fas fa-fw fa-redo-alt mr-2"></i>Restoring user:
+        <strong><?php echo $user_name; ?></strong></h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
+</div>
+<form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+    <input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
+    <div class="modal-body">
+
+
+        <center class="mb-3">
+            <?php if (!empty($user_avatar)) { ?>
+                <img class="img-fluid" src="<?php echo "../uploads/users/$user_id/$user_avatar"; ?>">
+            <?php } else { ?>
+                <span class="fa-stack fa-4x">
+                    <i class="fa fa-circle fa-stack-2x text-secondary"></i>
+                    <span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
+                </span>
+            <?php } ?>
+        </center>
+
+        <div class="form-group">
+            <label>Set a New Password</label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+                </div>
+                <input type="password" class="form-control" data-toggle="password" name="new_password"
+                       placeholder="Enter a new password" autocomplete="new-password" required>
+                <div class="input-group-append">
+                    <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+                </div>
+            </div>
+        </div>
+
+        <div class="form-group">
+            <label>Role <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
+                </div>
+                <select class="form-control select2" name="role" required>
+                    <?php
+                    $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE role_archived_at IS NULL");
+                    while ($row = mysqli_fetch_array($sql_user_roles)) {
+                        $role_id = intval($row['role_id']);
+                        $role_name = nullable_htmlentities($row['role_name']);
+
+                        ?>
+                        <option <?php if ($role_id == $user_role_id) {echo "selected";} ?> value="<?php echo $role_id; ?>"><?php echo $role_name; ?></option>
+                    <?php } ?>
+
+                </select>
+            </div>
+        </div>
+
+    </div>
+    <div class="modal-footer">
+        <button type="submit" name="restore_user" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Restore</button>
+        <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
+    </div>
+</form>
+
+<?php
+require_once "../../../includes/modal_footer.php";

admin/payment_provider.php

@@ -55,7 +55,7 @@ $num_rows = mysqli_num_rows($sql);
                         </a>
                     </th>
                     <th>
-                        <a class="text-dark">Fee</a>
+                        <a class="text-dark">Expensed Fee</a>
                     </th>
                     <th>
                         <a class="text-dark">Saved Payment Methods</a>
@@ -93,7 +93,7 @@ $num_rows = mysqli_num_rows($sql);
                         <td><?php echo numfmt_format_currency($currency_format, $threshold, $session_company_currency); ?></td>
                         <td><?php echo $vendor_name; ?></td>
                         <td><?php echo $category; ?></td>
-                        <td><?php echo $percent_fee; ?> + <?php echo numfmt_format_currency($currency_format, $flat_fee, $session_company_currency); ?></td>
+                        <td><?php echo $percent_fee; ?>% + <?php echo numfmt_format_currency($currency_format, $flat_fee, $session_company_currency); ?></td>
                         <td><?php echo $saved_payment_count; ?></td>
                         <td>
                             <div class="dropdown dropleft text-center">
@@ -106,9 +106,12 @@ $num_rows = mysqli_num_rows($sql);
                                         <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                     </a>
                                     <div class="dropdown-divider"></div>
-                                    <a class="dropdown-item text-danger confirm-link" href="post.php?disable_payment_provicer=<?php echo $provider_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
-                                        <i class="fas fa-fw fa-thumbs-down mr-2"></i>Disable
-                                    </a>
+<!--                                    <a class="dropdown-item text-danger confirm-link" href="post.php?disable_payment_provider=--><?php //echo $provider_id; ?><!--&csrf_token=--><?php //echo $_SESSION['csrf_token'] ?><!--">-->
+<!--                                        <i class="fas fa-fw fa-thumbs-down mr-2"></i>Disable-->
+<!--                                    </a>-->
+<!--                                    <a class="dropdown-item text-danger confirm-link" href="post.php?delete_payment_provider=--><?php //echo $provider_id; ?><!--&csrf_token=--><?php //echo $_SESSION['csrf_token'] ?><!--">-->
+<!--                                        <i class="fas fa-fw fa-trash mr-2"></i>Delete-->
+<!--                                    </a>-->
                                 </div>
                             </div>
                         </td>

admin/post/payment_provider.php

@@ -15,10 +15,10 @@ if (isset($_POST['add_payment_provider'])) {
     $private_key = sanitizeInput($_POST['private_key']);
     $threshold = floatval($_POST['threshold']);
     $enable_expense = intval($_POST['enable_expense'] ?? 0);
-    $percentage_fee = floatval($_POST['percentage_fee']) / 100;
-    $flat_fee = floatval($_POST['flat_fee']);
+    $percentage_fee = floatval($_POST['percentage_fee']) / 100 ?? 0;
+    $flat_fee = floatval($_POST['flat_fee']) ?? 0;
 
-    // Check to make sure Provider isnt added Twice
+    // Check to ensure provider isn't added twice
     $sql = "SELECT 1 FROM payment_providers WHERE payment_provider_name = '$provider' LIMIT 1";
     $result = mysqli_query($mysqli, $sql);
     if (mysqli_num_rows($result) > 0) {
@@ -26,7 +26,7 @@ if (isset($_POST['add_payment_provider'])) {
         redirect();
     }
 
-    // Check for Stripe Account if not create it
+    // Check for Stripe Account, if not create it
     $sql_account = mysqli_query($mysqli,"SELECT account_id FROM accounts WHERE account_name = '$provider' AND account_archived_at IS NULL LIMIT 1");
     if (mysqli_num_rows($sql_account) == 0) {
         $account_id = mysqli_insert_id($mysqli);
@@ -35,6 +35,10 @@ if (isset($_POST['add_payment_provider'])) {
         $account_id = intval($row['account_id']);
     }
 
+    // Expense defaults
+    $category_id = 0;
+    $vendor_id = 0;
+
     if ($enable_expense) {
         // Category
         $sql_category = mysqli_query($mysqli,"SELECT category_id FROM categories WHERE category_name = 'Payment Processing' AND category_type = 'Expense' AND category_archived_at IS NULL LIMIT 1");
@@ -45,7 +49,7 @@ if (isset($_POST['add_payment_provider'])) {
             $row = mysqli_fetch_array($sql_category);
             $category_id = intval($row['category_id']);
         }
-        //Vendor
+        // Vendor
         $sql_vendor = mysqli_query($mysqli,"SELECT vendor_id FROM vendors WHERE vendor_name = '$provider' AND vendor_client_id = 0 AND vendor_archived_at IS NULL LIMIT 1");
         if (mysqli_num_rows($sql_vendor) == 0) {
             mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$provider', vendor_description = 'Payment Processor Provider', vendor_client_id = 0");
@@ -56,7 +60,7 @@ if (isset($_POST['add_payment_provider'])) {
         }
     }
 
-    mysqli_query($mysqli,"INSERT INTO payment_providers SET payment_provider_name = '$provider', payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_account = $account_id, payment_provider_expense_vendor = $vendor_id, payment_provider_expense_category = $category_id, payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee");
+    mysqli_query($mysqli,"INSERT INTO payment_providers SET payment_provider_name = '$provider', payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_threshold = $threshold, payment_provider_account = $account_id, payment_provider_expense_vendor = $vendor_id, payment_provider_expense_category = $category_id, payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee");
 
     $provider_id = mysqli_insert_id($mysqli);
 
@@ -81,7 +85,7 @@ if (isset($_POST['edit_payment_provider'])) {
     $percentage_fee = floatval($_POST['percentage_fee']) / 100;
     $flat_fee = floatval($_POST['flat_fee']);
 
-    mysqli_query($mysqli,"UPDATE payment_providers SET payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee WHERE payment_provider_id = $provider_id");
+    mysqli_query($mysqli,"UPDATE payment_providers SET payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_threshold = $threshold, payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee WHERE payment_provider_id = $provider_id");
 
     logAction("Payment Provider", "Edit", "$session_name edited Payment Provider $provider");
 
@@ -92,11 +96,14 @@ if (isset($_POST['edit_payment_provider'])) {
 }
 
 if (isset($_GET['delete_payment_provider'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
     
     $provider_id = intval($_GET['delete_payment_provider']);
 
-    $provider_name = sanitizeInput(getFieldById('provider_providers', $provider_id, 'provider_name'));
+    $provider_name = sanitizeInput(getFieldById('payment_providers', $provider_id, 'provider_name'));
 
+    // Delete provider
     mysqli_query($mysqli,"DELETE FROM payment_providers WHERE payment_provider_id = $provider_id");
 
     logAction("Payment Provider", "Delete", "$session_name deleted Payment Provider $provider_name");

admin/post/saved_payment_method.php

@@ -37,7 +37,7 @@ if (isset($_GET['delete_saved_payment'])) {
 
     $private_key = $row['payment_provider_private_key'];
 
-    // Seperate logic for each Payment Provider
+    // Separate logic for each Payment Provider
     if ($payment_provider_name == 'Stripe') {
 
         try {

admin/post/users.php

@@ -236,16 +236,20 @@ if (isset($_GET['revoke_remember_me'])) {
 
 }
 
-if (isset($_GET['archive_user'])) {
+if (isset($_POST['archive_user'])) {
 
-    validateCSRFToken($_GET['csrf_token']);
+    validateCSRFToken($_POST['csrf_token']);
 
-    // Variables from GET
-    $user_id = intval($_GET['archive_user']);
+    $user_id = intval($_POST['user_id']);
+    $ticket_assign = intval($_POST['ticket_assign']);
     $password = password_hash(randomString(), PASSWORD_DEFAULT);
 
     $user_name = sanitizeInput(getFieldById('users', $user_id, 'user_name'));
 
+    // Un-assign / Re-assign tickets
+    mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $ticket_assign WHERE ticket_assigned_to = $user_id AND ticket_closed_at IS NULL AND ticket_resolved_at IS NULL");
+    mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_assigned_to = $ticket_assign WHERE recurring_ticket_assigned_to = $user_id");
+
     // Archive user query
     mysqli_query($mysqli, "UPDATE users SET user_name = '$user_name (archived)', user_password = '$password', user_status = 0, user_specific_encryption_ciphertext = '', user_archived_at = NOW() WHERE user_id = $user_id");
 
@@ -257,6 +261,36 @@ if (isset($_GET['archive_user'])) {
 
 }
 
+if (isset($_POST['restore_user'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $user_id = intval($_POST['user_id']);
+    $new_password = trim($_POST['new_password']);
+    $role = intval($_POST['role']);
+
+    $user_name = getFieldById('users', $user_id, 'user_name');
+    $user_name = sanitizeInput(str_replace(" (archived)", "", $user_name)); //Removed (archived) from user_name
+
+    // Restore user query
+    mysqli_query($mysqli, "UPDATE users SET user_name = '$user_name', user_status = 1, user_role_id = $role, user_archived_at = NULL WHERE user_id = $user_id");
+
+    if (!empty($new_password)) {
+        $new_password = password_hash($new_password, PASSWORD_DEFAULT);
+        $user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['new_password']));
+        mysqli_query($mysqli, "UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
+        //Extended Logging
+        $extended_log_description .= ", password changed";
+    }
+
+    logAction("User", "Restored", "$session_name restored user $user_name", 0, $user_id);
+
+    flash_alert("User <strong>$user_name</strong> restored");
+
+    redirect();
+
+}
+
 if (isset($_POST['export_users_csv'])) {
 
     //get records from database

admin/users.php

@@ -13,7 +13,7 @@ $sql = mysqli_query(
     LEFT JOIN user_settings ON users.user_id = user_settings.user_id
     WHERE (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
     AND user_type = 1
-    AND user_archived_at IS NULL
+    AND user_$archive_query
     ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
@@ -53,6 +53,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     </div>
                 </div>
                 <div class="col-md-8">
+                    <div class="btn-group float-right">
+                        <a href="?archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>" 
+                            class="btn btn-<?php if($archived == 1){ echo "primary"; } else { echo "default"; } ?>">
+                            <i class="fa fa-fw fa-archive mr-2"></i>Archived
+                        </a>
+                    </div>
                 </div>
             </div>
         </form>
@@ -113,8 +119,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     $user_config_force_mfa = intval($row['user_config_force_mfa']);
                     $user_role = intval($row['user_role_id']);
                     $user_role_display = nullable_htmlentities($row['role_name']);
+                    $user_archived_at = nullable_htmlentities($row['user_archived_at']);
                     $user_initials = nullable_htmlentities(initials($user_name));
 
+
                     $sql_last_login = mysqli_query(
                         $mysqli,
                         "SELECT * FROM logs
@@ -196,10 +204,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                             <i class="fas fa-fw fa-user-slash mr-2"></i>Disable
                                         </a>
                                     <?php } ?>
+                                    <?php if ($user_archived_at) { ?>
                                     <div class="dropdown-divider"></div>
-                                    <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#archiveUserModal<?php echo $user_id; ?>">
+                                    <a class="dropdown-item text-info ajax-modal" href="#" data-modal-url="modals/user/user_restore.php?id=<?= $user_id ?>">
+                                        <i class="fas fa-fw fa-redo-alt mr-2"></i>Restore
+                                    </a>
+                                    <?php } else { ?>
+                                    <div class="dropdown-divider"></div>
+                                    <a class="dropdown-item text-danger ajax-modal" href="#" data-modal-url="modals/user/user_archive.php?id=<?= $user_id ?>">
                                         <i class="fas fa-fw fa-archive mr-2"></i>Archive
                                     </a>
+                                    <?php } ?>
                                 </div>
                             </div>
                             <?php } ?>
@@ -207,9 +222,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     </tr>
 
                     <?php
-
-                    require "modals/user/user_archive.php";
-
                 }
 
                 ?>

agent/calendar.php

@@ -106,7 +106,7 @@ while ($row = mysqli_fetch_array($sql)) {
 <?php require_once "../includes/footer.php";
 ?>
 
-<script src='../plugins/fullcalendar/dist/index.global.js'></script>
+<script src='/plugins/fullcalendar/dist/index.global.js'></script>
 
 <script>
     document.addEventListener('DOMContentLoaded', function() {

agent/custom/includes/custom_side_nav.php

@@ -0,0 +1,45 @@
+<!-- Main Sidebar Container -->
+<aside class="main-sidebar sidebar-dark-primary d-print-none">
+
+    <a class="pb-1 mt-1 brand-link" href="../<?php echo $config_start_page ?>">
+        <p class="h5"><i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
+            <span class="brand-text ">Back | <strong>Custom</strong>
+        </p>
+    </a>
+
+    <!-- Sidebar -->
+    <div class="sidebar">
+
+        <!-- Sidebar Menu -->
+        <nav>
+
+            <ul class="nav nav-pills nav-sidebar flex-column mt-2" data-widget="treeview" data-accordion="false">
+
+                <li class="nav-header">CUSTOM HEADER</li>
+         
+                <li class="nav-item">
+                    <a href="index.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "index.php") { echo "active"; } ?>">
+                        <i class="far fa-circle nav-icon"></i>
+                        <p>custom</p>
+                    </a>
+                </li>
+        
+            </ul>
+
+        </nav>
+        <!-- /.sidebar-menu -->
+
+        <div class="sidebar-custom mb-3">
+
+        </div>
+
+    </div>
+    <!-- /.sidebar -->
+</aside>
+
+
+
+
+
+
+

agent/custom/includes/inc_all_custom.php

@@ -0,0 +1,13 @@
+<?php
+
+require_once "../../config.php";
+require_once "../../functions.php";
+require_once "../../includes/check_login.php";
+require_once "../../includes/page_title.php";
+require_once "../../includes/header.php";
+require_once "../../includes/top_nav.php";
+require_once "includes/custom_side_nav.php";
+require_once "../../includes/inc_wrapper.php";
+require_once "../../includes/inc_alert_feedback.php";
+require_once "../../includes/filter_header.php";
+

agent/custom/index.php

@@ -0,0 +1,72 @@
+<?php require_once "includes/inc_all_custom.php"; ?>
+
+    <!-- Breadcrumbs-->
+    <ol class="breadcrumb">
+        <li class="breadcrumb-item">
+            <a href="index.html">Dashboard</a>
+        </li>
+        <li class="breadcrumb-item active">Blank Page</li>
+    </ol>
+
+    <!-- Page Content -->
+    <h1>Blank Page</h1>
+    <hr>
+    <p>This is a great starting point for new custom pages.</p>
+    <h1><?php echo $session_user_role; ?></h1>
+    <?php validateAdminRole(); ?>
+
+<?php
+
+$start_date = date('Y') . "-10-10";
+
+echo "<H1>$start_date</H1>";
+
+echo "<H2>User Agent</H2>";
+echo getUserAgent();
+
+
+?>
+    <br>
+
+    <input type="tel" name="phone" id="phone">
+
+     <div class="form-group">
+                  <label>Minimal</label>
+                  <select class="form-control select2 select2-hidden-accessible" style="width: 100%;" data-select2-id="1" tabindex="-1" aria-hidden="true">
+                    <option selected="selected" data-select2-id="3">Alabama</option>
+                    <option data-select2-id="35">Alaska</option>
+                    <option data-select2-id="36">California</option>
+                    <option data-select2-id="37">Delaware</option>
+                    <option data-select2-id="38">Tennessee</option>
+                    <option data-select2-id="39">Texas</option>
+                    <option data-select2-id="40">Washington</option>
+                  </select><span class="select2 select2-container select2-container--default select2-container--below" dir="ltr" data-select2-id="2" style="width: 100%;"><span class="selection"><span class="select2-selection select2-selection--single" role="combobox" aria-haspopup="true" aria-expanded="false" tabindex="0" aria-disabled="false" aria-labelledby="select2-nbex-container"><span class="select2-selection__rendered" id="select2-nbex-container" role="textbox" aria-readonly="true" title="Alabama">Alabama</span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span></span></span><span class="dropdown-wrapper" aria-hidden="true"></span></span>
+                </div>
+
+    <dl>
+        <dt>Requester</dt>
+        <dd>Sam Adams</dd>
+
+        <dt>Created</dt>
+        <dd><time datetime="2024-04-11T17:52:30+00:00" title="2024-04-11 13:52" data-datetime="calendar">Today at 13:52</time></dd>
+
+        <dt>Last activity</dt>
+        <dd><time datetime="2024-04-11T18:08:55+00:00" title="2024-04-11 14:08" data-datetime="calendar">Today at 14:08</time></dd>
+    </dl>
+
+    <?php echo randomString(100); ?>
+    <br>
+    <textarea class="tinymceTest"></textarea>
+
+    <textarea class="tinymce"></textarea>
+
+    <textarea class="tinymceTicket"></textarea>
+<?php
+// show the current Date and Time
+$date_time = date('Y-m-d H:i:s');
+echo "Current Date and Time: <strong>$date_time</strong>";
+?>
+
+<script>toastr.success('Have Fun Wozz!!')</script>
+
+<?php require_once "../../includes/footer.php";

agent/custom/post.php

@@ -1,12 +1,12 @@
 <?php
 
 /*
- * ITFlow - Custom GET/POST request handler
+ * ITFlow - User GET/POST request handler
  */
 
-require_once "../config.php";
-require_once "../functions.php";
-require_once "../includes/check_login.php";
+require_once "../../config.php";
+require_once "../../functions.php";
+require_once "../../includes/check_login.php";
 
 // Define a variable that we can use to only allow running post files via inclusion (prevents people/bots poking them)
 define('FROM_POST_HANDLER', true);
@@ -24,17 +24,23 @@ $module = explode(".", basename($path))[0];
 $module = str_ireplace('_details', '', $module);
 
 // Dynamically load admin-related module POST logic
-if (str_contains($module, 'custom')) {
-    // Dynamically load any custom POST logic
 
-    include_once "post/$module.php";
+// Load all module POST logic
+//  Loads everything in post/user/
+//  Eventually, it would be nice to only specifically load what we need like we do for admins
 
+foreach (glob("post/*.php") as $user_module) {
+    if (!preg_match('/_model\.php$/', basename($user_module))) {
+        require_once $user_module;
+    }
 }
 
+
 // Logout is the same for user and admin
-require_once "../post/logout.php";
+require_once "../../post/logout.php";
 
 // TODO: Find a home for these
 
-require_once "../post/ai.php";
-require_once "../post/misc.php";
+require_once "../../post/ai.php";
+require_once "../../post/misc.php";
+

agent/dashboard.php

@@ -209,7 +209,7 @@ if ($user_config_dashboard_financial_enable == 1) {
 
         <div class="col-lg-4 col-md-6 col-sm-12">
             <!-- small box -->
-            <a class="small-box bg-success" href="report_profit_loss.php">
+            <a class="small-box bg-success" href="reports/profit_loss.php">
                 <div class="inner">
                     <h3><?php echo numfmt_format_currency($currency_format, $profit, "$session_company_currency"); ?></h3>
                     <p>Profit</p>
@@ -223,7 +223,7 @@ if ($user_config_dashboard_financial_enable == 1) {
 
         <div class="col-lg-6 col-md-6 col-sm-12">
             <!-- small box -->
-            <a class="small-box bg-info" href="report_recurring_by_client.php">
+            <a class="small-box bg-info" href="reports/recurring_by_client.php">
                 <div class="inner">
                     <h3><?php echo numfmt_format_currency($currency_format, $recurring_monthly_total, "$session_company_currency"); ?></h3>
                     <p>Monthly Recurring Income</p>
@@ -252,7 +252,7 @@ if ($user_config_dashboard_financial_enable == 1) {
         <?php if ($config_module_enable_ticketing && $config_module_enable_accounting) { ?>
             <div class="col-lg-2 col-md-6 col-sm-12">
                 <!-- small box -->
-                <a class="small-box bg-secondary" href="report_tickets_unbilled.php">
+                <a class="small-box bg-secondary" href="reports/tickets_unbilled.php">
                     <div class="inner">
                         <h3><?php echo $unbilled_tickets; ?></h3>
                         <p>Unbilled Ticket<?php if ($unbilled_tickets > 1 || $unbilled_tickets == 0) { echo "s"; } ?></p>
@@ -338,7 +338,7 @@ if ($user_config_dashboard_financial_enable == 1) {
                 <div class="card-header">
                     <h3 class="card-title"><i class="fas fa-fw fa-chart-area mr-2"></i>Cash Flow</h3>
                     <div class="card-tools">
-                        <a href="report_income_summary.php" class="btn btn-tool">
+                        <a href="reports/income_summary.php" class="btn btn-tool">
                             <i class="fas fa-eye"></i>
                         </a>
                         <button type="button" class="btn btn-tool" data-card-widget="remove">

agent/includes/inc_all.php

@@ -2,7 +2,6 @@
 // Configuration & core
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 
 // Page setup

agent/includes/inc_all_client.php

@@ -2,7 +2,6 @@
 
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 require_once "../includes/page_title.php";
 

agent/includes/inc_client_overview_all.php

@@ -2,7 +2,6 @@
 
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 require_once "../includes/page_title.php";
 require_once "../includes/header.php";
@@ -11,4 +10,3 @@ require_once "includes/client_overview_side_nav.php";
 require_once "../includes/inc_wrapper.php";
 require_once "../includes/inc_alert_feedback.php";
 require_once "../includes/filter_header.php";
-

agent/includes/side_nav.php

@@ -188,7 +188,7 @@
 
                 <?php if (lookupUserPermission("module_reporting") >= 1) { ?>
                     <li class="nav-item mt-3">
-                        <a href="report_overview.php" class="nav-link">
+                        <a href="reports/" class="nav-link">
                             <i class="fas fa-chart-line nav-icon"></i>
                             <p>Reports</p>
                             <i class="fas fa-angle-right nav-icon float-right"></i>