Fixed Guest Accept or Decline Quote through guest URL, add correct bage color for Accepted quotes

2022-02-21 19:12:17 -05:00 · 2022-02-21 19:12:17 -05:00 · dc68eda592
parent e6167ffaa3
commit dc68eda592
4 changed files with 35 additions and 15 deletions
--- a/guest_header.php
+++ b/guest_header.php
@ -3,6 +3,8 @@
  include("config.php");
  include("functions.php");

+session_start();
+
 $ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip())));
 $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));

@ -39,4 +41,23 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_A

      <!-- Main content -->
      <div class="content">
-        <div class="container">
+        <div class="container">
+
+          <?php
+          //Alert Feedback
+          if(!empty($_SESSION['alert_message'])){
+              if (!isset($_SESSION['alert_type'])){
+                  $_SESSION['alert_type'] = "info";
+              }
+            ?>
+              <div class="alert alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
+                <?php echo $_SESSION['alert_message']; ?>
+                <button class='close' data-dismiss='alert'>&times;</button>
+              </div>
+            <?php
+            
+            unset($_SESSION['alert_type']);
+            unset($_SESSION['alert_message']);
+
+          }
+          ?>
--- a/guest_post.php
+++ b/guest_post.php
@ -3,15 +3,15 @@
 include("config.php");
 include("functions.php");

-if(isset($_GET['accept_quote'], $_GET['url_key'])){
+session_start();
+
+if(isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])){

    $quote_id = intval($_GET['accept_quote']);
+    $company_id = intval($_GET['company_id']);
    $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);

-    $sql = mysqli_query($mysqli,"SELECT * FROM quotes
-    WHERE quote_id = $quote_id
-    AND quote_url_key = '$url_key'"
-    );
+    $sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");

    if(mysqli_num_rows($sql) == 1){
    
@ -28,15 +28,13 @@ if(isset($_GET['accept_quote'], $_GET['url_key'])){

 }

-if(isset($_GET['decline_quote'], $_GET['url_key'])){
+if(isset($_GET['decline_quote'], $_GET['company_id'], $_GET['url_key'])){

    $quote_id = intval($_GET['decline_quote']);
+    $company_id = intval($_GET['company_id']);
    $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);

-    $sql = mysqli_query($mysqli,"SELECT * FROM quotes
-    WHERE quote_id = $quote_id
-    AND quote_url_key = '$url_key'"
-    );
+    $sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND quote_url_key = '$url_key' AND company_id = $company_id");

    if(mysqli_num_rows($sql) == 1){

@ -44,6 +42,7 @@ if(isset($_GET['decline_quote'], $_GET['url_key'])){

        mysqli_query($mysqli,"INSERT INTO history SET history_date = CURDATE(), history_status = 'Declined', history_description = 'Client declined Quote!', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");

+        $_SESSION['alert_type'] = "danger";
        $_SESSION['alert_message'] = "Quote Declined";
        
        header("Location: " . $_SERVER["HTTP_REFERER"]);
--- a/guest_view_quote.php
+++ b/guest_view_quote.php
@ -88,8 +88,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
        <?php
        if($quote_status == "Draft" or $quote_status == "Sent" or $quote_status == "Viewed"){
        ?>
-        <a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-check"></i> Accept</a>
-        <a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-times"></i> Decline</a>
+        <a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-check"></i> Accept</a>
+        <a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-times"></i> Decline</a>
        <?php } ?>
      </div>

--- a/quotes.php
+++ b/quotes.php
@ -193,9 +193,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
              $quote_badge_color = "warning text-white";
            }elseif($quote_status == "Viewed"){
              $quote_badge_color = "primary";
-            }elseif($quote_status == "Approved"){
+            }elseif($quote_status == "Accepted"){
              $quote_badge_color = "success";
-            }elseif($quote_status == "Rejected"){
+            }elseif($quote_status == "Declined"){
              $quote_badge_color = "danger";
            }elseif($quote_status == "Invoiced"){
              $quote_badge_color = "info";