diff --git a/guest_header.php b/guest_header.php index 0ce20638..62a19a29 100644 --- a/guest_header.php +++ b/guest_header.php @@ -3,6 +3,8 @@ include("config.php"); include("functions.php"); +session_start(); + $ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip()))); $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); @@ -39,4 +41,23 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_A
-
\ No newline at end of file +
+ + +
+ + +
+ \ No newline at end of file diff --git a/guest_post.php b/guest_post.php index 5bc247c9..b12f53aa 100644 --- a/guest_post.php +++ b/guest_post.php @@ -3,15 +3,15 @@ include("config.php"); include("functions.php"); -if(isset($_GET['accept_quote'], $_GET['url_key'])){ +session_start(); + +if(isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])){ $quote_id = intval($_GET['accept_quote']); + $company_id = intval($_GET['company_id']); $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']); - $sql = mysqli_query($mysqli,"SELECT * FROM quotes - WHERE quote_id = $quote_id - AND quote_url_key = '$url_key'" - ); + $sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id"); if(mysqli_num_rows($sql) == 1){ @@ -28,15 +28,13 @@ if(isset($_GET['accept_quote'], $_GET['url_key'])){ } -if(isset($_GET['decline_quote'], $_GET['url_key'])){ +if(isset($_GET['decline_quote'], $_GET['company_id'], $_GET['url_key'])){ $quote_id = intval($_GET['decline_quote']); + $company_id = intval($_GET['company_id']); $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']); - $sql = mysqli_query($mysqli,"SELECT * FROM quotes - WHERE quote_id = $quote_id - AND quote_url_key = '$url_key'" - ); + $sql = mysqli_query($mysqli,"SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND quote_url_key = '$url_key' AND company_id = $company_id"); if(mysqli_num_rows($sql) == 1){ @@ -44,6 +42,7 @@ if(isset($_GET['decline_quote'], $_GET['url_key'])){ mysqli_query($mysqli,"INSERT INTO history SET history_date = CURDATE(), history_status = 'Declined', history_description = 'Client declined Quote!', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id"); + $_SESSION['alert_type'] = "danger"; $_SESSION['alert_message'] = "Quote Declined"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/guest_view_quote.php b/guest_view_quote.php index d1bcc998..87122f3f 100644 --- a/guest_view_quote.php +++ b/guest_view_quote.php @@ -88,8 +88,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){ - Accept - Decline + Accept + Decline
diff --git a/quotes.php b/quotes.php index 8ae8b3e5..73153e0d 100644 --- a/quotes.php +++ b/quotes.php @@ -193,9 +193,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); $quote_badge_color = "warning text-white"; }elseif($quote_status == "Viewed"){ $quote_badge_color = "primary"; - }elseif($quote_status == "Approved"){ + }elseif($quote_status == "Accepted"){ $quote_badge_color = "success"; - }elseif($quote_status == "Rejected"){ + }elseif($quote_status == "Declined"){ $quote_badge_color = "danger"; }elseif($quote_status == "Invoiced"){ $quote_badge_color = "info";