Fix guest invoice caused issues with the alert Query on certain client names, will need reworking and testing in other areas of the code as well

campaign.php

@@ -31,15 +31,15 @@ if(isset($_GET['campaign_id'])){
 
   //Get Stat Counts
   //Subscribers
-  $subscriber_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT COUNT(*) FROM campaign_messages WHERE message_campaign_id = $campaign_id"));
+  $subscriber_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_campaign_id = $campaign_id"));
   //Sent
-  $sent_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT COUNT(*) FROM campaign_messages WHERE message_sent_at IS NOT NULL AND message_campaign_id = $campaign_id"));
+  $sent_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_sent_at IS NOT NULL AND message_campaign_id = $campaign_id"));
   //Opem
-  $open_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT COUNT(*) FROM campaign_messages WHERE message_opened_at IS NOT NULL AND message_campaign_id = $campaign_id"));
+  $open_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_opened_at IS NOT NULL AND message_campaign_id = $campaign_id"));
   //Click
-  $click_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT COUNT(*) FROM campaign_messages WHERE message_clicked_at IS NOT NULL AND message_campaign_id = $campaign_id"));
+  $click_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_clicked_at IS NOT NULL AND message_campaign_id = $campaign_id"));
   //Fail
-  $fail_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT COUNT(*) FROM campaign_messages WHERE message_bounced_at IS NOT NULL AND message_campaign_id = $campaign_id"));
+  $fail_count = mysqli_num_rows(mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_bounced_at IS NOT NULL AND message_campaign_id = $campaign_id"));
 
   ?>
 

clients.php

@@ -217,7 +217,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
               }
             
               $client_tag_id_array[] = $client_tag_id;
-              $client_tag_name_display_array[] = "<span class='badge bg-$client_tag_color'><i class='fa fa-fw fa-$client_tag_icon'></i> $client_tag_name</span> ";
+              if(empty($client_tag_color)){
+                $client_tag_name_display_array[] = "<small class='text-secondary'>$client_tag_name</small> ";
+              }else{  
+                $client_tag_name_display_array[] = "<span class='badge bg-$client_tag_color'><i class='fa fa-fw fa-$client_tag_icon'></i> $client_tag_name</span> ";
+              }
             }
             $client_tags_display = implode('', $client_tag_name_display_array);
 

guest_view_invoice.php

@@ -64,10 +64,9 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
     $config_stripe_publishable = $row['config_stripe_publishable'];
     $config_stripe_secret = $row['config_stripe_secret'];
 
-    $ip = get_ip();
-    $os = get_os();
-    $browser = get_web_browser();
-    $device = get_device();
+    $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
+    $os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
+    $browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
 
     //Set Badge color based off of invoice status
     if($invoice_status == "Sent"){
@@ -90,9 +89,11 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
     }
 
     //Mark viewed in history
-    mysqli_query($mysqli,"INSERT INTO history SET history_date = CURDATE(), history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser - $device', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO history SET history_date = CURDATE(), history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
 
-    mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Invoice Viewed', alert_message = 'Invoice $invoice_number has been viewed by $client_name - $ip - $os - $browser - $device', alert_date = NOW(), company_id = $company_id");
+    //Prevent SQL Error if client_name has ' in their name example Bill's Market
+    $client_name_escaped = mysqli_escape_string($mysqli,$client_name);
+    mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Invoice Viewed', alert_message = 'Invoice $invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', alert_date = NOW(), company_id = $company_id");
 
     $sql_payments = mysqli_query($mysqli,"SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
 

post.php

@@ -1836,7 +1836,7 @@ if(isset($_POST['test_campaign'])){
 
     //Mail Server Settings
 
-    $mail->SMTPDebug = 2;                                       // Enable verbose debug output
+    //$mail->SMTPDebug = 2;                                       // Enable verbose debug output
     $mail->isSMTP();                                            // Set mailer to use SMTP
     $mail->Host       = $config_smtp_host;  // Specify main and backup SMTP servers
     $mail->SMTPAuth   = true;                                   // Enable SMTP authentication