From dfb963da323294cb99fe79db1b4ca4bfba886d8c Mon Sep 17 00:00:00 2001
From: "johnny@pittpc.com" <admin@app.pittpc.com>
Date: Wed, 20 Nov 2019 18:18:48 -0500
Subject: [PATCH] started adding date_from date_to filters to tables, and
 linking them with reports and dashboard, added reference to payments listing

---
 clients.php                | 15 ++++++++++++++-
 dashboard.php              | 20 ++++++++++----------
 expenses.php               | 10 ++++++++++
 payments.php               | 15 ++++++++++++++-
 post.php                   |  8 ++++----
 report_expense_summary.php | 10 +++++-----
 trips.php                  | 10 ++++++++++
 vendors.php                | 15 ++++++++++++++-
 8 files changed, 81 insertions(+), 22 deletions(-)

diff --git a/clients.php b/clients.php
index 49dcce60..62e3779e 100644
--- a/clients.php
+++ b/clients.php
@@ -4,6 +4,7 @@
 
 $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
 
+//Paging
 if(isset($_GET['p'])){
   $p = intval($_GET['p']);
   $record_from = (($p)-1)*10;
@@ -14,18 +15,21 @@ if(isset($_GET['p'])){
   $p = 1;
 }
   
+//Custom Query Filter  
 if(isset($_GET['q'])){
   $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
+//Column Filter
 if(!empty($_GET['sb'])){
   $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "client_id";
 }
 
+//Column Order Filter
 if(isset($_GET['o'])){
   if($_GET['o'] == 'ASC'){
     $o = "ASC";
@@ -39,7 +43,16 @@ if(isset($_GET['o'])){
   $disp = "ASC";
 }
 
-$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%') AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to"); 
+//Date From and Date To Filter
+if(isset($_GET['dtf'])){
+  $dtf = $_GET['dtf'];
+  $dtt = $_GET['dtt'];
+}else{
+  $dtf = "0000-00-00";
+  $dtt = "9999-00-00";
+}
+
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to"); 
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
diff --git a/dashboard.php b/dashboard.php
index 379336ad..27bb1959 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -103,7 +103,7 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
 <div class="row">
   <div class="col-lg-3 col-6">
     <!-- small box -->
-    <div class="small-box bg-primary">
+    <a class="small-box bg-primary" href="payments.php?dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">
       <div class="inner">
         <h3>$<?php echo number_format($total_income,2); ?></h3>
         <p>Total Incomes</p>
@@ -113,13 +113,13 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
       <div class="icon">
         <i class="fa fa-money-check"></i>
       </div>
-    </div>
+    </a>
   </div>
   <!-- ./col -->
 
   <div class="col-lg-3 col-6">
     <!-- small box -->
-    <div class="small-box bg-danger">
+    <a class="small-box bg-danger" href="expenses.php?dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">
       <div class="inner">
         <h3>$<?php echo number_format($total_expenses,2); ?></h3>
         <p>Total Expenses</p>
@@ -127,7 +127,7 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
       <div class="icon">
         <i class="fa fa-shopping-cart"></i>
       </div>
-    </div>
+    </a>
   </div>
   <!-- ./col -->
 
@@ -147,7 +147,7 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
 
   <div class="col-lg-3 col-6">
     <!-- small box -->
-    <div class="small-box bg-info">
+    <a class="small-box bg-info" href="trips.php?dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">
       <div class="inner">
         <h3><?php echo $total_miles; ?></h3>
         <p>Miles Driven</p>
@@ -155,13 +155,13 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
       <div class="icon">
         <i class="fa fa-bicycle"></i>
       </div>
-    </div>
+    </a>
   </div>
   <!-- ./col -->
 
   <div class="col-lg-3 col-6">
     <!-- small box -->
-    <div class="small-box bg-secondary">
+    <a class="small-box bg-secondary" href="clients.php?dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">
       <div class="inner">
         <h3><?php echo $clients_added; ?></h3>
         <p>New Clients</p>
@@ -169,13 +169,13 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
       <div class="icon">
         <i class="fa fa-users"></i>
       </div>
-    </div>
+    </a>
   </div>
   <!-- ./col -->
 
   <div class="col-lg-3 col-6">
     <!-- small box -->
-    <div class="small-box bg-secondary">
+    <a class="small-box bg-secondary" href="vendors.php?dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">
       <div class="inner">
         <h3><?php echo $vendors_added; ?></h3>
         <p>New Vendors</p>
@@ -183,7 +183,7 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
       <div class="icon">
         <i class="fa fa-building"></i>
       </div>
-    </div>
+    </a>
   </div>
   <!-- ./col -->
 
diff --git a/expenses.php b/expenses.php
index e523d78a..15aefdd0 100644
--- a/expenses.php
+++ b/expenses.php
@@ -39,11 +39,21 @@
     $disp = "ASC";
   }
 
+  //Date From and Date To Filter
+  if(isset($_GET['dtf'])){
+    $dtf = $_GET['dtf'];
+    $dtt = $_GET['dtt'];
+  }else{
+    $dtf = "0000-00-00";
+    $dtt = "9999-00-00";
+  }
+
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM expenses, categories, vendors, accounts
     WHERE expenses.category_id = categories.category_id
     AND expenses.vendor_id = vendors.vendor_id
     AND expenses.account_id = accounts.account_id
     AND expenses.company_id = $session_company_id
+    AND DATE(expense_date) BETWEEN '$dtf' AND '$dtt'
     AND (vendor_name LIKE '%$q%' OR category_name LIKE '%$q%' OR account_name LIKE '%$q%' OR expense_description LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
diff --git a/payments.php b/payments.php
index ca004d03..e935ef59 100644
--- a/payments.php
+++ b/payments.php
@@ -39,12 +39,22 @@
     $disp = "ASC";
   }
 
+  //Date From and Date To Filter
+  if(isset($_GET['dtf'])){
+    $dtf = $_GET['dtf'];
+    $dtt = $_GET['dtt'];
+  }else{
+    $dtf = "0000-00-00";
+    $dtt = "9999-00-00";
+  }
+
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM payments, invoices, clients, accounts
     WHERE invoices.client_id = clients.client_id
     AND payments.invoice_id = invoices.invoice_id
     AND payments.account_id = accounts.account_id
     AND payments.company_id = $session_company_id
-    AND (invoice_number LIKE '%$q%' OR client_name LIKE '%$q%' OR account_name LIKE '%$q%' OR payment_method LIKE '%$q%')
+    AND DATE(payment_date) BETWEEN '$dtf' AND '$dtt'
+    AND (invoice_number LIKE '%$q%' OR client_name LIKE '%$q%' OR account_name LIKE '%$q%' OR payment_method LIKE '%$q%' OR payment_reference LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@@ -77,6 +87,7 @@
             <th class="text-right"><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_amount&o=<?php echo $disp; ?>">Amount</a></th>
             <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=account_name&o=<?php echo $disp; ?>">Account</a></th>
             <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_method&o=<?php echo $disp; ?>">Method</a></th>
+            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_reference&o=<?php echo $disp; ?>">Reference</a></th>
           </tr>
         </thead>
         <tbody>
@@ -89,6 +100,7 @@
             $payment_date = $row['payment_date'];
             $payment_method = $row['payment_method'];
             $payment_amount = $row['payment_amount'];
+            $payment_reference = $row['payment_reference'];
             $client_id = $row['client_id'];
             $client_name = $row['client_name'];
             $account_name = $row['account_name'];
@@ -103,6 +115,7 @@
             
             <td><?php echo $account_name; ?></td>
             <td><?php echo $payment_method; ?></td>
+            <td><?php echo $payment_reference; ?></td>
           </tr>
 
           <?php
diff --git a/post.php b/post.php
index a8ce5a9d..7e9642ae 100644
--- a/post.php
+++ b/post.php
@@ -2996,11 +2996,11 @@ if(isset($_GET['delete_asset'])){
 if(isset($_POST['add_login'])){
 
     $client_id = intval($_POST['client_id']);
-    $description = strip_tags(mysqli_real_escape_string($mysqli,$_POST['description']));
-    $web_link = strip_tags(mysqli_real_escape_string($mysqli,$_POST['web_link']));
-    $username = strip_tags(mysqli_real_escape_string($mysqli,$_POST['username']));
+    $description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
+    $web_link = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['web_link'])));
+    $username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
     $password = strip_tags(mysqli_real_escape_string($mysqli,$_POST['password']));
-    $note = strip_tags(mysqli_real_escape_string($mysqli,$_POST['note']));
+    $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
     $vendor_id = intval($_POST['vendor']);
     $asset_id = intval($_POST['asset']);
     $software_id = intval($_POST['software']);
diff --git a/report_expense_summary.php b/report_expense_summary.php
index 3a498428..1425804a 100644
--- a/report_expense_summary.php
+++ b/report_expense_summary.php
@@ -35,7 +35,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
       </select>
     </form>
     <div class="table-responsive">
-      <table class="table table-striped table-sm">
+      <table class="table table-striped">
         <thead class="text-dark">
           <tr>
             <th>Category</th>
@@ -74,7 +74,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
 
               
               ?>
-                <td class="text-right text-monospace">$<?php echo number_format($expense_amount_for_month,2); ?></td>
+                <td class="text-right text-monospace"><a class="text-dark" href="expenses.php?q=<?php echo $category_name; ?>&dtf=<?php echo "$year-$month"; ?>-01&dtt=<?php echo "$year-$month"; ?>-31">$<?php echo number_format($expense_amount_for_month,2); ?></a></td>
               
               <?php
               
@@ -82,7 +82,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
               
               ?>
               
-              <td class="text-right text-monospace">$<?php echo number_format($total_expense_for_all_months,2); ?></td>
+              <td class="text-right text-monospace"><a class="text-dark" href="expenses.php?q=<?php echo $category_name; ?>&dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">$<?php echo number_format($total_expense_for_all_months,2); ?></a></td>
             </tr>
           
           <?php 
@@ -106,14 +106,14 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
             
             ?>
 
-              <th class="text-right text-monospace">$<?php echo number_format($expense_total_amount_for_month,2); ?></th>
+              <th class="text-right text-monospace"><a class="text-dark" href="expenses.php?dtf=<?php echo "$year-$month"; ?>-01&dtt=<?php echo "$year-$month"; ?>-31">$<?php echo number_format($expense_total_amount_for_month,2); ?></a></th>
             <?php
 
             }
 
             ?>
 
-            <th class="text-right text-monospace">$<?php echo number_format($total_expense_for_all_months,2); ?></th>
+            <th class="text-right text-monospace"><a class="text-dark" href="expenses.php?dtf=<?php echo $year; ?>-01-01&dtt=<?php echo $year; ?>-12-31">$<?php echo number_format($total_expense_for_all_months,2); ?></th>
           </tr>
         </tbody>
       </table>
diff --git a/trips.php b/trips.php
index 54dce2ef..a5fad4a1 100644
--- a/trips.php
+++ b/trips.php
@@ -39,8 +39,18 @@
     $disp = "ASC";
   }
 
+  //Date From and Date To Filter
+  if(isset($_GET['dtf'])){
+    $dtf = $_GET['dtf'];
+    $dtt = $_GET['dtt'];
+  }else{
+    $dtf = "0000-00-00";
+    $dtt = "9999-00-00";
+  }
+
   $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM trips  
     WHERE (trip_purpose LIKE '%$q%' OR trip_starting_location LIKE '%$q%' OR trip_destination LIKE '%$q%')
+    AND DATE(trip_date) BETWEEN '$dtf' AND '$dtt'
     AND company_id = $session_company_id
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
diff --git a/vendors.php b/vendors.php
index 7400be77..13b71c79 100644
--- a/vendors.php
+++ b/vendors.php
@@ -34,7 +34,20 @@
     $o = "DESC";
     $disp = "ASC";
   }
-  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id AND (vendor_name LIKE '%$q%' OR vendor_description LIKE '%$q%' OR vendor_account_number LIKE '%$q%')
+
+  //Date From and Date To Filter
+  if(isset($_GET['dtf'])){
+    $dtf = $_GET['dtf'];
+    $dtt = $_GET['dtt'];
+  }else{
+    $dtf = "0000-00-00";
+    $dtt = "9999-00-00";
+  }
+
+  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM vendors WHERE client_id = 0 
+    AND company_id = $session_company_id 
+    AND DATE(vendor_created_at) BETWEEN '$dtf' AND '$dtt'
+    AND (vendor_name LIKE '%$q%' OR vendor_description LIKE '%$q%' OR vendor_account_number LIKE '%$q%')
     ORDER BY $sb $o LIMIT $record_from, $record_to");
   $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   $total_found_rows = $num_rows[0];