AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert all Import / Export Modals to Ajax and a few other lingering modals that were not converted yet

Browse Source
This commit is contained in:
johnnyq
2025-12-02 15:04:05 -05:00
parent fe8df66c67
commit e1a579387f
54 changed files with 1381 additions and 1267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
agent/post/asset.php
View File

@@ -9,7 +9,7 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_asset'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
require_once 'asset_model.php';
@@ -77,9 +77,9 @@ if (isset($_POST['add_asset'])) {
if (isset($_POST['edit_asset'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
require_once 'asset_model.php';
$asset_id = intval($_POST['asset_id']);
@@ -139,7 +139,7 @@ if (isset($_POST['edit_asset'])) {
if (isset($_GET['archive_asset'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$asset_id = intval($_GET['archive_asset']);
@@ -163,7 +163,7 @@ if (isset($_GET['archive_asset'])) {
if (isset($_GET['unarchive_asset'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$asset_id = intval($_GET['unarchive_asset']);
@@ -187,7 +187,7 @@ if (isset($_GET['unarchive_asset'])) {
if (isset($_GET['delete_asset'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$asset_id = intval($_GET['delete_asset']);
@@ -255,9 +255,9 @@ if (isset($_POST['bulk_assign_asset_tags'])) {
if (isset($_POST['bulk_assign_asset_location'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$location_id = intval($_POST['bulk_location_id']);
// Get Location name and client id for logging and alert
@@ -538,7 +538,7 @@ if (isset($_POST['bulk_unarchive_assets'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
if (isset($_POST['asset_ids'])) {
$count = count($_POST['asset_ids']);
@@ -824,7 +824,7 @@ if (isset($_POST["import_assets_csv"])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
@@ -973,9 +973,9 @@ if (isset($_POST["import_assets_csv"])) {
logAction("Asset", "Import", "$session_name imported $row_count asset(s) via CSV file", $client_id);
flash_alert("$row_count Asset(s) added, $duplicate_count duplicate(s) detected");
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
@@ -985,7 +985,7 @@ if (isset($_POST["import_assets_csv"])) {
}
if (isset($_GET['download_assets_csv_template'])) {
$client_id = intval($_GET['download_assets_csv_template']);
//get records from database
@@ -1023,7 +1023,7 @@ if (isset($_POST['export_assets_csv'])) {
enforceUserPermission('module_support');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND asset_client_id = $client_id";
@@ -1093,8 +1093,8 @@ if (isset($_POST['add_asset_interface'])) {
// 3) Fetch asset info for logging and alert
$sql = mysqli_query($mysqli, "
SELECT asset_name, asset_client_id
FROM assets
SELECT asset_name, asset_client_id
FROM assets
WHERE asset_id = $asset_id
");
$row = mysqli_fetch_array($sql);
@@ -1146,7 +1146,7 @@ if (isset($_POST['add_asset_interface'])) {
// 7) Alert message + redirect
flash_alert("Interface <strong>$name</strong> created");
redirect();
}
@@ -1156,7 +1156,7 @@ if (isset($_POST['add_asset_multiple_interfaces'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$asset_id = intval($_POST['asset_id']);
$interface_start = intval($_POST['interface_start']);
$interfaces = intval($_POST['interfaces']);
@@ -1189,9 +1189,9 @@ if (isset($_POST['add_asset_multiple_interfaces'])) {
}
logAction("Asset Interface", "Bulk Create", "$session_name created $interfaces for asset $asset_name", $client_id, $asset_id);
flash_alert("Created <strong>$interfaces</strong> Interface(s) for asset <strong>$asset_name</strong>");
redirect();
}
@@ -1210,7 +1210,7 @@ if (isset($_POST['edit_asset_interface'])) {
// 1) Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "
SELECT asset_name, asset_client_id, asset_id
FROM asset_interfaces
FROM asset_interfaces
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
@@ -1228,7 +1228,7 @@ if (isset($_POST['edit_asset_interface'])) {
interface_mac = '$mac',
interface_ip = '$ip',
interface_nat_ip = '$nat_ip',
interface_ipv6 = '$ipv6',
interface_ipv6 = '$ipv6',
interface_notes = '$notes',
interface_network_id = $network
WHERE interface_id = $interface_id
@@ -1270,7 +1270,7 @@ if (isset($_POST['edit_asset_interface'])) {
// 6) Alert and redirect
flash_alert("Interface <strong>$name</strong> edited");
redirect();
}
@@ -1336,7 +1336,7 @@ if (isset($_POST['bulk_edit_asset_interface_type'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "
SELECT asset_name, asset_client_id, asset_id
FROM asset_interfaces
FROM asset_interfaces
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
@@ -1350,13 +1350,13 @@ if (isset($_POST['bulk_edit_asset_interface_type'])) {
logAction("Asset Interface", "Edit", "$session_name set interface type to $type for asset $asset_name", $client_id, $asset_id);
}
logAction("Asset Interface", "Bulk Edit", "$session_name set interface type to $type on $interface_count interfaces for asset $asset_name", $client_id);
flash_alert("Type set to <strong>$type</strong> on <strong>$interface_count</strong> interfaces.");
}
redirect();
}
@@ -1383,7 +1383,7 @@ if (isset($_POST['bulk_edit_asset_interface_network'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "
SELECT asset_name, asset_client_id, asset_id
FROM asset_interfaces
FROM asset_interfaces
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
@@ -1399,10 +1399,10 @@ if (isset($_POST['bulk_edit_asset_interface_network'])) {
}
logAction("Asset Interface", "Bulk Edit", "$session_name set network to $network_name on $interface_count interfaces for asset $asset_name", $client_id);
flash_alert("Network set to <strong>$network_name</strong> on <strong>$interface_count</strong> interfaces.");
}
redirect();
}
@@ -1412,7 +1412,7 @@ if (isset($_POST['bulk_edit_asset_interface_ip_dhcp'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
if (isset($_POST['interface_ids'])) {
// Get Count
@@ -1424,7 +1424,7 @@ if (isset($_POST['bulk_edit_asset_interface_ip_dhcp'])) {
// Get Asset Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "
SELECT asset_name, asset_client_id, asset_id
FROM asset_interfaces
FROM asset_interfaces
LEFT JOIN assets ON asset_id = interface_asset_id
WHERE interface_id = $interface_id
");
@@ -1440,11 +1440,11 @@ if (isset($_POST['bulk_edit_asset_interface_ip_dhcp'])) {
}
logAction("Asset Interface", "Bulk Edit", "$session_name set interface IP to DHCP on $interface_count interfaces for asset $asset_name", $client_id);
flash_alert("Interface IP set to <strong>DHCP</strong> on <strong>$interface_count</strong> interfaces.");
}
redirect();
}
@@ -1485,7 +1485,7 @@ if (isset($_POST['bulk_delete_asset_interfaces'])) {
flash_alert("<strong>$interface_count</strong> interfaces deleted.", 'error');
}
redirect();
}
@@ -1495,7 +1495,7 @@ if (isset($_POST["import_client_asset_interfaces_csv"])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$asset_id = intval($_POST['asset_id']);
$file_name = $_FILES["file"]["tmp_name"];
@@ -1597,11 +1597,11 @@ if (isset($_POST["import_client_asset_interfaces_csv"])) {
logAction("Asset", "Import", "$session_name imported $row_count interfaces(s) to asset $asset_name via CSV file", $client_id);
flash_alert("<strong>$row_count</strong> Interfaces(s) added to asset <strong>$asset_name</stong>, <strong>$duplicate_count</strong> duplicate(s) detected");
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
redirect();

4
agent/post/certificate.php
View File

@@ -175,7 +175,7 @@ if (isset($_GET['delete_certificate'])) {
if (isset($_POST['bulk_delete_certificates'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['certificate_ids'])) {
@@ -214,7 +214,7 @@ if (isset($_POST['export_certificates_csv'])) {
enforceUserPermission('module_support');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND certificate_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');

34
agent/post/contact.php
View File

@@ -62,7 +62,7 @@ if (isset($_POST['add_contact'])) {
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
}
}
@@ -106,7 +106,7 @@ if (isset($_POST['edit_contact'])) {
}
// Create New User
} elseif ($contact_user_id == 0 && $name && $email && $auth_method) {
// Set password
if ($_POST['contact_password']) {
$password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
@@ -138,7 +138,7 @@ if (isset($_POST['edit_contact'])) {
unlink("../uploads/clients/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
}
}
@@ -258,7 +258,7 @@ if (isset($_GET['archive_contact_note'])) {
$contact_id = intval($row['contact_id']);
mysqli_query($mysqli,"UPDATE contact_notes SET contact_note_archived_at = NOW() WHERE contact_note_id = $contact_note_id");
logAction("Contact", "Edit", "$session_name archived note $contact_note_type for $contact_name", $client_id, $contact_id);
flash_alert("Note <strong>$contact_note_type</strong> archived", 'error');
@@ -282,7 +282,7 @@ if (isset($_GET['unarchive_contact_note'])) {
$contact_id = intval($row['contact_id']);
mysqli_query($mysqli,"UPDATE contact_notes SET contact_note_archived_at = NULL WHERE contact_note_id = $contact_note_id");
logAction("Contact", "Edit", "$session_name restored note $contact_note_type for $contact_name", $client_id, $contact_id);
flash_alert("Note <strong>$contact_note_type</strong> restored");
@@ -329,10 +329,10 @@ if (isset($_POST['bulk_assign_contact_location'])) {
// Assign Location to Selected Contacts
if (isset($_POST['contact_ids'])) {
// Get Selected Contacts Count
$contact_count = count($_POST['contact_ids']);
foreach($_POST['contact_ids'] as $contact_id) {
$contact_id = intval($contact_id);
@@ -382,7 +382,7 @@ if (isset($_POST['bulk_edit_contact_phone'])) {
logAction("Contact", "Edit", "$session_name set Phone Number to $phone for $contact_name", $client_id, $contact_id);
} // End Assign Location Loop
logAction("Contact", "Bulk Edit", "$session_name set the Phone Number $phone for $contact_count contacts", $client_id);
flash_alert("Phone Number set to <b>" . formatPhoneNumber($phone) . "</b> on $contact_count</b> contacts");
@@ -518,7 +518,7 @@ if (isset($_POST['bulk_assign_contact_tags'])) {
}
if (isset($_POST['send_bulk_mail_now'])) {
if (isset($_POST['contact_ids'])) {
$count = count($_POST['contact_ids']);
@@ -540,7 +540,7 @@ if (isset($_POST['send_bulk_mail_now'])) {
$client_id = intval($row['contact_client_id']);
// Queue Mail
$data[] = [
$data[] = [
'from' => $mail_from,
'from_name' => $mail_from_name,
'recipient' => $contact_email,
@@ -555,7 +555,7 @@ if (isset($_POST['send_bulk_mail_now'])) {
logAction("Bulk Mail", "Send", "$session_name sent $count messages via bulk mail");
flash_alert("<strong>$count</strong> messages queued");
}
redirect();
@@ -596,7 +596,7 @@ if (isset($_POST['bulk_archive_contacts'])) {
// Individual Contact logging
logAction("Contact", "Archive", "$session_name archived $contact_name", $client_id, $contact_id);
$count++;
}
@@ -782,7 +782,7 @@ if (isset($_GET['anonymize_contact'])) {
$ticket_reply_details = $ticket_reply['ticket_reply'];
$ticket_reply_details = str_ireplace($info_to_redact, "*****", $ticket_reply_details);
$ticket_reply_details = sanitizeInput($ticket_reply_details);
mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply = '$ticket_reply_details'
WHERE ticket_reply_id = $ticket_reply_id"
);
@@ -820,7 +820,7 @@ if (isset($_GET['archive_contact'])) {
}
mysqli_query($mysqli,"UPDATE contacts SET contact_important = 0, contact_billing = 0, contact_technical = 0, contact_archived_at = NOW() WHERE contact_id = $contact_id");
logAction("Contact", "Archive", "$session_name archived contact $contact_name", $client_id, $contact_id);
flash_alert("Contact <strong>$contact_name</strong> has been archived", 'error');
@@ -1150,7 +1150,7 @@ if (isset($_POST['export_contacts_csv'])) {
enforceUserPermission('module_client');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND contact_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
@@ -1293,9 +1293,9 @@ if (isset($_POST["import_contacts_csv"])) {
logAction("Contact", "Import", "$session_name imported $row_count contact(s) via CSV file", $client_id);
flash_alert("$row_count Contact(s) added, $duplicate_count duplicate(s) detected", 'warning');
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {

10
agent/post/credential.php
View File

@@ -180,7 +180,7 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
} // End Assign Loop
logAction("Credential", "Bulk Edit", "$session_name added tags to $count credentials", $client_id);
}
redirect();
@@ -226,7 +226,7 @@ if (isset($_POST['bulk_archive_credentials'])) {
if (isset($_POST['bulk_unarchive_credentials'])) {
validateCSRFToken($_POST['csrf_token']);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2);
@@ -304,7 +304,7 @@ if (isset($_POST['export_credentials_csv'])) {
enforceUserPermission('module_credential');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND credential_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
@@ -443,14 +443,14 @@ if (isset($_POST["import_credentials_csv"])) {
logAction("Credential", "Import", "$session_name imported $row_count credential(s) via CSV file. $duplicate_count duplicate(s) found and not imported", $client_id);
flash_alert("<strong>$row_count</strong> credential(s) imported, <strong>$duplicate_count</strong> duplicate(s) detected and not imported", 'warning');
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
redirect();
}
}
if (isset($_GET['download_credentials_csv_template'])) {

12
agent/post/domain.php
View File

@@ -212,11 +212,11 @@ if (isset($_GET['delete_domain'])) {
}
if (isset($_POST['bulk_archive_domains'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@@ -249,7 +249,7 @@ if (isset($_POST['bulk_archive_domains'])) {
}
if (isset($_POST['bulk_unarchive_domains'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
@@ -287,11 +287,11 @@ if (isset($_POST['bulk_unarchive_domains'])) {
}
if (isset($_POST['bulk_delete_domains'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@@ -327,7 +327,7 @@ if (isset($_POST['export_domains_csv'])) {
enforceUserPermission('module_support');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE domain_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');

6
agent/post/invoice.php
View File

@@ -638,13 +638,13 @@ if (isset($_POST['export_invoices_csv'])) {
enforceUserPermission('module_sales');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
$client_query = "1=1 AND invoice_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = '';
$client_query = '1=1 ';
$client_name = '';
$file_name_prepend = "$session_company_name-";
}

20
agent/post/location.php
View File

@@ -229,7 +229,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
logAction("Location", "Bulk Edit", "$session_name assigned tags to $count location(s)", $client_id);
flash_alert("Assigned tags for <strong>$count</strong> locations");
}
redirect();
@@ -237,7 +237,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
}
if (isset($_POST['bulk_archive_locations'])) {
enforceUserPermission('module_client', 2);
validateCSRFToken($_POST['csrf_token']);
@@ -262,7 +262,7 @@ if (isset($_POST['bulk_archive_locations'])) {
// Individual Contact logging
logAction("Location", "Archive", "$session_name archived location $location_name", $client_id, $location_id);
$count++;
}
@@ -279,10 +279,10 @@ if (isset($_POST['bulk_archive_locations'])) {
}
if (isset($_POST['bulk_unarchive_locations'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
enforceUserPermission('module_client', 2);
if (isset($_POST['location_ids'])) {
@@ -339,7 +339,7 @@ if (isset($_POST['bulk_delete_locations'])) {
$client_id = intval($row['location_client_id']);
mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
}
@@ -355,8 +355,8 @@ if (isset($_POST['bulk_delete_locations'])) {
}
if(isset($_POST['export_locations_csv'])){
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND location_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
@@ -494,14 +494,14 @@ if (isset($_POST["import_locations_csv"])) {
logAction("Location", "Import", "$session_name imported $row_count location(s). $duplicate_count duplicate(s) found and not imported", $client_id);
flash_alert("$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported");
redirect();
}
//Check for any errors, if there are notify user and redirect
if($error) {
redirect();
}
}
if(isset($_GET['download_locations_csv_template'])){

8
agent/post/network.php
View File

@@ -86,7 +86,7 @@ if (isset($_GET['unarchive_network'])) {
}
if (isset($_GET['delete_network'])) {
enforceUserPermission('module_support', 3);
$network_id = intval($_GET['delete_network']);
@@ -110,7 +110,7 @@ if (isset($_GET['delete_network'])) {
if (isset($_POST['bulk_delete_networks'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['network_ids'])) {
@@ -130,7 +130,7 @@ if (isset($_POST['bulk_delete_networks'])) {
$client_id = intval($row['network_client_id']);
mysqli_query($mysqli, "DELETE FROM networks WHERE network_id = $network_id AND network_client_id = $client_id");
logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
}
@@ -149,7 +149,7 @@ if (isset($_POST['export_networks_csv'])) {
enforceUserPermission('module_support', 2);
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND network_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');

34
agent/post/payment.php
View File

@@ -7,7 +7,7 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_payment'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -175,7 +175,7 @@ if (isset($_POST['add_payment'])) {
Apply Credit Not ready for use 2025-08-27 - JQ
if (isset($_POST['apply_credit'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -184,7 +184,7 @@ if (isset($_POST['apply_credit'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id WHERE invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$invoice_status = sanitizeInput($row['invoice_status']);
@@ -252,8 +252,8 @@ if (isset($_POST['apply_credit'])) {
// Update the invoice credit amount
mysqli_query($mysqli, "
UPDATE invoices
SET invoice_credit_amount = $total_credit_applied
UPDATE invoices
SET invoice_credit_amount = $total_credit_applied
WHERE invoice_id = $invoice_id
");
@@ -461,15 +461,15 @@ if (isset($_POST['add_payment_stripe'])) {
customAction('invoice_pay', $invoice_id);
flash_alert("Payment amount <strong>" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "</strong> added");
redirect();
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
flash_alert("Payment failed", 'error');
redirect();
}
@@ -646,15 +646,15 @@ if (isset($_GET['add_payment_stripe'])) {
customAction('invoice_pay', $invoice_id);
flash_alert("Payment amount <strong>" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "</strong> added");
redirect();
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
flash_alert("Payment failed", 'error');
redirect();
}
@@ -662,7 +662,7 @@ if (isset($_GET['add_payment_stripe'])) {
*/
if (isset($_POST['add_bulk_payment'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -749,7 +749,7 @@ if (isset($_POST['add_bulk_payment'])) {
// Get Client / Contact Info
$sql_client = mysqli_query($mysqli,"SELECT * FROM clients
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id
AND contact_primary = 1
WHERE client_id = $client_id"
);
@@ -794,7 +794,7 @@ if (isset($_POST['add_bulk_payment'])) {
}
if (isset($_GET['delete_payment'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -848,8 +848,8 @@ if (isset($_GET['delete_payment'])) {
}
if (isset($_POST['export_payments_csv'])) {
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
@@ -861,7 +861,7 @@ if (isset($_POST['export_payments_csv'])) {
}
$sql = mysqli_query($mysqli,"SELECT * FROM payments, invoices WHERE payment_invoice_id = invoice_id $client_query ORDER BY payment_date ASC");
$num_rows = mysqli_num_rows($sql);
if ($num_rows > 0) {

2
agent/post/quote.php
View File

@@ -555,7 +555,7 @@ if(isset($_POST['export_quotes_csv'])){
enforceUserPermission('module_sales');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE quote_client_id = $client_id";
// Get Client Name for logging

8
agent/post/software.php
View File

@@ -208,7 +208,7 @@ if (isset($_POST['export_software_csv'])) {
enforceUserPermission('module_support');
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE software_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
@@ -243,7 +243,7 @@ if (isset($_POST['export_software_csv'])) {
// Asset licenses
$assigned_to_assets = '';
$asset_licenses_sql = mysqli_query($mysqli,"SELECT software_assets.asset_id, assets.asset_name
$asset_licenses_sql = mysqli_query($mysqli,"SELECT software_assets.asset_id, assets.asset_name
FROM software_assets
LEFT JOIN assets
ON software_assets.asset_id = assets.asset_id
@@ -261,7 +261,7 @@ if (isset($_POST['export_software_csv'])) {
ON software_contacts.contact_id = contacts.contact_id
WHERE software_id = $row[software_id]"
);
while($contact_row = mysqli_fetch_array($contact_licenses_sql)) {
$assigned_to_contacts .= $contact_row['contact_name'] . ", ";
}
@@ -280,7 +280,7 @@ if (isset($_POST['export_software_csv'])) {
//output all remaining data on a file pointer
fpassthru($f);
}
logAction("Software", "Export", "$session_name exported $num_rows software(s) $software_name to a CSV file", $client_id);
exit;

2
agent/post/ticket.php
View File

@@ -2228,7 +2228,7 @@ if (isset($_POST['export_tickets_csv'])) {
enforceUserPermission('module_support', 2);
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE ticket_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');

10
agent/post/trip.php
View File

@@ -39,7 +39,7 @@ if (isset($_POST['edit_trip'])) {
}
if (isset($_GET['delete_trip'])) {
$trip_id = intval($_GET['delete_trip']);
// Get Trip Info and Client ID for logging
@@ -60,7 +60,7 @@ if (isset($_GET['delete_trip'])) {
if (isset($_POST['export_trips_csv'])) {
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND trip_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
@@ -70,7 +70,7 @@ if (isset($_POST['export_trips_csv'])) {
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$date_from = sanitizeInput($_POST['date_from']);
$date_to = sanitizeInput($_POST['date_to']);
if (!empty($date_from) && !empty($date_to)){
@@ -82,7 +82,7 @@ if (isset($_POST['export_trips_csv'])) {
}
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM trips
$sql = mysqli_query($mysqli,"SELECT * FROM trips
LEFT JOIN clients ON trip_client_id = client_id
WHERE $date_query
$client_query
@@ -119,7 +119,7 @@ if (isset($_POST['export_trips_csv'])) {
//output all remaining data on a file pointer
fpassthru($f);
logAction("Trip", "Export", "$session_name exported $count trip(s) to a CSV file");
}
exit;

28
agent/post/vendor.php
View File

@@ -85,7 +85,7 @@ if (isset($_POST['edit_vendor'])) {
}
if (isset($_GET['archive_vendor'])) {
$vendor_id = intval($_GET['archive_vendor']);
//Get Vendor Name
@@ -125,7 +125,7 @@ if(isset($_GET['unarchive_vendor'])){
}
if (isset($_GET['delete_vendor'])) {
$vendor_id = intval($_GET['delete_vendor']);
//Get Vendor Name
@@ -153,7 +153,7 @@ if (isset($_GET['delete_vendor'])) {
if (isset($_POST['bulk_archive_vendors'])) {
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['vendor_ids'])) {
@@ -190,7 +190,7 @@ if (isset($_POST['bulk_archive_vendors'])) {
if (isset($_POST['bulk_unarchive_vendors'])) {
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['vendor_ids'])) {
@@ -226,11 +226,11 @@ if (isset($_POST['bulk_unarchive_vendors'])) {
}
if (isset($_POST['bulk_delete_vendors'])) {
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['vendor_ids'])) {
// Get Selected Count
@@ -260,7 +260,7 @@ if (isset($_POST['bulk_delete_vendors'])) {
}
logAction("Vendor", "Bulk Delete", "$session_name deleted $count vendor(s)");
flash_alert("Deleted <strong>$count</strong> vendor(s)", 'error');
}
@@ -270,20 +270,20 @@ if (isset($_POST['bulk_delete_vendors'])) {
}
if (isset($_POST['export_vendors_csv'])) {
if (isset($_POST['client_id'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "AND vendor_client_id = $client_id";
$client_query = "WHERE vendor_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
} else {
$client_query = "AND vendor_client_id = 0";
$client_query = "WHERE vendor_client_id = 0";
$client_name = '';
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_template = 0 $client_query ORDER BY vendor_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM vendors $client_query ORDER BY vendor_name ASC");
$count = mysqli_num_rows($sql);
if ($count > 0) {
@@ -319,5 +319,5 @@ if (isset($_POST['export_vendors_csv'])) {
logAction("Vendor", "Export", "$session_name exported $count vendor(s) to a CSV file");
exit;
}