AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-02 20:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

More UI Work, santizeInput conv

Browse Source
This commit is contained in:
johnnyq
2023-02-21 01:29:04 -05:00
parent 95f190c89d
commit e300907e32
18 changed files with 158 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
categories.php
View File

@@ -3,13 +3,13 @@
require_once("inc_all_settings.php"); require_once("inc_all_settings.php");
if (isset($_GET['category'])) { if (isset($_GET['category'])) {
$category = strip_tags(mysqli_real_escape_string($mysqli, $_GET['category'])); $category = sanitizeInput($_GET['category']);
} else { } else {
$category = "Expense"; $category = "Expense";
} }
if (!empty($_GET['sb'])) { if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb'])); $sb = sanitizeInput($_GET['sb']);
} else { } else {
$sb = "category_name"; $sb = "category_name";
} }
@@ -48,9 +48,9 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-list"></i> <?php echo htmlentities($category); ?> Categories</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-list mr-2"></i><?php echo htmlentities($category); ?> Categories</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-fw fa-plus"></i> New</button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-plus mr-2"></i>New</button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
@@ -59,7 +59,7 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
<div class="row"> <div class="row">
<div class="col-sm-4 mb-2"> <div class="col-sm-4 mb-2">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Categories"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button> <button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div> </div>
@@ -89,14 +89,14 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
<?php <?php
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$category_id = $row['category_id']; $category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']); $category_name = htmlentities($row['category_name']);
$category_color = htmlentities($row['category_color']); $category_color = htmlentities($row['category_color']);
//$colors_used_array[] = $row['category_color']; //$colors_used_array[] = $row['category_color'];
?> ?>
<tr> <tr>
<td><a class="text-dark" href="#" data-toggle="modal" data-target="#editCategoryModal<?php echo $category_id; ?>"><?php echo "$category_name"; ?></a></td> <td><a class="text-dark" href="#" data-toggle="modal" data-target="#editCategoryModal<?php echo $category_id; ?>"><?php echo $category_name; ?></a></td>
<td><i class="fa fa-3x fa-circle" style="color:<?php echo $category_color; ?>;"></i></td> <td><i class="fa fa-3x fa-circle" style="color:<?php echo $category_color; ?>;"></i></td>
<td> <td>
<div class="dropdown dropleft text-center"> <div class="dropdown dropleft text-center">
@@ -104,9 +104,13 @@ $colors_diff = array_diff($colors_array, $colors_used_array);
<i class="fas fa-ellipsis-h"></i> <i class="fas fa-ellipsis-h"></i>
</button> </button>
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCategoryModal<?php echo $category_id; ?>">Edit</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCategoryModal<?php echo $category_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_category=<?php echo $category_id; ?>">Archive</a> <a class="dropdown-item text-danger" href="post.php?archive_category=<?php echo $category_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
</div> </div>
</div> </div>
</td> </td>

8
category_add_modal.php
View File

@@ -2,13 +2,13 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-list"></i> New <?php echo $category; ?> Category</h5> <h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>New <?php echo htmlentities($category); ?> Category</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="type" value="<?php echo $category; ?>"> <input type="hidden" name="type" value="<?php echo htmlentities($category); ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
@@ -38,8 +38,8 @@
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="add_category" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="submit" name="add_category" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

8
category_edit_modal.php
View File

@@ -2,14 +2,14 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-list"></i> Editing category: <strong><?php echo $category_name; ?></strong></h5> <h5 class="modal-title"><i class="fa fa-fw fa-list mr-2"></i>Editing category: <strong><?php echo $category_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="category_id" value="<?php echo $category_id; ?>"> <input type="hidden" name="category_id" value="<?php echo $category_id; ?>">
<input type="hidden" name="type" value="<?php echo $category; ?>"> <input type="hidden" name="type" value="<?php echo htmlentities($category); ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<div class="form-group"> <div class="form-group">
@@ -45,8 +45,8 @@
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="edit_category" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="submit" name="edit_category" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

16
client_asset_add_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-desktop"></i> New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags($_GET['type'])); }else{ echo "Asset"; } ?></h5> <h5 class="modal-title"><i class="fa fa-fw fa-desktop mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags($_GET['type'])); }else{ echo "Asset"; } ?></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -66,7 +66,7 @@
<?php //Do not display Make Model or Serial if Virtual is selected <?php //Do not display Make Model or Serial if Virtual is selected
if ($_GET['type'] !== 'virtual') { ?> if ($_GET['type'] !== 'virtual') { ?>
<div class="form-group"> <div class="form-group">
<label>Make </label> <label>Make</label>
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
@@ -124,7 +124,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$location_id = $row['location_id']; $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = htmlentities($row['location_name']);
?> ?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option> <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
@@ -147,7 +147,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = $row['contact_id']; $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = htmlentities($row['contact_name']);
?> ?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option> <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -186,7 +186,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$network_id = $row['network_id']; $network_id = intval($row['network_id']);
$network_name = htmlentities($row['network_name']); $network_name = htmlentities($row['network_name']);
$network = htmlentities($row['network']); $network = htmlentities($row['network']);
@@ -234,7 +234,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id']; $vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']); $vendor_name = htmlentities($row['vendor_name']);
?> ?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option> <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@@ -312,8 +312,8 @@
</div> </div>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="add_asset" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="submit" name="add_asset" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

14
client_asset_copy_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-<?php echo $device_icon; ?>"></i> Copying asset: <strong><?php echo $asset_name; ?></strong></h5> <h5 class="modal-title"><i class="fa fa-fw fa-<?php echo $device_icon; ?> mr-2"></i>Copying asset: <strong><?php echo $asset_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -121,7 +121,7 @@
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql_locations)) { while ($row = mysqli_fetch_array($sql_locations)) {
$location_id_select = $row['location_id']; $location_id_select = intval($row['location_id']);
$location_name_select = htmlentities($row['location_name']); $location_name_select = htmlentities($row['location_name']);
?> ?>
<option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option> <option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@@ -144,7 +144,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = $row['contact_id']; $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = htmlentities($row['contact_name']);
?> ?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option> <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -181,7 +181,7 @@
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC"); $sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql_networks)) { while ($row = mysqli_fetch_array($sql_networks)) {
$network_id_select = $row['network_id']; $network_id_select = intval($row['network_id']);
$network_name_select = htmlentities($row['network_name']); $network_name_select = htmlentities($row['network_name']);
$network_select = htmlentities($row['network']); $network_select = htmlentities($row['network']);
@@ -229,7 +229,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id AND vendor_template = 0 ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = $row['vendor_id']; $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@@ -308,8 +308,8 @@
</div> </div>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="add_asset" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Copy</button>
<button type="submit" name="add_asset" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Copy</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

6
client_asset_documents_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg"> <div class="modal-dialog modal-lg">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-<?php echo $device_icon; ?>"></i> <?php echo $asset_name; ?> Documents</h5> <h5 class="modal-title"><i class="fa fa-fw fa-<?php echo $device_icon; ?> mr-2"></i><?php echo $asset_name; ?> Documents</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -11,7 +11,7 @@
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<?php <?php
while ($row = mysqli_fetch_array($sql_related_documents)) { while ($row = mysqli_fetch_array($sql_related_documents)) {
$related_document_id = $row['document_id']; $related_document_id = intval($row['document_id']);
$related_document_name = htmlentities($row['document_name']); $related_document_name = htmlentities($row['document_name']);
?> ?>
<p> <p>
@@ -21,7 +21,7 @@
<?php } ?> <?php } ?>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</div> </div>

14
client_asset_edit_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-<?php echo $device_icon; ?>"></i> Editing asset: <strong><?php echo $asset_name; ?></strong></h5> <h5 class="modal-title"><i class="fa fa-fw fa-<?php echo $device_icon; ?> mr-2"></i>Editing asset: <strong><?php echo $asset_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -123,7 +123,7 @@
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql_locations)) { while ($row = mysqli_fetch_array($sql_locations)) {
$location_id_select = $row['location_id']; $location_id_select = intval($row['location_id']);
$location_name_select = htmlentities($row['location_name']); $location_name_select = htmlentities($row['location_name']);
?> ?>
<option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option> <option <?php if ($asset_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@@ -145,7 +145,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC"); $sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) { while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id_select = $row['contact_id']; $contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']); $contact_name_select = htmlentities($row['contact_name']);
?> ?>
<option <?php if ($asset_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"> <option <?php if ($asset_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>">
@@ -183,7 +183,7 @@
$sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC"); $sql_networks = mysqli_query($mysqli, "SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC");
while ($row = mysqli_fetch_array($sql_networks)) { while ($row = mysqli_fetch_array($sql_networks)) {
$network_id_select = $row['network_id']; $network_id_select = intval($row['network_id']);
$network_name_select = htmlentities($row['network_name']); $network_name_select = htmlentities($row['network_name']);
$network_select = htmlentities($row['network']); $network_select = htmlentities($row['network']);
@@ -231,7 +231,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); $sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) { while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = $row['vendor_id']; $vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']); $vendor_name_select = htmlentities($row['vendor_name']);
?> ?>
<option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option> <option <?php if ($asset_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@@ -310,8 +310,8 @@
</div> </div>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="edit_asset" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="submit" name="edit_asset" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

4
client_asset_import_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-desktop"></i> Import Assets</h5> <h5 class="modal-title"><i class="fa fa-fw fa-desktop mr-2"></i>Import Assets</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -19,7 +19,7 @@
<div>Download <a href="post.php?download_client_assets_csv_template=<?php echo $client_id; ?>">sample csv template</a></div> <div>Download <a href="post.php?download_client_assets_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="submit" name="import_client_assets_csv" class="btn btn-primary">Import</button> <button type="submit" name="import_client_assets_csv" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Import</button>
</div> </div>
</form> </form>
</div> </div>

10
client_asset_tickets_modal.php
View File

@@ -12,13 +12,13 @@
<?php <?php
// Query is run from client_assets.php // Query is run from client_assets.php
while ($row = mysqli_fetch_array($sql_tickets)) { while ($row = mysqli_fetch_array($sql_tickets)) {
$ticket_id = $row['ticket_id']; $ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']); $ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = htmlentities($row['ticket_number']); $ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']); $ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']); $ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = $row['ticket_created_at']; $ticket_created_at = htmlentities($row['ticket_created_at']);
$ticket_updated_at = $row['ticket_updated_at']; $ticket_updated_at = htmlentities($row['ticket_updated_at']);
?> ?>
<p> <p>
<i class="fas fa-fw fa-ticket-alt"></i> <i class="fas fa-fw fa-ticket-alt"></i>
@@ -27,7 +27,7 @@
<?php } ?> <?php } ?>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div> </div>
</div> </div>

70
client_assets.php
View File

@@ -4,34 +4,34 @@ require_once("inc_all_client.php");
//Get Asset Counts //Get Asset Counts
//All Asset Count //All Asset Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE asset_archived_at IS NULL AND asset_client_id = $client_id")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE asset_archived_at IS NULL AND asset_client_id = $client_id"));
$all_count = $row['count']; $all_count = intval($row['count']);
//Workstation Count //Workstation Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'laptop' OR asset_type = 'desktop') $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'laptop' OR asset_type = 'desktop')
AND asset_archived_at IS NULL AND asset_client_id = $client_id")); AND asset_archived_at IS NULL AND asset_client_id = $client_id"));
$workstation_count = $row['count']; $workstation_count = intval($row['count']);
//Server Count //Server Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'server') $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'server')
AND asset_archived_at IS NULL AND asset_client_id = $client_id")); AND asset_archived_at IS NULL AND asset_client_id = $client_id"));
$server_count = $row['count']; $server_count = intval($row['count']);
//Virtual Server Count //Virtual Server Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'virtual machine') $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'virtual machine')
AND asset_archived_at IS NULL AND asset_client_id = $client_id")); AND asset_archived_at IS NULL AND asset_client_id = $client_id"));
$virtual_count = $row['count']; $virtual_count = intval($row['count']);
//Network Device Count //Network Device Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'Firewall/Router' OR asset_type = 'switch' OR asset_type = 'access point') $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type = 'Firewall/Router' OR asset_type = 'switch' OR asset_type = 'access point')
AND asset_archived_at IS NULL AND asset_client_id = $client_id")); AND asset_archived_at IS NULL AND asset_client_id = $client_id"));
$network_count = $row['count']; $network_count = intval($row['count']);
//Other Count //Other Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type NOT LIKE 'laptop' AND asset_type NOT LIKE 'desktop' AND asset_type NOT LIKE 'server' AND asset_type NOT LIKE 'virtual machine' AND asset_type NOT LIKE 'firewall/router' AND asset_type NOT LIKE 'switch' AND asset_type NOT LIKE 'access point') $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(*) AS count FROM assets WHERE (asset_type NOT LIKE 'laptop' AND asset_type NOT LIKE 'desktop' AND asset_type NOT LIKE 'server' AND asset_type NOT LIKE 'virtual machine' AND asset_type NOT LIKE 'firewall/router' AND asset_type NOT LIKE 'switch' AND asset_type NOT LIKE 'access point')
AND asset_archived_at IS NULL AND asset_client_id = $client_id")); AND asset_archived_at IS NULL AND asset_client_id = $client_id"));
$other_count = $row['count']; $other_count = intval($row['count']);
if (!empty($_GET['sb'])) { if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb'])); $sb = sanitizeInput($_GET['sb']);
} else { } else {
$sb = "asset_name"; $sb = "asset_name";
} }
@@ -74,20 +74,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop"></i> Assets</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-fw fa-plus"></i> New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(htmlentities($_GET['type']))); } else { echo "Asset"; } ?></button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-plus mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(htmlentities($_GET['type']))); } else { echo "Asset"; } ?></button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="type" value="<?php echo strip_tags(htmlentities($_GET['type'])); ?>"> <input type="hidden" name="type" value="<?php echo stripslashes(htmlentities($_GET['type'])); ?>">
<div class="row"> <div class="row">
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(htmlentities($_GET['type']))); } else { echo "Asset"; } ?>s"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search <?php if (!empty($_GET['type'])) { echo ucwords(stripslashes(htmlentities($_GET['type']))); } else { echo "Asset"; } ?>s">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -160,7 +160,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php <?php
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$asset_id = $row['asset_id']; $asset_id = intval($row['asset_id']);
$asset_type = htmlentities($row['asset_type']); $asset_type = htmlentities($row['asset_type']);
$asset_name = htmlentities($row['asset_name']); $asset_name = htmlentities($row['asset_name']);
$asset_make = htmlentities($row['asset_make']); $asset_make = htmlentities($row['asset_make']);
@@ -185,34 +185,34 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} }
$asset_mac = htmlentities($row['asset_mac']); $asset_mac = htmlentities($row['asset_mac']);
$asset_status = htmlentities($row['asset_status']); $asset_status = htmlentities($row['asset_status']);
$asset_purchase_date = $row['asset_purchase_date']; $asset_purchase_date = htmlentities($row['asset_purchase_date']);
$asset_warranty_expire = $row['asset_warranty_expire']; $asset_warranty_expire = htmlentities($row['asset_warranty_expire']);
$asset_install_date = $row['asset_install_date']; $asset_install_date = htmlentities($row['asset_install_date']);
if (empty($asset_install_date)) { if (empty($asset_install_date)) {
$asset_install_date_display = "-"; $asset_install_date_display = "-";
} else { } else {
$asset_install_date_display = $asset_install_date; $asset_install_date_display = $asset_install_date;
} }
$asset_notes = htmlentities($row['asset_notes']); $asset_notes = htmlentities($row['asset_notes']);
$asset_created_at = $row['asset_created_at']; $asset_created_at = htmlentities($row['asset_created_at']);
$asset_vendor_id = $row['asset_vendor_id']; $asset_vendor_id = intval($row['asset_vendor_id']);
$asset_location_id = $row['asset_location_id']; $asset_location_id = intval($row['asset_location_id']);
$asset_contact_id = $row['asset_contact_id']; $asset_contact_id = intval($row['asset_contact_id']);
$asset_network_id = $row['asset_network_id']; $asset_network_id = intval($row['asset_network_id']);
$device_icon = getAssetIcon($asset_type); $device_icon = getAssetIcon($asset_type);
$contact_name = $row['contact_name']; $contact_name = htmlentities($row['contact_name']);
if (empty($contact_name)) { if (empty($contact_name)) {
$contact_name = "-"; $contact_name = "-";
} }
$location_name = $row['location_name']; $location_name = htmlentities($row['location_name']);
if (empty($location_name)) { if (empty($location_name)) {
$location_name = "-"; $location_name = "-";
} }
$login_id = $row['login_id']; $login_id = intval($row['login_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username'])); $login_username = htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = htmlentities(decryptLoginEntry($row['login_password']));
@@ -302,18 +302,30 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown"><i class="fas fa-ellipsis-h"></i></button> <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown"><i class="fas fa-ellipsis-h"></i></button>
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addAssetInterfaceModal<?php echo $asset_id; ?>">Interfaces</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#addAssetInterfaceModal<?php echo $asset_id; ?>">Interfaces</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAssetModal<?php echo $asset_id; ?>">Edit</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAssetModal<?php echo $asset_id; ?>">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#copyAssetModal<?php echo $asset_id; ?>">Copy</a> <i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#copyAssetModal<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<?php if ($document_count > 0) { ?> <?php if ($document_count > 0) { ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetDocumentsModal<?php echo $asset_id; ?>">Documents (<?php echo $document_count; ?>)</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetDocumentsModal<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-document mr-2"></i>Documents (<?php echo $document_count; ?>)
</a>
<?php } ?> <?php } ?>
<?php if ($ticket_count > 0) { ?> <?php if ($ticket_count > 0) { ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetTicketsModal<?php echo $asset_id; ?>">Tickets (<?php echo $ticket_count; ?>)</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetTicketsModal<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-life-ring mr-2"></i>Tickets (<?php echo $ticket_count; ?>)
</a>
<?php } ?> <?php } ?>
<?php if ($session_user_role == 3) { ?> <?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_asset=<?php echo $asset_id; ?>">Archive</a> <a class="dropdown-item text-danger" href="post.php?archive_asset=<?php echo $asset_id; ?>">
<a class="dropdown-item text-danger" href="post.php?delete_asset=<?php echo $asset_id; ?>">Delete</a> <i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_asset=<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete</a>
<?php } ?> <?php } ?>
</div> </div>
</div> </div>

6
client_certificate_add_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-lock"></i> New Certificate</h5> <h5 class="modal-title"><i class="fa fa-fw fa-lock mr-2"></i>New Certificate</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -75,7 +75,7 @@
<?php <?php
$domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'"); $domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while ($domain_row = mysqli_fetch_array($domains_sql)) { while ($domain_row = mysqli_fetch_array($domains_sql)) {
$domain_id = $domain_row['domain_id']; $domain_id = intval($domain_row['domain_id']);
$domain_name = htmlentities($domain_row['domain_name']); $domain_name = htmlentities($domain_row['domain_name']);
echo "<option value=\"$domain_id\">$domain_name</option>"; echo "<option value=\"$domain_id\">$domain_name</option>";
} }
@@ -86,8 +86,8 @@
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_certificate" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button> <button type="submit" name="add_certificate" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

6
client_certificate_edit_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-lock"></i> Editing certificate: <span class="text-bold" id="editHeader"></span></h5> <h5 class="modal-title"><i class="fa fa-fw fa-lock mr-2"></i>Editing certificate: <span class="text-bold" id="editHeader"></span></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -77,8 +77,8 @@
</div> </div>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="edit_certificate" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="submit" name="edit_certificate" class="btn btn-primary">Save</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

12
client_certificates.php
View File

@@ -2,7 +2,7 @@
require_once("inc_all_client.php"); require_once("inc_all_client.php");
if (!empty($_GET['sb'])) { if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb'])); $sb = sanitizeInput($_GET['sb']);
} else { } else {
$sb = "certificate_name"; $sb = "certificate_name";
} }
@@ -20,9 +20,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-lock"></i> Certificates</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-lock mr-2"></i>Certificates</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCertificateModal"><i class="fas fa-fw fa-plus"></i> New Certificate</button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCertificateModal"><i class="fas fa-plus mr-2"></i>New Certificate</button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
@@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Certificates"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Certificates">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8"> <div class="col-md-8">
<div class="float-right"> <div class="float-right">
<a href="post.php?export_client_certificates_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a> <a href="post.php?export_client_certificates_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-download mr-2"></i>Export</a>
</div> </div>
</div> </div>
@@ -63,7 +63,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php <?php
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$certificate_id = $row['certificate_id']; $certificate_id = intval($row['certificate_id']);
$certificate_name = htmlentities($row['certificate_name']); $certificate_name = htmlentities($row['certificate_name']);
$certificate_domain = htmlentities($row['certificate_domain']); $certificate_domain = htmlentities($row['certificate_domain']);
$certificate_issued_by = htmlentities($row['certificate_issued_by']); $certificate_issued_by = htmlentities($row['certificate_issued_by']);

16
client_contact_add_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-user-plus"></i> New Contact</h5> <h5 class="modal-title"><i class="fa fa-fw fa-user-plus mr-2"></i>New Contact</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -19,16 +19,16 @@
<ul class="nav nav-pills nav-justified mb-3"> <ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item"> <li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-details">Details</a> <a class="nav-link active" data-toggle="pill" href="#pills-details"><i class="fa fa-fw fa-user mr-2"></i>Details</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-photo">Photo</a> <a class="nav-link" data-toggle="pill" href="#pills-photo"><i class="fa fa-fw fa-image mr-2"></i>Photo</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-portal">Portal</a> <a class="nav-link" data-toggle="pill" href="#pills-portal"><i class="fa fa-fw fa-lock mr-2"></i>Portal</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-notes">Notes</a> <a class="nav-link" data-toggle="pill" href="#pills-notes"><i class="fa fa-fw fa-edit mr-2"></i>Notes</a>
</li> </li>
</ul> </ul>
@@ -122,7 +122,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$location_id = $row['location_id']; $location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']); $location_name = htmlentities($row['location_name']);
?> ?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option> <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
@@ -202,8 +202,8 @@
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="add_contact" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Create</button>
<button type="submit" name="add_contact" class="btn btn-primary text-bold"><i class="fas fa-check"></i> Create</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

16
client_contact_edit_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-user-edit"></i> Editing: <strong><?php echo $contact_name; ?></strong></h5> <h5 class="modal-title"><i class="fa fa-fw fa-user-edit mr-2"></i>Editing: <strong><?php echo $contact_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -21,16 +21,16 @@
<ul class="nav nav-pills nav-justified mb-3"> <ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item"> <li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-details<?php echo $contact_id; ?>">Details</a> <a class="nav-link active" data-toggle="pill" href="#pills-details<?php echo $contact_id; ?>"><i class="fa fa-fw fa-user mr-2"></i>Details</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-photo<?php echo $contact_id; ?>">Photo</a> <a class="nav-link" data-toggle="pill" href="#pills-photo<?php echo $contact_id; ?>"><i class="fa fa-fw fa-image mr-2"></i>Photo</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-portal<?php echo $contact_id; ?>">Portal</a> <a class="nav-link" data-toggle="pill" href="#pills-portal<?php echo $contact_id; ?>"><i class="fa fa-fw fa-lock mr-2"></i>Portal</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-notes<?php echo $contact_id; ?>">Notes</a> <a class="nav-link" data-toggle="pill" href="#pills-notes<?php echo $contact_id; ?>"><i class="fa fa-fw fa-edit mr-2"></i>Notes</a>
</li> </li>
</ul> </ul>
@@ -124,7 +124,7 @@
$sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC"); $sql_locations = mysqli_query($mysqli, "SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql_locations)) { while ($row = mysqli_fetch_array($sql_locations)) {
$location_id_select = $row['location_id']; $location_id_select = intval($row['location_id']);
$location_name_select = htmlentities($row['location_name']); $location_name_select = htmlentities($row['location_name']);
?> ?>
<option <?php if ($contact_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option> <option <?php if ($contact_location_id == $location_id_select) { echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@@ -236,8 +236,8 @@
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="edit_contact" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
<button type="submit" name="edit_contact" class="btn btn-primary"><i class="fas fa-check"></i> Save</button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>
</div> </div>

2
client_contact_import_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-users"></i> Import Contacts</h5> <h5 class="modal-title"><i class="fa fa-fw fa-users mr-2"></i>Import Contacts</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>

6
client_contact_invite_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fas fa-fw fa-user-plus"></i> Invite Contact</h5> <h5 class="modal-title"><i class="fas fa-fw fa-user-plus mr-2"></i>Invite Contact</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -73,8 +73,8 @@
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button> <button type="submit" name="invite_contact" class="btn btn-primary text-bold"><i class="fas fa-paper-plane mr-2"></i>Send Invite</button>
<button type="submit" name="invite_contact" class="btn btn-primary"><strong><i class="fas fa-paper-plane"></i> Send Invite</strong></button> <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div> </div>
</form> </form>

54
client_contacts.php
View File

@@ -3,7 +3,7 @@
require_once("inc_all_client.php"); require_once("inc_all_client.php");
if (isset($_GET['q'])) { if (isset($_GET['q'])) {
$q = strip_tags(mysqli_real_escape_string($mysqli, $_GET['q'])); $q = sanitizeInput($_GET['q']);
//Phone Numbers //Phone Numbers
$n = preg_replace("/[^0-9]/", '', $q); $n = preg_replace("/[^0-9]/", '', $q);
if (empty($n)) { if (empty($n)) {
@@ -16,7 +16,7 @@ if (isset($_GET['q'])) {
} }
if (!empty($_GET['sb'])) { if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb'])); $sb = sanitizeInput($_GET['sb']);
} else { } else {
$sb = "contact_name"; $sb = "contact_name";
} }
@@ -25,10 +25,12 @@ if (!empty($_GET['sb'])) {
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o))); $url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM contacts $sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM contacts
LEFT JOIN locations ON location_id = contact_location_id LEFT JOIN locations ON location_id = contact_location_id
WHERE contact_archived_at IS NULL WHERE contact_archived_at IS NULL
AND (contact_name LIKE '%$q%' OR contact_title LIKE '%$q%' OR location_name LIKE '%$q%' OR contact_email LIKE '%$q%' OR contact_department LIKE '%$q%' OR contact_phone LIKE '%$n%' OR contact_extension LIKE '%$q%' OR contact_mobile LIKE '%$n%') AND (contact_name LIKE '%$q%' OR contact_title LIKE '%$q%' OR location_name LIKE '%$q%' OR contact_email LIKE '%$q%' OR contact_department LIKE '%$q%' OR contact_phone LIKE '%$n%' OR contact_extension LIKE '%$q%' OR contact_mobile LIKE '%$n%')
AND contact_client_id = $client_id ORDER BY $sb $o LIMIT $record_from, $record_to"); AND contact_client_id = $client_id
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
@@ -36,11 +38,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Contacts</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-users mr-2"></i>Contacts</h3>
<div class="card-tools"> <div class="card-tools">
<div class="btn-group"> <div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addContactModal"> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addContactModal">
<i class="fas fa-fw fa-plus"></i> New Contact <i class="fas fa-plus mr-2"></i>New Contact
</button> </button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button> <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu"> <div class="dropdown-menu">
@@ -56,7 +58,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4"> <div class="col-md-4">
<div class="input-group mb-3 mb-md-0"> <div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Contacts"> <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Contacts">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div> </div>
@@ -65,8 +67,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8"> <div class="col-md-8">
<div class="float-right"> <div class="float-right">
<a href="post.php?export_client_contacts_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a> <a href="post.php?export_client_contacts_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#importContactModal"><i class="fa fa-fw fa-upload"></i> Import</button> <button type="button" class="btn btn-default" data-toggle="modal" data-target="#importContactModal"><i class="fa fa-fw fa-upload mr-2"></i>Import</button>
</div> </div>
</div> </div>
@@ -90,7 +92,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php <?php
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$contact_id = $row['contact_id']; $contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']); $contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']); $contact_title = htmlentities($row['contact_title']);
if (empty($contact_title)) { if (empty($contact_title)) {
@@ -98,7 +100,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else { } else {
$contact_title_display = "<small class='text-secondary'>$contact_title</small>"; $contact_title_display = "<small class='text-secondary'>$contact_title</small>";
} }
$contact_department =htmlentities($row['contact_department']); $contact_department = htmlentities($row['contact_department']);
if (empty($contact_department)) { if (empty($contact_department)) {
$contact_department_display = "-"; $contact_department_display = "-";
} else { } else {
@@ -129,13 +131,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$contact_important = intval($row['contact_important']); $contact_important = intval($row['contact_important']);
$contact_billing = intval($row['contact_billing']); $contact_billing = intval($row['contact_billing']);
$contact_technical = intval($row['contact_technical']); $contact_technical = intval($row['contact_technical']);
$contact_created_at = $row['contact_created_at']; $contact_created_at = htmlentities($row['contact_created_at']);
if ($contact_id == $primary_contact) { if ($contact_id == $primary_contact) {
$primary_contact_display = "<small class='text-success'>Primary Contact</small>"; $primary_contact_display = "<small class='text-success'>Primary Contact</small>";
} else { } else {
$primary_contact_display = false; $primary_contact_display = false;
} }
$contact_location_id = $row['contact_location_id']; $contact_location_id = intval($row['contact_location_id']);
$location_name = htmlentities($row['location_name']); $location_name = htmlentities($row['location_name']);
if (empty($location_name)) { if (empty($location_name)) {
$location_name_display = "-"; $location_name_display = "-";
@@ -171,9 +173,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php } else { ?> <?php } else { ?>
<span class="fa-stack fa-2x"> <span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $contact_initials; ?></span> <span class="fa fa-stack-1x text-white"><?php echo $contact_initials; ?></span>
</span> </span>
<br> <br>
@@ -195,13 +197,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i> <i class="fas fa-ellipsis-h"></i>
</button> </button>
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item" href="client_contact_details.php?client_id=<?php echo $client_id; ?>&contact_id=<?php echo $contact_id; ?>">View Details</a> <a class="dropdown-item" href="client_contact_details.php?client_id=<?php echo $client_id; ?>&contact_id=<?php echo $contact_id; ?>">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editContactModal<?php echo $contact_id; ?>">Edit</a> <i class="fas fa-fw fa-eye-open mr-2"></i>View Details
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editContactModal<?php echo $contact_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3 && $contact_id !== $primary_contact) { ?> <?php if ($session_user_role == 3 && $contact_id !== $primary_contact) { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_contact=<?php echo $contact_id; ?>">Archive</a> <a class="dropdown-item text-danger" href="post.php?archive_contact=<?php echo $contact_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_contact=<?php echo $contact_id; ?>">Delete</a> <a class="dropdown-item text-danger text-bold" href="post.php?delete_contact=<?php echo $contact_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?> <?php } ?>
</div> </div>
</div> </div>