AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More work on moving to the redirect, flash_alert and get_field_by_id and maing sure validate_csrf is on top and some other cleanups, along with more work on credits

This commit is contained in:
johnnyq 2025-08-04 17:01:19 -04:00
parent b4e5e3fda7
commit e39072d3bc
23 changed files with 465 additions and 720 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
user/modals/client_credit_add.php
View File

@ -21,6 +21,21 @@
</div>
</div>
<div class="form-group">
<label>Type<strong class="text-danger ml-2">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-th-list"></i></span>
</div>
<select class="form-control select2" name="type" required>
<option value="0">- Select Credit Type -</option>
<option value="manual">Manual</option>
<option value="prepaid">Prepaid</option>
<option value="promotion">Promotion</option>
</select>
</div>
</div>
<div class="form-group">
<label>Amount<strong class="text-danger ml-2">*</strong></label>
<div class="input-group">
@ -32,12 +47,12 @@
</div>
<div class="form-group">
<label>Reference<strong class="text-danger ml-2">*</strong></label>
<label>Note<strong class="text-danger ml-2">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-file-alt"></i></span>
</div>
<input type="text" class="form-control" name="reference" placeholder="Enter a reference" maxlength="250">
<input type="text" class="form-control" name="note" placeholder="Enter a note" maxlength="250">
</div>
</div>
@ -45,7 +60,7 @@
<input type="hidden" name="client" value="<?php echo $client_id; ?>">
<?php } else { ?>
<div class="form-group col-md">
<div class="form-group">
<label>Client</label>
<div class="input-group">
<div class="input-group-prepend">

2
user/post/contact.php
View File

@ -421,7 +421,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
logAction("Contact", "Bulk Edit", "$session_name set the department $department for $contact_count contacts", $client_id);
flash_alert("You set the Department to <strong>$department</strong> for <strong>$contact_count</strong> contacts";
flash_alert("You set the Department to <strong>$department</strong> for <strong>$contact_count</strong> contacts");
}
redirect();

69
user/post/credential.php
View File

@ -24,10 +24,9 @@ if (isset($_POST['add_credential'])) {
}
}
// Logging
logAction("Credential", "Create", "$session_name created credential $name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Credential <strong>$name</strong> created";
flash_alert("Credential <strong>$name</strong> created");
redirect();
@ -64,10 +63,9 @@ if (isset($_POST['edit_credential'])) {
}
}
// Logging
logAction("Credential", "Edit", "$session_name edited credential $name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Credential <strong>$name</strong> edited";
flash_alert("Credential <strong>$name</strong> edited");
redirect();
@ -87,12 +85,9 @@ if(isset($_GET['archive_credential'])){
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
//logging
logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> archived";
flash_alert("Credential <strong>$credential_name</strong> archived", 'error');
redirect();
@ -112,12 +107,12 @@ if(isset($_GET['unarchive_credential'])){
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
//Logging
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> restored";
flash_alert("Credential <strong>$credential_name</strong> restored");
redirect();
}
if (isset($_GET['delete_credential'])) {
@ -134,11 +129,9 @@ if (isset($_GET['delete_credential'])) {
mysqli_query($mysqli,"DELETE FROM credentials WHERE credential_id = $credential_id");
// Logging
logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> deleted";
flash_alert("Credential <strong>$credential_name</strong> deleted", 'error');
redirect();
@ -180,15 +173,14 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
}
}
// Logging
logAction("Credential", "Edit", "$session_name added tags to $credential_name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Assigned tags for <strong>$count</strong> credentials";
flash_alert("Assigned tags for <strong>$count</strong> credentials");
} // End Assign Loop
// Logging
logAction("Credential", "Bulk Edit", "$session_name added tags to $count credentials", $client_id);
}
redirect();
@ -197,9 +189,10 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
if (isset($_POST['bulk_archive_credentials'])) {
enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2);
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
@ -218,26 +211,24 @@ if (isset($_POST['bulk_archive_credentials'])) {
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
// Individual Contact logging
logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
}
// Bulk Logging
logAction("Credential", "Bulk Archive", "$session_name archived $count credentials", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Archived <strong>$count</strong> credential(s)";
flash_alert("Archived <strong>$count</strong> credential(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_unarchive_credentials'])) {
enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2);
if (isset($_POST['credential_ids'])) {
@ -257,27 +248,26 @@ if (isset($_POST['bulk_unarchive_credentials'])) {
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
// Individual logging
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
}
// Bulk Logging
logAction("Credential", "Bulk Unarchive", "$session_name unarchived $count credential(s)", $client_id);
$_SESSION['alert_message'] = "Unarchived <strong>$count</strong> credential(s)";
flash_alert("Unarchived <strong>$count</strong> credential(s)");
}
redirect();
}
if (isset($_POST['bulk_delete_credentials'])) {
enforceUserPermission('module_credential', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 3);
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
@ -296,20 +286,18 @@ if (isset($_POST['bulk_delete_credentials'])) {
mysqli_query($mysqli, "DELETE FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id");
// Logging
logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
}
// Bulk Logging
logAction("Credential", "Bulk Delete", "$session_name deleted $count credential(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> credential(s)";
flash_alert("Deleted <strong>$count</strong> credential(s)", 'error');
}
redirect();
}
if (isset($_POST['export_credentials_csv'])) {
@ -360,7 +348,6 @@ if (isset($_POST['export_credentials_csv'])) {
fpassthru($f);
}
// Logging
logAction("Credential", "Export", "$session_name exported $num_rows credential(s) to a CSV file", $client_id);
exit;
@ -377,10 +364,8 @@ if (isset($_POST["import_credentials_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
$_SESSION['alert_message'] = "Please select a file to upload.";
$_SESSION['alert_type'] = "error";
flash_alert("Please select a file to upload.", 'error');
redirect();
exit();
}
//Check file is CSV
@ -388,13 +373,13 @@ if (isset($_POST["import_credentials_csv"])) {
$allowed_file_extensions = array('csv');
if (in_array($file_extension,$allowed_file_extensions) === false){
$error = true;
$_SESSION['alert_message'] = "Bad file extension";
flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif ($_FILES["file"]["size"] < 1){
$error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@ -402,7 +387,7 @@ if (isset($_POST["import_credentials_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if (!$error & count($f_columns) != 5) {
$error = true;
$_SESSION['alert_message'] = "Bad column count.";
flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@ -443,17 +428,17 @@ if (isset($_POST["import_credentials_csv"])) {
}
fclose($file);
// Logging
logAction("Credential", "Import", "$session_name imported $row_count credential(s) via CSV file. $duplicate_count duplicate(s) found and not imported", $client_id);
$_SESSION['alert_message'] = "$row_count credential(s) imported, $duplicate_count duplicate(s) detected and not imported";
flash_alert("<strong>$row_count</strong> credential(s) imported, <strong>$duplicate_count</strong> duplicate(s) detected and not imported", 'warning');
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
$_SESSION['alert_type'] = "warning";
redirect();
}
}
if (isset($_GET['download_credentials_csv_template'])) {

10
user/post/credit.php
View File

@ -9,21 +9,23 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_credit'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_sales', 2);
$client_id = intval($_POST['client']);
$amount = floatval($_POST['amount']);
$type = sanitizeInput($_POST['type']);
$expire = sanitizeInput($_POST['expire']);
$reference = sanitizeInput($_POST['reference']);
$note = sanitizeInput($_POST['note']);
mysqli_query($mysqli,"INSERT INTO credits SET credit_amount = $amount, credit_reference = '$reference', credit_created_by = $session_user_id, credit_client_id = $client_id");
mysqli_query($mysqli,"INSERT INTO credits SET credit_amount = $amount, credit_type = '$type', credit_note = '$note', credit_created_by = $session_user_id, credit_client_id = $client_id");
$credit_id = mysqli_insert_id($mysqli);
// Logging
logAction("Credit", "Create", "$session_name added " . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "", $client_id, $credit_id);
$_SESSION['alert_message'] = "" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . " Credit Added ";
flash_alert(numfmt_format_currency($currency_format, $amount, $session_company_currency) . " Credit Added");
redirect();
}

129
user/post/document.php
View File

@ -28,10 +28,9 @@ if (isset($_POST['add_document'])) {
mysqli_query($mysqli,"INSERT INTO asset_documents SET asset_id = $asset_id, document_id = $document_id");
}
// Logging
logAction("Document", "Create", "$session_name created document $name", $client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$name</strong> created";
flash_alert("Document <strong>$name</strong> created");
redirect();
@ -63,12 +62,11 @@ if (isset($_POST['add_document_from_template'])) {
$document_id = mysqli_insert_id($mysqli);
// Logging
logAction("Document", "Create", "$session_name created document $name from template $document_template_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> created from template";
flash_alert("Document <strong>$document_name</strong> created from template");
header("Location: client_document_details.php?client_id=$client_id&document_id=$document_id");
redirect("client_document_details.php?client_id=$client_id&document_id=$document_id");
}
@ -114,12 +112,11 @@ if (isset($_POST['edit_document'])) {
// Update Document
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = $session_user_id WHERE document_id = $document_id");
//Logging
logAction("Document", "Edit", "$session_name edited document $name, previous version kept", $client_id, $document_version_id);
$_SESSION['alert_message'] = "Document <strong>$name</strong> edited, previous version kept";
flash_alert("Document <strong>$name</strong> edited, previous version kept");
header("Location: client_document_details.php?client_id=$client_id&document_id=$document_id");
redirect("client_document_details.php?client_id=$client_id&document_id=$document_id");
}
if (isset($_POST['move_document'])) {
@ -143,10 +140,9 @@ if (isset($_POST['move_document'])) {
// Document edit query
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
//Logging
logAction("Document", "Move", "$session_name moved document $document_name to folder $folder_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> moved to folder <strong>$folder_name</strong>";
flash_alert("Document <strong>$document_name</strong> moved to folder <strong>$folder_name</strong>");
redirect();
@ -168,11 +164,10 @@ if (isset($_POST['rename_document'])) {
// Document edit query
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name' WHERE document_id = $document_id");
//Logging
logAction("Document", "Edit", "$session_name renamed document $old_document_name to $name", $client_id, $document_id);
$_SESSION['alert_message'] = "You renamed Document from <strong>$old_document_name</strong> to <strong>$name</strong>";
flash_alert("You renamed Document from <strong>$old_document_name</strong> to <strong>$name</strong>");
redirect();
@ -199,21 +194,18 @@ if (isset($_POST['bulk_move_document'])) {
foreach($_POST['document_ids'] as $document_id) {
$document_id = intval($document_id);
// Get document name for logging
$sql = mysqli_query($mysqli,"SELECT document_name FROM documents WHERE document_id = $document_id");
$row = mysqli_fetch_array($sql);
$document_name = sanitizeInput($row['document_name']);
$document_name = sanitizeInput(getFieldById('documents', $document_id, 'document_name'));
// Document move query
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
//Logging
logAction("Document", "Move", "$session_name moved document $document_name to folder $folder_name", $client_id, $document_id);
}
logAction("Document", "Bulk Move", "$session_name moved $count document(s) to folder $folder_name", $client_id);
}
$_SESSION['alert_message'] = "You moved <strong>$count</strong> document(s) to the folder <strong>$folder_name</strong>";
flash_alert("You moved <strong>$count</strong> document(s) to the folder <strong>$folder_name</strong>");
redirect();
@ -233,17 +225,14 @@ if (isset($_POST['link_file_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get File Name for logging
$sql_file = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$file_name = sanitizeInput($row['file_name']);
$file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
// Document add query
mysqli_query($mysqli,"INSERT INTO document_files SET file_id = $file_id, document_id = $document_id");
// Logging
logAction("Document", "Link", "$session_name linked file $file_name to document $document_name", $client_id, $document_id);
$_SESSION['alert_message'] = "File <strong>$file_name</strong> linked with Document <strong>$document_name</strong>";
flash_alert("File <strong>$file_name</strong> linked with Document <strong>$document_name</strong>");
redirect();
@ -263,17 +252,13 @@ if (isset($_GET['unlink_file_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get File Name for logging
$sql_file = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql_file);
$file_name = sanitizeInput($row['file_name']);
$file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
mysqli_query($mysqli,"DELETE FROM document_files WHERE file_id = $file_id AND document_id = $document_id");
//Logging
logAction("Document", "Unlink", "$session_name unlinked file $file_name from document $document_name", $client_id, $document_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "File <strong>$file_name</strong> unlinked from Document <strong>$document_name</strong>";
flash_alert("File <strong>$file_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
redirect();
@ -293,17 +278,14 @@ if (isset($_POST['link_vendor_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Vendor Name for logging
$sql_vendor = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql_vendor);
$vendor_name = sanitizeInput($row['vendor_name']);
$vendor_name = sanitizeInput(getFieldById('vendors', $vendor_id, 'vendor_name'));
// Document add query
mysqli_query($mysqli,"INSERT INTO vendor_documents SET vendor_id = $vendor_id, document_id = $document_id");
// Logging
logAction("Document", "Link", "$session_name linked vendor $vendor_name to document $document_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> linked with Document <strong>$document_name</strong>";
flash_alert("Vendor <strong>$vendor_name</strong> linked with Document <strong>$document_name</strong>");
redirect();
@ -323,17 +305,13 @@ if (isset($_GET['unlink_vendor_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Vendor Name for logging
$sql_vendor = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $vendor_id");
$row = mysqli_fetch_array($sql_vendor);
$vendor_name = sanitizeInput($row['vendor_name']);
$vendor_name = sanitizeInput(getFieldById('vendors', $vendor_id, 'vendor_name'));
mysqli_query($mysqli,"DELETE FROM vendor_documents WHERE vendor_id = $vendor_id AND document_id = $document_id");
//Logging
logAction("Document", "Unlink", "$session_name unlinked vendor $vendor_name from document $document_name", $client_id, $document_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> unlinked from Document <strong>$document_name</strong>";
flash_alert("Vendor <strong>$vendor_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
redirect();
@ -354,17 +332,14 @@ if (isset($_POST['link_contact_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Contact Name for logging
$sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql_contact);
$contact_name = sanitizeInput($row['contact_name']);
$contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO contact_documents SET contact_id = $contact_id, document_id = $document_id");
// Logging
logAction("Document", "Link", "$session_name linked contact $contact_name to document $document_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> linked with Document <strong>$document_name</strong>";
flash_alert("Contact <strong>$contact_name</strong> linked with Document <strong>$document_name</strong>");
redirect();
@ -384,17 +359,13 @@ if (isset($_GET['unlink_contact_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Contact Name for logging
$sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql_contact);
$contact_name = sanitizeInput($row['contact_name']);
$contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"DELETE FROM contact_documents WHERE contact_id = $contact_id AND document_id = $document_id");
//Logging
logAction("Document", "Unlink", "$session_name unlinked contact $contact_name from document $document_name", $client_id, $document_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> unlinked from Document <strong>$document_name</strong>";
flash_alert("Contact <strong>$contact_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
redirect();
@ -414,17 +385,13 @@ if (isset($_POST['link_asset_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Asset Name for logging
$sql_asset = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql_asset);
$asset_name = sanitizeInput($row['asset_name']);
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO asset_documents SET asset_id = $asset_id, document_id = $document_id");
// Logging
logAction("Document", "Link", "$session_name linked asset $asset_name to document $document_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> linked with Document <strong>$document_name</strong>";
flash_alert("Asset <strong>$asset_name</strong> linked with Document <strong>$document_name</strong>");
redirect();
@ -444,17 +411,13 @@ if (isset($_GET['unlink_asset_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Asset Name for logging
$sql_asset = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql_asset);
$asset_name = sanitizeInput($row['asset_name']);
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
mysqli_query($mysqli,"DELETE FROM asset_documents WHERE asset_id = $asset_id AND document_id = $document_id");
// Logging
logAction("Document", "Unlink", "$session_name unlinked asset $asset_name from document $document_name", $client_id, $document_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> unlinked from Document <strong>$document_name</strong>";
flash_alert("Asset <strong>$asset_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
redirect();
@ -474,17 +437,14 @@ if (isset($_POST['link_software_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Software Name for logging
$sql_software = mysqli_query($mysqli,"SELECT software_name FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql_software);
$software_name = sanitizeInput($row['software_name']);
$software_name = sanitizeInput(getFieldById('software', $software_id, 'software_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO software_documents SET software_id = $software_id, document_id = $document_id");
// Logging
logAction("Document", "Link", "$session_name linked software $software_name to document $document_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Software <strong>$software_name</strong> linked with Document <strong>$document_name</strong>";
flash_alert("Software <strong>$software_name</strong> linked with Document <strong>$document_name</strong>");
redirect();
@ -504,17 +464,13 @@ if (isset($_GET['unlink_software_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Software Name for logging
$sql_software = mysqli_query($mysqli,"SELECT software_name FROM software WHERE software_id = $software_id");
$row = mysqli_fetch_array($sql_software);
$software_name = sanitizeInput($row['software_name']);
$software_name = sanitizeInput(getFieldById('software', $software_id, 'software_name'));
mysqli_query($mysqli,"DELETE FROM software_documents WHERE software_id = $software_id AND document_id = $document_id");
// Logging
logAction("Document", "Unlink", "$session_name unlinked software $software_name from document $document_name", $client_id, $document_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Software <strong>$software_name</strong> unlinked from Document <strong>$document_name</strong>";
flash_alert("Software <strong>$software_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
redirect();
@ -541,10 +497,9 @@ if (isset($_POST['toggle_document_visibility'])) {
mysqli_query($mysqli,"UPDATE documents SET document_client_visible = $document_visible WHERE document_id = $document_id");
//Logging
logAction("Document", "Edit", "$session_name changed document $document_name visibilty to $visable_wording in the client portal", $client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> changed to <strong>$visable_wording</strong> in the client portal";
flash_alert("Document <strong>$document_name</strong> changed to <strong>$visable_wording</strong> in the client portal");
redirect();
@ -588,7 +543,7 @@ if (isset($_GET['export_document'])) {
// Logging
logAction("Document", "Export", "$session_name exported document $document_name", $client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> exported";
flash_alert("Document <strong>$document_name</strong> exported");
redirect();
@ -627,11 +582,9 @@ if (isset($_GET['archive_document'])) {
// Service Associations
mysqli_query($mysqli,"DELETE FROM service_documents WHERE document_id = $document_id");
// Logging
logAction("Document", "Archive", "$session_name archived document $document_name", $client_id, $document_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> archived";
flash_alert("Document <strong>$document_name</strong> archived", 'error');
redirect();
@ -651,11 +604,9 @@ if (isset($_GET['delete_document_version'])) {
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_id = $document_version_id");
//Logging
logAction("Document Version", "Delete", "$session_name deleted document version $document_version_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Document $document_version_name version deleted";
flash_alert("Document $document_version_name version deleted", 'error');
redirect();
@ -678,11 +629,9 @@ if (isset($_GET['delete_document'])) {
// Delete all versions associated with the master document
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
//Logging
logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> deleted and all versions";
flash_alert("Document <strong>$document_name</strong> deleted and all versions", 'error');
redirect();
@ -690,9 +639,9 @@ if (isset($_GET['delete_document'])) {
if (isset($_POST['bulk_delete_documents'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['document_ids'])) {
@ -713,16 +662,14 @@ if (isset($_POST['bulk_delete_documents'])) {
// Delete all versions associated with the master document
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
//Logging
logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
}
//Logging
logAction("Document", "Bulk Delete", "$session_name deleted $count document(s) and all versions", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> Documents and associated document versions";
flash_alert("Deleted <strong>$count</strong> Documents and associated document versions", 'error');
}
redirect();

51
user/post/domain.php
View File

@ -52,10 +52,9 @@ if (isset($_POST['add_domain'])) {
$extended_log_description = ', with associated SSL cert';
}
// Logging
logAction("Domain", "Create", "$session_name created domain $name$extended_log_description", $client_id, $domain_id);
$_SESSION['alert_message'] = "Domain <strong>$name</strong> created";
flash_alert("Domain <strong>$name</strong> created");
redirect();
@ -138,10 +137,9 @@ if (isset($_POST['edit_domain'])) {
}
}
// Logging
logAction("Domain", "Edit", "$session_name edited domain $name", $client_id, $domain_id);
$_SESSION['alert_message'] = "Domain <strong>$name</strong> edited";
flash_alert("Domain <strong>$name</strong> edited");
redirect();
@ -161,13 +159,12 @@ if (isset($_GET['archive_domain'])) {
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
// Logging
logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Domain <strong>$domain_name archived";
flash_alert("Domain <strong>$domain_name archived", 'error');
redirect();
}
if(isset($_GET['unarchive_domain'])){
@ -184,12 +181,12 @@ if(isset($_GET['unarchive_domain'])){
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
// Logging
logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
$_SESSION['alert_message'] = "Domain <strong>$domain_name</strong> restored";
flash_alert("Domain <strong>$domain_name</strong> restored");
redirect();
}
if (isset($_GET['delete_domain'])) {
@ -206,20 +203,20 @@ if (isset($_GET['delete_domain'])) {
mysqli_query($mysqli,"DELETE FROM domains WHERE domain_id = $domain_id");
// Logging
logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Domain <strong>$domain_name</strong> deleted";
flash_alert("Domain <strong>$domain_name</strong> deleted", 'error');
redirect();
}
if (isset($_POST['bulk_archive_domains'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@ -238,25 +235,25 @@ if (isset($_POST['bulk_archive_domains'])) {
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
// Individual Contact logging
logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
}
// Bulk Logging
logAction("Domain", "Bulk Archive", "$session_name archived $count domain(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Archived <strong>$count</strong> domain(s)";
flash_alert("Archived <strong>$count</strong> domain(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_unarchive_domains'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@ -275,25 +272,26 @@ if (isset($_POST['bulk_unarchive_domains'])) {
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
// Individual logging
logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
}
// Bulk Logging
logAction("Domain", "Bulk Unarchive", "$session_name unarchived $count domain(s)", $client_id);
$_SESSION['alert_message'] = "Unarchived <strong>$count</strong> domain(s)";
flash_alert("Unarchived <strong>$count</strong> domain(s)");
}
redirect();
}
if (isset($_POST['bulk_delete_domains'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@ -311,20 +309,18 @@ if (isset($_POST['bulk_delete_domains'])) {
$client_id = intval($row['domain_client_id']);
mysqli_query($mysqli, "DELETE FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id");
// Logging
logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
}
// Logging
logAction("Domain", "Bulk Delete", "$session_name deleted $count domain(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> domain(s)";
flash_alert("Deleted <strong>$count</strong> domain(s)", 'error');
}
redirect();
}
if (isset($_POST['export_domains_csv'])) {
@ -371,7 +367,6 @@ if (isset($_POST['export_domains_csv'])) {
fpassthru($f);
}
// Logging
logAction("Domain", "Export", "$session_name exported $num_rows domain(s)", $client_id);
exit;

24
user/post/event.php
View File

@ -15,10 +15,9 @@ if (isset($_POST['add_calendar'])) {
$calendar_id = mysqli_insert_id($mysqli);
// Logging
logAction("Calendar", "Create", "$session_name created calendar $name", 0, $calendar_id);
$_SESSION['alert_message'] = "Calendar <strong>$name</strong> created";
flash_alert("Calendar <strong>$name</strong> created");
redirect();
@ -32,10 +31,9 @@ if (isset($_POST['edit_calendar'])) {
mysqli_query($mysqli,"UPDATE calendars SET calendar_name = '$name', calendar_color = '$color' WHERE calendar_id = $calendar_id");
// Logging
logAction("Calendar", "Edit", "$session_name edited calendar $name", 0, $calendar_id);
$_SESSION['alert_message'] = "Calendar <strong>$name</strong> edited";
flash_alert("Calendar <strong>$name</strong> edited");
redirect();
@ -45,15 +43,12 @@ if (isset($_POST['add_event'])) {
require_once 'event_model.php';
mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
$event_id = mysqli_insert_id($mysqli);
//Get Calendar Name
$sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE calendar_id = $calendar_id");
$row = mysqli_fetch_array($sql);
$calendar_name = sanitizeInput($row['calendar_name']);
// Get Calendar Name
$calendar_name = sanitizeInput(getFieldById('calendars', $calendar_id, 'calendar_name'));
//If email is checked
if ($email_event == 1) {
@ -106,10 +101,9 @@ if (isset($_POST['add_event'])) {
} // End mail IF
// Logging
logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client, $event_id);
$_SESSION['alert_message'] = "Event <strong>$title</strong> created in calendar <strong>$calendar_name</strong>";
flash_alert("Event <strong>$title</strong> created in calendar <strong>$calendar_name</strong>");
redirect();
@ -174,16 +168,16 @@ if (isset($_POST['edit_event'])) {
} // End mail IF
//Logging
logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client, $event_id);
$_SESSION['alert_message'] = "Calendar event titled <strong>$title</strong> edited";
flash_alert("Calendar event titled <strong>$title</strong> edited");
redirect();
}
if (isset($_GET['delete_event'])) {
$event_id = intval($_GET['delete_event']);
// Get Event Title
@ -194,11 +188,9 @@ if (isset($_GET['delete_event'])) {
mysqli_query($mysqli,"DELETE FROM calendar_events WHERE event_id = $event_id");
// Logging
logAction("Calendar Event", "Delete", "$session_name deleted calendar event $event_title", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Calendar event titled <strong>$event_title</strong> deleted";
flash_alert("Calendar event titled <strong>$event_title</strong> deleted", 'error');
redirect();

70
user/post/expense.php
View File

@ -33,10 +33,9 @@ if (isset($_POST['add_expense'])) {
}
}
//Logging
logAction("Expense", "Create", "$session_name created expense $description", $client, $expense_id);
$_SESSION['alert_message'] = "Expense added" . $extended_alert_description;
flash_alert("Expense added" . $extended_alert_description);
redirect();
@ -46,13 +45,10 @@ if (isset($_POST['edit_expense'])) {
require_once 'expense_model.php';
$expense_id = intval($_POST['expense_id']);
// Get old receipt
$sql = mysqli_query($mysqli,"SELECT expense_receipt FROM expenses WHERE expense_id = $expense_id");
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['expense_receipt']);
$existing_file_name = sanitizeInput(getFieldById('expenses', $expense_id, 'expense_receipt'));
// Check for and process attachment
$extended_alert_description = '';
@ -76,16 +72,16 @@ if (isset($_POST['edit_expense'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id");
// Logging
logAction("Expense", "Edit", "$session_name edited expense $description", $client, $expense_id);
$_SESSION['alert_message'] = "Expense modified" . $extended_alert_description;
flash_alert("Expense modified" . $extended_alert_description);
redirect();
}
if (isset($_GET['delete_expense'])) {
$expense_id = intval($_GET['delete_expense']);
$sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id");
@ -98,10 +94,9 @@ if (isset($_GET['delete_expense'])) {
mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id");
// Logging
logAction("Expense", "Delete", "$session_name deleted expense $expense_description", $client_id);
$_SESSION['alert_message'] = "Expense deleted";
flash_alert("Expense deleted", 'error');
redirect();
@ -112,9 +107,7 @@ if (isset($_POST['bulk_edit_expense_category'])) {
$category_id = intval($_POST['bulk_category_id']);
// Get Category name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
$row = mysqli_fetch_array($sql);
$category_name = sanitizeInput($row['category_name']);
$category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Assign category to Selected Expenses
if (isset($_POST['expense_ids'])) {
@ -133,18 +126,17 @@ if (isset($_POST['bulk_edit_expense_category'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_category_id = $category_id WHERE expense_id = $expense_id");
// Logging
logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to category $category_name", $client_id, $expense_id);
} // End Assign Loop
// Logging
logAction("Expense", "Bulk Edit", "$session_name assigned $count expenses to category $category_name");
$_SESSION['alert_message'] = "You assigned expense category <strong>$category_name</strong> to <strong>$count</strong> expense(s)";
flash_alert("You assigned expense category <strong>$category_name</strong> to <strong>$count</strong> expense(s)");
}
redirect();
}
if (isset($_POST['bulk_edit_expense_account'])) {
@ -152,9 +144,7 @@ if (isset($_POST['bulk_edit_expense_account'])) {
$account_id = intval($_POST['bulk_account_id']);
// Get Account name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT account_name FROM accounts WHERE account_id = $account_id");
$row = mysqli_fetch_array($sql);
$account_name = sanitizeInput($row['account_name']);
$account_name = sanitizeInput(getFieldById('accounts', $account_id, 'account_name'));
// Assign account to Selected Expenses
if (isset($_POST['expense_ids'])) {
@ -173,18 +163,17 @@ if (isset($_POST['bulk_edit_expense_account'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_account_id = $account_id WHERE expense_id = $expense_id");
// Logging
logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to account $account_name", $client_id, $expense_id);
} // End Assign Loop
// Logging
logAction("Expense", "Bulk Edit", "$session_name assigned $count expense(s) to account $account_name");
$_SESSION['alert_message'] = "You assigned account <strong>$account_name</strong> to <strong>$count</strong> expense(s)";
flash_alert("You assigned account <strong>$account_name</strong> to <strong>$count</strong> expense(s)");
}
redirect();
}
if (isset($_POST['bulk_edit_expense_client'])) {
@ -192,9 +181,7 @@ if (isset($_POST['bulk_edit_expense_client'])) {
$client_id = intval($_POST['bulk_client_id']);
// Get Client name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = sanitizeInput($row['client_name']);
$client_name = sanitizeInput(getFieldById('clients', $client_id, 'client_name'));
// Assign Client to Selected Expenses
if (isset($_POST['expense_ids'])) {
@ -206,27 +193,27 @@ if (isset($_POST['bulk_edit_expense_client'])) {
$expense_id = intval($expense_id);
// Get Expense Details for Logging
$sql = mysqli_query($mysqli,"SELECT expense_description FROM expenses WHERE expense_id = $expense_id");
$row = mysqli_fetch_array($sql);
$expense_description = sanitizeInput($row['expense_description']);
$expense_description = sanitizeInput(getFieldById('expenses', $expense_id, 'expense_description'));
mysqli_query($mysqli,"UPDATE expenses SET expense_client_id = $client_id WHERE expense_id = $expense_id");
// Logging
logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to client $client_name", $client_id, $expense_id);
} // End Assign Loop
$_SESSION['alert_message'] = "You assigned Client <b>$client_name</b> to <b>$expense_count</b> expenses";
flash_alert("You assigned Client <b>$client_name</b> to <b>$expense_count</b> expenses");
}
redirect();
}
if (isset($_POST['bulk_delete_expenses'])) {
validateAdminRole();
validateCSRFToken($_POST['csrf_token']);
validateAdminRole();
if (isset($_POST['expense_ids'])) {
// Get Selected Count
@ -246,24 +233,23 @@ if (isset($_POST['bulk_delete_expenses'])) {
unlink("../uploads/expenses/$expense_receipt");
mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id");
// Logging
logAction("Expense", "Delete", "$session_name deleted expense $expense_descrition", $client_id);
}
// Logging
logAction("Expense", "Bulk Delete", "$session_name deleted $count expense(s)");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> expense(s)";
flash_alert("Deleted <strong>$count</strong> expense(s)", 'error');
}
redirect();
}
if (isset($_POST['export_expenses_csv'])) {
$date_from = sanitizeInput($_POST['date_from']);
$date_to = sanitizeInput($_POST['date_to']);
$account = intval($_POST['account']);
@ -343,10 +329,10 @@ if (isset($_POST['export_expenses_csv'])) {
fpassthru($f);
}
// Logging
logAction("Expense", "Export", "$session_name exported $num_rows expense(s) to CSV file");
exit;
}
if (isset($_POST['create_recurring_expense'])) {
@ -372,10 +358,9 @@ if (isset($_POST['create_recurring_expense'])) {
$recurring_expense_id = mysqli_insert_id($mysqli);
// Logging
logAction("Recurring Expense", "Create", "$session_name created recurring expense $description", $client_id, $recurring_expense_id);
$_SESSION['alert_message'] = "Recurring Expense created";
flash_alert("Recurring Expense created");
redirect();
@ -403,10 +388,9 @@ if (isset($_POST['edit_recurring_expense'])) {
mysqli_query($mysqli,"UPDATE recurring_expenses SET recurring_expense_frequency = $frequency, recurring_expense_day = $day, recurring_expense_month = $month, recurring_expense_next_date = '$start_date', recurring_expense_description = '$description', recurring_expense_reference = '$reference', recurring_expense_amount = $amount, recurring_expense_currency_code = '$session_company_currency', recurring_expense_vendor_id = $vendor, recurring_expense_client_id = $client_id, recurring_expense_category_id = $category, recurring_expense_account_id = $account WHERE recurring_expense_id = $recurring_expense_id");
//Logging
logAction("Recurring Expense", "Edit", "$session_name edited recurring expense $description", $client_id, $recurring_expense_id);
$_SESSION['alert_message'] = "Recurring Expense edited";
flash_alert("Recurring Expense edited");
redirect();
@ -423,11 +407,9 @@ if (isset($_GET['delete_recurring_expense'])) {
mysqli_query($mysqli,"DELETE FROM recurring_expenses WHERE recurring_expense_id = $recurring_expense_id");
// Logging
logAction("Recurring Expense", "Delete", "$session_name deleted recurring expense $recurring_expense_description", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Recurring Expense deleted";
flash_alert("Recurring Expense deleted", 'error');
redirect();

65
user/post/file.php
View File

@ -60,8 +60,7 @@ if (isset($_POST['upload_files'])) {
$dest_path = $upload_file_dir . $file_reference_name;
if (!move_uploaded_file($file_tmp_path, $dest_path)) {
$_SESSION['alert_type'] = 'error';
$_SESSION['alert_message'] = 'Error moving file to upload directory. Please ensure the directory is writable.';
flash_alert('Error moving file to upload directory. Please ensure the directory is writable.', 'error');
continue; // Skip processing this file
}
@ -189,15 +188,14 @@ if (isset($_POST['upload_files'])) {
mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
}
// Log upload action
logAction("File", "Upload", "$session_name uploaded file $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Uploaded file <strong>$file_name</strong>";
flash_alert("Uploaded file <strong>$file_name</strong>");
}
}
// Redirect after processing
redirect();
exit;
}
@ -218,10 +216,9 @@ if (isset($_POST['rename_file'])) {
// file edit query
mysqli_query($mysqli,"UPDATE files SET file_name = '$file_name' ,file_description = '$file_description' WHERE file_id = $file_id");
// Logging
logAction("File", "Rename", "$session_name renamed file $old_file_name to $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Renamed file <strong>$old_file_name</strong> to <strong>$file_name</strong>";
flash_alert("Renamed file <strong>$old_file_name</strong> to <strong>$file_name</strong>");
redirect();
@ -241,16 +238,13 @@ if (isset($_POST['move_file'])) {
$client_id = intval($row['file_client_id']);
// Get Folder Name for Logging
$sql = mysqli_query($mysqli,"SELECT folder_name FROM folders WHERE folder_id = $folder_id");
$row = mysqli_fetch_array($sql);
$folder_name = sanitizeInput($row['folder_name']);
$folder_name = sanitizeInput(getFieldById('folders', $folder_id, 'folder_name'));
mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
// Logging
logAction("File", "Move", "$session_name moved file $file_name to $folder_name", $client_id, $file_id);
$_SESSION['alert_message'] = "File <strong>$file_name</strong> moved to <strong>$folder_name</strong>";
flash_alert("File <strong>$file_name</strong> moved to <strong>$folder_name</strong>");
redirect();
@ -270,11 +264,9 @@ if (isset($_GET['archive_file'])) {
mysqli_query($mysqli,"UPDATE files SET file_archived_at = NOW() WHERE file_id = $file_id");
//logging
logAction("File", "Archive", "$session_name archived file $file_name", $client_id, $file_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "File <strong>$file_name</strong> archived";
flash_alert("File <strong>$file_name</strong> archived", 'error');
redirect();
@ -282,9 +274,10 @@ if (isset($_GET['archive_file'])) {
if (isset($_POST['delete_file'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
$file_id = intval($_POST['file_id']);
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
@ -306,11 +299,9 @@ if (isset($_POST['delete_file'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
//Logging
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "File <strong>$file_name</strong> deleted";
flash_alert("File <strong>$file_name</strong> deleted", 'alert');
redirect();
@ -318,9 +309,10 @@ if (isset($_POST['delete_file'])) {
if (isset($_POST['bulk_delete_files'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
// Delete file loop
if (isset($_POST['file_ids'])) {
@ -350,15 +342,12 @@ if (isset($_POST['bulk_delete_files'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
// Log each invidual file deletion
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
}
// Log the bulk delete action
logAction("File", "Bulk Delete", "$session_name deleted $file_count file(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You deleted <strong>$file_count</strong> files";
flash_alert("You deleted <strong>$file_count</strong> files", 'error');
}
redirect();
@ -367,9 +356,10 @@ if (isset($_POST['bulk_delete_files'])) {
if (isset($_POST['bulk_move_files'])) {
enforceUserPermission('module_support', 2);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$folder_id = intval($_POST['bulk_folder_id']);
// Get folder name for logging and Notification
@ -386,22 +376,19 @@ if (isset($_POST['bulk_move_files'])) {
// Move Documents to Folder Loop
foreach($_POST['file_ids'] as $file_id) {
$file_id = intval($file_id);
// Get file name for logging
$sql = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
$row = mysqli_fetch_array($sql);
$file_name = sanitizeInput($row['file_name']);
$file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
// file move query
mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
// Logging
logAction("File", "Move", "$session_name moved file $file_name to folder $folder_name", $client_id, $file_id);
}
//Logging
logAction("File", "Bulk Move", "$session_name moved $file_count file(s) to folder $folder_name", $client_id);
$_SESSION['alert_message'] = "Moved <strong>$file_count</strong> files to the folder <strong>$folder_name</strong>";
flash_alert("Moved <strong>$file_count</strong> files to the folder <strong>$folder_name</strong>");
}
redirect();
@ -422,17 +409,14 @@ if (isset($_POST['link_asset_to_file'])) {
$client_id = intval($row['file_client_id']);
// Get Asset Name for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$asset_name = sanitizeInput($row['asset_name']);
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
// Logging
logAction("File", "Link", "$session_name linked asset $asset_name to file $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> linked to File <strong>$file_name</strong>";
flash_alert("Asset <strong>$asset_name</strong> linked to File <strong>$file_name</strong>");
redirect();
@ -452,16 +436,13 @@ if (isset($_GET['unlink_asset_from_file'])) {
$client_id = intval($row['file_client_id']);
// Get Asset Name for Logging
$sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$asset_name = sanitizeInput($row['asset_name']);
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
mysqli_query($mysqli,"DELETE FROM asset_files WHERE asset_id = $asset_id AND file_id = $file_id");
//Logging
logAction("File", "Link", "$session_name unlinked asset $asset_name from file $file_name", $client_id, $file_id);
$_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> unlinked from File <strong>$file_name</strong>";
flash_alert("Asset <strong>$asset_name</strong> unlinked from File <strong>$file_name</strong>");
redirect();

10
user/post/folder.php
View File

@ -19,10 +19,9 @@ if (isset($_POST['create_folder'])) {
$add_folder = mysqli_query($mysqli,"INSERT INTO folders SET folder_name = '$folder_name', parent_folder = $parent_folder, folder_location = $folder_location, folder_client_id = $client_id");
$folder_id = mysqli_insert_id($mysqli);
// Logging
logAction("Folder", "Create", "$session_name created folder $folder_name", $client_id, $folder_id);
$_SESSION['alert_message'] = "Folder <strong>$folder_name</strong> created";
flash_alert("Folder <strong>$folder_name</strong> created");
redirect();
@ -44,10 +43,9 @@ if (isset($_POST['rename_folder'])) {
// Folder edit query
mysqli_query($mysqli,"UPDATE folders SET folder_name = '$folder_name' WHERE folder_id = $folder_id");
//Logging
logAction("Folder", "Rename", "$session_name renamed folder $old_folder_name to $folder_name", $client_id, $folder_id);
$_SESSION['alert_message'] = "Folder <strong>$old_folder_name</strong> renamed to <strong>$folder_name</strong>";
flash_alert("Folder <strong>$old_folder_name</strong> renamed to <strong>$folder_name</strong>");
redirect();
@ -75,11 +73,9 @@ if (isset($_GET['delete_folder'])) {
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = 0 WHERE document_id = $document_id");
}
//Logging
logAction("Folder", "Delete", "$session_name deleted folder $folder_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Folder <strong>$folder_name</strong> deleted";
flash_alert("Folder <strong>$folder_name</strong> deleted", 'error');
redirect();

204
user/post/invoice.php
View File

@ -12,10 +12,8 @@ if (isset($_POST['add_invoice'])) {
$client_id = intval($_POST['client']);
//Get Net Terms
$sql = mysqli_query($mysqli,"SELECT client_net_terms FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_net_terms = intval($row['client_net_terms']);
// Get Net Terms
$client_net_terms = intval(getFieldById('clients', $client_id, 'client_net_terms'));
//Get the last Invoice Number and add 1 for the new invoice number
$invoice_number = $config_invoice_next_number;
@ -31,14 +29,14 @@ if (isset($_POST['add_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created', history_invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Create", "$session_name created Invoice $config_invoice_prefix$invoice_number - $scope", $client_id, $invoice_id);
customAction('invoice_create', $invoice_id);
$_SESSION['alert_message'] = "Invoice <strong>$config_invoice_prefix$invoice_number</strong> created";
flash_alert("Invoice <strong>$config_invoice_prefix$invoice_number</strong> created");
redirect("invoice.php?invoice_id=$invoice_id");
header("Location: invoice.php?invoice_id=$invoice_id");
}
if (isset($_POST['edit_invoice'])) {
@ -67,10 +65,9 @@ if (isset($_POST['edit_invoice'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_scope = '$scope', invoice_date = '$date', invoice_due = '$due', invoice_category_id = $category, invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount' WHERE invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Edit", "$session_name edited Invoice $invoice_prefix$invoice_number - $scope", $client_id, $invoice_id);
$_SESSION['alert_message'] = "Invoice <strong>$invoice_prefix$invoice_number</strong> edited";
flash_alert("Invoice <strong>$invoice_prefix$invoice_number</strong> edited");
redirect();
@ -127,14 +124,13 @@ if (isset($_POST['add_invoice_copy'])) {
mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_invoice_id = $new_invoice_id");
}
//Logging
logAction("Invoice", "Create", "$session_name created new Invoice $config_invoice_prefix$new_invoice_number from $old_invoice_prefix$old_invoice_prefix", $client_id, $new_invoice_id);
customAction('invoice_create', $new_invoice_id);
$_SESSION['alert_message'] = "Created new Invoice <strong>$config_invoice_prefix$new_invoice_number</strong> from <strong>$old_invoice_prefix$old_invoice_prefix</strong>";
flash_alert("Created new Invoice <strong>$config_invoice_prefix$new_invoice_number</strong> from <strong>$old_invoice_prefix$old_invoice_prefix</strong>");
header("Location: invoice.php?invoice_id=$new_invoice_id");
redirect("invoice.php?invoice_id=$new_invoice_id");
}
@ -182,12 +178,11 @@ if (isset($_POST['add_invoice_recurring'])) {
mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_recurring_invoice_id = $recurring_invoice_id");
}
// Logging
logAction("Recurring Invoice", "Create", "$session_name created recurring Invoice from Invoice $invoice_prefix$invoice_number", $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Created recurring Invoice from Invoice <strong>$invoice_prefix$invoice_number</strong>";
flash_alert("Created recurring Invoice from Invoice <strong>$invoice_prefix$invoice_number</strong>");
header("Location: recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
redirect("recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
}
@ -210,12 +205,11 @@ if (isset($_POST['add_recurring_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Active', history_description = 'Recurring Invoice created', history_recurring_invoice_id = $recurring_invoice_id");
//Logging
logAction("Recurring Invoice", "Create", "$session_name created recurring invoice $config_recurring_invoice_prefix$recurring_invoice_number - $scope", $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Recurring Invoice <strong>$config_recurring_invoice_prefix$recurring_invoice_number</strong> created";
flash_alert("Recurring Invoice <strong>$config_recurring_invoice_prefix$recurring_invoice_number</strong> created");
header("Location: recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
redirect("recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
}
@ -249,16 +243,16 @@ if (isset($_POST['edit_recurring_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$status', history_description = 'Recurring Invoice edited', history_recurring_invoice_id = $recurring_invoice_id");
// Logging
logAction("Recurring Invoice", "Edit", "$session_name edited recurring invoice $recurring_invoice_prefix$recurring_invoice_number - $scope", $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> edited";
flash_alert("Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> edited");
redirect();
}
if (isset($_GET['delete_recurring_invoice'])) {
$recurring_invoice_id = intval($_GET['delete_recurring_invoice']);
// Get Recurring Invoice Details and Client ID for Logging
@ -285,11 +279,9 @@ if (isset($_GET['delete_recurring_invoice'])) {
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
// Logging
logAction("Recurring Invoice", "Delete", "$session_name deleted recurring invoice $recurring_invoice_prefix$recurring_invoice_number - $recurring_invoice_scope", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> deleted";
flash_alert("Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> deleted", 'error');
redirect();
@ -339,10 +331,9 @@ if (isset($_POST['add_recurring_invoice_item'])) {
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
// Logging
logAction("Recurring Invoice", "Edit", "$session_name added item $name to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Item <srrong>$name</strong> added to Recurring Invoice";
flash_alert("Item <srrong>$name</strong> added to Recurring Invoice");
redirect();
@ -362,16 +353,16 @@ if (isset($_POST['recurring_invoice_note'])) {
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_note = '$note' WHERE recurring_invoice_id = $recurring_invoice_id");
// Logging
logAction("Recurring Invoice", "Edit", "$session_name added note to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Notes added";
flash_alert("Notes added");
redirect();
}
if (isset($_GET['delete_recurring_invoice_item'])) {
$item_id = intval($_GET['delete_recurring_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
@ -394,11 +385,9 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
// Logging
logAction("Recurring Invoice", "Edit", "$session_name removed item $item_name from recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Item <strong>$item_name</strong> removed";
flash_alert("Item <strong>$item_name</strong> removed", 'error');
redirect();
@ -419,14 +408,14 @@ if (isset($_GET['mark_invoice_sent'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice marked sent', history_invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Edit", "$session_name marked invoice $invoice_prefix$invoice_number sent", $client_id, $invoice_id);
$_SESSION['alert_message'] = "Invoice marked sent";
flash_alert("Invoice marked sent");
redirect();
}
if (isset($_GET['mark_invoice_non-billable'])) {
$invoice_id = intval($_GET['mark_invoice_non-billable']);
@ -442,10 +431,9 @@ if (isset($_GET['mark_invoice_non-billable'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Non-Billable', history_description = 'INVOICE marked Non-Billable', history_invoice_id = $invoice_id");
//Logging
logAction("Invoice", "Edit", "$session_name marked invoice $invoice_prefix$invoice_number Non-Billable", $client_id, $invoice_id);
$_SESSION['alert_message'] = "Invoice marked Non-Billable";
flash_alert("Invoice marked Non-Billable");
redirect();
@ -466,17 +454,16 @@ if (isset($_GET['cancel_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Cancelled', history_description = 'Invoice cancelled', history_invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Edit", "$session_name cancelled invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invoice <strong>$invoice_prefix$invoice_number</strong> cancelled";
flash_alert("Invoice <strong>$invoice_prefix$invoice_number</strong> cancelled", 'error');
redirect();
}
if (isset($_GET['delete_invoice'])) {
$invoice_id = intval($_GET['delete_invoice']);
// Get Invoice Number and Prefix and Client ID for Logging
@ -512,17 +499,16 @@ if (isset($_GET['delete_invoice'])) {
//unlink tickets from invoice
mysqli_query($mysqli,"UPDATE tickets SET ticket_invoice_id = 0 WHERE ticket_invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Delete", "$session_name deleted invoice $invoice_prefix$invoice_number", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invoice <strong>$invoice_prefix$invoice_number</strong> deleted";
flash_alert("Invoice <strong>$invoice_prefix$invoice_number</strong> deleted", 'error');
redirect();
}
if (isset($_POST['add_invoice_item'])) {
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
@ -567,16 +553,16 @@ if (isset($_POST['add_invoice_item'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Edit", "$session_name added item $name to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
$_SESSION['alert_message'] = "Item <strong>$name</strong> added to invoice";
flash_alert("Item <strong>$name</strong> added to invoice");
redirect();
}
if (isset($_POST['invoice_note'])) {
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
@ -593,13 +579,14 @@ if (isset($_POST['invoice_note'])) {
logAction("Invoice", "Edit", "$session_name added note to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
$_SESSION['alert_message'] = "Notes added";
flash_alert("Notes added");
redirect();
}
if (isset($_POST['edit_item'])) {
enforceUserPermission('module_sales', 2);
$item_id = intval($_POST['item_id']);
@ -647,7 +634,6 @@ if (isset($_POST['edit_item'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Edit", "$session_name edited item $name on invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
} elseif ($quote_id > 0) {
@ -666,7 +652,6 @@ if (isset($_POST['edit_item'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
// Logging
logAction("Quote", "Edit", "$session_name edited item $name on quote $quote_prefix$quote_number", $client_id, $quote_id);
} else {
@ -690,13 +675,14 @@ if (isset($_POST['edit_item'])) {
}
$_SESSION['alert_message'] = "Item <strong>$name</strong> updated";
flash_alert("Item <strong>$name</strong> updated");
redirect();
}
if (isset($_GET['delete_invoice_item'])) {
enforceUserPermission('module_sales', 2);
$item_id = intval($_GET['delete_invoice_item']);
@ -721,17 +707,16 @@ if (isset($_GET['delete_invoice_item'])) {
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
// Logging
logAction("Invoice", "Delete", "$session_name removed item $item_name from invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Item <strong>$item_name</strong> removed from invoice";
flash_alert("Item <strong>$item_name</strong> removed from invoice", 'error');
redirect();
}
if (isset($_POST['add_payment'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@ -747,7 +732,7 @@ if (isset($_POST['add_payment'])) {
//Check to see if amount entered is greater than the balance of the invoice
if ($amount > $balance) {
$_SESSION['alert_message'] = "Payment is more than the balance";
flash_alert("Payment can not be more than the balance", 'error');
redirect();
} else {
mysqli_query($mysqli,"INSERT INTO payments SET payment_date = '$date', payment_amount = $amount, payment_currency_code = '$currency_code', payment_account_id = $account, payment_method = '$payment_method', payment_reference = '$reference', payment_invoice_id = $invoice_id");
@ -883,15 +868,16 @@ if (isset($_POST['add_payment'])) {
//Add Payment to History
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$invoice_status', history_description = 'Payment added', history_invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Payment", "Payment amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " added to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
customAction('invoice_pay', $invoice_id);
$_SESSION['alert_message'] .= "Payment amount <strong>" . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "</strong> added";
flash_alert("Payment amount <strong>" . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "</strong> added");
redirect();
}
}
if (isset($_POST['apply_credit'])) {
@ -913,7 +899,7 @@ if (isset($_POST['apply_credit'])) {
//Check to see if amount entered is greater than the balance of the invoice
if ($amount > $invoice_balance) {
$_SESSION['alert_message'] = "Credit is more than the balance";
flash_alert("Credit can not be more than the balance", 'alert');
redirect();
}
@ -957,16 +943,18 @@ if (isset($_POST['apply_credit'])) {
customAction('invoice_pay', $invoice_id);
$_SESSION['alert_message'] .= "Credit amount <strong>" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "</strong> applied";
flash_alert("Credit amount <strong>" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "</strong> applied");
redirect();
}
if (isset($_GET['add_payment_stripe'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
validateCSRFToken($_GET['csrf_token']);
$invoice_id = intval($_GET['invoice_id']);
@ -1016,20 +1004,14 @@ if (isset($_GET['add_payment_stripe'])) {
// Sanity checks
if (!$config_stripe_enable || !$stripe_id || !$stripe_pm) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Stripe not enabled or no client card saved";
flash_alert("Stripe not enabled or no client card saved", 'error');
redirect();
exit();
} elseif ($invoice_status !== 'Sent' && $invoice_status !== 'Viewed') {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invalid invoice state (draft/partial/paid/not billable)";
flash_alert("Invalid invoice state (draft/partial/paid/not billable)", 'error');
redirect();
exit();
} elseif ($invoice_amount == 0) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Invalid invoice amount";
flash_alert("Invalid invoice amount", 'error');
redirect();
exit();
}
// Initialize Stripe
@ -1136,21 +1118,23 @@ if (isset($_GET['add_payment_stripe'])) {
logAction("Invoice", "Payment", "$session_name initiated Stripe payment amount of " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " added to invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc", $client_id, $invoice_id);
customAction('invoice_pay', $invoice_id);
$_SESSION['alert_message'] .= "Payment amount <strong>" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "</strong> added";
flash_alert("Payment amount <strong>" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "</strong> added");
redirect();
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Payment failed";
flash_alert("Payment failed", 'error');
redirect();
exit();
}
}
if (isset($_POST['add_bulk_payment'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@ -1167,10 +1151,8 @@ if (isset($_POST['add_bulk_payment'])) {
// Check if bulk_payment_amount exceeds total_account_balance
if ($bulk_payment_amount > $total_account_balance) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Payment exceeds Client Balance.";
flash_alert("Payment exceeds Client Balance.", 'error');
redirect();
exit;
}
// Get Invoices
@ -1271,20 +1253,20 @@ if (isset($_POST['add_bulk_payment'])) {
// Email Logging
logAction("Payment", "Email", "Bulk Payment receipt for multiple Invoices queued to $contact_email Email ID: $email_id", $client_id);
$_SESSION['alert_message'] .= "Email receipt queued and ";
$alert_message .= "Email receipt queued and ";
} // End Email
// Logging
logAction("Invoice", "Payment", "Bulk Payment amount of " . numfmt_format_currency($currency_format, $bulk_payment_amount_static, $currency_code) . " applied to multiple invoices", $client_id);
$_SESSION['alert_message'] .= "Bulk Payment added";
flash_alert("$alert_message Bulk Payment added");
// Redirect Back
redirect();
}
if (isset($_GET['delete_payment'])) {
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@ -1326,13 +1308,11 @@ if (isset($_GET['delete_payment'])) {
mysqli_query($mysqli,"DELETE FROM payments WHERE payment_id = $payment_id");
// Logging
logAction("Invoice", "Edit", "$session_name deleted Payment on Invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Payment deleted";
flash_alert("Payment deleted", 'error');
if ($config_stripe_enable) {
$_SESSION['alert_message'] = "Payment deleted - Stripe payments must be manually refunded in Stripe";
flash_alert("Payment deleted - Stripe payments must be manually refunded in Stripe", 'error');
}
redirect();
@ -1340,6 +1320,7 @@ if (isset($_GET['delete_payment'])) {
}
if (isset($_GET['email_invoice'])) {
$invoice_id = intval($_GET['email_invoice']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices
@ -1416,7 +1397,8 @@ if (isset($_GET['email_invoice'])) {
// Get Email ID for reference
$email_id = mysqli_insert_id($mysqli);
$_SESSION['alert_message'] = "Invoice sent to mail queue! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>";
flash_alert("Invoice sent to mail queue! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id");
// Don't change the status to sent if the status is anything but draft
@ -1424,7 +1406,6 @@ if (isset($_GET['email_invoice'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Sent' WHERE invoice_id = $invoice_id");
}
// Logging
logAction("Invoice", "Email", "$session_name Emailed $contact_email Invoice $invoice_prefix$invoice_number Email queued to Email ID: $email_id", $client_id, $invoice_id);
// Send copies of the invoice to any additional billing contacts
@ -1454,7 +1435,6 @@ if (isset($_GET['email_invoice'])) {
]
];
// Logging
logAction("Invoice", "Email", "$session_name Emailed $billing_contact_email Invoice $invoice_prefix$invoice_number Email queued Email ID: $email_id", $client_id, $invoice_id);
}
@ -1485,21 +1465,21 @@ if (isset($_POST['add_recurring_payment'])) {
// Get Payment ID for reference
$recurring_payment_id = mysqli_insert_id($mysqli);
// Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name created Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $currency_code), $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Automatic Payment created for <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>";
flash_alert("Automatic Payment created for <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>");
redirect();
}
if (isset($_GET['delete_recurring_payment'])) {
$recurring_payment_id = intval($_GET['delete_recurring_payment']);
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_payments WHERE recurring_payment_id = $recurring_payment_id");
$row = mysqli_fetch_array($sql);
$recurring_invoice_id = intval($row['recurring_payment_recurring_invoice_id']);
// Get recurring Invoice ID
$recurring_invoice_id = intval(getFieldById('recurring_payments', $recurring_payment_id, 'recurring_payment_recurring_invoice_id'));
// Get the invoice total and details
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
@ -1510,17 +1490,16 @@ if (isset($_GET['delete_recurring_payment'])) {
mysqli_query($mysqli,"DELETE FROM recurring_payments WHERE recurring_payment_id = $recurring_payment_id");
// Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name removed auto Pay from Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Auto Payment Removed for Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>";
flash_alert("Auto Payment Removed for Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>", 'error');
redirect();
}
if (isset($_GET['force_recurring'])) {
$recurring_invoice_id = intval($_GET['force_recurring']);
$sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id");
@ -1664,12 +1643,11 @@ if (isset($_GET['force_recurring'])) {
} //End Recurring Invoices Loop
// Logging
logAction("Invoice", "Create", "$session_name forced recurring invoice into an invoice", $client_id, $new_invoice_id);
customAction('invoice_create', $new_invoice_id);
$_SESSION['alert_message'] = "Recurring Invoice Forced";
flash_alert("Recurring Invoice Forced");
redirect();
@ -1710,25 +1688,24 @@ if (isset($_POST['set_recurring_payment'])) {
// Get Payment ID for reference
$recurring_payment_id = mysqli_insert_id($mysqli);
// Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name created Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $recurring_invoice_currency_code), $client_id, $recurring_invoice_id);
$_SESSION['alert_message'] = "Automatic Payment <strong>$saved_payment_description</strong> enabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number";
flash_alert("Automatic Payment <strong>$saved_payment_description</strong> enabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number");
} else {
// Delete
mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id");
// Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name removed Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $recurring_invoice_currency_code), $client_id, $recurring_invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Automatic Payment <strong>Disabled</strong> for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number";
flash_alert("Automatic Payment <strong>Disabled</strong> for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", 'error');
}
redirect();
}
if (isset($_POST['export_invoices_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
@ -1781,7 +1758,6 @@ if (isset($_POST['export_invoices_csv'])) {
fpassthru($f);
}
// Logging
logAction("Invoice", "Export", "$session_name exported $num_rows invoices to CSV file");
exit;
@ -1789,6 +1765,7 @@ if (isset($_POST['export_invoices_csv'])) {
}
if (isset($_POST['export_client_recurring_invoice_csv'])) {
$client_id = intval($_POST['client_id']);
//get records from database
@ -1829,7 +1806,6 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
fpassthru($f);
}
// Logging
logAction("Recurring Invoice", "Export", "$session_name exported $num_rows recurring invoices to CSV file");
exit;
@ -1837,6 +1813,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
}
if (isset($_POST['export_payments_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
@ -1876,7 +1853,6 @@ if (isset($_POST['export_payments_csv'])) {
fpassthru($f);
}
// Logging
logAction("Payments", "Export", "$session_name exported $num_rows payments to CSV file");
exit;
@ -1884,6 +1860,7 @@ if (isset($_POST['export_payments_csv'])) {
}
if (isset($_GET['recurring_invoice_email_notify'])) {
$recurring_invoice_email_notify = intval($_GET['recurring_invoice_email_notify']);
$recurring_invoice_id = intval($_GET['recurring_invoice_id']);
@ -1902,35 +1879,38 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
$notify_wording = "Off";
}
// Logging
logAction("Recurring Invoice", "Edit", "$session_name turned $notify_wording Email Notifications for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Email Notifications <strong>$notify_wording</strong>";
flash_alert("Email Notifications <strong>$notify_wording</strong>", 'error');
redirect();
}
if (isset($_POST['link_invoice_to_ticket'])) {
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
mysqli_query($mysqli,"UPDATE invoices SET invoice_ticket_id = $ticket_id WHERE invoice_id = $invoice_id");
$_SESSION['alert_message'] = "Invoice linked to ticket";
flash_alert("Invoice linked to ticket");
redirect();
}
if (isset($_POST['add_ticket_to_invoice'])) {
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
mysqli_query($mysqli,"UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
$_SESSION['alert_message'] = "Ticket linked to invoice";
flash_alert("Ticket linked to invoice");
redirect("post.php?add_ticket_to_invoice=$invoice_id");
header("Location: post.php?add_ticket_to_invoice=$invoice_id");
}
if (isset($_GET['export_invoice_pdf'])) {
@ -2148,6 +2128,7 @@ if (isset($_GET['export_invoice_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}");
$pdf->Output("$filename.pdf", 'I');
exit;
}
@ -2157,9 +2138,7 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
$category_id = intval($_POST['bulk_category_id']);
// Get Category name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
$row = mysqli_fetch_array($sql);
$category_name = sanitizeInput($row['category_name']);
$category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Assign Income category to Selected Invoices
if (isset($_POST['invoice_ids'])) {
@ -2180,16 +2159,15 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_category_id = $category_id WHERE invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Edit", "$session_name assigned Invoice $invoice_prefix$invoice_number to category $category_name", $client_id, $invoice_id);
} // End Assign Loop
// Logging
logAction("Invoice", "Bulk Edit", "$session_name assigned $count invoices to category $category_name");
$_SESSION['alert_message'] = "Assigned income category <strong>$category_name</strong> to <strong>$count</strong> invoice(s)";
flash_alert("Assigned income category <strong>$category_name</strong> to <strong>$count</strong> invoice(s)");
}
redirect();
}
}

70
user/post/location.php
View File

@ -12,7 +12,6 @@ if(isset($_POST['add_location'])){
require_once 'location_model.php';
if(!file_exists("../uploads/clients/$client_id")) {
mkdir("../uploads/clients/$client_id");
}
@ -51,10 +50,9 @@ if(isset($_POST['add_location'])){
}
}
// Logging
logAction("Location", "Create", "$session_name created location $name", $client_id, $location_id);
$_SESSION['alert_message'] = "Location <strong>$name</strong> created.";
flash_alert("Location <strong>$name</strong> created.");
redirect();
@ -66,7 +64,6 @@ if(isset($_POST['edit_location'])){
require_once 'location_model.php';
$location_id = intval($_POST['location_id']);
// Get old location photo
@ -74,7 +71,6 @@ if(isset($_POST['edit_location'])){
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['location_photo']);
if(!file_exists("../uploads/clients/$client_id")) {
mkdir("../uploads/clients/$client_id");
}
@ -116,10 +112,9 @@ if(isset($_POST['edit_location'])){
}
// Logging
logAction("Location", "Edit", "$session_name edited location $name", $client_id, $location_id);
$_SESSION['alert_message'] = "Location <strong>$name</strong> updated";
flash_alert("Location <strong>$name</strong> updated");
redirect();
@ -139,11 +134,9 @@ if(isset($_GET['archive_location'])){
mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id");
// Logging
logAction("Location", "Archive", "$session_name archived location $location_name", $client_id, $location_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Location <strong>$location_name</strong> archived";
flash_alert("Location <strong>$location_name</strong> archived", 'error');
redirect();
@ -163,12 +156,12 @@ if(isset($_GET['unarchive_location'])){
mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
// Logging
logAction("Location", "Unarchive", "$session_name unarchived location $location_name", $client_id, $location_id);
$_SESSION['alert_message'] = "Location <strong>$location_name</strong> restored";
flash_alert("Location <strong>$location_name</strong> restored");
redirect();
}
if(isset($_GET['delete_location'])){
@ -185,12 +178,9 @@ if(isset($_GET['delete_location'])){
mysqli_query($mysqli,"DELETE FROM locations WHERE location_id = $location_id");
// Logging
logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Location <strong>$location_name</strong> deleted";
flash_alert("Location <strong>$location_name</strong> deleted", 'error');
redirect();
@ -232,15 +222,14 @@ if (isset($_POST['bulk_assign_location_tags'])) {
}
}
// Logging
logAction("Location", "Edit", "$session_name assigned tags to location $location_name", $client_id, $location_id);
} // End Assign Location Loop
// Logging
logAction("Location", "Bulk Edit", "$session_name assigned tags to $count location(s)", $client_id);
$_SESSION['alert_message'] = "Assigned tags for <strong>$count</strong> locations";
flash_alert("Assigned tags for <strong>$count</strong> locations");
}
redirect();
@ -248,6 +237,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
}
if (isset($_POST['bulk_archive_locations'])) {
enforceUserPermission('module_client', 2);
validateCSRFToken($_POST['csrf_token']);
@ -278,21 +268,22 @@ if (isset($_POST['bulk_archive_locations'])) {
}
// Bulk Logging
logAction("Location", "Bulk Archive", "$session_name archived $count location(s)");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Archived <strong>$count</strong> location(s)";
flash_alert("Archived <strong>$count</strong> location(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_unarchive_locations'])) {
enforceUserPermission('module_client', 2);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
if (isset($_POST['location_ids'])) {
// Get Selected Count
@ -311,25 +302,26 @@ if (isset($_POST['bulk_unarchive_locations'])) {
mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
// Individual logging
logAction("Location", "Unarchive", "$session_name unarchived location $location_name", $client_id, $location_id);
}
// Bulk Logging
logAction("Location", "Bulk Unarchive", "$session_name unarchived $count location(s)", $client_id);
$_SESSION['alert_message'] = "Unarchived <strong>$count</strong> location(s)";
flash_alert("Unarchived <strong>$count</strong> location(s)");
}
redirect();
}
if (isset($_POST['bulk_delete_locations'])) {
enforceUserPermission('module_client', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 3);
if (isset($_POST['location_ids'])) {
// Get Selected Count
@ -348,23 +340,22 @@ if (isset($_POST['bulk_delete_locations'])) {
mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
// Logging
logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
}
// Logging
logAction("Location", "Bulk Delete", "$session_name deleted $count location(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> location(s)";
flash_alert("Deleted <strong>$count</strong> location(s)", 'error');
}
redirect();
}
if(isset($_POST['export_locations_csv'])){
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND location_client_id = $client_id";
@ -406,7 +397,6 @@ if(isset($_POST['export_locations_csv'])){
fpassthru($f);
}
// Logging
logAction("Location", "Export", "$session_name exported $num_rows location(s) to a CSV file", $client_id);
exit;
@ -423,10 +413,8 @@ if (isset($_POST["import_locations_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
$_SESSION['alert_message'] = "Please select a file to upload.";
$_SESSION['alert_type'] = "error";
flash_alert("Please select a file to upload.", 'error');
redirect();
exit();
}
//Check file is CSV
@ -434,13 +422,13 @@ if (isset($_POST["import_locations_csv"])) {
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
$error = true;
$_SESSION['alert_message'] = "Bad file extension";
flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
$error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@ -448,7 +436,7 @@ if (isset($_POST["import_locations_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 8) {
$error = true;
$_SESSION['alert_message'] = "Bad column count.";
flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@ -498,17 +486,17 @@ if (isset($_POST["import_locations_csv"])) {
}
fclose($file);
// Logging
logAction("Location", "Import", "$session_name imported $row_count location(s). $duplicate_count duplicate(s) found and not imported", $client_id);
$_SESSION['alert_message'] = "$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported";
flash_alert("$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported");
redirect();
}
//Check for any errors, if there are notify user and redirect
if($error) {
$_SESSION['alert_type'] = "warning";
redirect();
}
}
if(isset($_GET['download_locations_csv_template'])){

31
user/post/network.php
View File

@ -16,10 +16,9 @@ if (isset($_POST['add_network'])) {
$network_id = mysqli_insert_id($mysqli);
// Logging
logAction("Network", "Create", "$session_name created network $name", $client_id, $network_id);
$_SESSION['alert_message'] = "Network <strong>$name</strong> created";
flash_alert("Network <strong>$name</strong> created");
redirect();
@ -34,10 +33,9 @@ if (isset($_POST['edit_network'])) {
mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");
// Logging
logAction("Network", "Edit", "$session_name edited network $name", $client_id, $network_id);
$_SESSION['alert_message'] = "Network <strong>$name</strong> updated";
flash_alert("Network <strong>$name</strong> updated");
redirect();
@ -57,11 +55,9 @@ if (isset($_GET['archive_network'])) {
mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NOW() WHERE network_id = $network_id");
// Logging
logAction("Network", "Archive", "$session_name archived network $network_name", $client_id, $network_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Network <strong>$network_name</strong> archived";
flash_alert("Network <strong>$network_name</strong> archived", 'error');
redirect();
@ -81,16 +77,16 @@ if (isset($_GET['unarchive_network'])) {
mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NULL WHERE network_id = $network_id");
// logging
logAction("Network", "Unarchive", "$session_name restored contact $contact_name", $client_id, $network_id);
$_SESSION['alert_message'] = "Network <strong>$network_name</strong> restored";
flash_alert("Network <strong>$network_name</strong> restored");
redirect();
}
if (isset($_GET['delete_network'])) {
enforceUserPermission('module_support', 3);
$network_id = intval($_GET['delete_network']);
@ -103,19 +99,19 @@ if (isset($_GET['delete_network'])) {
mysqli_query($mysqli,"DELETE FROM networks WHERE network_id = $network_id");
// Logging
logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Network <strong>$network_name</strong> deleted";
flash_alert("Network <strong>$network_name</strong> deleted", 'error');
redirect();
}
if (isset($_POST['bulk_delete_networks'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['network_ids'])) {
@ -135,20 +131,18 @@ if (isset($_POST['bulk_delete_networks'])) {
mysqli_query($mysqli, "DELETE FROM networks WHERE network_id = $network_id AND network_client_id = $client_id");
// Logging
logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
}
// Logging
logAction("Network", "Bulk Delete", "$session_name deleted $count network(s)", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> network(s)";
flash_alert("Deleted <strong>$count</strong> network(s)", 'error');
}
redirect();
}
if (isset($_POST['export_networks_csv'])) {
@ -179,7 +173,7 @@ if (isset($_POST['export_networks_csv'])) {
fputcsv($f, $fields, $delimiter);
//output each row of the data, format line as csv and write to file pointer
while($row = $sql->fetch_assoc()) {
while ($row = $sql->fetch_assoc()) {
$lineData = array($row['network_name'], $row['network_description'], $row['network_vlan'], $row['network'], $row['network_subnet'], $row['network_gateway'], $row['network_primary_dns'], $row['network_secondary_dns'], $row['network_dhcp_range']);
fputcsv($f, $lineData, $delimiter);
}
@ -195,7 +189,6 @@ if (isset($_POST['export_networks_csv'])) {
fpassthru($f);
}
// Logging
logAction("Network", "Export", "$session_name deleted $num_rows network(s) to a CSV file", $client_id);
exit;

92
user/post/product.php
View File

@ -6,7 +6,6 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
// Products
if (isset($_POST['add_product'])) {
enforceUserPermission('module_sales', 2);
@ -17,10 +16,9 @@ if (isset($_POST['add_product'])) {
$product_id = mysqli_insert_id($mysqli);
// Logging
logAction("Product", "Create", "$session_name created product $name", 0, $product_id);
$_SESSION['alert_message'] = "Product <strong>$name</strong> created";
flash_alert("Product <strong>$name</strong> created");
redirect();
@ -36,10 +34,9 @@ if (isset($_POST['edit_product'])) {
mysqli_query($mysqli,"UPDATE products SET product_name = '$name', product_description = '$description', product_price = '$price', product_tax_id = $tax, product_category_id = $category WHERE product_id = $product_id");
// Logging
logAction("Product", "Edit", "$session_name edited product $name", 0, $product_id);
$_SESSION['alert_message'] = "Product <strong>$name</strong> edited";
flash_alert("Product <strong>$name</strong> edited");
redirect();
@ -51,18 +48,13 @@ if (isset($_GET['archive_product'])) {
$product_id = intval($_GET['archive_product']);
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
// Logging
logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Product <strong>$product_name</strong> archived";
flash_alert("Product <strong>$product_name</strong> archived", 'error');
redirect();
@ -74,17 +66,13 @@ if (isset($_GET['unarchive_product'])) {
$product_id = intval($_GET['unarchive_product']);
// Get Contact Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
// Logging
logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
$_SESSION['alert_message'] = "Product <strong>$product_name</strong> restored";
flash_alert("Product <strong>$product_name</strong> restored");
redirect();
@ -97,17 +85,13 @@ if (isset($_GET['delete_product'])) {
$product_id = intval($_GET['delete_product']);
//Get Product Name
$sql = mysqli_query($mysqli,"SELECT * FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"DELETE FROM products WHERE product_id = $product_id");
// Logging
logAction("Product", "Delete", "$session_name deleted product $product_name");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Product <strong>$product_name</strong> deleted";
flash_alert("Product <strong>$product_name</strong> deleted", 'error');
redirect();
@ -120,9 +104,7 @@ if (isset($_POST['bulk_edit_product_category'])) {
$category_id = intval($_POST['bulk_category_id']);
// Get Category name for logging and Notification
$sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
$row = mysqli_fetch_array($sql);
$category_name = sanitizeInput($row['category_name']);
$category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Assign category to Selected Products
if (isset($_POST['product_ids'])) {
@ -134,32 +116,29 @@ if (isset($_POST['bulk_edit_product_category'])) {
$product_id = intval($product_id);
// Get Product Details for Logging
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_category_id = $category_id WHERE product_id = $product_id");
//Logging
logAction("Product", "Edit", "$session_name assigned product $product_name to category $category_name", 0, $product_id);
} // End Assign Product Loop
//Logging
logAction("Product", "Edit", "$session_name assigned category $category_name to $count product(s)");
$_SESSION['alert_message'] = "Assigned category <strong>$category_name</strong> to <strong>$count</strong> product(s)";
flash_alert("Assigned category <strong>$category_name</strong> to <strong>$count</strong> product(s)");
}
redirect();
}
if (isset($_POST['bulk_archive_products'])) {
enforceUserPermission('module_sales', 2);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_sales', 2);
if (isset($_POST['product_ids'])) {
$count = count($_POST['product_ids']);
@ -169,31 +148,28 @@ if (isset($_POST['bulk_archive_products'])) {
$product_id = intval($product_id);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
// Individual Contact logging
logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
}
// Bulk Logging
logAction("Product", "Bulk Archive", "$session_name archived $count product(s)");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Archived <strong>$count</strong> product(s)";
flash_alert("Archived <strong>$count</strong> product(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_unarchive_products'])) {
enforceUserPermission('module_sales', 2);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_sales', 2);
if (isset($_POST['product_ids'])) {
@ -204,31 +180,30 @@ if (isset($_POST['bulk_unarchive_products'])) {
$product_id = intval($product_id);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
// Individual logging
logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
}
// Bulk Logging
logAction("Product", "Bulk Unarchive", "$session_name unarchived $count product(s)");
$_SESSION['alert_message'] = "Unarchived <strong>$count</strong> product(s)";
flash_alert("Unarchived <strong>$count</strong> product(s)");
}
redirect();
}
if (isset($_POST['bulk_delete_products'])) {
enforceUserPermission('module_sales', 3);
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_sales', 3);
if (isset($_POST['product_ids'])) {
@ -236,30 +211,24 @@ if (isset($_POST['bulk_delete_products'])) {
// Cycle through array and delete each record
foreach ($_POST['product_ids'] as $product_id) {
$product_id = intval($product_id);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
$row = mysqli_fetch_array($sql);
$product_name = sanitizeInput($row['product_name']);
$product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id");
// Individual logging
logAction("Product", "Delete", "$session_name deleted product $product_name");
}
// Bulk logging
logAction("Product", "Bulk Delete", "$session_name deleted $count product(s)");
$_SESSION['alert_message'] = "Deleted <strong>$count</strong> product(s)";
flash_alert("Deleted <strong>$count</strong> product(s)", 'error');
}
redirect();
exit();
}
if (isset($_POST['export_products_csv'])) {
@ -302,7 +271,6 @@ if (isset($_POST['export_products_csv'])) {
fpassthru($f);
}
//Logging
logAction("Product", "Export", "$session_name exported $num_rows product(s) to a CSV file");
exit;

65
user/post/profile.php
View File

@ -8,16 +8,13 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['edit_your_user_details'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
$email = sanitizeInput($_POST['email']);
$signature = sanitizeInput($_POST['signature']);
$sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['user_avatar']);
$existing_file_name = sanitizeInput(getFieldById('users', $session_user_id, 'user_avatar'));
$logout = false;
$extended_log_description = '';
@ -78,40 +75,40 @@ if (isset($_POST['edit_your_user_details'])) {
mysqli_query($mysqli,"UPDATE user_settings SET user_config_signature = '$signature' WHERE user_id = $session_user_id");
//Logging
logAction("User Account", "Edit", "$session_name edited their account $extended_log_description");
$_SESSION['alert_message'] = "User details updated";
flash_alert("User details updated");
if ($logout) {
header('Location: post.php?logout');
}
else{
redirect('post.php?logout');
} else {
redirect();
}
}
if (isset($_GET['clear_your_user_avatar'])) {
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name cleared their avatar");
$_SESSION['alert_message'] = "Avatar cleared";
flash_alert("Avatar cleared", 'error');
redirect();
}
if (isset($_POST['edit_your_user_password'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$new_password = trim($_POST['new_password']);
if (empty($new_password)) {
header('Location: user_security.php');
exit;
redirect('user_security.php');
}
// Email notification when password or email is changed
@ -148,17 +145,15 @@ if (isset($_POST['edit_your_user_password'])) {
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
// Logging
logAction("User Account", "Edit", "$session_name changed their password");
$_SESSION['alert_message'] = "Your password was updated";
flash_alert("Your password was updated");
header('Location: post.php?logout');
redirect('post.php?logout');
}
if (isset($_POST['edit_your_user_preferences'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$calendar_first_day = intval($_POST['calendar_first_day']);
@ -185,12 +180,12 @@ if (isset($_POST['edit_your_user_preferences'])) {
$extended_log_description .= "disabled browser extension access";
}
// Logging
logAction("User Account", "Edit", "$session_name $extended_log_description");
$_SESSION['alert_message'] = "User preferences updated";
flash_alert("User preferences updated");
redirect();
}
if (isset($_POST['enable_mfa'])) {
@ -218,10 +213,9 @@ if (isset($_POST['enable_mfa'])) {
// Delete any existing MFA tokens - these browsers should be re-validated
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
// Logging
logAction("User Account", "Edit", "$session_name enabled MFA on their account");
$_SESSION['alert_message'] = "Multi-Factor authentication enabled";
flash_alert("Multi-Factor authentication enabled");
// Clear the mfa_token from the session to avoid re-use.
unset($_SESSION['mfa_token']);
@ -231,15 +225,14 @@ if (isset($_POST['enable_mfa'])) {
$previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
header("Location: $config_start_page");
exit;
redirect("$config_start_page");
}
}
} else {
// FAILURE
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Verification code invalid, please try again.";
flash_alert("Verification code invalid, please try again.", 'error');
// Set a flag to automatically open the MFA modal again
$_SESSION['show_mfa_modal'] = true;
@ -249,29 +242,22 @@ if (isset($_POST['enable_mfa'])) {
$previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
redirect();
}
}
}
header("Location: user_security.php");
exit;
redirect("user_security.php");
}
if (isset($_GET['disable_mfa'])){
if ($session_user_config_force_mfa) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Multi-Factor authentication cannot be disabled for your account";
flash_alert("Multi-Factor authentication cannot be disabled for your account", 'error');
redirect();
exit();
}
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
@ -302,11 +288,9 @@ if (isset($_GET['disable_mfa'])){
$mail = addToMailQueue($data);
}
// Logging
logAction("User Account", "Edit", "$session_name disabled MFA on their account");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Multi-Factor authentication disabled";
flash_alert("Multi-Factor authentication disabled", 'error');
redirect();
@ -314,17 +298,14 @@ if (isset($_GET['disable_mfa'])){
if (isset($_POST['revoke_your_2fa_remember_tokens'])) {
// CSRF
validateCSRFToken($_POST['csrf_token']);
// Delete tokens
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
//Logging
logAction("User Account", "Edit", "$session_name revoked all their remember-me tokens");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Remember me tokens revoked";
flash_alert("Remember me tokens revoked", 'error');
redirect();

48
user/post/project.php
View File

@ -70,12 +70,12 @@ if (isset($_POST['add_project'])) {
} // End Ticket Loop
} // End If Project Template
// Logging
logAction("Project", "Create", "$session_name created project $project_name", $client_id, $project_id);
$_SESSION['alert_message'] = "You created Project <strong>$project_name</strong>";
flash_alert("You created Project <strong>$project_name</strong>");
redirect();
}
if (isset($_POST['edit_project'])) {
@ -91,12 +91,12 @@ if (isset($_POST['edit_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id WHERE project_id = $project_id");
// Logging
logAction("Project", "Edit", "$session_name edited project $project_name", $client_id, $project_id);
$_SESSION['alert_message'] = "Project <strong>$project_name</strong> edited";
flash_alert("Project <strong>$project_name</strong> edited");
redirect();
}
if (isset($_GET['close_project'])) {
@ -113,12 +113,12 @@ if (isset($_GET['close_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_completed_at = NOW() WHERE project_id = $project_id");
// Logging
logAction("Project", "Close", "$session_name closed project $project_name", $client_id, $project_id);
$_SESSION['alert_message'] = "Project <strong>$project_name</strong> closed";
flash_alert("Project <strong>$project_name</strong> closed");
redirect();
}
if (isset($_GET['archive_project'])) {
@ -135,13 +135,12 @@ if (isset($_GET['archive_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id");
// Logging
logAction("Project", "Archive", "$session_name archived project $project_name", $client_id, $project_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Project <strong>$project_name</strong> archived";
flash_alert("Project <strong>$project_name</strong> archived", 'error');
redirect();
}
if (isset($_GET['unarchive_project'])) {
@ -158,21 +157,20 @@ if (isset($_GET['unarchive_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id");
// Logging
logAction("Project", "Unarchive", "$session_name unarchived project $project_name", $client_id, $project_id);
$_SESSION['alert_message'] = "Project <strong>$project_name</strong> unarchived";
flash_alert("Project <strong>$project_name</strong> unarchived");
redirect();
}
if (isset($_GET['delete_project'])) {
enforceUserPermission('module_support', 3);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$project_id = intval($_GET['delete_project']);
// Get Project Name and Client ID for logging
@ -183,18 +181,18 @@ if (isset($_GET['delete_project'])) {
mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id");
// Logging
logAction("Project", "Delete", "$session_name deleted project $project_name", $client_id, $project_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Project <strong>$project_name</strong> Deleted";
flash_alert("Project <strong>$project_name</strong> Deleted", 'error');
redirect();
}
if (isset($_POST['link_ticket_to_project'])) {
enforceUserPermission('module_support', 2);
$project_id = intval($_POST['project_id']);
// Get Project Name and Client ID for logging
@ -221,23 +219,23 @@ if (isset($_POST['link_ticket_to_project'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
// Logging
logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
}
// Bulk Logging
logAction("Project", "Bulk Edit", "$session_name added $count ticket(s) to project $project_name", $client_id, $project_id);
$_SESSION['alert_message'] = "<strong>$count</strong> Ticket(s) added to <strong>$project_name</strong>";
flash_alert("<strong>$count</strong> Ticket(s) added to <strong>$project_name</strong>");
}
redirect();
}
if (isset($_POST['link_closed_ticket_to_project'])) {
enforceUserPermission('module_support', 2);
$project_id = intval($_POST['project_id']);
$ticket_number = intval($_POST['ticket_number']);
@ -250,9 +248,8 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
// Get ticket details
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_prefix, ticket_number, ticket_subject, ticket_updated_at FROM tickets WHERE ticket_number = $ticket_number");
if (mysqli_num_rows($sql) == 0) {
$_SESSION['alert_message'] = "Cannot merge into that ticket.";
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
exit();
}
$row = mysqli_fetch_array($sql);
$ticket_id = intval($row['ticket_id']);
@ -263,9 +260,10 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id, ticket_updated_at = '$ticket_updated' WHERE ticket_id = $ticket_id");
// Logging
logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
$_SESSION['alert_message'] = "Ticket added to <strong>$project_name</strong>";
flash_alert("Ticket added to <strong>$project_name</strong>");
redirect();
}
}

59
user/post/quote.php
View File

@ -28,14 +28,13 @@ if (isset($_POST['add_quote'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Quote created!', history_quote_id = $quote_id");
// Logging
logAction("Quote", "Create", "$session_name created quote $config_quote_prefix$quote_number", $client_id, $quote_id);
customAction('quote_create', $quote_id);
$_SESSION['alert_message'] = "Quote <strong>$config_quote_prefix$quote_number</strong> created";
flash_alert("Quote <strong>$config_quote_prefix$quote_number</strong> created");
header("Location: quote.php?quote_id=$quote_id");
redirect("quote.php?quote_id=$quote_id");
}
@ -91,14 +90,13 @@ if (isset($_POST['add_quote_copy'])) {
mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_quote_id = $new_quote_id");
}
// Logging
logAction("Quote", "Create", "$session_name created quote $config_quote_prefix$quote_number from quote $original_quote_prefix$original_quote_number", $client_id, $new_quote_id);
customAction('quote_create', $new_quote_id);
$_SESSION['alert_message'] = "Quote copied";
flash_alert("Quote copied");
header("Location: quote.php?quote_id=$new_quote_id");
redirect("quote.php?quote_id=$new_quote_id");
}
@ -155,16 +153,16 @@ if (isset($_POST['add_quote_to_invoice'])) {
}
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Invoiced' WHERE quote_id = $quote_id");
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote invoiced as $config_invoice_prefix$invoice_number', history_quote_id = $quote_id");
// Logging
logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from quote $config_quote_prefix$quote_number", $client_id, $new_invoice_id);
customAction('invoice_create', $new_invoice_id);
$_SESSION['alert_message'] = "Invoice created from quote <strong>$quote_prefix$quote_number</strong>";
flash_alert("Invoice created from quote <strong>$quote_prefix$quote_number</strong>");
header("Location: invoice.php?invoice_id=$new_invoice_id");
redirect("invoice.php?invoice_id=$new_invoice_id");
}
@ -214,10 +212,9 @@ if (isset($_POST['add_quote_item'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
// Logging
logAction("Quote", "Edit", "$session_name added item $name to quote $quote_prefix$quote_number", $client_id, $quote_id);
$_SESSION['alert_message'] = "Item <strong>$name</strong> added";
flash_alert("Item <strong>$name</strong> added");
redirect();
@ -239,10 +236,9 @@ if (isset($_POST['quote_note'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_note = '$note' WHERE quote_id = $quote_id");
// Logging
logAction("Quote", "Edit", "$session_name added notes to quote $quote_prefix$quote_number", $client_id, $quote_id);
$_SESSION['alert_message'] = "Notes added";
flash_alert("Notes added");
redirect();
@ -274,10 +270,9 @@ if (isset($_POST['edit_quote'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_scope = '$scope', quote_date = '$date', quote_expire = '$expire', quote_discount_amount = '$quote_discount', quote_amount = '$quote_amount', quote_category_id = $category WHERE quote_id = $quote_id");
// Logging
logAction("Quote", "Edit", "$session_name edited quote $quote_prefix$quote_number", $client_id, $quote_id);
$_SESSION['alert_message'] = "Quote edited";
flash_alert("Quote edited");
redirect();
@ -312,17 +307,15 @@ if (isset($_GET['delete_quote'])) {
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
// Logging
logAction("Quote", "Delete", "$session_name deleted quote $quote_prefix$quote_number", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Quote <strong>$quote_prefix$quote_number</strong> deleted";
flash_alert("Quote <strong>$quote_prefix$quote_number</strong> deleted", 'error');
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
header("Location: client_quotes.php?client_id=$client_id");
redirect("client_quotes.php?client_id=$client_id");
} else {
header("Location: quotes.php");
redirect("quotes.php");
}
}
@ -353,11 +346,9 @@ if (isset($_GET['delete_quote_item'])) {
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
// Logging
logAction("Quote", "Edit", "$session_name removed item $item_name from $quote_prefix$quote_number", $client_id, $quote_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Item <strong>$item_name</strong> removed";
flash_alert("Item <strong>$item_name</strong> removed", 'error');
redirect();
@ -379,10 +370,9 @@ if (isset($_GET['mark_quote_sent'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Quote marked sent', history_quote_id = $quote_id");
// Logging
logAction("Quote", "Sent", "$session_name marked quote $quote_prefix$quote_number as sent", $client_id, $quote_id);
$_SESSION['alert_message'] = "Quote marked sent";
flash_alert("Quote marked sent");
redirect();
@ -404,12 +394,11 @@ if (isset($_GET['accept_quote'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Accepted', history_description = 'Quote accepted by $session_name', history_quote_id = $quote_id");
// Logging
logAction("Quote", "Edit", "$session_name marked quote $quote_prefix$quote_number as accepted", $client_id, $quote_id);
customAction('quote_accept', $quote_id);
$_SESSION['alert_message'] = "Quote accepted";
flash_alert("Quote accepted");
redirect();
@ -433,11 +422,9 @@ if (isset($_GET['decline_quote'])) {
customAction('quote_decline', $quote_id);
// Logging
logAction("Quote", "Edit", "$session_name marked quote $quote_prefix$quote_number as declined", $client_id, $quote_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Quote declined";
flash_alert("Quote declined", 'error');
redirect();
@ -508,10 +495,9 @@ if (isset($_GET['email_quote'])) {
// Update History
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Quote', history_quote_id = $quote_id");
// Logging
logAction("Quote", "Email", "$session_name emailed quote $quote_prefix$quote_number to $contact_email", $client_id, $quote_id);
$_SESSION['alert_message'] = "Quote has been queued successfully! <a class='text-bold text-light' href='admin_mail_queue.php'>See Mail Queue</a>";
flash_alert("Quote has been queued successfully! <a class='text-bold text-light' href='admin_mail_queue.php'>See Mail Queue</a>");
//Don't change the status to sent if the status is anything but draft
if ($quote_status == 'Draft') {
@ -538,10 +524,9 @@ if (isset($_GET['mark_quote_invoiced'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote marked as invoiced', history_quote_id = $quote_id");
// Logging
logAction("Quote", "Sent", "$session_name marked quote $quote_prefix$quote_number as invoiced", $client_id, $quote_id);
$_SESSION['alert_message'] = "Quote marked invoiced";
flash_alert("Quote marked invoiced");
redirect();
@ -591,15 +576,12 @@ if(isset($_POST['export_quotes_csv'])){
fpassthru($f);
}
// Logging
logAction("Quote", "Export", "$session_name exported $num_rows quote(s) to a CSV file");
$_SESSION['alert_message'] = "Exported <strong>$num_rows</strong> quote(s)";
flash_alert("Exported <strong>$num_rows</strong> quote(s)");
redirect();
exit;
}
if (isset($_GET['export_quote_pdf'])) {
@ -805,6 +787,7 @@ if (isset($_GET['export_quote_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$quote_date}_{$company_name}_{$client_name}_Quote_{$quote_prefix}{$quote_number}");
$pdf->Output("$filename.pdf", 'I');
exit;
}

40
user/post/rack.php
View File

@ -41,10 +41,9 @@ if (isset($_POST['add_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id");
}
// Logging
logAction("Rack", "Create", "$session_name created rack $name", $client_id, $rack_id);
$_SESSION['alert_message'] = "Rack <strong>$name</strong> created";
flash_alert("Rack <strong>$name</strong> created");
redirect();
@ -84,10 +83,9 @@ if (isset($_POST['edit_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id");
}
// Logging
logAction("Rack", "Edit", "$session_name edited rack $name", $client_id, $rack_id);
$_SESSION['alert_message'] = "Rack <strong>$name</strong> edited";
flash_alert("Rack <strong>$name</strong> edited");
redirect();
@ -107,11 +105,9 @@ if (isset($_GET['archive_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NOW() WHERE rack_id = $rack_id");
// Logging
logAction("Rack", "Archive", "$session_name archived rack $rack_name", $client_id, $rack_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Rack <strong>$rack_name</strong> archived";
flash_alert("Rack <strong>$rack_name</strong> archived", 'error');
redirect();
@ -131,10 +127,9 @@ if (isset($_GET['unarchive_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NULL WHERE rack_id = $rack_id");
// Logging
logAction("Rack", "Unarchive", "$session_name unarchived rack $rack_name", $client_id, $rack_id);
$_SESSION['alert_message'] = "Rack <strong>$rack_name</strong> Unarchived";
flash_alert("Rack <strong>$rack_name</strong> Unarchived");
redirect();
@ -160,11 +155,9 @@ if (isset($_GET['delete_rack'])) {
unlink("../uploads/clients/$client_id/$rack_photo");
}
// Logging
logAction("Rack", "Delete", "$session_name deleted rack $rack_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Rack <strong>$rack_name</strong> deleted";
flash_alert("Rack <strong>$rack_name</strong> deleted", 'error');
redirect();
@ -189,21 +182,17 @@ if (isset($_POST['add_rack_unit'])) {
// **New Validation Check**
if ($unit_start > $unit_end) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Unit Start number cannot be higher than Unit End number.";
flash_alert("Unit Start number cannot be higher than Unit End number.", 'error');
redirect();
exit();
}
// Check if the unit range is already occupied
$check_sql = mysqli_query($mysqli, "SELECT * FROM rack_units WHERE unit_rack_id = $rack_id AND unit_start_number <= $unit_end AND unit_end_number >= $unit_start");
if (mysqli_num_rows($check_sql) > 0) {
// If there is an overlap, return an error message
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Units $unit_start to $unit_end are already in use by another device.";
// If there is an overlap, return an error message;
flash_alert("Units $unit_start to $unit_end are already in use by another device.", 'error');
redirect();
exit();
}
// If no overlap and validation passes, proceed with the insertion
@ -211,12 +200,12 @@ if (isset($_POST['add_rack_unit'])) {
$unit_id = mysqli_insert_id($mysqli);
// Logging
logAction("Rack", "Edit", "$session_name added device $name to units $unit_start - $unit_end in rack $rack_name", $client_id, $rack_id);
$_SESSION['alert_message'] = "Device <strong>$name</strong> added to units $unit_start - $unit_end in rack.";
flash_alert("Device <strong>$name</strong> added to units $unit_start - $unit_end in rack.");
redirect();
}
if (isset($_POST['edit_rack_unit'])) {
@ -239,10 +228,9 @@ if (isset($_POST['edit_rack_unit'])) {
mysqli_query($mysqli,"UPDATE rack_units SET unit_device = '$name', unit_asset_id = $asset, unit_start_number = $unit_start, unit_end_number = $unit_end WHERE unit_id = $unit_id");
// Logging
logAction("Rack", "Edit", "$session_name edited device $name in rack $rack_name", $client_id, $rack_id);
$_SESSION['alert_message'] = "Device $name edited on the rack";
flash_alert("Device $name edited on the rack");
redirect();
@ -264,12 +252,10 @@ if (isset($_GET['remove_rack_unit'])) {
mysqli_query($mysqli,"DELETE FROM rack_units WHERE unit_id = $unit_id");
// Logging
logAction("Rack", "Edit", "$session_name removed device $device_name from rack $rack_name", $client_id, $rack_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Device <strong>$device_name</strong> removed from rack";
flash_alert("Device <strong>$device_name</strong> removed from rack", 'error');
redirect();
}
}

14
user/post/revenue.php
View File

@ -22,10 +22,9 @@ if (isset($_POST['add_revenue'])) {
$revenue_id = mysqli_insert_id($mysqli);
// Logging
logAction("Revenue", "Create", "$session_name added revenue $description", 0, $revenue_id);
$_SESSION['alert_message'] = "Revenue added";
flash_alert("Revenue added");
redirect();
@ -46,10 +45,9 @@ if (isset($_POST['edit_revenue'])) {
mysqli_query($mysqli,"UPDATE revenues SET revenue_date = '$date', revenue_amount = $amount, revenue_payment_method = '$payment_method', revenue_reference = '$reference', revenue_description = '$description', revenue_category_id = $category, revenue_account_id = $account WHERE revenue_id = $revenue_id");
// Logging
logAction("Revenue", "Edit", "$session_name edited revenue $description", 0, $revenue_id);
$_SESSION['alert_message'] = "Revenue edited";
flash_alert("Revenue edited");
redirect();
@ -62,17 +60,13 @@ if (isset($_GET['delete_revenue'])) {
$revenue_id = intval($_GET['delete_revenue']);
// Get Revenue Details
$sql = mysqli_query($mysqli,"SELECT revenue_description FROM revenues WHERE revenue_id = $revenue_id");
$row = mysqli_fetch_array($sql);
$revenue_description = sanitizeInput($row['revenue_description']);
$revenue_description = sanitizeInput(getFieldById('revenues', $revenue_id, 'revenue_description'));
mysqli_query($mysqli,"DELETE FROM revenues WHERE revenue_id = $revenue_id");
// Logging
logAction("Revenue", "Delete", "$session_name deleted revenue $revenue_description");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Revenue removed";
flash_alert("Revenue removed", 'error');
redirect();

15
user/post/service.php
View File

@ -74,10 +74,9 @@ if (isset($_POST['add_service'])) {
}
}
// Logging
logAction("Service", "Create", "$session_name created service $service_name", $client_id, $service_id);
$_SESSION['alert_message'] = "Service <strong>$service_name</strong> created";
flash_alert("Service <strong>$service_name</strong> created");
redirect();
@ -158,10 +157,9 @@ if (isset($_POST['edit_service'])) {
}
}
// Logging
logAction("Service", "Edit", "$session_name edited service $service_name", $client_id, $service_id);
$_SESSION['alert_message'] = "Service <strong>$service_name</strong> edited";
flash_alert("Service <strong>$service_name</strong> edited");
redirect();
@ -169,9 +167,10 @@ if (isset($_POST['edit_service'])) {
if (isset($_GET['delete_service'])) {
enforceUserPermission('module_support', 3);
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$service_id = intval($_GET['delete_service']);
// Get Service Details
@ -183,11 +182,9 @@ if (isset($_GET['delete_service'])) {
// Delete service
mysqli_query($mysqli, "DELETE FROM services WHERE service_id = $service_id");
// Logging
logAction("Service", "Delete", "$session_name deleted service $service_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Service <strong>$service_name</strong> deleted";
flash_alert("Service <strong>$service_name</strong> deleted", 'error');
redirect();

39
user/post/software.php
View File

@ -30,10 +30,9 @@ if (isset($_POST['add_software_from_template'])) {
$software_id = mysqli_insert_id($mysqli);
// Logging
logAction("Software", "Create", "$session_name created software $name using template", $client_id, $software_id);
$_SESSION['alert_message'] = "Software <strong>$name</strong> created from template";
flash_alert("Software <strong>$name</strong> created from template");
redirect();
@ -90,10 +89,9 @@ if (isset($_POST['add_software'])) {
}
}
// Logging
logAction("Software", "Create", "$session_name created software $name", $client_id, $software_id);
$_SESSION['alert_message'] = "Software <strong>$name</strong> created $alert_extended";
flash_alert("Software <strong>$name</strong> created $alert_extended");
redirect();
@ -150,10 +148,9 @@ if (isset($_POST['edit_software'])) {
}
}
// Logging
logAction("Software", "Edit", "$session_name edited software $name", $client_id, $software_id);
$_SESSION['alert_message'] = "Software <strong>$name</strong> updated";
flash_alert("Software <strong>$name</strong> updated");
redirect();
@ -177,11 +174,9 @@ if (isset($_GET['archive_software'])) {
mysqli_query($mysqli,"DELETE FROM software_contacts WHERE software_id = $software_id");
mysqli_query($mysqli,"DELETE FROM software_assets WHERE software_id = $software_id");
// Logging
logAction("Software", "Archive", "$session_name archived software $software_name and removed all device/user license associations", $client_id, $software_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Software <strong>$software_name</strong> archived and removed all device/user license associations";
flash_alert("Software <strong>$software_name</strong> archived and removed all device/user license associations", 'error');
redirect();
@ -201,11 +196,9 @@ if (isset($_GET['delete_software'])) {
mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id");
//Logging
logAction("Software", "Delete", "$session_name deleted software $software_name and removed all device/user license associations", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Software <strong>$software_name</strong> deleted and removed all device/user license associations";
flash_alert("Software <strong>$software_name</strong> deleted and removed all device/user license associations", 'error');
redirect();
@ -246,10 +239,11 @@ if (isset($_POST['export_client_software_csv'])) {
// Asset licenses
$assigned_to_assets = '';
$asset_licenses_sql = mysqli_query($mysqli,"SELECT software_assets.asset_id, assets.asset_name
FROM software_assets
LEFT JOIN assets
ON software_assets.asset_id = assets.asset_id
WHERE software_id = $row[software_id]");
FROM software_assets
LEFT JOIN assets
ON software_assets.asset_id = assets.asset_id
WHERE software_id = $row[software_id]"
);
while($asset_row = mysqli_fetch_array($asset_licenses_sql)) {
$assigned_to_assets .= $asset_row['asset_name'] . ", ";
}
@ -257,10 +251,12 @@ if (isset($_POST['export_client_software_csv'])) {
// Contact Licenses
$assigned_to_contacts = '';
$contact_licenses_sql = mysqli_query($mysqli,"SELECT software_contacts.contact_id, contacts.contact_name
FROM software_contacts
LEFT JOIN contacts
ON software_contacts.contact_id = contacts.contact_id
WHERE software_id = $row[software_id]");
FROM software_contacts
LEFT JOIN contacts
ON software_contacts.contact_id = contacts.contact_id
WHERE software_id = $row[software_id]"
);
while($contact_row = mysqli_fetch_array($contact_licenses_sql)) {
$assigned_to_contacts .= $contact_row['contact_name'] . ", ";
}
@ -279,8 +275,7 @@ if (isset($_POST['export_client_software_csv'])) {
//output all remaining data on a file pointer
fpassthru($f);
}
//Logging
logAction("Software", "Export", "$session_name exported $num_rows software(s) $software_name to a CSV file", $client_id);
exit;

3
user/post/tag.php
View File

@ -14,10 +14,9 @@ if (isset($_POST['add_tag'])) {
$tag_id = mysqli_insert_id($mysqli);
// Logging
logAction("Tag", "Create", "$session_name created tag $name", 0, $tag_id);
$_SESSION['alert_message'] = "Tag <strong>$name</strong> created";
flash_alert("Tag <strong>$name</strong> created");
redirect();

54
user/post/task.php
View File

@ -14,20 +14,18 @@ if (isset($_POST['add_task'])) {
$task_name = sanitizeInput($_POST['name']);
// Get Client ID from tickets using the ticket_id
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
$client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
$task_id = mysqli_insert_id($mysqli);
// Logging
logAction("Task", "Create", "$session_name created task $task_name", $client_id, $task_id);
$_SESSION['alert_message'] = "You created Task <strong>$task_name</strong>";
flash_alert("You created Task <strong>$task_name</strong>");
redirect();
}
if (isset($_POST['edit_ticket_task'])) {
@ -43,14 +41,15 @@ if (isset($_POST['edit_ticket_task'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
mysqli_query($mysqli, "UPDATE tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate WHERE task_id = $task_id");
// Logging
logAction("Task", "Edit", "$session_name edited task $task_name", $client_id, $task_id);
$_SESSION['alert_message'] = "Task <strong>$task_name</strong> edited";
flash_alert("Task <strong>$task_name</strong> edited");
redirect();
}
if (isset($_POST['edit_ticket_template_task'])) {
@ -64,22 +63,20 @@ if (isset($_POST['edit_ticket_template_task'])) {
mysqli_query($mysqli, "UPDATE task_templates SET task_template_name = '$task_name', task_template_order = $task_order, task_template_completion_estimate = $task_completion_estimate WHERE task_template_id = $task_template_id");
// Logging
logAction("Task", "Edit", "$session_name edited task $task_name", 0, $task_template_id);
$_SESSION['alert_message'] = "Task <strong>$task_name</strong> edited";
flash_alert("Task <strong>$task_name</strong> edited");
redirect();
}
}
if (isset($_GET['delete_task'])) {
enforceUserPermission('module_support', 3);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$task_id = intval($_GET['delete_task']);
// Get Client ID, task name from tasks and tickets using the task_id
@ -90,13 +87,12 @@ if (isset($_GET['delete_task'])) {
mysqli_query($mysqli, "DELETE FROM tasks WHERE task_id = $task_id");
// Logging
logAction("Task", "Delete", "$session_name deleted task $task_name", $client_id, $task_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Task <strong>$task_name</strong> deleted";
flash_alert("Task <strong>$task_name</strong> deleted", 'error');
redirect();
}
if (isset($_GET['complete_task'])) {
@ -123,12 +119,12 @@ if (isset($_GET['complete_task'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
// Logging
logAction("Task", "Edit", "$session_name completed task $task_name", $client_id, $task_id);
$_SESSION['alert_message'] = "Task <strong>$task_name</strong> Completed";
flash_alert("Task <strong>$task_name</strong> Completed");
redirect();
}
if (isset($_GET['undo_complete_task'])) {
@ -151,11 +147,9 @@ if (isset($_GET['undo_complete_task'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
// Logging
logAction("Task", "Edit", "$session_name marked task $task_name as incomplete", $client_id, $task_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Task <strong>$task_name</strong> marked as incomplete";
flash_alert("Task <strong>$task_name</strong> marked as incomplete", 'error');
redirect();
@ -168,9 +162,7 @@ if (isset($_GET['complete_all_tasks'])) {
$ticket_id = intval($_GET['complete_all_tasks']);
// Get Client ID
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
$client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NOW(), task_completed_by = $session_user_id WHERE task_ticket_id = $ticket_id AND task_completed_at IS NULL");
@ -179,12 +171,12 @@ if (isset($_GET['complete_all_tasks'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
// Logging
logAction("Ticket", "Edit", "$session_name marked all tasks complete for ticket", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Marked all tasks Complete";
flash_alert("Marked all tasks Complete");
redirect();
}
if (isset($_GET['undo_complete_all_tasks'])) {
@ -194,9 +186,7 @@ if (isset($_GET['undo_complete_all_tasks'])) {
$ticket_id = intval($_GET['undo_complete_all_tasks']);
// Get Client ID
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
$client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NULL, task_completed_by = NULL WHERE task_ticket_id = $ticket_id AND task_completed_at IS NOT NULL");
@ -205,10 +195,10 @@ if (isset($_GET['undo_complete_all_tasks'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
// Logging
logAction("Ticket", "Edit", "$session_name marked all tasks as incomplete for ticket", $client_id, $ticket_id);
$_SESSION['alert_message'] = "Marked all tasks Incomplete";
flash_alert("Marked all tasks Incomplete", 'error');
redirect();
}
}