diff --git a/user/post/contact.php b/user/post/contact.php
index e7bafad5..4e6c08d3 100644
--- a/user/post/contact.php
+++ b/user/post/contact.php
@@ -421,7 +421,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
logAction("Contact", "Bulk Edit", "$session_name set the department $department for $contact_count contacts", $client_id);
- flash_alert("You set the Department to
$department for
$contact_count contacts";
+ flash_alert("You set the Department to
$department for
$contact_count contacts");
}
redirect();
diff --git a/user/post/credential.php b/user/post/credential.php
index 46779dc4..38279349 100644
--- a/user/post/credential.php
+++ b/user/post/credential.php
@@ -24,10 +24,9 @@ if (isset($_POST['add_credential'])) {
}
}
- // Logging
logAction("Credential", "Create", "$session_name created credential $name", $client_id, $credential_id);
- $_SESSION['alert_message'] = "Credential
$name created";
+ flash_alert("Credential
$name created");
redirect();
@@ -64,10 +63,9 @@ if (isset($_POST['edit_credential'])) {
}
}
- // Logging
logAction("Credential", "Edit", "$session_name edited credential $name", $client_id, $credential_id);
- $_SESSION['alert_message'] = "Credential
$name edited";
+ flash_alert("Credential
$name edited");
redirect();
@@ -87,12 +85,9 @@ if(isset($_GET['archive_credential'])){
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
- //logging
logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
-
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Credential
$credential_name archived";
+ flash_alert("Credential
$credential_name archived", 'error');
redirect();
@@ -112,12 +107,12 @@ if(isset($_GET['unarchive_credential'])){
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
- //Logging
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
- $_SESSION['alert_message'] = "Credential
$credential_name restored";
+ flash_alert("Credential
$credential_name restored");
redirect();
+
}
if (isset($_GET['delete_credential'])) {
@@ -134,11 +129,9 @@ if (isset($_GET['delete_credential'])) {
mysqli_query($mysqli,"DELETE FROM credentials WHERE credential_id = $credential_id");
- // Logging
logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Credential
$credential_name deleted";
+ flash_alert("Credential
$credential_name deleted", 'error');
redirect();
@@ -180,15 +173,14 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
}
}
- // Logging
logAction("Credential", "Edit", "$session_name added tags to $credential_name", $client_id, $credential_id);
- $_SESSION['alert_message'] = "Assigned tags for
$count credentials";
+ flash_alert("Assigned tags for
$count credentials");
} // End Assign Loop
- // Logging
logAction("Credential", "Bulk Edit", "$session_name added tags to $count credentials", $client_id);
+
}
redirect();
@@ -197,9 +189,10 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
if (isset($_POST['bulk_archive_credentials'])) {
- enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_credential', 2);
+
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
@@ -218,26 +211,24 @@ if (isset($_POST['bulk_archive_credentials'])) {
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
- // Individual Contact logging
logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
}
- // Bulk Logging
logAction("Credential", "Bulk Archive", "$session_name archived $count credentials", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Archived
$count credential(s)";
+ flash_alert("Archived
$count credential(s)", 'error');
}
redirect();
+
}
if (isset($_POST['bulk_unarchive_credentials'])) {
- enforceUserPermission('module_credential', 2);
+ validateCSRFToken($_POST['csrf_token']);
- validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_credential', 2);
if (isset($_POST['credential_ids'])) {
@@ -257,27 +248,26 @@ if (isset($_POST['bulk_unarchive_credentials'])) {
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
- // Individual logging
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
}
- // Bulk Logging
logAction("Credential", "Bulk Unarchive", "$session_name unarchived $count credential(s)", $client_id);
- $_SESSION['alert_message'] = "Unarchived
$count credential(s)";
+ flash_alert("Unarchived
$count credential(s)");
}
redirect();
+
}
if (isset($_POST['bulk_delete_credentials'])) {
- enforceUserPermission('module_credential', 3);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_credential', 3);
+
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
@@ -296,20 +286,18 @@ if (isset($_POST['bulk_delete_credentials'])) {
mysqli_query($mysqli, "DELETE FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id");
- // Logging
logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
}
- // Bulk Logging
logAction("Credential", "Bulk Delete", "$session_name deleted $count credential(s)", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Deleted
$count credential(s)";
+ flash_alert("Deleted
$count credential(s)", 'error');
}
redirect();
+
}
if (isset($_POST['export_credentials_csv'])) {
@@ -360,7 +348,6 @@ if (isset($_POST['export_credentials_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Credential", "Export", "$session_name exported $num_rows credential(s) to a CSV file", $client_id);
exit;
@@ -377,10 +364,8 @@ if (isset($_POST["import_credentials_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
- $_SESSION['alert_message'] = "Please select a file to upload.";
- $_SESSION['alert_type'] = "error";
+ flash_alert("Please select a file to upload.", 'error');
redirect();
- exit();
}
//Check file is CSV
@@ -388,13 +373,13 @@ if (isset($_POST["import_credentials_csv"])) {
$allowed_file_extensions = array('csv');
if (in_array($file_extension,$allowed_file_extensions) === false){
$error = true;
- $_SESSION['alert_message'] = "Bad file extension";
+ flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif ($_FILES["file"]["size"] < 1){
$error = true;
- $_SESSION['alert_message'] = "Bad file size (empty?)";
+ flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@@ -402,7 +387,7 @@ if (isset($_POST["import_credentials_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if (!$error & count($f_columns) != 5) {
$error = true;
- $_SESSION['alert_message'] = "Bad column count.";
+ flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@@ -443,17 +428,17 @@ if (isset($_POST["import_credentials_csv"])) {
}
fclose($file);
- // Logging
logAction("Credential", "Import", "$session_name imported $row_count credential(s) via CSV file. $duplicate_count duplicate(s) found and not imported", $client_id);
- $_SESSION['alert_message'] = "$row_count credential(s) imported, $duplicate_count duplicate(s) detected and not imported";
+ flash_alert("
$row_count credential(s) imported,
$duplicate_count duplicate(s) detected and not imported", 'warning');
+
redirect();
}
//Check for any errors, if there are notify user and redirect
if ($error) {
- $_SESSION['alert_type'] = "warning";
redirect();
}
+
}
if (isset($_GET['download_credentials_csv_template'])) {
diff --git a/user/post/credit.php b/user/post/credit.php
index 76f47018..5bfcaa02 100644
--- a/user/post/credit.php
+++ b/user/post/credit.php
@@ -9,21 +9,23 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_credit'])) {
validateCSRFToken($_POST['csrf_token']);
+
enforceUserPermission('module_sales', 2);
$client_id = intval($_POST['client']);
$amount = floatval($_POST['amount']);
+ $type = sanitizeInput($_POST['type']);
$expire = sanitizeInput($_POST['expire']);
- $reference = sanitizeInput($_POST['reference']);
+ $note = sanitizeInput($_POST['note']);
- mysqli_query($mysqli,"INSERT INTO credits SET credit_amount = $amount, credit_reference = '$reference', credit_created_by = $session_user_id, credit_client_id = $client_id");
+ mysqli_query($mysqli,"INSERT INTO credits SET credit_amount = $amount, credit_type = '$type', credit_note = '$note', credit_created_by = $session_user_id, credit_client_id = $client_id");
$credit_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Credit", "Create", "$session_name added " . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "", $client_id, $credit_id);
- $_SESSION['alert_message'] = "" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . " Credit Added ";
+ flash_alert(numfmt_format_currency($currency_format, $amount, $session_company_currency) . " Credit Added");
redirect();
+
}
diff --git a/user/post/document.php b/user/post/document.php
index 8b802761..eeb51833 100644
--- a/user/post/document.php
+++ b/user/post/document.php
@@ -28,10 +28,9 @@ if (isset($_POST['add_document'])) {
mysqli_query($mysqli,"INSERT INTO asset_documents SET asset_id = $asset_id, document_id = $document_id");
}
- // Logging
logAction("Document", "Create", "$session_name created document $name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Document
$name created";
+ flash_alert("Document
$name created");
redirect();
@@ -63,12 +62,11 @@ if (isset($_POST['add_document_from_template'])) {
$document_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Document", "Create", "$session_name created document $name from template $document_template_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Document
$document_name created from template";
+ flash_alert("Document
$document_name created from template");
- header("Location: client_document_details.php?client_id=$client_id&document_id=$document_id");
+ redirect("client_document_details.php?client_id=$client_id&document_id=$document_id");
}
@@ -114,12 +112,11 @@ if (isset($_POST['edit_document'])) {
// Update Document
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = $session_user_id WHERE document_id = $document_id");
- //Logging
logAction("Document", "Edit", "$session_name edited document $name, previous version kept", $client_id, $document_version_id);
- $_SESSION['alert_message'] = "Document
$name edited, previous version kept";
+ flash_alert("Document
$name edited, previous version kept");
- header("Location: client_document_details.php?client_id=$client_id&document_id=$document_id");
+ redirect("client_document_details.php?client_id=$client_id&document_id=$document_id");
}
if (isset($_POST['move_document'])) {
@@ -143,10 +140,9 @@ if (isset($_POST['move_document'])) {
// Document edit query
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
- //Logging
logAction("Document", "Move", "$session_name moved document $document_name to folder $folder_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Document
$document_name moved to folder
$folder_name";
+ flash_alert("Document
$document_name moved to folder
$folder_name");
redirect();
@@ -168,11 +164,10 @@ if (isset($_POST['rename_document'])) {
// Document edit query
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name' WHERE document_id = $document_id");
- //Logging
logAction("Document", "Edit", "$session_name renamed document $old_document_name to $name", $client_id, $document_id);
- $_SESSION['alert_message'] = "You renamed Document from
$old_document_name to
$name";
+ flash_alert("You renamed Document from
$old_document_name to
$name");
redirect();
@@ -199,21 +194,18 @@ if (isset($_POST['bulk_move_document'])) {
foreach($_POST['document_ids'] as $document_id) {
$document_id = intval($document_id);
// Get document name for logging
- $sql = mysqli_query($mysqli,"SELECT document_name FROM documents WHERE document_id = $document_id");
- $row = mysqli_fetch_array($sql);
- $document_name = sanitizeInput($row['document_name']);
+ $document_name = sanitizeInput(getFieldById('documents', $document_id, 'document_name'));
// Document move query
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
- //Logging
logAction("Document", "Move", "$session_name moved document $document_name to folder $folder_name", $client_id, $document_id);
}
logAction("Document", "Bulk Move", "$session_name moved $count document(s) to folder $folder_name", $client_id);
}
- $_SESSION['alert_message'] = "You moved
$count document(s) to the folder
$folder_name";
+ flash_alert("You moved
$count document(s) to the folder
$folder_name");
redirect();
@@ -233,17 +225,14 @@ if (isset($_POST['link_file_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get File Name for logging
- $sql_file = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
- $row = mysqli_fetch_array($sql_file);
- $file_name = sanitizeInput($row['file_name']);
+ $file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
// Document add query
mysqli_query($mysqli,"INSERT INTO document_files SET file_id = $file_id, document_id = $document_id");
- // Logging
logAction("Document", "Link", "$session_name linked file $file_name to document $document_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "File
$file_name linked with Document
$document_name";
+ flash_alert("File
$file_name linked with Document
$document_name");
redirect();
@@ -263,17 +252,13 @@ if (isset($_GET['unlink_file_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get File Name for logging
- $sql_file = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
- $row = mysqli_fetch_array($sql_file);
- $file_name = sanitizeInput($row['file_name']);
+ $file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
mysqli_query($mysqli,"DELETE FROM document_files WHERE file_id = $file_id AND document_id = $document_id");
- //Logging
logAction("Document", "Unlink", "$session_name unlinked file $file_name from document $document_name", $client_id, $document_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "File
$file_name unlinked from Document
$document_name";
+ flash_alert("File
$file_name unlinked from Document
$document_name", 'error');
redirect();
@@ -293,17 +278,14 @@ if (isset($_POST['link_vendor_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Vendor Name for logging
- $sql_vendor = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $vendor_id");
- $row = mysqli_fetch_array($sql_vendor);
- $vendor_name = sanitizeInput($row['vendor_name']);
+ $vendor_name = sanitizeInput(getFieldById('vendors', $vendor_id, 'vendor_name'));
// Document add query
mysqli_query($mysqli,"INSERT INTO vendor_documents SET vendor_id = $vendor_id, document_id = $document_id");
- // Logging
logAction("Document", "Link", "$session_name linked vendor $vendor_name to document $document_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Vendor
$vendor_name linked with Document
$document_name";
+ flash_alert("Vendor
$vendor_name linked with Document
$document_name");
redirect();
@@ -323,17 +305,13 @@ if (isset($_GET['unlink_vendor_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Vendor Name for logging
- $sql_vendor = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $vendor_id");
- $row = mysqli_fetch_array($sql_vendor);
- $vendor_name = sanitizeInput($row['vendor_name']);
+ $vendor_name = sanitizeInput(getFieldById('vendors', $vendor_id, 'vendor_name'));
mysqli_query($mysqli,"DELETE FROM vendor_documents WHERE vendor_id = $vendor_id AND document_id = $document_id");
- //Logging
logAction("Document", "Unlink", "$session_name unlinked vendor $vendor_name from document $document_name", $client_id, $document_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Vendor
$vendor_name unlinked from Document
$document_name";
+ flash_alert("Vendor
$vendor_name unlinked from Document
$document_name", 'error');
redirect();
@@ -354,17 +332,14 @@ if (isset($_POST['link_contact_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO contact_documents SET contact_id = $contact_id, document_id = $document_id");
- // Logging
logAction("Document", "Link", "$session_name linked contact $contact_name to document $document_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Contact
$contact_name linked with Document
$document_name";
+ flash_alert("Contact
$contact_name linked with Document
$document_name");
redirect();
@@ -384,17 +359,13 @@ if (isset($_GET['unlink_contact_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Contact Name for logging
- $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_array($sql_contact);
- $contact_name = sanitizeInput($row['contact_name']);
+ $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
mysqli_query($mysqli,"DELETE FROM contact_documents WHERE contact_id = $contact_id AND document_id = $document_id");
- //Logging
logAction("Document", "Unlink", "$session_name unlinked contact $contact_name from document $document_name", $client_id, $document_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Contact
$contact_name unlinked from Document
$document_name";
+ flash_alert("Contact
$contact_name unlinked from Document
$document_name", 'error');
redirect();
@@ -414,17 +385,13 @@ if (isset($_POST['link_asset_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Asset Name for logging
- $sql_asset = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
- $row = mysqli_fetch_array($sql_asset);
- $asset_name = sanitizeInput($row['asset_name']);
+ $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
- // Contact add query
mysqli_query($mysqli,"INSERT INTO asset_documents SET asset_id = $asset_id, document_id = $document_id");
- // Logging
logAction("Document", "Link", "$session_name linked asset $asset_name to document $document_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Asset
$asset_name linked with Document
$document_name";
+ flash_alert("Asset
$asset_name linked with Document
$document_name");
redirect();
@@ -444,17 +411,13 @@ if (isset($_GET['unlink_asset_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Asset Name for logging
- $sql_asset = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
- $row = mysqli_fetch_array($sql_asset);
- $asset_name = sanitizeInput($row['asset_name']);
+ $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
mysqli_query($mysqli,"DELETE FROM asset_documents WHERE asset_id = $asset_id AND document_id = $document_id");
- // Logging
logAction("Document", "Unlink", "$session_name unlinked asset $asset_name from document $document_name", $client_id, $document_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Asset
$asset_name unlinked from Document
$document_name";
+ flash_alert("Asset
$asset_name unlinked from Document
$document_name", 'error');
redirect();
@@ -474,17 +437,14 @@ if (isset($_POST['link_software_to_document'])) {
$client_id = intval($row['document_client_id']);
// Get Software Name for logging
- $sql_software = mysqli_query($mysqli,"SELECT software_name FROM software WHERE software_id = $software_id");
- $row = mysqli_fetch_array($sql_software);
- $software_name = sanitizeInput($row['software_name']);
+ $software_name = sanitizeInput(getFieldById('software', $software_id, 'software_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO software_documents SET software_id = $software_id, document_id = $document_id");
- // Logging
logAction("Document", "Link", "$session_name linked software $software_name to document $document_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Software
$software_name linked with Document
$document_name";
+ flash_alert("Software
$software_name linked with Document
$document_name");
redirect();
@@ -504,17 +464,13 @@ if (isset($_GET['unlink_software_from_document'])) {
$client_id = intval($row['document_client_id']);
// Get Software Name for logging
- $sql_software = mysqli_query($mysqli,"SELECT software_name FROM software WHERE software_id = $software_id");
- $row = mysqli_fetch_array($sql_software);
- $software_name = sanitizeInput($row['software_name']);
+ $software_name = sanitizeInput(getFieldById('software', $software_id, 'software_name'));
mysqli_query($mysqli,"DELETE FROM software_documents WHERE software_id = $software_id AND document_id = $document_id");
- // Logging
logAction("Document", "Unlink", "$session_name unlinked software $software_name from document $document_name", $client_id, $document_id);
-
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Software
$software_name unlinked from Document
$document_name";
+
+ flash_alert("Software
$software_name unlinked from Document
$document_name", 'error');
redirect();
@@ -541,10 +497,9 @@ if (isset($_POST['toggle_document_visibility'])) {
mysqli_query($mysqli,"UPDATE documents SET document_client_visible = $document_visible WHERE document_id = $document_id");
- //Logging
logAction("Document", "Edit", "$session_name changed document $document_name visibilty to $visable_wording in the client portal", $client_id, $document_id);
- $_SESSION['alert_message'] = "Document
$document_name changed to
$visable_wording in the client portal";
+ flash_alert("Document
$document_name changed to
$visable_wording in the client portal");
redirect();
@@ -588,7 +543,7 @@ if (isset($_GET['export_document'])) {
// Logging
logAction("Document", "Export", "$session_name exported document $document_name", $client_id, $document_id);
- $_SESSION['alert_message'] = "Document
$document_name exported";
+ flash_alert("Document
$document_name exported");
redirect();
@@ -627,11 +582,9 @@ if (isset($_GET['archive_document'])) {
// Service Associations
mysqli_query($mysqli,"DELETE FROM service_documents WHERE document_id = $document_id");
- // Logging
logAction("Document", "Archive", "$session_name archived document $document_name", $client_id, $document_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Document
$document_name archived";
+ flash_alert("Document
$document_name archived", 'error');
redirect();
@@ -651,11 +604,9 @@ if (isset($_GET['delete_document_version'])) {
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_id = $document_version_id");
- //Logging
logAction("Document Version", "Delete", "$session_name deleted document version $document_version_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Document $document_version_name version deleted";
+ flash_alert("Document $document_version_name version deleted", 'error');
redirect();
@@ -678,11 +629,9 @@ if (isset($_GET['delete_document'])) {
// Delete all versions associated with the master document
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
- //Logging
logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Document
$document_name deleted and all versions";
+ flash_alert("Document
$document_name deleted and all versions", 'error');
redirect();
@@ -690,9 +639,9 @@ if (isset($_GET['delete_document'])) {
if (isset($_POST['bulk_delete_documents'])) {
- enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 3);
if (isset($_POST['document_ids'])) {
@@ -713,16 +662,14 @@ if (isset($_POST['bulk_delete_documents'])) {
// Delete all versions associated with the master document
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
- //Logging
logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
}
- //Logging
logAction("Document", "Bulk Delete", "$session_name deleted $count document(s) and all versions", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Deleted
$count Documents and associated document versions";
+ flash_alert("Deleted
$count Documents and associated document versions", 'error');
+
}
redirect();
diff --git a/user/post/domain.php b/user/post/domain.php
index bee61253..2ca4fdcf 100644
--- a/user/post/domain.php
+++ b/user/post/domain.php
@@ -52,10 +52,9 @@ if (isset($_POST['add_domain'])) {
$extended_log_description = ', with associated SSL cert';
}
- // Logging
logAction("Domain", "Create", "$session_name created domain $name$extended_log_description", $client_id, $domain_id);
- $_SESSION['alert_message'] = "Domain
$name created";
+ flash_alert("Domain
$name created");
redirect();
@@ -138,10 +137,9 @@ if (isset($_POST['edit_domain'])) {
}
}
- // Logging
logAction("Domain", "Edit", "$session_name edited domain $name", $client_id, $domain_id);
- $_SESSION['alert_message'] = "Domain
$name edited";
+ flash_alert("Domain
$name edited");
redirect();
@@ -161,13 +159,12 @@ if (isset($_GET['archive_domain'])) {
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
- // Logging
logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Domain
$domain_name archived";
+ flash_alert("Domain $domain_name archived", 'error');
redirect();
+
}
if(isset($_GET['unarchive_domain'])){
@@ -184,12 +181,12 @@ if(isset($_GET['unarchive_domain'])){
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
- // Logging
logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
- $_SESSION['alert_message'] = "Domain $domain_name restored";
+ flash_alert("Domain $domain_name restored");
redirect();
+
}
if (isset($_GET['delete_domain'])) {
@@ -206,20 +203,20 @@ if (isset($_GET['delete_domain'])) {
mysqli_query($mysqli,"DELETE FROM domains WHERE domain_id = $domain_id");
- // Logging
logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Domain $domain_name deleted";
+ flash_alert("Domain $domain_name deleted", 'error');
redirect();
}
if (isset($_POST['bulk_archive_domains'])) {
- enforceUserPermission('module_support', 3);
+
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@@ -238,25 +235,25 @@ if (isset($_POST['bulk_archive_domains'])) {
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
- // Individual Contact logging
logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
}
- // Bulk Logging
logAction("Domain", "Bulk Archive", "$session_name archived $count domain(s)", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Archived $count domain(s)";
+ flash_alert("Archived $count domain(s)", 'error');
}
redirect();
+
}
if (isset($_POST['bulk_unarchive_domains'])) {
- enforceUserPermission('module_support', 3);
+
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@@ -275,25 +272,26 @@ if (isset($_POST['bulk_unarchive_domains'])) {
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
- // Individual logging
logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
}
- // Bulk Logging
logAction("Domain", "Bulk Unarchive", "$session_name unarchived $count domain(s)", $client_id);
- $_SESSION['alert_message'] = "Unarchived $count domain(s)";
+ flash_alert("Unarchived $count domain(s)");
}
redirect();
+
}
if (isset($_POST['bulk_delete_domains'])) {
- enforceUserPermission('module_support', 3);
+
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
if (isset($_POST['domain_ids'])) {
// Get Selected Count
@@ -311,20 +309,18 @@ if (isset($_POST['bulk_delete_domains'])) {
$client_id = intval($row['domain_client_id']);
mysqli_query($mysqli, "DELETE FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id");
-
- // Logging
+
logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
}
- // Logging
logAction("Domain", "Bulk Delete", "$session_name deleted $count domain(s)", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Deleted $count domain(s)";
+ flash_alert("Deleted $count domain(s)", 'error');
}
redirect();
+
}
if (isset($_POST['export_domains_csv'])) {
@@ -371,7 +367,6 @@ if (isset($_POST['export_domains_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Domain", "Export", "$session_name exported $num_rows domain(s)", $client_id);
exit;
diff --git a/user/post/event.php b/user/post/event.php
index 8961fbf6..0a1f8111 100644
--- a/user/post/event.php
+++ b/user/post/event.php
@@ -15,10 +15,9 @@ if (isset($_POST['add_calendar'])) {
$calendar_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Calendar", "Create", "$session_name created calendar $name", 0, $calendar_id);
- $_SESSION['alert_message'] = "Calendar $name created";
+ flash_alert("Calendar $name created");
redirect();
@@ -32,10 +31,9 @@ if (isset($_POST['edit_calendar'])) {
mysqli_query($mysqli,"UPDATE calendars SET calendar_name = '$name', calendar_color = '$color' WHERE calendar_id = $calendar_id");
- // Logging
logAction("Calendar", "Edit", "$session_name edited calendar $name", 0, $calendar_id);
- $_SESSION['alert_message'] = "Calendar $name edited";
+ flash_alert("Calendar $name edited");
redirect();
@@ -45,15 +43,12 @@ if (isset($_POST['add_event'])) {
require_once 'event_model.php';
-
mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
$event_id = mysqli_insert_id($mysqli);
- //Get Calendar Name
- $sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE calendar_id = $calendar_id");
- $row = mysqli_fetch_array($sql);
- $calendar_name = sanitizeInput($row['calendar_name']);
+ // Get Calendar Name
+ $calendar_name = sanitizeInput(getFieldById('calendars', $calendar_id, 'calendar_name'));
//If email is checked
if ($email_event == 1) {
@@ -106,10 +101,9 @@ if (isset($_POST['add_event'])) {
} // End mail IF
- // Logging
logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client, $event_id);
- $_SESSION['alert_message'] = "Event $title created in calendar $calendar_name";
+ flash_alert("Event $title created in calendar $calendar_name");
redirect();
@@ -174,16 +168,16 @@ if (isset($_POST['edit_event'])) {
} // End mail IF
- //Logging
logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client, $event_id);
- $_SESSION['alert_message'] = "Calendar event titled $title edited";
+ flash_alert("Calendar event titled $title edited");
redirect();
}
if (isset($_GET['delete_event'])) {
+
$event_id = intval($_GET['delete_event']);
// Get Event Title
@@ -194,11 +188,9 @@ if (isset($_GET['delete_event'])) {
mysqli_query($mysqli,"DELETE FROM calendar_events WHERE event_id = $event_id");
- // Logging
logAction("Calendar Event", "Delete", "$session_name deleted calendar event $event_title", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Calendar event titled $event_title deleted";
+ flash_alert("Calendar event titled $event_title deleted", 'error');
redirect();
diff --git a/user/post/expense.php b/user/post/expense.php
index 61cea58a..89fd1c75 100644
--- a/user/post/expense.php
+++ b/user/post/expense.php
@@ -33,10 +33,9 @@ if (isset($_POST['add_expense'])) {
}
}
- //Logging
logAction("Expense", "Create", "$session_name created expense $description", $client, $expense_id);
- $_SESSION['alert_message'] = "Expense added" . $extended_alert_description;
+ flash_alert("Expense added" . $extended_alert_description);
redirect();
@@ -46,13 +45,10 @@ if (isset($_POST['edit_expense'])) {
require_once 'expense_model.php';
-
$expense_id = intval($_POST['expense_id']);
// Get old receipt
- $sql = mysqli_query($mysqli,"SELECT expense_receipt FROM expenses WHERE expense_id = $expense_id");
- $row = mysqli_fetch_array($sql);
- $existing_file_name = sanitizeInput($row['expense_receipt']);
+ $existing_file_name = sanitizeInput(getFieldById('expenses', $expense_id, 'expense_receipt'));
// Check for and process attachment
$extended_alert_description = '';
@@ -76,16 +72,16 @@ if (isset($_POST['edit_expense'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id");
- // Logging
logAction("Expense", "Edit", "$session_name edited expense $description", $client, $expense_id);
- $_SESSION['alert_message'] = "Expense modified" . $extended_alert_description;
+ flash_alert("Expense modified" . $extended_alert_description);
redirect();
}
if (isset($_GET['delete_expense'])) {
+
$expense_id = intval($_GET['delete_expense']);
$sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id");
@@ -98,10 +94,9 @@ if (isset($_GET['delete_expense'])) {
mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id");
- // Logging
logAction("Expense", "Delete", "$session_name deleted expense $expense_description", $client_id);
- $_SESSION['alert_message'] = "Expense deleted";
+ flash_alert("Expense deleted", 'error');
redirect();
@@ -112,9 +107,7 @@ if (isset($_POST['bulk_edit_expense_category'])) {
$category_id = intval($_POST['bulk_category_id']);
// Get Category name for logging and Notification
- $sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
- $row = mysqli_fetch_array($sql);
- $category_name = sanitizeInput($row['category_name']);
+ $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Assign category to Selected Expenses
if (isset($_POST['expense_ids'])) {
@@ -133,18 +126,17 @@ if (isset($_POST['bulk_edit_expense_category'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_category_id = $category_id WHERE expense_id = $expense_id");
- // Logging
logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to category $category_name", $client_id, $expense_id);
} // End Assign Loop
- // Logging
logAction("Expense", "Bulk Edit", "$session_name assigned $count expenses to category $category_name");
- $_SESSION['alert_message'] = "You assigned expense category $category_name to $count expense(s)";
+ flash_alert("You assigned expense category $category_name to $count expense(s)");
}
redirect();
+
}
if (isset($_POST['bulk_edit_expense_account'])) {
@@ -152,9 +144,7 @@ if (isset($_POST['bulk_edit_expense_account'])) {
$account_id = intval($_POST['bulk_account_id']);
// Get Account name for logging and Notification
- $sql = mysqli_query($mysqli,"SELECT account_name FROM accounts WHERE account_id = $account_id");
- $row = mysqli_fetch_array($sql);
- $account_name = sanitizeInput($row['account_name']);
+ $account_name = sanitizeInput(getFieldById('accounts', $account_id, 'account_name'));
// Assign account to Selected Expenses
if (isset($_POST['expense_ids'])) {
@@ -173,18 +163,17 @@ if (isset($_POST['bulk_edit_expense_account'])) {
mysqli_query($mysqli,"UPDATE expenses SET expense_account_id = $account_id WHERE expense_id = $expense_id");
- // Logging
logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to account $account_name", $client_id, $expense_id);
} // End Assign Loop
- // Logging
logAction("Expense", "Bulk Edit", "$session_name assigned $count expense(s) to account $account_name");
- $_SESSION['alert_message'] = "You assigned account $account_name to $count expense(s)";
+ flash_alert("You assigned account $account_name to $count expense(s)");
}
redirect();
+
}
if (isset($_POST['bulk_edit_expense_client'])) {
@@ -192,9 +181,7 @@ if (isset($_POST['bulk_edit_expense_client'])) {
$client_id = intval($_POST['bulk_client_id']);
// Get Client name for logging and Notification
- $sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
- $row = mysqli_fetch_array($sql);
- $client_name = sanitizeInput($row['client_name']);
+ $client_name = sanitizeInput(getFieldById('clients', $client_id, 'client_name'));
// Assign Client to Selected Expenses
if (isset($_POST['expense_ids'])) {
@@ -206,27 +193,27 @@ if (isset($_POST['bulk_edit_expense_client'])) {
$expense_id = intval($expense_id);
// Get Expense Details for Logging
- $sql = mysqli_query($mysqli,"SELECT expense_description FROM expenses WHERE expense_id = $expense_id");
- $row = mysqli_fetch_array($sql);
- $expense_description = sanitizeInput($row['expense_description']);
+ $expense_description = sanitizeInput(getFieldById('expenses', $expense_id, 'expense_description'));
mysqli_query($mysqli,"UPDATE expenses SET expense_client_id = $client_id WHERE expense_id = $expense_id");
- // Logging
logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to client $client_name", $client_id, $expense_id);
} // End Assign Loop
- $_SESSION['alert_message'] = "You assigned Client $client_name to $expense_count expenses";
+ flash_alert("You assigned Client $client_name to $expense_count expenses");
}
redirect();
+
}
if (isset($_POST['bulk_delete_expenses'])) {
- validateAdminRole();
+
validateCSRFToken($_POST['csrf_token']);
+ validateAdminRole();
+
if (isset($_POST['expense_ids'])) {
// Get Selected Count
@@ -246,24 +233,23 @@ if (isset($_POST['bulk_delete_expenses'])) {
unlink("../uploads/expenses/$expense_receipt");
mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id");
-
- // Logging
+
logAction("Expense", "Delete", "$session_name deleted expense $expense_descrition", $client_id);
}
- // Logging
logAction("Expense", "Bulk Delete", "$session_name deleted $count expense(s)");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Deleted $count expense(s)";
+ flash_alert("Deleted $count expense(s)", 'error');
}
redirect();
+
}
if (isset($_POST['export_expenses_csv'])) {
+
$date_from = sanitizeInput($_POST['date_from']);
$date_to = sanitizeInput($_POST['date_to']);
$account = intval($_POST['account']);
@@ -343,10 +329,10 @@ if (isset($_POST['export_expenses_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Expense", "Export", "$session_name exported $num_rows expense(s) to CSV file");
exit;
+
}
if (isset($_POST['create_recurring_expense'])) {
@@ -372,10 +358,9 @@ if (isset($_POST['create_recurring_expense'])) {
$recurring_expense_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Recurring Expense", "Create", "$session_name created recurring expense $description", $client_id, $recurring_expense_id);
- $_SESSION['alert_message'] = "Recurring Expense created";
+ flash_alert("Recurring Expense created");
redirect();
@@ -403,10 +388,9 @@ if (isset($_POST['edit_recurring_expense'])) {
mysqli_query($mysqli,"UPDATE recurring_expenses SET recurring_expense_frequency = $frequency, recurring_expense_day = $day, recurring_expense_month = $month, recurring_expense_next_date = '$start_date', recurring_expense_description = '$description', recurring_expense_reference = '$reference', recurring_expense_amount = $amount, recurring_expense_currency_code = '$session_company_currency', recurring_expense_vendor_id = $vendor, recurring_expense_client_id = $client_id, recurring_expense_category_id = $category, recurring_expense_account_id = $account WHERE recurring_expense_id = $recurring_expense_id");
- //Logging
logAction("Recurring Expense", "Edit", "$session_name edited recurring expense $description", $client_id, $recurring_expense_id);
- $_SESSION['alert_message'] = "Recurring Expense edited";
+ flash_alert("Recurring Expense edited");
redirect();
@@ -423,11 +407,9 @@ if (isset($_GET['delete_recurring_expense'])) {
mysqli_query($mysqli,"DELETE FROM recurring_expenses WHERE recurring_expense_id = $recurring_expense_id");
- // Logging
logAction("Recurring Expense", "Delete", "$session_name deleted recurring expense $recurring_expense_description", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Recurring Expense deleted";
+ flash_alert("Recurring Expense deleted", 'error');
redirect();
diff --git a/user/post/file.php b/user/post/file.php
index fb1441c3..60329b99 100644
--- a/user/post/file.php
+++ b/user/post/file.php
@@ -60,8 +60,7 @@ if (isset($_POST['upload_files'])) {
$dest_path = $upload_file_dir . $file_reference_name;
if (!move_uploaded_file($file_tmp_path, $dest_path)) {
- $_SESSION['alert_type'] = 'error';
- $_SESSION['alert_message'] = 'Error moving file to upload directory. Please ensure the directory is writable.';
+ flash_alert('Error moving file to upload directory. Please ensure the directory is writable.', 'error');
continue; // Skip processing this file
}
@@ -189,15 +188,14 @@ if (isset($_POST['upload_files'])) {
mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
}
- // Log upload action
logAction("File", "Upload", "$session_name uploaded file $file_name", $client_id, $file_id);
- $_SESSION['alert_message'] = "Uploaded file $file_name";
+
+ flash_alert("Uploaded file $file_name");
}
}
- // Redirect after processing
redirect();
- exit;
+
}
@@ -218,10 +216,9 @@ if (isset($_POST['rename_file'])) {
// file edit query
mysqli_query($mysqli,"UPDATE files SET file_name = '$file_name' ,file_description = '$file_description' WHERE file_id = $file_id");
- // Logging
logAction("File", "Rename", "$session_name renamed file $old_file_name to $file_name", $client_id, $file_id);
- $_SESSION['alert_message'] = "Renamed file $old_file_name to $file_name";
+ flash_alert("Renamed file $old_file_name to $file_name");
redirect();
@@ -241,16 +238,13 @@ if (isset($_POST['move_file'])) {
$client_id = intval($row['file_client_id']);
// Get Folder Name for Logging
- $sql = mysqli_query($mysqli,"SELECT folder_name FROM folders WHERE folder_id = $folder_id");
- $row = mysqli_fetch_array($sql);
- $folder_name = sanitizeInput($row['folder_name']);
+ $folder_name = sanitizeInput(getFieldById('folders', $folder_id, 'folder_name'));
mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
- // Logging
logAction("File", "Move", "$session_name moved file $file_name to $folder_name", $client_id, $file_id);
- $_SESSION['alert_message'] = "File $file_name moved to $folder_name";
+ flash_alert("File $file_name moved to $folder_name");
redirect();
@@ -270,11 +264,9 @@ if (isset($_GET['archive_file'])) {
mysqli_query($mysqli,"UPDATE files SET file_archived_at = NOW() WHERE file_id = $file_id");
- //logging
logAction("File", "Archive", "$session_name archived file $file_name", $client_id, $file_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "File $file_name archived";
+ flash_alert("File $file_name archived", 'error');
redirect();
@@ -282,9 +274,10 @@ if (isset($_GET['archive_file'])) {
if (isset($_POST['delete_file'])) {
- enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
$file_id = intval($_POST['file_id']);
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
@@ -306,11 +299,9 @@ if (isset($_POST['delete_file'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
- //Logging
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "File $file_name deleted";
+ flash_alert("File $file_name deleted", 'alert');
redirect();
@@ -318,9 +309,10 @@ if (isset($_POST['delete_file'])) {
if (isset($_POST['bulk_delete_files'])) {
- enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
// Delete file loop
if (isset($_POST['file_ids'])) {
@@ -350,15 +342,12 @@ if (isset($_POST['bulk_delete_files'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
- // Log each invidual file deletion
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
}
- // Log the bulk delete action
logAction("File", "Bulk Delete", "$session_name deleted $file_count file(s)", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "You deleted $file_count files";
+ flash_alert("You deleted $file_count files", 'error');
}
redirect();
@@ -367,9 +356,10 @@ if (isset($_POST['bulk_delete_files'])) {
if (isset($_POST['bulk_move_files'])) {
- enforceUserPermission('module_support', 2);
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_support', 2);
+
$folder_id = intval($_POST['bulk_folder_id']);
// Get folder name for logging and Notification
@@ -386,22 +376,19 @@ if (isset($_POST['bulk_move_files'])) {
// Move Documents to Folder Loop
foreach($_POST['file_ids'] as $file_id) {
$file_id = intval($file_id);
+
// Get file name for logging
- $sql = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
- $row = mysqli_fetch_array($sql);
- $file_name = sanitizeInput($row['file_name']);
+ $file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
// file move query
mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
- // Logging
logAction("File", "Move", "$session_name moved file $file_name to folder $folder_name", $client_id, $file_id);
}
- //Logging
logAction("File", "Bulk Move", "$session_name moved $file_count file(s) to folder $folder_name", $client_id);
- $_SESSION['alert_message'] = "Moved $file_count files to the folder $folder_name";
+ flash_alert("Moved $file_count files to the folder $folder_name");
}
redirect();
@@ -422,17 +409,14 @@ if (isset($_POST['link_asset_to_file'])) {
$client_id = intval($row['file_client_id']);
// Get Asset Name for Logging
- $sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
- $row = mysqli_fetch_array($sql);
- $asset_name = sanitizeInput($row['asset_name']);
+ $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
// Contact add query
mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
- // Logging
logAction("File", "Link", "$session_name linked asset $asset_name to file $file_name", $client_id, $file_id);
- $_SESSION['alert_message'] = "Asset $asset_name linked to File $file_name";
+ flash_alert("Asset $asset_name linked to File $file_name");
redirect();
@@ -452,16 +436,13 @@ if (isset($_GET['unlink_asset_from_file'])) {
$client_id = intval($row['file_client_id']);
// Get Asset Name for Logging
- $sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
- $row = mysqli_fetch_array($sql);
- $asset_name = sanitizeInput($row['asset_name']);
+ $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
mysqli_query($mysqli,"DELETE FROM asset_files WHERE asset_id = $asset_id AND file_id = $file_id");
- //Logging
logAction("File", "Link", "$session_name unlinked asset $asset_name from file $file_name", $client_id, $file_id);
- $_SESSION['alert_message'] = "Asset $asset_name unlinked from File $file_name";
+ flash_alert("Asset $asset_name unlinked from File $file_name");
redirect();
diff --git a/user/post/folder.php b/user/post/folder.php
index 639034f1..b0d25b91 100644
--- a/user/post/folder.php
+++ b/user/post/folder.php
@@ -19,10 +19,9 @@ if (isset($_POST['create_folder'])) {
$add_folder = mysqli_query($mysqli,"INSERT INTO folders SET folder_name = '$folder_name', parent_folder = $parent_folder, folder_location = $folder_location, folder_client_id = $client_id");
$folder_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Folder", "Create", "$session_name created folder $folder_name", $client_id, $folder_id);
- $_SESSION['alert_message'] = "Folder $folder_name created";
+ flash_alert("Folder $folder_name created");
redirect();
@@ -44,10 +43,9 @@ if (isset($_POST['rename_folder'])) {
// Folder edit query
mysqli_query($mysqli,"UPDATE folders SET folder_name = '$folder_name' WHERE folder_id = $folder_id");
- //Logging
logAction("Folder", "Rename", "$session_name renamed folder $old_folder_name to $folder_name", $client_id, $folder_id);
- $_SESSION['alert_message'] = "Folder $old_folder_name renamed to $folder_name";
+ flash_alert("Folder $old_folder_name renamed to $folder_name");
redirect();
@@ -75,11 +73,9 @@ if (isset($_GET['delete_folder'])) {
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = 0 WHERE document_id = $document_id");
}
- //Logging
logAction("Folder", "Delete", "$session_name deleted folder $folder_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Folder $folder_name deleted";
+ flash_alert("Folder $folder_name deleted", 'error');
redirect();
diff --git a/user/post/invoice.php b/user/post/invoice.php
index f48e4ecd..c5d704ba 100644
--- a/user/post/invoice.php
+++ b/user/post/invoice.php
@@ -12,10 +12,8 @@ if (isset($_POST['add_invoice'])) {
$client_id = intval($_POST['client']);
- //Get Net Terms
- $sql = mysqli_query($mysqli,"SELECT client_net_terms FROM clients WHERE client_id = $client_id");
- $row = mysqli_fetch_array($sql);
- $client_net_terms = intval($row['client_net_terms']);
+ // Get Net Terms
+ $client_net_terms = intval(getFieldById('clients', $client_id, 'client_net_terms'));
//Get the last Invoice Number and add 1 for the new invoice number
$invoice_number = $config_invoice_next_number;
@@ -31,14 +29,14 @@ if (isset($_POST['add_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created', history_invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Create", "$session_name created Invoice $config_invoice_prefix$invoice_number - $scope", $client_id, $invoice_id);
customAction('invoice_create', $invoice_id);
- $_SESSION['alert_message'] = "Invoice $config_invoice_prefix$invoice_number created";
+ flash_alert("Invoice $config_invoice_prefix$invoice_number created");
+
+ redirect("invoice.php?invoice_id=$invoice_id");
- header("Location: invoice.php?invoice_id=$invoice_id");
}
if (isset($_POST['edit_invoice'])) {
@@ -67,10 +65,9 @@ if (isset($_POST['edit_invoice'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_scope = '$scope', invoice_date = '$date', invoice_due = '$due', invoice_category_id = $category, invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount' WHERE invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Edit", "$session_name edited Invoice $invoice_prefix$invoice_number - $scope", $client_id, $invoice_id);
- $_SESSION['alert_message'] = "Invoice $invoice_prefix$invoice_number edited";
+ flash_alert("Invoice $invoice_prefix$invoice_number edited");
redirect();
@@ -127,14 +124,13 @@ if (isset($_POST['add_invoice_copy'])) {
mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_invoice_id = $new_invoice_id");
}
- //Logging
logAction("Invoice", "Create", "$session_name created new Invoice $config_invoice_prefix$new_invoice_number from $old_invoice_prefix$old_invoice_prefix", $client_id, $new_invoice_id);
customAction('invoice_create', $new_invoice_id);
- $_SESSION['alert_message'] = "Created new Invoice $config_invoice_prefix$new_invoice_number from $old_invoice_prefix$old_invoice_prefix";
+ flash_alert("Created new Invoice $config_invoice_prefix$new_invoice_number from $old_invoice_prefix$old_invoice_prefix");
- header("Location: invoice.php?invoice_id=$new_invoice_id");
+ redirect("invoice.php?invoice_id=$new_invoice_id");
}
@@ -182,12 +178,11 @@ if (isset($_POST['add_invoice_recurring'])) {
mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_recurring_invoice_id = $recurring_invoice_id");
}
- // Logging
logAction("Recurring Invoice", "Create", "$session_name created recurring Invoice from Invoice $invoice_prefix$invoice_number", $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Created recurring Invoice from Invoice $invoice_prefix$invoice_number";
+ flash_alert("Created recurring Invoice from Invoice $invoice_prefix$invoice_number");
- header("Location: recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
+ redirect("recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
}
@@ -210,12 +205,11 @@ if (isset($_POST['add_recurring_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Active', history_description = 'Recurring Invoice created', history_recurring_invoice_id = $recurring_invoice_id");
- //Logging
logAction("Recurring Invoice", "Create", "$session_name created recurring invoice $config_recurring_invoice_prefix$recurring_invoice_number - $scope", $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Recurring Invoice $config_recurring_invoice_prefix$recurring_invoice_number created";
+ flash_alert("Recurring Invoice $config_recurring_invoice_prefix$recurring_invoice_number created");
- header("Location: recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
+ redirect("recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
}
@@ -249,16 +243,16 @@ if (isset($_POST['edit_recurring_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$status', history_description = 'Recurring Invoice edited', history_recurring_invoice_id = $recurring_invoice_id");
- // Logging
logAction("Recurring Invoice", "Edit", "$session_name edited recurring invoice $recurring_invoice_prefix$recurring_invoice_number - $scope", $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number edited";
+ flash_alert("Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number edited");
redirect();
}
if (isset($_GET['delete_recurring_invoice'])) {
+
$recurring_invoice_id = intval($_GET['delete_recurring_invoice']);
// Get Recurring Invoice Details and Client ID for Logging
@@ -285,11 +279,9 @@ if (isset($_GET['delete_recurring_invoice'])) {
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
- // Logging
logAction("Recurring Invoice", "Delete", "$session_name deleted recurring invoice $recurring_invoice_prefix$recurring_invoice_number - $recurring_invoice_scope", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number deleted";
+ flash_alert("Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number deleted", 'error');
redirect();
@@ -339,10 +331,9 @@ if (isset($_POST['add_recurring_invoice_item'])) {
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
- // Logging
logAction("Recurring Invoice", "Edit", "$session_name added item $name to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Item $name added to Recurring Invoice";
+ flash_alert("Item $name added to Recurring Invoice");
redirect();
@@ -362,16 +353,16 @@ if (isset($_POST['recurring_invoice_note'])) {
mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_note = '$note' WHERE recurring_invoice_id = $recurring_invoice_id");
- // Logging
logAction("Recurring Invoice", "Edit", "$session_name added note to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Notes added";
+ flash_alert("Notes added");
redirect();
}
if (isset($_GET['delete_recurring_invoice_item'])) {
+
$item_id = intval($_GET['delete_recurring_invoice_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
@@ -394,11 +385,9 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
- // Logging
logAction("Recurring Invoice", "Edit", "$session_name removed item $item_name from recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Item
$item_name removed";
+ flash_alert("Item
$item_name removed", 'error');
redirect();
@@ -419,14 +408,14 @@ if (isset($_GET['mark_invoice_sent'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice marked sent', history_invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Edit", "$session_name marked invoice $invoice_prefix$invoice_number sent", $client_id, $invoice_id);
- $_SESSION['alert_message'] = "Invoice marked sent";
+ flash_alert("Invoice marked sent");
redirect();
}
+
if (isset($_GET['mark_invoice_non-billable'])) {
$invoice_id = intval($_GET['mark_invoice_non-billable']);
@@ -442,10 +431,9 @@ if (isset($_GET['mark_invoice_non-billable'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Non-Billable', history_description = 'INVOICE marked Non-Billable', history_invoice_id = $invoice_id");
- //Logging
logAction("Invoice", "Edit", "$session_name marked invoice $invoice_prefix$invoice_number Non-Billable", $client_id, $invoice_id);
- $_SESSION['alert_message'] = "Invoice marked Non-Billable";
+ flash_alert("Invoice marked Non-Billable");
redirect();
@@ -466,17 +454,16 @@ if (isset($_GET['cancel_invoice'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Cancelled', history_description = 'Invoice cancelled', history_invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Edit", "$session_name cancelled invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Invoice
$invoice_prefix$invoice_number cancelled";
+ flash_alert("Invoice
$invoice_prefix$invoice_number cancelled", 'error');
redirect();
}
if (isset($_GET['delete_invoice'])) {
+
$invoice_id = intval($_GET['delete_invoice']);
// Get Invoice Number and Prefix and Client ID for Logging
@@ -512,17 +499,16 @@ if (isset($_GET['delete_invoice'])) {
//unlink tickets from invoice
mysqli_query($mysqli,"UPDATE tickets SET ticket_invoice_id = 0 WHERE ticket_invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Delete", "$session_name deleted invoice $invoice_prefix$invoice_number", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Invoice
$invoice_prefix$invoice_number deleted";
+ flash_alert("Invoice
$invoice_prefix$invoice_number deleted", 'error');
redirect();
}
if (isset($_POST['add_invoice_item'])) {
+
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
@@ -567,16 +553,16 @@ if (isset($_POST['add_invoice_item'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Edit", "$session_name added item $name to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
- $_SESSION['alert_message'] = "Item
$name added to invoice";
+ flash_alert("Item
$name added to invoice");
redirect();
}
if (isset($_POST['invoice_note'])) {
+
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
@@ -593,13 +579,14 @@ if (isset($_POST['invoice_note'])) {
logAction("Invoice", "Edit", "$session_name added note to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
- $_SESSION['alert_message'] = "Notes added";
+ flash_alert("Notes added");
redirect();
}
if (isset($_POST['edit_item'])) {
+
enforceUserPermission('module_sales', 2);
$item_id = intval($_POST['item_id']);
@@ -647,7 +634,6 @@ if (isset($_POST['edit_item'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Edit", "$session_name edited item $name on invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
} elseif ($quote_id > 0) {
@@ -666,7 +652,6 @@ if (isset($_POST['edit_item'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
- // Logging
logAction("Quote", "Edit", "$session_name edited item $name on quote $quote_prefix$quote_number", $client_id, $quote_id);
} else {
@@ -690,13 +675,14 @@ if (isset($_POST['edit_item'])) {
}
- $_SESSION['alert_message'] = "Item
$name updated";
+ flash_alert("Item
$name updated");
redirect();
}
if (isset($_GET['delete_invoice_item'])) {
+
enforceUserPermission('module_sales', 2);
$item_id = intval($_GET['delete_invoice_item']);
@@ -721,17 +707,16 @@ if (isset($_GET['delete_invoice_item'])) {
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
- // Logging
logAction("Invoice", "Delete", "$session_name removed item $item_name from invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Item
$item_name removed from invoice";
+ flash_alert("Item
$item_name removed from invoice", 'error');
redirect();
}
if (isset($_POST['add_payment'])) {
+
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -747,7 +732,7 @@ if (isset($_POST['add_payment'])) {
//Check to see if amount entered is greater than the balance of the invoice
if ($amount > $balance) {
- $_SESSION['alert_message'] = "Payment is more than the balance";
+ flash_alert("Payment can not be more than the balance", 'error');
redirect();
} else {
mysqli_query($mysqli,"INSERT INTO payments SET payment_date = '$date', payment_amount = $amount, payment_currency_code = '$currency_code', payment_account_id = $account, payment_method = '$payment_method', payment_reference = '$reference', payment_invoice_id = $invoice_id");
@@ -883,15 +868,16 @@ if (isset($_POST['add_payment'])) {
//Add Payment to History
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$invoice_status', history_description = 'Payment added', history_invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Payment", "Payment amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " added to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
customAction('invoice_pay', $invoice_id);
- $_SESSION['alert_message'] .= "Payment amount
" . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " added";
+ flash_alert("Payment amount
" . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " added");
redirect();
+
}
+
}
if (isset($_POST['apply_credit'])) {
@@ -913,7 +899,7 @@ if (isset($_POST['apply_credit'])) {
//Check to see if amount entered is greater than the balance of the invoice
if ($amount > $invoice_balance) {
- $_SESSION['alert_message'] = "Credit is more than the balance";
+ flash_alert("Credit can not be more than the balance", 'alert');
redirect();
}
@@ -957,16 +943,18 @@ if (isset($_POST['apply_credit'])) {
customAction('invoice_pay', $invoice_id);
- $_SESSION['alert_message'] .= "Credit amount
" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . " applied";
+ flash_alert("Credit amount
" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . " applied");
redirect();
+
}
if (isset($_GET['add_payment_stripe'])) {
+ validateCSRFToken($_GET['csrf_token']);
+
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
- validateCSRFToken($_GET['csrf_token']);
$invoice_id = intval($_GET['invoice_id']);
@@ -1016,20 +1004,14 @@ if (isset($_GET['add_payment_stripe'])) {
// Sanity checks
if (!$config_stripe_enable || !$stripe_id || !$stripe_pm) {
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Stripe not enabled or no client card saved";
+ flash_alert("Stripe not enabled or no client card saved", 'error');
redirect();
- exit();
} elseif ($invoice_status !== 'Sent' && $invoice_status !== 'Viewed') {
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Invalid invoice state (draft/partial/paid/not billable)";
+ flash_alert("Invalid invoice state (draft/partial/paid/not billable)", 'error');
redirect();
- exit();
} elseif ($invoice_amount == 0) {
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Invalid invoice amount";
+ flash_alert("Invalid invoice amount", 'error');
redirect();
- exit();
}
// Initialize Stripe
@@ -1136,21 +1118,23 @@ if (isset($_GET['add_payment_stripe'])) {
logAction("Invoice", "Payment", "$session_name initiated Stripe payment amount of " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " added to invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc", $client_id, $invoice_id);
customAction('invoice_pay', $invoice_id);
- $_SESSION['alert_message'] .= "Payment amount
" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " added";
+ flash_alert("Payment amount
" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " added");
+
redirect();
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
+
logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Payment failed";
+ flash_alert("Payment failed", 'error');
+
redirect();
- exit();
}
}
if (isset($_POST['add_bulk_payment'])) {
+
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -1167,10 +1151,8 @@ if (isset($_POST['add_bulk_payment'])) {
// Check if bulk_payment_amount exceeds total_account_balance
if ($bulk_payment_amount > $total_account_balance) {
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Payment exceeds Client Balance.";
+ flash_alert("Payment exceeds Client Balance.", 'error');
redirect();
- exit;
}
// Get Invoices
@@ -1271,20 +1253,20 @@ if (isset($_POST['add_bulk_payment'])) {
// Email Logging
logAction("Payment", "Email", "Bulk Payment receipt for multiple Invoices queued to $contact_email Email ID: $email_id", $client_id);
- $_SESSION['alert_message'] .= "Email receipt queued and ";
+ $alert_message .= "Email receipt queued and ";
} // End Email
- // Logging
logAction("Invoice", "Payment", "Bulk Payment amount of " . numfmt_format_currency($currency_format, $bulk_payment_amount_static, $currency_code) . " applied to multiple invoices", $client_id);
- $_SESSION['alert_message'] .= "Bulk Payment added";
+ flash_alert("$alert_message Bulk Payment added");
- // Redirect Back
redirect();
+
}
if (isset($_GET['delete_payment'])) {
+
enforceUserPermission('module_sales', 2);
enforceUserPermission('module_financial', 2);
@@ -1326,13 +1308,11 @@ if (isset($_GET['delete_payment'])) {
mysqli_query($mysqli,"DELETE FROM payments WHERE payment_id = $payment_id");
- // Logging
logAction("Invoice", "Edit", "$session_name deleted Payment on Invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Payment deleted";
+ flash_alert("Payment deleted", 'error');
if ($config_stripe_enable) {
- $_SESSION['alert_message'] = "Payment deleted - Stripe payments must be manually refunded in Stripe";
+ flash_alert("Payment deleted - Stripe payments must be manually refunded in Stripe", 'error');
}
redirect();
@@ -1340,6 +1320,7 @@ if (isset($_GET['delete_payment'])) {
}
if (isset($_GET['email_invoice'])) {
+
$invoice_id = intval($_GET['email_invoice']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoices
@@ -1416,7 +1397,8 @@ if (isset($_GET['email_invoice'])) {
// Get Email ID for reference
$email_id = mysqli_insert_id($mysqli);
- $_SESSION['alert_message'] = "Invoice sent to mail queue!
Check Admin > Mail queue";
+ flash_alert("Invoice sent to mail queue!
Check Admin > Mail queue");
+
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id");
// Don't change the status to sent if the status is anything but draft
@@ -1424,7 +1406,6 @@ if (isset($_GET['email_invoice'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Sent' WHERE invoice_id = $invoice_id");
}
- // Logging
logAction("Invoice", "Email", "$session_name Emailed $contact_email Invoice $invoice_prefix$invoice_number Email queued to Email ID: $email_id", $client_id, $invoice_id);
// Send copies of the invoice to any additional billing contacts
@@ -1454,7 +1435,6 @@ if (isset($_GET['email_invoice'])) {
]
];
- // Logging
logAction("Invoice", "Email", "$session_name Emailed $billing_contact_email Invoice $invoice_prefix$invoice_number Email queued Email ID: $email_id", $client_id, $invoice_id);
}
@@ -1485,21 +1465,21 @@ if (isset($_POST['add_recurring_payment'])) {
// Get Payment ID for reference
$recurring_payment_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name created Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $currency_code), $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Automatic Payment created for
$recurring_invoice_prefix$recurring_invoice_number";
+ flash_alert("Automatic Payment created for
$recurring_invoice_prefix$recurring_invoice_number");
redirect();
+
}
if (isset($_GET['delete_recurring_payment'])) {
+
$recurring_payment_id = intval($_GET['delete_recurring_payment']);
- $sql = mysqli_query($mysqli,"SELECT * FROM recurring_payments WHERE recurring_payment_id = $recurring_payment_id");
- $row = mysqli_fetch_array($sql);
- $recurring_invoice_id = intval($row['recurring_payment_recurring_invoice_id']);
+ // Get recurring Invoice ID
+ $recurring_invoice_id = intval(getFieldById('recurring_payments', $recurring_payment_id, 'recurring_payment_recurring_invoice_id'));
// Get the invoice total and details
$sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
@@ -1510,17 +1490,16 @@ if (isset($_GET['delete_recurring_payment'])) {
mysqli_query($mysqli,"DELETE FROM recurring_payments WHERE recurring_payment_id = $recurring_payment_id");
- // Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name removed auto Pay from Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Auto Payment Removed for Recurring Invoice
$recurring_invoice_prefix$recurring_invoice_number";
+ flash_alert("Auto Payment Removed for Recurring Invoice
$recurring_invoice_prefix$recurring_invoice_number", 'error');
redirect();
}
if (isset($_GET['force_recurring'])) {
+
$recurring_invoice_id = intval($_GET['force_recurring']);
$sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id");
@@ -1664,12 +1643,11 @@ if (isset($_GET['force_recurring'])) {
} //End Recurring Invoices Loop
- // Logging
logAction("Invoice", "Create", "$session_name forced recurring invoice into an invoice", $client_id, $new_invoice_id);
customAction('invoice_create', $new_invoice_id);
- $_SESSION['alert_message'] = "Recurring Invoice Forced";
+ flash_alert("Recurring Invoice Forced");
redirect();
@@ -1710,25 +1688,24 @@ if (isset($_POST['set_recurring_payment'])) {
// Get Payment ID for reference
$recurring_payment_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name created Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $recurring_invoice_currency_code), $client_id, $recurring_invoice_id);
- $_SESSION['alert_message'] = "Automatic Payment
$saved_payment_description enabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number";
+ flash_alert("Automatic Payment
$saved_payment_description enabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number");
} else {
// Delete
mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id");
- // Logging
logAction("Recurring Invoice", "Auto Payment", "$session_name removed Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $recurring_invoice_currency_code), $client_id, $recurring_invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Automatic Payment
Disabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number";
+ flash_alert("Automatic Payment
Disabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", 'error');
}
redirect();
+
}
if (isset($_POST['export_invoices_csv'])) {
+
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
@@ -1781,7 +1758,6 @@ if (isset($_POST['export_invoices_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Invoice", "Export", "$session_name exported $num_rows invoices to CSV file");
exit;
@@ -1789,6 +1765,7 @@ if (isset($_POST['export_invoices_csv'])) {
}
if (isset($_POST['export_client_recurring_invoice_csv'])) {
+
$client_id = intval($_POST['client_id']);
//get records from database
@@ -1829,7 +1806,6 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Recurring Invoice", "Export", "$session_name exported $num_rows recurring invoices to CSV file");
exit;
@@ -1837,6 +1813,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
}
if (isset($_POST['export_payments_csv'])) {
+
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND invoice_client_id = $client_id";
@@ -1876,7 +1853,6 @@ if (isset($_POST['export_payments_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Payments", "Export", "$session_name exported $num_rows payments to CSV file");
exit;
@@ -1884,6 +1860,7 @@ if (isset($_POST['export_payments_csv'])) {
}
if (isset($_GET['recurring_invoice_email_notify'])) {
+
$recurring_invoice_email_notify = intval($_GET['recurring_invoice_email_notify']);
$recurring_invoice_id = intval($_GET['recurring_invoice_id']);
@@ -1902,35 +1879,38 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
$notify_wording = "Off";
}
- // Logging
logAction("Recurring Invoice", "Edit", "$session_name turned $notify_wording Email Notifications for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Email Notifications
$notify_wording";
+ flash_alert("Email Notifications
$notify_wording", 'error');
redirect();
+
}
if (isset($_POST['link_invoice_to_ticket'])) {
+
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
mysqli_query($mysqli,"UPDATE invoices SET invoice_ticket_id = $ticket_id WHERE invoice_id = $invoice_id");
- $_SESSION['alert_message'] = "Invoice linked to ticket";
+ flash_alert("Invoice linked to ticket");
redirect();
+
}
if (isset($_POST['add_ticket_to_invoice'])) {
+
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
mysqli_query($mysqli,"UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
- $_SESSION['alert_message'] = "Ticket linked to invoice";
+ flash_alert("Ticket linked to invoice");
+
+ redirect("post.php?add_ticket_to_invoice=$invoice_id");
- header("Location: post.php?add_ticket_to_invoice=$invoice_id");
}
if (isset($_GET['export_invoice_pdf'])) {
@@ -2148,6 +2128,7 @@ if (isset($_GET['export_invoice_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}");
$pdf->Output("$filename.pdf", 'I');
+
exit;
}
@@ -2157,9 +2138,7 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
$category_id = intval($_POST['bulk_category_id']);
// Get Category name for logging and Notification
- $sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
- $row = mysqli_fetch_array($sql);
- $category_name = sanitizeInput($row['category_name']);
+ $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Assign Income category to Selected Invoices
if (isset($_POST['invoice_ids'])) {
@@ -2180,16 +2159,15 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
mysqli_query($mysqli,"UPDATE invoices SET invoice_category_id = $category_id WHERE invoice_id = $invoice_id");
- // Logging
logAction("Invoice", "Edit", "$session_name assigned Invoice $invoice_prefix$invoice_number to category $category_name", $client_id, $invoice_id);
} // End Assign Loop
- // Logging
logAction("Invoice", "Bulk Edit", "$session_name assigned $count invoices to category $category_name");
- $_SESSION['alert_message'] = "Assigned income category
$category_name to
$count invoice(s)";
+ flash_alert("Assigned income category
$category_name to
$count invoice(s)");
}
redirect();
-}
\ No newline at end of file
+
+}
diff --git a/user/post/location.php b/user/post/location.php
index 06d07706..ef6eb552 100644
--- a/user/post/location.php
+++ b/user/post/location.php
@@ -12,7 +12,6 @@ if(isset($_POST['add_location'])){
require_once 'location_model.php';
-
if(!file_exists("../uploads/clients/$client_id")) {
mkdir("../uploads/clients/$client_id");
}
@@ -51,10 +50,9 @@ if(isset($_POST['add_location'])){
}
}
- // Logging
logAction("Location", "Create", "$session_name created location $name", $client_id, $location_id);
- $_SESSION['alert_message'] = "Location
$name created.";
+ flash_alert("Location
$name created.");
redirect();
@@ -66,7 +64,6 @@ if(isset($_POST['edit_location'])){
require_once 'location_model.php';
-
$location_id = intval($_POST['location_id']);
// Get old location photo
@@ -74,7 +71,6 @@ if(isset($_POST['edit_location'])){
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['location_photo']);
-
if(!file_exists("../uploads/clients/$client_id")) {
mkdir("../uploads/clients/$client_id");
}
@@ -116,10 +112,9 @@ if(isset($_POST['edit_location'])){
}
- // Logging
logAction("Location", "Edit", "$session_name edited location $name", $client_id, $location_id);
- $_SESSION['alert_message'] = "Location
$name updated";
+ flash_alert("Location
$name updated");
redirect();
@@ -139,11 +134,9 @@ if(isset($_GET['archive_location'])){
mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id");
- // Logging
logAction("Location", "Archive", "$session_name archived location $location_name", $client_id, $location_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Location
$location_name archived";
+ flash_alert("Location
$location_name archived", 'error');
redirect();
@@ -163,12 +156,12 @@ if(isset($_GET['unarchive_location'])){
mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
- // Logging
logAction("Location", "Unarchive", "$session_name unarchived location $location_name", $client_id, $location_id);
- $_SESSION['alert_message'] = "Location
$location_name restored";
+ flash_alert("Location
$location_name restored");
redirect();
+
}
if(isset($_GET['delete_location'])){
@@ -185,12 +178,9 @@ if(isset($_GET['delete_location'])){
mysqli_query($mysqli,"DELETE FROM locations WHERE location_id = $location_id");
- // Logging
logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
-
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Location
$location_name deleted";
+ flash_alert("Location
$location_name deleted", 'error');
redirect();
@@ -232,15 +222,14 @@ if (isset($_POST['bulk_assign_location_tags'])) {
}
}
- // Logging
logAction("Location", "Edit", "$session_name assigned tags to location $location_name", $client_id, $location_id);
} // End Assign Location Loop
- // Logging
logAction("Location", "Bulk Edit", "$session_name assigned tags to $count location(s)", $client_id);
- $_SESSION['alert_message'] = "Assigned tags for
$count locations";
+ flash_alert("Assigned tags for
$count locations");
+
}
redirect();
@@ -248,6 +237,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
}
if (isset($_POST['bulk_archive_locations'])) {
+
enforceUserPermission('module_client', 2);
validateCSRFToken($_POST['csrf_token']);
@@ -278,21 +268,22 @@ if (isset($_POST['bulk_archive_locations'])) {
}
- // Bulk Logging
logAction("Location", "Bulk Archive", "$session_name archived $count location(s)");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Archived
$count location(s)";
+ flash_alert("Archived
$count location(s)", 'error');
}
redirect();
+
}
if (isset($_POST['bulk_unarchive_locations'])) {
- enforceUserPermission('module_client', 2);
+
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 2);
+
if (isset($_POST['location_ids'])) {
// Get Selected Count
@@ -311,25 +302,26 @@ if (isset($_POST['bulk_unarchive_locations'])) {
mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
- // Individual logging
logAction("Location", "Unarchive", "$session_name unarchived location $location_name", $client_id, $location_id);
}
- // Bulk Logging
logAction("Location", "Bulk Unarchive", "$session_name unarchived $count location(s)", $client_id);
- $_SESSION['alert_message'] = "Unarchived
$count location(s)";
+ flash_alert("Unarchived
$count location(s)");
}
redirect();
+
}
if (isset($_POST['bulk_delete_locations'])) {
- enforceUserPermission('module_client', 3);
+
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_client', 3);
+
if (isset($_POST['location_ids'])) {
// Get Selected Count
@@ -348,23 +340,22 @@ if (isset($_POST['bulk_delete_locations'])) {
mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
- // Logging
logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
}
- // Logging
logAction("Location", "Bulk Delete", "$session_name deleted $count location(s)", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Deleted
$count location(s)";
+ flash_alert("Deleted
$count location(s)", 'error');
}
redirect();
+
}
if(isset($_POST['export_locations_csv'])){
+
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND location_client_id = $client_id";
@@ -406,7 +397,6 @@ if(isset($_POST['export_locations_csv'])){
fpassthru($f);
}
- // Logging
logAction("Location", "Export", "$session_name exported $num_rows location(s) to a CSV file", $client_id);
exit;
@@ -423,10 +413,8 @@ if (isset($_POST["import_locations_csv"])) {
if (!empty($_FILES["file"]["tmp_name"])) {
$file_name = $_FILES["file"]["tmp_name"];
} else {
- $_SESSION['alert_message'] = "Please select a file to upload.";
- $_SESSION['alert_type'] = "error";
+ flash_alert("Please select a file to upload.", 'error');
redirect();
- exit();
}
//Check file is CSV
@@ -434,13 +422,13 @@ if (isset($_POST["import_locations_csv"])) {
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
$error = true;
- $_SESSION['alert_message'] = "Bad file extension";
+ flash_alert("Bad file extension", 'error');
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
$error = true;
- $_SESSION['alert_message'] = "Bad file size (empty?)";
+ flash_alert("Bad file size (empty?)", 'error');
}
//(Else)Check column count
@@ -448,7 +436,7 @@ if (isset($_POST["import_locations_csv"])) {
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 8) {
$error = true;
- $_SESSION['alert_message'] = "Bad column count.";
+ flash_alert("Bad column count.", 'error');
}
//Else, parse the file
@@ -498,17 +486,17 @@ if (isset($_POST["import_locations_csv"])) {
}
fclose($file);
- // Logging
logAction("Location", "Import", "$session_name imported $row_count location(s). $duplicate_count duplicate(s) found and not imported", $client_id);
- $_SESSION['alert_message'] = "$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported";
+ flash_alert("$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported");
+
redirect();
}
//Check for any errors, if there are notify user and redirect
if($error) {
- $_SESSION['alert_type'] = "warning";
redirect();
}
+
}
if(isset($_GET['download_locations_csv_template'])){
diff --git a/user/post/network.php b/user/post/network.php
index 45e12493..a8128aa5 100644
--- a/user/post/network.php
+++ b/user/post/network.php
@@ -16,10 +16,9 @@ if (isset($_POST['add_network'])) {
$network_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Network", "Create", "$session_name created network $name", $client_id, $network_id);
- $_SESSION['alert_message'] = "Network
$name created";
+ flash_alert("Network
$name created");
redirect();
@@ -34,10 +33,9 @@ if (isset($_POST['edit_network'])) {
mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");
- // Logging
logAction("Network", "Edit", "$session_name edited network $name", $client_id, $network_id);
- $_SESSION['alert_message'] = "Network
$name updated";
+ flash_alert("Network
$name updated");
redirect();
@@ -57,11 +55,9 @@ if (isset($_GET['archive_network'])) {
mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NOW() WHERE network_id = $network_id");
- // Logging
logAction("Network", "Archive", "$session_name archived network $network_name", $client_id, $network_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Network
$network_name archived";
+ flash_alert("Network
$network_name archived", 'error');
redirect();
@@ -81,16 +77,16 @@ if (isset($_GET['unarchive_network'])) {
mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NULL WHERE network_id = $network_id");
- // logging
logAction("Network", "Unarchive", "$session_name restored contact $contact_name", $client_id, $network_id);
- $_SESSION['alert_message'] = "Network
$network_name restored";
+ flash_alert("Network
$network_name restored");
redirect();
}
if (isset($_GET['delete_network'])) {
+
enforceUserPermission('module_support', 3);
$network_id = intval($_GET['delete_network']);
@@ -103,19 +99,19 @@ if (isset($_GET['delete_network'])) {
mysqli_query($mysqli,"DELETE FROM networks WHERE network_id = $network_id");
- // Logging
logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Network
$network_name deleted";
+ flash_alert("Network
$network_name deleted", 'error');
redirect();
}
if (isset($_POST['bulk_delete_networks'])) {
- enforceUserPermission('module_support', 3);
+
validateCSRFToken($_POST['csrf_token']);
+
+ enforceUserPermission('module_support', 3);
if (isset($_POST['network_ids'])) {
@@ -135,20 +131,18 @@ if (isset($_POST['bulk_delete_networks'])) {
mysqli_query($mysqli, "DELETE FROM networks WHERE network_id = $network_id AND network_client_id = $client_id");
- // Logging
logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
}
- // Logging
logAction("Network", "Bulk Delete", "$session_name deleted $count network(s)", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Deleted
$count network(s)";
+ flash_alert("Deleted
$count network(s)", 'error');
}
redirect();
+
}
if (isset($_POST['export_networks_csv'])) {
@@ -179,7 +173,7 @@ if (isset($_POST['export_networks_csv'])) {
fputcsv($f, $fields, $delimiter);
//output each row of the data, format line as csv and write to file pointer
- while($row = $sql->fetch_assoc()) {
+ while ($row = $sql->fetch_assoc()) {
$lineData = array($row['network_name'], $row['network_description'], $row['network_vlan'], $row['network'], $row['network_subnet'], $row['network_gateway'], $row['network_primary_dns'], $row['network_secondary_dns'], $row['network_dhcp_range']);
fputcsv($f, $lineData, $delimiter);
}
@@ -195,7 +189,6 @@ if (isset($_POST['export_networks_csv'])) {
fpassthru($f);
}
- // Logging
logAction("Network", "Export", "$session_name deleted $num_rows network(s) to a CSV file", $client_id);
exit;
diff --git a/user/post/product.php b/user/post/product.php
index 58d8aa84..5426b0dc 100644
--- a/user/post/product.php
+++ b/user/post/product.php
@@ -6,7 +6,6 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
-// Products
if (isset($_POST['add_product'])) {
enforceUserPermission('module_sales', 2);
@@ -17,10 +16,9 @@ if (isset($_POST['add_product'])) {
$product_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Product", "Create", "$session_name created product $name", 0, $product_id);
- $_SESSION['alert_message'] = "Product
$name created";
+ flash_alert("Product
$name created");
redirect();
@@ -36,10 +34,9 @@ if (isset($_POST['edit_product'])) {
mysqli_query($mysqli,"UPDATE products SET product_name = '$name', product_description = '$description', product_price = '$price', product_tax_id = $tax, product_category_id = $category WHERE product_id = $product_id");
- // Logging
logAction("Product", "Edit", "$session_name edited product $name", 0, $product_id);
- $_SESSION['alert_message'] = "Product
$name edited";
+ flash_alert("Product
$name edited");
redirect();
@@ -51,18 +48,13 @@ if (isset($_GET['archive_product'])) {
$product_id = intval($_GET['archive_product']);
- // Get Contact Name and Client ID for logging and alert message
- $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
- // Logging
logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Product
$product_name archived";
+ flash_alert("Product
$product_name archived", 'error');
redirect();
@@ -74,17 +66,13 @@ if (isset($_GET['unarchive_product'])) {
$product_id = intval($_GET['unarchive_product']);
- // Get Contact Name and Client ID for logging and alert message
- $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
- // Logging
logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
- $_SESSION['alert_message'] = "Product
$product_name restored";
+ flash_alert("Product
$product_name restored");
redirect();
@@ -97,17 +85,13 @@ if (isset($_GET['delete_product'])) {
$product_id = intval($_GET['delete_product']);
//Get Product Name
- $sql = mysqli_query($mysqli,"SELECT * FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"DELETE FROM products WHERE product_id = $product_id");
- // Logging
logAction("Product", "Delete", "$session_name deleted product $product_name");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Product
$product_name deleted";
+ flash_alert("Product
$product_name deleted", 'error');
redirect();
@@ -120,9 +104,7 @@ if (isset($_POST['bulk_edit_product_category'])) {
$category_id = intval($_POST['bulk_category_id']);
// Get Category name for logging and Notification
- $sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
- $row = mysqli_fetch_array($sql);
- $category_name = sanitizeInput($row['category_name']);
+ $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Assign category to Selected Products
if (isset($_POST['product_ids'])) {
@@ -134,32 +116,29 @@ if (isset($_POST['bulk_edit_product_category'])) {
$product_id = intval($product_id);
// Get Product Details for Logging
- $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_category_id = $category_id WHERE product_id = $product_id");
- //Logging
logAction("Product", "Edit", "$session_name assigned product $product_name to category $category_name", 0, $product_id);
} // End Assign Product Loop
- //Logging
logAction("Product", "Edit", "$session_name assigned category $category_name to $count product(s)");
- $_SESSION['alert_message'] = "Assigned category
$category_name to
$count product(s)";
+ flash_alert("Assigned category
$category_name to
$count product(s)");
}
redirect();
+
}
if (isset($_POST['bulk_archive_products'])) {
- enforceUserPermission('module_sales', 2);
-
validateCSRFToken($_POST['csrf_token']);
+ enforceUserPermission('module_sales', 2);
+
if (isset($_POST['product_ids'])) {
$count = count($_POST['product_ids']);
@@ -169,31 +148,28 @@ if (isset($_POST['bulk_archive_products'])) {
$product_id = intval($product_id);
- // Get Name and Client ID for logging and alert message
- $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
- // Individual Contact logging
logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
}
- // Bulk Logging
logAction("Product", "Bulk Archive", "$session_name archived $count product(s)");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Archived
$count product(s)";
+ flash_alert("Archived
$count product(s)", 'error');
}
redirect();
+
}
if (isset($_POST['bulk_unarchive_products'])) {
- enforceUserPermission('module_sales', 2);
+
validateCSRFToken($_POST['csrf_token']);
+
+ enforceUserPermission('module_sales', 2);
if (isset($_POST['product_ids'])) {
@@ -204,31 +180,30 @@ if (isset($_POST['bulk_unarchive_products'])) {
$product_id = intval($product_id);
- // Get Name and Client ID for logging and alert message
- $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
- // Individual logging
logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
}
- // Bulk Logging
logAction("Product", "Bulk Unarchive", "$session_name unarchived $count product(s)");
- $_SESSION['alert_message'] = "Unarchived
$count product(s)";
+ flash_alert("Unarchived
$count product(s)");
}
redirect();
+
}
if (isset($_POST['bulk_delete_products'])) {
- enforceUserPermission('module_sales', 3);
+
validateCSRFToken($_POST['csrf_token']);
+
+ enforceUserPermission('module_sales', 3);
+
if (isset($_POST['product_ids'])) {
@@ -236,30 +211,24 @@ if (isset($_POST['bulk_delete_products'])) {
// Cycle through array and delete each record
foreach ($_POST['product_ids'] as $product_id) {
-
$product_id = intval($product_id);
- // Get Name and Client ID for logging and alert message
- $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
- $row = mysqli_fetch_array($sql);
- $product_name = sanitizeInput($row['product_name']);
+ $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id");
- // Individual logging
logAction("Product", "Delete", "$session_name deleted product $product_name");
}
- // Bulk logging
logAction("Product", "Bulk Delete", "$session_name deleted $count product(s)");
- $_SESSION['alert_message'] = "Deleted
$count product(s)";
+ flash_alert("Deleted
$count product(s)", 'error');
}
redirect();
- exit();
+
}
if (isset($_POST['export_products_csv'])) {
@@ -302,7 +271,6 @@ if (isset($_POST['export_products_csv'])) {
fpassthru($f);
}
- //Logging
logAction("Product", "Export", "$session_name exported $num_rows product(s) to a CSV file");
exit;
diff --git a/user/post/profile.php b/user/post/profile.php
index 758875de..e23f66b1 100644
--- a/user/post/profile.php
+++ b/user/post/profile.php
@@ -8,16 +8,13 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['edit_your_user_details'])) {
- // CSRF Check
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
$email = sanitizeInput($_POST['email']);
$signature = sanitizeInput($_POST['signature']);
- $sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $session_user_id");
- $row = mysqli_fetch_array($sql);
- $existing_file_name = sanitizeInput($row['user_avatar']);
+ $existing_file_name = sanitizeInput(getFieldById('users', $session_user_id, 'user_avatar'));
$logout = false;
$extended_log_description = '';
@@ -78,40 +75,40 @@ if (isset($_POST['edit_your_user_details'])) {
mysqli_query($mysqli,"UPDATE user_settings SET user_config_signature = '$signature' WHERE user_id = $session_user_id");
- //Logging
logAction("User Account", "Edit", "$session_name edited their account $extended_log_description");
- $_SESSION['alert_message'] = "User details updated";
+ flash_alert("User details updated");
if ($logout) {
- header('Location: post.php?logout');
- }
- else{
+ redirect('post.php?logout');
+ } else {
redirect();
}
+
}
if (isset($_GET['clear_your_user_avatar'])) {
+
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name cleared their avatar");
- $_SESSION['alert_message'] = "Avatar cleared";
+ flash_alert("Avatar cleared", 'error');
+
redirect();
+
}
if (isset($_POST['edit_your_user_password'])) {
- // CSRF Check
validateCSRFToken($_POST['csrf_token']);
$new_password = trim($_POST['new_password']);
if (empty($new_password)) {
- header('Location: user_security.php');
- exit;
+ redirect('user_security.php');
}
// Email notification when password or email is changed
@@ -148,17 +145,15 @@ if (isset($_POST['edit_your_user_password'])) {
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
- // Logging
logAction("User Account", "Edit", "$session_name changed their password");
- $_SESSION['alert_message'] = "Your password was updated";
+ flash_alert("Your password was updated");
- header('Location: post.php?logout');
+ redirect('post.php?logout');
}
if (isset($_POST['edit_your_user_preferences'])) {
- // CSRF Check
validateCSRFToken($_POST['csrf_token']);
$calendar_first_day = intval($_POST['calendar_first_day']);
@@ -185,12 +180,12 @@ if (isset($_POST['edit_your_user_preferences'])) {
$extended_log_description .= "disabled browser extension access";
}
- // Logging
logAction("User Account", "Edit", "$session_name $extended_log_description");
- $_SESSION['alert_message'] = "User preferences updated";
+ flash_alert("User preferences updated");
redirect();
+
}
if (isset($_POST['enable_mfa'])) {
@@ -218,10 +213,9 @@ if (isset($_POST['enable_mfa'])) {
// Delete any existing MFA tokens - these browsers should be re-validated
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
- // Logging
logAction("User Account", "Edit", "$session_name enabled MFA on their account");
- $_SESSION['alert_message'] = "Multi-Factor authentication enabled";
+ flash_alert("Multi-Factor authentication enabled");
// Clear the mfa_token from the session to avoid re-use.
unset($_SESSION['mfa_token']);
@@ -231,15 +225,14 @@ if (isset($_POST['enable_mfa'])) {
$previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
- header("Location: $config_start_page");
- exit;
+ redirect("$config_start_page");
+
}
}
} else {
// FAILURE
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Verification code invalid, please try again.";
+ flash_alert("Verification code invalid, please try again.", 'error');
// Set a flag to automatically open the MFA modal again
$_SESSION['show_mfa_modal'] = true;
@@ -249,29 +242,22 @@ if (isset($_POST['enable_mfa'])) {
$previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
- header("Location: " . $_SERVER['HTTP_REFERER']);
- exit;
+ redirect();
}
}
}
-
-
- header("Location: user_security.php");
- exit;
+ redirect("user_security.php");
}
if (isset($_GET['disable_mfa'])){
if ($session_user_config_force_mfa) {
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Multi-Factor authentication cannot be disabled for your account";
+ flash_alert("Multi-Factor authentication cannot be disabled for your account", 'error');
redirect();
- exit();
}
- // CSRF Check
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
@@ -302,11 +288,9 @@ if (isset($_GET['disable_mfa'])){
$mail = addToMailQueue($data);
}
- // Logging
logAction("User Account", "Edit", "$session_name disabled MFA on their account");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Multi-Factor authentication disabled";
+ flash_alert("Multi-Factor authentication disabled", 'error');
redirect();
@@ -314,17 +298,14 @@ if (isset($_GET['disable_mfa'])){
if (isset($_POST['revoke_your_2fa_remember_tokens'])) {
- // CSRF
validateCSRFToken($_POST['csrf_token']);
// Delete tokens
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
- //Logging
logAction("User Account", "Edit", "$session_name revoked all their remember-me tokens");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Remember me tokens revoked";
+ flash_alert("Remember me tokens revoked", 'error');
redirect();
diff --git a/user/post/project.php b/user/post/project.php
index 0bddd472..c1c529e5 100644
--- a/user/post/project.php
+++ b/user/post/project.php
@@ -70,12 +70,12 @@ if (isset($_POST['add_project'])) {
} // End Ticket Loop
} // End If Project Template
- // Logging
logAction("Project", "Create", "$session_name created project $project_name", $client_id, $project_id);
- $_SESSION['alert_message'] = "You created Project
$project_name";
+ flash_alert("You created Project
$project_name");
redirect();
+
}
if (isset($_POST['edit_project'])) {
@@ -91,12 +91,12 @@ if (isset($_POST['edit_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id WHERE project_id = $project_id");
- // Logging
logAction("Project", "Edit", "$session_name edited project $project_name", $client_id, $project_id);
- $_SESSION['alert_message'] = "Project
$project_name edited";
+ flash_alert("Project
$project_name edited");
redirect();
+
}
if (isset($_GET['close_project'])) {
@@ -113,12 +113,12 @@ if (isset($_GET['close_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_completed_at = NOW() WHERE project_id = $project_id");
- // Logging
logAction("Project", "Close", "$session_name closed project $project_name", $client_id, $project_id);
- $_SESSION['alert_message'] = "Project
$project_name closed";
+ flash_alert("Project
$project_name closed");
redirect();
+
}
if (isset($_GET['archive_project'])) {
@@ -135,13 +135,12 @@ if (isset($_GET['archive_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id");
- // Logging
logAction("Project", "Archive", "$session_name archived project $project_name", $client_id, $project_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Project
$project_name archived";
+ flash_alert("Project
$project_name archived", 'error');
redirect();
+
}
if (isset($_GET['unarchive_project'])) {
@@ -158,21 +157,20 @@ if (isset($_GET['unarchive_project'])) {
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id");
- // Logging
logAction("Project", "Unarchive", "$session_name unarchived project $project_name", $client_id, $project_id);
- $_SESSION['alert_message'] = "Project
$project_name unarchived";
+ flash_alert("Project
$project_name unarchived");
redirect();
+
}
if (isset($_GET['delete_project'])) {
- enforceUserPermission('module_support', 3);
-
- // CSRF Check
validateCSRFToken($_GET['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
$project_id = intval($_GET['delete_project']);
// Get Project Name and Client ID for logging
@@ -183,18 +181,18 @@ if (isset($_GET['delete_project'])) {
mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id");
- // Logging
logAction("Project", "Delete", "$session_name deleted project $project_name", $client_id, $project_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Project
$project_name Deleted";
+ flash_alert("Project
$project_name Deleted", 'error');
redirect();
+
}
if (isset($_POST['link_ticket_to_project'])) {
enforceUserPermission('module_support', 2);
+
$project_id = intval($_POST['project_id']);
// Get Project Name and Client ID for logging
@@ -221,23 +219,23 @@ if (isset($_POST['link_ticket_to_project'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
- // Logging
logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
}
- // Bulk Logging
logAction("Project", "Bulk Edit", "$session_name added $count ticket(s) to project $project_name", $client_id, $project_id);
- $_SESSION['alert_message'] = "
$count Ticket(s) added to
$project_name";
+ flash_alert("
$count Ticket(s) added to
$project_name");
}
redirect();
+
}
if (isset($_POST['link_closed_ticket_to_project'])) {
enforceUserPermission('module_support', 2);
+
$project_id = intval($_POST['project_id']);
$ticket_number = intval($_POST['ticket_number']);
@@ -250,9 +248,8 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
// Get ticket details
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_prefix, ticket_number, ticket_subject, ticket_updated_at FROM tickets WHERE ticket_number = $ticket_number");
if (mysqli_num_rows($sql) == 0) {
- $_SESSION['alert_message'] = "Cannot merge into that ticket.";
+ flash_alert("Cannot merge into that ticket.", 'error');
redirect();
- exit();
}
$row = mysqli_fetch_array($sql);
$ticket_id = intval($row['ticket_id']);
@@ -263,9 +260,10 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id, ticket_updated_at = '$ticket_updated' WHERE ticket_id = $ticket_id");
- // Logging
logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
- $_SESSION['alert_message'] = "Ticket added to
$project_name";
+ flash_alert("Ticket added to
$project_name");
+
redirect();
-}
\ No newline at end of file
+
+}
diff --git a/user/post/quote.php b/user/post/quote.php
index 534dfb91..fb566ac4 100644
--- a/user/post/quote.php
+++ b/user/post/quote.php
@@ -28,14 +28,13 @@ if (isset($_POST['add_quote'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Quote created!', history_quote_id = $quote_id");
- // Logging
logAction("Quote", "Create", "$session_name created quote $config_quote_prefix$quote_number", $client_id, $quote_id);
customAction('quote_create', $quote_id);
- $_SESSION['alert_message'] = "Quote
$config_quote_prefix$quote_number created";
+ flash_alert("Quote
$config_quote_prefix$quote_number created");
- header("Location: quote.php?quote_id=$quote_id");
+ redirect("quote.php?quote_id=$quote_id");
}
@@ -91,14 +90,13 @@ if (isset($_POST['add_quote_copy'])) {
mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_quote_id = $new_quote_id");
}
- // Logging
logAction("Quote", "Create", "$session_name created quote $config_quote_prefix$quote_number from quote $original_quote_prefix$original_quote_number", $client_id, $new_quote_id);
customAction('quote_create', $new_quote_id);
- $_SESSION['alert_message'] = "Quote copied";
+ flash_alert("Quote copied");
- header("Location: quote.php?quote_id=$new_quote_id");
+ redirect("quote.php?quote_id=$new_quote_id");
}
@@ -155,16 +153,16 @@ if (isset($_POST['add_quote_to_invoice'])) {
}
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Invoiced' WHERE quote_id = $quote_id");
+
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote invoiced as $config_invoice_prefix$invoice_number', history_quote_id = $quote_id");
- // Logging
logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from quote $config_quote_prefix$quote_number", $client_id, $new_invoice_id);
customAction('invoice_create', $new_invoice_id);
- $_SESSION['alert_message'] = "Invoice created from quote
$quote_prefix$quote_number";
+ flash_alert("Invoice created from quote
$quote_prefix$quote_number");
- header("Location: invoice.php?invoice_id=$new_invoice_id");
+ redirect("invoice.php?invoice_id=$new_invoice_id");
}
@@ -214,10 +212,9 @@ if (isset($_POST['add_quote_item'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
- // Logging
logAction("Quote", "Edit", "$session_name added item $name to quote $quote_prefix$quote_number", $client_id, $quote_id);
- $_SESSION['alert_message'] = "Item
$name added";
+ flash_alert("Item
$name added");
redirect();
@@ -239,10 +236,9 @@ if (isset($_POST['quote_note'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_note = '$note' WHERE quote_id = $quote_id");
- // Logging
logAction("Quote", "Edit", "$session_name added notes to quote $quote_prefix$quote_number", $client_id, $quote_id);
- $_SESSION['alert_message'] = "Notes added";
+ flash_alert("Notes added");
redirect();
@@ -274,10 +270,9 @@ if (isset($_POST['edit_quote'])) {
mysqli_query($mysqli,"UPDATE quotes SET quote_scope = '$scope', quote_date = '$date', quote_expire = '$expire', quote_discount_amount = '$quote_discount', quote_amount = '$quote_amount', quote_category_id = $category WHERE quote_id = $quote_id");
- // Logging
logAction("Quote", "Edit", "$session_name edited quote $quote_prefix$quote_number", $client_id, $quote_id);
- $_SESSION['alert_message'] = "Quote edited";
+ flash_alert("Quote edited");
redirect();
@@ -312,17 +307,15 @@ if (isset($_GET['delete_quote'])) {
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
}
- // Logging
logAction("Quote", "Delete", "$session_name deleted quote $quote_prefix$quote_number", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Quote
$quote_prefix$quote_number deleted";
+ flash_alert("Quote
$quote_prefix$quote_number deleted", 'error');
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
- header("Location: client_quotes.php?client_id=$client_id");
+ redirect("client_quotes.php?client_id=$client_id");
} else {
- header("Location: quotes.php");
+ redirect("quotes.php");
}
}
@@ -353,11 +346,9 @@ if (isset($_GET['delete_quote_item'])) {
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
- // Logging
logAction("Quote", "Edit", "$session_name removed item $item_name from $quote_prefix$quote_number", $client_id, $quote_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Item
$item_name removed";
+ flash_alert("Item
$item_name removed", 'error');
redirect();
@@ -379,10 +370,9 @@ if (isset($_GET['mark_quote_sent'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Quote marked sent', history_quote_id = $quote_id");
- // Logging
logAction("Quote", "Sent", "$session_name marked quote $quote_prefix$quote_number as sent", $client_id, $quote_id);
- $_SESSION['alert_message'] = "Quote marked sent";
+ flash_alert("Quote marked sent");
redirect();
@@ -404,12 +394,11 @@ if (isset($_GET['accept_quote'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Accepted', history_description = 'Quote accepted by $session_name', history_quote_id = $quote_id");
- // Logging
logAction("Quote", "Edit", "$session_name marked quote $quote_prefix$quote_number as accepted", $client_id, $quote_id);
customAction('quote_accept', $quote_id);
- $_SESSION['alert_message'] = "Quote accepted";
+ flash_alert("Quote accepted");
redirect();
@@ -433,11 +422,9 @@ if (isset($_GET['decline_quote'])) {
customAction('quote_decline', $quote_id);
- // Logging
logAction("Quote", "Edit", "$session_name marked quote $quote_prefix$quote_number as declined", $client_id, $quote_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Quote declined";
+ flash_alert("Quote declined", 'error');
redirect();
@@ -508,10 +495,9 @@ if (isset($_GET['email_quote'])) {
// Update History
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Quote', history_quote_id = $quote_id");
- // Logging
logAction("Quote", "Email", "$session_name emailed quote $quote_prefix$quote_number to $contact_email", $client_id, $quote_id);
- $_SESSION['alert_message'] = "Quote has been queued successfully!
See Mail Queue";
+ flash_alert("Quote has been queued successfully!
See Mail Queue");
//Don't change the status to sent if the status is anything but draft
if ($quote_status == 'Draft') {
@@ -538,10 +524,9 @@ if (isset($_GET['mark_quote_invoiced'])) {
mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote marked as invoiced', history_quote_id = $quote_id");
- // Logging
logAction("Quote", "Sent", "$session_name marked quote $quote_prefix$quote_number as invoiced", $client_id, $quote_id);
- $_SESSION['alert_message'] = "Quote marked invoiced";
+ flash_alert("Quote marked invoiced");
redirect();
@@ -591,15 +576,12 @@ if(isset($_POST['export_quotes_csv'])){
fpassthru($f);
}
- // Logging
logAction("Quote", "Export", "$session_name exported $num_rows quote(s) to a CSV file");
- $_SESSION['alert_message'] = "Exported
$num_rows quote(s)";
+ flash_alert("Exported
$num_rows quote(s)");
redirect();
- exit;
-
}
if (isset($_GET['export_quote_pdf'])) {
@@ -805,6 +787,7 @@ if (isset($_GET['export_quote_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$quote_date}_{$company_name}_{$client_name}_Quote_{$quote_prefix}{$quote_number}");
$pdf->Output("$filename.pdf", 'I');
+
exit;
}
diff --git a/user/post/rack.php b/user/post/rack.php
index b0fecbf9..524a32ce 100644
--- a/user/post/rack.php
+++ b/user/post/rack.php
@@ -41,10 +41,9 @@ if (isset($_POST['add_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id");
}
- // Logging
logAction("Rack", "Create", "$session_name created rack $name", $client_id, $rack_id);
- $_SESSION['alert_message'] = "Rack
$name created";
+ flash_alert("Rack
$name created");
redirect();
@@ -84,10 +83,9 @@ if (isset($_POST['edit_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id");
}
- // Logging
logAction("Rack", "Edit", "$session_name edited rack $name", $client_id, $rack_id);
- $_SESSION['alert_message'] = "Rack
$name edited";
+ flash_alert("Rack
$name edited");
redirect();
@@ -107,11 +105,9 @@ if (isset($_GET['archive_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NOW() WHERE rack_id = $rack_id");
- // Logging
logAction("Rack", "Archive", "$session_name archived rack $rack_name", $client_id, $rack_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Rack
$rack_name archived";
+ flash_alert("Rack
$rack_name archived", 'error');
redirect();
@@ -131,10 +127,9 @@ if (isset($_GET['unarchive_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NULL WHERE rack_id = $rack_id");
- // Logging
logAction("Rack", "Unarchive", "$session_name unarchived rack $rack_name", $client_id, $rack_id);
- $_SESSION['alert_message'] = "Rack
$rack_name Unarchived";
+ flash_alert("Rack
$rack_name Unarchived");
redirect();
@@ -160,11 +155,9 @@ if (isset($_GET['delete_rack'])) {
unlink("../uploads/clients/$client_id/$rack_photo");
}
- // Logging
logAction("Rack", "Delete", "$session_name deleted rack $rack_name", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Rack
$rack_name deleted";
+ flash_alert("Rack
$rack_name deleted", 'error');
redirect();
@@ -189,21 +182,17 @@ if (isset($_POST['add_rack_unit'])) {
// **New Validation Check**
if ($unit_start > $unit_end) {
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Unit Start number cannot be higher than Unit End number.";
+ flash_alert("Unit Start number cannot be higher than Unit End number.", 'error');
redirect();
- exit();
}
// Check if the unit range is already occupied
$check_sql = mysqli_query($mysqli, "SELECT * FROM rack_units WHERE unit_rack_id = $rack_id AND unit_start_number <= $unit_end AND unit_end_number >= $unit_start");
if (mysqli_num_rows($check_sql) > 0) {
- // If there is an overlap, return an error message
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Units $unit_start to $unit_end are already in use by another device.";
+ // If there is an overlap, return an error message;
+ flash_alert("Units $unit_start to $unit_end are already in use by another device.", 'error');
redirect();
- exit();
}
// If no overlap and validation passes, proceed with the insertion
@@ -211,12 +200,12 @@ if (isset($_POST['add_rack_unit'])) {
$unit_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Rack", "Edit", "$session_name added device $name to units $unit_start - $unit_end in rack $rack_name", $client_id, $rack_id);
- $_SESSION['alert_message'] = "Device
$name added to units $unit_start - $unit_end in rack.";
+ flash_alert("Device
$name added to units $unit_start - $unit_end in rack.");
redirect();
+
}
if (isset($_POST['edit_rack_unit'])) {
@@ -239,10 +228,9 @@ if (isset($_POST['edit_rack_unit'])) {
mysqli_query($mysqli,"UPDATE rack_units SET unit_device = '$name', unit_asset_id = $asset, unit_start_number = $unit_start, unit_end_number = $unit_end WHERE unit_id = $unit_id");
- // Logging
logAction("Rack", "Edit", "$session_name edited device $name in rack $rack_name", $client_id, $rack_id);
- $_SESSION['alert_message'] = "Device $name edited on the rack";
+ flash_alert("Device $name edited on the rack");
redirect();
@@ -264,12 +252,10 @@ if (isset($_GET['remove_rack_unit'])) {
mysqli_query($mysqli,"DELETE FROM rack_units WHERE unit_id = $unit_id");
- // Logging
logAction("Rack", "Edit", "$session_name removed device $device_name from rack $rack_name", $client_id, $rack_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Device
$device_name removed from rack";
+ flash_alert("Device
$device_name removed from rack", 'error');
redirect();
-}
\ No newline at end of file
+}
diff --git a/user/post/revenue.php b/user/post/revenue.php
index 363bc727..1d2d66fc 100644
--- a/user/post/revenue.php
+++ b/user/post/revenue.php
@@ -22,10 +22,9 @@ if (isset($_POST['add_revenue'])) {
$revenue_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Revenue", "Create", "$session_name added revenue $description", 0, $revenue_id);
- $_SESSION['alert_message'] = "Revenue added";
+ flash_alert("Revenue added");
redirect();
@@ -46,10 +45,9 @@ if (isset($_POST['edit_revenue'])) {
mysqli_query($mysqli,"UPDATE revenues SET revenue_date = '$date', revenue_amount = $amount, revenue_payment_method = '$payment_method', revenue_reference = '$reference', revenue_description = '$description', revenue_category_id = $category, revenue_account_id = $account WHERE revenue_id = $revenue_id");
- // Logging
logAction("Revenue", "Edit", "$session_name edited revenue $description", 0, $revenue_id);
- $_SESSION['alert_message'] = "Revenue edited";
+ flash_alert("Revenue edited");
redirect();
@@ -62,17 +60,13 @@ if (isset($_GET['delete_revenue'])) {
$revenue_id = intval($_GET['delete_revenue']);
// Get Revenue Details
- $sql = mysqli_query($mysqli,"SELECT revenue_description FROM revenues WHERE revenue_id = $revenue_id");
- $row = mysqli_fetch_array($sql);
- $revenue_description = sanitizeInput($row['revenue_description']);
+ $revenue_description = sanitizeInput(getFieldById('revenues', $revenue_id, 'revenue_description'));
mysqli_query($mysqli,"DELETE FROM revenues WHERE revenue_id = $revenue_id");
- // Logging
logAction("Revenue", "Delete", "$session_name deleted revenue $revenue_description");
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Revenue removed";
+ flash_alert("Revenue removed", 'error');
redirect();
diff --git a/user/post/service.php b/user/post/service.php
index 9a1a1aa7..f9371df1 100644
--- a/user/post/service.php
+++ b/user/post/service.php
@@ -74,10 +74,9 @@ if (isset($_POST['add_service'])) {
}
}
- // Logging
logAction("Service", "Create", "$session_name created service $service_name", $client_id, $service_id);
- $_SESSION['alert_message'] = "Service
$service_name created";
+ flash_alert("Service
$service_name created");
redirect();
@@ -158,10 +157,9 @@ if (isset($_POST['edit_service'])) {
}
}
- // Logging
logAction("Service", "Edit", "$session_name edited service $service_name", $client_id, $service_id);
- $_SESSION['alert_message'] = "Service
$service_name edited";
+ flash_alert("Service
$service_name edited");
redirect();
@@ -169,9 +167,10 @@ if (isset($_POST['edit_service'])) {
if (isset($_GET['delete_service'])) {
- enforceUserPermission('module_support', 3);
validateCSRFToken($_GET['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
$service_id = intval($_GET['delete_service']);
// Get Service Details
@@ -183,11 +182,9 @@ if (isset($_GET['delete_service'])) {
// Delete service
mysqli_query($mysqli, "DELETE FROM services WHERE service_id = $service_id");
- // Logging
logAction("Service", "Delete", "$session_name deleted service $service_name", $client_id);
-
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Service
$service_name deleted";
+
+ flash_alert("Service
$service_name deleted", 'error');
redirect();
diff --git a/user/post/software.php b/user/post/software.php
index 40f67af0..8d9d42e8 100644
--- a/user/post/software.php
+++ b/user/post/software.php
@@ -30,10 +30,9 @@ if (isset($_POST['add_software_from_template'])) {
$software_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Software", "Create", "$session_name created software $name using template", $client_id, $software_id);
- $_SESSION['alert_message'] = "Software
$name created from template";
+ flash_alert("Software
$name created from template");
redirect();
@@ -90,10 +89,9 @@ if (isset($_POST['add_software'])) {
}
}
- // Logging
logAction("Software", "Create", "$session_name created software $name", $client_id, $software_id);
- $_SESSION['alert_message'] = "Software
$name created $alert_extended";
+ flash_alert("Software
$name created $alert_extended");
redirect();
@@ -150,10 +148,9 @@ if (isset($_POST['edit_software'])) {
}
}
- // Logging
logAction("Software", "Edit", "$session_name edited software $name", $client_id, $software_id);
- $_SESSION['alert_message'] = "Software
$name updated";
+ flash_alert("Software
$name updated");
redirect();
@@ -177,11 +174,9 @@ if (isset($_GET['archive_software'])) {
mysqli_query($mysqli,"DELETE FROM software_contacts WHERE software_id = $software_id");
mysqli_query($mysqli,"DELETE FROM software_assets WHERE software_id = $software_id");
- // Logging
logAction("Software", "Archive", "$session_name archived software $software_name and removed all device/user license associations", $client_id, $software_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Software
$software_name archived and removed all device/user license associations";
+ flash_alert("Software
$software_name archived and removed all device/user license associations", 'error');
redirect();
@@ -201,11 +196,9 @@ if (isset($_GET['delete_software'])) {
mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id");
- //Logging
logAction("Software", "Delete", "$session_name deleted software $software_name and removed all device/user license associations", $client_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Software
$software_name deleted and removed all device/user license associations";
+ flash_alert("Software
$software_name deleted and removed all device/user license associations", 'error');
redirect();
@@ -246,10 +239,11 @@ if (isset($_POST['export_client_software_csv'])) {
// Asset licenses
$assigned_to_assets = '';
$asset_licenses_sql = mysqli_query($mysqli,"SELECT software_assets.asset_id, assets.asset_name
- FROM software_assets
- LEFT JOIN assets
- ON software_assets.asset_id = assets.asset_id
- WHERE software_id = $row[software_id]");
+ FROM software_assets
+ LEFT JOIN assets
+ ON software_assets.asset_id = assets.asset_id
+ WHERE software_id = $row[software_id]"
+ );
while($asset_row = mysqli_fetch_array($asset_licenses_sql)) {
$assigned_to_assets .= $asset_row['asset_name'] . ", ";
}
@@ -257,10 +251,12 @@ if (isset($_POST['export_client_software_csv'])) {
// Contact Licenses
$assigned_to_contacts = '';
$contact_licenses_sql = mysqli_query($mysqli,"SELECT software_contacts.contact_id, contacts.contact_name
- FROM software_contacts
- LEFT JOIN contacts
- ON software_contacts.contact_id = contacts.contact_id
- WHERE software_id = $row[software_id]");
+ FROM software_contacts
+ LEFT JOIN contacts
+ ON software_contacts.contact_id = contacts.contact_id
+ WHERE software_id = $row[software_id]"
+ );
+
while($contact_row = mysqli_fetch_array($contact_licenses_sql)) {
$assigned_to_contacts .= $contact_row['contact_name'] . ", ";
}
@@ -279,8 +275,7 @@ if (isset($_POST['export_client_software_csv'])) {
//output all remaining data on a file pointer
fpassthru($f);
}
-
- //Logging
+
logAction("Software", "Export", "$session_name exported $num_rows software(s) $software_name to a CSV file", $client_id);
exit;
diff --git a/user/post/tag.php b/user/post/tag.php
index abce81ea..4e466ba4 100644
--- a/user/post/tag.php
+++ b/user/post/tag.php
@@ -14,10 +14,9 @@ if (isset($_POST['add_tag'])) {
$tag_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Tag", "Create", "$session_name created tag $name", 0, $tag_id);
- $_SESSION['alert_message'] = "Tag
$name created";
+ flash_alert("Tag
$name created");
redirect();
diff --git a/user/post/task.php b/user/post/task.php
index 6e72081d..044d9a00 100644
--- a/user/post/task.php
+++ b/user/post/task.php
@@ -14,20 +14,18 @@ if (isset($_POST['add_task'])) {
$task_name = sanitizeInput($_POST['name']);
// Get Client ID from tickets using the ticket_id
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_array($sql);
- $client_id = intval($row['ticket_client_id']);
+ $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
$task_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Task", "Create", "$session_name created task $task_name", $client_id, $task_id);
- $_SESSION['alert_message'] = "You created Task
$task_name";
+ flash_alert("You created Task
$task_name");
redirect();
+
}
if (isset($_POST['edit_ticket_task'])) {
@@ -43,14 +41,15 @@ if (isset($_POST['edit_ticket_task'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
+
mysqli_query($mysqli, "UPDATE tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate WHERE task_id = $task_id");
- // Logging
logAction("Task", "Edit", "$session_name edited task $task_name", $client_id, $task_id);
- $_SESSION['alert_message'] = "Task
$task_name edited";
+ flash_alert("Task
$task_name edited");
redirect();
+
}
if (isset($_POST['edit_ticket_template_task'])) {
@@ -64,22 +63,20 @@ if (isset($_POST['edit_ticket_template_task'])) {
mysqli_query($mysqli, "UPDATE task_templates SET task_template_name = '$task_name', task_template_order = $task_order, task_template_completion_estimate = $task_completion_estimate WHERE task_template_id = $task_template_id");
- // Logging
logAction("Task", "Edit", "$session_name edited task $task_name", 0, $task_template_id);
- $_SESSION['alert_message'] = "Task
$task_name edited";
+ flash_alert("Task
$task_name edited");
redirect();
-}
+}
if (isset($_GET['delete_task'])) {
- enforceUserPermission('module_support', 3);
-
- // CSRF Check
validateCSRFToken($_GET['csrf_token']);
+ enforceUserPermission('module_support', 3);
+
$task_id = intval($_GET['delete_task']);
// Get Client ID, task name from tasks and tickets using the task_id
@@ -90,13 +87,12 @@ if (isset($_GET['delete_task'])) {
mysqli_query($mysqli, "DELETE FROM tasks WHERE task_id = $task_id");
- // Logging
logAction("Task", "Delete", "$session_name deleted task $task_name", $client_id, $task_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Task
$task_name deleted";
+ flash_alert("Task
$task_name deleted", 'error');
redirect();
+
}
if (isset($_GET['complete_task'])) {
@@ -123,12 +119,12 @@ if (isset($_GET['complete_task'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Task", "Edit", "$session_name completed task $task_name", $client_id, $task_id);
- $_SESSION['alert_message'] = "Task
$task_name Completed";
+ flash_alert("Task
$task_name Completed");
redirect();
+
}
if (isset($_GET['undo_complete_task'])) {
@@ -151,11 +147,9 @@ if (isset($_GET['undo_complete_task'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Task", "Edit", "$session_name marked task $task_name as incomplete", $client_id, $task_id);
- $_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "Task
$task_name marked as incomplete";
+ flash_alert("Task
$task_name marked as incomplete", 'error');
redirect();
@@ -168,9 +162,7 @@ if (isset($_GET['complete_all_tasks'])) {
$ticket_id = intval($_GET['complete_all_tasks']);
// Get Client ID
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_array($sql);
- $client_id = intval($row['ticket_client_id']);
+ $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NOW(), task_completed_by = $session_user_id WHERE task_ticket_id = $ticket_id AND task_completed_at IS NULL");
@@ -179,12 +171,12 @@ if (isset($_GET['complete_all_tasks'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Ticket", "Edit", "$session_name marked all tasks complete for ticket", $client_id, $ticket_id);
- $_SESSION['alert_message'] = "Marked all tasks Complete";
+ flash_alert("Marked all tasks Complete");
redirect();
+
}
if (isset($_GET['undo_complete_all_tasks'])) {
@@ -194,9 +186,7 @@ if (isset($_GET['undo_complete_all_tasks'])) {
$ticket_id = intval($_GET['undo_complete_all_tasks']);
// Get Client ID
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_array($sql);
- $client_id = intval($row['ticket_client_id']);
+ $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NULL, task_completed_by = NULL WHERE task_ticket_id = $ticket_id AND task_completed_at IS NOT NULL");
@@ -205,10 +195,10 @@ if (isset($_GET['undo_complete_all_tasks'])) {
$ticket_reply_id = mysqli_insert_id($mysqli);
- // Logging
logAction("Ticket", "Edit", "$session_name marked all tasks as incomplete for ticket", $client_id, $ticket_id);
- $_SESSION['alert_message'] = "Marked all tasks Incomplete";
+ flash_alert("Marked all tasks Incomplete", 'error');
redirect();
-}
\ No newline at end of file
+
+}