From e39072d3bcfab03acecf0c3a91cbaba337771fb2 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 4 Aug 2025 17:01:19 -0400
Subject: [PATCH] More work on moving to the redirect, flash_alert and
 get_field_by_id and maing sure validate_csrf is on top and some other
 cleanups, along with more work on credits

---
 user/modals/client_credit_add.php |  21 ++-
 user/post/contact.php             |   2 +-
 user/post/credential.php          |  69 ++++------
 user/post/credit.php              |  10 +-
 user/post/document.php            | 129 ++++++-------------
 user/post/domain.php              |  51 ++++----
 user/post/event.php               |  24 ++--
 user/post/expense.php             |  70 ++++------
 user/post/file.php                |  65 ++++------
 user/post/folder.php              |  10 +-
 user/post/invoice.php             | 204 +++++++++++++-----------------
 user/post/location.php            |  70 +++++-----
 user/post/network.php             |  31 ++---
 user/post/product.php             |  92 +++++---------
 user/post/profile.php             |  65 ++++------
 user/post/project.php             |  48 ++++---
 user/post/quote.php               |  59 +++------
 user/post/rack.php                |  40 ++----
 user/post/revenue.php             |  14 +-
 user/post/service.php             |  15 +--
 user/post/software.php            |  39 +++---
 user/post/tag.php                 |   3 +-
 user/post/task.php                |  54 ++++----
 23 files changed, 465 insertions(+), 720 deletions(-)

diff --git a/user/modals/client_credit_add.php b/user/modals/client_credit_add.php
index 770ae17f..98f4d590 100644
--- a/user/modals/client_credit_add.php
+++ b/user/modals/client_credit_add.php
@@ -21,6 +21,21 @@
                         </div>
                     </div>
 
+                    <div class="form-group">
+                        <label>Type<strong class="text-danger ml-2">*</strong></label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-th-list"></i></span>
+                            </div>
+                            <select class="form-control select2" name="type" required>
+                                <option value="0">- Select Credit Type -</option>
+                                <option value="manual">Manual</option>
+                                <option value="prepaid">Prepaid</option>
+                                <option value="promotion">Promotion</option>
+                            </select>
+                        </div>
+                    </div>
+
                     <div class="form-group">
                         <label>Amount<strong class="text-danger ml-2">*</strong></label>
                         <div class="input-group">
@@ -32,12 +47,12 @@
                     </div>
 
                     <div class="form-group">
-                        <label>Reference<strong class="text-danger ml-2">*</strong></label>
+                        <label>Note<strong class="text-danger ml-2">*</strong></label>
                         <div class="input-group">
                             <div class="input-group-prepend">
                                 <span class="input-group-text"><i class="fa fa-fw fa-file-alt"></i></span>
                             </div>
-                            <input type="text" class="form-control" name="reference" placeholder="Enter a reference" maxlength="250">
+                            <input type="text" class="form-control" name="note" placeholder="Enter a note" maxlength="250">
                         </div>
                     </div>
 
@@ -45,7 +60,7 @@
                         <input type="hidden" name="client" value="<?php echo $client_id; ?>">
                     <?php } else { ?>
 
-                        <div class="form-group col-md">
+                        <div class="form-group">
                             <label>Client</label>
                             <div class="input-group">
                                 <div class="input-group-prepend">
diff --git a/user/post/contact.php b/user/post/contact.php
index e7bafad5..4e6c08d3 100644
--- a/user/post/contact.php
+++ b/user/post/contact.php
@@ -421,7 +421,7 @@ if (isset($_POST['bulk_edit_contact_department'])) {
 
         logAction("Contact", "Bulk Edit", "$session_name set the department $department for $contact_count contacts", $client_id);
 
-        flash_alert("You set the Department to <strong>$department</strong> for <strong>$contact_count</strong> contacts";
+        flash_alert("You set the Department to <strong>$department</strong> for <strong>$contact_count</strong> contacts");
     }
 
     redirect();
diff --git a/user/post/credential.php b/user/post/credential.php
index 46779dc4..38279349 100644
--- a/user/post/credential.php
+++ b/user/post/credential.php
@@ -24,10 +24,9 @@ if (isset($_POST['add_credential'])) {
         }
     }
 
-    // Logging
     logAction("Credential", "Create", "$session_name created credential $name", $client_id, $credential_id);
 
-    $_SESSION['alert_message'] = "Credential <strong>$name</strong> created";
+    flash_alert("Credential <strong>$name</strong> created");
 
     redirect();
 
@@ -64,10 +63,9 @@ if (isset($_POST['edit_credential'])) {
         }
     }
 
-    // Logging
     logAction("Credential", "Edit", "$session_name edited credential $name", $client_id, $credential_id);
 
-    $_SESSION['alert_message'] = "Credential <strong>$name</strong> edited";
+    flash_alert("Credential <strong>$name</strong> edited");
 
     redirect();
 
@@ -87,12 +85,9 @@ if(isset($_GET['archive_credential'])){
 
     mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
 
-    //logging
     logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
 
-
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> archived";
+    flash_alert("Credential <strong>$credential_name</strong> archived", 'error');
 
     redirect();
 
@@ -112,12 +107,12 @@ if(isset($_GET['unarchive_credential'])){
 
     mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
 
-    //Logging
     logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
 
-    $_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> restored";
+    flash_alert("Credential <strong>$credential_name</strong> restored");
 
     redirect();
+
 }
 
 if (isset($_GET['delete_credential'])) {
@@ -134,11 +129,9 @@ if (isset($_GET['delete_credential'])) {
 
     mysqli_query($mysqli,"DELETE FROM credentials WHERE credential_id = $credential_id");
 
-    // Logging
     logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> deleted";
+    flash_alert("Credential <strong>$credential_name</strong> deleted", 'error');
 
     redirect();
 
@@ -180,15 +173,14 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
                 }
             }
 
-            // Logging
             logAction("Credential", "Edit", "$session_name added tags to $credential_name", $client_id, $credential_id);
 
-            $_SESSION['alert_message'] = "Assigned tags for <strong>$count</strong> credentials";
+            flash_alert("Assigned tags for <strong>$count</strong> credentials");
 
         } // End Assign Loop
 
-        // Logging
         logAction("Credential", "Bulk Edit", "$session_name added tags to $count credentials", $client_id);
+    
     }
 
     redirect();
@@ -197,9 +189,10 @@ if (isset($_POST['bulk_assign_credential_tags'])) {
 
 if (isset($_POST['bulk_archive_credentials'])) {
 
-    enforceUserPermission('module_credential', 2);
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_credential', 2);
+
     if (isset($_POST['credential_ids'])) {
 
         // Get Selected Credential Count
@@ -218,26 +211,24 @@ if (isset($_POST['bulk_archive_credentials'])) {
 
             mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
 
-            // Individual Contact logging
             logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
         }
 
-        // Bulk Logging
         logAction("Credential", "Bulk Archive", "$session_name archived $count credentials", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Archived <strong>$count</strong> credential(s)";
+        flash_alert("Archived <strong>$count</strong> credential(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_unarchive_credentials'])) {
 
-    enforceUserPermission('module_credential', 2);
+    validateCSRFToken($_POST['csrf_token']);    
 
-    validateCSRFToken($_POST['csrf_token']);
+    enforceUserPermission('module_credential', 2);
 
     if (isset($_POST['credential_ids'])) {
 
@@ -257,27 +248,26 @@ if (isset($_POST['bulk_unarchive_credentials'])) {
 
             mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
 
-            // Individual logging
             logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
 
         }
 
-        // Bulk Logging
         logAction("Credential", "Bulk Unarchive", "$session_name unarchived $count credential(s)", $client_id);
 
-        $_SESSION['alert_message'] = "Unarchived <strong>$count</strong> credential(s)";
+        flash_alert("Unarchived <strong>$count</strong> credential(s)");
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_delete_credentials'])) {
 
-    enforceUserPermission('module_credential', 3);
-
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_credential', 3);
+
     if (isset($_POST['credential_ids'])) {
 
         // Get Selected Credential Count
@@ -296,20 +286,18 @@ if (isset($_POST['bulk_delete_credentials'])) {
 
             mysqli_query($mysqli, "DELETE FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id");
 
-            // Logging
             logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
 
         }
 
-        // Bulk Logging
         logAction("Credential", "Bulk Delete", "$session_name deleted $count credential(s)", $client_id);
 
-        $_SESSION['alert_type'] = "error"; 
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> credential(s)";
+        flash_alert("Deleted <strong>$count</strong> credential(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['export_credentials_csv'])) {
@@ -360,7 +348,6 @@ if (isset($_POST['export_credentials_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Credential", "Export", "$session_name exported $num_rows credential(s) to a CSV file", $client_id);
 
     exit;
@@ -377,10 +364,8 @@ if (isset($_POST["import_credentials_csv"])) {
     if (!empty($_FILES["file"]["tmp_name"])) {
         $file_name = $_FILES["file"]["tmp_name"];
     } else {
-        $_SESSION['alert_message'] = "Please select a file to upload.";
-        $_SESSION['alert_type'] = "error";
+        flash_alert("Please select a file to upload.", 'error');
         redirect();
-        exit();
     }
 
     //Check file is CSV
@@ -388,13 +373,13 @@ if (isset($_POST["import_credentials_csv"])) {
     $allowed_file_extensions = array('csv');
     if (in_array($file_extension,$allowed_file_extensions) === false){
         $error = true;
-        $_SESSION['alert_message'] = "Bad file extension";
+        flash_alert("Bad file extension", 'error');
     }
 
     //Check file isn't empty
     elseif ($_FILES["file"]["size"] < 1){
         $error = true;
-        $_SESSION['alert_message'] = "Bad file size (empty?)";
+        flash_alert("Bad file size (empty?)", 'error');
     }
 
     //(Else)Check column count
@@ -402,7 +387,7 @@ if (isset($_POST["import_credentials_csv"])) {
     $f_columns = fgetcsv($f, 1000, ",");
     if (!$error & count($f_columns) != 5) {
         $error = true;
-        $_SESSION['alert_message'] = "Bad column count.";
+        flash_alert("Bad column count.", 'error');
     }
 
     //Else, parse the file
@@ -443,17 +428,17 @@ if (isset($_POST["import_credentials_csv"])) {
         }
         fclose($file);
 
-        // Logging
         logAction("Credential", "Import", "$session_name imported $row_count credential(s) via CSV file. $duplicate_count duplicate(s) found and not imported", $client_id);
 
-        $_SESSION['alert_message'] = "$row_count credential(s) imported, $duplicate_count duplicate(s) detected and not imported";
+        flash_alert("<strong>$row_count</strong> credential(s) imported, <strong>$duplicate_count</strong> duplicate(s) detected and not imported", 'warning');
+        
         redirect();
     }
     //Check for any errors, if there are notify user and redirect
     if ($error) {
-        $_SESSION['alert_type'] = "warning";
         redirect();
     }
+    
 }
 
 if (isset($_GET['download_credentials_csv_template'])) {
diff --git a/user/post/credit.php b/user/post/credit.php
index 76f47018..5bfcaa02 100644
--- a/user/post/credit.php
+++ b/user/post/credit.php
@@ -9,21 +9,23 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 if (isset($_POST['add_credit'])) {
 
     validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_sales', 2);
 
     $client_id = intval($_POST['client']);
     $amount = floatval($_POST['amount']);
+    $type = sanitizeInput($_POST['type']);
     $expire = sanitizeInput($_POST['expire']);
-    $reference = sanitizeInput($_POST['reference']);
+    $note = sanitizeInput($_POST['note']);
 
-    mysqli_query($mysqli,"INSERT INTO credits SET credit_amount = $amount, credit_reference = '$reference', credit_created_by = $session_user_id, credit_client_id = $client_id");
+    mysqli_query($mysqli,"INSERT INTO credits SET credit_amount = $amount, credit_type = '$type', credit_note = '$note', credit_created_by = $session_user_id, credit_client_id = $client_id");
     
     $credit_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Credit", "Create", "$session_name added " . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "", $client_id, $credit_id);
 
-    $_SESSION['alert_message'] = "" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . " Credit Added ";
+    flash_alert(numfmt_format_currency($currency_format, $amount, $session_company_currency) . " Credit Added");
 
     redirect();
+
 }
diff --git a/user/post/document.php b/user/post/document.php
index 8b802761..eeb51833 100644
--- a/user/post/document.php
+++ b/user/post/document.php
@@ -28,10 +28,9 @@ if (isset($_POST['add_document'])) {
         mysqli_query($mysqli,"INSERT INTO asset_documents SET asset_id = $asset_id, document_id = $document_id");
     }
 
-    // Logging
     logAction("Document", "Create", "$session_name created document $name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Document <strong>$name</strong> created";
+    flash_alert("Document <strong>$name</strong> created");
 
     redirect();
 
@@ -63,12 +62,11 @@ if (isset($_POST['add_document_from_template'])) {
 
     $document_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Document", "Create", "$session_name created document $name from template $document_template_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Document <strong>$document_name</strong> created from template";
+    flash_alert("Document <strong>$document_name</strong> created from template");
 
-    header("Location: client_document_details.php?client_id=$client_id&document_id=$document_id");
+    redirect("client_document_details.php?client_id=$client_id&document_id=$document_id");
 
 }
 
@@ -114,12 +112,11 @@ if (isset($_POST['edit_document'])) {
     // Update Document
     mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = $session_user_id WHERE document_id = $document_id");
 
-    //Logging
     logAction("Document", "Edit", "$session_name edited document $name, previous version kept", $client_id, $document_version_id);
 
-    $_SESSION['alert_message'] = "Document <strong>$name</strong> edited, previous version kept";
+    flash_alert("Document <strong>$name</strong> edited, previous version kept");
 
-    header("Location: client_document_details.php?client_id=$client_id&document_id=$document_id");
+    redirect("client_document_details.php?client_id=$client_id&document_id=$document_id");
 }
 
 if (isset($_POST['move_document'])) {
@@ -143,10 +140,9 @@ if (isset($_POST['move_document'])) {
     // Document edit query
     mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
 
-    //Logging
     logAction("Document", "Move", "$session_name moved document $document_name to folder $folder_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Document <strong>$document_name</strong> moved to folder <strong>$folder_name</strong>";
+    flash_alert("Document <strong>$document_name</strong> moved to folder <strong>$folder_name</strong>");
 
     redirect();
 
@@ -168,11 +164,10 @@ if (isset($_POST['rename_document'])) {
     // Document edit query
     mysqli_query($mysqli,"UPDATE documents SET document_name = '$name' WHERE document_id = $document_id");
 
-    //Logging
     logAction("Document", "Edit", "$session_name renamed document $old_document_name to $name", $client_id, $document_id);
 
 
-    $_SESSION['alert_message'] = "You renamed Document from <strong>$old_document_name</strong> to <strong>$name</strong>";
+    flash_alert("You renamed Document from <strong>$old_document_name</strong> to <strong>$name</strong>");
 
     redirect();
 
@@ -199,21 +194,18 @@ if (isset($_POST['bulk_move_document'])) {
         foreach($_POST['document_ids'] as $document_id) {
             $document_id = intval($document_id);
             // Get document name for logging
-            $sql = mysqli_query($mysqli,"SELECT document_name FROM documents WHERE document_id = $document_id");
-            $row = mysqli_fetch_array($sql);
-            $document_name = sanitizeInput($row['document_name']);
+            $document_name = sanitizeInput(getFieldById('documents', $document_id, 'document_name'));
 
             // Document move query
             mysqli_query($mysqli,"UPDATE documents SET document_folder_id = $folder_id WHERE document_id = $document_id");
 
-            //Logging
             logAction("Document", "Move", "$session_name moved document $document_name to folder $folder_name", $client_id, $document_id);
         }
 
         logAction("Document", "Bulk Move", "$session_name moved $count document(s) to folder $folder_name", $client_id);
     }
 
-    $_SESSION['alert_message'] = "You moved <strong>$count</strong> document(s) to the folder <strong>$folder_name</strong>";
+    flash_alert("You moved <strong>$count</strong> document(s) to the folder <strong>$folder_name</strong>");
 
     redirect();
 
@@ -233,17 +225,14 @@ if (isset($_POST['link_file_to_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get File Name for logging
-    $sql_file = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
-    $row = mysqli_fetch_array($sql_file);
-    $file_name = sanitizeInput($row['file_name']);
+    $file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
 
     // Document add query
     mysqli_query($mysqli,"INSERT INTO document_files SET file_id = $file_id, document_id = $document_id");
 
-    // Logging
     logAction("Document", "Link", "$session_name linked file $file_name to document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "File <strong>$file_name</strong> linked with Document <strong>$document_name</strong>";
+    flash_alert("File <strong>$file_name</strong> linked with Document <strong>$document_name</strong>");
 
     redirect();
 
@@ -263,17 +252,13 @@ if (isset($_GET['unlink_file_from_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get File Name for logging
-    $sql_file = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
-    $row = mysqli_fetch_array($sql_file);
-    $file_name = sanitizeInput($row['file_name']);
+    $file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
 
     mysqli_query($mysqli,"DELETE FROM document_files WHERE file_id = $file_id AND document_id = $document_id");
 
-    //Logging
     logAction("Document", "Unlink", "$session_name unlinked file $file_name from document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "File <strong>$file_name</strong> unlinked from Document <strong>$document_name</strong>";
+    flash_alert("File <strong>$file_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
 
     redirect();
 
@@ -293,17 +278,14 @@ if (isset($_POST['link_vendor_to_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Vendor Name for logging
-    $sql_vendor = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $vendor_id");
-    $row = mysqli_fetch_array($sql_vendor);
-    $vendor_name = sanitizeInput($row['vendor_name']);
+    $vendor_name = sanitizeInput(getFieldById('vendors', $vendor_id, 'vendor_name'));
 
     // Document add query
     mysqli_query($mysqli,"INSERT INTO vendor_documents SET vendor_id = $vendor_id, document_id = $document_id");
 
-    // Logging
     logAction("Document", "Link", "$session_name linked vendor $vendor_name to document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> linked with Document <strong>$document_name</strong>";
+    flash_alert("Vendor <strong>$vendor_name</strong> linked with Document <strong>$document_name</strong>");
 
     redirect();
 
@@ -323,17 +305,13 @@ if (isset($_GET['unlink_vendor_from_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Vendor Name for logging
-    $sql_vendor = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $vendor_id");
-    $row = mysqli_fetch_array($sql_vendor);
-    $vendor_name = sanitizeInput($row['vendor_name']);
+    $vendor_name = sanitizeInput(getFieldById('vendors', $vendor_id, 'vendor_name'));
 
     mysqli_query($mysqli,"DELETE FROM vendor_documents WHERE vendor_id = $vendor_id AND document_id = $document_id");
 
-    //Logging
     logAction("Document", "Unlink", "$session_name unlinked vendor $vendor_name from document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Vendor <strong>$vendor_name</strong> unlinked from Document <strong>$document_name</strong>";
+    flash_alert("Vendor <strong>$vendor_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
 
     redirect();
 
@@ -354,17 +332,14 @@ if (isset($_POST['link_contact_to_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Contact Name for logging
-    $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
-    $row = mysqli_fetch_array($sql_contact);
-    $contact_name = sanitizeInput($row['contact_name']);
+    $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
 
     // Contact add query
     mysqli_query($mysqli,"INSERT INTO contact_documents SET contact_id = $contact_id, document_id = $document_id");
 
-    // Logging
     logAction("Document", "Link", "$session_name linked contact $contact_name to document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> linked with Document <strong>$document_name</strong>";
+    flash_alert("Contact <strong>$contact_name</strong> linked with Document <strong>$document_name</strong>");
 
     redirect();
 
@@ -384,17 +359,13 @@ if (isset($_GET['unlink_contact_from_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Contact Name for logging
-    $sql_contact = mysqli_query($mysqli,"SELECT contact_name FROM contacts WHERE contact_id = $contact_id");
-    $row = mysqli_fetch_array($sql_contact);
-    $contact_name = sanitizeInput($row['contact_name']);
+    $contact_name = sanitizeInput(getFieldById('contacts', $contact_id, 'contact_name'));
 
     mysqli_query($mysqli,"DELETE FROM contact_documents WHERE contact_id = $contact_id AND document_id = $document_id");
 
-    //Logging
     logAction("Document", "Unlink", "$session_name unlinked contact $contact_name from document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> unlinked from Document <strong>$document_name</strong>";
+    flash_alert("Contact <strong>$contact_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
 
     redirect();
 
@@ -414,17 +385,13 @@ if (isset($_POST['link_asset_to_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Asset Name for logging
-    $sql_asset = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
-    $row = mysqli_fetch_array($sql_asset);
-    $asset_name = sanitizeInput($row['asset_name']);
+    $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
 
-    // Contact add query
     mysqli_query($mysqli,"INSERT INTO asset_documents SET asset_id = $asset_id, document_id = $document_id");
 
-    // Logging
     logAction("Document", "Link", "$session_name linked asset $asset_name to document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> linked with Document <strong>$document_name</strong>";
+    flash_alert("Asset <strong>$asset_name</strong> linked with Document <strong>$document_name</strong>");
 
     redirect();
 
@@ -444,17 +411,13 @@ if (isset($_GET['unlink_asset_from_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Asset Name for logging
-    $sql_asset = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
-    $row = mysqli_fetch_array($sql_asset);
-    $asset_name = sanitizeInput($row['asset_name']);
+    $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
 
     mysqli_query($mysqli,"DELETE FROM asset_documents WHERE asset_id = $asset_id AND document_id = $document_id");
 
-    // Logging
     logAction("Document", "Unlink", "$session_name unlinked asset $asset_name from document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> unlinked from Document <strong>$document_name</strong>";
+    flash_alert("Asset <strong>$asset_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
 
     redirect();
 
@@ -474,17 +437,14 @@ if (isset($_POST['link_software_to_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Software Name for logging
-    $sql_software = mysqli_query($mysqli,"SELECT software_name FROM software WHERE software_id = $software_id");
-    $row = mysqli_fetch_array($sql_software);
-    $software_name = sanitizeInput($row['software_name']);
+    $software_name = sanitizeInput(getFieldById('software', $software_id, 'software_name'));
 
     // Contact add query
     mysqli_query($mysqli,"INSERT INTO software_documents SET software_id = $software_id, document_id = $document_id");
 
-    // Logging
     logAction("Document", "Link", "$session_name linked software $software_name to document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Software <strong>$software_name</strong> linked with Document <strong>$document_name</strong>";
+    flash_alert("Software <strong>$software_name</strong> linked with Document <strong>$document_name</strong>");
 
     redirect();
 
@@ -504,17 +464,13 @@ if (isset($_GET['unlink_software_from_document'])) {
     $client_id = intval($row['document_client_id']);
 
     // Get Software Name for logging
-    $sql_software = mysqli_query($mysqli,"SELECT software_name FROM software WHERE software_id = $software_id");
-    $row = mysqli_fetch_array($sql_software);
-    $software_name = sanitizeInput($row['software_name']);
+    $software_name = sanitizeInput(getFieldById('software', $software_id, 'software_name'));
 
     mysqli_query($mysqli,"DELETE FROM software_documents WHERE software_id = $software_id AND document_id = $document_id");
 
-    // Logging
     logAction("Document", "Unlink", "$session_name unlinked software $software_name from document $document_name", $client_id, $document_id);
-
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Software <strong>$software_name</strong> unlinked from Document <strong>$document_name</strong>";
+    
+    flash_alert("Software <strong>$software_name</strong> unlinked from Document <strong>$document_name</strong>", 'error');
 
     redirect();
 
@@ -541,10 +497,9 @@ if (isset($_POST['toggle_document_visibility'])) {
 
     mysqli_query($mysqli,"UPDATE documents SET document_client_visible = $document_visible WHERE document_id = $document_id");
 
-    //Logging
     logAction("Document", "Edit", "$session_name changed document $document_name visibilty to $visable_wording in the client portal", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Document <strong>$document_name</strong> changed to <strong>$visable_wording</strong> in the client portal";
+    flash_alert("Document <strong>$document_name</strong> changed to <strong>$visable_wording</strong> in the client portal");
 
     redirect();
 
@@ -588,7 +543,7 @@ if (isset($_GET['export_document'])) {
     // Logging
     logAction("Document", "Export", "$session_name exported document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_message'] = "Document <strong>$document_name</strong> exported";
+    flash_alert("Document <strong>$document_name</strong> exported");
 
     redirect();
 
@@ -627,11 +582,9 @@ if (isset($_GET['archive_document'])) {
     // Service Associations
     mysqli_query($mysqli,"DELETE FROM service_documents WHERE document_id = $document_id");
 
-    // Logging
     logAction("Document", "Archive", "$session_name archived document $document_name", $client_id, $document_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Document <strong>$document_name</strong> archived";
+    flash_alert("Document <strong>$document_name</strong> archived", 'error');
 
     redirect();
 
@@ -651,11 +604,9 @@ if (isset($_GET['delete_document_version'])) {
 
     mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_id = $document_version_id");
 
-    //Logging
     logAction("Document Version", "Delete", "$session_name deleted document version $document_version_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Document $document_version_name version deleted";
+    flash_alert("Document $document_version_name version deleted", 'error');
 
     redirect();
 
@@ -678,11 +629,9 @@ if (isset($_GET['delete_document'])) {
     // Delete all versions associated with the master document
     mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
 
-    //Logging
     logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Document <strong>$document_name</strong> deleted and all versions";
+    flash_alert("Document <strong>$document_name</strong> deleted and all versions", 'error');
 
     redirect();
 
@@ -690,9 +639,9 @@ if (isset($_GET['delete_document'])) {
 
 if (isset($_POST['bulk_delete_documents'])) {
 
-    enforceUserPermission('module_support', 3);
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
     
     if (isset($_POST['document_ids'])) {     
 
@@ -713,16 +662,14 @@ if (isset($_POST['bulk_delete_documents'])) {
             // Delete all versions associated with the master document
             mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
 
-            //Logging
             logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);  
 
         }
 
-        //Logging
         logAction("Document", "Bulk Delete", "$session_name deleted $count document(s) and all versions", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> Documents and associated document versions";
+        flash_alert("Deleted <strong>$count</strong> Documents and associated document versions", 'error');
+    
     }
 
     redirect();
diff --git a/user/post/domain.php b/user/post/domain.php
index bee61253..2ca4fdcf 100644
--- a/user/post/domain.php
+++ b/user/post/domain.php
@@ -52,10 +52,9 @@ if (isset($_POST['add_domain'])) {
         $extended_log_description = ', with associated SSL cert';
     }
 
-    // Logging
     logAction("Domain", "Create", "$session_name created domain $name$extended_log_description", $client_id, $domain_id);
 
-    $_SESSION['alert_message'] = "Domain <strong>$name</strong> created";
+    flash_alert("Domain <strong>$name</strong> created");
 
     redirect();
 
@@ -138,10 +137,9 @@ if (isset($_POST['edit_domain'])) {
         }
     }
 
-    // Logging
     logAction("Domain", "Edit", "$session_name edited domain $name", $client_id, $domain_id);
 
-    $_SESSION['alert_message'] = "Domain <strong>$name</strong> edited";
+    flash_alert("Domain <strong>$name</strong> edited");
 
     redirect();
 
@@ -161,13 +159,12 @@ if (isset($_GET['archive_domain'])) {
 
     mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
 
-    // Logging
     logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Domain <strong>$domain_name archived";
+    flash_alert("Domain <strong>$domain_name archived", 'error');
 
     redirect();
+
 }
 
 if(isset($_GET['unarchive_domain'])){
@@ -184,12 +181,12 @@ if(isset($_GET['unarchive_domain'])){
 
     mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
 
-    // Logging
     logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
 
-    $_SESSION['alert_message'] = "Domain <strong>$domain_name</strong> restored";
+    flash_alert("Domain <strong>$domain_name</strong> restored");
 
     redirect();
+
 }
 
 if (isset($_GET['delete_domain'])) {
@@ -206,20 +203,20 @@ if (isset($_GET['delete_domain'])) {
 
     mysqli_query($mysqli,"DELETE FROM domains WHERE domain_id = $domain_id");
 
-    // Logging
     logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Domain <strong>$domain_name</strong> deleted";
+    flash_alert("Domain <strong>$domain_name</strong> deleted", 'error');
 
     redirect();
 
 }
 
 if (isset($_POST['bulk_archive_domains'])) {
-    enforceUserPermission('module_support', 3);
+    
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+    
     if (isset($_POST['domain_ids'])) {
 
         // Get Selected Count
@@ -238,25 +235,25 @@ if (isset($_POST['bulk_archive_domains'])) {
 
             mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
 
-            // Individual Contact logging
             logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
         }
 
-        // Bulk Logging
         logAction("Domain", "Bulk Archive", "$session_name archived $count domain(s)", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Archived <strong>$count</strong> domain(s)";
+        flash_alert("Archived <strong>$count</strong> domain(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_unarchive_domains'])) {
-    enforceUserPermission('module_support', 3);
+    
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+
     if (isset($_POST['domain_ids'])) {
 
         // Get Selected Count
@@ -275,25 +272,26 @@ if (isset($_POST['bulk_unarchive_domains'])) {
 
             mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
 
-            // Individual logging
             logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
 
         }
 
-        // Bulk Logging
         logAction("Domain", "Bulk Unarchive", "$session_name unarchived $count domain(s)", $client_id);
 
-        $_SESSION['alert_message'] = "Unarchived <strong>$count</strong> domain(s)";
+        flash_alert("Unarchived <strong>$count</strong> domain(s)");
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_delete_domains'])) {
-    enforceUserPermission('module_support', 3);
+    
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+    
     if (isset($_POST['domain_ids'])) {
 
         // Get Selected Count
@@ -311,20 +309,18 @@ if (isset($_POST['bulk_delete_domains'])) {
             $client_id = intval($row['domain_client_id']);
 
             mysqli_query($mysqli, "DELETE FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id");
-            
-            // Logging
+
             logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
         }
 
-        // Logging
         logAction("Domain", "Bulk Delete", "$session_name deleted $count domain(s)", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> domain(s)";
+        flash_alert("Deleted <strong>$count</strong> domain(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['export_domains_csv'])) {
@@ -371,7 +367,6 @@ if (isset($_POST['export_domains_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Domain", "Export", "$session_name exported $num_rows domain(s)", $client_id);
 
     exit;
diff --git a/user/post/event.php b/user/post/event.php
index 8961fbf6..0a1f8111 100644
--- a/user/post/event.php
+++ b/user/post/event.php
@@ -15,10 +15,9 @@ if (isset($_POST['add_calendar'])) {
 
     $calendar_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Calendar", "Create", "$session_name created calendar $name", 0, $calendar_id);
 
-    $_SESSION['alert_message'] = "Calendar <strong>$name</strong> created";
+    flash_alert("Calendar <strong>$name</strong> created");
 
     redirect();
 
@@ -32,10 +31,9 @@ if (isset($_POST['edit_calendar'])) {
 
     mysqli_query($mysqli,"UPDATE calendars SET calendar_name = '$name', calendar_color = '$color' WHERE calendar_id = $calendar_id");
 
-    // Logging
     logAction("Calendar", "Edit", "$session_name edited calendar $name", 0, $calendar_id);
 
-    $_SESSION['alert_message'] = "Calendar <strong>$name</strong> edited";
+    flash_alert("Calendar <strong>$name</strong> edited");
 
     redirect();
 
@@ -45,15 +43,12 @@ if (isset($_POST['add_event'])) {
 
     require_once 'event_model.php';
 
-
     mysqli_query($mysqli,"INSERT INTO calendar_events SET event_title = '$title', event_location = '$location', event_description = '$description', event_start = '$start', event_end = '$end', event_repeat = '$repeat', event_calendar_id = $calendar_id, event_client_id = $client");
 
     $event_id = mysqli_insert_id($mysqli);
 
-    //Get Calendar Name
-    $sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE calendar_id = $calendar_id");
-    $row = mysqli_fetch_array($sql);
-    $calendar_name = sanitizeInput($row['calendar_name']);
+    // Get Calendar Name
+    $calendar_name = sanitizeInput(getFieldById('calendars', $calendar_id, 'calendar_name'));
 
     //If email is checked
     if ($email_event == 1) {
@@ -106,10 +101,9 @@ if (isset($_POST['add_event'])) {
 
     } // End mail IF
 
-    // Logging
     logAction("Calendar Event", "Create", "$session_name created a calendar event titled $title in calendar $calendar_name", $client, $event_id);
 
-    $_SESSION['alert_message'] = "Event <strong>$title</strong> created in calendar <strong>$calendar_name</strong>";
+    flash_alert("Event <strong>$title</strong> created in calendar <strong>$calendar_name</strong>");
 
     redirect();
 
@@ -174,16 +168,16 @@ if (isset($_POST['edit_event'])) {
 
     } // End mail IF
 
-    //Logging
     logAction("Calendar Event", "Edit", "$session_name edited calendar event $title", $client, $event_id);
 
-    $_SESSION['alert_message'] = "Calendar event titled <strong>$title</strong> edited";
+    flash_alert("Calendar event titled <strong>$title</strong> edited");
 
     redirect();
 
 }
 
 if (isset($_GET['delete_event'])) {
+    
     $event_id = intval($_GET['delete_event']);
 
     // Get Event Title
@@ -194,11 +188,9 @@ if (isset($_GET['delete_event'])) {
 
     mysqli_query($mysqli,"DELETE FROM calendar_events WHERE event_id = $event_id");
 
-    // Logging
     logAction("Calendar Event", "Delete", "$session_name deleted calendar event $event_title", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Calendar event titled <strong>$event_title</strong> deleted";
+    flash_alert("Calendar event titled <strong>$event_title</strong> deleted", 'error');
 
     redirect();
 
diff --git a/user/post/expense.php b/user/post/expense.php
index 61cea58a..89fd1c75 100644
--- a/user/post/expense.php
+++ b/user/post/expense.php
@@ -33,10 +33,9 @@ if (isset($_POST['add_expense'])) {
         }
     }
 
-    //Logging
     logAction("Expense", "Create", "$session_name created expense $description", $client, $expense_id);
 
-    $_SESSION['alert_message'] = "Expense added" . $extended_alert_description;
+    flash_alert("Expense added" . $extended_alert_description);
 
     redirect();
 
@@ -46,13 +45,10 @@ if (isset($_POST['edit_expense'])) {
 
     require_once 'expense_model.php';
 
-
     $expense_id = intval($_POST['expense_id']);
 
     // Get old receipt
-    $sql = mysqli_query($mysqli,"SELECT expense_receipt FROM expenses WHERE expense_id = $expense_id");
-    $row = mysqli_fetch_array($sql);
-    $existing_file_name = sanitizeInput($row['expense_receipt']);
+    $existing_file_name = sanitizeInput(getFieldById('expenses', $expense_id, 'expense_receipt'));
 
     // Check for and process attachment
     $extended_alert_description = '';
@@ -76,16 +72,16 @@ if (isset($_POST['edit_expense'])) {
 
     mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id");
 
-    // Logging
     logAction("Expense", "Edit", "$session_name edited expense $description", $client, $expense_id);
 
-    $_SESSION['alert_message'] = "Expense modified" . $extended_alert_description;
+    flash_alert("Expense modified" . $extended_alert_description);
 
     redirect();
 
 }
 
 if (isset($_GET['delete_expense'])) {
+    
     $expense_id = intval($_GET['delete_expense']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id");
@@ -98,10 +94,9 @@ if (isset($_GET['delete_expense'])) {
 
     mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id");
 
-    // Logging
     logAction("Expense", "Delete", "$session_name deleted expense $expense_description", $client_id);
 
-    $_SESSION['alert_message'] = "Expense deleted";
+    flash_alert("Expense deleted", 'error');
 
     redirect();
 
@@ -112,9 +107,7 @@ if (isset($_POST['bulk_edit_expense_category'])) {
     $category_id = intval($_POST['bulk_category_id']);
 
     // Get Category name for logging and Notification
-    $sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
-    $row = mysqli_fetch_array($sql);
-    $category_name = sanitizeInput($row['category_name']);
+    $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
 
     // Assign category to Selected Expenses
     if (isset($_POST['expense_ids'])) {
@@ -133,18 +126,17 @@ if (isset($_POST['bulk_edit_expense_category'])) {
 
             mysqli_query($mysqli,"UPDATE expenses SET expense_category_id = $category_id WHERE expense_id = $expense_id");
 
-            // Logging
             logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to category $category_name", $client_id, $expense_id);
 
         } // End Assign Loop
 
-        // Logging
         logAction("Expense", "Bulk Edit", "$session_name assigned $count expenses to category $category_name");
 
-        $_SESSION['alert_message'] = "You assigned expense category <strong>$category_name</strong> to <strong>$count</strong> expense(s)";
+        flash_alert("You assigned expense category <strong>$category_name</strong> to <strong>$count</strong> expense(s)");
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_edit_expense_account'])) {
@@ -152,9 +144,7 @@ if (isset($_POST['bulk_edit_expense_account'])) {
     $account_id = intval($_POST['bulk_account_id']);
 
     // Get Account name for logging and Notification
-    $sql = mysqli_query($mysqli,"SELECT account_name FROM accounts WHERE account_id = $account_id");
-    $row = mysqli_fetch_array($sql);
-    $account_name = sanitizeInput($row['account_name']);
+    $account_name = sanitizeInput(getFieldById('accounts', $account_id, 'account_name'));
 
     // Assign account to Selected Expenses
     if (isset($_POST['expense_ids'])) {
@@ -173,18 +163,17 @@ if (isset($_POST['bulk_edit_expense_account'])) {
 
             mysqli_query($mysqli,"UPDATE expenses SET expense_account_id = $account_id WHERE expense_id = $expense_id");
 
-            // Logging
             logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to account $account_name", $client_id, $expense_id);
 
         } // End Assign Loop
 
-        // Logging
         logAction("Expense", "Bulk Edit", "$session_name assigned $count expense(s) to account $account_name");
 
-        $_SESSION['alert_message'] = "You assigned account <strong>$account_name</strong> to <strong>$count</strong> expense(s)";
+        flash_alert("You assigned account <strong>$account_name</strong> to <strong>$count</strong> expense(s)");
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_edit_expense_client'])) {
@@ -192,9 +181,7 @@ if (isset($_POST['bulk_edit_expense_client'])) {
     $client_id = intval($_POST['bulk_client_id']);
 
     // Get Client name for logging and Notification
-    $sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
-    $row = mysqli_fetch_array($sql);
-    $client_name = sanitizeInput($row['client_name']);
+    $client_name = sanitizeInput(getFieldById('clients', $client_id, 'client_name'));
 
     // Assign Client to Selected Expenses
     if (isset($_POST['expense_ids'])) {
@@ -206,27 +193,27 @@ if (isset($_POST['bulk_edit_expense_client'])) {
             $expense_id = intval($expense_id);
 
             // Get Expense Details for Logging
-            $sql = mysqli_query($mysqli,"SELECT expense_description FROM expenses WHERE expense_id = $expense_id");
-            $row = mysqli_fetch_array($sql);
-            $expense_description = sanitizeInput($row['expense_description']);
+            $expense_description = sanitizeInput(getFieldById('expenses', $expense_id, 'expense_description'));
 
             mysqli_query($mysqli,"UPDATE expenses SET expense_client_id = $client_id WHERE expense_id = $expense_id");
 
-            // Logging
             logAction("Expense", "Edit", "$session_name assigned expense $expense_descrition to client $client_name", $client_id, $expense_id);
 
         } // End Assign Loop
 
-        $_SESSION['alert_message'] = "You assigned Client <b>$client_name</b> to <b>$expense_count</b> expenses";
+       flash_alert("You assigned Client <b>$client_name</b> to <b>$expense_count</b> expenses");
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_delete_expenses'])) {
-    validateAdminRole();
+    
     validateCSRFToken($_POST['csrf_token']);
 
+    validateAdminRole();
+
     if (isset($_POST['expense_ids'])) {
 
         // Get Selected Count
@@ -246,24 +233,23 @@ if (isset($_POST['bulk_delete_expenses'])) {
             unlink("../uploads/expenses/$expense_receipt");
 
             mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id");
-            
-            // Logging
+
             logAction("Expense", "Delete", "$session_name deleted expense $expense_descrition", $client_id);
 
         }
 
-        // Logging
         logAction("Expense", "Bulk Delete", "$session_name deleted $count expense(s)");
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> expense(s)";
+        flash_alert("Deleted <strong>$count</strong> expense(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['export_expenses_csv'])) {
+    
     $date_from = sanitizeInput($_POST['date_from']);
     $date_to = sanitizeInput($_POST['date_to']);
     $account = intval($_POST['account']);
@@ -343,10 +329,10 @@ if (isset($_POST['export_expenses_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Expense", "Export", "$session_name exported $num_rows expense(s) to CSV file");
 
     exit;
+
 }
 
 if (isset($_POST['create_recurring_expense'])) {
@@ -372,10 +358,9 @@ if (isset($_POST['create_recurring_expense'])) {
 
     $recurring_expense_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Recurring Expense", "Create", "$session_name created recurring expense $description", $client_id, $recurring_expense_id);
 
-    $_SESSION['alert_message'] = "Recurring Expense created";
+    flash_alert("Recurring Expense created");
 
     redirect();
 
@@ -403,10 +388,9 @@ if (isset($_POST['edit_recurring_expense'])) {
 
     mysqli_query($mysqli,"UPDATE recurring_expenses SET recurring_expense_frequency = $frequency, recurring_expense_day = $day, recurring_expense_month = $month, recurring_expense_next_date = '$start_date', recurring_expense_description = '$description', recurring_expense_reference = '$reference', recurring_expense_amount = $amount, recurring_expense_currency_code = '$session_company_currency', recurring_expense_vendor_id = $vendor, recurring_expense_client_id = $client_id, recurring_expense_category_id = $category, recurring_expense_account_id = $account WHERE recurring_expense_id = $recurring_expense_id");
 
-    //Logging
     logAction("Recurring Expense", "Edit", "$session_name edited recurring expense $description", $client_id, $recurring_expense_id);
 
-    $_SESSION['alert_message'] = "Recurring Expense edited";
+    flash_alert("Recurring Expense edited");
 
     redirect();
 
@@ -423,11 +407,9 @@ if (isset($_GET['delete_recurring_expense'])) {
 
     mysqli_query($mysqli,"DELETE FROM recurring_expenses WHERE recurring_expense_id = $recurring_expense_id");
 
-    // Logging
     logAction("Recurring Expense", "Delete", "$session_name deleted recurring expense $recurring_expense_description", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Recurring Expense deleted";
+    flash_alert("Recurring Expense deleted", 'error');
 
     redirect();
 
diff --git a/user/post/file.php b/user/post/file.php
index fb1441c3..60329b99 100644
--- a/user/post/file.php
+++ b/user/post/file.php
@@ -60,8 +60,7 @@ if (isset($_POST['upload_files'])) {
             $dest_path       = $upload_file_dir . $file_reference_name;
 
             if (!move_uploaded_file($file_tmp_path, $dest_path)) {
-                $_SESSION['alert_type'] = 'error';
-                $_SESSION['alert_message'] = 'Error moving file to upload directory. Please ensure the directory is writable.';
+                flash_alert('Error moving file to upload directory. Please ensure the directory is writable.', 'error');
                 continue; // Skip processing this file
             }
 
@@ -189,15 +188,14 @@ if (isset($_POST['upload_files'])) {
                 mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
             }
 
-            // Log upload action
             logAction("File", "Upload", "$session_name uploaded file $file_name", $client_id, $file_id);
-            $_SESSION['alert_message'] = "Uploaded file <strong>$file_name</strong>";
+            
+            flash_alert("Uploaded file <strong>$file_name</strong>");
         }
     }
 
-    // Redirect after processing
     redirect();
-    exit;
+
 }
 
 
@@ -218,10 +216,9 @@ if (isset($_POST['rename_file'])) {
     // file edit query
     mysqli_query($mysqli,"UPDATE files SET file_name = '$file_name' ,file_description = '$file_description' WHERE file_id = $file_id");
 
-    // Logging
     logAction("File", "Rename", "$session_name renamed file $old_file_name to $file_name", $client_id, $file_id);
 
-    $_SESSION['alert_message'] = "Renamed file <strong>$old_file_name</strong> to <strong>$file_name</strong>";
+    flash_alert("Renamed file <strong>$old_file_name</strong> to <strong>$file_name</strong>");
 
     redirect();
 
@@ -241,16 +238,13 @@ if (isset($_POST['move_file'])) {
     $client_id = intval($row['file_client_id']);
 
     // Get Folder Name for Logging
-    $sql = mysqli_query($mysqli,"SELECT folder_name FROM folders WHERE folder_id = $folder_id");
-    $row = mysqli_fetch_array($sql);
-    $folder_name = sanitizeInput($row['folder_name']);
+    $folder_name = sanitizeInput(getFieldById('folders', $folder_id, 'folder_name'));
 
     mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
 
-    // Logging
     logAction("File", "Move", "$session_name moved file $file_name to $folder_name", $client_id, $file_id);
 
-    $_SESSION['alert_message'] = "File <strong>$file_name</strong> moved to <strong>$folder_name</strong>";
+    flash_alert("File <strong>$file_name</strong> moved to <strong>$folder_name</strong>");
 
     redirect();
 
@@ -270,11 +264,9 @@ if (isset($_GET['archive_file'])) {
 
     mysqli_query($mysqli,"UPDATE files SET file_archived_at = NOW() WHERE file_id = $file_id");
 
-    //logging
     logAction("File", "Archive", "$session_name archived file $file_name", $client_id, $file_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "File <strong>$file_name</strong> archived";
+    flash_alert("File <strong>$file_name</strong> archived", 'error');
 
     redirect();
 
@@ -282,9 +274,10 @@ if (isset($_GET['archive_file'])) {
 
 if (isset($_POST['delete_file'])) {
 
-    enforceUserPermission('module_support', 3);
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+
     $file_id = intval($_POST['file_id']);
 
     $sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
@@ -306,11 +299,9 @@ if (isset($_POST['delete_file'])) {
 
     mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
 
-    //Logging
     logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "File <strong>$file_name</strong> deleted";
+    flash_alert("File <strong>$file_name</strong> deleted", 'alert');
 
     redirect();
 
@@ -318,9 +309,10 @@ if (isset($_POST['delete_file'])) {
 
 if (isset($_POST['bulk_delete_files'])) {
 
-    enforceUserPermission('module_support', 3);
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+
     // Delete file loop
     if (isset($_POST['file_ids'])) {
 
@@ -350,15 +342,12 @@ if (isset($_POST['bulk_delete_files'])) {
 
             mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
 
-            // Log each invidual file deletion
             logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
         }
 
-        // Log the bulk delete action
         logAction("File", "Bulk Delete", "$session_name deleted $file_count file(s)", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "You deleted <strong>$file_count</strong> files";
+        flash_alert("You deleted <strong>$file_count</strong> files", 'error');
     }
 
     redirect();
@@ -367,9 +356,10 @@ if (isset($_POST['bulk_delete_files'])) {
 
 if (isset($_POST['bulk_move_files'])) {
 
-    enforceUserPermission('module_support', 2);
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_support', 2);
+    
     $folder_id = intval($_POST['bulk_folder_id']);
 
     // Get folder name for logging and Notification
@@ -386,22 +376,19 @@ if (isset($_POST['bulk_move_files'])) {
         // Move Documents to Folder Loop
         foreach($_POST['file_ids'] as $file_id) {
             $file_id = intval($file_id);
+            
             // Get file name for logging
-            $sql = mysqli_query($mysqli,"SELECT file_name FROM files WHERE file_id = $file_id");
-            $row = mysqli_fetch_array($sql);
-            $file_name = sanitizeInput($row['file_name']);
+            $file_name = sanitizeInput(getFieldById('files', $file_id, 'file_name'));
 
             // file move query
             mysqli_query($mysqli,"UPDATE files SET file_folder_id = $folder_id WHERE file_id = $file_id");
 
-            // Logging
             logAction("File", "Move", "$session_name moved file $file_name to folder $folder_name", $client_id, $file_id);
         }
 
-        //Logging
         logAction("File", "Bulk Move", "$session_name moved $file_count file(s) to folder $folder_name", $client_id);
 
-        $_SESSION['alert_message'] = "Moved <strong>$file_count</strong> files to the folder <strong>$folder_name</strong>";
+        flash_alert("Moved <strong>$file_count</strong> files to the folder <strong>$folder_name</strong>");
     }
 
     redirect();
@@ -422,17 +409,14 @@ if (isset($_POST['link_asset_to_file'])) {
     $client_id = intval($row['file_client_id']);
 
     // Get Asset Name for Logging
-    $sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
-    $row = mysqli_fetch_array($sql);
-    $asset_name = sanitizeInput($row['asset_name']);
+    $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
 
     // Contact add query
     mysqli_query($mysqli,"INSERT INTO asset_files SET asset_id = $asset_id, file_id = $file_id");
 
-    // Logging
     logAction("File", "Link", "$session_name linked asset $asset_name to file $file_name", $client_id, $file_id);
 
-    $_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> linked to File <strong>$file_name</strong>";
+    flash_alert("Asset <strong>$asset_name</strong> linked to File <strong>$file_name</strong>");
 
     redirect();
 
@@ -452,16 +436,13 @@ if (isset($_GET['unlink_asset_from_file'])) {
     $client_id = intval($row['file_client_id']);
 
     // Get Asset Name for Logging
-    $sql = mysqli_query($mysqli,"SELECT asset_name FROM assets WHERE asset_id = $asset_id");
-    $row = mysqli_fetch_array($sql);
-    $asset_name = sanitizeInput($row['asset_name']);
+    $asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
 
     mysqli_query($mysqli,"DELETE FROM asset_files WHERE asset_id = $asset_id AND file_id = $file_id");
 
-    //Logging
     logAction("File", "Link", "$session_name unlinked asset $asset_name from file $file_name", $client_id, $file_id);
 
-    $_SESSION['alert_message'] = "Asset <strong>$asset_name</strong> unlinked from File <strong>$file_name</strong>";
+    flash_alert("Asset <strong>$asset_name</strong> unlinked from File <strong>$file_name</strong>");
 
     redirect();
 
diff --git a/user/post/folder.php b/user/post/folder.php
index 639034f1..b0d25b91 100644
--- a/user/post/folder.php
+++ b/user/post/folder.php
@@ -19,10 +19,9 @@ if (isset($_POST['create_folder'])) {
     $add_folder = mysqli_query($mysqli,"INSERT INTO folders SET folder_name = '$folder_name', parent_folder = $parent_folder, folder_location = $folder_location, folder_client_id = $client_id");
     $folder_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Folder", "Create", "$session_name created folder $folder_name", $client_id, $folder_id);
 
-    $_SESSION['alert_message'] = "Folder <strong>$folder_name</strong> created";
+    flash_alert("Folder <strong>$folder_name</strong> created");
 
     redirect();
 
@@ -44,10 +43,9 @@ if (isset($_POST['rename_folder'])) {
     // Folder edit query
     mysqli_query($mysqli,"UPDATE folders SET folder_name = '$folder_name' WHERE folder_id = $folder_id");
 
-    //Logging
     logAction("Folder", "Rename", "$session_name renamed folder $old_folder_name to $folder_name", $client_id, $folder_id);
 
-    $_SESSION['alert_message'] = "Folder <strong>$old_folder_name</strong> renamed to <strong>$folder_name</strong>";
+    flash_alert("Folder <strong>$old_folder_name</strong> renamed to <strong>$folder_name</strong>");
 
     redirect();
 
@@ -75,11 +73,9 @@ if (isset($_GET['delete_folder'])) {
         mysqli_query($mysqli,"UPDATE documents SET document_folder_id = 0 WHERE document_id = $document_id");
     }
 
-    //Logging
     logAction("Folder", "Delete", "$session_name deleted folder $folder_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Folder <strong>$folder_name</strong> deleted";
+    flash_alert("Folder <strong>$folder_name</strong> deleted", 'error');
 
     redirect();
 
diff --git a/user/post/invoice.php b/user/post/invoice.php
index f48e4ecd..c5d704ba 100644
--- a/user/post/invoice.php
+++ b/user/post/invoice.php
@@ -12,10 +12,8 @@ if (isset($_POST['add_invoice'])) {
 
     $client_id = intval($_POST['client']);
 
-    //Get Net Terms
-    $sql = mysqli_query($mysqli,"SELECT client_net_terms FROM clients WHERE client_id = $client_id");
-    $row = mysqli_fetch_array($sql);
-    $client_net_terms = intval($row['client_net_terms']);
+    // Get Net Terms
+    $client_net_terms = intval(getFieldById('clients', $client_id, 'client_net_terms'));
 
     //Get the last Invoice Number and add 1 for the new invoice number
     $invoice_number = $config_invoice_next_number;
@@ -31,14 +29,14 @@ if (isset($_POST['add_invoice'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created', history_invoice_id = $invoice_id");
 
-    // Logging
     logAction("Invoice", "Create", "$session_name created Invoice $config_invoice_prefix$invoice_number - $scope", $client_id, $invoice_id);
 
     customAction('invoice_create', $invoice_id);
 
-    $_SESSION['alert_message'] = "Invoice <strong>$config_invoice_prefix$invoice_number</strong> created";
+    flash_alert("Invoice <strong>$config_invoice_prefix$invoice_number</strong> created");
+
+    redirect("invoice.php?invoice_id=$invoice_id");
 
-    header("Location: invoice.php?invoice_id=$invoice_id");
 }
 
 if (isset($_POST['edit_invoice'])) {
@@ -67,10 +65,9 @@ if (isset($_POST['edit_invoice'])) {
 
     mysqli_query($mysqli,"UPDATE invoices SET invoice_scope = '$scope', invoice_date = '$date', invoice_due = '$due', invoice_category_id = $category, invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount' WHERE invoice_id = $invoice_id");
 
-    // Logging
     logAction("Invoice", "Edit", "$session_name edited Invoice $invoice_prefix$invoice_number - $scope", $client_id, $invoice_id);
 
-    $_SESSION['alert_message'] = "Invoice <strong>$invoice_prefix$invoice_number</strong> edited";
+    flash_alert("Invoice <strong>$invoice_prefix$invoice_number</strong> edited");
 
     redirect();
 
@@ -127,14 +124,13 @@ if (isset($_POST['add_invoice_copy'])) {
         mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_invoice_id = $new_invoice_id");
     }
 
-    //Logging
     logAction("Invoice", "Create", "$session_name created new Invoice $config_invoice_prefix$new_invoice_number from $old_invoice_prefix$old_invoice_prefix", $client_id, $new_invoice_id);
 
     customAction('invoice_create', $new_invoice_id);
 
-    $_SESSION['alert_message'] = "Created new Invoice <strong>$config_invoice_prefix$new_invoice_number</strong> from <strong>$old_invoice_prefix$old_invoice_prefix</strong>";
+    flash_alert("Created new Invoice <strong>$config_invoice_prefix$new_invoice_number</strong> from <strong>$old_invoice_prefix$old_invoice_prefix</strong>");
 
-    header("Location: invoice.php?invoice_id=$new_invoice_id");
+    redirect("invoice.php?invoice_id=$new_invoice_id");
 
 }
 
@@ -182,12 +178,11 @@ if (isset($_POST['add_invoice_recurring'])) {
         mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_recurring_invoice_id = $recurring_invoice_id");
     }
 
-    // Logging
     logAction("Recurring Invoice", "Create", "$session_name created recurring Invoice from Invoice $invoice_prefix$invoice_number", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_message'] = "Created recurring Invoice from Invoice <strong>$invoice_prefix$invoice_number</strong>";
+    flash_alert("Created recurring Invoice from Invoice <strong>$invoice_prefix$invoice_number</strong>");
 
-    header("Location: recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
+    redirect("recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
 
 }
 
@@ -210,12 +205,11 @@ if (isset($_POST['add_recurring_invoice'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Active', history_description = 'Recurring Invoice created', history_recurring_invoice_id = $recurring_invoice_id");
 
-    //Logging
     logAction("Recurring Invoice", "Create", "$session_name created recurring invoice $config_recurring_invoice_prefix$recurring_invoice_number - $scope", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_message'] = "Recurring Invoice <strong>$config_recurring_invoice_prefix$recurring_invoice_number</strong> created";
+    flash_alert("Recurring Invoice <strong>$config_recurring_invoice_prefix$recurring_invoice_number</strong> created");
 
-    header("Location: recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
+    redirect("recurring_invoice.php?recurring_invoice_id=$recurring_invoice_id");
 
 }
 
@@ -249,16 +243,16 @@ if (isset($_POST['edit_recurring_invoice'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = '$status', history_description = 'Recurring Invoice edited', history_recurring_invoice_id = $recurring_invoice_id");
 
-    // Logging
     logAction("Recurring Invoice", "Edit", "$session_name edited recurring invoice $recurring_invoice_prefix$recurring_invoice_number - $scope", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_message'] = "Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> edited";
+    flash_alert("Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> edited");
 
     redirect();
 
 }
 
 if (isset($_GET['delete_recurring_invoice'])) {
+    
     $recurring_invoice_id = intval($_GET['delete_recurring_invoice']);
 
     // Get Recurring Invoice Details and Client ID for Logging
@@ -285,11 +279,9 @@ if (isset($_GET['delete_recurring_invoice'])) {
         mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
     }
 
-    // Logging
     logAction("Recurring Invoice", "Delete", "$session_name deleted recurring invoice $recurring_invoice_prefix$recurring_invoice_number - $recurring_invoice_scope", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> deleted";
+    flash_alert("Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong> deleted", 'error');
 
     redirect();
 
@@ -339,10 +331,9 @@ if (isset($_POST['add_recurring_invoice_item'])) {
 
     mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_amount = $recurring_invoice_amount WHERE recurring_invoice_id = $recurring_invoice_id");
 
-    // Logging
     logAction("Recurring Invoice", "Edit", "$session_name added item $name to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_message'] = "Item <srrong>$name</strong> added to Recurring Invoice";
+    flash_alert("Item <srrong>$name</strong> added to Recurring Invoice");
 
     redirect();
 
@@ -362,16 +353,16 @@ if (isset($_POST['recurring_invoice_note'])) {
 
     mysqli_query($mysqli,"UPDATE recurring_invoices SET recurring_invoice_note = '$note' WHERE recurring_invoice_id = $recurring_invoice_id");
 
-    // Logging
     logAction("Recurring Invoice", "Edit", "$session_name added note to recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_message'] = "Notes added";
+    flash_alert("Notes added");
 
     redirect();
 
 }
 
 if (isset($_GET['delete_recurring_invoice_item'])) {
+    
     $item_id = intval($_GET['delete_recurring_invoice_item']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
@@ -394,11 +385,9 @@ if (isset($_GET['delete_recurring_invoice_item'])) {
 
     mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
 
-    // Logging
     logAction("Recurring Invoice", "Edit", "$session_name removed item $item_name from recurring invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Item <strong>$item_name</strong> removed";
+    flash_alert("Item <strong>$item_name</strong> removed", 'error');
 
     redirect();
 
@@ -419,14 +408,14 @@ if (isset($_GET['mark_invoice_sent'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice marked sent', history_invoice_id = $invoice_id");
 
-    // Logging
     logAction("Invoice", "Edit", "$session_name marked invoice $invoice_prefix$invoice_number sent", $client_id, $invoice_id);
 
-    $_SESSION['alert_message'] = "Invoice marked sent";
+    flash_alert("Invoice marked sent");
 
     redirect();
 
 }
+
 if (isset($_GET['mark_invoice_non-billable'])) {
 
     $invoice_id = intval($_GET['mark_invoice_non-billable']);
@@ -442,10 +431,9 @@ if (isset($_GET['mark_invoice_non-billable'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Non-Billable', history_description = 'INVOICE marked Non-Billable', history_invoice_id = $invoice_id");
 
-    //Logging
     logAction("Invoice", "Edit", "$session_name marked invoice $invoice_prefix$invoice_number Non-Billable", $client_id, $invoice_id);
 
-    $_SESSION['alert_message'] = "Invoice marked Non-Billable";
+    flash_alert("Invoice marked Non-Billable");
 
     redirect();
 
@@ -466,17 +454,16 @@ if (isset($_GET['cancel_invoice'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Cancelled', history_description = 'Invoice cancelled', history_invoice_id = $invoice_id");
 
-    // Logging
     logAction("Invoice", "Edit", "$session_name cancelled invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Invoice <strong>$invoice_prefix$invoice_number</strong> cancelled";
+    flash_alert("Invoice <strong>$invoice_prefix$invoice_number</strong> cancelled", 'error');
 
     redirect();
 
 }
 
 if (isset($_GET['delete_invoice'])) {
+    
     $invoice_id = intval($_GET['delete_invoice']);
 
     // Get Invoice Number and Prefix and Client ID for Logging
@@ -512,17 +499,16 @@ if (isset($_GET['delete_invoice'])) {
     //unlink tickets from invoice
     mysqli_query($mysqli,"UPDATE tickets SET ticket_invoice_id = 0 WHERE ticket_invoice_id = $invoice_id");
 
-    // Logging
     logAction("Invoice", "Delete", "$session_name deleted invoice $invoice_prefix$invoice_number", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Invoice <strong>$invoice_prefix$invoice_number</strong> deleted";
+    flash_alert("Invoice <strong>$invoice_prefix$invoice_number</strong> deleted", 'error');
 
     redirect();
 
 }
 
 if (isset($_POST['add_invoice_item'])) {
+    
     enforceUserPermission('module_sales', 2);
 
     $invoice_id = intval($_POST['invoice_id']);
@@ -567,16 +553,16 @@ if (isset($_POST['add_invoice_item'])) {
 
     mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
 
-    // Logging
     logAction("Invoice", "Edit", "$session_name added item $name to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
-    $_SESSION['alert_message'] = "Item <strong>$name</strong> added to invoice";
+    flash_alert("Item <strong>$name</strong> added to invoice");
 
     redirect();
 
 }
 
 if (isset($_POST['invoice_note'])) {
+    
     enforceUserPermission('module_sales', 2);
 
     $invoice_id = intval($_POST['invoice_id']);
@@ -593,13 +579,14 @@ if (isset($_POST['invoice_note'])) {
 
     logAction("Invoice", "Edit", "$session_name added note to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
-    $_SESSION['alert_message'] = "Notes added";
+    flash_alert("Notes added");
 
     redirect();
 
 }
 
 if (isset($_POST['edit_item'])) {
+    
     enforceUserPermission('module_sales', 2);
 
     $item_id = intval($_POST['item_id']);
@@ -647,7 +634,6 @@ if (isset($_POST['edit_item'])) {
 
         mysqli_query($mysqli,"UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id");
 
-        // Logging
         logAction("Invoice", "Edit", "$session_name edited item $name on invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
     } elseif ($quote_id > 0) {
@@ -666,7 +652,6 @@ if (isset($_POST['edit_item'])) {
 
         mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
 
-        // Logging
         logAction("Quote", "Edit", "$session_name edited item $name on quote $quote_prefix$quote_number", $client_id, $quote_id);
 
     } else {
@@ -690,13 +675,14 @@ if (isset($_POST['edit_item'])) {
 
     }
 
-    $_SESSION['alert_message'] = "Item <strong>$name</strong> updated";
+    flash_alert("Item <strong>$name</strong> updated");
 
     redirect();
 
 }
 
 if (isset($_GET['delete_invoice_item'])) {
+    
     enforceUserPermission('module_sales', 2);
 
     $item_id = intval($_GET['delete_invoice_item']);
@@ -721,17 +707,16 @@ if (isset($_GET['delete_invoice_item'])) {
 
     mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
 
-    // Logging
     logAction("Invoice", "Delete", "$session_name removed item $item_name from invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Item <strong>$item_name</strong> removed from invoice";
+    flash_alert("Item <strong>$item_name</strong> removed from invoice", 'error');
 
     redirect();
 
 }
 
 if (isset($_POST['add_payment'])) {
+    
     enforceUserPermission('module_sales', 2);
     enforceUserPermission('module_financial', 2);
 
@@ -747,7 +732,7 @@ if (isset($_POST['add_payment'])) {
 
     //Check to see if amount entered is greater than the balance of the invoice
     if ($amount > $balance) {
-        $_SESSION['alert_message'] = "Payment is more than the balance";
+        flash_alert("Payment can not be more than the balance", 'error');
         redirect();
     } else {
         mysqli_query($mysqli,"INSERT INTO payments SET payment_date = '$date', payment_amount = $amount, payment_currency_code = '$currency_code', payment_account_id = $account, payment_method = '$payment_method', payment_reference = '$reference', payment_invoice_id = $invoice_id");
@@ -883,15 +868,16 @@ if (isset($_POST['add_payment'])) {
         //Add Payment to History
         mysqli_query($mysqli,"INSERT INTO history SET history_status = '$invoice_status', history_description = 'Payment added', history_invoice_id = $invoice_id");
 
-        // Logging
         logAction("Invoice", "Payment", "Payment amount of " . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . " added to invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
         customAction('invoice_pay', $invoice_id);
 
-        $_SESSION['alert_message'] .= "Payment amount <strong>" . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "</strong> added";
+        flash_alert("Payment amount <strong>" . numfmt_format_currency($currency_format, $amount, $invoice_currency_code) . "</strong> added");
 
         redirect();
+
     }
+
 }
 
 if (isset($_POST['apply_credit'])) {
@@ -913,7 +899,7 @@ if (isset($_POST['apply_credit'])) {
 
     //Check to see if amount entered is greater than the balance of the invoice
     if ($amount > $invoice_balance) {
-        $_SESSION['alert_message'] = "Credit is more than the balance";
+        flash_alert("Credit can not be more than the balance", 'alert');
         redirect();
     }
 
@@ -957,16 +943,18 @@ if (isset($_POST['apply_credit'])) {
 
     customAction('invoice_pay', $invoice_id);
 
-    $_SESSION['alert_message'] .= "Credit amount <strong>" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "</strong> applied";
+    flash_alert("Credit amount <strong>" . numfmt_format_currency($currency_format, $amount, $session_company_currency) . "</strong> applied");
 
     redirect();
+
 }
 
 if (isset($_GET['add_payment_stripe'])) {
 
+    validateCSRFToken($_GET['csrf_token']);
+
     enforceUserPermission('module_sales', 2);
     enforceUserPermission('module_financial', 2);
-    validateCSRFToken($_GET['csrf_token']);
 
     $invoice_id = intval($_GET['invoice_id']);
 
@@ -1016,20 +1004,14 @@ if (isset($_GET['add_payment_stripe'])) {
 
     // Sanity checks
     if (!$config_stripe_enable || !$stripe_id || !$stripe_pm) {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Stripe not enabled or no client card saved";
+        flash_alert("Stripe not enabled or no client card saved", 'error');
         redirect();
-        exit();
     } elseif ($invoice_status !== 'Sent' && $invoice_status !== 'Viewed') {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Invalid invoice state (draft/partial/paid/not billable)";
+        flash_alert("Invalid invoice state (draft/partial/paid/not billable)", 'error');
         redirect();
-        exit();
     } elseif ($invoice_amount == 0) {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Invalid invoice amount";
+        flash_alert("Invalid invoice amount", 'error');
         redirect();
-        exit();
     }
 
     // Initialize Stripe
@@ -1136,21 +1118,23 @@ if (isset($_GET['add_payment_stripe'])) {
         logAction("Invoice", "Payment", "$session_name initiated Stripe payment amount of " . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . " added to invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc", $client_id, $invoice_id);
         customAction('invoice_pay', $invoice_id);
 
-        $_SESSION['alert_message'] .= "Payment amount <strong>" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "</strong> added";
+        flash_alert("Payment amount <strong>" . numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code) . "</strong> added");
+        
         redirect();
 
     } else {
         mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe pay failed due to payment error', history_invoice_id = $invoice_id");
+        
         logAction("Invoice", "Payment", "Failed online payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $invoice_id);
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Payment failed";
+        flash_alert("Payment failed", 'error');
+        
         redirect();
-        exit();
     }
 
 }
 
 if (isset($_POST['add_bulk_payment'])) {
+    
     enforceUserPermission('module_sales', 2);
     enforceUserPermission('module_financial', 2);
 
@@ -1167,10 +1151,8 @@ if (isset($_POST['add_bulk_payment'])) {
 
     // Check if bulk_payment_amount exceeds total_account_balance
     if ($bulk_payment_amount > $total_account_balance) {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Payment exceeds Client Balance.";
+        flash_alert("Payment exceeds Client Balance.", 'error');
         redirect();
-        exit;
     }
 
     // Get Invoices
@@ -1271,20 +1253,20 @@ if (isset($_POST['add_bulk_payment'])) {
         // Email Logging
         logAction("Payment", "Email", "Bulk Payment receipt for multiple Invoices queued to $contact_email Email ID: $email_id", $client_id);
 
-        $_SESSION['alert_message'] .= "Email receipt queued and ";
+        $alert_message .= "Email receipt queued and ";
 
     } // End Email
 
-    // Logging
     logAction("Invoice", "Payment", "Bulk Payment amount of " . numfmt_format_currency($currency_format, $bulk_payment_amount_static, $currency_code) . " applied to multiple invoices", $client_id);
 
-    $_SESSION['alert_message'] .= "Bulk Payment added";
+    flash_alert("$alert_message Bulk Payment added");
 
-    // Redirect Back
     redirect();
+
 }
 
 if (isset($_GET['delete_payment'])) {
+    
     enforceUserPermission('module_sales', 2);
     enforceUserPermission('module_financial', 2);
 
@@ -1326,13 +1308,11 @@ if (isset($_GET['delete_payment'])) {
 
     mysqli_query($mysqli,"DELETE FROM payments WHERE payment_id = $payment_id");
 
-    // Logging
     logAction("Invoice", "Edit", "$session_name deleted Payment on Invoice $invoice_prefix$invoice_number", $client_id, $invoice_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Payment deleted";
+    flash_alert("Payment deleted", 'error');
     if ($config_stripe_enable) {
-        $_SESSION['alert_message'] = "Payment deleted - Stripe payments must be manually refunded in Stripe";
+       flash_alert("Payment deleted - Stripe payments must be manually refunded in Stripe", 'error');
     }
 
     redirect();
@@ -1340,6 +1320,7 @@ if (isset($_GET['delete_payment'])) {
 }
 
 if (isset($_GET['email_invoice'])) {
+    
     $invoice_id = intval($_GET['email_invoice']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM invoices
@@ -1416,7 +1397,8 @@ if (isset($_GET['email_invoice'])) {
     // Get Email ID for reference
     $email_id = mysqli_insert_id($mysqli);
 
-    $_SESSION['alert_message'] = "Invoice sent to mail queue! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>";
+    flash_alert("Invoice sent to mail queue! <a class='text-bold text-light' href='admin_mail_queue.php'>Check Admin > Mail queue</a>");
+    
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Invoice sent to the mail queue ID: $email_id', history_invoice_id = $invoice_id");
 
     // Don't change the status to sent if the status is anything but draft
@@ -1424,7 +1406,6 @@ if (isset($_GET['email_invoice'])) {
         mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Sent' WHERE invoice_id = $invoice_id");
     }
 
-    // Logging
     logAction("Invoice", "Email", "$session_name Emailed $contact_email Invoice $invoice_prefix$invoice_number Email queued to Email ID: $email_id", $client_id, $invoice_id);
 
     // Send copies of the invoice to any additional billing contacts
@@ -1454,7 +1435,6 @@ if (isset($_GET['email_invoice'])) {
             ]
         ];
 
-        // Logging
         logAction("Invoice", "Email", "$session_name Emailed $billing_contact_email Invoice $invoice_prefix$invoice_number Email queued Email ID: $email_id", $client_id, $invoice_id);
 
     }
@@ -1485,21 +1465,21 @@ if (isset($_POST['add_recurring_payment'])) {
     // Get Payment ID for reference
     $recurring_payment_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Recurring Invoice", "Auto Payment", "$session_name created Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $currency_code), $client_id, $recurring_invoice_id);
 
 
-    $_SESSION['alert_message'] = "Automatic Payment created for <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>";
+    flash_alert("Automatic Payment created for <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>");
 
     redirect();
+
 }
 
 if (isset($_GET['delete_recurring_payment'])) {
+    
     $recurring_payment_id = intval($_GET['delete_recurring_payment']);
 
-    $sql = mysqli_query($mysqli,"SELECT * FROM recurring_payments WHERE recurring_payment_id = $recurring_payment_id");
-    $row = mysqli_fetch_array($sql);
-    $recurring_invoice_id = intval($row['recurring_payment_recurring_invoice_id']);
+    // Get recurring Invoice ID
+    $recurring_invoice_id = intval(getFieldById('recurring_payments', $recurring_payment_id, 'recurring_payment_recurring_invoice_id'));
 
     // Get the invoice total and details
     $sql = mysqli_query($mysqli,"SELECT * FROM recurring_invoices WHERE recurring_invoice_id = $recurring_invoice_id");
@@ -1510,17 +1490,16 @@ if (isset($_GET['delete_recurring_payment'])) {
 
     mysqli_query($mysqli,"DELETE FROM recurring_payments WHERE recurring_payment_id = $recurring_payment_id");
 
-    // Logging
     logAction("Recurring Invoice", "Auto Payment", "$session_name removed auto Pay from Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Auto Payment Removed for Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>";
+    flash_alert("Auto Payment Removed for Recurring Invoice <strong>$recurring_invoice_prefix$recurring_invoice_number</strong>", 'error');
 
     redirect();
 
 }
 
 if (isset($_GET['force_recurring'])) {
+    
     $recurring_invoice_id = intval($_GET['force_recurring']);
 
     $sql_recurring_invoices = mysqli_query($mysqli,"SELECT * FROM recurring_invoices, clients WHERE client_id = recurring_invoice_client_id AND recurring_invoice_id = $recurring_invoice_id");
@@ -1664,12 +1643,11 @@ if (isset($_GET['force_recurring'])) {
 
     } //End Recurring Invoices Loop
 
-    // Logging
     logAction("Invoice", "Create", "$session_name forced recurring invoice into an invoice", $client_id, $new_invoice_id);
 
     customAction('invoice_create', $new_invoice_id);
 
-    $_SESSION['alert_message'] = "Recurring Invoice Forced";
+    flash_alert("Recurring Invoice Forced");
 
     redirect();
 
@@ -1710,25 +1688,24 @@ if (isset($_POST['set_recurring_payment'])) {
         // Get Payment ID for reference
         $recurring_payment_id = mysqli_insert_id($mysqli);
 
-        // Logging
         logAction("Recurring Invoice", "Auto Payment", "$session_name created Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $recurring_invoice_currency_code), $client_id, $recurring_invoice_id);
 
-        $_SESSION['alert_message'] = "Automatic Payment <strong>$saved_payment_description</strong> enabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number";
+        flash_alert("Automatic Payment <strong>$saved_payment_description</strong> enabled for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number");
     } else {
         // Delete
         mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id");
 
-        // Logging
         logAction("Recurring Invoice", "Auto Payment", "$session_name removed Auto Pay for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number in the amount of " . numfmt_format_currency($currency_format, $recurring_invoice_amount, $recurring_invoice_currency_code), $client_id, $recurring_invoice_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Automatic Payment <strong>Disabled</strong> for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number";
+        flash_alert("Automatic Payment <strong>Disabled</strong> for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", 'error');
     }
 
     redirect();
+
 }
 
 if (isset($_POST['export_invoices_csv'])) {
+    
     if (isset($_POST['client_id'])) {
         $client_id = intval($_POST['client_id']);
         $client_query = "AND invoice_client_id = $client_id";
@@ -1781,7 +1758,6 @@ if (isset($_POST['export_invoices_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Invoice", "Export", "$session_name exported $num_rows invoices to CSV file");
 
     exit;
@@ -1789,6 +1765,7 @@ if (isset($_POST['export_invoices_csv'])) {
 }
 
 if (isset($_POST['export_client_recurring_invoice_csv'])) {
+    
     $client_id = intval($_POST['client_id']);
 
     //get records from database
@@ -1829,7 +1806,6 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Recurring Invoice", "Export", "$session_name exported $num_rows recurring invoices to CSV file");
 
     exit;
@@ -1837,6 +1813,7 @@ if (isset($_POST['export_client_recurring_invoice_csv'])) {
 }
 
 if (isset($_POST['export_payments_csv'])) {
+    
     if (isset($_POST['client_id'])) {
         $client_id = intval($_POST['client_id']);
         $client_query = "AND invoice_client_id = $client_id";
@@ -1876,7 +1853,6 @@ if (isset($_POST['export_payments_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Payments", "Export", "$session_name exported $num_rows payments to CSV file");
 
     exit;
@@ -1884,6 +1860,7 @@ if (isset($_POST['export_payments_csv'])) {
 }
 
 if (isset($_GET['recurring_invoice_email_notify'])) {
+    
     $recurring_invoice_email_notify = intval($_GET['recurring_invoice_email_notify']);
     $recurring_invoice_id = intval($_GET['recurring_invoice_id']);
 
@@ -1902,35 +1879,38 @@ if (isset($_GET['recurring_invoice_email_notify'])) {
         $notify_wording = "Off";
     }
 
-    // Logging
     logAction("Recurring Invoice", "Edit", "$session_name turned $notify_wording Email Notifications for Recurring Invoice $recurring_invoice_prefix$recurring_invoice_number", $client_id, $recurring_invoice_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Email Notifications <strong>$notify_wording</strong>";
+    flash_alert("Email Notifications <strong>$notify_wording</strong>", 'error');
 
     redirect();
+
 }
 
 if (isset($_POST['link_invoice_to_ticket'])) {
+    
     $invoice_id = intval($_POST['invoice_id']);
     $ticket_id = intval($_POST['ticket_id']);
 
     mysqli_query($mysqli,"UPDATE invoices SET invoice_ticket_id = $ticket_id WHERE invoice_id = $invoice_id");
 
-    $_SESSION['alert_message'] = "Invoice linked to ticket";
+    flash_alert("Invoice linked to ticket");
 
     redirect();
+
 }
 
 if (isset($_POST['add_ticket_to_invoice'])) {
+    
     $invoice_id = intval($_POST['invoice_id']);
     $ticket_id = intval($_POST['ticket_id']);
 
     mysqli_query($mysqli,"UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
 
-    $_SESSION['alert_message'] = "Ticket linked to invoice";
+    flash_alert("Ticket linked to invoice");
+
+    redirect("post.php?add_ticket_to_invoice=$invoice_id");
 
-    header("Location: post.php?add_ticket_to_invoice=$invoice_id");
 }
 
 if (isset($_GET['export_invoice_pdf'])) {
@@ -2148,6 +2128,7 @@ if (isset($_GET['export_invoice_pdf'])) {
 
     $filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}");
     $pdf->Output("$filename.pdf", 'I');
+    
     exit;
 
 }
@@ -2157,9 +2138,7 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
     $category_id = intval($_POST['bulk_category_id']);
 
     // Get Category name for logging and Notification
-    $sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
-    $row = mysqli_fetch_array($sql);
-    $category_name = sanitizeInput($row['category_name']);
+    $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
 
     // Assign Income category to Selected Invoices
     if (isset($_POST['invoice_ids'])) {
@@ -2180,16 +2159,15 @@ if (isset($_POST['bulk_edit_invoice_category'])) {
 
             mysqli_query($mysqli,"UPDATE invoices SET invoice_category_id = $category_id WHERE invoice_id = $invoice_id");
 
-            // Logging
             logAction("Invoice", "Edit", "$session_name assigned Invoice $invoice_prefix$invoice_number to category $category_name", $client_id, $invoice_id);
 
         } // End Assign Loop
 
-        // Logging
         logAction("Invoice", "Bulk Edit", "$session_name assigned $count invoices to category $category_name");
 
-        $_SESSION['alert_message'] = "Assigned income category <strong>$category_name</strong> to <strong>$count</strong> invoice(s)";
+        flash_alert("Assigned income category <strong>$category_name</strong> to <strong>$count</strong> invoice(s)");
     }
 
     redirect();
-}
\ No newline at end of file
+
+}
diff --git a/user/post/location.php b/user/post/location.php
index 06d07706..ef6eb552 100644
--- a/user/post/location.php
+++ b/user/post/location.php
@@ -12,7 +12,6 @@ if(isset($_POST['add_location'])){
 
     require_once 'location_model.php';
 
-
     if(!file_exists("../uploads/clients/$client_id")) {
         mkdir("../uploads/clients/$client_id");
     }
@@ -51,10 +50,9 @@ if(isset($_POST['add_location'])){
         }
     }
 
-    // Logging
     logAction("Location", "Create", "$session_name created location $name", $client_id, $location_id);
 
-    $_SESSION['alert_message'] = "Location <strong>$name</strong> created.";
+    flash_alert("Location <strong>$name</strong> created.");
 
     redirect();
 
@@ -66,7 +64,6 @@ if(isset($_POST['edit_location'])){
 
     require_once 'location_model.php';
 
-
     $location_id = intval($_POST['location_id']);
 
     // Get old location photo
@@ -74,7 +71,6 @@ if(isset($_POST['edit_location'])){
     $row = mysqli_fetch_array($sql);
     $existing_file_name = sanitizeInput($row['location_photo']);
 
-
     if(!file_exists("../uploads/clients/$client_id")) {
         mkdir("../uploads/clients/$client_id");
     }
@@ -116,10 +112,9 @@ if(isset($_POST['edit_location'])){
 
     }
 
-    // Logging
     logAction("Location", "Edit", "$session_name edited location $name", $client_id, $location_id);
 
-    $_SESSION['alert_message'] = "Location <strong>$name</strong> updated";
+    flash_alert("Location <strong>$name</strong> updated");
 
     redirect();
 
@@ -139,11 +134,9 @@ if(isset($_GET['archive_location'])){
 
     mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NOW() WHERE location_id = $location_id");
 
-    // Logging
     logAction("Location", "Archive", "$session_name archived location $location_name", $client_id, $location_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Location <strong>$location_name</strong> archived";
+    flash_alert("Location <strong>$location_name</strong> archived", 'error');
 
     redirect();
 
@@ -163,12 +156,12 @@ if(isset($_GET['unarchive_location'])){
 
     mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
 
-    // Logging
     logAction("Location", "Unarchive", "$session_name unarchived location $location_name", $client_id, $location_id);
 
-    $_SESSION['alert_message'] = "Location <strong>$location_name</strong> restored";
+    flash_alert("Location <strong>$location_name</strong> restored");
 
     redirect();
+
 }
 
 if(isset($_GET['delete_location'])){
@@ -185,12 +178,9 @@ if(isset($_GET['delete_location'])){
 
     mysqli_query($mysqli,"DELETE FROM locations WHERE location_id = $location_id");
 
-    // Logging
     logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
 
-
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Location <strong>$location_name</strong> deleted";
+    flash_alert("Location <strong>$location_name</strong> deleted", 'error');
 
     redirect();
 
@@ -232,15 +222,14 @@ if (isset($_POST['bulk_assign_location_tags'])) {
                 }
             }
 
-            // Logging
             logAction("Location", "Edit", "$session_name assigned tags to location $location_name", $client_id, $location_id);
 
         } // End Assign Location Loop
 
-        // Logging
         logAction("Location", "Bulk Edit", "$session_name assigned tags to $count location(s)", $client_id);
 
-        $_SESSION['alert_message'] = "Assigned tags for <strong>$count</strong> locations";
+        flash_alert("Assigned tags for <strong>$count</strong> locations");
+    
     }
 
     redirect();
@@ -248,6 +237,7 @@ if (isset($_POST['bulk_assign_location_tags'])) {
 }
 
 if (isset($_POST['bulk_archive_locations'])) {
+    
     enforceUserPermission('module_client', 2);
     validateCSRFToken($_POST['csrf_token']);
 
@@ -278,21 +268,22 @@ if (isset($_POST['bulk_archive_locations'])) {
 
         }
 
-        // Bulk Logging
         logAction("Location", "Bulk Archive", "$session_name archived $count location(s)");
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Archived <strong>$count</strong> location(s)";
+        flash_alert("Archived <strong>$count</strong> location(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_unarchive_locations'])) {
-    enforceUserPermission('module_client', 2);
+    
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_client', 2);   
+
     if (isset($_POST['location_ids'])) {
 
         // Get Selected Count
@@ -311,25 +302,26 @@ if (isset($_POST['bulk_unarchive_locations'])) {
 
             mysqli_query($mysqli,"UPDATE locations SET location_archived_at = NULL WHERE location_id = $location_id");
 
-            // Individual logging
             logAction("Location", "Unarchive", "$session_name unarchived location $location_name", $client_id, $location_id);
 
         }
 
-        // Bulk Logging
         logAction("Location", "Bulk Unarchive", "$session_name unarchived $count location(s)", $client_id);
 
-        $_SESSION['alert_message'] = "Unarchived <strong>$count</strong> location(s)";
+        flash_alert("Unarchived <strong>$count</strong> location(s)");
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_delete_locations'])) {
-    enforceUserPermission('module_client', 3);
+
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_client', 3);
+
     if (isset($_POST['location_ids'])) {
 
         // Get Selected Count
@@ -348,23 +340,22 @@ if (isset($_POST['bulk_delete_locations'])) {
 
             mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id");
             
-            // Logging
             logAction("Location", "Delete", "$session_name deleted location $location_name", $client_id);
 
         }
 
-        // Logging
         logAction("Location", "Bulk Delete", "$session_name deleted $count location(s)", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> location(s)";
+        flash_alert("Deleted <strong>$count</strong> location(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if(isset($_POST['export_locations_csv'])){
+    
     if (isset($_POST['client_id'])) {
         $client_id = intval($_POST['client_id']);
         $client_query = "AND location_client_id = $client_id";
@@ -406,7 +397,6 @@ if(isset($_POST['export_locations_csv'])){
         fpassthru($f);
     }
 
-    // Logging
     logAction("Location", "Export", "$session_name exported $num_rows location(s) to a CSV file", $client_id);
 
     exit;
@@ -423,10 +413,8 @@ if (isset($_POST["import_locations_csv"])) {
     if (!empty($_FILES["file"]["tmp_name"])) {
         $file_name = $_FILES["file"]["tmp_name"];
     } else {
-        $_SESSION['alert_message'] = "Please select a file to upload.";
-        $_SESSION['alert_type'] = "error";
+        flash_alert("Please select a file to upload.", 'error');
         redirect();
-        exit();
     }
 
     //Check file is CSV
@@ -434,13 +422,13 @@ if (isset($_POST["import_locations_csv"])) {
     $allowed_file_extensions = array('csv');
     if(in_array($file_extension,$allowed_file_extensions) === false){
         $error = true;
-        $_SESSION['alert_message'] = "Bad file extension";
+        flash_alert("Bad file extension", 'error');
     }
 
     //Check file isn't empty
     elseif($_FILES["file"]["size"] < 1){
         $error = true;
-        $_SESSION['alert_message'] = "Bad file size (empty?)";
+        flash_alert("Bad file size (empty?)", 'error');
     }
 
     //(Else)Check column count
@@ -448,7 +436,7 @@ if (isset($_POST["import_locations_csv"])) {
     $f_columns = fgetcsv($f, 1000, ",");
     if(!$error & count($f_columns) != 8) {
         $error = true;
-        $_SESSION['alert_message'] = "Bad column count.";
+        flash_alert("Bad column count.", 'error');
     }
 
     //Else, parse the file
@@ -498,17 +486,17 @@ if (isset($_POST["import_locations_csv"])) {
         }
         fclose($file);
 
-        // Logging
         logAction("Location", "Import", "$session_name imported $row_count location(s). $duplicate_count duplicate(s) found and not imported", $client_id);
 
-        $_SESSION['alert_message'] = "$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported";
+        flash_alert("$row_count Location(s) imported, $duplicate_count duplicate(s) detected and not imported");
+        
         redirect();
     }
     //Check for any errors, if there are notify user and redirect
     if($error) {
-        $_SESSION['alert_type'] = "warning";
         redirect();
     }
+    
 }
 
 if(isset($_GET['download_locations_csv_template'])){
diff --git a/user/post/network.php b/user/post/network.php
index 45e12493..a8128aa5 100644
--- a/user/post/network.php
+++ b/user/post/network.php
@@ -16,10 +16,9 @@ if (isset($_POST['add_network'])) {
 
     $network_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Network", "Create", "$session_name created network $name", $client_id, $network_id);
 
-    $_SESSION['alert_message'] = "Network <strong>$name</strong> created";
+    flash_alert("Network <strong>$name</strong> created");
 
     redirect();
 
@@ -34,10 +33,9 @@ if (isset($_POST['edit_network'])) {
 
     mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");
 
-    // Logging
     logAction("Network", "Edit", "$session_name edited network $name", $client_id, $network_id);
 
-    $_SESSION['alert_message'] = "Network <strong>$name</strong> updated";
+    flash_alert("Network <strong>$name</strong> updated");
 
     redirect();
 
@@ -57,11 +55,9 @@ if (isset($_GET['archive_network'])) {
 
     mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NOW() WHERE network_id = $network_id");
 
-    // Logging
     logAction("Network", "Archive", "$session_name archived network $network_name", $client_id, $network_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Network <strong>$network_name</strong> archived";
+    flash_alert("Network <strong>$network_name</strong> archived", 'error');
 
     redirect();
 
@@ -81,16 +77,16 @@ if (isset($_GET['unarchive_network'])) {
 
     mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NULL WHERE network_id = $network_id");
 
-    // logging
     logAction("Network", "Unarchive", "$session_name restored contact $contact_name", $client_id, $network_id);
 
-    $_SESSION['alert_message'] = "Network <strong>$network_name</strong> restored";
+    flash_alert("Network <strong>$network_name</strong> restored");
 
     redirect();
 
 }
 
 if (isset($_GET['delete_network'])) {
+    
     enforceUserPermission('module_support', 3);
 
     $network_id = intval($_GET['delete_network']);
@@ -103,19 +99,19 @@ if (isset($_GET['delete_network'])) {
 
     mysqli_query($mysqli,"DELETE FROM networks WHERE network_id = $network_id");
 
-    // Logging
     logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Network <strong>$network_name</strong> deleted";
+    flash_alert("Network <strong>$network_name</strong> deleted", 'error');
 
     redirect();
 
 }
 
 if (isset($_POST['bulk_delete_networks'])) {
-    enforceUserPermission('module_support', 3);
+
     validateCSRFToken($_POST['csrf_token']);
+    
+    enforceUserPermission('module_support', 3);
 
     if (isset($_POST['network_ids'])) {
 
@@ -135,20 +131,18 @@ if (isset($_POST['bulk_delete_networks'])) {
 
             mysqli_query($mysqli, "DELETE FROM networks WHERE network_id = $network_id AND network_client_id = $client_id");
             
-            // Logging
             logAction("Network", "Delete", "$session_name deleted network $network_name", $client_id);
 
         }
 
-        // Logging
         logAction("Network", "Bulk Delete", "$session_name deleted $count network(s)", $client_id);
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> network(s)";
+        flash_alert("Deleted <strong>$count</strong> network(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['export_networks_csv'])) {
@@ -179,7 +173,7 @@ if (isset($_POST['export_networks_csv'])) {
         fputcsv($f, $fields, $delimiter);
 
         //output each row of the data, format line as csv and write to file pointer
-        while($row = $sql->fetch_assoc()) {
+        while ($row = $sql->fetch_assoc()) {
             $lineData = array($row['network_name'], $row['network_description'], $row['network_vlan'], $row['network'], $row['network_subnet'], $row['network_gateway'], $row['network_primary_dns'], $row['network_secondary_dns'], $row['network_dhcp_range']);
             fputcsv($f, $lineData, $delimiter);
         }
@@ -195,7 +189,6 @@ if (isset($_POST['export_networks_csv'])) {
         fpassthru($f);
     }
 
-    // Logging
     logAction("Network", "Export", "$session_name deleted $num_rows network(s) to a CSV file", $client_id);
 
     exit;
diff --git a/user/post/product.php b/user/post/product.php
index 58d8aa84..5426b0dc 100644
--- a/user/post/product.php
+++ b/user/post/product.php
@@ -6,7 +6,6 @@
 
 defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
-// Products
 if (isset($_POST['add_product'])) {
 
     enforceUserPermission('module_sales', 2);
@@ -17,10 +16,9 @@ if (isset($_POST['add_product'])) {
 
     $product_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Product", "Create", "$session_name created product $name", 0, $product_id);
 
-    $_SESSION['alert_message'] = "Product <strong>$name</strong> created";
+    flash_alert("Product <strong>$name</strong> created");
 
     redirect();
 
@@ -36,10 +34,9 @@ if (isset($_POST['edit_product'])) {
 
     mysqli_query($mysqli,"UPDATE products SET product_name = '$name', product_description = '$description', product_price = '$price', product_tax_id = $tax, product_category_id = $category WHERE product_id = $product_id");
 
-    // Logging
     logAction("Product", "Edit", "$session_name edited product $name", 0, $product_id);
 
-    $_SESSION['alert_message'] = "Product <strong>$name</strong> edited";
+    flash_alert("Product <strong>$name</strong> edited");
 
     redirect();
 
@@ -51,18 +48,13 @@ if (isset($_GET['archive_product'])) {
 
     $product_id = intval($_GET['archive_product']);
 
-    // Get Contact Name and Client ID for logging and alert message
-    $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
-    $row = mysqli_fetch_array($sql);
-    $product_name = sanitizeInput($row['product_name']);
+    $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
     mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
 
-    // Logging
     logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Product <strong>$product_name</strong> archived";
+    flash_alert("Product <strong>$product_name</strong> archived", 'error');
 
     redirect();
 
@@ -74,17 +66,13 @@ if (isset($_GET['unarchive_product'])) {
 
     $product_id = intval($_GET['unarchive_product']);
 
-    // Get Contact Name and Client ID for logging and alert message
-    $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
-    $row = mysqli_fetch_array($sql);
-    $product_name = sanitizeInput($row['product_name']);
+    $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
     mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
 
-    // Logging
     logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
 
-    $_SESSION['alert_message'] = "Product <strong>$product_name</strong> restored";
+    flash_alert("Product <strong>$product_name</strong> restored");
 
     redirect();
 
@@ -97,17 +85,13 @@ if (isset($_GET['delete_product'])) {
     $product_id = intval($_GET['delete_product']);
 
     //Get Product Name
-    $sql = mysqli_query($mysqli,"SELECT * FROM products WHERE product_id = $product_id");
-    $row = mysqli_fetch_array($sql);
-    $product_name = sanitizeInput($row['product_name']);
+    $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
     mysqli_query($mysqli,"DELETE FROM products WHERE product_id = $product_id");
 
-    // Logging
     logAction("Product", "Delete", "$session_name deleted product $product_name");
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Product <strong>$product_name</strong> deleted";
+    flash_alert("Product <strong>$product_name</strong> deleted", 'error');
 
     redirect();
 
@@ -120,9 +104,7 @@ if (isset($_POST['bulk_edit_product_category'])) {
     $category_id = intval($_POST['bulk_category_id']);
 
     // Get Category name for logging and Notification
-    $sql = mysqli_query($mysqli,"SELECT category_name FROM categories WHERE category_id = $category_id");
-    $row = mysqli_fetch_array($sql);
-    $category_name = sanitizeInput($row['category_name']);
+    $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
 
     // Assign category to Selected Products
     if (isset($_POST['product_ids'])) {
@@ -134,32 +116,29 @@ if (isset($_POST['bulk_edit_product_category'])) {
             $product_id = intval($product_id);
 
             // Get Product Details for Logging
-            $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
-            $row = mysqli_fetch_array($sql);
-            $product_name = sanitizeInput($row['product_name']);
+            $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
             mysqli_query($mysqli,"UPDATE products SET product_category_id = $category_id WHERE product_id = $product_id");
 
-            //Logging
             logAction("Product", "Edit", "$session_name assigned product $product_name to category $category_name", 0, $product_id);
 
         } // End Assign Product Loop
 
-        //Logging
         logAction("Product", "Edit", "$session_name assigned category $category_name to $count product(s)");
 
-        $_SESSION['alert_message'] = "Assigned category <strong>$category_name</strong> to <strong>$count</strong> product(s)";
+        flash_alert("Assigned category <strong>$category_name</strong> to <strong>$count</strong> product(s)");
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_archive_products'])) {
     
-    enforceUserPermission('module_sales', 2);
-    
     validateCSRFToken($_POST['csrf_token']);
 
+    enforceUserPermission('module_sales', 2);
+
     if (isset($_POST['product_ids'])) {
 
         $count = count($_POST['product_ids']);
@@ -169,31 +148,28 @@ if (isset($_POST['bulk_archive_products'])) {
 
             $product_id = intval($product_id);
 
-            // Get Name and Client ID for logging and alert message
-            $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
-            $row = mysqli_fetch_array($sql);
-            $product_name = sanitizeInput($row['product_name']);
+            $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
             mysqli_query($mysqli,"UPDATE products SET product_archived_at = NOW() WHERE product_id = $product_id");
 
-            // Individual Contact logging
             logAction("Product", "Archive", "$session_name archived product $product_name", 0, $product_id);
         }
 
-        // Bulk Logging
         logAction("Product", "Bulk Archive", "$session_name archived $count product(s)");
 
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Archived <strong>$count</strong> product(s)";
+        flash_alert("Archived <strong>$count</strong> product(s)", 'error');
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_unarchive_products'])) {
-    enforceUserPermission('module_sales', 2);
+
     validateCSRFToken($_POST['csrf_token']);
+    
+    enforceUserPermission('module_sales', 2);
 
     if (isset($_POST['product_ids'])) {
 
@@ -204,31 +180,30 @@ if (isset($_POST['bulk_unarchive_products'])) {
 
             $product_id = intval($product_id);
 
-            // Get Name and Client ID for logging and alert message
-            $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
-            $row = mysqli_fetch_array($sql);
-            $product_name = sanitizeInput($row['product_name']);
+            $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
             mysqli_query($mysqli,"UPDATE products SET product_archived_at = NULL WHERE product_id = $product_id");
 
-            // Individual logging
             logAction("Product", "Unarchive", "$session_name unarchived product $product_name", 0, $product_id);
 
         }
 
-        // Bulk Logging
         logAction("Product", "Bulk Unarchive", "$session_name unarchived $count product(s)");
 
-        $_SESSION['alert_message'] = "Unarchived <strong>$count</strong> product(s)";
+        flash_alert("Unarchived <strong>$count</strong> product(s)");
 
     }
 
     redirect();
+
 }
 
 if (isset($_POST['bulk_delete_products'])) {
-    enforceUserPermission('module_sales', 3);
+
     validateCSRFToken($_POST['csrf_token']);
+    
+    enforceUserPermission('module_sales', 3);
+    
 
     if (isset($_POST['product_ids'])) {
 
@@ -236,30 +211,24 @@ if (isset($_POST['bulk_delete_products'])) {
 
         // Cycle through array and delete each record
         foreach ($_POST['product_ids'] as $product_id) {
-
             $product_id = intval($product_id);
 
-            // Get Name and Client ID for logging and alert message
-            $sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE product_id = $product_id");
-            $row = mysqli_fetch_array($sql);
-            $product_name = sanitizeInput($row['product_name']);
+            $product_name = sanitizeInput(getFieldById('products', $product_id, 'product_name'));
 
             mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id");
 
-            // Individual logging
             logAction("Product", "Delete", "$session_name deleted product $product_name");
 
         }
 
-        // Bulk logging
         logAction("Product", "Bulk Delete", "$session_name deleted $count product(s)");
 
-        $_SESSION['alert_message'] = "Deleted <strong>$count</strong> product(s)";
+        flash_alert("Deleted <strong>$count</strong> product(s)", 'error');
 
     }
 
     redirect();
-    exit();
+
 }
 
 if (isset($_POST['export_products_csv'])) {
@@ -302,7 +271,6 @@ if (isset($_POST['export_products_csv'])) {
         fpassthru($f);
     }
 
-    //Logging
     logAction("Product", "Export", "$session_name exported $num_rows product(s) to a CSV file");
 
     exit;
diff --git a/user/post/profile.php b/user/post/profile.php
index 758875de..e23f66b1 100644
--- a/user/post/profile.php
+++ b/user/post/profile.php
@@ -8,16 +8,13 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_POST['edit_your_user_details'])) {
 
-    // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
     $name = sanitizeInput($_POST['name']);
     $email = sanitizeInput($_POST['email']);
     $signature = sanitizeInput($_POST['signature']);
 
-    $sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $session_user_id");
-    $row = mysqli_fetch_array($sql);
-    $existing_file_name = sanitizeInput($row['user_avatar']);
+    $existing_file_name = sanitizeInput(getFieldById('users', $session_user_id, 'user_avatar'));
 
     $logout = false;
     $extended_log_description = '';
@@ -78,40 +75,40 @@ if (isset($_POST['edit_your_user_details'])) {
 
     mysqli_query($mysqli,"UPDATE user_settings SET user_config_signature = '$signature' WHERE user_id = $session_user_id");
 
-    //Logging
     logAction("User Account", "Edit", "$session_name edited their account $extended_log_description");
 
-    $_SESSION['alert_message'] = "User details updated";
+    flash_alert("User details updated");
 
     if ($logout) {
-        header('Location: post.php?logout');
-    }
-    else{
+        redirect('post.php?logout');
+    } else {
         redirect();
     }
+
 }
 
 if (isset($_GET['clear_your_user_avatar'])) {
+    
     validateCSRFToken($_GET['csrf_token']);
 
     mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
 
     logAction("User Account", "Edit", "$session_name cleared their avatar");
 
-    $_SESSION['alert_message'] = "Avatar cleared";
+    flash_alert("Avatar cleared", 'error');
+    
     redirect();
+
 }
 
 if (isset($_POST['edit_your_user_password'])) {
 
-    // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
     $new_password = trim($_POST['new_password']);
 
     if (empty($new_password)) {
-        header('Location: user_security.php');
-        exit;
+        redirect('user_security.php');
     }
 
     // Email notification when password or email is changed
@@ -148,17 +145,15 @@ if (isset($_POST['edit_your_user_password'])) {
     $user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
     mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
 
-    // Logging
     logAction("User Account", "Edit", "$session_name changed their password");
 
-    $_SESSION['alert_message'] = "Your password was updated";
+    flash_alert("Your password was updated");
 
-    header('Location: post.php?logout');
+    redirect('post.php?logout');
 }
 
 if (isset($_POST['edit_your_user_preferences'])) {
 
-    // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
     $calendar_first_day = intval($_POST['calendar_first_day']);
@@ -185,12 +180,12 @@ if (isset($_POST['edit_your_user_preferences'])) {
         $extended_log_description .= "disabled browser extension access";
     }
 
-    // Logging
     logAction("User Account", "Edit", "$session_name $extended_log_description");
 
-    $_SESSION['alert_message'] = "User preferences updated";
+    flash_alert("User preferences updated");
 
     redirect();
+
 }
 
 if (isset($_POST['enable_mfa'])) {
@@ -218,10 +213,9 @@ if (isset($_POST['enable_mfa'])) {
         // Delete any existing MFA tokens - these browsers should be re-validated
         mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
 
-        // Logging
         logAction("User Account", "Edit", "$session_name enabled MFA on their account");
 
-        $_SESSION['alert_message'] = "Multi-Factor authentication enabled";
+        flash_alert("Multi-Factor authentication enabled");
 
         // Clear the mfa_token from the session to avoid re-use.
         unset($_SESSION['mfa_token']);
@@ -231,15 +225,14 @@ if (isset($_POST['enable_mfa'])) {
             $previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
             if ($previousPage === 'mfa_enforcement.php') {
                 // Redirect back to mfa_enforcement.php
-                header("Location: $config_start_page");
-                exit;
+                redirect("$config_start_page");
+                
             }
         }    
 
     } else {
         // FAILURE
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Verification code invalid, please try again.";
+        flash_alert("Verification code invalid, please try again.", 'error');
 
         // Set a flag to automatically open the MFA modal again
         $_SESSION['show_mfa_modal'] = true;
@@ -249,29 +242,22 @@ if (isset($_POST['enable_mfa'])) {
             $previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
             if ($previousPage === 'mfa_enforcement.php') {
                 // Redirect back to mfa_enforcement.php
-                header("Location: " . $_SERVER['HTTP_REFERER']);
-                exit;
+                redirect();
             }
         }    
     }
 
-
-
-    header("Location: user_security.php");
-    exit;
+    redirect("user_security.php");
 
 }
 
 if (isset($_GET['disable_mfa'])){
 
     if ($session_user_config_force_mfa) {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Multi-Factor authentication cannot be disabled for your account";
+        flash_alert("Multi-Factor authentication cannot be disabled for your account", 'error');
         redirect();
-        exit();
     }
 
-    // CSRF Check
     validateCSRFToken($_GET['csrf_token']);
 
     mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
@@ -302,11 +288,9 @@ if (isset($_GET['disable_mfa'])){
         $mail = addToMailQueue($data);
     }
 
-    // Logging
     logAction("User Account", "Edit", "$session_name disabled MFA on their account");
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Multi-Factor authentication disabled";
+    flash_alert("Multi-Factor authentication disabled", 'error');
 
     redirect();
 
@@ -314,17 +298,14 @@ if (isset($_GET['disable_mfa'])){
 
 if (isset($_POST['revoke_your_2fa_remember_tokens'])) {
 
-    // CSRF
     validateCSRFToken($_POST['csrf_token']);
 
     // Delete tokens
     mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
 
-    //Logging
     logAction("User Account", "Edit", "$session_name revoked all their remember-me tokens");
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Remember me tokens revoked";
+    flash_alert("Remember me tokens revoked", 'error');
 
     redirect();
 
diff --git a/user/post/project.php b/user/post/project.php
index 0bddd472..c1c529e5 100644
--- a/user/post/project.php
+++ b/user/post/project.php
@@ -70,12 +70,12 @@ if (isset($_POST['add_project'])) {
         } // End Ticket Loop
     } // End If Project Template
 
-    // Logging
     logAction("Project", "Create", "$session_name created project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_message'] = "You created Project <strong>$project_name</strong>";
+    flash_alert("You created Project <strong>$project_name</strong>");
 
     redirect();
+
 }
 
 if (isset($_POST['edit_project'])) {
@@ -91,12 +91,12 @@ if (isset($_POST['edit_project'])) {
 
     mysqli_query($mysqli, "UPDATE projects SET project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id WHERE project_id = $project_id");
 
-    // Logging
     logAction("Project", "Edit", "$session_name edited project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_message'] = "Project <strong>$project_name</strong> edited";
+    flash_alert("Project <strong>$project_name</strong> edited");
 
     redirect();
+
 }
 
 if (isset($_GET['close_project'])) {
@@ -113,12 +113,12 @@ if (isset($_GET['close_project'])) {
 
     mysqli_query($mysqli, "UPDATE projects SET project_completed_at = NOW() WHERE project_id = $project_id");
 
-    // Logging
     logAction("Project", "Close", "$session_name closed project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_message'] = "Project <strong>$project_name</strong> closed";
+    flash_alert("Project <strong>$project_name</strong> closed");
 
     redirect();
+
 }
 
 if (isset($_GET['archive_project'])) {
@@ -135,13 +135,12 @@ if (isset($_GET['archive_project'])) {
 
     mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id");
 
-    // Logging
     logAction("Project", "Archive", "$session_name archived project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Project <strong>$project_name</strong> archived";
+    flash_alert("Project <strong>$project_name</strong> archived", 'error');
 
     redirect();
+
 }
 
 if (isset($_GET['unarchive_project'])) {
@@ -158,21 +157,20 @@ if (isset($_GET['unarchive_project'])) {
 
     mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id");
 
-    // Logging
     logAction("Project", "Unarchive", "$session_name unarchived project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_message'] = "Project <strong>$project_name</strong> unarchived";
+    flash_alert("Project <strong>$project_name</strong> unarchived");
 
     redirect();
+
 }
 
 if (isset($_GET['delete_project'])) {
 
-    enforceUserPermission('module_support', 3);
-
-    // CSRF Check
     validateCSRFToken($_GET['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+
     $project_id = intval($_GET['delete_project']);
 
     // Get Project Name and Client ID for logging
@@ -183,18 +181,18 @@ if (isset($_GET['delete_project'])) {
 
     mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id");
 
-    // Logging
     logAction("Project", "Delete", "$session_name deleted project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Project <strong>$project_name</strong> Deleted";
+    flash_alert("Project <strong>$project_name</strong> Deleted", 'error');
 
     redirect();
+
 }
 
 if (isset($_POST['link_ticket_to_project'])) {
 
     enforceUserPermission('module_support', 2);
+
     $project_id = intval($_POST['project_id']);
 
     // Get Project Name and Client ID for logging
@@ -221,23 +219,23 @@ if (isset($_POST['link_ticket_to_project'])) {
 
             mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
 
-            // Logging
             logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
 
         }
 
-        // Bulk Logging
         logAction("Project", "Bulk Edit", "$session_name added $count ticket(s) to project $project_name", $client_id, $project_id);
 
-        $_SESSION['alert_message'] = "<strong>$count</strong> Ticket(s) added to <strong>$project_name</strong>";
+        flash_alert("<strong>$count</strong> Ticket(s) added to <strong>$project_name</strong>");
     }
 
     redirect();
+
 }
 
 if (isset($_POST['link_closed_ticket_to_project'])) {
 
     enforceUserPermission('module_support', 2);
+
     $project_id = intval($_POST['project_id']);
     $ticket_number = intval($_POST['ticket_number']);
 
@@ -250,9 +248,8 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
     // Get ticket details
     $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_prefix, ticket_number, ticket_subject, ticket_updated_at FROM tickets WHERE ticket_number = $ticket_number");
     if (mysqli_num_rows($sql) == 0) {
-        $_SESSION['alert_message'] = "Cannot merge into that ticket.";
+        flash_alert("Cannot merge into that ticket.", 'error');
         redirect();
-        exit();
     }
     $row = mysqli_fetch_array($sql);
     $ticket_id = intval($row['ticket_id']);
@@ -263,9 +260,10 @@ if (isset($_POST['link_closed_ticket_to_project'])) {
 
     mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id, ticket_updated_at = '$ticket_updated' WHERE ticket_id = $ticket_id");
 
-    // Logging
     logAction("Project", "Edit", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $project_id);
 
-    $_SESSION['alert_message'] = "Ticket added to <strong>$project_name</strong>";
+    flash_alert("Ticket added to <strong>$project_name</strong>");
+    
     redirect();
-}
\ No newline at end of file
+
+}
diff --git a/user/post/quote.php b/user/post/quote.php
index 534dfb91..fb566ac4 100644
--- a/user/post/quote.php
+++ b/user/post/quote.php
@@ -28,14 +28,13 @@ if (isset($_POST['add_quote'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Quote created!', history_quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Create", "$session_name created quote $config_quote_prefix$quote_number", $client_id, $quote_id);
 
     customAction('quote_create', $quote_id);
 
-    $_SESSION['alert_message'] = "Quote <strong>$config_quote_prefix$quote_number</strong> created";
+    flash_alert("Quote <strong>$config_quote_prefix$quote_number</strong> created");
 
-    header("Location: quote.php?quote_id=$quote_id");
+    redirect("quote.php?quote_id=$quote_id");
 
 }
 
@@ -91,14 +90,13 @@ if (isset($_POST['add_quote_copy'])) {
         mysqli_query($mysqli,"INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $item_quantity, item_price = $item_price, item_subtotal = $item_subtotal, item_tax = $item_tax, item_total = $item_total, item_order = $item_order, item_tax_id = $tax_id, item_quote_id = $new_quote_id");
     }
 
-    // Logging
     logAction("Quote", "Create", "$session_name created quote $config_quote_prefix$quote_number from quote $original_quote_prefix$original_quote_number", $client_id, $new_quote_id);
 
     customAction('quote_create', $new_quote_id);
 
-    $_SESSION['alert_message'] = "Quote copied";
+    flash_alert("Quote copied");
 
-    header("Location: quote.php?quote_id=$new_quote_id");
+    redirect("quote.php?quote_id=$new_quote_id");
 
 }
 
@@ -155,16 +153,16 @@ if (isset($_POST['add_quote_to_invoice'])) {
     }
 
     mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Invoiced' WHERE quote_id = $quote_id");
+    
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote invoiced as $config_invoice_prefix$invoice_number', history_quote_id = $quote_id");
 
-    // Logging
     logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from quote $config_quote_prefix$quote_number", $client_id, $new_invoice_id);
 
     customAction('invoice_create', $new_invoice_id);
 
-    $_SESSION['alert_message'] = "Invoice created from quote <strong>$quote_prefix$quote_number</strong>";
+    flash_alert("Invoice created from quote <strong>$quote_prefix$quote_number</strong>");
 
-    header("Location: invoice.php?invoice_id=$new_invoice_id");
+    redirect("invoice.php?invoice_id=$new_invoice_id");
 
 }
 
@@ -214,10 +212,9 @@ if (isset($_POST['add_quote_item'])) {
 
     mysqli_query($mysqli,"UPDATE quotes SET quote_amount = $new_quote_amount WHERE quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Edit", "$session_name added item $name to quote $quote_prefix$quote_number", $client_id, $quote_id);
 
-    $_SESSION['alert_message'] = "Item <strong>$name</strong> added";
+    flash_alert("Item <strong>$name</strong> added");
 
     redirect();
 
@@ -239,10 +236,9 @@ if (isset($_POST['quote_note'])) {
 
     mysqli_query($mysqli,"UPDATE quotes SET quote_note = '$note' WHERE quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Edit", "$session_name added notes to quote $quote_prefix$quote_number", $client_id, $quote_id);
 
-    $_SESSION['alert_message'] = "Notes added";
+    flash_alert("Notes added");
 
     redirect();
 
@@ -274,10 +270,9 @@ if (isset($_POST['edit_quote'])) {
 
     mysqli_query($mysqli,"UPDATE quotes SET quote_scope = '$scope', quote_date = '$date', quote_expire = '$expire', quote_discount_amount = '$quote_discount', quote_amount = '$quote_amount', quote_category_id = $category WHERE quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Edit", "$session_name edited quote $quote_prefix$quote_number", $client_id, $quote_id);
 
-    $_SESSION['alert_message'] = "Quote edited";
+    flash_alert("Quote edited");
 
     redirect();
 
@@ -312,17 +307,15 @@ if (isset($_GET['delete_quote'])) {
         mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id");
     }
 
-    // Logging
     logAction("Quote", "Delete", "$session_name deleted quote $quote_prefix$quote_number", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Quote <strong>$quote_prefix$quote_number</strong> deleted";
+    flash_alert("Quote <strong>$quote_prefix$quote_number</strong> deleted", 'error');
 
     if (isset($_GET['client_id'])) {
         $client_id = intval($_GET['client_id']);
-        header("Location: client_quotes.php?client_id=$client_id");
+        redirect("client_quotes.php?client_id=$client_id");
     } else {
-        header("Location: quotes.php");
+        redirect("quotes.php");
     }
 
 }
@@ -353,11 +346,9 @@ if (isset($_GET['delete_quote_item'])) {
 
     mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id");
 
-    // Logging
     logAction("Quote", "Edit", "$session_name removed item $item_name from $quote_prefix$quote_number", $client_id, $quote_id);
 
-    $_SESSION['alert_type'] = "error"; 
-    $_SESSION['alert_message'] = "Item <strong>$item_name</strong> removed";
+    flash_alert("Item <strong>$item_name</strong> removed", 'error');
 
     redirect();
 
@@ -379,10 +370,9 @@ if (isset($_GET['mark_quote_sent'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Quote marked sent', history_quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Sent", "$session_name marked quote $quote_prefix$quote_number as sent", $client_id, $quote_id);
 
-    $_SESSION['alert_message'] = "Quote marked sent";
+    flash_alert("Quote marked sent");
 
     redirect();
 
@@ -404,12 +394,11 @@ if (isset($_GET['accept_quote'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Accepted', history_description = 'Quote accepted by $session_name', history_quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Edit", "$session_name marked quote $quote_prefix$quote_number as accepted", $client_id, $quote_id);
 
     customAction('quote_accept', $quote_id);
 
-    $_SESSION['alert_message'] = "Quote accepted";
+    flash_alert("Quote accepted");
 
     redirect();
 
@@ -433,11 +422,9 @@ if (isset($_GET['decline_quote'])) {
 
     customAction('quote_decline', $quote_id);
 
-    // Logging
     logAction("Quote", "Edit", "$session_name marked quote $quote_prefix$quote_number as declined", $client_id, $quote_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Quote declined";
+    flash_alert("Quote declined", 'error');
 
     redirect();
 
@@ -508,10 +495,9 @@ if (isset($_GET['email_quote'])) {
     // Update History
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Quote', history_quote_id = $quote_id");
     
-    // Logging
     logAction("Quote", "Email", "$session_name emailed quote $quote_prefix$quote_number to $contact_email", $client_id, $quote_id);
 
-    $_SESSION['alert_message'] = "Quote has been queued successfully! <a class='text-bold text-light' href='admin_mail_queue.php'>See Mail Queue</a>";
+    flash_alert("Quote has been queued successfully! <a class='text-bold text-light' href='admin_mail_queue.php'>See Mail Queue</a>");
 
     //Don't change the status to sent if the status is anything but draft
     if ($quote_status == 'Draft') {
@@ -538,10 +524,9 @@ if (isset($_GET['mark_quote_invoiced'])) {
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Invoiced', history_description = 'Quote marked as invoiced', history_quote_id = $quote_id");
 
-    // Logging
     logAction("Quote", "Sent", "$session_name marked quote $quote_prefix$quote_number as invoiced", $client_id, $quote_id);
 
-    $_SESSION['alert_message'] = "Quote marked invoiced";
+    flash_alert("Quote marked invoiced");
 
     redirect();
 
@@ -591,15 +576,12 @@ if(isset($_POST['export_quotes_csv'])){
         fpassthru($f);
     }
     
-    // Logging
     logAction("Quote", "Export", "$session_name exported $num_rows quote(s) to a CSV file");
 
-    $_SESSION['alert_message'] = "Exported <strong>$num_rows</strong> quote(s)";
+    flash_alert("Exported <strong>$num_rows</strong> quote(s)");
 
     redirect();
 
-    exit;
-
 }
 
 if (isset($_GET['export_quote_pdf'])) {
@@ -805,6 +787,7 @@ if (isset($_GET['export_quote_pdf'])) {
 
     $filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$quote_date}_{$company_name}_{$client_name}_Quote_{$quote_prefix}{$quote_number}");
     $pdf->Output("$filename.pdf", 'I');
+    
     exit;
 
 }
diff --git a/user/post/rack.php b/user/post/rack.php
index b0fecbf9..524a32ce 100644
--- a/user/post/rack.php
+++ b/user/post/rack.php
@@ -41,10 +41,9 @@ if (isset($_POST['add_rack'])) {
         mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id");
     }
 
-    // Logging
     logAction("Rack", "Create", "$session_name created rack $name", $client_id, $rack_id);
 
-    $_SESSION['alert_message'] = "Rack <strong>$name</strong> created";
+    flash_alert("Rack <strong>$name</strong> created");
 
     redirect();
 
@@ -84,10 +83,9 @@ if (isset($_POST['edit_rack'])) {
         mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id");
     }
 
-    // Logging
     logAction("Rack", "Edit", "$session_name edited rack $name", $client_id, $rack_id);
 
-    $_SESSION['alert_message'] = "Rack <strong>$name</strong> edited";
+    flash_alert("Rack <strong>$name</strong> edited");
 
     redirect();
 
@@ -107,11 +105,9 @@ if (isset($_GET['archive_rack'])) {
 
     mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NOW() WHERE rack_id = $rack_id");
 
-    // Logging
     logAction("Rack", "Archive", "$session_name archived rack $rack_name", $client_id, $rack_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Rack <strong>$rack_name</strong> archived";
+    flash_alert("Rack <strong>$rack_name</strong> archived", 'error');
 
     redirect();
 
@@ -131,10 +127,9 @@ if (isset($_GET['unarchive_rack'])) {
 
     mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NULL WHERE rack_id = $rack_id");
 
-    // Logging
     logAction("Rack", "Unarchive", "$session_name unarchived rack $rack_name", $client_id, $rack_id);
 
-    $_SESSION['alert_message'] = "Rack <strong>$rack_name</strong> Unarchived";
+    flash_alert("Rack <strong>$rack_name</strong> Unarchived");
 
     redirect();
 
@@ -160,11 +155,9 @@ if (isset($_GET['delete_rack'])) {
         unlink("../uploads/clients/$client_id/$rack_photo");
     }
 
-    // Logging
     logAction("Rack", "Delete", "$session_name deleted rack $rack_name", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Rack <strong>$rack_name</strong> deleted";
+    flash_alert("Rack <strong>$rack_name</strong> deleted", 'error');
 
     redirect();
 
@@ -189,21 +182,17 @@ if (isset($_POST['add_rack_unit'])) {
 
     // **New Validation Check**
     if ($unit_start > $unit_end) {
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Unit Start number cannot be higher than Unit End number.";
+        flash_alert("Unit Start number cannot be higher than Unit End number.", 'error');
         redirect();
-        exit();
     }
 
     // Check if the unit range is already occupied
     $check_sql = mysqli_query($mysqli, "SELECT * FROM rack_units WHERE unit_rack_id = $rack_id AND unit_start_number <= $unit_end AND unit_end_number >= $unit_start");
 
     if (mysqli_num_rows($check_sql) > 0) {
-        // If there is an overlap, return an error message
-        $_SESSION['alert_type'] = "error";
-        $_SESSION['alert_message'] = "Units $unit_start to $unit_end are already in use by another device.";
+        // If there is an overlap, return an error message;
+        flash_alert("Units $unit_start to $unit_end are already in use by another device.", 'error');
         redirect();
-        exit();
     }
 
     // If no overlap and validation passes, proceed with the insertion
@@ -211,12 +200,12 @@ if (isset($_POST['add_rack_unit'])) {
 
     $unit_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Rack", "Edit", "$session_name added device $name to units $unit_start - $unit_end in rack $rack_name", $client_id, $rack_id);
 
-    $_SESSION['alert_message'] = "Device <strong>$name</strong> added to units $unit_start - $unit_end in rack.";
+    flash_alert("Device <strong>$name</strong> added to units $unit_start - $unit_end in rack.");
 
     redirect();
+
 }
 
 if (isset($_POST['edit_rack_unit'])) {
@@ -239,10 +228,9 @@ if (isset($_POST['edit_rack_unit'])) {
 
     mysqli_query($mysqli,"UPDATE rack_units SET unit_device = '$name', unit_asset_id = $asset, unit_start_number = $unit_start, unit_end_number = $unit_end WHERE unit_id = $unit_id");
 
-    // Logging
     logAction("Rack", "Edit", "$session_name edited device $name in rack $rack_name", $client_id, $rack_id);
 
-    $_SESSION['alert_message'] = "Device $name edited on the rack";
+    flash_alert("Device $name edited on the rack");
 
     redirect();
 
@@ -264,12 +252,10 @@ if (isset($_GET['remove_rack_unit'])) {
 
     mysqli_query($mysqli,"DELETE FROM rack_units WHERE unit_id = $unit_id");
 
-    // Logging
     logAction("Rack", "Edit", "$session_name removed device $device_name from rack $rack_name", $client_id, $rack_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Device <strong>$device_name</strong> removed from rack";
+    flash_alert("Device <strong>$device_name</strong> removed from rack", 'error');
 
     redirect();
 
-}
\ No newline at end of file
+}
diff --git a/user/post/revenue.php b/user/post/revenue.php
index 363bc727..1d2d66fc 100644
--- a/user/post/revenue.php
+++ b/user/post/revenue.php
@@ -22,10 +22,9 @@ if (isset($_POST['add_revenue'])) {
 
     $revenue_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Revenue", "Create", "$session_name added revenue $description", 0, $revenue_id);
 
-    $_SESSION['alert_message'] = "Revenue added";
+    flash_alert("Revenue added");
 
     redirect();
 
@@ -46,10 +45,9 @@ if (isset($_POST['edit_revenue'])) {
 
     mysqli_query($mysqli,"UPDATE revenues SET revenue_date = '$date', revenue_amount = $amount, revenue_payment_method = '$payment_method', revenue_reference = '$reference', revenue_description = '$description', revenue_category_id = $category, revenue_account_id = $account WHERE revenue_id = $revenue_id");
 
-    // Logging
     logAction("Revenue", "Edit", "$session_name edited revenue $description", 0, $revenue_id);
 
-    $_SESSION['alert_message'] = "Revenue edited";
+    flash_alert("Revenue edited");
 
     redirect();
 
@@ -62,17 +60,13 @@ if (isset($_GET['delete_revenue'])) {
     $revenue_id = intval($_GET['delete_revenue']);
 
     // Get Revenue Details
-    $sql = mysqli_query($mysqli,"SELECT revenue_description FROM revenues WHERE revenue_id = $revenue_id");
-    $row = mysqli_fetch_array($sql);
-    $revenue_description = sanitizeInput($row['revenue_description']);
+    $revenue_description = sanitizeInput(getFieldById('revenues', $revenue_id, 'revenue_description'));
 
     mysqli_query($mysqli,"DELETE FROM revenues WHERE revenue_id = $revenue_id");
 
-    // Logging
     logAction("Revenue", "Delete", "$session_name deleted revenue $revenue_description");
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Revenue removed";
+    flash_alert("Revenue removed", 'error');
 
     redirect();
 
diff --git a/user/post/service.php b/user/post/service.php
index 9a1a1aa7..f9371df1 100644
--- a/user/post/service.php
+++ b/user/post/service.php
@@ -74,10 +74,9 @@ if (isset($_POST['add_service'])) {
         }
     }
 
-    // Logging
     logAction("Service", "Create", "$session_name created service $service_name", $client_id, $service_id);
 
-    $_SESSION['alert_message'] = "Service <strong>$service_name</strong> created";
+    flash_alert("Service <strong>$service_name</strong> created");
     
     redirect();
 
@@ -158,10 +157,9 @@ if (isset($_POST['edit_service'])) {
         }
     }
 
-    // Logging
     logAction("Service", "Edit", "$session_name edited service $service_name", $client_id, $service_id);
 
-    $_SESSION['alert_message'] = "Service <strong>$service_name</strong> edited";
+    flash_alert("Service <strong>$service_name</strong> edited");
     
     redirect();
 
@@ -169,9 +167,10 @@ if (isset($_POST['edit_service'])) {
 
 if (isset($_GET['delete_service'])) {
 
-    enforceUserPermission('module_support', 3);
     validateCSRFToken($_GET['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+    
     $service_id = intval($_GET['delete_service']);
 
     // Get Service Details
@@ -183,11 +182,9 @@ if (isset($_GET['delete_service'])) {
     // Delete service
     mysqli_query($mysqli, "DELETE FROM services WHERE service_id = $service_id");
 
-    // Logging
     logAction("Service", "Delete", "$session_name deleted service $service_name", $client_id);
-
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Service <strong>$service_name</strong> deleted";
+    
+    flash_alert("Service <strong>$service_name</strong> deleted", 'error');
     
     redirect();
 
diff --git a/user/post/software.php b/user/post/software.php
index 40f67af0..8d9d42e8 100644
--- a/user/post/software.php
+++ b/user/post/software.php
@@ -30,10 +30,9 @@ if (isset($_POST['add_software_from_template'])) {
 
     $software_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Software", "Create", "$session_name created software $name using template", $client_id, $software_id);
 
-    $_SESSION['alert_message'] = "Software <strong>$name</strong> created from template";
+    flash_alert("Software <strong>$name</strong> created from template");
 
     redirect();
 
@@ -90,10 +89,9 @@ if (isset($_POST['add_software'])) {
         }
     }
 
-    // Logging
     logAction("Software", "Create", "$session_name created software $name", $client_id, $software_id);
 
-    $_SESSION['alert_message'] = "Software <strong>$name</strong> created $alert_extended";
+    flash_alert("Software <strong>$name</strong> created $alert_extended");
 
     redirect();
 
@@ -150,10 +148,9 @@ if (isset($_POST['edit_software'])) {
         }
     }
 
-    // Logging
     logAction("Software", "Edit", "$session_name edited software $name", $client_id, $software_id);
 
-    $_SESSION['alert_message'] = "Software <strong>$name</strong> updated";
+    flash_alert("Software <strong>$name</strong> updated");
 
     redirect();
 
@@ -177,11 +174,9 @@ if (isset($_GET['archive_software'])) {
     mysqli_query($mysqli,"DELETE FROM software_contacts WHERE software_id = $software_id");
     mysqli_query($mysqli,"DELETE FROM software_assets WHERE software_id = $software_id");
 
-    // Logging
     logAction("Software", "Archive", "$session_name archived software $software_name and removed all device/user license associations", $client_id, $software_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Software <strong>$software_name</strong> archived and removed all device/user license associations";
+    flash_alert("Software <strong>$software_name</strong> archived and removed all device/user license associations", 'error');
 
     redirect();
 
@@ -201,11 +196,9 @@ if (isset($_GET['delete_software'])) {
 
     mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id");
 
-    //Logging
     logAction("Software", "Delete", "$session_name deleted software $software_name and removed all device/user license associations", $client_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Software <strong>$software_name</strong> deleted and removed all device/user license associations";
+    flash_alert("Software <strong>$software_name</strong> deleted and removed all device/user license associations", 'error');
 
     redirect();
 
@@ -246,10 +239,11 @@ if (isset($_POST['export_client_software_csv'])) {
             // Asset licenses
             $assigned_to_assets = '';
             $asset_licenses_sql = mysqli_query($mysqli,"SELECT software_assets.asset_id, assets.asset_name 
-                                                    FROM software_assets
-                                                    LEFT JOIN assets
-                                                        ON software_assets.asset_id = assets.asset_id
-                                                    WHERE software_id = $row[software_id]");
+                FROM software_assets
+                LEFT JOIN assets
+                    ON software_assets.asset_id = assets.asset_id
+                WHERE software_id = $row[software_id]"
+            );
             while($asset_row = mysqli_fetch_array($asset_licenses_sql)) {
                 $assigned_to_assets .= $asset_row['asset_name'] . ", ";
             }
@@ -257,10 +251,12 @@ if (isset($_POST['export_client_software_csv'])) {
             // Contact Licenses
             $assigned_to_contacts = '';
             $contact_licenses_sql = mysqli_query($mysqli,"SELECT software_contacts.contact_id, contacts.contact_name
-                                                      FROM software_contacts
-                                                      LEFT JOIN contacts
-                                                          ON software_contacts.contact_id = contacts.contact_id
-                                                      WHERE software_id = $row[software_id]");
+                FROM software_contacts
+                LEFT JOIN contacts
+                  ON software_contacts.contact_id = contacts.contact_id
+                WHERE software_id = $row[software_id]"
+            );
+            
             while($contact_row = mysqli_fetch_array($contact_licenses_sql)) {
                 $assigned_to_contacts .= $contact_row['contact_name'] . ", ";
             }
@@ -279,8 +275,7 @@ if (isset($_POST['export_client_software_csv'])) {
         //output all remaining data on a file pointer
         fpassthru($f);
     }
-
-    //Logging
+    
     logAction("Software", "Export", "$session_name exported $num_rows software(s) $software_name to a CSV file", $client_id);
 
     exit;
diff --git a/user/post/tag.php b/user/post/tag.php
index abce81ea..4e466ba4 100644
--- a/user/post/tag.php
+++ b/user/post/tag.php
@@ -14,10 +14,9 @@ if (isset($_POST['add_tag'])) {
 
     $tag_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Tag", "Create", "$session_name created tag $name", 0, $tag_id);
 
-    $_SESSION['alert_message'] = "Tag <strong>$name</strong> created";
+    flash_alert("Tag <strong>$name</strong> created");
 
     redirect();
 
diff --git a/user/post/task.php b/user/post/task.php
index 6e72081d..044d9a00 100644
--- a/user/post/task.php
+++ b/user/post/task.php
@@ -14,20 +14,18 @@ if (isset($_POST['add_task'])) {
     $task_name = sanitizeInput($_POST['name']);
 
     // Get Client ID from tickets using the ticket_id
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
-    $row = mysqli_fetch_array($sql);
-    $client_id = intval($row['ticket_client_id']);
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
     
     mysqli_query($mysqli, "INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
 
     $task_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Task", "Create", "$session_name created task $task_name", $client_id, $task_id);
 
-    $_SESSION['alert_message'] = "You created Task <strong>$task_name</strong>";
+    flash_alert("You created Task <strong>$task_name</strong>");
 
     redirect();
+
 }
 
 if (isset($_POST['edit_ticket_task'])) {
@@ -43,14 +41,15 @@ if (isset($_POST['edit_ticket_task'])) {
     $sql = mysqli_query($mysqli, "SELECT * FROM tasks LEFT JOIN tickets ON ticket_id = task_ticket_id WHERE task_id = $task_id");
     $row = mysqli_fetch_array($sql);
     $client_id = intval($row['ticket_client_id']);
+    
     mysqli_query($mysqli, "UPDATE tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate WHERE task_id = $task_id");
 
-    // Logging
     logAction("Task", "Edit", "$session_name edited task $task_name", $client_id, $task_id);
 
-    $_SESSION['alert_message'] = "Task <strong>$task_name</strong> edited";
+    flash_alert("Task <strong>$task_name</strong> edited");
 
     redirect();
+
 }
 
 if (isset($_POST['edit_ticket_template_task'])) {
@@ -64,22 +63,20 @@ if (isset($_POST['edit_ticket_template_task'])) {
 
     mysqli_query($mysqli, "UPDATE task_templates SET task_template_name = '$task_name', task_template_order = $task_order, task_template_completion_estimate = $task_completion_estimate WHERE task_template_id = $task_template_id");
 
-    // Logging
     logAction("Task", "Edit", "$session_name edited task $task_name", 0, $task_template_id);
 
-    $_SESSION['alert_message'] = "Task <strong>$task_name</strong> edited";
+    flash_alert("Task <strong>$task_name</strong> edited");
 
     redirect();
-}
 
+}
 
 if (isset($_GET['delete_task'])) {
 
-    enforceUserPermission('module_support', 3);
-
-    // CSRF Check
     validateCSRFToken($_GET['csrf_token']);
 
+    enforceUserPermission('module_support', 3);
+
     $task_id = intval($_GET['delete_task']);
 
     // Get Client ID, task name from tasks and tickets using the task_id
@@ -90,13 +87,12 @@ if (isset($_GET['delete_task'])) {
 
     mysqli_query($mysqli, "DELETE FROM tasks WHERE task_id = $task_id");
 
-    // Logging
     logAction("Task", "Delete", "$session_name deleted task $task_name", $client_id, $task_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Task <strong>$task_name</strong> deleted";
+    flash_alert("Task <strong>$task_name</strong> deleted", 'error');
 
     redirect();
+
 }
 
 if (isset($_GET['complete_task'])) {
@@ -123,12 +119,12 @@ if (isset($_GET['complete_task'])) {
 
     $ticket_reply_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Task", "Edit", "$session_name completed task $task_name", $client_id, $task_id);
 
-    $_SESSION['alert_message'] = "Task <strong>$task_name</strong> Completed";
+    flash_alert("Task <strong>$task_name</strong> Completed");
 
     redirect();
+
 }
 
 if (isset($_GET['undo_complete_task'])) {
@@ -151,11 +147,9 @@ if (isset($_GET['undo_complete_task'])) {
 
     $ticket_reply_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Task", "Edit", "$session_name marked task $task_name as incomplete", $client_id, $task_id);
 
-    $_SESSION['alert_type'] = "error";
-    $_SESSION['alert_message'] = "Task <strong>$task_name</strong> marked as incomplete";
+    flash_alert("Task <strong>$task_name</strong> marked as incomplete", 'error');
 
     redirect();
 
@@ -168,9 +162,7 @@ if (isset($_GET['complete_all_tasks'])) {
     $ticket_id = intval($_GET['complete_all_tasks']);
 
     // Get Client ID
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
-    $row = mysqli_fetch_array($sql);
-    $client_id = intval($row['ticket_client_id']);
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
 
     mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NOW(), task_completed_by = $session_user_id WHERE task_ticket_id = $ticket_id AND task_completed_at IS NULL");
 
@@ -179,12 +171,12 @@ if (isset($_GET['complete_all_tasks'])) {
 
     $ticket_reply_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Ticket", "Edit", "$session_name marked all tasks complete for ticket", $client_id, $ticket_id);
 
-    $_SESSION['alert_message'] = "Marked all tasks Complete";
+    flash_alert("Marked all tasks Complete");
 
     redirect();
+
 }
 
 if (isset($_GET['undo_complete_all_tasks'])) {
@@ -194,9 +186,7 @@ if (isset($_GET['undo_complete_all_tasks'])) {
     $ticket_id = intval($_GET['undo_complete_all_tasks']);
 
     // Get Client ID
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
-    $row = mysqli_fetch_array($sql);
-    $client_id = intval($row['ticket_client_id']);
+    $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
 
     mysqli_query($mysqli, "UPDATE tasks SET task_completed_at = NULL, task_completed_by = NULL WHERE task_ticket_id = $ticket_id AND task_completed_at IS NOT NULL");
 
@@ -205,10 +195,10 @@ if (isset($_GET['undo_complete_all_tasks'])) {
 
     $ticket_reply_id = mysqli_insert_id($mysqli);
 
-    // Logging
     logAction("Ticket", "Edit", "$session_name marked all tasks as incomplete for ticket", $client_id, $ticket_id);
 
-    $_SESSION['alert_message'] = "Marked all tasks Incomplete";
+    flash_alert("Marked all tasks Incomplete", 'error');
 
     redirect();
-}
\ No newline at end of file
+
+}