AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add User to company now works, Security: all edits and deletes now check to make sure they belong to the session_company_id. Security: started work on checking session_company when data is pulled from Get VARS, added clickable invoice status, dashboard session_company_id fixes

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-09-05 23:27:11 -04:00
parent 7f3cdd975f
commit e47853f9cd
7 changed files with 356 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
invoice.php
View File

@@ -8,9 +8,14 @@ if(isset($_GET['invoice_id'])){
$sql = mysqli_query($mysqli,"SELECT * FROM invoices, clients
WHERE invoices.client_id = clients.client_id
AND invoices.invoice_id = $invoice_id"
AND invoices.invoice_id = $invoice_id
AND invoices.company_id = $session_company_id"
);
if(mysqli_num_rows($sql) == 0){
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1></center>";
}else{
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_number = $row['invoice_number'];
@@ -379,7 +384,10 @@ if(isset($_GET['invoice_id'])){
<?php include("edit_invoice_modal.php"); ?>
<?php include("add_invoice_copy_modal.php"); ?>
<?php include("add_invoice_recurring_modal.php"); ?>
<?php } ?>
<?php
}
}
?>
<?php include("footer.php"); ?>
@@ -387,7 +395,7 @@ if(isset($_GET['invoice_id'])){
var products = [
<?php
$sql = mysqli_query($mysqli,"SELECT product_name FROM products");
$sql = mysqli_query($mysqli,"SELECT product_name FROM products WHERE company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$product_name = $row['product_name'];
echo "\"$product_name\",";
@@ -398,7 +406,7 @@ var products = [
var productCosts2 = [
<?php
$sql = mysqli_query($mysqli,"SELECT product_id, product_name, product_cost FROM products");
$sql = mysqli_query($mysqli,"SELECT product_id, product_name, product_cost FROM products WHERE company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$product_id = $row['product_id'];
$product_name = $row['product_name'];
@@ -412,7 +420,7 @@ var productCosts2 = [
var productCosts = [
<?php
$sql = mysqli_query($mysqli,"SELECT product_id, product_name, product_cost FROM products");
$sql = mysqli_query($mysqli,"SELECT product_id, product_name, product_cost FROM products WHERE company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$product_id = $row['product_id'];
$product_name = $row['product_name'];