AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added AES Encryption to client Logins Password Fields, updated DB modified field login_password from VARCHAR to VARBINARY to store password as encrypted, added additonal field to settings called config_aes_key the key is used to decrypt client login passwords, removed invoice, vendor, locaiton linkage in trips, other small cleanups fixups and UI updates, NOTE this will break existing install due to the db being updated

This commit is contained in:
johnny@pittpc.com 2020-01-04 19:52:41 -05:00
parent 21b714c9d7
commit e8b13c6058
20 changed files with 171 additions and 319 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
add_calendar_event_modal.php
View File

@ -79,7 +79,7 @@
$client_name = $row['client_name'];
$client_email = $row['client_email'];
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name - $client_email"; ?></option>
<option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
<?php
}

9
add_client_modal.php
View File

@ -42,17 +42,12 @@
</div>
<div class="form-group">
<label>Type <strong class="text-danger">*</strong></label>
<label>Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-list"></i></span>
</div>
<select class="form-control select2" name="type" required>
<option value="">- Type -</option>
<?php foreach($client_types_array as $client_type) { ?>
<option><?php echo $client_type; ?></option>
<?php } ?>
</select>
<input type="text" class="form-control" name="type" placeholder="Company Type">
</div>
</div>

77
add_trip_copy_modal.php
View File

@ -82,34 +82,6 @@
<div class="tab-pane fade" id="pills-linkCopy<?php echo $trip_id; ?>" role="tabpanel" aria-labelledby="pills-link-tab">
<div class="form-group">
<label>Invoice</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-file"></i></span>
</div>
<select class="form-control select2" name="invoice">
<option value="">- Invoice -</option>
<?php
$sql_invoices = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id AND invoices.company_id = $session_company_id ORDER BY invoice_number DESC");
while($row = mysqli_fetch_array($sql_invoices)){
$client_id_select = $row['client_id'];
$client_name_select = $row['client_name'];
$invoice_id_select = $row['invoice_id'];
$invoice_number_select = $row['invoice_number'];
$invoice_status_select = $row['invoice_status'];
?>
<option <?php if($invoice_id == $invoice_id_select){ echo "selected"; } ?> value="<?php echo $invoice_id_select; ?>"><?php echo "$invoice_number_select - $invoice_status_select - $client_name_select"; ?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group">
<label>Client</label>
<div class="input-group">
@ -134,55 +106,6 @@
</div>
</div>
<div class="form-group">
<label>Location</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-map-marker-alt"></i></span>
</div>
<select class="form-control select2" name="location">
<option value="">- Location -</option>
<?php
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id AND locations.company_id = $session_company_id ORDER BY clients.client_id DESC");
while($row = mysqli_fetch_array($sql_locations)){
$location_id_select = $row['location_id'];
$location_name_select = $row['location_name'];
$client_name_select = $row['client_name'];
?>
<option <?php if($location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo "$client_name_select - $location_name_select"; ?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group">
<label>Vendor</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<select class="form-control select2" name="vendor">
<option value="">- Vendor -</option>
<?php
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
?>
<option <?php if($vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php
}
?>
</select>
</div>
</div>
</div>
</div>

77
add_trip_modal.php
View File

@ -75,34 +75,6 @@
<div class="tab-pane fade" id="pills-link" role="tabpanel" aria-labelledby="pills-link-tab">
<div class="form-group">
<label>Invoice</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-file"></i></span>
</div>
<select class="form-control select2" name="invoice">
<option value="">- Invoice -</option>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id AND invoices.company_id = $session_company_id ORDER BY invoice_number DESC");
while($row = mysqli_fetch_array($sql)){
$client_id = $row['client_id'];
$client_name = $row['client_name'];
$invoice_id = $row['invoice_id'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
?>
<option value="<?php echo $invoice_id; ?>"><?php echo "$invoice_number - $invoice_status - $client_name"; ?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group">
<label>Client</label>
<div class="input-group">
@ -127,55 +99,6 @@
</div>
</div>
<div class="form-group">
<label>Location</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-map-marker-alt"></i></span>
</div>
<select class="form-control select2" name="location">
<option value="">- Location -</option>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id AND locations.company_id = $session_company_id ORDER BY clients.client_id DESC");
while($row = mysqli_fetch_array($sql)){
$location_id = $row['location_id'];
$location_name = $row['location_name'];
$client_name = $row['client_name'];
?>
<option value="<?php echo $location_id; ?>"><?php echo "$client_name - $location_name"; ?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group">
<label>Vendor</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<select class="form-control select2" name="vendor">
<option value="">- Vendor -</option>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
<?php
}
?>
</select>
</div>
</div>
</div>
</div> <!-- Tabn Content -->

2
client_assets.php
View File

@ -126,7 +126,7 @@ $total_pages = ceil($total_found_rows / 10);
$device_icon = "tag";
}
$sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE asset_id = $asset_id");
$sql_logins = mysqli_query($mysqli,"SELECT *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql_logins);
$login_id = $row['login_id'];
$login_username = $row['login_username'];

6
client_logins.php
View File

@ -40,9 +40,9 @@ if(isset($_GET['o'])){
}
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logins
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins
WHERE client_id = $client_id
AND (login_description LIKE '%$q%' OR login_username LIKE '%$q%' OR login_password LIKE '%$q%')
AND (login_description LIKE '%$q%' OR login_username LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@ -74,7 +74,7 @@ $total_pages = ceil($total_found_rows / 10);
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_description&o=<?php echo $disp; ?>">Description</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_username&o=<?php echo $disp; ?>">Username</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_password&o=<?php echo $disp; ?>">Password</a></th>
<th>Password</th>
<th class="text-center">Action</th>
</tr>
</thead>

12
client_payments.php
View File

@ -40,7 +40,7 @@ if(isset($_GET['o'])){
}
$sql = mysqli_query($mysqli,"SELECT * FROM payments, invoices, accounts
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM payments, invoices, accounts
WHERE invoices.client_id = $client_id
AND payments.invoice_id = invoices.invoice_id
AND payments.account_id = accounts.account_id
@ -73,11 +73,13 @@ $total_pages = ceil($total_found_rows / 10);
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_date&o=<?php echo $disp; ?>">Date</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_date&o=<?php echo $disp; ?>">Date Recieved</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=invoice_number&o=<?php echo $disp; ?>">Invoice</a></th>
<th class="text-right"><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_amount&o=<?php echo $disp; ?>">Amount</a></th>
<th class="text-right"><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=invoice_amount&o=<?php echo $disp; ?>">Invoice Amount</a></th>
<th class="text-right"><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_amount&o=<?php echo $disp; ?>">Payment Amount</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=account_name&o=<?php echo $disp; ?>">Account</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_method&o=<?php echo $disp; ?>">Method</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=payment_reference&o=<?php echo $disp; ?>">Reference</a></th>
</tr>
</thead>
<tbody>
@ -87,8 +89,10 @@ $total_pages = ceil($total_found_rows / 10);
$invoice_id = $row['invoice_id'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_amount = $row['invoice_amount'];
$payment_date = $row['payment_date'];
$payment_method = $row['payment_method'];
$payment_reference = $row['payment_reference'];
$payment_amount = $row['payment_amount'];
$account_name = $row['account_name'];
@ -97,9 +101,11 @@ $total_pages = ceil($total_found_rows / 10);
<tr>
<td><?php echo $payment_date; ?></td>
<td><a href="invoice.php?invoice_id=<?php echo $invoice_id; ?>"><?php echo $invoice_number; ?></a></td>
<td class="text-right text-monospace">$<?php echo number_format($invoice_amount,2); ?></td>
<td class="text-right text-monospace">$<?php echo number_format($payment_amount,2); ?></td>
<td><?php echo $account_name; ?></td>
<td><?php echo $payment_method; ?></td>
<td><?php echo $payment_reference; ?></td>
</tr>
<?php

17
client_print.php
View File

@ -538,10 +538,12 @@ if(isset($_GET['client_id'])){
<table class="table table-bordered table-sm mb-4">
<thead>
<tr>
<th>Date</th>
<th>Date Recieved</th>
<th>Date Due</th>
<th>Invoice</th>
<th class="text-right">Amount</th>
<th>Account</th>
<th class="text-right">initial Invoice Amount</th>
<th class="text-right">Amount Payed</th>
<th class="text-right">Invoice Balance</th>
<th>Method</th>
<th>Check #</th>
</tr>
@ -553,19 +555,24 @@ if(isset($_GET['client_id'])){
$invoice_id = $row['invoice_id'];
$invoice_number = $row['invoice_number'];
$invoice_status = $row['invoice_status'];
$invoice_amount = $row['invoice_amount'];
$invoice_due = $row['invoice_due'];
$payment_date = $row['payment_date'];
$payment_method = $row['payment_method'];
$payment_amount = $row['payment_amount'];
$payment_method = $row['payment_method'];
$payment_reference = $row['payment_reference'];
$account_name = $row['account_name'];
$invoice_balance = $invoice_amount - $payment_amount;
?>
<tr>
<td><?php echo $payment_date; ?></td>
<td><?php echo $invoice_due; ?></td>
<td><?php echo $invoice_number; ?></td>
<td class="text-right text-monospace">$<?php echo number_format($invoice_amount,2); ?></td>
<td class="text-right text-monospace">$<?php echo number_format($payment_amount,2); ?></td>
<td><?php echo $account_name; ?></td>
<td class="text-right text-monospace">$<?php echo number_format($invoice_balance,2); ?></td>
<td><?php echo $payment_method; ?></td>
<td><?php echo $payment_reference; ?></td>
</tr>

2
clients.php
View File

@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<button class="btn btn-primary float-right" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
</div>
</div>
<div class="collapse mt-3 <?php if(isset($_GET['dtf'])){ echo "show"; } ?>" id="advancedFilter">
<div class="collapse mt-3 <?php if(!empty($_GET['dtf'])){ echo "show"; } ?>" id="advancedFilter">
<div class="row">
<div class="col-md-2">
<div class="form-group">

97
dashboard.php
View File

@ -226,6 +226,25 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
</div>
</div>
<div class="col-md-12">
<div class="card mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-chart-area"></i> Trip Flow</h3>
<div class="card-tools">
<a href="trips.php" class="btn btn-tool">
<i class="fas fa-eye"></i>
</a>
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
</button>
</div>
</div>
<div class="card-body">
<canvas id="tripFlow" width="100%" height="20"></canvas>
</div>
</div>
</div>
<div class="col-lg-6">
<div class="card mb-3">
<div class="card-header">
@ -510,8 +529,8 @@ var myLineChart = new Chart(ctx, {
datasets: [{
label: "Expense",
lineTension: 0.3,
backgroundColor: "rgba(2,117,216,0.2)",
borderColor: "rgba(2,117,216,1)",
backgroundColor: "rgba(2,2,216,0.2)",
borderColor: "rgba(2,2,216,1)",
pointRadius: 5,
pointBackgroundColor: "rgba(2,117,216,1)",
pointBorderColor: "rgba(255,255,255,0.8)",
@ -573,7 +592,81 @@ var myLineChart = new Chart(ctx, {
}
});
// Set new default font family and font color to mimic Bootstrap's default styling
Chart.defaults.global.defaultFontFamily = '-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif';
Chart.defaults.global.defaultFontColor = '#292b2c';
// Area Chart Example
var ctx = document.getElementById("tripFlow");
var myLineChart = new Chart(ctx, {
type: 'line',
data: {
labels: ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"],
datasets: [{
label: "Trip",
lineTension: 0.3,
backgroundColor: "red",
borderColor: "darkred",
pointRadius: 5,
pointBackgroundColor: "red",
pointBorderColor: "red",
pointHoverRadius: 5,
pointHoverBackgroundColor: "darkred",
pointHitRadius: 50,
pointBorderWidth: 2,
data: [
<?php
for($month = 1; $month<=12; $month++) {
$sql_trips = mysqli_query($mysqli,"SELECT SUM(trip_miles) AS trip_miles_for_month FROM trips WHERE YEAR(trip_date) = $year AND MONTH(trip_date) = $month AND trips.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_trips);
$trip_miles_for_month = $row['trip_miles_for_month'];
if($trip_miles_for_month > 0 AND $trip_miles_for_month > $largest_trip_miles_month){
$largest_trip_miles_month = $trip_miles_for_month;
}
?>
<?php echo "$trip_miles_for_month,"; ?>
<?php
}
?>
],
}],
},
options: {
scales: {
xAxes: [{
time: {
unit: 'date'
},
gridLines: {
display: false
},
ticks: {
maxTicksLimit: 12
}
}],
yAxes: [{
ticks: {
min: 0,
max: <?php echo roundUpToNearestMultiple($largest_trip_miles_month); ?>,
maxTicksLimit: 5
},
gridLines: {
color: "rgba(0, 0, 0, .125)",
}
}],
},
legend: {
display: false
}
}
});
// Set new default font family and font color to mimic Bootstrap's default styling
Chart.defaults.global.defaultFontFamily = '-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif';

16
db.sql
View File

@ -1,8 +1,8 @@
-- MariaDB dump 10.17 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64)
-- MariaDB dump 10.17 Distrib 10.4.10-MariaDB, for debian-linux-gnu (x86_64)
--
-- Host: localhost Database: admin_crm
-- Host: 127.0.0.1 Database: admin_crm
-- ------------------------------------------------------
-- Server version 10.4.8-MariaDB-1:10.4.8+maria~bionic
-- Server version 10.4.10-MariaDB-1:10.4.10+maria~bionic
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@ -388,7 +388,7 @@ CREATE TABLE `logins` (
`login_description` varchar(200) NOT NULL,
`login_web_link` varchar(200) DEFAULT NULL,
`login_username` varchar(200) NOT NULL,
`login_password` varchar(200) NOT NULL,
`login_password` varbinary(200) DEFAULT NULL,
`login_note` text DEFAULT NULL,
`login_created_at` datetime NOT NULL,
`login_updated_at` datetime DEFAULT NULL,
@ -619,6 +619,7 @@ CREATE TABLE `settings` (
`config_invoice_next_number` int(11) DEFAULT NULL,
`config_recurring_auto_send_invoice` int(1) DEFAULT NULL,
`config_api_key` varchar(200) DEFAULT NULL,
`config_aes_key` varchar(250) DEFAULT NULL,
`config_invoice_prefix` varchar(200) DEFAULT NULL,
`config_send_invoice_reminders` int(1) DEFAULT NULL,
`config_invoice_overdue_reminders` varchar(200) DEFAULT NULL,
@ -632,6 +633,7 @@ CREATE TABLE `settings` (
`config_stripe_enable` int(1) DEFAULT NULL,
`config_stripe_publishable` varchar(255) DEFAULT NULL,
`config_stripe_secret` varchar(255) DEFAULT NULL,
`config_base_url` varchar(200) DEFAULT NULL,
PRIMARY KEY (`company_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -740,9 +742,6 @@ CREATE TABLE `trips` (
`trip_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`trip_updated_at` datetime DEFAULT NULL,
`client_id` int(11) DEFAULT NULL,
`invoice_id` int(11) DEFAULT NULL,
`location_id` int(11) DEFAULT NULL,
`vendor_id` int(11) DEFAULT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`trip_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
@ -777,7 +776,6 @@ CREATE TABLE `users` (
`avatar` varchar(200) DEFAULT NULL,
`created_at` datetime NOT NULL,
`updated_at` datetime DEFAULT NULL,
`client_id` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
@ -819,4 +817,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2019-09-28 14:15:08
-- Dump completed on 2020-01-04 19:47:01

5
edit_calendar_event_modal.php
View File

@ -76,9 +76,8 @@
while($row = mysqli_fetch_array($sql_clients)){
$client_id_select = $row['client_id'];
$client_name_select = $row['client_name'];
$client_email_select = $row['client_email'];
?>
<option <?php if($client_id == $client_id_select){ echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo "$client_name_select - $client_email_select"; ?></option>
<option <?php if($client_id == $client_id_select){ echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>
<?php
}
@ -94,7 +93,7 @@
</div>
<div class="modal-footer bg-white">
<a href="post.php?delete_event=<?php echo $event_id; ?>" class="btn btn-outline-danger mr-auto">Delete</a>
<a href="post.php?delete_event=<?php echo $event_id; ?>" class="btn btn-danger mr-auto"><i class="fa fa-trash"></i></a>
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_event" class="btn btn-primary">Save</button>
</div>

13
edit_client_modal.php
View File

@ -43,21 +43,12 @@
</div>
<div class="form-group">
<label>Type <strong class="text-danger">*</strong></label>
<label>Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-list"></i></span>
</div>
<select class="form-control select2" name="type">
<?php foreach($client_types_array as $client_type_select) { ?>
<option
value="<?php echo $client_type_select; ?>"
<?php if($client_type_select == $client_type) { echo "selected"; } ?> >
<?php echo $client_type_select; ?>
</option>
<?php } ?>
</select>
<input type="text" class="form-control" name="type" placeholder="Company Type" value="<?php echo $client_type; ?>">
</div>
</div>

78
edit_trip_modal.php
View File

@ -83,34 +83,6 @@
<div class="tab-pane fade" id="pills-link<?php echo $trip_id; ?>" role="tabpanel" aria-labelledby="pills-link-tab">
<div class="form-group">
<label>Invoice</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-file"></i></span>
</div>
<select class="form-control select2" name="invoice">
<option value="">- Invoice -</option>
<?php
$sql_invoices = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE invoices.client_id = clients.client_id AND clients.company_id = $session_company_id ORDER BY invoice_number DESC");
while($row = mysqli_fetch_array($sql_invoices)){
$client_id_select = $row['client_id'];
$client_name_select = $row['client_name'];
$invoice_id_select = $row['invoice_id'];
$invoice_number_select = $row['invoice_number'];
$invoice_status_select = $row['invoice_status'];
?>
<option <?php if($invoice_id == $invoice_id_select){ echo "selected"; } ?> value="<?php echo $invoice_id_select; ?>"><?php echo "$invoice_number_select - $invoice_status_select - $client_name_select"; ?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group">
<label>Client</label>
<div class="input-group">
@ -134,55 +106,7 @@
</select>
</div>
</div>
<div class="form-group">
<label>Location</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-map-marker-alt"></i></span>
</div>
<select class="form-control select2" name="location">
<option value="">- Location -</option>
<?php
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations, clients WHERE locations.client_id = clients.client_id ORDER BY clients.client_id DESC");
while($row = mysqli_fetch_array($sql_locations)){
$location_id_select = $row['location_id'];
$location_name_select = $row['location_name'];
$client_name_select = $row['client_name'];
?>
<option <?php if($location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo "$client_name_select - $location_name_select"; ?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group">
<label>Vendor</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
</div>
<select class="form-control select2" name="vendor">
<option value="">- Vendor -</option>
<?php
$sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE client_id = 0 ORDER BY vendor_name ASC");
while($row = mysqli_fetch_array($sql_vendors)){
$vendor_id_select = $row['vendor_id'];
$vendor_name_select = $row['vendor_name'];
?>
<option <?php if($vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
<?php
}
?>
</select>
</div>
</div>
</div>
</div>

8
expenses.php
View File

@ -39,12 +39,6 @@
$disp = "ASC";
}
if(isset($_GET['category'])){
$category = $_GET['category'];
}else{
$category = '%';
}
//Date From and Date To Filter
if(!empty($_GET['dtf'])){
$dtf = $_GET['dtf'];
@ -89,7 +83,7 @@
<button class="btn btn-primary float-right" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
</div>
</div>
<div class="collapse mt-3 <?php if(isset($_GET['dtf'])){ echo "show"; } ?>" id="advancedFilter">
<div class="collapse mt-3 <?php if(!empty($_GET['dtf'])){ echo "show"; } ?>" id="advancedFilter">
<div class="row">
<div class="col-md-2">
<div class="form-group">

22
get_settings.php
View File

@ -57,29 +57,10 @@ $config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
$config_api_key = $row['config_api_key'];
$config_aes_key = $row['config_aes_key'];
$config_base_url = $row['config_base_url'];
$config_enable_cron = $row['config_enable_cron'];
$client_types_array = array(
'Residential',
'Law',
'Tax and Accounting',
'General Contractor',
'Medical',
'Non Profit',
'Industrial',
'Automotive',
'Retail',
'Staffing Agency',
'Photography',
'Restaurant',
'Bar',
'Real Estate',
'Dental',
'Farm',
'Other'
);
$net_terms_array = array(
'0'=>'On Reciept',
'7'=>'7 Days',
@ -177,4 +158,5 @@ $software_types_array = array(
'Desktop App',
'Other'
);
?>

2
pagination.php
View File

@ -64,7 +64,7 @@ if ($total_found_rows > 10) {
}
if($total_found_rows == 0){
echo "<center><h3 class='text-secondary'>No Records Here</h3></center>";
echo "<center><h3 class='text-secondary'>No Records Here</h3></center>";
}else{
echo "<div class='justify-content-start'><br><strong>Records:</strong> $total_found_rows</div>";
}

31
post.php
View File

@ -177,6 +177,8 @@ if(isset($_POST['verify'])){
if(isset($_POST['edit_general_settings'])){
$config_api_key = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_api_key']));
$old_aes_key = $config_aes_key;
$config_aes_key = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_aes_key']));
$config_base_url = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_base_url']));
$path = "$config_invoice_logo";
@ -191,7 +193,20 @@ if(isset($_POST['edit_general_settings'])){
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"UPDATE settings SET config_invoice_logo = '$path', config_api_key = '$config_api_key', config_base_url = '$config_base_url' WHERE company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE settings SET config_invoice_logo = '$path', config_api_key = '$config_api_key', config_aes_key = '$config_aes_key', config_base_url = '$config_base_url' WHERE company_id = $session_company_id");
//Update AES key on client_logins if changed
if($old_aes_key != $config_aes_key){
$sql = mysqli_query($mysqli,"SELECT login_id, AES_DECRYPT(login_password, '$old_aes_key') AS old_login_password FROM logins
WHERE company_id = $session_company_id");
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$old_login_password = $row['old_login_password'];
mysqli_query($mysqli,"UPDATE logins SET login_password = AES_ENCRYPT('$old_login_password','$config_aes_key') WHERE login_id = $login_id");
}
}
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modified', log_description = 'General', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id");
@ -903,11 +918,8 @@ if(isset($_POST['add_trip'])){
$roundtrip = intval($_POST['roundtrip']);
$purpose = strip_tags(mysqli_real_escape_string($mysqli,$_POST['purpose']));
$client_id = intval($_POST['client']);
$invoice_id = intval($_POST['invoice']);
$location_id = intval($_POST['location']);
$vendor_id = intval($_POST['vendor']);
mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_created_at = NOW(), client_id = $client_id, invoice_id = $invoice_id, location_id = $location_id, vendor_id = $vendor_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_created_at = NOW(), client_id = $client_id, company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Trip', log_action = 'Created', log_description = '$date', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id");
@ -928,11 +940,8 @@ if(isset($_POST['edit_trip'])){
$roundtrip = intval($_POST['roundtrip']);
$purpose = strip_tags(mysqli_real_escape_string($mysqli,$_POST['purpose']));
$client_id = intval($_POST['client']);
$invoice_id = intval($_POST['invoice']);
$location_id = intval($_POST['location']);
$vendor_id = intval($_POST['vendor']);
mysqli_query($mysqli,"UPDATE trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, trip_purpose = '$purpose', round_trip = $roundtrip, trip_updated_at = NOW(), client_id = $client_id, invoice_id = $invoice_id, location_id = $location_id, vendor_id = $vendor_id WHERE trip_id = $trip_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, trip_purpose = '$purpose', round_trip = $roundtrip, trip_updated_at = NOW(), client_id = $client_id WHERE trip_id = $trip_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Trip', log_action = 'Modified', log_description = '$date', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id");
@ -3009,7 +3018,7 @@ if(isset($_POST['add_login'])){
$asset_id = intval($_POST['asset']);
$software_id = intval($_POST['software']);
mysqli_query($mysqli,"INSERT INTO logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = '$password', login_note = '$note', login_created_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id, client_id = $client_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = AES_ENCRYPT('$password','$config_aes_key'), login_note = '$note', login_created_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id, client_id = $client_id, company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Created', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id");
@ -3032,7 +3041,7 @@ if(isset($_POST['edit_login'])){
$asset_id = intval($_POST['asset']);
$software_id = intval($_POST['software']);
mysqli_query($mysqli,"UPDATE logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = '$password', login_note = '$note', login_updated_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id WHERE login_id = $login_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = AES_ENCRYPT('$password','$config_aes_key'), login_note = '$note', login_updated_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id WHERE login_id = $login_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Modified', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id");

11
settings-general.php
View File

@ -19,6 +19,17 @@
</div>
</div>
<div class="form-group">
<label>AES Decryption Key</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="config_aes_key" placeholder="Key used to decrypt passwords" value="<?php echo $config_aes_key; ?>">
</div>
<small class="form-text text-muted">This will also update the key on all client logins</small>
</div>
<div class="form-group">
<label>Base URL</label>
<div class="input-group">

3
trips.php
View File

@ -99,9 +99,6 @@
$trip_miles = $row['trip_miles'];
$round_trip = $row['round_trip'];
$client_id = $row['client_id'];
$invoice_id = $row['invoice_id'];
$location_id = $row['location_id'];
$vendor_id = $row['vendor_id'];
if($round_trip == 1){
$round_tip_display = "<i class='fa fa-fw fa-sync-alt text-secondary'></i>";