diff --git a/add_calendar_event_modal.php b/add_calendar_event_modal.php index 221b1941..83d16eb7 100644 --- a/add_calendar_event_modal.php +++ b/add_calendar_event_modal.php @@ -79,7 +79,7 @@ $client_name = $row['client_name']; $client_email = $row['client_email']; ?> - +
- +
- +
diff --git a/add_trip_copy_modal.php b/add_trip_copy_modal.php index ce22f09a..c390b67a 100644 --- a/add_trip_copy_modal.php +++ b/add_trip_copy_modal.php @@ -82,34 +82,6 @@
-
- -
-
- -
- -
-
-
@@ -134,55 +106,6 @@
-
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
-
diff --git a/add_trip_modal.php b/add_trip_modal.php index 41f2fd1b..ef77053b 100644 --- a/add_trip_modal.php +++ b/add_trip_modal.php @@ -75,34 +75,6 @@ diff --git a/client_assets.php b/client_assets.php index 9b79eea4..ecbb7c24 100644 --- a/client_assets.php +++ b/client_assets.php @@ -126,7 +126,7 @@ $total_pages = ceil($total_found_rows / 10); $device_icon = "tag"; } - $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE asset_id = $asset_id"); + $sql_logins = mysqli_query($mysqli,"SELECT *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins WHERE asset_id = $asset_id"); $row = mysqli_fetch_array($sql_logins); $login_id = $row['login_id']; $login_username = $row['login_username']; diff --git a/client_logins.php b/client_logins.php index e0129584..8f52551f 100644 --- a/client_logins.php +++ b/client_logins.php @@ -40,9 +40,9 @@ if(isset($_GET['o'])){ } -$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logins +$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins WHERE client_id = $client_id - AND (login_description LIKE '%$q%' OR login_username LIKE '%$q%' OR login_password LIKE '%$q%') + AND (login_description LIKE '%$q%' OR login_username LIKE '%$q%') ORDER BY $sb $o LIMIT $record_from, $record_to"); $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); @@ -74,7 +74,7 @@ $total_pages = ceil($total_found_rows / 10); Description Username - Password + Password Action diff --git a/client_payments.php b/client_payments.php index 5d621960..ff97f15e 100644 --- a/client_payments.php +++ b/client_payments.php @@ -40,7 +40,7 @@ if(isset($_GET['o'])){ } -$sql = mysqli_query($mysqli,"SELECT * FROM payments, invoices, accounts +$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM payments, invoices, accounts WHERE invoices.client_id = $client_id AND payments.invoice_id = invoices.invoice_id AND payments.account_id = accounts.account_id @@ -73,11 +73,13 @@ $total_pages = ceil($total_found_rows / 10); "> - + - + + + @@ -87,8 +89,10 @@ $total_pages = ceil($total_found_rows / 10); $invoice_id = $row['invoice_id']; $invoice_number = $row['invoice_number']; $invoice_status = $row['invoice_status']; + $invoice_amount = $row['invoice_amount']; $payment_date = $row['payment_date']; $payment_method = $row['payment_method']; + $payment_reference = $row['payment_reference']; $payment_amount = $row['payment_amount']; $account_name = $row['account_name']; @@ -97,9 +101,11 @@ $total_pages = ceil($total_found_rows / 10); + + - + + - - + + + @@ -553,19 +555,24 @@ if(isset($_GET['client_id'])){ $invoice_id = $row['invoice_id']; $invoice_number = $row['invoice_number']; $invoice_status = $row['invoice_status']; + $invoice_amount = $row['invoice_amount']; + $invoice_due = $row['invoice_due']; $payment_date = $row['payment_date']; - $payment_method = $row['payment_method']; $payment_amount = $row['payment_amount']; + $payment_method = $row['payment_method']; $payment_reference = $row['payment_reference']; $account_name = $row['account_name']; + $invoice_balance = $invoice_amount - $payment_amount; ?> + + - + diff --git a/clients.php b/clients.php index 6a23b323..a4e13e5c 100644 --- a/clients.php +++ b/clients.php @@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); -
" id="advancedFilter"> +
" id="advancedFilter">
diff --git a/dashboard.php b/dashboard.php index 0e865ad7..394bd38e 100644 --- a/dashboard.php +++ b/dashboard.php @@ -226,6 +226,25 @@ $total_recurring_invoice_amount = $row['total_recurring_invoice_amount'];
+
+
+
+

Trip Flow

+
+ + + + +
+
+
+ +
+
+
+
@@ -510,8 +529,8 @@ var myLineChart = new Chart(ctx, { datasets: [{ label: "Expense", lineTension: 0.3, - backgroundColor: "rgba(2,117,216,0.2)", - borderColor: "rgba(2,117,216,1)", + backgroundColor: "rgba(2,2,216,0.2)", + borderColor: "rgba(2,2,216,1)", pointRadius: 5, pointBackgroundColor: "rgba(2,117,216,1)", pointBorderColor: "rgba(255,255,255,0.8)", @@ -573,7 +592,81 @@ var myLineChart = new Chart(ctx, { } }); +// Set new default font family and font color to mimic Bootstrap's default styling +Chart.defaults.global.defaultFontFamily = '-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif'; +Chart.defaults.global.defaultFontColor = '#292b2c'; +// Area Chart Example +var ctx = document.getElementById("tripFlow"); +var myLineChart = new Chart(ctx, { + type: 'line', + data: { + labels: ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"], + datasets: [{ + label: "Trip", + lineTension: 0.3, + backgroundColor: "red", + borderColor: "darkred", + pointRadius: 5, + pointBackgroundColor: "red", + pointBorderColor: "red", + pointHoverRadius: 5, + pointHoverBackgroundColor: "darkred", + pointHitRadius: 50, + pointBorderWidth: 2, + data: [ + 0 AND $trip_miles_for_month > $largest_trip_miles_month){ + $largest_trip_miles_month = $trip_miles_for_month; + } + + + ?> + + + + + ], + }], + }, + options: { + scales: { + xAxes: [{ + time: { + unit: 'date' + }, + gridLines: { + display: false + }, + ticks: { + maxTicksLimit: 12 + } + }], + yAxes: [{ + ticks: { + min: 0, + max: , + maxTicksLimit: 5 + }, + gridLines: { + color: "rgba(0, 0, 0, .125)", + } + }], + }, + legend: { + display: false + } + } +}); // Set new default font family and font color to mimic Bootstrap's default styling Chart.defaults.global.defaultFontFamily = '-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif'; diff --git a/db.sql b/db.sql index c4dd27af..b5654e85 100644 --- a/db.sql +++ b/db.sql @@ -1,8 +1,8 @@ --- MariaDB dump 10.17 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64) +-- MariaDB dump 10.17 Distrib 10.4.10-MariaDB, for debian-linux-gnu (x86_64) -- --- Host: localhost Database: admin_crm +-- Host: 127.0.0.1 Database: admin_crm -- ------------------------------------------------------ --- Server version 10.4.8-MariaDB-1:10.4.8+maria~bionic +-- Server version 10.4.10-MariaDB-1:10.4.10+maria~bionic /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; @@ -388,7 +388,7 @@ CREATE TABLE `logins` ( `login_description` varchar(200) NOT NULL, `login_web_link` varchar(200) DEFAULT NULL, `login_username` varchar(200) NOT NULL, - `login_password` varchar(200) NOT NULL, + `login_password` varbinary(200) DEFAULT NULL, `login_note` text DEFAULT NULL, `login_created_at` datetime NOT NULL, `login_updated_at` datetime DEFAULT NULL, @@ -619,6 +619,7 @@ CREATE TABLE `settings` ( `config_invoice_next_number` int(11) DEFAULT NULL, `config_recurring_auto_send_invoice` int(1) DEFAULT NULL, `config_api_key` varchar(200) DEFAULT NULL, + `config_aes_key` varchar(250) DEFAULT NULL, `config_invoice_prefix` varchar(200) DEFAULT NULL, `config_send_invoice_reminders` int(1) DEFAULT NULL, `config_invoice_overdue_reminders` varchar(200) DEFAULT NULL, @@ -632,6 +633,7 @@ CREATE TABLE `settings` ( `config_stripe_enable` int(1) DEFAULT NULL, `config_stripe_publishable` varchar(255) DEFAULT NULL, `config_stripe_secret` varchar(255) DEFAULT NULL, + `config_base_url` varchar(200) DEFAULT NULL, PRIMARY KEY (`company_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; /*!40101 SET character_set_client = @saved_cs_client */; @@ -740,9 +742,6 @@ CREATE TABLE `trips` ( `trip_created_at` datetime NOT NULL DEFAULT current_timestamp(), `trip_updated_at` datetime DEFAULT NULL, `client_id` int(11) DEFAULT NULL, - `invoice_id` int(11) DEFAULT NULL, - `location_id` int(11) DEFAULT NULL, - `vendor_id` int(11) DEFAULT NULL, `company_id` int(11) NOT NULL, PRIMARY KEY (`trip_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; @@ -777,7 +776,6 @@ CREATE TABLE `users` ( `avatar` varchar(200) DEFAULT NULL, `created_at` datetime NOT NULL, `updated_at` datetime DEFAULT NULL, - `client_id` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; /*!40101 SET character_set_client = @saved_cs_client */; @@ -819,4 +817,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2019-09-28 14:15:08 +-- Dump completed on 2020-01-04 19:47:01 diff --git a/edit_calendar_event_modal.php b/edit_calendar_event_modal.php index 3a458f10..7a9f8c04 100644 --- a/edit_calendar_event_modal.php +++ b/edit_calendar_event_modal.php @@ -76,9 +76,8 @@ while($row = mysqli_fetch_array($sql_clients)){ $client_id_select = $row['client_id']; $client_name_select = $row['client_name']; - $client_email_select = $row['client_email']; ?> - +
- Delete +
diff --git a/edit_client_modal.php b/edit_client_modal.php index 82970936..abf86119 100644 --- a/edit_client_modal.php +++ b/edit_client_modal.php @@ -43,21 +43,12 @@
- +
- +
diff --git a/edit_trip_modal.php b/edit_trip_modal.php index 9ea2f213..a27c4628 100644 --- a/edit_trip_modal.php +++ b/edit_trip_modal.php @@ -83,34 +83,6 @@
-
- -
-
- -
- -
-
-
@@ -134,55 +106,7 @@
- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
+
diff --git a/expenses.php b/expenses.php index 184fe205..18b3a2f1 100644 --- a/expenses.php +++ b/expenses.php @@ -39,12 +39,6 @@ $disp = "ASC"; } - if(isset($_GET['category'])){ - $category = $_GET['category']; - }else{ - $category = '%'; - } - //Date From and Date To Filter if(!empty($_GET['dtf'])){ $dtf = $_GET['dtf']; @@ -89,7 +83,7 @@
-
" id="advancedFilter"> +
" id="advancedFilter">
diff --git a/get_settings.php b/get_settings.php index 39ffc81f..6b1d5459 100644 --- a/get_settings.php +++ b/get_settings.php @@ -57,29 +57,10 @@ $config_stripe_publishable = $row['config_stripe_publishable']; $config_stripe_secret = $row['config_stripe_secret']; $config_api_key = $row['config_api_key']; +$config_aes_key = $row['config_aes_key']; $config_base_url = $row['config_base_url']; $config_enable_cron = $row['config_enable_cron']; -$client_types_array = array( - 'Residential', - 'Law', - 'Tax and Accounting', - 'General Contractor', - 'Medical', - 'Non Profit', - 'Industrial', - 'Automotive', - 'Retail', - 'Staffing Agency', - 'Photography', - 'Restaurant', - 'Bar', - 'Real Estate', - 'Dental', - 'Farm', - 'Other' -); - $net_terms_array = array( '0'=>'On Reciept', '7'=>'7 Days', @@ -177,4 +158,5 @@ $software_types_array = array( 'Desktop App', 'Other' ); + ?> \ No newline at end of file diff --git a/pagination.php b/pagination.php index 911a2ed9..da2b6613 100644 --- a/pagination.php +++ b/pagination.php @@ -64,7 +64,7 @@ if ($total_found_rows > 10) { } if($total_found_rows == 0){ -echo "

No Records Here

"; + echo "

No Records Here

"; }else{ echo "

Records: $total_found_rows
"; } diff --git a/post.php b/post.php index 8657e2d3..5016e36f 100644 --- a/post.php +++ b/post.php @@ -177,6 +177,8 @@ if(isset($_POST['verify'])){ if(isset($_POST['edit_general_settings'])){ $config_api_key = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_api_key'])); + $old_aes_key = $config_aes_key; + $config_aes_key = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_aes_key'])); $config_base_url = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_base_url'])); $path = "$config_invoice_logo"; @@ -191,7 +193,20 @@ if(isset($_POST['edit_general_settings'])){ move_uploaded_file($_FILES['file']['tmp_name'], $path); } - mysqli_query($mysqli,"UPDATE settings SET config_invoice_logo = '$path', config_api_key = '$config_api_key', config_base_url = '$config_base_url' WHERE company_id = $session_company_id"); + mysqli_query($mysqli,"UPDATE settings SET config_invoice_logo = '$path', config_api_key = '$config_api_key', config_aes_key = '$config_aes_key', config_base_url = '$config_base_url' WHERE company_id = $session_company_id"); + + //Update AES key on client_logins if changed + if($old_aes_key != $config_aes_key){ + $sql = mysqli_query($mysqli,"SELECT login_id, AES_DECRYPT(login_password, '$old_aes_key') AS old_login_password FROM logins + WHERE company_id = $session_company_id"); + + while($row = mysqli_fetch_array($sql)){ + $login_id = $row['login_id']; + $old_login_password = $row['old_login_password']; + + mysqli_query($mysqli,"UPDATE logins SET login_password = AES_ENCRYPT('$old_login_password','$config_aes_key') WHERE login_id = $login_id"); + } + } //logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modified', log_description = 'General', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id"); @@ -903,11 +918,8 @@ if(isset($_POST['add_trip'])){ $roundtrip = intval($_POST['roundtrip']); $purpose = strip_tags(mysqli_real_escape_string($mysqli,$_POST['purpose'])); $client_id = intval($_POST['client']); - $invoice_id = intval($_POST['invoice']); - $location_id = intval($_POST['location']); - $vendor_id = intval($_POST['vendor']); - mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_created_at = NOW(), client_id = $client_id, invoice_id = $invoice_id, location_id = $location_id, vendor_id = $vendor_id, company_id = $session_company_id"); + mysqli_query($mysqli,"INSERT INTO trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, round_trip = $roundtrip, trip_purpose = '$purpose', trip_created_at = NOW(), client_id = $client_id, company_id = $session_company_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Trip', log_action = 'Created', log_description = '$date', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id"); @@ -928,11 +940,8 @@ if(isset($_POST['edit_trip'])){ $roundtrip = intval($_POST['roundtrip']); $purpose = strip_tags(mysqli_real_escape_string($mysqli,$_POST['purpose'])); $client_id = intval($_POST['client']); - $invoice_id = intval($_POST['invoice']); - $location_id = intval($_POST['location']); - $vendor_id = intval($_POST['vendor']); - mysqli_query($mysqli,"UPDATE trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, trip_purpose = '$purpose', round_trip = $roundtrip, trip_updated_at = NOW(), client_id = $client_id, invoice_id = $invoice_id, location_id = $location_id, vendor_id = $vendor_id WHERE trip_id = $trip_id AND company_id = $session_company_id"); + mysqli_query($mysqli,"UPDATE trips SET trip_date = '$date', trip_starting_location = '$starting_location', trip_destination = '$destination', trip_miles = $miles, trip_purpose = '$purpose', round_trip = $roundtrip, trip_updated_at = NOW(), client_id = $client_id WHERE trip_id = $trip_id AND company_id = $session_company_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Trip', log_action = 'Modified', log_description = '$date', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id"); @@ -3009,7 +3018,7 @@ if(isset($_POST['add_login'])){ $asset_id = intval($_POST['asset']); $software_id = intval($_POST['software']); - mysqli_query($mysqli,"INSERT INTO logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = '$password', login_note = '$note', login_created_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id, client_id = $client_id, company_id = $session_company_id"); + mysqli_query($mysqli,"INSERT INTO logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = AES_ENCRYPT('$password','$config_aes_key'), login_note = '$note', login_created_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id, client_id = $client_id, company_id = $session_company_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Created', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id"); @@ -3032,7 +3041,7 @@ if(isset($_POST['edit_login'])){ $asset_id = intval($_POST['asset']); $software_id = intval($_POST['software']); - mysqli_query($mysqli,"UPDATE logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = '$password', login_note = '$note', login_updated_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id WHERE login_id = $login_id AND company_id = $session_company_id"); + mysqli_query($mysqli,"UPDATE logins SET login_description = '$description', login_web_link = '$web_link', login_username = '$username', login_password = AES_ENCRYPT('$password','$config_aes_key'), login_note = '$note', login_updated_at = NOW(), vendor_id = $vendor_id, asset_id = $asset_id, software_id = $software_id WHERE login_id = $login_id AND company_id = $session_company_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Modified', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id"); diff --git a/settings-general.php b/settings-general.php index e14edc8f..dcfabdc1 100644 --- a/settings-general.php +++ b/settings-general.php @@ -19,6 +19,17 @@
+
+ +
+
+ +
+ +
+ This will also update the key on all client logins +
+
diff --git a/trips.php b/trips.php index 05152d0e..a671101a 100644 --- a/trips.php +++ b/trips.php @@ -99,9 +99,6 @@ $trip_miles = $row['trip_miles']; $round_trip = $row['round_trip']; $client_id = $row['client_id']; - $invoice_id = $row['invoice_id']; - $location_id = $row['location_id']; - $vendor_id = $row['vendor_id']; if($round_trip == 1){ $round_tip_display = "";
DateDate Recieved InvoiceAmountInvoice AmountPayment Amount Account MethodReference
$ $
DateDate RecievedDate Due InvoiceAmountAccountinitial Invoice AmountAmount PayedInvoice Balance Method Check #
$ $$