AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Where clause to only accept saved payment by logged in session_client_id in Client Portal

This commit is contained in:
johnnyq 2025-11-16 15:33:45 -05:00
parent b0724f5b66
commit efcc0fd5cb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/post.php
View File

@ -440,7 +440,7 @@ if (isset($_GET['add_payment_by_provider'])) {
$sql = mysqli_query($mysqli,"SELECT * FROM invoices $sql = mysqli_query($mysqli,"SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN contacts ON client_id = contact_client_id AND contact_primary = 1 LEFT JOIN contacts ON client_id = contact_client_id AND contact_primary = 1
WHERE invoice_id = $invoice_id" WHERE invoice_id = $invoice_id AND client_id = $session_client_id"
); );
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$invoice_number = intval($row['invoice_number']); $invoice_number = intval($row['invoice_number']);