AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Finished up santizeInput Conv and UI updates

This commit is contained in:
johnnyq 2023-02-23 16:09:37 -05:00
parent 2b50302cf9
commit f7552cd25a
179 changed files with 1572 additions and 1349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api_key_add_modal.php
View File

@ -5,7 +5,7 @@ $key = randomString(156);
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-key mr-2"></i>New Key</h5>
<h5 class="modal-title"><i class="fas fa-fw fa-key mr-2"></i>New Key</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -74,7 +74,7 @@ $key = randomString(156);
</div>
<div class="modal-footer bg-white">
<button type="submit" name="add_api_key" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

11
blank.php
View File

@ -18,6 +18,17 @@
<?php echo randomString(100); ?>
<br>
<form>
<?php
$timezones = DateTimeZone::listIdentifiers();
echo '<select name="timezone">';
foreach ($timezones as $timezone) {
echo '<option value="' . $timezone . '">' . $timezone . '</option>';
}
echo '</select>';
?>
</form>
<script>toastr.success('Have Fun Wozz!!')</script>

103
client_contact_details.php
View File

@ -11,7 +11,6 @@ if (isset($_GET['contact_id'])) {
");
$row = mysqli_fetch_array($sql);
$contact_id = $row['contact_id'];
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_department =htmlentities($row['contact_department']);
@ -25,13 +24,13 @@ if (isset($_GET['contact_id'])) {
$contact_important = intval($row['contact_important']);
$contact_billing = intval($row['contact_billing']);
$contact_technical = intval($row['contact_technical']);
$contact_created_at = $row['contact_created_at'];
$contact_created_at = htmlentities($row['contact_created_at']);
if ($contact_id == $primary_contact) {
$primary_contact_display = "<small class='text-success'>Primary Contact</small>";
} else {
$primary_contact_display = false;
}
$contact_location_id = $row['contact_location_id'];
$contact_location_id = intval($row['contact_location_id']);
$location_name = htmlentities($row['location_name']);
if (empty($location_name)) {
$location_name_display = "-";
@ -126,7 +125,7 @@ if (isset($_GET['contact_id'])) {
<div class="col-md-9">
<ol class="breadcrumb d-print-none">
<ol class="breadcrumb">
<li class="breadcrumb-item">
<a href="invoices.php">Home</a>
</li>
@ -144,7 +143,7 @@ if (isset($_GET['contact_id'])) {
<div class="card card-dark <?php if ($asset_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-desktop"></i> Assets</h3>
<h3 class="card-title"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
</div>
<div class="card-body">
<div class="table-responsive">
@ -165,7 +164,7 @@ if (isset($_GET['contact_id'])) {
<?php
while ($row = mysqli_fetch_array($sql_related_assets)) {
$asset_id = $row['asset_id'];
$asset_id = intval($row['asset_id']);
$asset_type = htmlentities($row['asset_type']);
$asset_name = htmlentities($row['asset_name']);
$asset_make = htmlentities($row['asset_make']);
@ -190,20 +189,20 @@ if (isset($_GET['contact_id'])) {
}
$asset_mac = htmlentities($row['asset_mac']);
$asset_status = htmlentities($row['asset_status']);
$asset_purchase_date = $row['asset_purchase_date'];
$asset_warranty_expire = $row['asset_warranty_expire'];
$asset_install_date = $row['asset_install_date'];
$asset_purchase_date = htmlentities($row['asset_purchase_date']);
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']);
$asset_install_date = htmlentities($row['asset_install_date']);
if (empty($asset_install_date)) {
$asset_install_date_display = "-";
} else {
$asset_install_date_display = $asset_install_date;
}
$asset_notes = htmlentities($row['asset_notes']);
$asset_created_at = $row['asset_created_at'];
$asset_vendor_id = $row['asset_vendor_id'];
$asset_location_id = $row['asset_location_id'];
$asset_network_id = $row['asset_network_id'];
$asset_contact_id = $row['asset_contact_id'];
$asset_created_at = htmlentities($row['asset_created_at']);
$asset_vendor_id = intval($row['asset_vendor_id']);
$asset_location_id = intval($row['asset_location_id']);
$asset_network_id = intval($row['asset_network_id']);
$asset_contact_id = intval($row['asset_contact_id']);
$login_id = $row['login_id'];
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
@ -228,12 +227,20 @@ if (isset($_GET['contact_id'])) {
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown"><i class="fas fa-ellipsis-h"></i></button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addAssetInterfaceModal<?php echo $asset_id; ?>">Interfaces</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAssetModal<?php echo $asset_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#copyAssetModal<?php echo $asset_id; ?>">Copy</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAssetModal<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#copyAssetModal<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_asset=<?php echo $asset_id; ?>">Archive</a>
<a class="dropdown-item text-danger" href="post.php?delete_asset=<?php echo $asset_id; ?>">Delete</a>
<a class="dropdown-item text-danger" href="post.php?archive_asset=<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_asset=<?php echo $asset_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>
@ -259,7 +266,7 @@ if (isset($_GET['contact_id'])) {
<div class="card card-dark <?php if ($login_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-key"></i> Passwords</h3>
<h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Passwords</h3>
</div>
<div class="card-body">
<div class="table-responsive">
@ -278,7 +285,7 @@ if (isset($_GET['contact_id'])) {
<?php
while ($row = mysqli_fetch_array($sql_related_logins)) {
$login_id = $row['login_id'];
$login_id = intval($row['login_id']);
$login_name = htmlentities($row['login_name']);
$login_uri = htmlentities($row['login_uri']);
if (empty($login_uri)) {
@ -301,10 +308,10 @@ if (isset($_GET['contact_id'])) {
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
}
$login_note = htmlentities($row['login_note']);
$login_contact_id = $row['login_contact_id'];
$login_vendor_id = $row['login_vendor_id'];
$login_asset_id = $row['login_asset_id'];
$login_software_id = $row['login_software_id'];
$login_contact_id = intval($row['login_contact_id']);
$login_vendor_id = intval($row['login_vendor_id']);
$login_asset_id = intval($row['login_asset_id']);
$login_software_id = intval($row['login_software_id']);
?>
<tr>
@ -326,11 +333,17 @@ if (isset($_GET['contact_id'])) {
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
<i class="fas fa-fw fa-share-alt mr-2"></i>Share
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>
@ -353,7 +366,7 @@ if (isset($_GET['contact_id'])) {
<div class="card card-dark <?php if ($software_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-cube"></i> Licenses</h3>
<h3 class="card-title"><i class="fa fa-fw fa-cube mr-2"></i>Licenses</h3>
</div>
<div class="card-body">
<div class="table-responsive">
@ -371,21 +384,21 @@ if (isset($_GET['contact_id'])) {
<?php
while ($row = mysqli_fetch_array($sql_related_software)) {
$software_id = $row['software_id'];
$software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']);
$software_purchase = $row['software_purchase'];
$software_expire = $row['software_expire'];
$software_purchase = htmlentities($row['software_purchase']);
$software_expire = htmlentities($row['software_expire']);
$software_notes = htmlentities($row['software_notes']);
$seat_count = 0;
// Get Login
$login_id = $row['login_id'];
$login_id = intval($row['login_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
@ -393,7 +406,7 @@ if (isset($_GET['contact_id'])) {
$asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id");
$asset_licenses_array = array();
while ($row = mysqli_fetch_array($asset_licenses_sql)) {
$asset_licenses_array[] = $row['asset_id'];
$asset_licenses_array[] = intval($row['asset_id']);
$seat_count = $seat_count + 1;
}
$asset_licenses = implode(',', $asset_licenses_array);
@ -402,7 +415,7 @@ if (isset($_GET['contact_id'])) {
$contact_licenses_sql = mysqli_query($mysqli, "SELECT contact_id FROM software_contacts WHERE software_id = $software_id");
$contact_licenses_array = array();
while ($row = mysqli_fetch_array($contact_licenses_sql)) {
$contact_licenses_array[] = $row['contact_id'];
$contact_licenses_array[] = intval($row['contact_id']);
$seat_count = $seat_count + 1;
}
$contact_licenses = implode(',', $contact_licenses_array);
@ -419,10 +432,14 @@ if (isset($_GET['contact_id'])) {
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareModal<?php echo $software_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareModal<?php echo $software_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_software=<?php echo $software_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>
@ -444,7 +461,7 @@ if (isset($_GET['contact_id'])) {
<div class="card card-dark <?php if ($ticket_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-life-ring"></i> Tickets</h3>
<h3 class="card-title"><i class="fa fa-fw fa-life-ring mr-2"></i>Tickets</h3>
</div>
<div class="card-body">
<div class="table-responsive">
@ -464,14 +481,14 @@ if (isset($_GET['contact_id'])) {
<?php
while ($row = mysqli_fetch_array($sql_related_tickets)) {
$ticket_id = $row['ticket_id'];
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = htmlentities($row['ticket_number']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_priority = htmlentities($row['ticket_priority']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_created_at = $row['ticket_created_at'];
$ticket_updated_at = $row['ticket_updated_at'];
$ticket_created_at = htmlentities($row['ticket_created_at']);
$ticket_updated_at = htmlentities($row['ticket_updated_at']);
if (empty($ticket_updated_at)) {
if ($ticket_status == "Closed") {
$ticket_updated_at_display = "<p>Never</p>";
@ -481,7 +498,7 @@ if (isset($_GET['contact_id'])) {
} else {
$ticket_updated_at_display = $ticket_updated_at;
}
$ticket_closed_at = $row['ticket_closed_at'];
$ticket_closed_at = htmlentities($row['ticket_closed_at']);
if ($ticket_status == "Open") {
$ticket_status_display = "<span class='p-2 badge badge-primary'>$ticket_status</span>";
@ -500,7 +517,7 @@ if (isset($_GET['contact_id'])) {
} else {
$ticket_priority_display = "-";
}
$ticket_assigned_to = $row['ticket_assigned_to'];
$ticket_assigned_to = intval($row['ticket_assigned_to']);
if (empty($ticket_assigned_to)) {
if ($ticket_status == "Closed") {
$ticket_assigned_to_display = "<p>Not Assigned</p>";

5
client_contact_import_modal.php
View File

@ -16,10 +16,11 @@
<input type="file" class="form-control-file" name="file" accept=".csv">
</div>
<hr>
<div>Download <a href="post.php?download_client_contacts_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
<div>Download: <a class="text-bold" href="post.php?download_client_contacts_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="import_client_contacts_csv" class="btn btn-primary">Import</button>
<button type="submit" name="import_client_contacts_csv" class="btn btn-primary text-strong"><i class="fas fa-upload mr-2"></i>Import</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

10
client_document_add_from_template_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt"></i> New Document from Template</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>New Document from Template</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -22,7 +22,7 @@
<?php
$sql_document_templates = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND company_id = $session_company_id AND document_archived_at IS NULL ORDER BY document_name ASC");
while ($row = mysqli_fetch_array($sql_document_templates)) {
$document_template_id = $row['document_id'];
$document_template_id = intval($row['document_id']);
$document_template_name = htmlentities($row['document_name']);
?>
@ -56,7 +56,7 @@
<?php
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders)) {
$folder_id = $row['folder_id'];
$folder_id = intval($row['folder_id']);
$folder_name = htmlentities($row['folder_name']);
?>
@ -73,8 +73,8 @@
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_document_from_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create & edit</button>
<button type="submit" name="add_document_from_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create & edit</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>

8
client_document_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-xl">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt"></i> New Document</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>New Document</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -29,7 +29,7 @@
<?php
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders)) {
$folder_id = $row['folder_id'];
$folder_id = intval($row['folder_id']);
$folder_name = htmlentities($row['folder_name']);
?>
@ -43,8 +43,8 @@
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_document" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_document" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

35
client_document_details.php
View File

@ -14,9 +14,9 @@ $row = mysqli_fetch_array($sql_document);
$folder_name = htmlentities($row['folder_name']);
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_created_at = $row['document_created_at'];
$document_updated_at = $row['document_updated_at'];
$document_folder_id = $row['document_folder_id'];
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']);
?>
@ -35,10 +35,10 @@ $document_folder_id = $row['document_folder_id'];
</li>
<?php if ($document_folder_id > 0) { ?>
<li class="breadcrumb-item">
<a href="client_documents.php?client_id=<?php echo $client_id; ?>&folder_id=<?php echo $document_folder_id; ?>"><i class="fas fa-folder-open"></i> <?php echo $folder_name; ?></a>
<a href="client_documents.php?client_id=<?php echo $client_id; ?>&folder_id=<?php echo $document_folder_id; ?>"><i class="fas fa-fw fa-folder-open mr-2"></i><?php echo $folder_name; ?></a>
</li>
<?php } ?>
<li class="breadcrumb-item active"><i class="fas fa-file"></i> <?php echo "$document_name"; ?></li>
<li class="breadcrumb-item active"><i class="fas fa-file"></i> <?php echo $document_name; ?></li>
</ol>
<div class="row">
@ -55,16 +55,23 @@ $document_folder_id = $row['document_folder_id'];
<div class="col-md-3">
<div class="card bg-light">
<div class="card-body">
<button type="button" class="btn btn-success" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>"><i class="fas fa-edit"></i> Edit</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#editDocumentModal"><i class="fas fa-copy"></i> Copy</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)"><i class="fas fa-share"></i> Share</button>
<button type="button" class="btn btn-success" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#editDocumentModal">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#shareModal"
onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">
<i class="fas fa-fw fa-share mr-2"></i>Share
</button>
<hr>
<h6><i class="fas fa-paperclip"></i> Files</h6>
<h6><i class="fas fa-key"></i> Passwords</h6>
<h6><i class="fas fa-users"></i> Contacts</h6>
<h6><i class="fas fa-laptop"></i> Assets</h6>
<h6><i class="fas fa-cube"></i> Software</h6>
<h6><i class="fas fa-building"></i> Vendors</h6>
<h6><i class="fas fa-fw fa-paperclip mr-2"></i>Files</h6>
<h6><i class="fas fa-fw fa-key mr-2"></i>Passwords</h6>
<h6><i class="fas fa-fw fa-users mr-2"></i>Contacts</h6>
<h6><i class="fas fa-fw fa-laptop mr-2"></i>Assets</h6>
<h6><i class="fas fa-fw fa-cube mr-2"></i>Software</h6>
<h6><i class="fas fa-fw fa-building mr-2"></i>Vendors</h6>
</div>
</div>

8
client_document_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-xl">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt"></i> Editing document: <strong><?php echo $document_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Editing document: <strong><?php echo $document_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -30,7 +30,7 @@
<?php
$sql_folders_select = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders_select)) {
$folder_id_select = $row['folder_id'];
$folder_id_select = intval($row['folder_id']);
$folder_name_select = htmlentities($row['folder_name']);
?>
<option <?php if ($folder_id_select == $document_folder_id) echo "selected"; ?> value="<?php echo $folder_id_select ?>"><?php echo $folder_name_select; ?></option>
@ -43,8 +43,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_document" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_document" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
client_document_folder_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-folder-plus"></i> New Folder</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-folder-plus mr-2"></i>New Folder</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -23,8 +23,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_folder" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_folder" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
client_document_folder_rename_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-folder"></i> Renaming folder: <strong><?php echo $folder_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-folder mr-2"></i>Renaming folder: <strong><?php echo $folder_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -24,8 +24,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="rename_folder" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Rename</button>
<button type="submit" name="rename_folder" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Rename</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
client_document_template_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-xl">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt"></i> New Document Template</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>New Document Template</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -22,8 +22,8 @@
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_document_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_document_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>

16
client_document_template_details.php
View File

@ -14,8 +14,8 @@ $row = mysqli_fetch_array($sql_document);
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_created_at = $row['document_created_at'];
$document_updated_at = $row['document_updated_at'];
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
?>
@ -35,18 +35,22 @@ $document_updated_at = $row['document_updated_at'];
<li class="breadcrumb-item">
<a href="client_document_templates.php?client_id=<?php echo $client_id; ?>">Templates</a>
</li>
<li class="breadcrumb-item active"><i class="fas fa-file"></i> <?php echo "$document_name"; ?></li>
<li class="breadcrumb-item active"><i class="fas fa-file"></i> <?php echo $document_name; ?></li>
</ol>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file"></i> <?php echo $document_name; ?></h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file mr-2"></i><?php echo $document_name; ?></h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#editDocumentTemplateModal<?php echo $document_id; ?>"><i class="fas fa-edit"></i> Edit</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#editDocumentModal"><i class="fas fa-copy"></i> Copy</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#editDocumentTemplateModal<?php echo $document_id; ?>">
<i class="fas fa-edit mr-2"></i>Edit
</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#editDocumentModal">
<i class="fas fa-copy mr-2"></i>Copy
</button>
</div>
</div>
<div class="card-body">

6
client_document_template_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-xl">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt"></i> Editing template: <strong><?php echo $document_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Editing template: <strong><?php echo $document_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -21,8 +21,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_document_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_document_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

28
client_document_templates.php
View File

@ -4,7 +4,7 @@
// Sort by
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "document_name";
}
@ -34,23 +34,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file"></i> Document Templates</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file mr-2"></i>Document Templates</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="client_documents.php?client_id=<?php echo $client_id; ?>">Documents</a>
</div>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addDocumentTemplateModal">
<i class="fas fa-fw fa-plus"></i> New Template
<i class="fas fa-plus mr-2"></i>New Template
</button>
</div>
</div>
<div class="card-body">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search templates">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search templates">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>
@ -80,12 +80,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$document_id = $row['document_id'];
$document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_created_at = $row['document_created_at'];
$document_updated_at = $row['document_updated_at'];
$document_folder_id = $row['document_folder_id'];
$document_content = htmlentities($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']);
?>
@ -101,10 +101,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentTemplateModal<?php echo $document_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentTemplateModal<?php echo $document_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_document=<?php echo $document_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

42
client_documents.php
View File

@ -11,7 +11,7 @@ if (!empty($_GET['folder_id'])) {
// Sort by
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "document_name";
}
@ -50,7 +50,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2">
<i class="fa fa-fw fa-file-alt"></i> Documents
<i class="fa fa-fw fa-file-alt mr-2"></i>Documents
</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
@ -61,11 +61,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addDocumentModal">
<i class="fas fa-fw fa-plus"></i> New Document
<i class="fas fa-plus mr-2"></i>New Document
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#addFolderModal"><i class="fa fa-fw fa-folder-plus"></i> Folder</a>
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#addFolderModal">
<i class="fa fa-fw fa-folder-plus mr-2"></i>Folder
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#addDocumentFromTemplateModal">From Template</a>
</div>
@ -86,11 +88,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
$sql_folders = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
while ($row = mysqli_fetch_array($sql_folders)) {
$folder_id = $row['folder_id'];
$folder_id = intval($row['folder_id']);
$folder_name = htmlentities($row['folder_name']);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('document_id') AS num FROM documents WHERE document_folder_id = $folder_id"));
$num_documents = $row['num'];
$num_documents = intval($row['num']);
?>
@ -117,7 +119,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#renameFolderModal<?php echo $folder_id; ?>">Rename</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_folder=<?php echo $folder_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_folder=<?php echo $folder_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
@ -136,10 +138,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-9">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Documents">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>
@ -169,12 +171,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$document_id = $row['document_id'];
$document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']);
$document_content = $row['document_content'];
$document_created_at = $row['document_created_at'];
$document_updated_at = $row['document_updated_at'];
$document_folder_id = $row['document_folder_id'];
$document_content = htmlentities($row['document_content']);
$document_created_at = htmlentities($row['document_created_at']);
$document_updated_at = htmlentities($row['document_updated_at']);
$document_folder_id = intval($row['document_folder_id']);
?>
@ -190,11 +192,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">Share</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">
<i class="fas fa-fw fa-share mr-2"></i>Share
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_document=<?php echo $document_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

10
client_domain_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-globe"></i> New Domain</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-globe mr-2"></i>New Domain</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -33,7 +33,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -54,7 +54,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -75,8 +75,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_domain" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_domain" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
client_domain_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-globe"></i> Editing domain: <span class="text-bold" id="editHeader"></span></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-globe mr-2"></i>Editing domain: <span class="text-bold" id="editHeader"></span></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -129,8 +129,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_domain" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_domain" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

20
client_domains.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "domain_name";
}
@ -21,9 +21,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-globe"></i> Domains</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-globe mr-2"></i>Domains</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addDomainModal"><i class="fas fa-fw fa-plus"></i> New Domain</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addDomainModal"><i class="fas fa-plus mr-2"></i>New Domain</button>
</div>
</div>
@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Domains">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Domains">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -43,7 +43,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_domains_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="post.php?export_client_domains_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-download mr-2"></i>Export</a>
</div>
</div>
@ -65,7 +65,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$domain_id = $row['domain_id'];
$domain_id = intval($row['domain_id']);
$domain_name = htmlentities($row['domain_name']);
$domain_registrar = htmlentities($row['domain_registrar']);
$domain_webhost = htmlentities($row['domain_webhost']);
@ -94,10 +94,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateDomainEditModal(<?php echo $client_id, ",", $domain_id ?>)" data-target="#editDomainModal">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateDomainEditModal(<?php echo $client_id, ",", $domain_id ?>)" data-target="#editDomainModal">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_domain=<?php echo $domain_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_domain=<?php echo $domain_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

6
client_file_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cloud-upload-alt"></i> Upload File</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cloud-upload-alt mr-2"></i>Upload File</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -27,8 +27,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_file" class="btn btn-primary text-bold"><i class="fa fa-fw fa-upload"></i> Upload</button>
<button type="submit" name="add_file" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Upload</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

2
client_file_view_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-xl ">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-image"></i> <?php echo $file_name; ?></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-image mr-2"></i><?php echo $file_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>

6
client_files.php
View File

@ -12,7 +12,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-paperclip"></i> Files</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-paperclip mr-2"></i>Files</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addFileModal"><i class="fas fa-fw fa-cloud-upload-alt"></i> Upload File</button>
</div>
@ -29,7 +29,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<?php
while ($row = mysqli_fetch_array($sql_files_images)) {
$file_id = $row['file_id'];
$file_id = intval($row['file_id']);
$file_name = htmlentities($row['file_name']);
$file_reference_name = htmlentities($row['file_reference_name']);
$file_ext = htmlentities($row['file_ext']);
@ -64,7 +64,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<?php
while ($row = mysqli_fetch_array($sql_files_other)) {
$file_id = $row['file_id'];
$file_id = intval($row['file_id']);
$file_name = htmlentities($row['file_name']);
$file_reference_name = htmlentities($row['file_reference_name']);
$file_ext = htmlentities($row['file_ext']);

40
client_invoices.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "invoice_number";
}
@ -31,9 +31,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file"></i> Invoices</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file-invoice mr-2"></i>Invoices</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addInvoiceModal"><i class="fas fa-fw fa-plus"></i> New Invoice</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addInvoiceModal"><i class="fas fa-plus mr-2"></i>New Invoice</button>
</div>
</div>
<div class="card-body">
@ -43,7 +43,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Invoices">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Invoices">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_invoices_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="post.php?export_client_invoices_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-download mr-2"></i>Export</a>
</div>
</div>
@ -77,7 +77,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
@ -87,12 +87,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$invoice_scope_display = $invoice_scope;
}
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_created_at = $row['invoice_created_at'];
$category_id = $row['category_id'];
$invoice_created_at = htmlentities($row['invoice_created_at']);
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);
if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < time()) {
@ -119,9 +119,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<tr>
<td><a href="invoice.php?invoice_id=<?php echo $invoice_id; ?>"><?php echo "$invoice_prefix$invoice_number"; ?></a></td>
<td class="text-bold"><a href="invoice.php?invoice_id=<?php echo $invoice_id; ?>"><?php echo "$invoice_prefix$invoice_number"; ?></a></td>
<td><?php echo $invoice_scope_display; ?></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td>
<td class="text-bold text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td>
<td><?php echo $invoice_date; ?></td>
<td><div class="<?php echo $overdue_color; ?>"><?php echo $invoice_due; ?></div></td>
<td><?php echo $category_name; ?></td>
@ -137,13 +137,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<?php if (!empty($config_smtp_host)) { ?>
<a class="dropdown-item" href="post.php?email_invoice=<?php echo $invoice_id; ?>">Send</a>
<a class="dropdown-item" href="post.php?email_invoice=<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-paper-plane mr-2"></i>Send
</a>
<div class="dropdown-divider"></div>
<?php } ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editInvoiceModal<?php echo $invoice_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addInvoiceCopyModal<?php echo $invoice_id; ?>">Copy</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editInvoiceModal<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addInvoiceCopyModal<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_invoice=<?php echo $invoice_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_invoice=<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>

6
client_location_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-map-marker-alt"></i> Creating location</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-map-marker-alt mr-2"></i>Creating location</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -163,8 +163,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_location" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_location" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

8
client_location_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-map-marker-alt"></i> Editing location: <strong><?php echo $location_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-map-marker-alt mr-2"></i>Editing location: <strong><?php echo $location_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -117,7 +117,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE (contact_archived_at > '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id_select = $row['contact_id'];
$contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']);
?>
@ -172,8 +172,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_location" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_location" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

7
client_location_import_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-map-marker-alt"></i> Import Locations</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-map-marker-alt mr-2"></i>Import Locations</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -16,10 +16,11 @@
<input type="file" class="form-control-file" name="file" accept=".csv">
</div>
<hr>
<div>Download <a href="post.php?download_client_locations_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
<div>Download: <a class="text-bold" href="post.php?download_client_locations_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="import_client_locations_csv" class="btn btn-primary">Import</button>
<button type="submit" name="import_client_locations_csv" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Import</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

33
client_locations.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (isset($_GET['q'])) {
$q = strip_tags(mysqli_real_escape_string($mysqli, $_GET['q']));
$q = sanitizeInput($_GET['q']);
//Phone Numbers
$phone_query = preg_replace("/[^0-9]/", '', $q);
if (empty($phone_query)) {
@ -15,7 +15,7 @@ if (isset($_GET['q'])) {
}
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "location_name";
}
@ -37,9 +37,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-map-marker-alt"></i> Locations</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-map-marker-alt mr-2"></i>Locations</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLocationModal"><i class="fas fa-fw fa-plus"></i> New Location</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLocationModal"><i class="fas fa-plus mr-2"></i>New Location</button>
</div>
</div>
<div class="card-body">
@ -49,7 +49,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Locations">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Locations">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -58,8 +58,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_locations_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#importLocationModal"><i class="fa fa-fw fa-upload"></i> Import</button>
<a href="post.php?export_client_locations_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#importLocationModal"><i class="fa fa-fw fa-upload mr-2"></i>Import</button>
</div>
</div>
@ -81,7 +81,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$location_id = $row['location_id'];
$location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']);
$location_country = htmlentities($row['location_country']);
$location_address = htmlentities($row['location_address']);
@ -102,8 +102,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
}
$location_photo = htmlentities($row['location_photo']);
$location_notes = htmlentities($row['location_notes']);
$location_created_at = $row['location_created_at'];
$location_contact_id = $row['location_contact_id'];
$location_created_at = htmlentities($row['location_created_at']);
$location_contact_id = intval($row['location_contact_id']);
if ($location_id == $primary_location) {
$primary_location_display = "<p class='text-success'>Primary Location</p>";
} else {
@ -126,11 +126,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLocationModal<?php echo $location_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLocationModal<?php echo $location_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3 && $location_id !== $primary_location) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_location=<?php echo $location_id; ?>">Archive</a>
<a class="dropdown-item text-danger" href="post.php?delete_location=<?php echo $location_id; ?>">Delete</a>
<a class="dropdown-item text-danger" href="post.php?archive_location=<?php echo $location_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_location=<?php echo $location_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

14
client_login_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-key"></i> New Login</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-key mr-2"></i>New Login</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -109,7 +109,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$contact_id = $row['contact_id'];
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
?>
<option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@ -133,7 +133,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -157,7 +157,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$asset_id = $row['asset_id'];
$asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']);
?>
<option value="<?php echo $asset_id; ?>"><?php echo $asset_name; ?></option>
@ -181,7 +181,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$software_id = $row['software_id'];
$software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']);
?>
<option value="<?php echo $software_id; ?>"><?php echo $software_name; ?></option>
@ -206,8 +206,8 @@
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_login" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_login" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

14
client_login_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-key"></i> Editing password: <strong><?php echo $login_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-key mr-2"></i>Editing password: <strong><?php echo $login_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -117,7 +117,7 @@
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id_select = $row['contact_id'];
$contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']);
?>
<option <?php if ($login_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
@ -138,7 +138,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = $row['vendor_id'];
$vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if ($login_vendor_id == $vendor_id_select) { echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@ -160,7 +160,7 @@
$sql_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while ($row = mysqli_fetch_array($sql_assets)) {
$asset_id_select = $row['asset_id'];
$asset_id_select = intval($row['asset_id']);
$asset_name_select = htmlentities($row['asset_name']);
?>
<option <?php if ($login_asset_id == $asset_id_select) { echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>
@ -182,7 +182,7 @@
$sql_software = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC");
while ($row = mysqli_fetch_array($sql_software)) {
$software_id_select = $row['software_id'];
$software_id_select = intval($row['software_id']);
$software_name_select = htmlentities($row['software_name']);
?>
<option <?php if ($login_software_id == $software_id_select) { echo "selected"; } ?> value="<?php echo $software_id_select; ?>"><?php echo $software_name_select; ?></option>
@ -205,8 +205,8 @@
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_login" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_login" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

5
client_login_import_modal.php
View File

@ -16,10 +16,11 @@
<input type="file" class="form-control-file" name="file" accept=".csv">
</div>
<hr>
<div>Download <a href="post.php?download_client_logins_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
<div>Download <a class="text-bold" href="post.php?download_client_logins_csv_template=<?php echo $client_id; ?>">sample csv template</a></div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="import_client_logins_csv" class="btn btn-primary">Import</button>
<button type="submit" name="import_client_logins_csv" class="btn btn-primary"><i class="fa fa-upload mr-2"></i>Import</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

38
client_logins.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "login_name";
}
@ -25,9 +25,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key"></i> Passwords</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key mr-2"></i>Passwords</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal"><i class="fas fa-fw fa-plus"></i> New Login</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal"><i class="fas fa-plus mr-2"></i>New Login</button>
</div>
</div>
<div class="card-body">
@ -37,7 +37,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Passwords">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Passwords">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -46,8 +46,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_logins_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#importLoginModal"><i class="fa fa-fw fa-upload"></i> Import</button>
<a href="post.php?export_client_logins_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
<button type="button" class="btn btn-default" data-toggle="modal" data-target="#importLoginModal"><i class="fa fa-fw fa-upload mr-2"></i>Import</button>
</div>
</div>
@ -59,7 +59,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_username&o=<?php echo $disp; ?>">Username</a></th>
<th>Username</th>
<th>Password</th>
<th>OTP</th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_uri&o=<?php echo $disp; ?>">URI</a></th>
@ -70,7 +70,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$login_id = $row['login_id'];
$login_id = intval($row['login_id']);
$login_name = htmlentities($row['login_name']);
$login_uri = htmlentities($row['login_uri']);
if (empty($login_uri)) {
@ -93,11 +93,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
}
$login_note = htmlentities($row['login_note']);
$login_important = $row['login_important'];
$login_contact_id = $row['login_contact_id'];
$login_vendor_id = $row['login_vendor_id'];
$login_asset_id = $row['login_asset_id'];
$login_software_id = $row['login_software_id'];
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$login_vendor_id = intval($row['login_vendor_id']);
$login_asset_id = intval($row['login_asset_id']);
$login_software_id = intval($row['login_software_id']);
?>
<tr>
@ -119,11 +119,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
<i class="fas fa-fw fa-share mr-2"></i>Share
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

14
client_logs.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "log_id";
}
@ -31,7 +31,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fa fa-fw fa-eye"></i> Audit Logs</h3>
<h3 class="card-title"><i class="fa fa-fw fa-eye mr-2"></i>Audit Logs</h3>
</div>
<div class="card-body">
@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Logs">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Logs">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -72,7 +72,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$log_id = $row['log_id'];
$log_id = intval($row['log_id']);
$log_type = htmlentities($row['log_type']);
$log_action = htmlentities($row['log_action']);
$log_description = htmlentities($row['log_description']);
@ -80,15 +80,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$log_user_agent = htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];
$log_created_at = htmlentities($row['log_created_at']);
$user_id = intval($row['user_id']);
$user_name = htmlentities($row['user_name']);
if (empty($user_name)) {
$user_name_display = "-";
} else {
$user_name_display = $user_name;
}
$log_entity_id = $row['log_entity_id'];
$log_entity_id = intval($row['log_entity_id']);
?>

10
client_network_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-network-wired"></i> New Network</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-network-wired mr-2"></i>New Network</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -52,7 +52,7 @@
</div>
<div class="form-group">
<label>DHCP Range</label>
<label>DHCP Range / IPs</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>
@ -73,7 +73,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$location_id = $row['location_id'];
$location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']);
?>
<option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
@ -87,8 +87,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_network" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_network" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

8
client_network_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-network-wired"></i> Edit network: <span class="text-bold" id="editNetworkHeader"></span></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-network-wired mr-2"></i>Edit network: <span class="text-bold" id="editNetworkHeader"></span></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -53,7 +53,7 @@
</div>
<div class="form-group">
<label>DHCP Range</label>
<label>DHCP Range / IPs</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>
@ -76,8 +76,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_network" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_network" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

25
client_networks.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "network_name";
}
@ -25,9 +25,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-network-wired"></i> Networks</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-network-wired mr-2"></i>Networks</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addNetworkModal"><i class="fas fa-fw fa-plus"></i> New Network</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addNetworkModal"><i class="fas fa-plus mr-2"></i>New Network</button>
</div>
</div>
<div class="card-body">
@ -37,7 +37,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Networks">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Networks">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -70,7 +70,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$network_id = $row['network_id'];
$network_id = intval($row['network_id']);
$network_name = htmlentities($row['network_name']);
$network_vlan = htmlentities($row['network_vlan']);
if (empty($network_vlan)) {
@ -86,7 +86,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else {
$network_dhcp_range_display = $network_dhcp_range;
}
$network_location_id = $row['network_location_id'];
$network_location_id = intval($row['network_location_id']);
$location_name = htmlentities($row['location_name']);
if (empty($location_name)) {
$location_name_display = "-";
@ -98,7 +98,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<tr>
<th>
<i class="fa fa-fw fa-network-wired text-secondary"></i>
<a class="text-dark" href="#" data-toggle="modal" onclick="populateNetworkEditModal(<?php echo $client_id, ",", $network_id ?>)" data-target="#editNetworkModal"><?php echo $network_name; ?></a></th>
<a class="text-dark" href="#" data-toggle="modal" onclick="populateNetworkEditModal(<?php echo $client_id, ",", $network_id ?>)"
data-target="#editNetworkModal"><?php echo $network_name; ?>
</a>
</th>
<td><?php echo $network_vlan_display; ?></td>
<td><?php echo $network; ?></td>
<td><?php echo $network_gateway; ?></td>
@ -110,10 +113,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateNetworkEditModal(<?php echo $client_id, ",", $network_id ?>)" data-target="#editNetworkModal">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateNetworkEditModal(<?php echo $client_id, ",", $network_id ?>)" data-target="#editNetworkModal">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_network=<?php echo $network_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_network=<?php echo $network_id; ?>">
<i class="fas fa-fw fa-trash mr-2">Delete
</a>
<?php } ?>
</div>
</div>

30
client_overview.php
View File

@ -60,7 +60,7 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_important_contacts)) {
$contact_id = $row['contact_id'];
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']);
@ -108,9 +108,9 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = $row['contact_id'];
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
$contact_updated_at = $row['contact_updated_at'];
$contact_updated_at = htmlentities($row['contact_updated_at']);
?>
<p class="mb-1">
@ -124,9 +124,9 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
$vendor_updated_at = $row['vendor_updated_at'];
$vendor_updated_at = htmlentities($row['vendor_updated_at']);
?>
<p class="mb-1">
@ -159,9 +159,9 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_domains_expiring)) {
$domain_id = $row['domain_id'];
$domain_id = intval($row['domain_id']);
$domain_name = htmlentities($row['domain_name']);
$domain_expire = $row['domain_expire'];
$domain_expire = htmlentities($row['domain_expire']);
?>
<p class="mb-1">
@ -176,9 +176,9 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_asset_warranties_expiring)) {
$asset_id = $row['asset_id'];
$asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']);
$asset_warranty_expire = $row['asset_warranty_expire'];
$asset_warranty_expire = htmlentities($row['asset_warranty_expire']);
?>
<p class="mb-1">
@ -195,9 +195,9 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_asset_retire)) {
$asset_id = $row['asset_id'];
$asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']);
$asset_install_date = $row['asset_install_date'];
$asset_install_date = htmlentities($row['asset_install_date']);
?>
<p class="mb-1">
@ -224,7 +224,7 @@ $sql_domains_expiring = mysqli_query(
<div class="card card-dark mb-3">
<div class="card-header">
<h5 class="card-title"><i class="fa fa-life-ring"></i> Stale Tickets <small>(14d)</small></h5>
<h5 class="card-title"><i class="fa fa-fw fa-life-ring mr-2"></i>Stale Tickets <small>(14d)</small></h5>
</div>
<div class="card-body">
@ -233,11 +233,11 @@ $sql_domains_expiring = mysqli_query(
<?php
while ($row = mysqli_fetch_array($sql_tickets_stale)) {
$ticket_id = $row['ticket_id'];
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = $row['ticket_number'];
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_created_at = $row['ticket_created_at'];
$ticket_created_at = htmlentities($row['ticket_created_at']);
?>
<tr>

20
client_payments.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "payment_date";
}
@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fa fa-fw fa-credit-card"></i> Payments</h3>
<h3 class="card-title"><i class="fa fa-fw fa-credit-card mr-2"></i>Payments</h3>
</div>
<div class="card-body">
<form autocomplete="off">
@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Payments">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Payments">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -50,7 +50,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_payments_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="post.php?export_client_payments_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
</div>
</div>
@ -75,14 +75,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_date = $row['invoice_date'];
$payment_date = $row['payment_date'];
$invoice_date = htmlentities($row['invoice_date']);
$payment_date = htmlentities($row['payment_date']);
$payment_method = htmlentities($row['payment_method']);
$payment_reference = htmlentities($row['payment_reference']);
if (empty($payment_reference)) {
@ -99,9 +99,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<tr>
<td><?php echo $payment_date; ?></td>
<td><?php echo $invoice_date; ?></td>
<td><a href="invoice.php?invoice_id=<?php echo $invoice_id; ?>"><?php echo "$invoice_prefix$invoice_number"; ?></a></td>
<td class="text-bold"><a href="invoice.php?invoice_id=<?php echo $invoice_id; ?>"><?php echo "$invoice_prefix$invoice_number"; ?></a></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $payment_amount, $payment_currency_code); ?></td>
<td class="text-bold text-right"><?php echo numfmt_format_currency($currency_format, $payment_amount, $payment_currency_code); ?></td>
<td><?php echo $payment_method; ?></td>
<td><?php echo $payment_reference_display; ?></td>
<td><?php echo $account_name; ?></td>

22
client_quotes.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "quote_number";
}
@ -32,9 +32,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file"></i> Quotes</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file mr-2"></i>Quotes</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addQuoteModal"><i class="fas fa-fw fa-plus"></i> New Quote</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addQuoteModal"><i class="fas fa-plus mr-2"></i>New Quote</button>
</div>
</div>
<div class="card-body">
@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Quotes">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -53,7 +53,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_quotes_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="post.php?export_client_quotes_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
</div>
</div>
@ -77,7 +77,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$quote_id = $row['quote_id'];
$quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_scope = htmlentities($row['quote_scope']);
@ -87,11 +87,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$quote_scope_display = $quote_scope;
}
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_date = htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_created_at = $row['quote_created_at'];
$category_id = $row['category_id'];
$quote_created_at = htmlentities($row['quote_created_at']);
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);
//Set Badge color based off of quote status
@ -112,9 +112,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<tr>
<td><a href="quote.php?quote_id=<?php echo $quote_id; ?>"><?php echo "$quote_prefix$quote_number"; ?></a></td>
<td class="text-bold"><a href="quote.php?quote_id=<?php echo $quote_id; ?>"><?php echo "$quote_prefix$quote_number"; ?></a></td>
<td><?php echo $quote_scope_display; ?></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code); ?></td>
<td class="text-right text-bold"><?php echo numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code); ?></td>
<td><?php echo $quote_date; ?></td>
<td><?php echo $category_name; ?></td>
<td>

36
client_recurring_invoices.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "recurring_id";
}
@ -25,9 +25,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-sync-alt"></i> Recurring Invoices</h3>
<h3 class="card-title mt-2"><i class="fas fa-fw fa-sync-alt mr-2"></i>Recurring Invoices</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addRecurringModal"><i class="fas fa-fw fa-plus"></i> New Recurring</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addRecurringModal"><i class="fas fa-plus mr-2"></i>New Recurring</button>
</div>
</div>
<div class="card-body">
@ -37,7 +37,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -46,7 +46,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_recurring_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="post.php?export_client_recurring_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
</div>
</div>
@ -72,21 +72,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$recurring_id = $row['recurring_id'];
$recurring_id = intval($row['recurring_id']);
$recurring_prefix = htmlentities($row['recurring_prefix']);
$recurring_number = htmlentities($row['recurring_number']);
$recurring_number = intval($row['recurring_number']);
$recurring_scope = htmlentities($row['recurring_scope']);
$recurring_frequency = htmlentities($row['recurring_frequency']);
$recurring_status = htmlentities($row['recurring_status']);
$recurring_last_sent = $row['recurring_last_sent'];
$recurring_last_sent = htmlentities($row['recurring_last_sent']);
if ($recurring_last_sent == 0) {
$recurring_last_sent = "-";
}
$recurring_next_date = $row['recurring_next_date'];
$recurring_next_date = htmlentities($row['recurring_next_date']);
$recurring_amount = floatval($row['recurring_amount']);
$recurring_currency_code = htmlentities($row['recurring_currency_code']);
$recurring_created_at = $row['recurring_created_at'];
$category_id = $row['category_id'];
$recurring_created_at = htmlentities($row['recurring_created_at']);
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);
if ($recurring_status == 1) {
$status = "Active";
@ -99,10 +99,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<tr>
<td><a href="recurring_invoice.php?recurring_id=<?php echo $recurring_id; ?>"><?php echo "$recurring_prefix$recurring_number"; ?></a></td>
<td class="text-bold"><a href="recurring_invoice.php?recurring_id=<?php echo $recurring_id; ?>"><?php echo "$recurring_prefix$recurring_number"; ?></a></td>
<td><?php echo $recurring_scope; ?></td>
<td><?php echo ucwords($recurring_frequency); ?>ly</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $recurring_amount, $recurring_currency_code); ?></td>
<td class="text-bold"><?php echo ucwords($recurring_frequency); ?>ly</td>
<td class="text-bold text-right"><?php echo numfmt_format_currency($currency_format, $recurring_amount, $recurring_currency_code); ?></td>
<td><?php echo $recurring_last_sent; ?></td>
<td><?php echo $recurring_next_date; ?></td>
<td><?php echo $category_name; ?></td>
@ -117,9 +117,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="recurring_invoice.php?recurring_id=<?php echo $recurring_id; ?>">Edit</a>
<a class="dropdown-item" href="recurring_invoice.php?recurring_id=<?php echo $recurring_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_recurring=<?php echo $recurring_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_recurring=<?php echo $recurring_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>

24
client_scheduled_tickets.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "scheduled_ticket_subject";
}
@ -28,7 +28,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-sync"></i> Scheduled Tickets</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-sync mr-2"></i>Scheduled Tickets</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="client_tickets.php?client_id=<?php echo $client_id; ?>">Tickets</a>
@ -43,7 +43,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -71,18 +71,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$scheduled_ticket_id = $row['scheduled_ticket_id'];
$scheduled_ticket_id = intval($row['scheduled_ticket_id']);
$scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']);
$scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']);
$scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']);
$scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
$scheduled_ticket_next_run = htmlentities($row['scheduled_ticket_next_run']);
?>
<tr>
<td><a href="#" data-toggle="modal" data-target="#editScheduledTicketModal" onclick="populateScheduledTicketEditModal(<?php echo $client_id, ',', $scheduled_ticket_id ?>)"> <?php echo $scheduled_ticket_subject ?> </a></td>
<td><a> <?php echo $scheduled_ticket_priority ?></a></td>
<td><a> <?php echo $scheduled_ticket_frequency ?></a></td>
<td><a> <?php echo $scheduled_ticket_next_run ?></a></td>
<td><a><?php echo $scheduled_ticket_priority ?></a></td>
<td><a><?php echo $scheduled_ticket_frequency ?></a></td>
<td><a><?php echo $scheduled_ticket_next_run ?></a></td>
<td>
<div class="dropdown dropleft text-center">
@ -91,11 +91,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal"
data-target="#editScheduledTicketModal" onclick="populateScheduledTicketEditModal(<?php echo $client_id, ',', $scheduled_ticket_id ?>)">Edit</a>
data-target="#editScheduledTicketModal" onclick="populateScheduledTicketEditModal(<?php echo $client_id, ',', $scheduled_ticket_id ?>)">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php
if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_scheduled_ticket=<?php echo $scheduled_ticket_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_scheduled_ticket=<?php echo $scheduled_ticket_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
<?php } ?>
</div>

28
client_service_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream"></i> New Service</h5>
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i>New Service</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -39,7 +39,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" required autofocus>
<input type="text" class="form-control" name="name" placeholder="Name of Service" required>
</div>
</div>
@ -49,7 +49,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" required autofocus>
<input type="text" class="form-control" name="description" placeholder="Description of Service" required>
</div>
</div>
@ -60,7 +60,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" autofocus>
<input type="text" class="form-control" name="category" placeholder="Category">
</div>
</div>
@ -84,7 +84,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" autofocus>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy">
</div>
</div>
@ -101,7 +101,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$contact_id = $row['contact_id'];
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
echo "<option value=\"$contact_id\">$contact_name</option>";
}
@ -115,7 +115,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
@ -129,7 +129,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$document_id = $row['document_id'];
$document_id = intval($row['document_id']);
$document_name = htmlentities($row['document_name']);
echo "<option value=\"$document_id\">$document_name</option>";
}
@ -153,7 +153,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$asset_id = $row['asset_id'];
$asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']);
echo "<option value=\"$asset_id\">$asset_name</option>";
}
@ -169,7 +169,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$login_id = $row['login_id'];
$login_id = intval($row['login_id']);
$login_name = htmlentities($row['login_name']);
echo "<option value=\"$login_id\">$login_name</option>";
}
@ -190,7 +190,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$domain_id = $row['domain_id'];
$domain_id = intval($row['domain_id']);
$domain_name = htmlentities($row['domain_name']);
echo "<option value=\"$domain_id\">$domain_name</option>";
}
@ -206,7 +206,7 @@
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while ($row = mysqli_fetch_array($sql)) {
$cert_id = $row['certificate_id'];
$cert_id = intval($row['certificate_id']);
$cert_name = htmlentities($row['certificate_name']);
$cert_domain = htmlentities($row['certificate_domain']);
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
@ -223,8 +223,8 @@
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_service" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_service" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

30
client_service_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream"></i> Editing service: <strong><?php echo "$service_name"; ?></strong></h5>
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i>Editing service: <strong><?php echo $service_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -40,7 +40,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" value="<?php echo $service_name ?>" required autofocus>
<input type="text" class="form-control" name="name" placeholder="Name of Service" value="<?php echo $service_name ?>" required>
</div>
</div>
@ -50,7 +50,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" value="<?php echo $service_description ?>" required autofocus>
<input type="text" class="form-control" name="description" placeholder="Description of Service" value="<?php echo $service_description ?>" required>
</div>
</div>
@ -61,7 +61,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" value="<?php echo $service_category ?>" autofocus>
<input type="text" class="form-control" name="category" placeholder="Category" value="<?php echo $service_category ?>">
</div>
</div>
@ -85,7 +85,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" value="<?php echo $service_backup ?>" autofocus>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" value="<?php echo $service_backup ?>">
</div>
</div>
@ -105,10 +105,10 @@
// Get all contacts
// NOTE: These are called $sql_all and $row_all for a reason - anything overwriting $sql or $row will break the current while loop we are in from client_services.php
$sql_all = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
$sql_all = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id");
while ($row_all = mysqli_fetch_array($sql_all)) {
$contact_id = $row_all['contact_id'];
$contact_id = intval($row_all['contact_id']);
$contact_name = htmlentities($row_all['contact_name']);
if (in_array($contact_id, $selected_ids)) {
@ -130,7 +130,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_template = 0 AND vendor_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) {
$vendor_id = $row_all['vendor_id'];
$vendor_id = intval($row_all['vendor_id']);
$vendor_name = htmlentities($row_all['vendor_name']);
if (in_array($vendor_id, $selected_ids)) {
@ -152,7 +152,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) {
$document_id = $row_all['document_id'];
$document_id = intval($row_all['document_id']);
$document_name = htmlentities($row_all['document_name']);
if (in_array($document_id, $selected_ids)) {
@ -185,7 +185,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) {
$asset_id = $row_all['asset_id'];
$asset_id = intval($row_all['asset_id']);
$asset_name = htmlentities($row_all['asset_name']);
if (in_array($asset_id, $selected_ids)) {
@ -209,7 +209,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) {
$login_id = $row_all['login_id'];
$login_id = intval($row_all['login_id']);
$login_name = htmlentities($row_all['login_name']);
if (in_array($login_id, $selected_ids)) {
@ -238,7 +238,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) {
$domain_id = $row_all['domain_id'];
$domain_id = intval($row_all['domain_id']);
$domain_name = htmlentities($row_all['domain_name']);
if (in_array($domain_id, $selected_ids)) {
@ -262,7 +262,7 @@
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while ($row_all = mysqli_fetch_array($sql_all)) {
$cert_id = $row_all['certificate_id'];
$cert_id = intval($row_all['certificate_id']);
$cert_name = htmlentities($row_all['certificate_name']);
if (in_array($cert_id, $selected_ids)) {
@ -284,8 +284,8 @@
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_service" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_service" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

37
client_service_view_modal.php
View File

@ -2,9 +2,9 @@
<div class="modal-dialog modal-xl">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i><?php echo $service_name; ?> </h5>
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i><?php echo $service_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
<span>&times;</span>
</button>
</div>
<div class="modal-body bg-white">
@ -17,14 +17,14 @@
<b>Description:</b> <?php echo $service_description; ?> <br>
<b>Backup Info:</b> <?php echo $service_backup; ?> <br><br>
<h5><i class="nav-icon fas fa-sticky-note"></i> Notes</h5>
<h5><i class="fas fa-fw fa-sticky-note mr-2"></i>Notes</h5>
<div style="white-space: pre-line"><?php echo $service_notes; ?></div>
<hr>
<!-- Assets -->
<?php
if (mysqli_num_rows($sql_assets) > 0) { ?>
<h5><i class="nav-icon fas fa-desktop"></i> Assets</h5>
<h5><i class="fas fa-fw fa-desktop mr-2"></i>Assets</h5>
<ul>
<?php
// Reset the $sql_assets pointer to the start - as we've already cycled through once
@ -32,9 +32,8 @@
while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['asset_ip'])) {
$ip = '('.$row["asset_ip"].')';
}
else{
$ip = '('.htmlentities($row["asset_ip"]).')';
} else {
$ip = '';
}
echo "<li><a href=\"client_assets.php?client_id=$client_id&q=$row[asset_name]\">$row[asset_name] </a>$ip</li>";
@ -57,7 +56,7 @@
// Get networks linked to assets - push name to array
while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['network_name'])) {
$network_data = "$row[network_name]:$row[network_vlan]";
$network_data = htmlentities("$row[network_name]:$row[network_vlan]");
array_push($networks, $network_data);
}
}
@ -67,7 +66,7 @@
// Display
if (!empty($networks)) { ?>
<h5><i class="nav-icon fas fa-network-wired"></i> Networks</h5>
<h5><i class="fas fa-fw fa-network-wired mr-2"></i>Networks</h5>
<ul>
<?php
}
@ -103,7 +102,7 @@
// Display
if (!empty($location_names)) { ?>
<h5><i class="nav-icon fas fa-map-marker-alt"></i> Locations</h5>
<h5><i class="fas fa-fw fa-map-marker-alt mr-2"></i>Locations</h5>
<ul>
<?php
}
@ -119,7 +118,7 @@
<!-- Domains -->
<?php
if (mysqli_num_rows($sql_domains) > 0) { ?>
<h5><i class="nav-icon fas fa-globe"></i> Domains</h5>
<h5><i class="fas fa-fw fa-globe mr-2"></i>Domains</h5>
<ul>
<?php
// Reset the $sql_domains pointer to the start
@ -140,7 +139,7 @@
<!-- Certificates -->
<?php
if (mysqli_num_rows($sql_certificates) > 0) { ?>
<h5><i class="nav-icon fas fa-lock"></i> Certificates</h5>
<h5><i class="fas fa-fw fa-lock mr-2"></i>Certificates</h5>
<ul>
<?php
// Reset the $sql_certificates pointer to the start
@ -174,7 +173,7 @@
mysqli_data_seek($sql_vendors, 0);
if (mysqli_num_rows($sql_vendors) > 0) { ?>
<h5><i class="nav-icon fas fa-users"></i> Vendors</h5>
<h5><i class="fas fa-fw fa-building mr-2"></i>Vendors</h5>
<ul>
<?php
while ($row = mysqli_fetch_array($sql_vendors)) {
@ -189,14 +188,14 @@
<!-- Contacts -->
<?php
if (mysqli_num_rows($sql_contacts) > 0) { ?>
<h5><i class="nav-icon fas fa-building"></i> Contacts</h5>
<h5><i class="fas fa-fw fa-users mr-2"></i>Contacts</h5>
<ul>
<?php
// Reset the $sql_contacts pointer to the start
mysqli_data_seek($sql_contacts, 0);
while ($row = mysqli_fetch_array($sql_contacts)) {
echo "<li><a href=\"client_contacts.php?client_id=$client_id&q=$row[contact_name]\">$row[contact_name]</a></li>";
echo "<li><a href=\"client_contact_details.php?client_id=$client_id&contact_id=$row[contact_id]\">$row[contact_name]</a></li>";
}
?>
</ul>
@ -207,7 +206,7 @@
<!-- Logins -->
<?php
if (mysqli_num_rows($sql_assets) > 0 || mysqli_num_rows($sql_logins) > 0) { ?>
<h5><i class="nav-icon fas fa-key"></i> Logins</h5>
<h5><i class="fas fa-fw fa-key mr-2"></i>Logins</h5>
<ul>
<?php
// Reset the $sql_assets/logins pointer to the start
@ -236,7 +235,7 @@
<!-- URLs -->
<?php
if ($sql_logins || $sql_assets) { ?>
<h5><i class="nav-icon fas fa-link"></i> URLs</h5>
<h5><i class="fas fa-fw fa-link mr-2"></i>URLs</h5>
<ul>
<?php
// Reset the $sql_logins pointer to the start
@ -267,14 +266,14 @@
<!-- Documents -->
<?php
if (mysqli_num_rows($sql_docs) > 0) { ?>
<h5><i class="nav-icon fas fa-file-alt"></i> Documents</h5>
<h5><i class="fas fa-fw fa-file-alt mr-2"></i>Documents</h5>
<ul>
<?php
// Reset the $sql_docs pointer to the start
mysqli_data_seek($sql_docs, 0);
while ($row = mysqli_fetch_array($sql_docs)) {
echo "<li><a href=\"client_documents.php?client_id=$client_id&q=$row[document_name]\">$row[document_name]</a></li>";
echo "<li><a href=\"client_document_details.php?client_id=$client_id&document_id=$row[document_id]\">$row[document_name]</a></li>";
}
?>
</ul>

37
client_services.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "service_name";
}
@ -25,9 +25,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-stream"></i> Services</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-stream mr-2"></i>Services</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-fw fa-plus"></i> New Service</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-plus mr-2"></i>New Service</button>
</div>
</div>
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Services">
<input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Services">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>
@ -52,7 +52,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<th><a class="text-dark">Category</a></th>
<th><a class="text-dark">Updated</a></th>
<th><a class="text-dark">Importance</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
@ -60,15 +59,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$service_id = $row['service_id'];
$service_id = intval($row['service_id']);
$service_name = htmlentities($row['service_name']);
$service_description = htmlentities($row['service_description']);
$service_category = htmlentities($row['service_category']);
$service_importance = htmlentities($row['service_importance']);
$service_backup = htmlentities($row['service_backup']);
$service_notes = htmlentities($row['service_notes']);
$service_updated_at = $row['service_updated_at'];
$service_review_due = $row['service_review_due'];
$service_updated_at = htmlentities($row['service_updated_at']);
$service_review_due = htmlentities($row['service_review_due']);
// Service Importance
if ($service_importance == "High") {
@ -97,10 +96,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_service=<?php echo $service_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>
@ -117,7 +120,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
LEFT JOIN logins ON service_assets.asset_id = logins.login_asset_id
LEFT JOIN networks ON assets.asset_network_id = networks.network_id
LEFT JOIN locations ON assets.asset_location_id = locations.location_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
// Associated logins
@ -125,7 +128,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$mysqli,
"SELECT * FROM service_logins
LEFT JOIN logins ON service_logins.login_id = logins.login_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
// Associated Domains
@ -133,14 +136,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$mysqli,
"SELECT * FROM service_domains
LEFT JOIN domains ON service_domains.domain_id = domains.domain_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
// Associated Certificates
$sql_certificates = mysqli_query(
$mysqli,
"SELECT * FROM service_certificates
LEFT JOIN certificates ON service_certificates.certificate_id = certificates.certificate_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
// Associated URLs ---- REMOVED for now
@ -152,7 +155,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$mysqli,
"SELECT * FROM service_vendors
LEFT JOIN vendors ON service_vendors.vendor_id = vendors.vendor_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
// Associated Contacts
@ -160,7 +163,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$mysqli,
"SELECT * FROM service_contacts
LEFT JOIN contacts ON service_contacts.contact_id = contacts.contact_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
// Associated Documents
@ -168,7 +171,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$mysqli,
"SELECT * FROM service_documents
LEFT JOIN documents ON service_documents.document_id = documents.document_id
WHERE service_id = '$service_id'"
WHERE service_id = $service_id"
);
require("client_service_edit_modal.php");

16
client_shared_items.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (isset($_GET['q'])) {
$q = strip_tags(mysqli_real_escape_string($mysqli, $_GET['q']));
$q = sanitizeInput($_GET['q']);
//Phone Numbers
$phone_query = preg_replace("/[^0-9]/", '', $q);
if (empty($phone_query)) {
@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fa fa-fw fa-share"></i> Shared Items (Links)</h3>
<h3 class="card-title"><i class="fa fa-fw fa-share mr-2"></i>Shared Items (Links)</h3>
</div>
<div class="card-body">
<form autocomplete="off">
@ -70,16 +70,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$item_id = $row['item_id'];
$item_id = intval($row['item_id']);
$item_active = htmlentities($row['item_active']);
$item_key = htmlentities($row['item_key']);
$item_type = htmlentities($row['item_type']);
$item_related_id = $row['item_related_id'];
$item_related_id = intval($row['item_related_id']);
$item_note = htmlentities($row['item_note']);
$item_views = htmlentities($row['item_views']);
$item_view_limit = htmlentities($row['item_view_limit']);
$item_created_at = $row['item_created_at'];
$item_expire_at = $row['item_expire_at'];
$item_created_at = htmlentities($row['item_created_at']);
$item_expire_at = htmlentities($row['item_expire_at']);
if ($item_type == 'Login') {
$share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
@ -110,7 +110,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item text-danger" href="post.php?deactivate_shared_item=<?php echo $item_id; ?>">Deactivate</a>
<a class="dropdown-item text-danger" href="post.php?deactivate_shared_item=<?php echo $item_id; ?>">
<i class="fas fa-fw fa-times mr-2"></i>Deactivate
</a>
</div>
</div>
<?php } ?>

32
client_software.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "software_name";
}
@ -25,11 +25,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube"></i> Licenses</h3>
<h3 class="card-title mt-2"><i class="fas fa-fw fa-cube mr-2"></i>Licenses</h3>
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareModal">
<i class="fas fa-fw fa-plus"></i> New License
<i class="fas fa-plus mr-2"></i>New License
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Licenses">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -54,7 +54,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_software_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="post.php?export_client_software_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
</div>
</div>
@ -77,19 +77,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$software_id = $row['software_id'];
$software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']);
$software_purchase = $row['software_purchase'];
$software_expire = $row['software_expire'];
$software_purchase = htmlentities($row['software_purchase']);
$software_expire = htmlentities($row['software_expire']);
$software_notes = htmlentities($row['software_notes']);
// Get Login
$login_id = $row['login_id'];
$login_id = intval($row['login_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
@ -99,7 +99,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id");
$asset_licenses_array = array();
while ($row = mysqli_fetch_array($asset_licenses_sql)) {
$asset_licenses_array[] = $row['asset_id'];
$asset_licenses_array[] = intval($row['asset_id']);
$seat_count = $seat_count + 1;
}
$asset_licenses = implode(',', $asset_licenses_array);
@ -108,7 +108,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$contact_licenses_sql = mysqli_query($mysqli, "SELECT contact_id FROM software_contacts WHERE software_id = $software_id");
$contact_licenses_array = array();
while ($row = mysqli_fetch_array($contact_licenses_sql)) {
$contact_licenses_array[] = $row['contact_id'];
$contact_licenses_array[] = intval($row['contact_id']);
$seat_count = $seat_count + 1;
}
$contact_licenses = implode(',', $contact_licenses_array);
@ -168,12 +168,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareModal<?php echo $software_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareModal<?php echo $software_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_software=<?php echo $software_id; ?>">Archive and<br><small>Remove Licenses</small></a>
<a class="dropdown-item text-danger" href="post.php?archive_software=<?php echo $software_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive and<br><small>Remove Licenses</small></a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_software=<?php echo $software_id; ?>">Delete and<br><small>Remove Licenses</small></a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_software=<?php echo $software_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete and<br><small>Remove Licenses</small></a>
<?php } ?>
</div>
</div>

10
client_software_add_from_template_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License from Template</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>New License from Template</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -22,7 +22,7 @@
<?php
$sql_software_templates = mysqli_query($mysqli, "SELECT * FROM software WHERE software_template = 1 AND company_id = $session_company_id AND software_archived_at IS NULL ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql_software_templates)){
$software_template_id = $row['software_id'];
$software_template_id = intval($row['software_id']);
$software_template_name = htmlentities($row['software_name']);
?>
@ -36,10 +36,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_software_from_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_software_from_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

12
client_software_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>New License</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -41,7 +41,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Software name" required autofocus>
<input type="text" class="form-control" name="name" placeholder="Software name" required>
</div>
</div>
@ -139,7 +139,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN contacts ON asset_contact_id = contact_id WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$asset_id = $row['asset_id'];
$asset_id = intval($row['asset_id']);
$asset_name = htmlentities($row['asset_name']);
$asset_type = htmlentities($row['asset_type']);
$contact_name = htmlentities($row['contact_name']);
@ -170,7 +170,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$contact_id = $row['contact_id'];
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
$contact_email = htmlentities($row['contact_email']);
@ -225,8 +225,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_software" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_software" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

10
client_software_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> Editing license: <strong><?php echo $software_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>Editing license: <strong><?php echo $software_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -140,7 +140,7 @@
$sql_assets_select = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN contacts ON asset_contact_id = contact_id WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
while ($row = mysqli_fetch_array($sql_assets_select)) {
$asset_id_select = $row['asset_id'];
$asset_id_select = intval($row['asset_id']);
$asset_name_select = htmlentities($row['asset_name']);
$asset_type_select = htmlentities($row['asset_type']);
$contact_name_select = htmlentities($row['contact_name']);
@ -171,7 +171,7 @@
$sql_contacts_select = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
while ($row = mysqli_fetch_array($sql_contacts_select)) {
$contact_id_select = $row['contact_id'];
$contact_id_select = intval($row['contact_id']);
$contact_name_select = htmlentities($row['contact_name']);
$contact_email_select = htmlentities($row['contact_email']);
@ -226,8 +226,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_software" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_software" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
client_software_template_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License Template</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>New License Template</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -65,8 +65,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_software_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create Template</button>
<button type="submit" name="add_software_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create Template</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
client_software_template_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> Editing template: <strong><?php echo $software_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>Editing template: <strong><?php echo $software_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -64,8 +64,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_software_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save Template</button>
<button type="submit" name="edit_software_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save Template</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

26
client_software_templates.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if(!empty($_GET['sb'])){
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "software_name";
}
@ -22,13 +22,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube"></i> Licenses Templates</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube mr-2"></i>Licenses Templates</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="client_software.php?client_id=<?php echo $client_id; ?>">Licenses</a>
</div>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareTemplateModal"><i class="fas fa-fw fa-plus"></i> New Template</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareTemplateModal"><i class="fas fa-plus mr-2"></i>New Template</button>
</div>
</div>
<div class="card-body">
@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Licenses">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -66,15 +66,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while($row = mysqli_fetch_array($sql)){
$software_id = $row['software_id'];
$software_id = intval($row['software_id']);
$software_name = htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']);
$software_purchase = $row['software_purchase'];
$software_expire = $row['software_expire'];
$software_seats = intval($row['software_seats']);
$software_purchase = htmlentities($row['software_purchase']);
$software_expire = htmlentities($row['software_expire']);
$software_notes = htmlentities($row['software_notes']);
?>
@ -82,17 +82,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<td><a class="text-dark" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>"><?php echo "$software_name<br><span class='text-secondary'>$software_version</span>"; ?></a></td>
<td><?php echo $software_type; ?></td>
<td><?php echo $software_license_type; ?></td>
<td><?php echo "$software_seats"; ?></td>
<td><?php echo $software_seats; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_software=<?php echo $software_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

18
client_vendor_templates.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_client.php");
if (isset($_GET['q'])) {
$q = strip_tags(mysqli_real_escape_string($mysqli, $_GET['q']));
$q = sanitizeInput($_GET['q']);
//Phone Numbers
$phone_query = preg_replace("/[^0-9]/", '', $q);
if (empty($phone_query)) {
@ -14,7 +14,7 @@ if (isset($_GET['q'])) {
}
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "vendor_name";
}
@ -36,7 +36,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2">
<i class="fa fa-fw fa-building"></i> Vendor Templates
<i class="fa fa-fw fa-building mr-2"></i>Vendor Templates
</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addVendorTemplateModal">
<i class="fas fa-fw fa-plus"></i> New Template
<i class="fas fa-plus mr-2"></i>New Template
</button>
</div>
</div>
@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
$vendor_description = htmlentities($row['vendor_description']);
if (empty($vendor_description)) {
@ -141,10 +141,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editVendorTemplateModal<?php echo $vendor_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editVendorTemplateModal<?php echo $vendor_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

24
client_vendors.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_client.php");
if (isset($_GET['q'])) {
$q = strip_tags(mysqli_real_escape_string($mysqli, $_GET['q']));
$q = sanitizeInput($_GET['q']);
//Phone Numbers
$phone_query = preg_replace("/[^0-9]/", '', $q);
if (empty($phone_query)) {
@ -15,7 +15,7 @@ if (isset($_GET['q'])) {
}
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "vendor_name";
}
@ -37,12 +37,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2">
<i class="fa fa-fw fa-building"></i> Vendors
<i class="fas fa-fw fa-building mr-2"></i>Vendors
</h3>
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addVendorModal">
<i class="fas fa-fw fa-plus"></i> New Vendor
<i class="fas fa-plus mr-2"></i>New Vendor
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
@ -58,7 +58,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Vendors">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
@ -67,8 +67,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_vendors_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="#" class="btn btn-default"><i class="fa fa-fw fa-upload"></i> Import</a>
<a href="post.php?export_client_vendors_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
<a href="#" class="btn btn-default"><i class="fa fa-fw fa-upload mr-2"></i>Import</a>
</div>
</div>
@ -89,7 +89,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
$vendor_description = htmlentities($row['vendor_description']);
if (empty($vendor_description)) {
@ -151,10 +151,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editVendorModal<?php echo $vendor_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editVendorModal<?php echo $vendor_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>

4
clients.php
View File

@ -108,10 +108,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Clients</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-users mr-2"></i>Clients</h3>
<div class="card-tools">
<?php if ($session_user_role == 3) { ?>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal"><i class="fas fa-fw fa-plus"></i> New Client</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal"><i class="fas fa-plus mr-2"></i>New Client</button>
<?php } ?>
</div>
</div>

22
companies.php
View File

@ -2,7 +2,7 @@
require_once("inc_all_settings.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "company_name";
}
@ -23,9 +23,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-building"></i> Companies</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-building mr-2"></i>Companies</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCompanyModal"><i class="fas fa-fw fa-plus"></i> New Company</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCompanyModal"><i class="fas fa-plus mr-2"></i>New Company</button>
</div>
</div>
<div class="card-body">
@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<hr>
<form autocomplete="off">
<div class="input-group">
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Companies">
<input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
@ -58,7 +58,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$company_id = $row['company_id'];
$company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']);
$company_country = htmlentities($row['company_country']);
$company_address = htmlentities($row['company_address']);
@ -103,11 +103,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_company=<?php echo $company_id; ?>">Archive</a>
<a class="dropdown-item text-danger" href="post.php?archive_company=<?php echo $company_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_company=<?php echo $company_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_company=<?php echo $company_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>

6
company_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building"></i> New Company</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>New Company</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -183,8 +183,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_company" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
<button type="submit" name="add_company" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
company_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-building"></i> Editing company: <strong><?php echo $company_name; ?></strong></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>Editing company: <strong><?php echo $company_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -182,8 +182,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_company" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
<button type="submit" name="edit_company" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

16
cron.php
View File

@ -16,7 +16,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
$company_country = $row['company_country'];
$company_locale = $row['company_locale'];
$company_currency = $row['company_currency'];
$config_enable_cron = $row['config_enable_cron'];
$config_enable_cron = intval($row['config_enable_cron']);
$config_invoice_overdue_reminders = $row['config_invoice_overdue_reminders'];
$config_invoice_prefix = $row['config_invoice_prefix'];
$config_invoice_from_email = $row['config_invoice_from_email'];
@ -24,25 +24,25 @@ while ($row = mysqli_fetch_array($sql_companies)) {
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
$config_smtp_port = $row['config_smtp_port'];
$config_smtp_port =intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_mail_from_email = $row['config_mail_from_email'];
$config_mail_from_name = $row['config_mail_from_name'];
$config_recurring_auto_send_invoice = $row['config_recurring_auto_send_invoice'];
$config_recurring_auto_send_invoice = intval($row['config_recurring_auto_send_invoice']);
// Tickets
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_next_number = intval($row['config_ticket_next_number']);
$config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email'];
//Get Config for Telemetry
$config_theme = $row['config_theme'];
$config_ticket_email_parse = $row['config_ticket_email_parse'];
$config_module_enable_itdoc = $row['config_module_enable_itdoc'];
$config_module_enable_ticketing = $row['config_module_enable_ticketing'];
$config_ticket_email_parse = intval($row['config_ticket_email_parse']);
$config_module_enable_itdoc = intval($row['config_module_enable_itdoc']);
$config_module_enable_ticketing = intval($row['config_module_enable_ticketing']);
$config_module_enable_accounting = $row['config_module_enable_accounting'];
$config_telemetry = $row['config_telemetry'];
$config_telemetry = intval($row['config_telemetry']);
// Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);

76
dashboard_financial.php
View File

@ -28,32 +28,32 @@ $largest_income_month = 0;
//Get Total income
$sql_total_payments_to_invoices = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_payments_to_invoices);
$total_payments_to_invoices = $row['total_payments_to_invoices'];
$total_payments_to_invoices = floatval($row['total_payments_to_invoices']);
//Do not grab transfer payment as these have a category_id of 0
$sql_total_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_revenues);
$total_revenues = $row['total_revenues'];
$total_revenues = floatval($row['total_revenues']);
$total_income = $total_payments_to_invoices + $total_revenues;
//Get Total expenses and do not grab transfer expenses as these have a vendor of 0
$sql_total_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_vendor_id > 0 AND YEAR(expense_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_expenses);
$total_expenses = $row['total_expenses'];
$total_expenses = floatval($row['total_expenses']);
//Total up all the Invoices that are not draft or cancelled
$sql_invoice_totals = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND YEAR(invoice_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_invoice_totals);
$invoice_totals = $row['invoice_totals'];
$invoice_totals = floatval($row['invoice_totals']);
//Quaeries from Receivables
$sql_total_payments_to_invoices_all_years = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments_to_invoices_all_years FROM payments WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_payments_to_invoices_all_years);
$total_payments_to_invoices_all_years = $row['total_payments_to_invoices_all_years'];
$total_payments_to_invoices_all_years = floatval($row['total_payments_to_invoices_all_years']);
$sql_invoice_totals_all_years = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_totals_all_years FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_invoice_totals_all_years);
$invoice_totals_all_years = $row['invoice_totals_all_years'];
$invoice_totals_all_years = floatval($row['invoice_totals_all_years']);
$receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years;
@ -82,25 +82,25 @@ $sql_latest_expenses = mysqli_query(
//Get Monthly Recurring Total
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = $row['recurring_monthly_total'];
$recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = $row['recurring_yearly_total'];
$recurring_yearly_total = floatval($row['recurring_yearly_total']);
//Get Total Miles Driven
$sql_miles_driven = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS total_miles FROM trips WHERE YEAR(trip_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_miles_driven);
$total_miles = $row['total_miles'];
$total_miles = floatval($row['total_miles']);
//Get Total Clients added
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('client_id') AS clients_added FROM clients WHERE YEAR(client_created_at) = $year AND company_id = $session_company_id"));
$clients_added = $row['clients_added'];
$clients_added = intval($row['clients_added']);
//Get Total Vendors added
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('vendor_id') AS vendors_added FROM vendors WHERE YEAR(vendor_created_at) = $year AND vendor_client_id = 0 AND vendor_template = 0 AND company_id = $session_company_id"));
$vendors_added = $row['vendors_added'];
$vendors_added = intval($row['vendors_added']);
?>
@ -242,7 +242,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-md-12">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-chart-area"></i> Cash Flow</h3>
<h3 class="card-title"><i class="fas fa-fw fa-chart-area mr-2"></i>Cash Flow</h3>
<div class="card-tools">
<a href="report_income_summary.php" class="btn btn-tool">
<i class="fas fa-eye"></i>
@ -261,7 +261,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-lg-4">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-chart-pie"></i> Income by Category</h3>
<h3 class="card-title"><i class="fas fa-fw fa-chart-pie mr-2"></i>Income by Category</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
@ -277,7 +277,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-lg-4">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-shopping-cart"></i> Expenses by Category</h3>
<h3 class="card-title"><i class="fa fa-fw fa-shopping-cart mr-2"></i>Expenses by Category</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
@ -293,7 +293,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-lg-4">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-building"></i> Expenses by Vendor</h3>
<h3 class="card-title"><i class="fa fa-fw fa-building mr-2"></i>Expenses by Vendor</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
@ -309,7 +309,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-md-4">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-piggy-bank"></i> Account Balances</h3>
<h3 class="card-title"><i class="fa fa-fw fa-piggy-bank mr-2"></i>Account Balances</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
@ -321,9 +321,9 @@ $vendors_added = $row['vendors_added'];
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id = $row['account_id'];
$account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']);
$opening_balance = $row['opening_balance'];
$opening_balance = floatval($row['opening_balance']);
?>
<tr>
@ -331,15 +331,15 @@ $vendors_added = $row['vendors_added'];
<?php
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments'];
$total_payments = floatval($row['total_payments']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id");
$row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues'];
$total_revenues = floatval($row['total_revenues']);
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id");
$row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses'];
$total_expenses = floatval($row['total_expenses']);
$balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
@ -361,7 +361,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-md-4">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-credit-card"></i> Latest Income</h3>
<h3 class="card-title"><i class="fas fa-fw fa-credit-card mr-2"></i>Latest Income</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
@ -381,10 +381,10 @@ $vendors_added = $row['vendors_added'];
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_latest_invoice_payments)) {
$payment_date = $row['payment_date'];
$payment_date = htmlentities($row['payment_date']);
$payment_amount = floatval($row['payment_amount']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$client_name = htmlentities($row['client_name']);
?>
<tr>
@ -404,7 +404,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-md-4">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-shopping-cart"></i> Latest Expenses</h3>
<h3 class="card-title"><i class="fas fa-fw fa-shopping-cart mr-2"></i>Latest Expenses</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
@ -424,7 +424,7 @@ $vendors_added = $row['vendors_added'];
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_latest_expenses)) {
$expense_date = $row['expense_date'];
$expense_date = htmlentities($row['expense_date']);
$expense_amount = floatval($row['expense_amount']);
$vendor_name = htmlentities($row['vendor_name']);
$category_name = htmlentities($row['category_name']);
@ -447,7 +447,7 @@ $vendors_added = $row['vendors_added'];
<div class="col-md-12">
<div class="card card-dark mb-3">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-route"></i> Trip Flow</h3>
<h3 class="card-title"><i class="fas fa-fw fa-route mr-2"></i>Trip Flow</h3>
<div class="card-tools">
<a href="trips.php" class="btn btn-tool">
<i class="fas fa-eye"></i>
@ -492,11 +492,11 @@ $vendors_added = $row['vendors_added'];
for($month = 1; $month<=12; $month++) {
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_payments);
$payments_for_month = $row['payment_amount_for_month'];
$payments_for_month = floatval($row['payment_amount_for_month']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year AND MONTH(revenue_date) = $month AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_revenues);
$revenues_for_month = $row['revenue_amount_for_month'];
$revenues_for_month = floatval($row['revenue_amount_for_month']);
$income_for_month = $payments_for_month + $revenues_for_month;
@ -531,11 +531,11 @@ $vendors_added = $row['vendors_added'];
for($month = 1; $month<=12; $month++) {
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS payment_amount_for_month FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year-1 AND MONTH(payment_date) = $month AND payments.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_payments);
$payments_for_month = $row['payment_amount_for_month'];
$payments_for_month = floatval($row['payment_amount_for_month']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS revenue_amount_for_month FROM revenues WHERE revenue_category_id > 0 AND YEAR(revenue_date) = $year-1 AND MONTH(revenue_date) = $month AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_revenues);
$revenues_for_month = $row['revenue_amount_for_month'];
$revenues_for_month = floatval($row['revenue_amount_for_month']);
$income_for_month = $payments_for_month + $revenues_for_month;
@ -573,7 +573,7 @@ $vendors_added = $row['vendors_added'];
for($month = 1; $month<=12; $month++) {
$sql_projected = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amount_for_month FROM invoices WHERE YEAR(invoice_due) = $year AND MONTH(invoice_due) = $month AND invoice_status NOT LIKE 'Cancelled' AND invoice_status NOT LIKE 'Draft' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_projected);
$invoice_for_month = $row['invoice_amount_for_month'];
$invoice_for_month = floatval($row['invoice_amount_for_month']);
if ($invoice_for_month > 0 && $invoice_for_month > $largest_invoice_month) {
$largest_invoice_month = $invoice_for_month;
@ -609,7 +609,7 @@ $vendors_added = $row['vendors_added'];
for($month = 1; $month<=12; $month++) {
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0 AND expenses.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = $row['expense_amount_for_month'];
$expenses_for_month = floatval($row['expense_amount_for_month']);
if ($expenses_for_month > 0 && $expenses_for_month > $largest_expense_month) {
$largest_expense_month = $expenses_for_month;
@ -685,7 +685,7 @@ $vendors_added = $row['vendors_added'];
for($month = 1; $month<=12; $month++) {
$sql_trips = mysqli_query($mysqli, "SELECT SUM(trip_miles) AS trip_miles_for_month FROM trips WHERE YEAR(trip_date) = $year AND MONTH(trip_date) = $month AND trips.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_trips);
$trip_miles_for_month = $row['trip_miles_for_month'];
$trip_miles_for_month = floatval($row['trip_miles_for_month']);
$largest_trip_miles_month = 0;
if ($trip_miles_for_month > 0 && $trip_miles_for_month > $largest_trip_miles_month) {
@ -760,11 +760,11 @@ $vendors_added = $row['vendors_added'];
<?php
$sql_categories = mysqli_query($mysqli, "SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_id = $row['category_id'];
$category_id = intval($row['category_id']);
$sql_invoices = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS income_amount_for_year FROM invoices WHERE invoice_category_id = $category_id AND YEAR(invoice_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_invoices);
$income_amount_for_year = $row['income_amount_for_year'];
$income_amount_for_year = floatval($row['income_amount_for_year']);
echo "$income_amount_for_year,";
}
@ -821,7 +821,7 @@ $vendors_added = $row['vendors_added'];
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_year FROM expenses WHERE expense_category_id = $category_id AND YEAR(expense_date) = $year");
$row = mysqli_fetch_array($sql_expenses);
$expense_amount_for_year = $row['expense_amount_for_year'];
$expense_amount_for_year = floatval($row['expense_amount_for_year']);
echo "$expense_amount_for_year,";
}
@ -874,7 +874,7 @@ $vendors_added = $row['vendors_added'];
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS expense_amount_for_year FROM expenses WHERE expense_vendor_id = $vendor_id AND YEAR(expense_date) = $year");
$row = mysqli_fetch_array($sql_expenses);
$expense_amount_for_year = $row['expense_amount_for_year'];
$expense_amount_for_year = floatval($row['expense_amount_for_year']);
echo "$expense_amount_for_year,";
}

4
dashboard_technical.php
View File

@ -120,7 +120,7 @@ $expiring_certificates = $sql_certs_expiring['expiring_certs'];
<!-- ./col -->
<div class="col-lg-4 col-6">
<a class="small-box bg-success"">
<a class="small-box bg-success">
<div class="inner">
<h3><?php echo $contacts_added; ?></h3>
<p>New Contacts</p>
@ -133,7 +133,7 @@ $expiring_certificates = $sql_certs_expiring['expiring_certs'];
<!-- ./col -->
<div class="col-lg-4 col-6">
<a class="small-box bg-info"">
<a class="small-box bg-info">
<div class="inner">
<h3><?php echo $assets_added; ?></h3>
<p>New Assets</p>

18
expense_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cart-plus"></i> New Expense</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-cart-plus mr-2"></i>New Expense</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -45,21 +45,21 @@
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$account_id = $row['account_id'];
$account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments'];
$total_payments = floatval($row['total_payments']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id");
$row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues'];
$total_revenues = floatval($row['total_revenues']);
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id");
$row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses'];
$total_expenses = floatval($row['total_expenses']);
$balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
@ -85,7 +85,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$vendor_id = $row['vendor_id'];
$vendor_id = intval($row['vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
?>
<option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@ -120,7 +120,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$category_id = $row['category_id'];
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@ -156,8 +156,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_expense" class="btn btn-primary text-bold"><i class="fa fa-fw fa-check"></i> Create</button>
<button type="submit" name="add_expense" class="btn btn-primary text-bold"><i class="fa fa-fw fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

18
expense_copy_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-copy"></i> Copying expense</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-copy mr-2"></i>Copying expense</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -46,21 +46,21 @@
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = $row['account_id'];
$account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments'];
$total_payments = floatval($row['total_payments']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues'];
$total_revenues = floatval($row['total_revenues']);
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses'];
$total_expenses = floatval($row['total_expenses']);
$balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
?>
@ -84,7 +84,7 @@
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND company_id = $session_company_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_vendors)) {
$vendor_id_select = $row['vendor_id'];
$vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@ -116,7 +116,7 @@
$sql_categories = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_categories)) {
$category_id_select = $row['category_id'];
$category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
@ -147,8 +147,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_expense" class="btn btn-primary text-bold"><i class="fa fa-fw fa-check"></i> Copy</button>
<button type="submit" name="add_expense" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Copy</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

18
expense_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-edit"></i> Editing expense</h5>
<h5 class="modal-title text-white"><i class="fa fa-fw fa-edit mr-2"></i>Editing expense</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -48,21 +48,21 @@
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id_select = $row['account_id'];
$account_id_select = intval($row['account_id']);
$account_name_select = htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments'];
$total_payments = floatval($row['total_payments']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues'];
$total_revenues = floatval($row['total_revenues']);
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id_select");
$row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses'];
$total_expenses = floatval($row['total_expenses']);
$balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
@ -87,7 +87,7 @@
$sql_select = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) AND company_id = $session_company_id ORDER BY vendor_name ASC");
while ($row = mysqli_fetch_array($sql_select)) {
$vendor_id_select = $row['vendor_id'];
$vendor_id_select = intval($row['vendor_id']);
$vendor_name_select = htmlentities($row['vendor_name']);
?>
<option <?php if ($expense_vendor_id == $vendor_id_select) { ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@ -122,7 +122,7 @@
$sql_select = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_select)) {
$category_id_select = $row['category_id'];
$category_id_select = intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if ($expense_category_id == $category_id_select) { ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
@ -161,8 +161,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_expense" class="btn btn-primary text-bold"><i class="fa fa-fw fa-check"></i> Save</button>
<button type="submit" name="edit_expense" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
expense_export_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-download"></i> Export Expenses to CSV</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-download mr-2"></i>Export Expenses to CSV</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -32,8 +32,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="export_expenses_csv" class="btn btn-primary text-bold"><i class="fa fa-fw fa-download"></i> Download CSV</button>
<button type="submit" name="export_expenses_csv" class="btn btn-primary text-bold"><i class="fas fa-fw fa-download mr-2"></i>Download CSV</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
expense_refund_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-sync"></i> Refunding expense</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-undo-alt mr-2"></i>Refunding expense</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -58,8 +58,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_expense" class="btn btn-primary text-bold"><i class="fa fa-fw fa-check"></i> Refund</button>
<button type="submit" name="add_expense" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Refund</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

48
expenses.php
View File

@ -3,7 +3,7 @@
require_once("inc_all.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "expense_date";
}
@ -22,8 +22,8 @@ if (empty($_GET['canned_date'])) {
//Date Filter
if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
$dtf = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtf']));
$dtt = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtt']));
$dtf = sanitizeInput($_GET['dtf']);
$dtt = sanitizeInput($_GET['dtt']);
} elseif ($_GET['canned_date'] == "today") {
$dtf = date('Y-m-d');
$dtt = date('Y-m-d');
@ -74,9 +74,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-shopping-cart"></i> Expenses</h3>
<h3 class="card-title mt-2"><i class="fas fa-fw fa-shopping-cart mr-2"></i>Expenses</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addExpenseModal"><i class="fas fa-fw fa-plus"></i> New Expense</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addExpenseModal"><i class="fas fa-plus mr-2"></i>New Expense</button>
</div>
</div>
@ -85,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo strip_tags(htmlentities($q));} ?>" placeholder="Search Expenses">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Expenses">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
@ -94,7 +94,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
<div class="col-sm-8">
<div class="float-right">
<button type="button" class="btn btn-default btn-lg" data-toggle="modal" data-target="#exportExpensesModal"><i class="fa fa-fw fa-download"></i> Export</button>
<button type="button" class="btn btn-default btn-lg" data-toggle="modal" data-target="#exportExpensesModal"><i class="fas fa-fw fa-download mr-2"></i>Export</button>
</div>
</div>
</div>
@ -149,20 +149,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$expense_id = $row['expense_id'];
$expense_date = $row['expense_date'];
$expense_id = intval($row['expense_id']);
$expense_date = htmlentities($row['expense_date']);
$expense_amount = floatval($row['expense_amount']);
$expense_currency_code = htmlentities($row['expense_currency_code']);
$expense_description = htmlentities($row['expense_description']);
$expense_receipt = htmlentities($row['expense_receipt']);
$expense_reference = htmlentities($row['expense_reference']);
$expense_created_at = $row['expense_created_at'];
$expense_vendor_id = $row['expense_vendor_id'];
$expense_created_at = htmlentities($row['expense_created_at']);
$expense_vendor_id = intval($row['expense_vendor_id']);
$vendor_name = htmlentities($row['vendor_name']);
$expense_category_id = $row['expense_category_id'];
$expense_category_id = intval($row['expense_category_id']);
$category_name = htmlentities($row['category_name']);
$account_name = htmlentities($row['account_name']);
$expense_account_id = $row['expense_account_id'];
$expense_account_id = intval($row['expense_account_id']);
if (empty($expense_receipt)) {
$receipt_attached = "";
@ -177,7 +177,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<td><?php echo $vendor_name; ?></td>
<td><?php echo $category_name; ?></td>
<td><?php echo truncate($expense_description, 50); ?></td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $expense_amount, $expense_currency_code); ?></td>
<td class="text-bold text-right"><?php echo numfmt_format_currency($currency_format, $expense_amount, $expense_currency_code); ?></td>
<td><?php echo $account_name; ?></td>
<td>
<div class="dropdown dropleft text-center">
@ -187,15 +187,25 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<?php
if (!empty($expense_receipt)) { ?>
<a class="dropdown-item" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">Download</a>
<a class="dropdown-item" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name-$expense_id.pdf"; ?>">
<i class="fas fa-fw fa-download mr-2"></i>Download
</a>
<div class="dropdown-divider"></div>
<?php } ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editExpenseModal<?php echo $expense_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addExpenseCopyModal<?php echo $expense_id; ?>">Copy</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editExpenseModal<?php echo $expense_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addExpenseCopyModal<?php echo $expense_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addExpenseRefundModal<?php echo $expense_id; ?>">Refund</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addExpenseRefundModal<?php echo $expense_id; ?>">
<i class="fas fa-fw fa-undo-alt mr-2"></i>Refund
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_expense=<?php echo $expense_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_expense=<?php echo $expense_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>

51
get_settings.php
View File

@ -13,7 +13,7 @@ $config_azure_client_secret = $row['config_azure_client_secret'];
// Mail
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = $row['config_smtp_port'];
$config_smtp_port = intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
@ -21,63 +21,63 @@ $config_mail_from_email = $row['config_mail_from_email'];
$config_mail_from_name = $row['config_mail_from_name'];
// Mail - IMAP
$config_imap_host = $row['config_imap_host'];
$config_imap_port = $row['config_imap_port'];
$config_imap_port = intval($row['config_imap_port']);
$config_imap_encryption = $row['config_imap_encryption'];
// Defaults
$config_default_transfer_from_account = $row['config_default_transfer_from_account'];
$config_default_transfer_to_account = $row['config_default_transfer_to_account'];
$config_default_payment_account = $row['config_default_payment_account'];
$config_default_expense_account = $row['config_default_expense_account'];
$config_default_transfer_from_account = intval($row['config_default_transfer_from_account']);
$config_default_transfer_to_account = intval($row['config_default_transfer_to_account']);
$config_default_payment_account = intval($row['config_default_payment_account']);
$config_default_expense_account = intval($row['config_default_expense_account']);
$config_default_payment_method = $row['config_default_payment_method'];
$config_default_expense_payment_method = $row['config_default_expense_payment_method'];
$config_default_calendar = $row['config_default_calendar'];
$config_default_net_terms = $row['config_default_net_terms'];
$config_default_calendar = intval($row['config_default_calendar']);
$config_default_net_terms = intval($row['config_default_net_terms']);
// Invoice
$config_invoice_prefix = $row['config_invoice_prefix'];
$config_invoice_next_number = $row['config_invoice_next_number'];
$config_invoice_next_number = intval($row['config_invoice_next_number']);
$config_invoice_footer = $row['config_invoice_footer'];
$config_invoice_from_name = $row['config_invoice_from_name'];
$config_invoice_from_email = $row['config_invoice_from_email'];
// Recurring
$config_recurring_prefix = $row['config_recurring_prefix'];
$config_recurring_next_number = $row['config_recurring_next_number'];
$config_recurring_next_number = intval($row['config_recurring_next_number']);
// Quotes
$config_quote_prefix = $row['config_quote_prefix'];
$config_quote_next_number = $row['config_quote_next_number'];
$config_quote_next_number = intval($row['config_quote_next_number']);
$config_quote_footer = $row['config_quote_footer'];
$config_quote_from_name = $row['config_quote_from_name'];
$config_quote_from_email = $row['config_quote_from_email'];
// Tickets
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_next_number = intval($row['config_ticket_next_number']);
$config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email'];
$config_ticket_email_parse = $row['config_ticket_email_parse'];
$config_ticket_email_parse = intval($row['config_ticket_email_parse']);
$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications'];
// Alerts
$config_enable_cron = $row['config_enable_cron'];
$config_enable_cron = intval($row['config_enable_cron']);
$config_recurring_auto_send_invoice = $row['config_recurring_auto_send_invoice'];
$config_enable_alert_domain_expire = $row['config_enable_alert_domain_expire'];
$config_send_invoice_reminders = $row['config_send_invoice_reminders'];
$config_invoice_overdue_reminders = $row['config_invoice_overdue_reminders'];
$config_recurring_auto_send_invoice = intval($row['config_recurring_auto_send_invoice']);
$config_enable_alert_domain_expire = intval($row['config_enable_alert_domain_expire']);
$config_send_invoice_reminders = intval($row['config_send_invoice_reminders']);
$config_invoice_overdue_reminders = intval($row['config_invoice_overdue_reminders']);
// Online Payment
$config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_enable = intval($row['config_stripe_enable']);
$config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
$config_stripe_account = $row['config_stripe_account'];
// Modules
$config_module_enable_itdoc = $row['config_module_enable_itdoc'];
$config_module_enable_ticketing = $row['config_module_enable_ticketing'];
$config_module_enable_accounting = $row['config_module_enable_accounting'];
$config_module_enable_itdoc = intval($row['config_module_enable_itdoc']);
$config_module_enable_ticketing = intval($row['config_module_enable_ticketing']);
$config_module_enable_accounting = intval($row['config_module_enable_accounting']);
// Currency
$config_currency_format = "US_en";
@ -316,13 +316,6 @@ $countries_array = array(
"Zimbabwe"
);
$timezones_array = array(
'US/Eastern',
'US/Central',
'US/Mountain',
'US/Pacific'
);
$currencies_array = array(
'ALL' => 'Albania Lek',
'AFN' => 'Afghanistan Afghani',

36
global_search.php
View File

@ -4,7 +4,7 @@ require_once("inc_all.php");
if (isset($_GET['query'])) {
$query = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['query'])));
$query = sanitizeInput($_GET['query']);
$phone_query = preg_replace("/[^0-9]/", '', $query);
if (empty($phone_query)) {
@ -24,7 +24,7 @@ if (isset($_GET['query'])) {
$q = htmlentities($_GET['query']);
?>
<h4 class="text-center"><i class="fa fa-search"></i> Search all things</h4>
<h4 class="text-center"><i class="fas fa-fw fa-search mr-2"></i>Search all things</h4>
<hr>
<div class="row">
@ -35,7 +35,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-users"></i> Clients</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-users mr-2"></i>Clients</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -49,7 +49,7 @@ if (isset($_GET['query'])) {
<?php
while ($row = mysqli_fetch_array($sql_clients)) {
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$location_phone = formatPhoneNumber($row['location_phone']);
$client_website = htmlentities($row['client_website']);
@ -77,7 +77,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-users"></i> Contacts</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-users mr-2"></i>Contacts</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -94,14 +94,14 @@ if (isset($_GET['query'])) {
<?php
while ($row = mysqli_fetch_array($sql_contacts)) {
$contact_id = $row['contact_id'];
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = htmlentities($row['contact_email']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$contact_department = htmlentities($row['contact_department']);
@ -133,7 +133,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-building"></i> Vendors</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-building mr-2"></i>Vendors</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -175,7 +175,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-box"></i> Products</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-box mr-2"></i>Products</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -214,7 +214,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-file-alt"></i> Documents</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-file-alt mr-2"></i>Documents</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -230,9 +230,9 @@ if (isset($_GET['query'])) {
while ($row = mysqli_fetch_array($sql_documents)) {
$document_name = htmlentities($row['document_name']);
$document_client_id = $row['document_client_id'];
$document_client_id = intval($row['document_client_id']);
$document_client = htmlentities($row['client_name']);
$document_updated = $row['document_updated_at'];
$document_updated = htmlentities($row['document_updated_at']);
?>
<tr>
@ -258,7 +258,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-tags"></i> Tickets</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-life-ring mr-2"></i>Tickets</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -274,9 +274,9 @@ if (isset($_GET['query'])) {
<?php
while ($row = mysqli_fetch_array($sql_tickets)) {
$ticket_id = $row['ticket_id'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_client = htmlentities($row['client_name']);
$ticket_status = htmlentities($row['ticket_status']);
@ -307,7 +307,7 @@ if (isset($_GET['query'])) {
<div class="col-6">
<div class="card mb-3">
<div class="card-header">
<h6 class="mt-1"><i class="fa fa-key"></i> Logins</h6>
<h6 class="mt-1"><i class="fas fa-fw fa-key mr-2"></i>Logins</h6>
</div>
<div class="card-body">
<table class="table table-striped table-borderless">
@ -323,7 +323,7 @@ if (isset($_GET['query'])) {
while ($row = mysqli_fetch_array($sql_logins)) {
$login_name = htmlentities($row['login_name']);
$login_client_id = $row['login_client_id'];
$login_client_id = intval($row['login_client_id']);
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password']));

8
guest_ajax.php
View File

@ -22,7 +22,7 @@ if (isset($_GET['stripe_create_pi'])) {
$jsonStr = file_get_contents('php://input');
$jsonObj = json_decode($jsonStr, true);
$invoice_id = intval($jsonObj['invoice_id']);
$url_key = mysqli_real_escape_string($mysqli, $jsonObj['url_key']);
$url_key = sanitizeInput($jsonObj['url_key']);
// Query invoice details
$invoice_sql = mysqli_query(
@ -43,16 +43,16 @@ if (isset($_GET['stripe_create_pi'])) {
// Invoice exists - get details for payment
$row = mysqli_fetch_array($invoice_sql);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
// Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$amount_paid = floatval($row['amount_paid']);
$balance_to_pay = $invoice_amount - $amount_paid;
if (intval($balance_to_pay) == 0) {

28
guest_download_file.php
View File

@ -3,14 +3,14 @@
require_once("config.php");
require_once("functions.php");
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ip = sanitizeInput(getIP());
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
if (isset($_GET['id']) && isset($_GET['key'])) {
$item_id = intval($_GET['id']);
$item_key = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['key'])));
$item_key = sanitizeInput($_GET['key']);
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_id' AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
// Check result
@ -28,8 +28,8 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
exit("Item cannot be viewed at this time.");
}
$item_related_id = $row['item_related_id'];
$client_id = $row['item_client_id'];
$item_related_id = intval($row['item_related_id']);
$client_id = intval($row['item_client_id']);
if (empty($row['item_views'])) {
$item_views = 0;
@ -37,18 +37,18 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$item_views = intval($row['item_views']);
}
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
exit("No file.");
}
$file_name = strip_tags(mysqli_real_escape_string($mysqli, $file_row['file_name']));
$file_ext = $file_row['file_ext'];
$file_reference_name = $file_row['file_reference_name'];
$client_id = $file_row['file_client_id'];
$company_id = $file_row['company_id'];
$file_name = sanitizeInput($file_row['file_name']);
$file_ext = sanitizeInput($file_row['file_ext']);
$file_reference_name = sanitizeInput($file_row['file_reference_name']);
$client_id = intval($file_row['file_client_id']);
$company_id = intval($file_row['company_id']);
$file_path = "uploads/clients/$company_id/$client_id/$file_reference_name";
// Display file as download
@ -59,9 +59,9 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
// Update file view count
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1");
}

10
guest_header.php
View File

@ -5,10 +5,10 @@ require_once("functions.php");
session_start();
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
$ua = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli, getOS($ua)));
$browser = strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($ua)));
$ip = sanitizeInput(getIP());
$ua = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$os = sanitizeInput(getOS($ua));
$browser = sanitizeInput(getWebBrowser($ua));
?>
@ -52,7 +52,7 @@ $browser = strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($ua)));
}
?>
<div class="alert alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
<?php echo $_SESSION['alert_message']; ?>
<?php echo htmlentities($_SESSION['alert_message']); ?>
<button class='close' data-dismiss='alert'>&times;</button>
</div>
<?php

30
guest_pay_invoice_stripe.php
View File

@ -24,7 +24,7 @@ if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_s
// Users are directed to this page with the invoice_id and url_key params to make a payment
if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent'])) {
$invoice_url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$invoice_url_key = sanitizeInput($_GET['url_key']);
$invoice_id = intval($_GET['invoice_id']);
// Query invoice details
@ -51,22 +51,22 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Process invoice, client and company details/settings
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$company_locale = htmlentities($row['company_locale']);
// Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$amount_paid = floatval($row['amount_paid']);
$balance_to_pay = $invoice_amount - $amount_paid;
// Get invoice items
@ -162,7 +162,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
} elseif (isset($_GET['payment_intent'], $_GET['payment_intent_client_secret'])) {
// Params from GET
$pi_id = mysqli_real_escape_string($mysqli, $_GET['payment_intent']);
$pi_id = sanitizeInput($_GET['payment_intent']);
$pi_cs = $_GET['payment_intent_client_secret'];
// Initialize stripe
@ -187,7 +187,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$pi_invoice_id = intval($pi_obj->metadata->itflow_invoice_id);
$pi_client_id = intval($pi_obj->metadata->itflow_client_id);
$pi_amount_paid = floatval(($pi_obj->amount_received / 100));
$pi_currency = strtoupper(mysqli_real_escape_string($mysqli, $pi_obj->currency));
$pi_currency = strtoupper(sanitizeInput($pi_obj->currency));
$pi_livemode = $pi_obj->livemode;
// Get/Check invoice (& client/primary contact)
@ -211,12 +211,12 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$row = mysqli_fetch_array($invoice_sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_company_id = intval($row['company_id']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];
@ -244,11 +244,11 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id AND company_id = $invoice_company_id");
// Add Payment to History
mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = '$pi_amount_paid', payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
// Notify
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $pi_client_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_client_id = $pi_client_id, company_id = $invoice_company_id");
// Logging
$extended_log_desc = '';
@ -262,7 +262,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$row = mysqli_fetch_array($sql_settings);
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = $row['config_smtp_port'];
$config_smtp_port = intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
@ -295,7 +295,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
} else {
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Email Receipt Failed!', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', notification_timestamp = NOW(), company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $invoice_company_id");
}
}

10
guest_post.php
View File

@ -9,7 +9,7 @@ if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
$quote_id = intval($_GET['accept_quote']);
$company_id = intval($_GET['company_id']);
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");
@ -17,7 +17,7 @@ if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Accepted' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_quote_id = $quote_id, company_id = $company_id");
$_SESSION['alert_message'] = "Quote Accepted";
@ -32,15 +32,15 @@ if (isset($_GET['decline_quote'], $_GET['company_id'], $_GET['url_key'])) {
$quote_id = intval($_GET['decline_quote']);
$company_id = intval($_GET['company_id']);
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND quote_url_key = '$url_key' AND company_id = $company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");
if (mysqli_num_rows($sql) == 1) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Declined' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_quote_id = $quote_id, company_id = $company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Quote Declined";

80
guest_view_invoice.php
View File

@ -8,7 +8,7 @@ if (!isset($_GET['invoice_id'], $_GET['url_key'])) {
exit();
}
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$url_key = sanitizeInput($_GET['url_key']);
$invoice_id = intval($_GET['invoice_id']);
$sql = mysqli_query(
@ -31,17 +31,17 @@ if (mysqli_num_rows($sql) !== 1) {
}
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']);
$invoice_category_id = $row['invoice_category_id'];
$client_id = $row['client_id'];
$invoice_category_id = intval($row['invoice_category_id']);
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
@ -53,11 +53,11 @@ $contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
$client_net_terms = intval(($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']);
}
$company_id = $row['company_id'];
$company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
@ -72,7 +72,7 @@ if (!empty($company_logo)) {
}
$company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']);
$config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_enable = intval($row['config_stripe_enable']);
$config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
@ -90,18 +90,18 @@ if ($invoice_status == 'Sent') {
}
//Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $company_id");
if ($invoice_status !== 'Paid') {
$client_name_escaped = mysqli_real_escape_string($mysqli, $row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
$client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id, company_id = $company_id");
}
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$amount_paid = floatval($row['amount_paid']);
$balance = $invoice_amount - $amount_paid;
@ -122,12 +122,12 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
<div class="card">
<div class="card-header bg-light d-print-none">
<div class="float-right">
<a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fa fa-fw fa-history"></i> Invoice History</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a>
<a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fas fa-fw fa-history mr-2"></i>Invoice History</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download mr-2"></i>Download</a>
<?php
if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card"></i> Pay Online</a>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card mr-2"></i>Pay Online</a>
<?php } ?>
</div>
</div>
@ -206,11 +206,11 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
<tbody>
<?php
$total_tax = 0;
$sub_total = 0;
$total_tax = 0.00;
$sub_total = 0.00;
while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_id = $row['item_id'];
$item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']);
@ -372,7 +372,7 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
style: 'invoiceDateTitle'
},
{
text: <?php echo json_encode($invoice_date) ?>,
text: <?php echo json_encode(html_entity_decode($invoice_date)) ?>,
style: 'invoiceDateValue'
},
],
@ -383,7 +383,7 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
style: 'invoiceDateTitle'
},
{
text: <?php echo json_encode($invoice_due) ?>,
text: <?php echo json_encode(html_entity_decode($invoice_due)) ?>,
style: 'invoiceDateValue'
},
],
@ -716,7 +716,7 @@ if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none card-danger">
<div class="card-header">
<strong><i class="fa fa-fw fa-exclamation-triangle"></i> Previous Unpaid Invoices</strong>
<strong><i class="fa fa-fw fa-exclamation-triangle mr-2"></i>Previous Unpaid Invoices</strong>
</div>
<div card="card-body">
<table class="table">
@ -732,11 +732,11 @@ if (mysqli_num_rows($sql) > 1) { ?>
<?php
while ($row = mysqli_fetch_array($sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_number = intval($row['invoice_number']);
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
@ -774,7 +774,7 @@ if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none card-light">
<div class="card-header">
<strong><i class="fa fa-fw fa-clock"></i> Current Invoices</strong>
<strong><i class="fas fa-fw fa-clock mr-2"></i>Current Invoices</strong>
</div>
<div card="card-body">
<table class="table">
@ -790,11 +790,11 @@ if (mysqli_num_rows($sql) > 1) { ?>
<?php
while ($row = mysqli_fetch_array($sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_number = intval($row['invoice_number']);
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
@ -832,7 +832,7 @@ if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none collapse" id="collapsePreviousInvoices">
<div class="card-header bg-dark">
<strong><i class="fa fa-fw fa-history"></i> Previous Invoices Paid</strong>
<strong><i class="fas fa-fw fa-history mr-2"></i>Previous Invoices Paid</strong>
</div>
<div card="card-body">
<table class="table">
@ -848,11 +848,11 @@ if (mysqli_num_rows($sql) > 1) { ?>
<?php
while ($row = mysqli_fetch_array($sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_number = intval($row['invoice_number']);
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
@ -876,8 +876,8 @@ if (mysqli_num_rows($sql) > 1) { ?>
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = $invoice_id ORDER BY payment_date DESC");
while ($row = mysqli_fetch_array($sql_payments)) {
$payment_id = $row['payment_id'];
$payment_date = $row['payment_date'];
$payment_id = intval($row['payment_id']);
$payment_date = htmlentities($row['payment_date']);
$payment_amount = floatval($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']);
$payment_method = htmlentities($row['payment_method']);

28
guest_view_item.php
View File

@ -18,9 +18,9 @@ if (!isset($_GET['id']) || !isset($_GET['key'])) {
}
$item_id = intval($_GET['id']);
$item_key = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['key'])));
$item_key = sanitizeInput($_GET['key']);
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_id' AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
// Check we got a result
@ -42,16 +42,16 @@ if ($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']
echo "<div class=\"alert alert-warning\" role=\"alert\">You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>";
$item_type = htmlentities($row['item_type']);
$item_related_id = $row['item_related_id'];
$item_related_id = intval($row['item_related_id']);
$item_encrypted_credential = htmlentities($row['item_encrypted_credential']);
$item_note = htmlentities($row['item_note']);
$item_views = intval($row['item_views']);
$item_created = $row['item_created_at'];
$item_expire = $row['item_expire_at'];
$client_id = $row['item_client_id'];
$item_created = htmlentities($row['item_created_at']);
$item_expire = htmlentities($row['item_expire_at']);
$client_id = intval($row['item_client_id']);
if ($item_type == "Document") {
$doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id' LIMIT 1");
$doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $item_related_id AND document_client_id = $client_id LIMIT 1");
$doc_row = mysqli_fetch_array($doc_sql);
if (mysqli_num_rows($doc_sql) !== 1 || !$doc_row) {
@ -73,14 +73,14 @@ if ($item_type == "Document") {
// Update document view count
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging
$name = mysqli_real_escape_string($mysqli, $doc_title);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1");
} elseif ($item_type == "File") {
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
@ -101,7 +101,7 @@ if ($item_type == "Document") {
} elseif ($item_type == "Login") {
$encryption_key = $_GET['ek'];
$login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id' LIMIT 1");
$login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id LIMIT 1");
$login_row = mysqli_fetch_array($login_sql);
if (mysqli_num_rows($login_sql) !== 1 || !$login_row) {
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving login.</div>";
@ -138,11 +138,11 @@ if ($item_type == "Document") {
// Update login view count
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging
$name = mysqli_real_escape_string($mysqli, $login_name);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
$name = sanitizeInput($login_row['login_name']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1");
}

40
guest_view_quote.php
View File

@ -9,7 +9,7 @@ if (!isset($_GET['quote_id'], $_GET['url_key'])) {
}
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$url_key = sanitizeInput($_GET['url_key']);
$quote_id = intval($_GET['quote_id']);
$sql = mysqli_query(
@ -33,16 +33,16 @@ if (mysqli_num_rows($sql) !== 1) {
$row = mysqli_fetch_array($sql);
$quote_id = $row['quote_id'];
$quote_id = intval($row['quote_id']);
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_number = intval($row['quote_number']);
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_date = htmlentities($row['quote_date']);
$quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']);
$category_id = $row['category_id'];
$client_id = $row['client_id'];
$category_id = intval($row['category_id']);
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
@ -54,11 +54,11 @@ $contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
$client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']);
}
$company_id = $row['company_id'];
$company_id = intval($row['company_id']);
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
@ -83,11 +83,11 @@ if ($quote_status == 'Sent') {
}
//Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_quote_id = $quote_id, company_id = $company_id");
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
$client_name_escaped = mysqli_escape_string($mysqli, $row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
$client_name_escaped = sanitizeInput($row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_client_id = $client_id, company_id = $company_id");
}
?>
@ -99,14 +99,20 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<?php
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
?>
<a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-check"></i> Accept</a>
<a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-times"></i> Decline</a>
<a class="btn btn-success" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept
</a>
<a class="btn btn-danger" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&company_id=<?php echo $company_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline
</a>
<?php } ?>
</div>
<div class="float-right">
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$quote_date-$company_name-QUOTE-$quote_prefix$quote_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$quote_date-$company_name-QUOTE-$quote_prefix$quote_number.pdf"; ?>');">
<i class="fa fa-fw fa-download mr-2"></i>Download
</a>
</div>
</div>
<div class="card-body">
@ -182,7 +188,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
$total_tax = $sub_total = 0; // Default 0
while ($row = mysqli_fetch_array($sql_items)) {
$item_id = $row['item_id'];
$item_id = intval($row['item_id']);
$item_name = htmlentities($row['item_name']);
$item_description = htmlentities($row['item_description']);
$item_quantity = floatval($row['item_quantity']);
@ -343,7 +349,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
style: 'invoiceDateTitle'
},
{
text: <?php echo json_encode($quote_date) ?>,
text: <?php echo json_encode(html_entity_decode($quote_date)) ?>,
style: 'invoiceDateValue'
},
],

34
inc_all_client.php
View File

@ -31,29 +31,29 @@ if (isset($_GET['client_id'])) {
$client_website = htmlentities($row['client_website']);
$client_referral = htmlentities($row['client_referral']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = $row['client_net_terms'];
$client_net_terms = intval($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms;
}
$client_notes = htmlentities($row['client_notes']);
$client_created_at = $row['client_created_at'];
$primary_contact = $row['primary_contact'];
$primary_location = $row['primary_location'];
$contact_id = $row['contact_id'];
$client_created_at = htmlentities($row['client_created_at']);
$primary_contact = intval($row['primary_contact']);
$primary_location = intval($row['primary_location']);
$contact_id = intval($row['contact_id']);
$contact_name = htmlentities($row['contact_name']);
$contact_title = htmlentities($row['contact_title']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = $row['contact_phone'];
$contact_extension = $row['contact_extension'];
$contact_mobile = $row['contact_mobile'];
$location_id = $row['location_id'];
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$location_id = intval($row['location_id']);
$location_name = htmlentities($row['location_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$location_country = htmlentities($row['location_country']);
$location_phone = $row['location_phone'];
$location_phone = formatPhoneNumber($row['location_phone']);
//Client Tags
@ -62,7 +62,7 @@ if (isset($_GET['client_id'])) {
$sql_client_tags = mysqli_query($mysqli, "SELECT * FROM client_tags LEFT JOIN tags ON client_tags.tag_id = tags.tag_id WHERE client_tags.client_id = $client_id");
while ($row = mysqli_fetch_array($sql_client_tags)) {
$client_tag_id = $row['tag_id'];
$client_tag_id = intval($row['tag_id']);
$client_tag_name = htmlentities($row['tag_name']);
$client_tag_color = htmlentities($row['tag_color']);
$client_tag_icon = htmlentities($row['tag_icon']);
@ -79,12 +79,12 @@ if (isset($_GET['client_id'])) {
$sql_invoice_amounts = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled'");
$row = mysqli_fetch_array($sql_invoice_amounts);
$invoice_amounts = $row['invoice_amounts'];
$invoice_amounts = floatval($row['invoice_amounts']);
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$amount_paid = floatval($row['amount_paid']);
$balance = $invoice_amounts - $amount_paid;
@ -92,13 +92,13 @@ if (isset($_GET['client_id'])) {
$sql_recurring_monthly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_monthly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'month' AND recurring_client_id = $client_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_recurring_monthly_total);
$recurring_monthly_total = $row['recurring_monthly_total'];
$recurring_monthly_total = floatval($row['recurring_monthly_total']);
//Get Yearly Recurring Total
$sql_recurring_yearly_total = mysqli_query($mysqli, "SELECT SUM(recurring_amount) AS recurring_yearly_total FROM recurring WHERE recurring_status = 1 AND recurring_frequency = 'year' AND recurring_client_id = $client_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_recurring_yearly_total);
$recurring_yearly_total = $row['recurring_yearly_total'] / 12;
$recurring_yearly_total = floatval($row['recurring_yearly_total']) / 12;
$recurring_monthly = $recurring_monthly_total + $recurring_yearly_total;
@ -197,7 +197,7 @@ if (isset($_GET['client_id'])) {
AND domain_archived_at IS NULL
AND company_id = $session_company_id"
));
$num_domains_expiring = $row['num'];
$num_domains_expiring = intval($row['num']);
// Count Certificates Expiring within 30 Days
$row = mysqli_fetch_assoc(mysqli_query(
@ -209,7 +209,7 @@ if (isset($_GET['client_id'])) {
AND certificate_archived_at IS NULL
AND company_id = $session_company_id"
));
$num_certs_expiring = $row['num'];
$num_certs_expiring = intval($row['num']);
// Get Asset Warranties Expiring
$sql_asset_warranties_expiring = mysqli_query(

28
inc_client_top_head.php
View File

@ -1,11 +1,3 @@
<?php
$contact_phone = formatPhoneNumber($contact_phone);
$contact_mobile = formatPhoneNumber($contact_mobile);
$location_phone = formatPhoneNumber($location_phone);
?>
<div class="card">
<div class="card-body">
<div class="row">
@ -89,14 +81,24 @@ $location_phone = formatPhoneNumber($location_phone);
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export Data PDF<br><small class="text-secondary">(without passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export Data PDF<br><small class="text-secondary">(with passwords)</small></a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit Client
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit Client</a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">
<i class="fas fa-fw fa-download mr-2"></i>Export Data PDF<br><small class="text-secondary">(without passwords)</small>
</a>
<a class="dropdown-item text-danger" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">
<i class="fas fa-fw fa-download mr-2"></i>Export Data PDF<br><small class="text-secondary">(with passwords)</small>
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive Client</a>
<a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive Client
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete Client</a>
<a class="dropdown-item text-danger text-bold" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete Client
</a>
</div>
</div>
<?php } ?>

6
invoice_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-file mr-2"></i>New Invoice</h5>
<h5 class="modal-title"><i class="fas fa-fw fa-file mr-2"></i>New Invoice</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -37,7 +37,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
?>
<option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@ -63,7 +63,7 @@
$sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$category_id = $row['category_id'];
$category_id = intval($row['category_id']);
$category_name = htmlentities($row['category_name']);
?>
<option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>

6
invoice_copy_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-copy mr-2"></i>Copying invoice: <strong><?php echo "$invoice_prefix$invoice_number"; ?></strong> - <?php echo $client_name; ?></h5>
<h5 class="modal-title"><i class="fas fa-fw fa-copy mr-2"></i>Copying invoice: <strong><?php echo "$invoice_prefix$invoice_number"; ?></strong> - <?php echo $client_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -24,8 +24,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_invoice_copy" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Copy</button>
<button type="submit" name="add_invoice_copy" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Copy</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

8
invoice_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file"></i> Editing invoice: <strong><?php echo "$invoice_prefix$invoice_number"; ?></strong> - <?php echo $client_name; ?></h5>
<h5 class="modal-title"><i class="fas fa-fw fa-file mr-2"></i>Editing invoice: <strong><?php echo "$invoice_prefix$invoice_number"; ?></strong> - <?php echo $client_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -44,7 +44,7 @@
$sql_income_category = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC");
while ($row = mysqli_fetch_array($sql_income_category)) {
$category_id_select= $row['category_id'];
$category_id_select= intval($row['category_id']);
$category_name_select = htmlentities($row['category_name']);
?>
<option <?php if ($category_id == $category_id_select) { echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
@ -71,8 +71,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_invoice" class="btn btn-primary"><strong><i class="fas fa-check"></i> Save</strong></button>
<button type="submit" name="edit_invoice" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

4
invoice_note_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fas fa-edit mr-2"></i>Invoice Notes</h5>
<h5 class="modal-title text-white"><i class="fas fa-fw fa-edit mr-2"></i>Invoice Notes</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -16,7 +16,7 @@
</div>
<div class="modal-footer bg-white">
<button type="submit" name="invoice_note" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Close</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

16
invoice_payment_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-credit-card mr-2"></i><?php echo "$invoice_prefix$invoice_number"; ?>: Make Payment</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-credit-card mr-2"></i><?php echo "$invoice_prefix$invoice_number"; ?>: Make Payment</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -56,21 +56,21 @@
$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql)) {
$account_id = $row['account_id'];
$account_id = intval($row['account_id']);
$account_name = htmlentities($row['account_name']);
$opening_balance = $row['opening_balance'];
$opening_balance = floatval($row['opening_balance']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments'];
$total_payments = floatval($row['total_payments']);
$sql_revenues = mysqli_query($mysqli, "SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id");
$row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues'];
$total_revenues = floatval($row['total_revenues']);
$sql_expenses = mysqli_query($mysqli, "SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id");
$row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses'];
$total_expenses = floatval($row['total_expenses']);
$account_balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
@ -132,8 +132,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_payment" class="btn btn-primary"><strong><i class="fas fa-check"></i> Pay</strong></button>
<button type="submit" name="add_payment" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Pay</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

6
invoice_recurring_add_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-copy mr-2"></i>Make <?php echo "$invoice_prefix$invoice_number"; ?> Recurring</h5>
<h5 class="modal-title"><i class="fas fa-fw fa-copy mr-2"></i>Make <?php echo "$invoice_prefix$invoice_number"; ?> Recurring</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
@ -28,8 +28,8 @@
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_invoice_recurring" class="btn btn-primary"><strong><i class="fas fa-check"></i> Create Invoice</strong></button>
<button type="submit" name="add_invoice_recurring" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Create Invoice</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fas fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>

32
invoices.php
View File

@ -22,32 +22,32 @@ $overdue_count = $row['num'];
$sql_total_draft = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_draft);
$total_draft = $row['total_draft'];
$total_draft = floatval($row['total_draft']);
$sql_total_sent = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_sent);
$total_sent = $row['total_sent'];
$total_sent = floatval($row['total_sent']);
$sql_total_viewed = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_viewed);
$total_viewed = $row['total_viewed'];
$total_viewed = floatval($row['total_viewed']);
$sql_total_cancelled = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_cancelled);
$total_cancelled = $row['total_cancelled'];
$total_cancelled = floatval($row['total_cancelled']);
$sql_total_partial = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoices.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_partial);
$total_partial = $row['total_partial'];
$total_partial = floatval($row['total_partial']);
$total_partial_count = mysqli_num_rows($sql_total_partial);
$sql_total_overdue_partial = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_overdue_partial);
$total_overdue_partial = $row['total_overdue_partial'];
$total_overdue_partial = floatval($row['total_overdue_partial']);
$sql_total_overdue = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_overdue);
$total_overdue = $row['total_overdue'];
$total_overdue = floatval($row['total_overdue']);
$real_overdue_amount = $total_overdue - $total_overdue_partial;
@ -196,7 +196,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-file-invoice mr-2"></i>Invoices</h3>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-file-invoice mr-2"></i>Invoices</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addInvoiceModal"><i class="fas fa-plus mr-2"></i>New Invoice</button>
</div>
@ -325,14 +325,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editInvoiceModal<?php echo $invoice_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addInvoiceCopyModal<?php echo $invoice_id; ?>">Copy</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editInvoiceModal<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addInvoiceCopyModal<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<div class="dropdown-divider"></div>
<?php if (!empty($config_smtp_host)) { ?>
<a class="dropdown-item" href="post.php?email_invoice=<?php echo $invoice_id; ?>">Send</a>
<a class="dropdown-item" href="post.php?email_invoice=<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-paper-plane mr-2"></i>Send
</a>
<div class="dropdown-divider"></div>
<?php } ?>
<a class="dropdown-item text-danger" href="post.php?delete_invoice=<?php echo $invoice_id; ?>">Delete</a>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_invoice=<?php echo $invoice_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>

6
item_edit_modal.php
View File

@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-edit mr-2"></i>Editing Line Item: <strong><?php echo $item_name; ?></strong></h5>
<h5 class="modal-title"><i class="fas fa-fw fa-edit mr-2"></i>Editing Line Item: <strong><?php echo $item_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@ -79,9 +79,9 @@
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE (tax_archived_at > '$item_created_at' OR tax_archived_at IS NULL) AND company_id = $session_company_id ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id_select = $row['tax_id'];
$tax_id_select = intval($row['tax_id']);
$tax_name = htmlentities($row['tax_name']);
$tax_percent = $row['tax_percent'];
$tax_percent = floatval($row['tax_percent']);
?>
<option <?php if ($tax_id_select == $tax_id) { echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>

16
login.php
View File

@ -39,7 +39,7 @@ $company_logo = $row['company_logo'];
// Mail
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = $row['config_smtp_port'];
$config_smtp_port = intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
@ -61,12 +61,12 @@ if (isset($_POST['login'])) {
session_start();
// Passed login brute force check
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$email = sanitizeInput($_POST['email']);
$password = $_POST['password'];
$current_code = 0; // Default value
if (isset($_POST['current_code'])) {
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
$current_code = sanitizeInput($_POST['current_code']);
}
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
@ -88,10 +88,10 @@ if (isset($_POST['login'])) {
// FULL LOGIN SUCCESS - 2FA not configured or was successful
// Check this login isn't suspicious
$sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ip_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_ip = '$ip' AND log_user_id = '$user_id'"));
$sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ip_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_ip = '$ip' AND log_user_id = $user_id"));
$ip_previous_logins = sanitizeInput($sql_ip_prev_logins['ip_previous_logins']);
$sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ua_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_user_agent = '$user_agent' AND log_user_id = '$user_id'"));
$sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ua_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_user_agent = '$user_agent' AND log_user_id = $user_id"));
$ua_prev_logins = sanitizeInput($sql_ua_prev_logins['ua_previous_logins']);
// Notify if both the user agent and IP are different
@ -127,7 +127,7 @@ if (isset($_POST['login'])) {
// Session info
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_role'] = $row['user_role'];
$_SESSION['user_role'] = intval($row['user_role']);
$_SESSION['csrf_token'] = randomString(156);
$_SESSION['logged'] = true;
@ -176,7 +176,7 @@ if (isset($_POST['login'])) {
if ($current_code !== 0) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
// Email the tech to advise their credentials may be compromised
if (!empty($config_smtp_host)) {
@ -211,7 +211,7 @@ if (isset($_POST['login'])) {
// Password incorrect or user doesn't exist - show generic error
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
$response = "
<div class='alert alert-danger'>

24
logs.php
View File

@ -3,7 +3,7 @@
require_once("inc_all_settings.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "log_id";
}
@ -22,8 +22,8 @@ if (empty($_GET['canned_date'])) {
//Date Filter
if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
$dtf = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtf']));
$dtt = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtt']));
$dtf = sanitizeInput($_GET['dtf']);
$dtt = sanitizeInput($_GET['dtt']);
} elseif ($_GET['canned_date'] == "today") {
$dtf = date('Y-m-d');
$dtt = date('Y-m-d');
@ -72,14 +72,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fa fa-fw fa-eye"></i> Audit Logs</h3>
<h3 class="card-title"><i class="fas fa-fw fa-eye mr-2"></i>Audit Logs</h3>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search audit logs">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search audit logs">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
@ -108,13 +108,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-2">
<div class="form-group">
<label>Date From</label>
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
<input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
</div>
</div>
<div class="col-md-2">
<div class="form-group">
<label>Date To</label>
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
<input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
</div>
</div>
</div>
@ -140,7 +140,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$log_id = $row['log_id'];
$log_id = intval($row['log_id']);
$log_type = htmlentities($row['log_type']);
$log_action = htmlentities($row['log_action']);
$log_description = htmlentities($row['log_description']);
@ -148,8 +148,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$log_user_agent = htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];
$log_created_at = htmlentities($row['log_created_at']);
$user_id = intval($row['user_id']);
$user_name = htmlentities($row['user_name']);
if (empty($user_name)) {
$user_name_display = "-";
@ -157,13 +157,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$user_name_display = $user_name;
}
$client_name = htmlentities($row['client_name']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
if (empty($client_name)) {
$client_name_display = "-";
} else {
$client_name_display = "<a href='client_logs.php?client_id=$client_id&tab=logs'>$client_name</a>";
}
$log_entity_id = $row['log_entity_id'];
$log_entity_id = intval($row['log_entity_id']);
?>

14
notifications.php
View File

@ -8,11 +8,11 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-bell"></i> Notifications</h3>
<h3 class="card-title mt-2"><i class="fas fa-fw fa-bell mr-2"></i>Notifications</h3>
<div class="card-tools">
<?php if (mysqli_num_rows($sql) > 0) { ?><a href="post.php?dismiss_all_notifications" class="btn btn-primary"><i class="fa fa-check"></i> Dismiss All</a><?php } ?>
<a href="notifications_dismissed.php" class="btn btn-secondary"><i class="fa fa-history"></i> Dismissed</a>
<?php if (mysqli_num_rows($sql) > 0) { ?><a href="post.php?dismiss_all_notifications" class="btn btn-primary"><i class="fas fa-fw fa-check mr-2"></i>Dismiss All</a><?php } ?>
<a href="notifications_dismissed.php" class="btn btn-secondary"><i class="fas fa-fw fa-history mr-2"></i>Dismissed</a>
</div>
</div>
<div class="card-body">
@ -33,12 +33,12 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
<?php
while ($row = mysqli_fetch_array($sql)) {
$notification_id = $row['notification_id'];
$notification_id = intval($row['notification_id']);
$notification_type = htmlentities($row['notification_type']);
$notification = htmlentities($row['notification']);
$notification_timestamp = $row['notification_timestamp'];
$notification_timestamp = htmlentities($row['notification_timestamp']);
$client_name = htmlentities($row['client_name']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
if (empty($client_name)) {
$client_name_display = "-";
} else {
@ -51,7 +51,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM notifications LEFT JOIN clients ON n
<td><?php echo $notification_type; ?></td>
<td><?php echo $notification; ?></td>
<td><?php echo $client_name_display; ?></td>
<td class="text-center"><a class="btn btn-info btn-sm" href="post.php?dismiss_notification=<?php echo $notification_id; ?>"><i class="fa fa-check"></a></td>
<td class="text-center"><a class="btn btn-info btn-sm" href="post.php?dismiss_notification=<?php echo $notification_id; ?>"><i class="fas fa-check"></a></td>
</tr>
<?php } ?>

18
notifications_dismissed.php
View File

@ -3,7 +3,7 @@ require_once("inc_all.php");
//Column Filter
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "notification_timestamp";
}
@ -16,8 +16,8 @@ if (!isset($_GET['o'])) {
//Date From and Date To Filter
if (!empty($_GET['dtf'])) {
$dtf = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtf']));
$dtt = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtt']));
$dtf = sanitizeInput($_GET['dtf']);
$dtt = sanitizeInput($_GET['dtt']);
} else {
$dtf = "0000-00-00";
$dtt = "9999-00-00";
@ -47,14 +47,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fa fa-fw fa-bell"></i> Dismissed Notications</h3>
<h3 class="card-title"><i class="fas fa-fw fa-bell mr-2"></i>Dismissed Notications</h3>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
@ -98,14 +98,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$notification_id = $row['notification_id'];
$notification_timestamp = $row['notification_timestamp'];
$notification_id = intval($row['notification_id']);
$notification_timestamp = htmlentities($row['notification_timestamp']);
$notification_type = htmlentities($row['notification_type']);
$notification = htmlentities($row['notification']);
$notification_dismissed_at = $row['notification_dismissed_at'];
$notification_dismissed_at = htmlentities($row['notification_dismissed_at']);
$user_name = htmlentities($row['user_name']);
$client_name = htmlentities($row['client_name']);
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
if (empty($client_name)) {
$client_name_display = "-";
} else {

20
payments.php
View File

@ -2,7 +2,7 @@
require_once("inc_all.php");
if (!empty($_GET['sb'])) {
$sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "payment_date";
}
@ -21,8 +21,8 @@ if (empty($_GET['canned_date'])) {
//Date Filter
if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
$dtf = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtf']));
$dtt = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtt']));
$dtf = sanitizeInput($_GET['dtf']);
$dtt = sanitizeInput($_GET['dtt']);
} elseif ($_GET['canned_date'] == "today") {
$dtf = date('Y-m-d');
$dtt = date('Y-m-d');
@ -73,7 +73,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fa fa-fw fa-credit-card"></i> Payments</h3>
<h3 class="card-title"><i class="fas fa-fw fa-credit-card mr-2"></i>Payments</h3>
</div>
<div class="card-body">
@ -81,7 +81,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="row">
<div class="col-sm-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo strip_tags(htmlentities($q));} ?>" placeholder="Search Payments">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(htmlentities($q));} ?>" placeholder="Search Payments">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
@ -141,12 +141,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
while ($row = mysqli_fetch_array($sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$payment_date = $row['payment_date'];
$invoice_date = htmlentities($row['invoice_date']);
$payment_date = htmlentities($row['payment_date']);
$payment_method = htmlentities($row['payment_method']);
$payment_amount = floatval($row['payment_amount']);
$payment_currency_code = htmlentities($row['payment_currency_code']);
@ -156,7 +156,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else {
$payment_reference_display = $payment_reference;
}
$client_id = $row['client_id'];
$client_id = intval($row['client_id']);
$client_name = htmlentities($row['client_name']);
$account_name = htmlentities($row['account_name']);

22
portal/check_login.php
View File

@ -21,14 +21,14 @@ if (!isset($_SESSION['client_logged_in']) || !$_SESSION['client_logged_in']) {
}
// User IP & UA
$session_ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$session_ip = sanitizeInput(getIP());
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Get info from session
$session_client_id = $_SESSION['client_id'];
$session_contact_id = $_SESSION['contact_id'];
$session_company_id = $_SESSION['company_id'];
$session_client_id = intval($_SESSION['client_id']);
$session_contact_id = intval($_SESSION['contact_id']);
$session_company_id = intval($_SESSION['company_id']);
// Get company info from database
@ -46,11 +46,11 @@ $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRE
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact = mysqli_fetch_array($contact_sql);
$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_name']));
$session_contact_name = sanitizeInput($contact['contact_name']);
$session_contact_initials = initials($session_contact_name);
$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_title']));
$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_email']));
$session_contact_photo = $contact['contact_photo'];
$session_contact_title = sanitizeInput($contact['contact_title']);
$session_contact_email = sanitizeInput($contact['contact_email']);
$session_contact_photo = sanitizeInput($contact['contact_photo']);
$session_contact_is_technical_contact = false;
$session_contact_is_billing_contact = false;
@ -64,8 +64,8 @@ if ($contact['contact_billing'] == 1) {
// Get client info
$client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$session_client_id'");
$client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $session_client_id");
$client = mysqli_fetch_array($client_sql);
$session_client_name = $client['client_name'];
$session_client_primary_contact_id = $client['primary_contact'];
$session_client_primary_contact_id = intval($client['primary_contact']);

8
portal/invoices.php
View File

@ -54,13 +54,13 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
<?php
while ($row = mysqli_fetch_array($invoices_sql)) {
$invoice_id = $row['invoice_id'];
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_number = intval($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_date = htmlentities($row['invoice_date']);
$invoice_due = htmlentities($row['invoice_due']);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_url_key = htmlentities($row['invoice_url_key']);

22
portal/login.php
View File

@ -21,21 +21,21 @@ if (!isset($_SESSION)) {
session_start();
}
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ip = sanitizeInput(getIP());
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = 1");
$settings = mysqli_fetch_array($sql_settings);
$azure_client_id = $settings['config_azure_client_id'];
$company_sql = mysqli_query($mysqli, "SELECT company_name, company_logo FROM companies WHERE company_id = '1'");
$company_sql = mysqli_query($mysqli, "SELECT company_name, company_logo FROM companies WHERE company_id = 1");
$company_results = mysqli_fetch_array($company_sql);
$company_name = $company_results['company_name'];
$company_logo = $company_results['company_logo'];
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$email = sanitizeInput($_POST['email']);
$password = $_POST['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
@ -47,22 +47,22 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
if (password_verify($password, $row['contact_password_hash'])) {
$_SESSION['client_logged_in'] = true;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['client_id'] = intval($row['contact_client_id']);
$_SESSION['contact_id'] = intval($row['contact_id']);
$_SESSION['company_id'] = intval($row['company_id']);
$_SESSION['login_method'] = "local";
header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");
} else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
} else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
}

40
portal/login_reset.php
View File

@ -24,10 +24,10 @@ if (!isset($_SESSION)) {
session_start();
}
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ip = sanitizeInput(getIP());
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = 1");
$company_results = mysqli_fetch_array($company_sql);
$company_name = $company_results['company_name'];
@ -40,21 +40,21 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
*/
if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$email = sanitizeInput($_POST['email']);
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$id = $row['contact_id'];
$id = intval($row['contact_id']);
$name = $row['contact_name'];
$client = $row['contact_client_id'];
$company = $row['company_id'];
$client = intval($row['contact_client_id']);
$company = intval($row['company_id']);
if ($row['contact_email'] == $email) {
$token = randomString(156);
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, company_id = $company");
// Send reset email
@ -77,7 +77,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Error handling
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
@ -97,16 +97,16 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$_SESSION['login_message'] = WORDING_ERROR;
}
$token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
$token = sanitizeInput($_POST['token']);
$email = sanitizeInput($_POST['email']);
$client = intval($_POST['client']);
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = $contact_row['contact_id'];
$contact_id = intval($contact_row['contact_id']);
$name = $contact_row['contact_name'];
$company = $contact_row['company_id'];
$company = intval($contact_row['company_id']);
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
@ -114,7 +114,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, company_id = $company");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
@ -137,7 +137,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Error handling
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
@ -192,9 +192,9 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
*/
if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) {
$token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client'])));
$token = sanitizeInput($_GET['token']);
$email = sanitizeInput($_GET['email']);
$client = intval($_GET['client']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
@ -250,7 +250,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<?php
// Show feedback from session
if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message'];
echo htmlentities($_SESSION['login_message']);
unset($_SESSION['login_message']);
}
?>

2
portal/portal_functions.php
View File

@ -23,7 +23,7 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
}
// Verify the contact has access to the provided ticket ID
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$requested_ticket_id' AND $ticket_state_snippet AND ticket_client_id = '$session_client_id' LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $requested_ticket_id AND $ticket_state_snippet AND ticket_client_id = $session_client_id LIMIT 1");
$row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id'];

30
portal/portal_post.php
View File

@ -12,7 +12,7 @@ if (isset($_POST['add_ticket'])) {
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql_settings);
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_next_number = intval($row['config_ticket_next_number']);
// HTML Purifier
require_once("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
@ -22,14 +22,14 @@ if (isset($_POST['add_ticket'])) {
$client_id = $session_client_id;
$contact = $session_contact_id;
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['subject'])));
$subject = sanitizeInput($_POST['subject']);
$details = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode(nl2br($_POST['details'])))));
// Ensure priority is low/med/high (as can be user defined)
if ($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High") {
$priority = "Low";
} else {
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['priority'])));
$priority = sanitizeInput($_POST['priority']);
}
// Get the next Ticket Number and add 1 for the new ticket number
@ -37,11 +37,11 @@ if (isset($_POST['add_ticket'])) {
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_by = 0, ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
$id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, company_id = $session_company_id");
header("Location: ticket.php?id=" . $id);
@ -71,10 +71,10 @@ if (isset($_POST['add_ticket_comment'])) {
if (verifyContactTicketAccess($ticket_id, "Open")) {
// Add the comment
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = '$session_company_id'");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_by = $session_contact_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id");
// Update Ticket Last Response Field & set ticket to open as client has replied
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open', ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id' LIMIT 1");
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open' WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id LIMIT 1");
// Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]);
@ -87,17 +87,17 @@ if (isset($_POST['add_ticket_comment'])) {
if (isset($_POST['add_ticket_feedback'])) {
$ticket_id = intval($_POST['ticket_id']);
$feedback = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['add_ticket_feedback'])));
$feedback = sanitizeInput($_POST['add_ticket_feedback']);
// Verify the contact has access to the provided ticket ID
if (verifyContactTicketAccess($ticket_id, "Closed")) {
// Add feedback
mysqli_query($mysqli, "UPDATE tickets SET ticket_feedback = '$feedback' WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' LIMIT 1");
mysqli_query($mysqli, "UPDATE tickets SET ticket_feedback = '$feedback' WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id LIMIT 1");
// Notify on bad feedback
if ($feedback == "Bad") {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_timestamp = NOW(), notification_client_id = '$session_client_id', company_id = '$session_company_id'");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_client_id = $session_client_id, company_id = $session_company_id");
}
// Redirect
@ -117,13 +117,13 @@ if (isset($_GET['close_ticket'])) {
if (verifyContactTicketAccess($ticket_id, "Open")) {
// Close ticket
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Closed', ticket_updated_at = NOW(), ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id'");
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Closed', ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id");
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_by = $session_contact_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id");
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id");
header("Location: ticket.php?id=" . $ticket_id);
} else {
@ -147,10 +147,10 @@ if (isset($_POST['edit_profile'])) {
$new_password = $_POST['new_password'];
if (!empty($new_password)) {
$password_hash = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = $session_contact_id AND contact_client_id = $session_client_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $session_client_id, company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $session_client_id, company_id = $session_company_id");
}
header('Location: index.php');
}

2
portal/profile.php
View File

@ -36,7 +36,7 @@ require_once('inc_portal.php');
<input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
</div>
</div>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
<button type="submit" name="edit_profile" class="btn btn-primary text-bold mt-3"><i class="fas fa-check mr-2"></i>Save password</button>
</form>
</div>
<?php endif ?>

12
portal/ticket.php
View File

@ -10,9 +10,9 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_id = intval($_GET['id']);
if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact) {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id");
} else {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
}
$ticket_row = mysqli_fetch_array($ticket_sql);
@ -20,7 +20,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
if ($ticket_row) {
$ticket_prefix = htmlentities($ticket_row['ticket_prefix']);
$ticket_number = $ticket_row['ticket_number'];
$ticket_number = intval($ticket_row['ticket_number']);
$ticket_status = htmlentities($ticket_row['ticket_status']);
$ticket_priority = htmlentities($ticket_row['ticket_priority']);
$ticket_subject = htmlentities($ticket_row['ticket_subject']);
@ -110,11 +110,11 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type != 'Internal' ORDER BY ticket_reply_id DESC");
while ($row = mysqli_fetch_array($sql)) {
$ticket_reply_id = $row['ticket_reply_id'];
$ticket_reply_id = intval($row['ticket_reply_id']);
$ticket_reply = $row['ticket_reply'];
$ticket_reply_created_at = $row['ticket_reply_created_at'];
$ticket_reply_updated_at = $row['ticket_reply_updated_at'];
$ticket_reply_by = $row['ticket_reply_by'];
$ticket_reply_by = intval($row['ticket_reply_by']);
$ticket_reply_type = $row['ticket_reply_type'];
if ($ticket_reply_type == "Client") {
@ -124,7 +124,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
$avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
} else {
$ticket_reply_by_display = htmlentities($row['user_name']);
$user_id = $row['user_id'];
$user_id = intval($row['user_id']);
$user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']);
$avatar_link = "../uploads/users/$user_id/$user_avatar";

6
portal/ticket_view_all.php
View File

@ -27,7 +27,7 @@ if (!isset($_GET['status'])) {
$ticket_status_snippet = "ticket_status LIKE '%'";
}
$all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC");
$all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_client_id = $session_client_id ORDER BY ticket_id DESC");
?>
<h2>All tickets</h2>
@ -56,9 +56,9 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<?php
while ($row = mysqli_fetch_array($all_tickets)) {
$ticket_id = $row['ticket_id'];
$ticket_id = intval($row['ticket_id']);
$ticket_prefix = htmlentities($row['ticket_prefix']);
$ticket_number = $row['ticket_number'];
$ticket_number = intval($row['ticket_number']);
$ticket_subject = htmlentities($row['ticket_subject']);
$ticket_status = htmlentities($row['ticket_status']);
$ticket_contact_name = htmlentities($row['contact_name']);

Some files were not shown because too many files have changed in this diff Show More