AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finished up santizeInput Conv and UI updates

Browse Source
This commit is contained in:
johnnyq
2023-02-23 16:09:37 -05:00
parent 2b50302cf9
commit f7552cd25a
179 changed files with 1572 additions and 1349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
guest_post.php
View File

@@ -9,7 +9,7 @@ if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
$quote_id = intval($_GET['accept_quote']);
$company_id = intval($_GET['company_id']);
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");
@@ -17,7 +17,7 @@ if (isset($_GET['accept_quote'], $_GET['company_id'], $_GET['url_key'])) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Accepted' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Accepted', history_description = 'Client accepted Quote!', history_quote_id = $quote_id, company_id = $company_id");
$_SESSION['alert_message'] = "Quote Accepted";
@@ -32,15 +32,15 @@ if (isset($_GET['decline_quote'], $_GET['company_id'], $_GET['url_key'])) {
$quote_id = intval($_GET['decline_quote']);
$company_id = intval($_GET['company_id']);
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$url_key = sanitizeInput($_GET['url_key']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND quote_url_key = '$url_key' AND company_id = $company_id");
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_url_key = '$url_key' AND company_id = $company_id");
if (mysqli_num_rows($sql) == 1) {
mysqli_query($mysqli, "UPDATE quotes SET quote_status = 'Declined' WHERE quote_id = $quote_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Declined', history_description = 'Client declined Quote!', history_quote_id = $quote_id, company_id = $company_id");
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Quote Declined";