AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed more php errors empty vars updated more ui search headers

Browse Source
This commit is contained in:
johnny@pittpc.com
2021-02-04 17:42:21 -05:00
parent 17710cf6b8
commit f8166bdc81
62 changed files with 696 additions and 722 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
post.php
View File

@@ -164,12 +164,13 @@ if(isset($_GET['delete_user'])){
if(isset($_POST['add_company'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$country = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['country'])));
$address = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['address'])));
$city = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['city'])));
$state = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['state'])));
$zip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['zip'])));
$country = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['country'])));
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$site = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['site'])));
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_created_at = NOW()");
@@ -183,7 +184,7 @@ if(isset($_POST['add_company'])){
mkdir("uploads/settings/$company_id");
mkdir("uploads/tmp/$company_id");
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$name', config_company_country = '$country', config_company_address = '$address', config_company_city = '$city', config_company_state = '$state', config_company_zip = '$zip', config_company_phone = '$phone', config_company_site = '$site', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_records_per_page = 10, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1");
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$name', config_company_country = '$country', config_company_address = '$address', config_company_city = '$city', config_company_state = '$state', config_company_zip = '$zip', config_company_phone = '$phone', config_company_email = '$email', config_company_site = '$site', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_records_per_page = 10, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Create', log_description = '$name', log_created_at = NOW()");
@@ -203,11 +204,12 @@ if(isset($_POST['edit_company'])){
$state = strip_tags(mysqli_real_escape_string($mysqli,$_POST['state']));
$zip = strip_tags(mysqli_real_escape_string($mysqli,$_POST['zip']));
$phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$site = strip_tags(mysqli_real_escape_string($mysqli,$_POST['site']));
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_updated_at = NOW() WHERE company_id = $company_id");
mysqli_query($mysqli,"UPDATE settings SET config_company_name = '$name', config_company_country = '$country', config_company_address = '$address', config_company_city = '$city', config_company_state = '$state', config_company_zip = '$zip', config_company_phone = '$phone', config_company_site = '$site' WHERE company_id = $company_id");
mysqli_query($mysqli,"UPDATE settings SET config_company_name = '$name', config_company_country = '$country', config_company_address = '$address', config_company_city = '$city', config_company_state = '$state', config_company_zip = '$zip', config_company_phone = '$phone', config_company_email = '$email', config_company_site = '$site' WHERE company_id = $company_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
@@ -290,6 +292,7 @@ if(isset($_POST['edit_company_settings'])){
$config_company_state = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_state']));
$config_company_zip = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_zip']));
$config_company_phone = preg_replace("/[^0-9]/", '',$_POST['config_company_phone']);
$config_company_email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_email'])));
$config_company_site = strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_company_site']));
$path = "$config_invoice_logo";
@@ -304,7 +307,7 @@ if(isset($_POST['edit_company_settings'])){
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"UPDATE settings SET config_company_name = '$config_company_name', config_company_country = '$config_company_country', config_company_address = '$config_company_address', config_company_city = '$config_company_city', config_company_state = '$config_company_state', config_company_zip = '$config_company_zip', config_company_phone = '$config_company_phone', config_company_site = '$config_company_site', config_invoice_logo = '$path' WHERE company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE settings SET config_company_name = '$config_company_name', config_company_address = '$config_company_address', config_company_city = '$config_company_city', config_company_state = '$config_company_state', config_company_zip = '$config_company_zip', config_company_country = '$config_company_country', config_company_phone = '$config_company_phone', config_company_email = '$config_company_email', config_company_site = '$config_company_site', config_invoice_logo = '$path' WHERE company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modified', log_description = 'Company', log_created_at = NOW(), company_id = $session_company_id, user_id = $session_user_id");