Merge pull request #1161 from itflow-org/develop

Release 25.01.2

.github/FUNDING.yml

@@ -1 +1 @@
-custom: ["https://www.paypal.com/donate/?business=QP4U384PMVBMU&no_recurring=0&item_name=Help+support+the+development+of+ITFlow&currency_code=USD"]
+custom: ["https://donate.itflow.org"]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,32 +1,23 @@
 ---
 name: Bug report
-about: Something not working quite right? Create a report to help us improve!
-title: ''
-labels: ''
+about: Please report bugs on the Forum @ https://forum.itflow.org/t/bug
+title: 'Please report bugs on the Forum'
+labels: Support
 assignees: ''
 
 ---
 
-**Describe the bug**
-A clear and concise description of what the bug is.
+We're now using GitHub Issues exclusively for development.
+-
 
-**Can you reproduce this on the demo at demo.itflow.org**
-Yes/No/NA
+Going forward, GitHub Issues will be used to track confirmed bugs & planned features via Github Projects. This allows us to keep GitHub clean & tidy, whilst maintaining an active and relaxed community experience on the Forum.
 
-**Are you on the latest available version of ITFlow, with an up-to-date database structure?**
-Yes/No
+Please raise bugs on the forum @ https://forum.itflow.org/t/bug. Make sure to mention whether you can replicate the bug on demo.itflow.org. 
 
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-4. See error
+Thanks,
 
-**Expected behavior**
-A clear and concise description of what you expected to happen, if not obvious.
+The ITFlow team :)
 
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
+--
 
-**Additional context**
-Add any other context about the problem here.
+To privately discuss a security issue, please see https://github.com/itflow-org/itflow/security

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,16 +1,25 @@
 ---
 name: Feature request
 about: Please discuss new features on the Forum @ https://forum.itflow.org/t/features
-title: ''
+title: 'Please discuss new features on the Forum'
 labels: Support
 assignees: ''
 
 ---
 
-We're now using GitHub just to track features we're definitely planning to implement (and bugs!).
+We're now using GitHub Issues exclusively for development.
+-
 
-Please discuss new feature requests on the forum @ https://forum.itflow.org/t/features. This allows us to gather interest & feedback on the features people feel are most important, whilst keeping GitHub cleaner and more about the code.
+Going forward, GitHub Issues will be used to track confirmed bugs & planned features via Github Projects. This allows us to keep GitHub clean & tidy, whilst maintaining an active and relaxed community experience on the Forum.
 
-New feature requests here will be closed.
+Please discuss new feature requests on the forum @ https://forum.itflow.org/t/features. When creating discussions, try to imagine how your proposed feature would also benefit other users.
 
-Thanks :)
+All new feature requests raised here will be closed, unless agreed otherwise.
+
+Thanks,
+
+The ITFlow team :)
+
+--
+
+To privately discuss a security issue, please see https://github.com/itflow-org/itflow/security

.github/ISSUE_TEMPLATE/support.md

@@ -1,18 +1,25 @@
 ---
 name: Support
-about: Please visit the Forum or Discord for support
-title: ''
+about: Please request support on the Forum @ https://forum.itflow.org/t/support
+title: 'Please visit the Forum for support'
 labels: Support
 assignees: ''
 
 ---
 
-Please visit the Forum or Discord for support
+We're now using GitHub Issues exclusively for development.
+-
 
-Forum - https://forum.itflow.org/
+Going forward, GitHub Issues will be used to track confirmed bugs & planned features via Github Projects. This allows us to keep GitHub clean & tidy, whilst maintaining an active and relaxed community experience on the Forum.
 
-Discord - https://discord.gg/ZjCcBzTUDr
+Please use the forum for support queries/issues: https://forum.itflow.org/t/support
+
+All new support requests raised here will be closed.
+
+Thanks,
+
+The ITFlow team :)
 
 --
 
-To discuss a security issue, please see: https://i.imgur.com/P03o0Sy.png
+To privately discuss a security issue, please see https://github.com/itflow-org/itflow/security

.github/workflows/dbsql-lint.yml

@@ -0,0 +1,37 @@
+name: SQL Syntax Check for db.sql
+
+on:
+  pull_request:
+    paths:
+      - 'db.sql'
+
+jobs:
+  syntax_check:
+    name: Check db.sql SQL Syntax
+    runs-on: ubuntu-latest
+
+    services:
+      mariadb:
+        image: mariadb:latest
+        ports:
+        - "3306:3306"
+        env:
+          MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+          MARIADB_USER: user
+          MARIADB_PASSWORD: password
+          MARIADB_DATABASE: itfsyntaxdb
+        options: >-
+          --health-cmd="healthcheck.sh --connect --innodb_initialized"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=3
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Import & Lint db.sql
+        run: mysql --host 127.0.0.1 -uuser -ppassword itfsyntaxdb < db.sql
+
+      - name: Show imported tables
+        run: mysql --host 127.0.0.1 -uuser -ppassword itfsyntaxdb -e "show tables;"

.github/workflows/first-interaction.yml

@@ -10,18 +10,20 @@ jobs:
   run:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/first-interaction@v1.1.1
+      - uses: actions/first-interaction@v1.2.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           issue-message: |
             Hello & Welcome! :)
             
-            Thanks for taking the time to get in touch. We'll review this issue shortly.
+            Thanks for taking the time to get in touch.
             
-            Whilst you're waiting, please feel free to check out the [forum](https://forum.itflow.org).
+            We ask that all bugs/feature/support requests are raised via the [forum](https://forum.itflow.org). We'll be in touch shortly to confirm.
           pr-message: |
             Hello & Welcome! :)
             
             Thanks for taking the time to help improve ITFlow. We're excited to review your contributions - we'll review this PR as soon as we can!
             
             Whilst you're waiting, please feel free to check out the [forum](https://forum.itflow.org).
+
+            Just so you know, all contributions to ITFlow are licensed under the GNU GPL. By contributing you grant us a perpetual & irrevocable license to include your work in ITFlow.

.github/workflows/php-lint.yml

@@ -12,4 +12,4 @@ jobs:
     - uses: actions/checkout@v2
 
     - name: Check PHP syntax errors
-      uses: overtrue/phplint@4.1.0
+      uses: overtrue/phplint@9.4.1

.gitignore

@@ -1,6 +1,7 @@
 node_modules
 config.php
 
+uploads/favicon.ico
 uploads/clients/*
 !uploads/clients/index.php
 uploads/expenses/*
@@ -11,7 +12,17 @@ uploads/users/*
 !uploads/users/index.php
 uploads/tmp/*
 !uploads/tmp/index.php
-backups/*
-!backups/index.php
-!backups/.htaccess
-.idea/*
+uploads/tickets/*
+!uploads/tickets/index.php
+.idea/*
+plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/HTML/*
+!plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/HTML/.gitkeep
+plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI/*
+!plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI/.gitkeep
+plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/*
+!plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/.gitkeep
+.vscode/settings.json
+xcustom/*
+!xcustom/readme.php
+post/xcustom
+!post/xcustom/readme.php

.htaccess

@@ -0,0 +1,2 @@
+# Prevent access to .git, .github, and config.php
+RedirectMatch 404 ^/(\.git|\.github|config\.php)

CHANGELOG.md

@@ -0,0 +1,86 @@
+# Changelog
+
+This file documents all notable changes made to ITFlow.
+
+## [25.01.2]
+### Fixed
+- Fixed app version.
+
+## [25.01.1]
+
+### Added / Changed
+- Redesigned the Multi-Factor Authentication (MFA) Setup and Enforcement Flow UI/UX for a more intuitive user experience.
+- Added a "Member" column in the user roles listing for improved visibility.
+- General UI/UX improvements, along with minor performance optimizations and cleanups.
+
+### Fixed
+- Fixed an issue where Stripe was not appearing as a recurring payment option.
+- Corrected inaccurate Quarter 2 Expense results in the Profit & Loss Report.
+- Resolved TOTP code not displaying correctly on hover in the Contact or Asset Details sections.
+- Archived contacts no longer appear in the Bulk Mail section.
+- Fixed an issue where the Ticket Assign Modal was showing both ITFlow and client users.
+- Fixed issue with login key redirecting to legacy client portal page.
+
+## [25.01]
+
+### Added / Changed
+- Added support for saving cards in Stripe for automatic invoice payments.
+- Page titles now display detailed information (e.g., page name, client selection, company name, ticket and invoice info) for easier multi-tab navigation.
+- Reintroduced the new admin role-check for admin pages.
+- Admin roles can now be archived.
+- Debug mode now shows the current Git branch.
+- The auto-acknowledgment email for email-parsed tickets now includes a guest link.
+- Recurring tickets no longer require a contact.
+- Stripe online payment setup now prompts you to set the income/expense account.
+- New cron/CLI scripts have been moved to the `/scripts` subfolder — remember to update your cron configurations!
+- Moved modal includes to `/modals` to tidy up the root directory.
+- Moved most include files to `/includes` to improve directory structure.
+- Moved guest pages to `/guest` for better organization.
+- Renamed the include file `pagination.php` to `filter_footer.php`, as it is used in conjunction with `filter_header.php` for page filtering.
+- Guest ticket feedback now shows the ticket prefix and number, not just the ID.
+- Individual POST handler logic pages are no longer directly accessible.
+- Added the ability to delete payments on the Payments and Client Payments pages.
+- Implemented domain history tracking.
+- Added Asset Interface Linking/Connections to show what interface is connected to which interface port of another asset.
+- Added Force Recurring Ticket option in more locations, not just for recurring tickets.
+- Implemented row spanning and centered devices that occupy multiple units in a rack.
+- Added tooltips to main navigation badge counts to clarify what is being counted.
+- Reduced max records per page from 500 to 100 to prevent performance issues.
+- Updated several plugins:
+  - `stripe-php` from 10.5.0 to 16.4.0
+  - `Inputmask` from 5.0.8 to 5.0.9
+  - `DataTables` from 2.1.8 to 2.2.1
+  - `pdfmake` from 0.2.8 to 0.2.18
+  - `php-mime-mail-parser` to 9.0.1
+  - `TinyMCE` from 7.5.1 to 7.6.1
+- Removed unused libraries from the vendor folder and moved Stripe to the plugins folder, eliminating the vendor folder.
+- Merged the MFA TOTP functionality files `base32static.php` and `rfc6238.php` into a single file (`totp`) and moved it to the plugins folder.
+- No longer need to pass the DB connection (`$mysqli`) to the `addToMailQueue` function.
+- Disabled HTML Purifier caching.
+- Replaced the `nullable_htmlentities` function with `htmlspecialchars`.
+- Updated filter variable naming.
+- Implemented other minor UI updates, performance optimizations, and directory cleanups.
+
+### Fixed
+- Fixed an issue where the ticket edit modal didn't show multi-client or no-client projects.
+- Fixed asset interface losing DHCP settings.
+- Fixed a 500 error when creating or editing recurring expenses due to an incorrect variable name.
+- Fixed tickets created via the portal/email not being marked as billable.
+- Fixed issues with editing recurring expenses.
+- Resolved a regression where the TinyMCE editor didn’t display when adding or editing ticket templates.
+- Fixed a TinyMCE license issue.
+
+### Removed / Deprecated
+- Deprecated the cron scripts in the root directory. Cron jobs should now use the ones in the `/scripts` subfolder, which no longer require a cron key and must be run via CLI.
+
+### BREAKING CHANGES
+- The client portal has been moved from `/portal` to `/client`:
+  - Links in previous emails will be broken.
+  - The Azure Entra ID SSO Redirect URI needs to be updated to `/client`.
+  - You may need to update other links (e.g., website, support page).
+- Guest links have been moved from `/` to `/guest`. Previous links will be broken.
+
+## [24.12]
+
+### Added / Changed
+- Introduced versioned releases for the first time!

CODE_OF_CONDUCT.md

@@ -60,7 +60,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-the forums / Discord.
+the forums.
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the

README.md

@@ -3,15 +3,10 @@
 <!-- PROJECT SHIELDS -->
 [![Contributors][contributors-shield]][contributors-url]
 [![Stargazers][stars-shield]][stars-url]
-[![Issues][issues-shield]][issues-url]
 [![Commits][commit-shield]][commit-url]
 [![GPL License][license-shield]][license-url]
 
-<!-- PROJECT LOGO -->
 <div align="center">
-  <!-- <a href="https://github.com/itflow-org/itflow">
-    <img src="images/logo.png" alt="Logo" width="80" height="80">
-  </a> -->
 
   <h3 align="center">ITFlow</h3>
 
@@ -24,15 +19,17 @@
     Username: <b>demo@demo</b> | Password: <b>demo</b>
     <br />
     <br />
-    <a href="https://itflow.org/index.php?page=About">About</a>
+    <a href="https://itflow.org/#about">About</a>
     ·
-    <a href="https://itflow.org/docs.php">Docs</a>
+    <a href="https://docs.itflow.org">Docs</a>
     ·
     <a href="https://forum.itflow.org/">Forum</a>
     ·
-    <a href="https://github.com/itflow-org/itflow/issues">Report Bug</a>
+    <a href="https://forum.itflow.org/t/bug">Report Bug</a>
     ·
     <a href="https://forum.itflow.org/t/features">Request Feature</a>
+    ·
+    <a href="https://github.com/itflow-org/itflow/security/policy">Security</a>
   </p>
 </div>
 
@@ -45,58 +42,26 @@
 
 
 ### The Problem
-- You're a busy MSP with 101 things to do. 
-- Information about your clients is unorganised and unstructured: scattered in random tickets or folders - when you do eventually find it, it's out of date. 
-- For some issues, you spend longer looking for the relevant documentation than actually working the ticket. 
+- You're a small but busy managed service provider with 101 things to do. Information about your clients is unorganised, unstructured and outdated.
+- For some work, you seem to spend longer looking for the relevant documentation than actually working on the issue/project. 
 - On top of the technical day to day, you also have to take care of the financial side of the business - consistent pricing, quotes/invoicing, and accounting. 
 
 ### The Solution: ITFlow
-- ITFlow consolidates common MSP needs (documentation, ticketing, and accounting) into one system
-
-### In Beta
-* This project is in beta with many ongoing changes. Updates may unintentionally introduce bugs/security issues.
-* Whilst we are confident the code is safe, nothing in life is 100% safe or risk-free. Use your best judgement before deciding to store highly confidential information in ITFlow.
-* We are hoping to have a stable 1.0 release by April/May 2023.
-
-<!-- BUILT WITH -->
-### Built With
-
-* Backend / PHP libs
-  * PHP
-  * MariaDB
-  * PHPMailer
-  * HTML Purifier
-  * PHP Mime Mail Parser
-
-* CSS
-  * Bootstrap
-  * AdminLTE
-  * fontawesome
-
-* JS Libraries
-  * chart.js
-  * moments.js
-  * jQuery
-  * pdfmake
-  * Select2
-  * SummerNote
-  * FullCalendar.io
+- ITFlow consolidates common MSP needs (documentation, ticketing and billing) into one unified system.
 
 <!-- GETTING STARTED -->
-## Getting Started / Installation
+## Getting Started
 
-ITFlow is self-hosted. There is a full installation guide in the [docs](https://wiki.itflow.org/doku.php?id=wiki:installation), but the main steps are:
+### Self Hosting
+- The best installation method is to use the [install script](https://docs.itflow.org/installation_script) on Ubuntu/Debian. A video walk through is available [here](https://www.youtube.com/watch?v=kKz9NOU_1XE).
+```
+  wget -O itflow_install.sh https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh
+  bash itflow_install.sh
+```
+- Other manual installation methods are available in the [docs](https://docs.itflow.org/installation).
 
-1. Install a LAMP stack (Linux, Apache, MariaDB, PHP)
-   ```sh
-   sudo apt install git apache2 php libapache2-mod-php php-intl php-imap php-mailparse php-mysqli php-curl mariadb-server
-   ```  
-2. Clone the repo
-   ```sh
-   git clone https://github.com/itflow-org/itflow.git /var/www/html
-   ```
-3. Create a MariaDB Database
-4. Point your browser to your HTTPS web server to begin setup
+### Managed Hosting
+- If you'd prefer, we can [host ITFlow for you](https://services.itflow.org/hosting.php).
 
 <!-- FEATURES -->
 ## Key Features
@@ -108,36 +73,34 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https://
   
 <!-- ROADMAP -->
 ## Roadmap / Future to-do
-* Comprehensive API to allow custom third party integration
-* CalDAV to integrate with 3rd party calendars
-* CardDAV to integrate with 3rd party Address books
-* Recent caller toast alerts to click and bring up the clients account right away
-* FIDO2 WebAuthn Support for passwordless auth (TPM Fingerprint), (USB Hardware keys such as Yubikey)
-
-See the [forum](https://forum.itflow.org/d/11-road-map) and the [open issues](https://github.com/itflow-org/itflow/issues) for a full list of proposed features & known issues.
-
+We track the implementation of confirmed features and bugs via [TaskFlow](https://tasks.dev.itflow.org/tasks.php). Use the [forum](https://forum.itflow.org) to request features or raise bug reports. 
 
 <!-- CONTRIBUTING -->
 ## Support & Contributions
 
 ### Forum
-For help using ITFlow, feature requests, and general ideas / discussions please use the community [forum](https://forum.itflow.org).
-For bugs, please raise an [issue](https://github.com/itflow-org/itflow/issues).
+For help using ITFlow, bugs, feature requests, and general ideas / discussions please use the community [forum](https://forum.itflow.org).
 
 ### Contributing
-If you are able to make a contribution that would make ITFlow better, please fork the repo and create a pull request. Please make sure you're following our [code standards](https://wiki.itflow.org/doku.php?id=wiki:code_standards). 
-For large changes / new features, please discuss the issue with other contributors first.
+If you want to improve ITFlow, feel free to fork the repo and create a pull reques. Make sure to discuss significant changes or new features with fellow contributors on the forum first. This helps ensure that your contributions are aligned with project goals, and saves time for everyone. All contributions should follow our [code standards](https://docs.itflow.org/code_standards). See the [contributing guide](https://docs.itflow.org/contribute).
 
 #### Contributors
 <a href="https://github.com/itflow-org/itflow/graphs/contributors">
   <img src="https://contrib.rocks/image?repo=itflow-org/itflow" />
 </a>
 
-<!-- LICENSE -->
-## License
+### Supporters
+We’re incredibly grateful to the organizations and individuals who support the project - a big thank you to:
+- CompuMatter
+- F1 for HELP
 
+## License
 ITFlow is distributed "as is" under the GPL License, WITHOUT WARRANTY OF ANY KIND. See [`LICENSE`](https://github.com/itflow-org/itflow/blob/master/LICENSE) for details.
 
+## Security
+* As of 2025, we now have a stable release of the project.
+* Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
+* If you have a security concern, privately report it [here](https://github.com/itflow-org/itflow/security/policy).
 
 <!-- MARKDOWN LINKS & IMAGES -->
 <!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->

SECURITY.md

@@ -1,23 +1,26 @@
 # Security Policy
 
-## In Beta
+## **Please do NOT report security concerns/vulnerabilities publicly (Issues/forum)**
 
-ITFlow is currently in beta and is a work in progress. 
+**We take security seriously**
 
-**We take security seriously.** Whilst we are confident the code is safe, nothing in life is 100% safe or risk-free. You should use your best judgment before entering confidential information into the app.
-
-We attempt to follow security best practices where possible, including [automated code scanning](https://sonarcloud.io/component_measures?id=itflow-org_itflow&metric=security_rating&view=list).
+- Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
+- We attempt to follow security best practices where possible, including [automated code scanning](https://sonarcloud.io/component_measures?id=itflow-org_itflow&metric=security_rating&view=list).
+- [![Security](https://sonarcloud.io/api/project_badges/measure?project=itflow-org_itflow&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=itflow-org_itflow)
 
 ## Supported Versions
+We operate a rolling release model. Any bug fixes will be released into latest version of ITFlow, so you must stay up-to-date.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| Beta    | :white_check_mark: |
+| Beta    | :x:                |
+| 24.12   | :white_check_mark: |
+| 25.1    | :white_check_mark: (When released) |
 
-## Reporting a Vulnerability
-
-**<ins>Please do not report security vulnerabilities through public GitHub issues.</ins>**
-
-If you have discovered a security issue, please [report it](https://github.com/itflow-org/itflow/security/advisories/new) to us in as much detail as possible, so we can fix it. You should expect to receive an initial acknowledgement within 72 hours.
+## Reporting a Vulnerability via GitHub Security Advisories
 
 **Security contact: [GitHub Security Advisories](https://github.com/itflow-org/itflow/security/advisories/new)**
+
+If you have discovered a security issue, please **[report it](https://github.com/itflow-org/itflow/security/advisories/new)** to us in as much detail as possible, so we can fix it. 
+
+You should expect to receive an initial acknowledgement within 72 hours. If you don't receive any feedback, we may have missed the initial email from GitHub (we're human!). Please raise a forum discussion quoting ONLY the assigned GHSA ref.

accounts.php

@@ -1,19 +1,23 @@
 <?php
 
 // Default Column Sortby Filter
-$sb = "account_name";
-$o = "ASC";
+$sort = "account_name";
+$order = "ASC";
 
-require_once("inc_all.php");
+require_once "includes/inc_all.php";
+
+// Perms
+enforceUserPermission('module_financial');
 
 //Rebuild URL
-$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
+$url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
     $mysqli,
     "SELECT SQL_CALC_FOUND_ROWS * FROM accounts
-    WHERE account_name LIKE '%$q%' AND company_id = $session_company_id
-    ORDER BY $sb $o LIMIT $record_from, $record_to"
+    WHERE (account_name LIKE '%$q%')
+    AND account_archived_at IS NULL
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
@@ -30,19 +34,27 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <div class="card-body">
             <form autocomplete="off">
                 <div class="input-group">
-                    <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Accounts">
+                    <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Accounts">
                     <div class="input-group-append">
                         <button class="btn btn-primary"><i class="fa fa-search"></i></button>
                     </div>
                 </div>
             </form>
             <hr>
-            <div class="table-responsive">
+            <div class="table-responsive-sm">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=account_name&o=<?php echo $disp; ?>">Name</a></th>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=account_currency_code&o=<?php echo $disp; ?>">Currency</a></th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=account_name&order=<?php echo $disp; ?>">
+                                Name <?php if ($sort == 'account_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=account_currency_code&order=<?php echo $disp; ?>">
+                                Currency <?php if ($sort == 'account_currency_code') { echo $order_icon; } ?>
+                            </a>
+                        </th>
                         <th class="text-right">Balance</th>
                         <th class="text-center">Action</th>
                     </tr>
@@ -52,10 +64,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                     while ($row = mysqli_fetch_array($sql)) {
                         $account_id = intval($row['account_id']);
-                        $account_name = htmlentities($row['account_name']);
+                        $account_name = nullable_htmlentities($row['account_name']);
                         $opening_balance = floatval($row['opening_balance']);
-                        $account_currency_code = htmlentities($row['account_currency_code']);
-                        $account_notes = htmlentities($row['account_notes']);
+                        $account_currency_code = nullable_htmlentities($row['account_currency_code']);
+                        $account_notes = nullable_htmlentities($row['account_notes']);
 
                         $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
                         $row = mysqli_fetch_array($sql_payments);
@@ -85,9 +97,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                         <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAccountModal<?php echo $account_id; ?>">
                                             <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                         </a>
-                                        <?php if ($balance == 0) { //Cannot Archive an Account until it reaches 0 Balance ?>
+                                        <?php if ($balance == 0 && $account_id != $config_stripe_account) { //Cannot Archive an Account until it reaches 0 Balance and cant be selected as an online account ?>
                                             <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger" href="post.php?archive_account=<?php echo $account_id; ?>">
+                                            <a class="dropdown-item text-danger" href="post.php?archive_account=<?php echo $account_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
                                                 <i class="fas fa-fw fa-archive mr-2"></i>Archive
                                             </a>
                                         <?php } ?>
@@ -97,18 +109,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         </tr>
 
                         <?php
-                        include("account_edit_modal.php");
+                        require "modals/account_edit_modal.php";
                     }
                     ?>
 
                     </tbody>
                 </table>
             </div>
-            <?php require_once("pagination.php"); ?>
+            <?php require_once "includes/filter_footer.php"; ?>
         </div>
     </div>
 
 <?php
 
-require_once("account_add_modal.php");
-require_once("footer.php");
+require_once "modals/account_add_modal.php";
+require_once "includes/footer.php";

admin_api.php

@@ -0,0 +1,180 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "api_key_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM api_keys
+    LEFT JOIN clients on api_keys.api_key_client_id = clients.client_id
+    WHERE (api_key_name LIKE '%$q%')
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fas fa-fw fa-key mr-2"></i>API Keys</h3>
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addApiKeyModal"><i class="fas fa-plus mr-2"></i>Create</button>
+            </div>
+        </div>
+
+        <div class="card-body">
+
+            <form autocomplete="off">
+                <div class="row">
+
+                    <div class="col-md-4">
+                        <div class="input-group mb-3 mb-md-0">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search keys">
+                            <div class="input-group-append">
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+
+                    <div class="col-md-8">
+                        <div class="btn-group float-right">
+                            <div class="dropdown ml-2" id="bulkActionButton" hidden>
+                                <button class="btn btn-secondary dropdown-toggle" type="button" data-toggle="dropdown">
+                                    <i class="fas fa-fw fa-layer-group mr-2"></i>Bulk Action (<span id="selectedCount">0</span>)
+                                </button>
+                                <div class="dropdown-menu">
+                                    <button class="dropdown-item text-danger text-bold"
+                                            type="submit" form="bulkActions" name="bulk_delete_api_keys">
+                                        <i class="fas fa-fw fa-trash mr-2"></i>Revoke
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+
+                </div>
+
+            </form>
+            <hr>
+
+            <div class="table-responsive-sm">
+
+                <form id="bulkActions" action="post.php" method="post">
+                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                    <table class="table table-striped table-borderless table-hover">
+                        <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                        <tr>
+                            <td class="pr-0">
+                                <div class="form-check">
+                                    <input class="form-check-input" type="checkbox" onclick="checkAll(this)">
+                                </div>
+                            </td>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=api_key_name&order=<?php echo $disp; ?>">
+                                    Name <?php if ($sort == 'api_key_name') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=api_key_client_id&order=<?php echo $disp; ?>">
+                                    Client <?php if ($sort == 'api_key_client_id') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=api_key_secret&order=<?php echo $disp; ?>">
+                                    Secret <?php if ($sort == 'api_key_secret') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=api_key_created_at&order=<?php echo $disp; ?>">
+                                    Created <?php if ($sort == 'api_key_created_at') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=api_key_expire&order=<?php echo $disp; ?>">
+                                    Expires <?php if ($sort == 'api_key_expire') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th class="text-center">Action</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $api_key_id = intval($row['api_key_id']);
+                            $api_key_name = nullable_htmlentities($row['api_key_name']);
+                            $api_key_secret = nullable_htmlentities("************" . substr($row['api_key_secret'], -4));
+                            $api_key_created_at = nullable_htmlentities($row['api_key_created_at']);
+                            $api_key_expire = nullable_htmlentities($row['api_key_expire']);
+                            if ($api_key_expire < date("Y-m-d H:i:s")) {
+                                $api_key_expire = $api_key_expire . " (Expired)";
+                            }
+
+                            if ($row['api_key_client_id'] == 0) {
+                                $api_key_client = "<i>All Clients</i>";
+                            } else {
+                                $api_key_client = nullable_htmlentities($row['client_name']);
+                            }
+
+                            ?>
+                            <tr>
+                                <td class="pr-0">
+                                    <div class="form-check">
+                                        <input class="form-check-input bulk-select" type="checkbox" name="api_key_ids[]" value="<?php echo $api_key_id ?>">
+                                    </div>
+                                </td>
+
+                                <td class="text-bold"><?php echo $api_key_name; ?></td>
+
+                                <td><?php echo $api_key_client; ?></td>
+
+                                <td><?php echo $api_key_secret; ?></td>
+
+                                <td><?php echo $api_key_created_at; ?></td>
+
+                                <td><?php echo $api_key_expire; ?></td>
+
+                                <td>
+                                    <div class="dropdown dropleft text-center">
+                                        <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                            <i class="fas fa-ellipsis-h"></i>
+                                        </button>
+                                        <div class="dropdown-menu">
+                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_api_key=<?php echo $api_key_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                                <i class="fas fa-fw fa-times mr-2"></i>Revoke
+                                            </a>
+                                        </div>
+                                    </div>
+                                </td>
+                            </tr>
+
+                        <?php } ?>
+
+
+                        </tbody>
+                    </table>
+
+                </form>
+
+            </div>
+            <?php require_once "includes/filter_footer.php";
+ ?>
+        </div>
+    </div>
+
+    <script src="js/bulk_actions.js"></script>
+
+<?php
+require_once "modals/admin_api_key_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_app_log.php

@@ -0,0 +1,193 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "app_log_id";
+$order = "DESC";
+
+require_once "includes/inc_all_admin.php";
+
+// Log Type Filter
+if (isset($_GET['type']) & !empty($_GET['type'])) {
+    $log_type_query = "AND (app_log_type  = '" . sanitizeInput($_GET['type']) . "')";
+    $type_filter = nullable_htmlentities($_GET['type']);
+} else {
+    // Default - any
+    $log_type_query = '';
+    $type_filter = '';
+}
+
+// Log Category Filter
+if (isset($_GET['category']) & !empty($_GET['catergory'])) {
+    $log_category_query = "AND (app_log_category  = '" . sanitizeInput($_GET['category']) . "')";
+    $category_filter = nullable_htmlentities($_GET['category']);
+} else {
+    // Default - any
+    $log_category_query = '';
+    $category_filter = '';
+}
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM app_logs
+    WHERE (app_log_type LIKE '%$q%' OR app_log_category LIKE '%$q%' OR app_log_details LIKE '%$q%')
+    AND DATE(app_log_created_at) BETWEEN '$dtf' AND '$dtt'
+    $log_type_query
+    $log_category_query
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>App Logs</h3>
+        </div>
+        <div class="card-body">
+            <form class="mb-4" autocomplete="off">
+                <div class="row">
+                    <div class="col-sm-4">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search app logs">
+                            <div class="input-group-append">
+                                <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+
+                    <div class="col-sm-2">
+                        <div class="form-group">
+                            <select class="form-control select2" name="type" onchange="this.form.submit()">
+                                <option value="">- All Types -</option>
+
+                                <?php
+                                $sql_types_filter = mysqli_query($mysqli, "SELECT DISTINCT app_log_type FROM app_logs ORDER BY app_log_type ASC");
+                                while ($row = mysqli_fetch_array($sql_types_filter)) {
+                                    $log_type = nullable_htmlentities($row['app_log_type']);
+                                ?>
+                                    <option <?php if ($type_filter == $log_type) { echo "selected"; } ?>><?php echo $log_type; ?></option>
+                                <?php
+                                }
+                                ?>
+
+                            </select>
+                        </div>
+                    </div>
+
+                    <div class="col-sm-2">
+                        <div class="form-group">
+                            <select class="form-control select2" name="category" onchange="this.form.submit()">
+                                <option value="">- All Categories -</option>
+
+                                <?php
+                                $sql_categories_filter = mysqli_query($mysqli, "SELECT DISTINCT app_log_category FROM app_logs ORDER BY app_log_category ASC");
+                                while ($row = mysqli_fetch_array($sql_categories_filter)) {
+                                    $log_category = nullable_htmlentities($row['app_log_category']);
+                                ?>
+                                    <option <?php if ($category_filter == $log_category) { echo "selected"; } ?>><?php echo $log_category; ?></option>
+                                <?php
+                                }
+                                ?>
+
+                            </select>
+                        </div>
+                    </div>
+                </div>
+                <div class="collapse mt-3 <?php if (!empty($_GET['dtf']) || $_GET['canned_date'] !== "custom" ) { echo "show"; } ?>" id="advancedFilter">
+                    <div class="row">
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Canned Date</label>
+                                <select onchange="this.form.submit()" class="form-control select2" name="canned_date">
+                                    <option <?php if ($_GET['canned_date'] == "custom") { echo "selected"; } ?> value="">Custom</option>
+                                    <option <?php if ($_GET['canned_date'] == "today") { echo "selected"; } ?> value="today">Today</option>
+                                    <option <?php if ($_GET['canned_date'] == "yesterday") { echo "selected"; } ?> value="yesterday">Yesterday</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisweek") { echo "selected"; } ?> value="thisweek">This Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastweek") { echo "selected"; } ?> value="lastweek">Last Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "thismonth") { echo "selected"; } ?> value="thismonth">This Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastmonth") { echo "selected"; } ?> value="lastmonth">Last Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisyear") { echo "selected"; } ?> value="thisyear">This Year</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastyear") { echo "selected"; } ?> value="lastyear">Last Year</option>
+                                </select>
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date From</label>
+                                <input onchange="this.form.submit()" type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date To</label>
+                                <input onchange="this.form.submit()" type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </form>
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-sm table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=app_log_created_at&order=<?php echo $disp; ?>">
+                                Timestamp <?php if ($sort == 'app_log_created_at') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=app_log_type&order=<?php echo $disp; ?>">
+                                Type <?php if ($sort == 'app_log_type') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=app_log_category&order=<?php echo $disp; ?>">
+                                Category <?php if ($sort == 'app_log_category') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=app_log_details&order=<?php echo $disp; ?>">
+                                Details <?php if ($sort == 'app_log_details') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $log_id = intval($row['app_log_id']);
+                        $log_type = nullable_htmlentities($row['app_log_type']);
+                        $log_category = nullable_htmlentities($row['app_log_category']);
+                        $log_details = nullable_htmlentities($row['app_log_details']);
+                        $log_created_at = nullable_htmlentities($row['app_log_created_at']);
+
+                        ?>
+
+                        <tr>
+                            <td><?php echo $log_created_at; ?></td>
+                            <td><?php echo $log_type; ?></td>
+                            <td><?php echo $log_category; ?></td>
+                            <td><?php echo $log_details; ?></td>
+                        </tr>
+
+                        <?php
+                    }
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once "includes/filter_footer.php";
+ ?>
+        </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";

admin_audit_log.php

@@ -0,0 +1,305 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "log_id";
+$order = "DESC";
+
+require_once "includes/inc_all_admin.php";
+
+// User Filter
+if (isset($_GET['user']) & !empty($_GET['user'])) {
+    $user_query = 'AND (log_user_id = ' . intval($_GET['user']) . ')';
+    $user_filter = intval($_GET['user']);
+} else {
+    // Default - any
+    $user_query = '';
+    $user_filter = '';
+}
+
+// Client Filter
+if (isset($_GET['client']) & !empty($_GET['client'])) {
+    $client_query = 'AND (log_client_id = ' . intval($_GET['client']) . ')';
+    $client_filter = intval($_GET['client']);
+} else {
+    // Default - any
+    $client_query = '';
+    $client_filter = '';
+}
+
+// Log Type Filter
+if (isset($_GET['type']) & !empty($_GET['type'])) {
+    $log_type_query = "AND (log_type  = '" . sanitizeInput($_GET['type']) . "')";
+    $type_filter = nullable_htmlentities($_GET['type']);
+} else {
+    // Default - any
+    $log_type_query = '';
+    $type_filter = '';
+}
+
+// Log Action Filter
+if (isset($_GET['action']) & !empty($_GET['action'])) {
+    $log_action_query = "AND (log_action  = '" . sanitizeInput($_GET['action']) . "')";
+    $action_filter = nullable_htmlentities($_GET['action']);
+} else {
+    // Default - any
+    $log_action_query = '';
+    $action_filter = '';
+}
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM logs
+    LEFT JOIN users ON log_user_id = user_id
+    LEFT JOIN clients ON log_client_id = client_id
+    WHERE (log_type LIKE '%$q%' OR log_action LIKE '%$q%' OR log_description LIKE '%$q%' OR log_ip LIKE '%$q%' OR log_user_agent LIKE '%$q%' OR user_name LIKE '%$q%' OR client_name LIKE '%$q%')
+    AND DATE(log_created_at) BETWEEN '$dtf' AND '$dtt'
+    $user_query
+    $client_query
+    $log_type_query
+    $log_action_query
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>Audit Logs</h3>
+        </div>
+        <div class="card-body">
+            <form class="mb-4" autocomplete="off">
+                <div class="row">
+                    <div class="col-sm-4">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search audit logs">
+                            <div class="input-group-append">
+                                <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+                    
+                    <div class="col-sm-2">
+                        <div class="form-group">
+                            <select class="form-control select2" name="client" onchange="this.form.submit()">
+                                <option value="">- All Clients -</option>
+
+                                <?php
+                                $sql_clients_filter = mysqli_query($mysqli, "SELECT * FROM clients ORDER BY client_name ASC");
+                                while ($row = mysqli_fetch_array($sql_clients_filter)) {
+                                    $client_id = intval($row['client_id']);
+                                    $client_name = nullable_htmlentities($row['client_name']);
+                                ?>
+                                    <option <?php if ($client_filter == $client_id) { echo "selected"; } ?> value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
+                                <?php
+                                }
+                                ?>
+
+                            </select>
+                        </div>
+                    </div>
+
+                    <div class="col-sm-2">
+                        <div class="form-group">
+                            <select class="form-control select2" name="user" onchange="this.form.submit()">
+                                <option value="">- All Users -</option>
+
+                                <?php
+                                $sql_users_filter = mysqli_query($mysqli, "SELECT * FROM users ORDER BY user_name ASC");
+                                while ($row = mysqli_fetch_array($sql_users_filter)) {
+                                    $user_id = intval($row['user_id']);
+                                    $user_name = nullable_htmlentities($row['user_name']);
+                                ?>
+                                    <option <?php if ($user_filter == $user_id) { echo "selected"; } ?> value="<?php echo $user_id; ?>"><?php echo $user_name; ?></option>
+                                <?php
+                                }
+                                ?>
+
+                            </select>
+                        </div>
+                    </div>
+
+                    <div class="col-sm-2">
+                        <div class="form-group">
+                            <select class="form-control select2" name="type" onchange="this.form.submit()">
+                                <option value="">- All Types -</option>
+
+                                <?php
+                                $sql_types_filter = mysqli_query($mysqli, "SELECT DISTINCT log_type FROM logs ORDER BY log_type ASC");
+                                while ($row = mysqli_fetch_array($sql_types_filter)) {
+                                    $log_type = nullable_htmlentities($row['log_type']);
+                                ?>
+                                    <option <?php if ($type_filter == $log_type) { echo "selected"; } ?>><?php echo $log_type; ?></option>
+                                <?php
+                                }
+                                ?>
+
+                            </select>
+                        </div>
+                    </div>
+
+                    <div class="col-sm-2">
+                        <div class="form-group">
+                            <select class="form-control select2" name="action" onchange="this.form.submit()">
+                                <option value="">- All Actions -</option>
+
+                                <?php
+                                $sql_actions_filter = mysqli_query($mysqli, "SELECT DISTINCT log_action FROM logs ORDER BY log_action ASC");
+                                while ($row = mysqli_fetch_array($sql_actions_filter)) {
+                                    $log_action = nullable_htmlentities($row['log_action']);
+                                ?>
+                                    <option <?php if ($action_filter == $log_action) { echo "selected"; } ?>><?php echo $log_action; ?></option>
+                                <?php
+                                }
+                                ?>
+
+                            </select>
+                        </div>
+                    </div>
+                </div>
+                <div class="collapse mt-3 <?php if (!empty($_GET['dtf']) || $_GET['canned_date'] !== "custom" ) { echo "show"; } ?>" id="advancedFilter">
+                    <div class="row">
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Canned Date</label>
+                                <select onchange="this.form.submit()" class="form-control select2" name="canned_date">
+                                    <option <?php if ($_GET['canned_date'] == "custom") { echo "selected"; } ?> value="">Custom</option>
+                                    <option <?php if ($_GET['canned_date'] == "today") { echo "selected"; } ?> value="today">Today</option>
+                                    <option <?php if ($_GET['canned_date'] == "yesterday") { echo "selected"; } ?> value="yesterday">Yesterday</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisweek") { echo "selected"; } ?> value="thisweek">This Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastweek") { echo "selected"; } ?> value="lastweek">Last Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "thismonth") { echo "selected"; } ?> value="thismonth">This Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastmonth") { echo "selected"; } ?> value="lastmonth">Last Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisyear") { echo "selected"; } ?> value="thisyear">This Year</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastyear") { echo "selected"; } ?> value="lastyear">Last Year</option>
+                                </select>
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date From</label>
+                                <input onchange="this.form.submit()" type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date To</label>
+                                <input onchange="this.form.submit()" type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </form>
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-sm table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_created_at&order=<?php echo $disp; ?>">
+                                Timestamp <?php if ($sort == 'log_created_at') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_name&order=<?php echo $disp; ?>">
+                                User <?php if ($sort == 'user_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <?php if (empty($client)) { ?>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=client_name&order=<?php echo $disp; ?>">
+                                    Client <?php if ($sort == 'client_name') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                        <?php } ?>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_type&order=<?php echo $disp; ?>">
+                                Type <?php if ($sort == 'log_type') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_action&order=<?php echo $disp; ?>">
+                                Action <?php if ($sort == 'log_action') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_description&order=<?php echo $disp; ?>">
+                                Description <?php if ($sort == 'log_description') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_ip&order=<?php echo $disp; ?>">
+                                IP Address <?php if ($sort == 'log_ip') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=log_user_agent&order=<?php echo $disp; ?>">
+                                User Agent <?php if ($sort == 'log_user_agent') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $log_id = intval($row['log_id']);
+                        $log_type = nullable_htmlentities($row['log_type']);
+                        $log_action = nullable_htmlentities($row['log_action']);
+                        $log_description = nullable_htmlentities($row['log_description']);
+                        $log_ip = nullable_htmlentities($row['log_ip']);
+                        $log_user_agent = nullable_htmlentities($row['log_user_agent']);
+                        $log_user_os = getOS($log_user_agent);
+                        $log_user_browser = getWebBrowser($log_user_agent);
+                        $log_created_at = nullable_htmlentities($row['log_created_at']);
+                        $user_id = intval($row['user_id']);
+                        $user_name = nullable_htmlentities($row['user_name']);
+                        if (empty($user_name)) {
+                            $user_name_display = "-";
+                        } else {
+                            $user_name_display = $user_name;
+                        }
+                        $client_name = nullable_htmlentities($row['client_name']);
+                        $client_id = intval($row['client_id']);
+                        if (empty($client_name)) {
+                            $client_name_display = "-";
+                        } else {
+                            $client_name_display = "<a href='client_overview.php?client_id=$client_id'>$client_name</a>";
+                        }
+                        $log_entity_id = intval($row['log_entity_id']);
+
+                        ?>
+
+                        <tr>
+                            <td><?php echo $log_created_at; ?></td>
+                            <td><?php echo $user_name_display; ?></td>
+                            <?php if(empty($client)) { ?>
+                            <td><?php echo $client_name_display; ?></td>
+                            <?php } ?>
+                            <td><?php echo $log_type; ?></td>
+                            <td><?php echo $log_action; ?></td>
+                            <td><?php echo $log_description; ?></td>
+                            <td><?php echo $log_ip; ?></td>
+                            <td><?php echo "$log_user_os<div class='text-secondary'>$log_user_browser</div>"; ?></td>
+                        </tr>
+
+                        <?php
+                    }
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once "includes/filter_footer.php";
+ ?>
+        </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";
+

admin_backup.php

@@ -0,0 +1,38 @@
+<?php
+require_once "includes/inc_all_admin.php";
+?>
+
+<div class="card card-dark mb-3">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Download Database</h3>
+    </div>
+    <div class="card-body" style="text-align: center;">
+        <div class="alert alert-secondary">If you are unable to back up the entire VM, you'll need to back up the files & database individually. There is no built-in restore. See the <a href="https://docs.itflow.org/backups" target="_blank">docs here</a>.</div>
+        <a class="btn btn-primary btn-lg p-3" href="post.php?download_database&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download database</a>
+    </div>
+</div>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-key mr-2"></i>Backup Master Encryption Key</h3>
+    </div>
+    <div class="card-body">
+        <div class="card-body">
+            <form action="post.php" method="POST">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+                <div class="row d-flex justify-content-center">
+                    <div class="input-group col-4">
+                        <div class="input-group-prepend">
+                            <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
+                        </div>
+                        <button class="btn btn-primary" type="submit" name="backup_master_key"><i class="fas fa-fw fa-key mr-2"></i>Get Master Key</button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<?php
+require_once "includes/footer.php";
+

admin_bulk_mail.php

@@ -0,0 +1,153 @@
+<?php
+require_once "includes/inc_all_admin.php";
+
+
+$sql = mysqli_query($mysqli, "SELECT * FROM contacts
+    LEFT JOIN clients ON client_id = contact_client_id
+    WHERE client_archived_at IS NULL
+    AND contact_archived_at IS NULL
+    AND contact_email != ''
+    AND (contact_primary = 1 OR
+    contact_important = 1 OR
+    contact_billing = 1 OR
+    contact_technical = 1)
+    ORDER BY client_name ASC, contact_primary DESC,
+    contact_important DESC"
+);
+
+?>
+    
+
+<div class="card">
+    <div class="card-header">
+        <h3 class="card-title mt-2 mb-2"><i class="fa fa-fw fa-envelope-open mr-2"></i>Bulk Mail</h3>
+        <div class="card-tools">
+            <button id="bulkActionButton" hidden class="btn btn-primary" type="submit" form='bulkActions' name="send_bulk_mail_now">
+                <i class="fas fa-fw fa-paper-plane mr-2"></i>Send (<span id="selectedCount">0</span>)
+            </button>
+        </div>
+    </div>
+    <div class="card-body">
+        <form id="bulkActions" action="post.php" method="post">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <div class="row">
+                
+                <div class="col">
+
+                    <h5>Email Message</h5>
+
+                    <hr>
+                    
+                    <div class="form-group">
+                        <select type="text" class="form-control select2" name="mail_from">
+                            <option value="<?php echo nullable_htmlentities($config_mail_from_email); ?>">
+                                <?php echo nullable_htmlentities("$config_mail_from_name - $config_mail_from_email"); ?></option>
+                            <option value="<?php echo nullable_htmlentities($config_invoice_from_email); ?>">
+                                <?php echo nullable_htmlentities("$config_invoice_from_name - $config_invoice_from_email"); ?></option>
+                            <option value="<?php echo nullable_htmlentities($config_quote_from_email); ?>">
+                                <?php echo nullable_htmlentities("$config_quote_from_name - $config_quote_from_email"); ?></option>
+                            <option value="<?php echo nullable_htmlentities($config_ticket_from_email); ?>">
+                                <?php echo nullable_htmlentities("$config_ticket_from_name - $config_ticket_from_email"); ?></option>
+                        </select>
+                    </div>
+
+                    <div class="form-group">
+                        <input type="text" class="form-control" name="mail_from_name" placeholder="From Name" value="<?php echo nullable_htmlentities($config_mail_from_name); ?>" required>
+                    </div>
+
+                    <div class="form-group">
+                        <input type="text" class="form-control" name="subject" placeholder="Subject" required>
+                    </div>
+
+                    <div class="form-group">
+                        <textarea class="form-control tinymce" name="body" placeholder="Type an email in here"></textarea>
+                    </div>
+
+                    <div class="form-group">
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
+                            </div>
+                            <input type="datetime-local" class="form-control" name="queued_at">
+                        </div>
+                    </div>
+
+                </div>
+
+                <div class="col">
+
+                    <h5>Select Contacts</h5>
+                    <hr>
+                    <div class="card">
+                        <div class="table-responsive">
+                            <table class="table">
+                                <thead>
+                                    <tr>
+                                        <td>
+                                            <div class="form-check">
+                                                <input type="checkbox" class="form-check-input" id="selectAllCheckbox" onclick="checkAll(this)">
+                                            </div>
+                                        </td>
+                                        <th>Client</th>
+                                        <th>Name</th>
+                                        <th>Title</th>
+                                        <th>Email</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+
+                                <?php
+                                while ($row = mysqli_fetch_array($sql)) {
+                                    $contact_id = intval($row['contact_id']);
+                                    $contact_name = nullable_htmlentities($row['contact_name']);
+                                    $contact_title = nullable_htmlentities($row['contact_title']);
+                                    if (empty($contact_title)) {
+                                        $contact_title_display = "-";
+                                    } else {
+                                        $contact_title_display = "$contact_title";
+                                    }
+                                    $contact_email = nullable_htmlentities($row['contact_email']);
+                                    $contact_primary = intval($row['contact_primary']);
+                                    $contact_important = intval($row['contact_important']);
+                                    $contact_billing = intval($row['contact_billing']);
+                                    $contact_technical = intval($row['contact_technical']);
+                                    $contact_client_id = intval($row['contact_client_id']);
+                                    $client_name = nullable_htmlentities($row['client_name']);
+                                ?>
+                                <tr>
+                                    <td>
+                                        <div class="form-check">
+                                            <input type="checkbox" class="form-check-input bulk-select" name="contact_ids[]" value="<?php echo $contact_id; ?>">
+                                        </div>
+                                    </td>
+                                    <td><?php echo $client_name; ?></td>
+                                    <td>
+                                        <a href="client_contact_details.php?client_id=<?php echo $contact_client_id; ?>&contact_id=<?php echo $contact_id; ?>" target="_blank">
+                                            <?php echo $contact_name; ?>
+                                        </a>
+                                    </td>
+                                    <td><?php echo $contact_title_display; ?></td>
+                                    <td><?php echo $contact_email; ?></td>
+                                </tr>
+                                <?php } ?>
+                                </tbody>
+                            </table>
+                        </div>
+                        
+                    </div>
+                
+                </div>
+
+            </div>
+
+        </form>
+    </div>
+</div>
+
+
+<script src="js/bulk_actions.js"></script>
+
+<?php
+
+require_once "includes/footer.php";

admin_category.php

@@ -0,0 +1,197 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "category_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+if (isset($_GET['category'])) {
+    $category = sanitizeInput($_GET['category']);
+} else {
+    $category = "Expense";
+}
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM categories
+    WHERE category_name LIKE '%$q%'
+    AND category_type = '$category'
+    AND category_$archive_query
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+if (isset($_GET['archived'])) {
+    $category = "Archived";
+}
+
+?>
+
+
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fa fa-fw fa-list-ul mr-2"></i>
+            <?php echo nullable_htmlentities($category); ?> Categories
+        </h3>
+        <?php
+            if (!isset($_GET['archived'])) {
+        ?>
+        <div class="card-tools">
+            <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i
+                    class="fas fa-plus mr-2"></i>New <?php echo nullable_htmlentities($category); ?> Category</button>
+        </div>
+        <?php
+            }
+        ?>
+    </div>
+    <div class="card-body">
+        <form autocomplete="off">
+            <input type="hidden" name="category" value="<?php echo nullable_htmlentities($category); ?>">
+            <div class="row">
+                <div class="col-sm-4 mb-2">
+                    <div class="input-group">
+                        <input type="search" class="form-control" name="q"
+                            value="<?php if (isset($q)) {
+                                echo stripslashes(nullable_htmlentities($q));
+                            } ?>"
+                            placeholder="Search <?php echo nullable_htmlentities($category); ?> Categories ">
+                        <div class="input-group-append">
+                            <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                        </div>
+                    </div>
+                </div>
+                <div class="col-sm-8">
+                    <div class="btn-group float-right">
+                        <a href="?category=Expense"
+                            class="btn <?php if ($category == 'Expense') {
+                                echo 'btn-primary';
+                            } else {
+                                echo 'btn-default';
+                            } ?>">Expense</a>
+                        <a href="?category=Income"
+                            class="btn <?php if ($category == 'Income') {
+                                echo 'btn-primary';
+                            } else {
+                                echo 'btn-default';
+                            } ?>">Income</a>
+                        <a href="?category=Referral"
+                            class="btn <?php if ($category == 'Referral') {
+                                echo 'btn-primary';
+                            } else {
+                                echo 'btn-default';
+                            } ?>">Referral</a>
+                        <a href="?category=Payment Method"
+                            class="btn <?php if ($category == 'Payment Method') {
+                                echo 'btn-primary';
+                            } else {
+                                echo 'btn-default';
+                            } ?>">Payment
+                            Method</a>
+                        <a href="?category=Ticket"
+                           class="btn <?php if ($category == 'Ticket') {
+                               echo 'btn-primary';
+                           } else {
+                               echo 'btn-default';
+                           } ?>">Ticket</a>
+                        <a href="?archived=1"
+                            class="btn <?php if (isset($_GET['archived'])) {
+                                echo 'btn-primary';
+                            } else {
+                                echo 'btn-default';
+                            } ?>"><i
+                                class="fas fa-fw fa-archive mr-2"></i>Archived</a>
+                    </div>
+                </div>
+            </div>
+        </form>
+        <hr>
+        <div class="table-responsive-sm">
+            <table class="table table-striped table-borderless table-hover">
+                <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=category_name&order=<?php echo $disp; ?>">
+                                Name <?php if ($sort == 'category_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>Color</th>
+                        <th class="text-center">Action</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $category_id = intval($row['category_id']);
+                        $category_name = nullable_htmlentities($row['category_name']);
+                        $category_color = nullable_htmlentities($row['category_color']);
+
+                        ?>
+                        <tr>
+                            <td><a class="text-dark" href="#" data-toggle="modal"
+                                    data-target="#editCategoryModal<?php echo $category_id; ?>">
+                                    <?php echo $category_name; ?>
+                                </a></td>
+                            <td><i class="fa fa-3x fa-circle" style="color:<?php echo $category_color; ?>;"></i></td>
+                            <td>
+                                <div class="dropdown dropleft text-center">
+                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                        <i class="fas fa-ellipsis-h"></i>
+                                    </button>
+                                    <div class="dropdown-menu">
+                                        <?php
+                                        if ($category == "Archived") {
+                                            ?>
+                                            <a class="dropdown-item text-success confirm-link"
+                                                href="post.php?unarchive_category=<?php echo $category_id; ?>">
+                                                <i class="fas fa-fw fa-archive mr-2"></i>Unarchive
+                                            </a>
+                                            <a class="dropdown-item text-danger confirm-link"
+                                                href="post.php?delete_category=<?php echo $category_id; ?>">
+                                                <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                            </a>
+                                            <?php
+                                        } else {
+                                            ?>
+                                            <a class="dropdown-item" href="#" data-toggle="modal"
+                                                data-target="#editCategoryModal<?php echo $category_id; ?>">
+                                                <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                            </a>
+                                            <a class="dropdown-item text-danger confirm-link"
+                                                href="post.php?archive_category=<?php echo $category_id; ?>">
+                                                <i class="fas fa-fw fa-archive mr-2"></i>Archive
+                                            </a>
+                                            <?php
+                                        }
+                                        ?>
+                                    </div>
+                                </div>
+                            </td>
+                        </tr>
+
+                        <?php
+
+                        require "modals/admin_category_edit_modal.php";
+
+                    }
+
+                    ?>
+
+                </tbody>
+            </table>
+        </div>
+        <?php require_once "includes/filter_footer.php";
+ ?>
+    </div>
+</div>
+
+<?php
+require_once "modals/admin_category_add_modal.php";
+
+require_once "includes/footer.php";

admin_custom_link.php

@@ -0,0 +1,153 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "custom_link_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM custom_links
+    WHERE custom_link_name LIKE '%$q%'
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fas fa-fw fa-external-link-alt mr-2"></i>Custom Links</h3>
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLinkModal"><i class="fas fa-plus mr-2"></i>New Link</button>
+            </div>
+        </div>
+
+        <div class="card-body">
+            <div class="row">
+                <div class="col-sm-4 mb-2">
+                    <form autocomplete="off">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Links">
+                            <div class="input-group-append">
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+                <div class="col-sm-8">
+                </div>
+            </div>
+
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=custom_link_name&order=<?php echo $disp; ?>">
+                                Name <?php if ($sort == 'custom_link_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=custom_link_order&order=<?php echo $disp; ?>">
+                                Order <?php if ($sort == 'custom_link_order') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=custom_link_uri&order=<?php echo $disp; ?>">
+                                URI / <span class="text-secondary">New Tab</span> <?php if ($sort == 'custom_link_uri') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=custom_link_location&order=<?php echo $disp; ?>">
+                                Location <?php if ($sort == 'custom_link_location') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th class="text-center">Action</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $custom_link_id = intval($row['custom_link_id']);
+                        $custom_link_name = nullable_htmlentities($row['custom_link_name']);
+                        $custom_link_uri = nullable_htmlentities($row['custom_link_uri']);
+                        $custom_link_icon = nullable_htmlentities($row['custom_link_icon']);
+                        $custom_link_new_tab = intval($row['custom_link_new_tab']);
+                        if ($custom_link_new_tab == 1 ) {
+                            $custom_link_new_tab_display = "<i class='fas fa-fw fa-checkmark'></i>";
+                        } else {
+                            $custom_link_new_tab_display = "";
+                        }
+                        $custom_link_order = intval($row['custom_link_order']);
+                        if ($custom_link_order == 0 ) {
+                            $custom_link_order_display = "-";
+                        } else {
+                            $custom_link_order_display = $custom_link_order;
+                        }
+                        $custom_link_location = intval($row['custom_link_location']);
+                        if ($custom_link_location == 1) {
+                            $custom_link_location_display = "Main Side Nav";
+                        } else {
+                            $custom_link_location_display = "Top Nav";
+                        }
+
+                        ?>
+                        <tr>
+                            <td>
+                                <a href="#" data-toggle="modal" data-target="#editLinkModal<?php echo $custom_link_id; ?>">
+                                    <i class="fa fa-fw fa-<?php echo $custom_link_icon; ?> mr-2"></i>
+                                    <?php echo $custom_link_name;?>
+                                </a>
+                            </td>
+                            <td><?php echo $custom_link_order_display; ?></td>
+                            <td><?php echo "$custom_link_uri $custom_link_new_tab_display"; ?></td>
+                            <td><?php echo $custom_link_location_display; ?></td>
+                            <td>
+                                <div class="dropdown dropleft text-center">
+                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                        <i class="fas fa-ellipsis-h"></i>
+                                    </button>
+                                    <div class="dropdown-menu">
+                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLinkModal<?php echo $custom_link_id; ?>">
+                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                        </a>
+                                        <div class="dropdown-divider"></div>
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_custom_link=<?php echo $custom_link_id; ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                        </a>
+                                    </div>
+                                </div>
+                            </td>
+                        </tr>
+
+                        <?php
+
+                        require "modals/admin_custom_link_edit_modal.php";
+
+
+                    }
+
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once "includes/filter_footer.php";
+ ?>
+        </div>
+    </div>
+
+<?php
+require_once "modals/admin_custom_link_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_debug.php

@@ -0,0 +1,757 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+require_once "includes/database_version.php";
+require_once "config.php";
+
+$checks = [];
+
+// Execute the git command to get the latest commit hash
+$commitHash = shell_exec('git log -1 --format=%H');
+
+// Get branch info
+$gitBranch = shell_exec('git rev-parse --abbrev-ref HEAD');
+
+// Section: System Information
+$systemInfo = [];
+
+// Operating System and Version
+$os = php_uname();
+$systemInfo[] = [
+    'name' => 'Operating System',
+    'value' => $os,
+];
+
+// Web Server and Version
+$webServer = $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown';
+$systemInfo[] = [
+    'name' => 'Web Server',
+    'value' => $webServer,
+];
+
+// Kernel and Version
+$kernelVersion = php_uname('r');
+$systemInfo[] = [
+    'name' => 'Kernel Version',
+    'value' => $kernelVersion,
+];
+
+// Database and Version
+$dbVersion = $mysqli->server_info;
+$systemInfo[] = [
+    'name' => 'Database Version',
+    'value' => $dbVersion,
+];
+
+// Section: PHP Extensions
+$phpExtensions = [];
+$extensions = [
+    'php-mailparse' => 'mailparse',
+    'php-imap' => 'imap',
+    'php-mysqli' => 'mysqli',
+    'php-intl' => 'intl',
+    'php-curl' => 'curl',
+    'php-mbstring' => 'mbstring',
+    'php-gd' => 'gd',
+];
+
+foreach ($extensions as $name => $ext) {
+    $loaded = extension_loaded($ext);
+    $phpExtensions[] = [
+        'name' => "$name installed",
+        'passed' => $loaded,
+        'value' => $loaded ? 'Installed' : 'Not Installed',
+    ];
+}
+
+// Section: PHP Configuration
+$phpConfig = [];
+
+// Check if shell_exec is enabled
+$disabled_functions = explode(',', ini_get('disable_functions'));
+$disabled_functions = array_map('trim', $disabled_functions);
+$shell_exec_enabled = !in_array('shell_exec', $disabled_functions);
+
+$phpConfig[] = [
+    'name' => 'shell_exec is enabled',
+    'passed' => $shell_exec_enabled,
+    'value' => $shell_exec_enabled ? 'Enabled' : 'Disabled',
+];
+
+// Check upload_max_filesize and post_max_size >= 500M
+function return_bytes($val) {
+    $val = trim($val);
+    $unit = strtolower(substr($val, -1));
+    $num = (float)$val;
+    switch ($unit) {
+        case 'g':
+            $num *= 1024;
+        case 'm':
+            $num *= 1024;
+        case 'k':
+            $num *= 1024;
+    }
+    return $num;
+}
+
+$required_bytes = 500 * 1024 * 1024; // 500M in bytes
+
+$upload_max_filesize = ini_get('upload_max_filesize');
+$post_max_size = ini_get('post_max_size');
+
+$upload_passed = return_bytes($upload_max_filesize) >= $required_bytes;
+$post_passed = return_bytes($post_max_size) >= $required_bytes;
+
+$phpConfig[] = [
+    'name' => 'upload_max_filesize >= 500M',
+    'passed' => $upload_passed,
+    'value' => $upload_max_filesize,
+];
+
+$phpConfig[] = [
+    'name' => 'post_max_size >= 500M',
+    'passed' => $post_passed,
+    'value' => $post_max_size,
+];
+
+// PHP Memory Limit >= 128M
+$memoryLimit = ini_get('memory_limit');
+$memoryLimitBytes = return_bytes($memoryLimit);
+$memoryLimitPassed = $memoryLimitBytes >= (128 * 1024 * 1024);
+$phpConfig[] = [
+    'name' => 'PHP Memory Limit >= 128M',
+    'passed' => $memoryLimitPassed,
+    'value' => $memoryLimit,
+];
+
+// Max Execution Time >= 300 seconds
+$maxExecutionTime = ini_get('max_execution_time');
+$maxExecutionTimePassed = $maxExecutionTime >= 300;
+$phpConfig[] = [
+    'name' => 'Max Execution Time >= 300 seconds',
+    'passed' => $maxExecutionTimePassed,
+    'value' => $maxExecutionTime . ' seconds',
+];
+
+// Check PHP version >= 8.2.0
+$php_version = PHP_VERSION;
+$php_passed = version_compare($php_version, '8.2.0', '>=');
+
+$phpConfig[] = [
+    'name' => 'PHP version >= 8.2.0',
+    'passed' => $php_passed,
+    'value' => $php_version,
+];
+
+// Section: Shell Commands
+$shellCommands = [];
+
+if ($shell_exec_enabled) {
+    $commands = ['whois', 'dig', 'git'];
+
+    foreach ($commands as $command) {
+        $which = trim(shell_exec("which $command 2>/dev/null"));
+        $exists = !empty($which);
+        $shellCommands[] = [
+            'name' => "Command '$command' available",
+            'passed' => $exists,
+            'value' => $exists ? $which : 'Not Found',
+        ];
+    }
+} else {
+    // If shell_exec is disabled, mark commands as unavailable
+    foreach (['whois', 'dig', 'git'] as $command) {
+        $shellCommands[] = [
+            'name' => "Command '$command' available",
+            'passed' => false,
+            'value' => 'shell_exec Disabled',
+        ];
+    }
+}
+
+// Section: SSL Checks
+$sslChecks = [];
+
+// Check if accessing via HTTPS
+$https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
+$sslChecks[] = [
+    'name' => 'Accessing via HTTPS',
+    'passed' => $https,
+    'value' => $https ? 'Yes' : 'No',
+];
+
+// SSL Certificate Validity Check
+if ($https) {
+    $streamContext = stream_context_create(["ssl" => ["capture_peer_cert" => true]]);
+    $socket = @stream_socket_client("ssl://{$_SERVER['HTTP_HOST']}:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $streamContext);
+
+    if ($socket) {
+        $params = stream_context_get_params($socket);
+        $cert = $params['options']['ssl']['peer_certificate'];
+        $certInfo = openssl_x509_parse($cert);
+
+        $validFrom = $certInfo['validFrom_time_t'];
+        $validTo = $certInfo['validTo_time_t'];
+        $currentTime = time();
+
+        $certValid = ($currentTime >= $validFrom && $currentTime <= $validTo);
+
+        $sslChecks[] = [
+            'name' => 'SSL Certificate is valid',
+            'passed' => $certValid,
+            'value' => $certValid ? 'Valid' : 'Invalid or Expired',
+        ];
+    } else {
+        $sslChecks[] = [
+            'name' => 'SSL Certificate is valid',
+            'passed' => false,
+            'value' => 'Unable to retrieve certificate',
+        ];
+    }
+} else {
+    $sslChecks[] = [
+        'name' => 'SSL Certificate is valid',
+        'passed' => false,
+        'value' => 'Not using HTTPS',
+    ];
+}
+
+// Section: Domain Checks
+$domainChecks = [];
+
+// Check if the site has a valid FQDN
+$fqdn = $_SERVER['HTTP_HOST'];
+$isValidFqdn = (bool) filter_var('http://' . $fqdn, FILTER_VALIDATE_URL) && preg_match('/^[a-z0-9.-]+\.[a-z]{2,}$/i', $fqdn);
+
+$domainChecks[] = [
+    'name' => 'Site has a valid FQDN',
+    'passed' => $isValidFqdn,
+    'value' => $fqdn,
+];
+
+// Section: File Permissions
+$filePermissions = [];
+
+// Check if web user has write access to webroot directory
+$webroot = $_SERVER['DOCUMENT_ROOT'];
+$writable = is_writable($webroot);
+$filePermissions[] = [
+    'name' => 'Web user has write access to webroot directory',
+    'passed' => $writable,
+    'value' => $webroot,
+];
+
+// Section: Uploads Directory Stats
+$uploadsStats = [];
+
+// Define the uploads directory path
+$uploadsDir = __DIR__ . '/uploads'; // Adjust the path if needed
+
+if (is_dir($uploadsDir)) {
+    // Function to recursively count files and calculate total size
+    function getDirStats($dir) {
+        $files = 0;
+        $size = 0;
+
+        $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir));
+        foreach ($iterator as $file) {
+            if ($file->isFile()) {
+                $files++;
+                $size += $file->getSize();
+            }
+        }
+        return ['files' => $files, 'size' => $size];
+    }
+
+    $stats = getDirStats($uploadsDir);
+    $sizeInMB = round($stats['size'] / (1024 * 1024), 2);
+
+    $uploadsStats[] = [
+        'name' => 'Number of files in uploads directory',
+        'value' => $stats['files'],
+    ];
+
+    $uploadsStats[] = [
+        'name' => 'Total size of uploads directory (MB)',
+        'value' => $sizeInMB . ' MB',
+    ];
+} else {
+    $uploadsStats[] = [
+        'name' => 'Uploads directory exists',
+        'value' => 'Directory not found',
+    ];
+}
+
+// Section: Database Stats
+$databaseStats = [];
+
+// Get list of tables
+$tablesResult = $mysqli->query("SHOW TABLE STATUS");
+if ($tablesResult) {
+    $totalTables = 0;
+    $totalFields = 0;
+    $totalRows = 0;
+    $totalSize = 0;
+    $tableDetails = [];
+
+    while ($table = $tablesResult->fetch_assoc()) {
+        $tableName = $table['Name'];
+        $tableRows = $table['Rows'];
+        $dataLength = $table['Data_length'];
+        $indexLength = $table['Index_length'];
+        $tableSize = ($dataLength + $indexLength) / (1024 * 1024); // Size in MB
+
+        // Get number of fields
+        $fieldsResult = $mysqli->query("SHOW COLUMNS FROM `$tableName`");
+        $numFields = $fieldsResult->num_rows;
+        $fieldsResult->free();
+
+        $totalTables++;
+        $totalFields += $numFields;
+        $totalRows += $tableRows;
+        $totalSize += $tableSize;
+
+        $tableDetails[] = [
+            'name' => $tableName,
+            'fields' => $numFields,
+            'rows' => $tableRows,
+            'size' => round($tableSize, 2),
+        ];
+    }
+    $tablesResult->free();
+
+    $databaseStats[] = [
+        'name' => 'Total number of tables',
+        'value' => $totalTables,
+    ];
+    $databaseStats[] = [
+        'name' => 'Total number of fields',
+        'value' => $totalFields,
+    ];
+    $databaseStats[] = [
+        'name' => 'Total number of rows',
+        'value' => $totalRows,
+    ];
+    $databaseStats[] = [
+        'name' => 'Total database size (MB)',
+        'value' => round($totalSize, 2) . ' MB',
+    ];
+} else {
+    $databaseStats[] = [
+        'name' => 'Database connection error',
+        'value' => $mysqli->error,
+    ];
+}
+
+// Section: Database Structure Comparison
+$dbComparison = [];
+
+// Path to the db.sql file
+$dbSqlFile = __DIR__ . '/db.sql';
+
+if (file_exists($dbSqlFile)) {
+    // Read the db.sql file
+    $sqlContent = file_get_contents($dbSqlFile);
+
+    // Remove comments and empty lines
+    $lines = explode("\n", $sqlContent);
+    $sqlStatements = [];
+    $statement = '';
+
+    foreach ($lines as $line) {
+        // Remove single-line comments
+        $line = preg_replace('/--.*$/', '', $line);
+        $line = preg_replace('/\/\*.*?\*\//', '', $line);
+
+        // Skip empty lines
+        if (trim($line) == '') {
+            continue;
+        }
+
+        // Append line to the current statement
+        $statement .= $line . "\n";
+
+        // Check if the statement ends with a semicolon
+        if (preg_match('/;\s*$/', $line)) {
+            $sqlStatements[] = $statement;
+            $statement = '';
+        }
+    }
+
+    // Parse the CREATE TABLE statements
+    $sqlTables = [];
+
+    foreach ($sqlStatements as $sql) {
+        if (preg_match('/CREATE TABLE\s+`?([^` ]+)`?\s*\((.*)\)(.*?);/msi', $sql, $match)) {
+            $tableName = $match[1];
+            $columnsDefinition = $match[2];
+
+            // Extract column names and data types
+            $columns = [];
+            $columnLines = explode("\n", $columnsDefinition);
+            foreach ($columnLines as $line) {
+                $line = trim($line);
+                // Skip empty lines and lines that do not define columns
+                if ($line == '' || strpos($line, 'PRIMARY KEY') !== false || strpos($line, 'UNIQUE KEY') !== false || strpos($line, 'KEY') === 0 || strpos($line, 'CONSTRAINT') === 0 || strpos($line, ')') === 0) {
+                    continue;
+                }
+
+                // Remove trailing comma if present
+                $line = rtrim($line, ',');
+
+                // Match column definition
+                if (preg_match('/^`([^`]+)`\s+(.+)/', $line, $colMatch)) {
+                    $colName = $colMatch[1];
+                    $colDefinition = $colMatch[2];
+
+                    // Extract the data type from the column definition
+                    $tokens = preg_split('/\s+/', $colDefinition);
+                    $colType = $tokens[0];
+
+                    // Handle data types with parentheses (e.g., varchar(255), decimal(15,2))
+                    if (preg_match('/^([a-zA-Z]+)\(([^)]+)\)/', $colType, $typeMatch)) {
+                        $colType = $typeMatch[1] . '(' . $typeMatch[2] . ')';
+                    }
+
+                    $columns[$colName] = $colType;
+                }
+            }
+            $sqlTables[$tableName] = $columns;
+        }
+    }
+
+    // Get current database table structures
+    $dbTables = [];
+    $tablesResult = $mysqli->query("SHOW TABLES");
+    while ($row = $tablesResult->fetch_row()) {
+        $tableName = $row[0];
+        $columnsResult = $mysqli->query("SHOW COLUMNS FROM `$tableName`");
+        $columns = [];
+        while ($col = $columnsResult->fetch_assoc()) {
+            $columns[$col['Field']] = $col['Type'];
+        }
+        $columnsResult->free();
+        $dbTables[$tableName] = $columns;
+    }
+    $tablesResult->free();
+
+    // Compare the structures
+    foreach ($sqlTables as $tableName => $sqlColumns) {
+        if (!isset($dbTables[$tableName])) {
+            $dbComparison[] = [
+                'name' => "Table `$tableName` missing in database",
+                'status' => 'Missing Table',
+            ];
+            continue;
+        }
+
+        // Compare columns
+        $dbColumns = $dbTables[$tableName];
+        foreach ($sqlColumns as $colName => $colType) {
+            if (!isset($dbColumns[$colName])) {
+                $dbComparison[] = [
+                    'name' => "Column `$colName` missing in table `$tableName`",
+                    'status' => 'Missing Column',
+                ];
+            } else {
+                // Normalize data types for comparison
+                $sqlColType = strtolower($colType);
+                $dbColType = strtolower($dbColumns[$colName]);
+
+                // Remove attributes and constraints
+                $sqlColType = preg_replace('/\s+.*$/', '', $sqlColType);
+                $dbColType = preg_replace('/\s+.*$/', '', $dbColType);
+
+                // Remove additional attributes like unsigned, zerofill, etc.
+                $sqlColType = preg_replace('/\s+unsigned|\s+zerofill|\s+binary/', '', $sqlColType);
+                $dbColType = preg_replace('/\s+unsigned|\s+zerofill|\s+binary/', '', $dbColType);
+
+                if ($sqlColType != $dbColType) {
+                    $dbComparison[] = [
+                        'name' => "Data type mismatch for `$colName` in table `$tableName`",
+                        'status' => "Expected: $colType, Found: {$dbColumns[$colName]}",
+                    ];
+                }
+            }
+        }
+
+        // Check for extra columns in the database that are not in the SQL file
+        foreach ($dbColumns as $colName => $colType) {
+            if (!isset($sqlColumns[$colName])) {
+                $dbComparison[] = [
+                    'name' => "Extra column `$colName` in table `$tableName` not present in db.sql",
+                    'status' => 'Extra Column',
+                ];
+            }
+        }
+    }
+
+    // Check for tables in the database not present in the db.sql file
+    foreach ($dbTables as $tableName => $dbColumns) {
+        if (!isset($sqlTables[$tableName])) {
+            $dbComparison[] = [
+                'name' => "Extra table `$tableName` in database not present in db.sql",
+                'status' => 'Extra Table',
+            ];
+        }
+    }
+} else {
+    $dbComparison[] = [
+        'name' => 'db.sql file not found',
+        'status' => 'File Missing',
+    ];
+}
+
+$mysqli->close();
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-bug mr-2"></i>Debug</h3>
+    </div>
+    <div class="card-body">
+
+        <h2>Debugging</h2>
+        <ul>
+            <li>If you are experiencing a problem with ITFlow, this page should help you identify any configuration issues.</li>
+            <li>Note: You might also need to gather <a href="https://docs.itflow.org/gathering_logs#error_logs">error logs</a></li>
+        </ul>
+        <hr>
+
+        <table class="table table-bordered mb-3">
+            <tr>
+                <th>ITFlow release version</th>
+                <th><?php echo APP_VERSION; ?></th>
+            </tr>
+            <tr>
+                <td>Current DB Version</td>
+                <td><?php echo CURRENT_DATABASE_VERSION; ?></td>
+            </tr>
+            <tr>
+                <td>Current Code Commit</td>
+                <td><?php echo $commitHash; ?></td>
+            </tr>
+            <tr>
+                <td>Current Branch</td>
+                <td><?php echo $gitBranch; ?></td>
+            </tr>
+        </table>
+
+        <!-- System Information Table -->
+        <h3>System Information</h3>
+        <table class="table table-sm table-bordered">
+            <tbody>
+                <?php foreach ($systemInfo as $info): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($info['name']); ?></td>
+                        <td><?= htmlspecialchars($info['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+        <!-- PHP Extensions and Configuration Table -->
+        <h3 class="mt-3">PHP Extensions and Configuration</h3>
+        <table class="table table-sm table-bordered">
+            <!-- PHP Extensions Section -->
+            <thead>
+                <tr class="table-secondary">
+                    <th colspan="3">PHP Extensions</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($phpExtensions as $check): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($check['name']); ?></td>
+                        <td class="text-center">
+                            <?php if ($check['passed']): ?>
+                                <i class="fas fa-check" style="color:green"></i>
+                            <?php else: ?>
+                                <i class="fas fa-times" style="color:red"></i>
+                            <?php endif; ?>
+                        </td>
+                        <td><?= htmlspecialchars($check['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+            <!-- PHP Configuration Section -->
+            <thead>
+                <tr class="table-secondary">
+                    <th colspan="3">PHP Configuration</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($phpConfig as $check): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($check['name']); ?></td>
+                        <td class="text-center">
+                            <?php if ($check['passed']): ?>
+                                <i class="fas fa-check" style="color:green"></i>
+                            <?php else: ?>
+                                <i class="fas fa-times" style="color:red"></i>
+                            <?php endif; ?>
+                        </td>
+                        <td><?= htmlspecialchars($check['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+            <thead>
+                <tr class="table-secondary">
+                    <th colspan="3">Shell Commands</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($shellCommands as $check): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($check['name']); ?></td>
+                        <td class="text-center">
+                            <?php if ($check['passed']): ?>
+                                <i class="fas fa-check" style="color:green"></i>
+                            <?php else: ?>
+                                <i class="fas fa-times" style="color:red"></i>
+                            <?php endif; ?>
+                        </td>
+                        <td><?= htmlspecialchars($check['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+            <thead>
+                <tr class="table-secondary">
+                    <th colspan="3">SSL Checks</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($sslChecks as $check): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($check['name']); ?></td>
+                        <td class="text-center">
+                            <?php if ($check['passed']): ?>
+                                <i class="fas fa-check" style="color:green"></i>
+                            <?php else: ?>
+                                <i class="fas fa-times" style="color:red"></i>
+                            <?php endif; ?>
+                        </td>
+                        <td><?= htmlspecialchars($check['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+            <thead>
+                <tr class="table-secondary">
+                    <th colspan="3">Domain Checks</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($domainChecks as $check): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($check['name']); ?></td>
+                        <td class="text-center">
+                            <?php if ($check['passed']): ?>
+                                <i class="fas fa-check" style="color:green"></i>
+                            <?php else: ?>
+                                <i class="fas fa-times" style="color:red"></i>
+                            <?php endif; ?>
+                        </td>
+                        <td><?= htmlspecialchars($check['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+
+            <!-- File Permissions Table -->
+            <thead>
+                <tr class="table-secondary">
+                    <th colspan="3">File Permissions</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($filePermissions as $check): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($check['name']); ?></td>
+                        <td class="text-center">
+                            <?php if ($check['passed']): ?>
+                                <i class="fas fa-check" style="color:green"></i>
+                            <?php else: ?>
+                                <i class="fas fa-times" style="color:red"></i>
+                            <?php endif; ?>
+                        </td>
+                        <td><?= htmlspecialchars($check['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+        
+
+        <!-- Database Structure Comparison Table -->
+        <h3 class="mt-3">Database Structure Comparison</h3>
+        <table class="table table-sm table-bordered">
+            <tbody>
+                <?php if (!empty($dbComparison)): ?>
+                    <?php foreach ($dbComparison as $issue): ?>
+                        <tr>
+                            <td><?= htmlspecialchars($issue['name']); ?></td>
+                            <td colspan="2"><?= htmlspecialchars($issue['status']); ?></td>
+                        </tr>
+                    <?php endforeach; ?>
+                <?php else: ?>
+                    <tr>
+                        <td colspan="3">No discrepancies found between the database and db.sql file.</td>
+                    </tr>
+                <?php endif; ?>
+            </tbody>
+        </table>
+
+        <!-- Uploads Directory Stats Table -->
+        <h3 class="mt-3">Uploads Directory Stats</h3>
+        <table class="table table-sm table-bordered">
+            <tbody>
+                <?php foreach ($uploadsStats as $stat): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($stat['name']); ?></td>
+                        <td colspan="2"><?= htmlspecialchars($stat['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+        <!-- Database Stats Table -->
+        <h3 class="mt-3">Database Stats</h3>
+        <table class="table table-sm table-bordered">
+            <tbody>
+                <?php foreach ($databaseStats as $stat): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($stat['name']); ?></td>
+                        <td colspan="2"><?= htmlspecialchars($stat['value']); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+        <!-- Table Stats Table -->
+        <h3 class="mt-3">Table Stats</h3>
+        <table class="table table-sm table-bordered">
+            <thead>
+                <tr>
+                    <th>Table Name</th>
+                    <th>Fields / Rows</th>
+                    <th>Size (MB)</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($tableDetails as $table): ?>
+                    <tr>
+                        <td><?= htmlspecialchars($table['name']); ?></td>
+                        <td><?= htmlspecialchars("Fields: {$table['fields']}, Rows: {$table['rows']}"); ?></td>
+                        <td><?= htmlspecialchars($table['size'] . ' MB'); ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+    </div>
+
+</div>
+
+<?php
+
+require_once "includes/footer.php";
+

admin_document_template.php

@@ -0,0 +1,170 @@
+<?php
+
+    // Default Column Sort by Filter
+    $sort = "document_name";
+    $order = "ASC";
+
+    require_once "includes/inc_all_admin.php";
+
+    // Search query SQL snippet
+    if (!empty($q)) {
+        $query_snippet = "AND (MATCH(document_content_raw) AGAINST ('$q') OR document_name LIKE '%$q%')";
+    } else {
+        $query_snippet = ""; // empty
+    }
+
+    // Rebuild URL
+    $url_query_strings_sort = http_build_query($get_copy);
+
+    $sql = mysqli_query(
+        $mysqli,
+        "SELECT SQL_CALC_FOUND_ROWS * FROM documents
+        LEFT JOIN users ON document_created_by = user_id
+        WHERE document_template = 1
+        $query_snippet
+        ORDER BY $sort $order LIMIT $record_from, $record_to"
+    );
+
+    $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fa fa-fw fa-file mr-2"></i>Document Templates</h3>
+        <div class="card-tools">
+            <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addDocumentTemplateModal">
+                <i class="fas fa-plus mr-2"></i>New Template
+            </button>
+        </div>
+    </div>
+    <div class="card-body">
+
+        <form autocomplete="off">
+            <div class="input-group">
+                <input type="search" class="form-control " name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search templates">
+                <div class="input-group-append">
+                    <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
+                </div>
+            </div>
+        </form>
+        <hr>
+
+        <div class="table-responsive-sm">
+            <table class="table table-striped table-borderless table-hover">
+                <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=document_name&order=<?php echo $disp; ?>">
+                                Template Name <?php if ($sort == 'document_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=document_created_at&order=<?php echo $disp; ?>">
+                                Created <?php if ($sort == 'document_created_at') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=document_updated_at&order=<?php echo $disp; ?>">
+                                Updated <?php if ($sort == 'document_updated_at') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th class="text-center">
+                            Action
+                        </th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php
+
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $document_id = intval($row['document_id']);
+                            $document_name = nullable_htmlentities($row['document_name']);
+                            $document_description = nullable_htmlentities($row['document_description']);
+                            $document_content = nullable_htmlentities($row['document_content']);
+                            $document_created_by_name = nullable_htmlentities($row['user_name']);
+                            $document_created_at = nullable_htmlentities($row['document_created_at']);
+                            $document_updated_at = nullable_htmlentities($row['document_updated_at']);
+                            $document_folder_id = intval($row['document_folder_id']);
+
+                    ?>
+
+                    <tr>
+                        <td>
+                            <a class="text-bold" href="admin_document_template_details.php?document_id=<?php echo $document_id; ?>"><i class="fas fa-fw fa-file-alt text-dark"></i> <?php echo $document_name; ?></a>
+                            <div class="mt-1 text-secondary"><?php echo $document_description; ?></div>
+                        </td>
+                        <td>
+                            <?php echo $document_created_at; ?>
+                            <div class="text-secondary"><?php echo $document_created_by_name; ?></div>
+                        </td>
+                        <td><?php echo $document_updated_at; ?></td>
+                        <td>
+                            <div class="dropdown dropleft text-center">
+                                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                    <i class="fas fa-ellipsis-h"></i>
+                                </button>
+                                <div class="dropdown-menu">
+                                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentTemplateModal<?php echo $document_id; ?>">
+                                        <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                    </a>
+                                    <div class="dropdown-divider"></div>
+                                    <a class="dropdown-item text-danger text-bold" href="post.php?delete_document=<?php echo $document_id; ?>">
+                                        <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                    </a>
+                                </div>
+                            </div>
+                        </td>
+                    </tr>
+
+                    <?php
+
+                            require "modals/admin_document_template_edit_modal.php";
+
+                        }
+
+                    ?>
+
+                </tbody>
+            </table>
+            <br>
+        </div>
+        <?php require_once "includes/filter_footer.php"; ?>
+    </div>
+</div>
+
+<?php require_once "modals/admin_document_template_add_modal.php"; ?>
+<?php require_once "includes/footer.php"; ?>
+
+<script>
+$(document).ready(function(){
+
+    $('#generateAIContent').on('click', function(){
+        var prompt = $('#aiPrompt').val().trim();
+        if(prompt === '') {
+            alert('Please enter a prompt.');
+            return;
+        }
+
+        $('#generateAIContent').prop('disabled', true).html('<i class="fa fa-spinner fa-spin"></i> Generating...');
+
+        $.ajax({
+            url: 'post.php?ai_create_document_template', // The PHP script that calls the OpenAI API
+            method: 'POST',
+            data: { prompt: prompt },
+            dataType: 'html',
+            success: function(response) {
+                // Assuming you have exactly one TinyMCE instance on the page
+                // and it's targeting the .tinymce textarea:
+                tinymce.activeEditor.setContent(response);
+            },
+            error: function() {
+                alert('Error generating content. Please try again.');
+            },
+            complete: function() {
+                $('#generateAIContent').prop('disabled', false).html('<i class="fa fa-fw fa-magic mr-1"></i>Generate with AI');
+            }
+        });
+    });
+});
+</script>

admin_document_template_details.php

@@ -0,0 +1,66 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+
+//Initialize the HTML Purifier to prevent XSS
+require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
+
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+if (isset($_GET['document_id'])) {
+    $document_id = intval($_GET['document_id']);
+}
+
+$sql_document = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_template = 1 AND document_id = $document_id");
+
+$row = mysqli_fetch_array($sql_document);
+
+$document_name = nullable_htmlentities($row['document_name']);
+$document_description = nullable_htmlentities($row['document_description']);
+$document_content = $purifier->purify($row['document_content']);
+$document_created_at = nullable_htmlentities($row['document_created_at']);
+$document_updated_at = nullable_htmlentities($row['document_updated_at']);
+
+?>
+
+    <ol class="breadcrumb d-print-none">
+        <li class="breadcrumb-item">
+            <a href="clients.php">Home</a>
+        </li>
+        <li class="breadcrumb-item">
+            <a href="admin_user.php">Admin</a>
+        </li>
+        <li class="breadcrumb-item">
+            <a href="admin_document_template.php">Document Templates</a>
+        </li>
+        <li class="breadcrumb-item active"><i class="fas fa-file mr-2"></i><?php echo $document_name; ?></li>
+    </ol>
+
+    <div class="card card-dark">
+        <div class="card-header">
+
+            <h3 class="card-title mt-2"><i class="fa fa-fw fa-file mr-2"></i><?php echo $document_name; ?></h3>
+
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#editDocumentTemplateModal<?php echo $document_id; ?>">
+                    <i class="fas fa-edit mr-2"></i>Edit
+                </button>
+            </div>
+        </div>
+        <div class="card-body prettyContent">
+            <?php echo $document_content; ?>
+        </div>
+    </div>
+
+    <script src="js/pretty_content.js"></script>
+
+<?php
+
+require_once "modals/admin_document_template_edit_modal.php";
+
+require_once "includes/footer.php";
+

admin_mail_queue.php

@@ -0,0 +1,213 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "email_id";
+$order = "DESC";
+
+require_once "includes/inc_all_admin.php";
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM email_queue
+    WHERE (email_id LIKE '%$q%' OR email_from LIKE '%$q%' OR email_from_name LIKE '%$q%' OR email_recipient LIKE '%$q%' OR email_recipient_name LIKE '%$q%' OR email_subject LIKE '%$q%')
+    AND DATE(email_queued_at) BETWEEN '$dtf' AND '$dtt'
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-mail-bulk mr-2"></i>Email Queue</h3>
+        </div>
+        <div class="card-body">
+            <form class="mb-4" autocomplete="off">
+                <div class="row">
+                    <div class="col-sm-4">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search mail queue">
+                            <div class="input-group-append">
+                                <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-sm-8">
+                        <div class="dropdown float-right" id="bulkActionButton" hidden>
+                            <button class="btn btn-secondary dropdown-toggle" type="button" data-toggle="dropdown">
+                                <i class="fas fa-fw fa-layer-group mr-2"></i>Bulk Action (<span id="selectedCount">0</span>)
+                            </button>
+                            <div class="dropdown-menu">
+                                <button class="dropdown-item"
+                                        type="submit" form="bulkActions" name="bulk_cancel_emails">
+                                    <i class="fas fa-fw fa-ban mr-2"></i>Cancel
+                                </button>
+                                <div class="dropdown-divider"></div>
+                                <button class="dropdown-item text-danger text-bold"
+                                        type="submit" form="bulkActions" name="bulk_delete_emails">
+                                    <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                </button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="collapse mt-3 <?php if (!empty($_GET['dtf']) || $_GET['canned_date'] !== "custom" ) { echo "show"; } ?>" id="advancedFilter">
+                    <div class="row">
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Canned Date</label>
+                                <select onchange="this.form.submit()" class="form-control select2" name="canned_date">
+                                    <option <?php if ($_GET['canned_date'] == "custom") { echo "selected"; } ?> value="">Custom</option>
+                                    <option <?php if ($_GET['canned_date'] == "today") { echo "selected"; } ?> value="today">Today</option>
+                                    <option <?php if ($_GET['canned_date'] == "yesterday") { echo "selected"; } ?> value="yesterday">Yesterday</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisweek") { echo "selected"; } ?> value="thisweek">This Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastweek") { echo "selected"; } ?> value="lastweek">Last Week</option>
+                                    <option <?php if ($_GET['canned_date'] == "thismonth") { echo "selected"; } ?> value="thismonth">This Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastmonth") { echo "selected"; } ?> value="lastmonth">Last Month</option>
+                                    <option <?php if ($_GET['canned_date'] == "thisyear") { echo "selected"; } ?> value="thisyear">This Year</option>
+                                    <option <?php if ($_GET['canned_date'] == "lastyear") { echo "selected"; } ?> value="lastyear">Last Year</option>
+                                </select>
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date From</label>
+                                <input onchange="this.form.submit()" type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo nullable_htmlentities($dtf); ?>">
+                            </div>
+                        </div>
+                        <div class="col-md-2">
+                            <div class="form-group">
+                                <label>Date To</label>
+                                <input onchange="this.form.submit()" type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo nullable_htmlentities($dtt); ?>">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </form>
+            <hr>
+            <form id="bulkActions" action="post.php" method="post">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="table-responsive-sm">
+                    <table class="table table-sm table-striped table-borderless table-hover">
+                        <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                        <tr>
+                            <td class="bg-light pr-0">
+                                <div class="form-check">
+                                    <input class="form-check-input" id="selectAllCheckbox" type="checkbox" onclick="checkAll(this)">
+                                </div>
+                            </td>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_queued_at&order=<?php echo $disp; ?>">
+                                    Queued <?php if ($sort == 'email_queued_at') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_from&order=<?php echo $disp; ?>">
+                                    From <?php if ($sort == 'email_from') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_recipient&order=<?php echo $disp; ?>">
+                                    To <?php if ($sort == 'email_recipient') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_subject&order=<?php echo $disp; ?>">
+                                    Subject <?php if ($sort == 'email_subject') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_status&order=<?php echo $disp; ?>">
+                                    Status <?php if ($sort == 'email_status') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th>
+                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_attempts&order=<?php echo $disp; ?>">
+                                    Attempts <?php if ($sort == 'email_attempts') { echo $order_icon; } ?>
+                                </a>
+                            </th>
+                            <th class="text-center">Action</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $email_id = intval($row['email_id']);
+                            $email_from = nullable_htmlentities($row['email_from']);
+                            $email_from_name = nullable_htmlentities($row['email_from_name']);
+                            $email_recipient = nullable_htmlentities($row['email_recipient']);
+                            $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
+                            $email_subject = nullable_htmlentities($row['email_subject']);
+                            $email_attempts = intval($row['email_attempts']);
+                            $email_queued_at = nullable_htmlentities($row['email_queued_at']);
+                            $email_failed_at = nullable_htmlentities($row['email_failed_at']);
+                            $email_sent_at = nullable_htmlentities($row['email_sent_at']);
+                            $email_status = intval($row['email_status']);
+                            if ($email_status == 0) {
+                                $email_status_display = "<div class='text-primary'>Queued</div>";
+                            } elseif($email_status == 1) {
+                                $email_status_display = "<div class='text-warning'>Sending</div>";
+                            } elseif($email_status == 2) {
+                                $email_status_display = "<div class='text-danger'>Failed</div><small class='text-secondary'>$email_failed_at</small>";
+                            } else {
+                                $email_status_display = "<div class='text-success'>Sent</div><small class='text-secondary'>$email_sent_at</small>";
+                            }
+
+                            ?>
+
+                            <tr>
+                                <td class="pr-0 bg-light">
+                                    <?php if ($email_status !== 3) { ?>
+                                    <div class="form-check">
+                                        <input class="form-check-input bulk-select" type="checkbox" name="email_ids[]" value="<?php echo $email_id ?>">
+                                    </div>
+                                    <?php } ?>
+                                </td>
+                                <td><?php echo $email_queued_at; ?></td>
+                                <td><?php echo "$email_from<br><small class='text-secondary'>$email_from_name</small>"?></td>
+                                <td><?php echo "$email_recipient<br><small class='text-secondary'>$email_recipient_name</small>"?></td>
+                                <td><?php echo $email_subject; ?></td>
+                                <td><?php echo $email_status_display; ?></td>
+                                <td><?php echo $email_attempts; ?></td>
+                                <td class="text-center">
+                                    <a class="btn btn-sm btn-secondary" href="admin_mail_queue_message_view.php?email_id=<?php echo $email_id; ?>">
+                                        <i class="fas fa-fw fa-eye"></i>
+                                    </a>
+
+                                    <!-- Show force resend if all retries have failed -->
+                                    <?php if ($email_status == 2 && $email_attempts > 3) { ?>
+                                        <a class="btn btn-sm btn-success" href="post.php?send_failed_mail=<?php echo $email_id; ?>"><i class="fas fa-fw fa-paper-plane"></i></a>
+                                    <?php } ?>
+
+                                    <!-- Allow cancelling a message if it hasn't yet been picked up (e.g. stuck/bugged) -->
+                                    <?php if ($email_status !== 3) { ?>
+                                        <a class="btn btn-sm btn-danger confirm-link" href="post.php?cancel_mail=<?php echo $email_id; ?>"><i class="fas fa-fw fa-trash"></i></a>
+                                    <?php } ?>
+
+                                </td>
+                            </tr>
+
+                            <?php
+                        }
+                        ?>
+
+                        </tbody>
+                    </table>
+                </div>
+            </form>
+
+            <?php require_once "includes/filter_footer.php"; ?>
+        </div>
+    </div>
+
+<script src="js/bulk_actions.js"></script>
+
+<?php
+require_once "includes/footer.php";

admin_mail_queue_message_view.php

@@ -0,0 +1,78 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+//Initialize the HTML Purifier to prevent XSS
+require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
+
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+if (isset($_GET['email_id'])) {
+	$email_id = intval($_GET['email_id']);
+} else {
+	echo "You dont belong here";
+	exit();
+}
+
+$sql = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_id = $email_id");
+
+$row = mysqli_fetch_array($sql);
+
+$email_from = nullable_htmlentities($row['email_from']);
+$email_from_name = nullable_htmlentities($row['email_from_name']);
+$email_recipient = nullable_htmlentities($row['email_recipient']);
+$email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
+$email_subject = nullable_htmlentities($row['email_subject']);
+$email_content = $purifier->purify($row['email_content']);
+$email_attempts = intval($row['email_attempts']);
+$email_queued_at = nullable_htmlentities($row['email_queued_at']);
+$email_failed_at = nullable_htmlentities($row['email_failed_at']);
+$email_sent_at = nullable_htmlentities($row['email_sent_at']);
+$email_status = intval($row['email_status']);
+if ($email_status == 0) {
+    $email_status_display = "<div class='text-primary'>Queued</div>";
+} elseif($email_status == 1) {
+    $email_status_display = "<div class='text-warning'>Sending</div>";
+} elseif($email_status == 2) {
+    $email_status_display = "<div class='text-danger'>Failed</div><small class='text-secondary'>$email_failed_at</small>";
+} else {
+    $email_status_display = "<div class='text-success'>Sent</div><small class='text-secondary'>$email_sent_at</small>";
+}
+
+?>
+
+<ol class="breadcrumb d-print-none">
+  <li class="breadcrumb-item">
+    <a href="admin_user.php"><i class="fas fa-fw fa-user-shield mr-2"></i>Admin</a>
+  </li>
+  <li class="breadcrumb-item">
+    <a href="admin_mail_queue.php"><i class="fas fa-fw fa-mail-bulk mr-2"></i>Mail Queue</a>
+  </li>
+  <li class="breadcrumb-item active"><i class="fas fa-fw fa-envelope-open mr-2"></i><?php echo $email_subject; ?></li>
+</ol>
+
+<div class="row">
+
+  <div class="col-md-12">
+    <div class="card">
+      <div class="card-header bg-dark">
+        <div>From: <?php echo "$email_from_name <small>($email_from)</small>"; ?></div>
+        <div>To: <?php echo "$email_recipient_name <small>($email_recipient)</small>"; ?></div>
+        <div>Subject: <?php echo $email_subject; ?></div>
+      </div>
+      <div class="card-body prettyContent">
+        <?php echo $email_content; ?>
+      </div>
+    </div>
+  </div>
+
+</div>
+
+<script src="js/pretty_content.js"></script>
+
+<?php
+
+require_once "includes/footer.php";

admin_project_template.php

@@ -0,0 +1,149 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "project_template_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM project_templates
+    WHERE (project_template_name LIKE '%$q%' OR project_template_description LIKE '%$q%')
+    AND project_template_archived_at IS NULL
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fas fa-fw fa-project-diagram mr-2"></i>Project Templates</h3>
+        <div class="card-tools">
+            <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addProjectTemplateModal"><i class="fas fa-plus mr-2"></i>New Project Template</button>
+        </div>
+    </div>
+    <div class="card-body">
+        <form autocomplete="off">
+            <div class="row">
+
+                <div class="col-md-4">
+                    <div class="input-group mb-3 mb-md-0">
+                        <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Project Templates">
+                        <div class="input-group-append">
+                            <button class="btn btn-dark"><i class="fa fa-search"></i></button>
+                        </div>
+                    </div>
+                </div>
+
+                <div class="col-md-8">
+                </div>
+
+            </div>
+        </form>
+        <hr>
+        <div class="table-responsive-sm">
+            <table class="table table-striped table-borderless table-hover">
+                <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
+                <tr>
+                    <th>
+                        <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=project_template_name&order=<?php echo $disp; ?>">
+                            Template <?php if ($sort == 'project_template_name') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>Tickets</th>
+                    <th>Tasks</th>
+                    <th class="text-center">Action</th>
+                </tr>
+                </thead>
+                <tbody>
+                <?php
+
+                while($row = mysqli_fetch_array($sql)){
+                    $project_template_id = intval($row['project_template_id']);
+                    $project_template_name = nullable_htmlentities($row['project_template_name']);
+                    $project_template_description = nullable_htmlentities($row['project_template_description']);
+                    $project_template_created_at = nullable_htmlentities($row['project_template_created_at']);
+
+                    // Get Ticket Template Count
+                    $sql_ticket_templates = mysqli_query($mysqli, "SELECT * FROM ticket_templates, project_template_ticket_templates
+                        WHERE ticket_templates.ticket_template_id = project_template_ticket_templates.ticket_template_id
+                        AND project_template_ticket_templates.project_template_id = $project_template_id
+                        ORDER BY ticket_template_order ASC, ticket_template_name ASC");
+                    $ticket_template_count = mysqli_num_rows($sql_ticket_templates);
+
+                    // Get Tasks Template Count
+                    $sql_task_templates = mysqli_query($mysqli,
+                        "SELECT * FROM ticket_templates, task_templates, project_template_ticket_templates
+                        WHERE ticket_templates.ticket_template_id = project_template_ticket_templates.ticket_template_id
+                        AND project_template_ticket_templates.project_template_id = $project_template_id
+                        AND ticket_templates.ticket_template_id = task_template_ticket_template_id
+                        ORDER BY task_template_created_at ASC"
+                    );
+                    $task_template_count = mysqli_num_rows($sql_task_templates);
+
+                    ?>
+                    <tr>
+                        <td>
+                            <a class="text-dark" href="#" data-toggle="modal" data-target="#editProjectTemplateModal<?php echo $project_template_id; ?>">
+                                <div class="media">
+                                    <i class="fa fa-fw fa-2x fa-project-diagram mr-3"></i>
+                                    <div class="media-body">
+                                        <div>
+                                            <a href="admin_project_template_details.php?project_template_id=<?php echo $project_template_id; ?>">
+                                                <?php echo $project_template_name; ?>
+                                            </a>
+                                        </div>
+                                        <div><small class="text-secondary"><?php echo $project_template_description; ?></small></div>
+                                    </div>
+                                </div>
+                            </a>
+                        </td>
+                        <td><?php echo $ticket_template_count; ?></td>
+                        <td><?php echo $task_template_count; ?></td>
+                        <td>
+                            <div class="dropdown dropleft text-center">
+                                <button class="btn btn-secondary btn-sm" data-toggle="dropdown">
+                                    <i class="fas fa-ellipsis-h"></i>
+                                </button>
+                                <div class="dropdown-menu">
+                                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectTemplateModal<?php echo $project_template_id; ?>">
+                                        <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                    </a>
+                                    <?php if($session_user_role == 3) { ?>
+                                        <div class="dropdown-divider"></div>
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_project_template=<?php echo $project_template_id; ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                        </a>
+                                    <?php } ?>
+                                </div>
+                            </div>
+                        </td>
+                    </tr>
+
+                    <?php
+
+                    require "modals/admin_project_template_edit_modal.php";
+
+                }
+
+                ?>
+
+                </tbody>
+            </table>
+        </div>
+        <?php require_once "includes/filter_footer.php";
+ ?>
+    </div>
+</div>
+
+<?php
+require_once "modals/admin_project_template_add_modal.php";
+
+require_once "includes/footer.php";

admin_project_template_details.php

@@ -0,0 +1,234 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+
+if (isset($_GET['project_template_id'])) {
+    $project_template_id = intval($_GET['project_template_id']);
+
+    $sql_project_templates = mysqli_query(
+        $mysqli,
+        "SELECT * FROM project_templates
+        WHERE project_template_id = $project_template_id LIMIT 1"
+    );
+
+    if (mysqli_num_rows($sql_project_templates) == 0) {
+        echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='admin_project_template.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
+
+        include_once "footer.php";
+        exit;
+    }
+
+    $row = mysqli_fetch_array($sql_project_templates);
+
+    $project_template_name = nullable_htmlentities($row['project_template_name']);
+    $project_template_description = nullable_htmlentities($row['project_template_description']);
+    $project_template_created_at = date("Y-m-d", strtotime($row['project_template_created_at']));
+    $project_template_updated_at = nullable_htmlentities($row['project_template_updated_at']);
+
+    // Get Associated Ticket Templates
+    $sql_ticket_templates = mysqli_query($mysqli, "SELECT * FROM ticket_templates, project_template_ticket_templates
+        WHERE ticket_templates.ticket_template_id = project_template_ticket_templates.ticket_template_id
+        AND project_template_ticket_templates.project_template_id = $project_template_id
+        ORDER BY ticket_template_order ASC, ticket_template_name ASC");
+    $ticket_template_count = mysqli_num_rows($sql_ticket_templates);
+
+    // Get All Task Templates
+    $sql_task_templates = mysqli_query($mysqli,
+        "SELECT * FROM ticket_templates, task_templates, project_template_ticket_templates
+        WHERE ticket_templates.ticket_template_id = project_template_ticket_templates.ticket_template_id
+        AND project_template_ticket_templates.project_template_id = $project_template_id
+        AND ticket_templates.ticket_template_id = task_template_ticket_template_id
+        ORDER BY task_template_created_at ASC"
+    );
+    $task_template_count = mysqli_num_rows($sql_task_templates);
+
+?>
+
+<!-- Breadcrumbs-->
+<ol class="breadcrumb d-print-none">
+    <li class="breadcrumb-item">
+        <a href="admin_user.php">Admin</a>
+    </li>
+    <li class="breadcrumb-item">
+        <a href="admin_project_template.php">Project Templates</a>
+    </li>
+    <li class="breadcrumb-item active">Project Template Details</li>
+</ol>
+
+<!-- Project Header -->
+<div class="card card-body">
+    <div class="row">
+        <div class="col-sm-4">
+            <div class="media">
+                <i class="fa fa-fw fa-2x fa-project-diagram text-secondary mr-3"></i>
+                <div class="media-body">
+                    <h3 class="mb-0"><?php echo $project_template_name; ?><span class='badge badge-pill badge-info ml-2'>Template</span></h3>
+                    <div><small class="text-secondary"><?php echo $project_template_description; ?></small></div>
+                </div>
+            </div>
+        </div>
+
+        <div class="col-sm-3">
+            <div class="media">
+                <i class="fa fa-fw fa-2x fa-life-ring text-secondary mr-3"></i>
+                <div class="media-body">
+                    <div>Ticket Templates</div>
+                    <h3 class="mb-0"><?php echo $ticket_template_count; ?></h3>
+                </div>
+            </div>
+        </div>
+
+        <div class="col-sm-3">
+            <div class="media">
+                <i class="fa fa-fw fa-2x fa-tasks text-secondary mr-3"></i>
+                <div class="media-body">
+                    <div>Task Templates</div>
+                    <h3 class="mb-0"><?php echo $task_template_count; ?></h3>
+                </div>
+            </div>
+        </div>
+
+        <div class="col-sm-2">
+            <div class="btn-group float-right">
+                <button type="button" class="btn btn-primary btn-sm" href="#" data-toggle="modal" data-target="#addProjectTemplateTicketTemplateModal">
+                    <i class="fas fa-fw fa-plus mr-2"></i>Add Ticket Template
+                </button>
+                <div class="dropdown dropleft text-center ml-3">
+                    <button class="btn btn-secondary btn-sm" type="button" id="dropdownMenuButton" data-toggle="dropdown">
+                        <i class="fas fa-fw fa-ellipsis-v"></i>
+                    </button>
+                    <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectTemplateModal<?php echo $project_template_id; ?>">
+                            <i class="fas fa-fw fa-edit mr-2"></i>Edit Template
+                        </a>
+                        <?php if ($session_user_role == 3) { ?>
+                            <div class="dropdown-divider"></div>
+                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?archive_project_template=<?php echo $project_template_id; ?>">
+                                <i class="fas fa-fw fa-archive mr-2"></i>Archive (not yet implemented)
+                            </a>
+                        <?php } ?>
+                        <?php if ($session_user_role == 3) { ?>
+                            <div class="dropdown-divider"></div>
+                            <a class="dropdown-item text-danger confirm-link" href="post.php?delete_project_template=<?php echo $project_template_id; ?>">
+                                <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                            </a>
+                        <?php } ?>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<div class="row">
+    <div class="col-md-8">
+
+        <!-- Tickets card -->
+        <?php if (mysqli_num_rows($sql_ticket_templates) > 0) { ?>
+            <div class="card card-body card-outline card-dark mb-3">
+
+                <h5 class="text-secondary"><i class="fa fa-fw fa-life-ring mr-2"></i>Project Ticket Templates</h5>
+                <div class="table-responsive-sm">
+                    <table class="table table-striped table-borderless table-hover">
+                        <thead class="text-dark">
+                        <tr>
+                            <th>Order</th>
+                            <th>Template Name</th>
+                            <th>Description</th>
+                            <th>Ticket Subject</th>
+                            <th>Action</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+
+                        while ($row = mysqli_fetch_array($sql_ticket_templates)) {
+                            $ticket_template_id = intval($row['ticket_template_id']);
+                            $ticket_template_order = intval($row['ticket_template_order']);
+                            $ticket_template_name = nullable_htmlentities($row['ticket_template_name']);
+                            $ticket_template_description = nullable_htmlentities($row['ticket_template_description']);
+                            $ticket_template_subject = nullable_htmlentities($row['ticket_template_subject']);
+                            $ticket_template_created_at = nullable_htmlentities($row['ticket_template_created_at']);
+                            $ticket_template_updated_at = nullable_htmlentities($row['ticket_template_updated_at']);
+
+                            ?>
+
+                            <tr>
+                                <td class="pr-0">
+                                    <form action="post.php" method="post" autocomplete="off">
+                                        <input type="hidden" name="edit_ticket_template_order">
+                                        <input type="hidden" name="project_template_id" value="<?php echo $project_template_id; ?>">
+                                        <input type="hidden" name="ticket_template_id" value="<?php echo $ticket_template_id; ?>">
+                                        <input type="text" class="form-control pr-0" onchange="this.form.submit()" name="order" value="<?php echo $ticket_template_order; ?>">
+                                    </form>
+                                </td>
+                                <td>
+                                    <a href="admin_ticket_template_details.php?ticket_template_id=<?php echo $ticket_template_id; ?>">
+                                        <?php echo $ticket_template_name; ?>
+                                    </a>
+                                </td>
+                                <td><?php echo $ticket_template_description; ?></td>
+                                <td><?php echo $ticket_template_subject; ?></td>
+                                <td>
+                                    <form action="post.php" method="post" autocomplete="off">
+                                        <input type="hidden" name="project_template_id" value="<?php echo $project_template_id; ?>">
+                                        <input type="hidden" name="ticket_template_id" value="<?php echo $ticket_template_id; ?>">
+                                        <button type="submit" class="btn btn-default btn-sm confirm-link"
+                                            name="remove_ticket_template_from_project_template">
+                                            <i class="fa fa-fw fa-times"></i>
+                                        </button>
+                                    </form>
+                                </td>
+                            </tr>
+
+                        <?php } ?>
+
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        <?php } ?>
+    </div>
+
+    <div class="col-md-4">
+
+        <!-- Task Templates Card -->
+        <?php if (mysqli_num_rows($sql_task_templates) > 0) { ?>
+        <div class="card card-body card-outline card-dark">
+            <h5 class="text-secondary"><i class="fas fa-fw fa-tasks mr-2"></i>Project Task Templates</h5>
+            <table class="table">
+                <?php
+                while($row = mysqli_fetch_array($sql_task_templates)){
+                    $task_template_id = intval($row['task_template_id']);
+                    $task_template_name = nullable_htmlentities($row['task_template_name']);
+                    $task_template_description = nullable_htmlentities($row['task_template_description']);
+                ?>
+                    <tr>
+                        <td>
+                            <i class="far fa-fw fa-check-square text-primary mr-3"></i>
+                            <?php echo $task_template_name; ?>
+                        </td>
+                    </tr>
+                <?php } ?>
+            </table>
+        </div>
+        <?php  } ?>
+        <!-- End Task TemplatesCard -->
+
+    </div> <!-- End col-3 -->
+
+</div> <!-- End row -->
+
+<?php
+
+require_once "modals/admin_project_template_edit_modal.php";
+require_once "modals/admin_project_template_ticket_template_add_modal.php";
+
+}
+
+require_once "includes/footer.php";
+
+?>
+
+<script src="js/pretty_content.js"></script>

admin_role.php

@@ -0,0 +1,156 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "user_role_is_admin";
+$order = "DESC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM user_roles
+    WHERE (user_roles.user_role_name LIKE '%$q%' OR user_roles.user_role_description LIKE '%$q%')
+    AND user_roles.user_role_archived_at IS NULL
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+    <div class="alert alert-info text-center"><strong>Roles are still in development. Permissions may not be fully enforced.</strong></div>
+
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fas fa-fw fa-user-shield mr-2"></i>Roles</h3>
+            <div class="card-tools">
+                <div class="btn-group">
+                    <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addRoleModal">
+                        <i class="fas fa-fw fa-user-plus mr-2"></i>New Role
+                    </button>
+                </div>
+            </div>
+        </div>
+        <div class="card-body">
+            <form class="mb-4" autocomplete="off">
+                <div class="row">
+                    <div class="col-md-4">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Roles">
+                            <div class="input-group-append">
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </form>
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_name&order=<?php echo $disp; ?>">
+                                Role <?php if ($sort == 'user_role_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>Members</th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_is_admin&order=<?php echo $disp; ?>">
+                                Admin <?php if ($sort == 'user_role_is_admin') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th class="text-center">Action</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $role_id = intval($row['user_role_id']);
+                        $role_name = nullable_htmlentities($row['user_role_name']);
+                        $role_description = nullable_htmlentities($row['user_role_description']);
+                        $role_admin = intval($row['user_role_is_admin']);
+                        $role_archived_at = nullable_htmlentities($row['user_role_archived_at']);
+
+                        // Count number of users that have each role
+                        $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
+
+                        $sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        // Initialize an empty array to hold user names
+                        $user_names = [];
+
+                        // Fetch each row and store the user_name in the array
+                        while($row = mysqli_fetch_assoc($sql_users)) {
+                            $user_names[] = nullable_htmlentities($row['user_name']);
+                        }
+
+                        // Convert the array of user names to a comma-separated string
+                        $user_names_string = implode(",", $user_names) ;
+
+                        if (empty($user_names_string)) {
+                            $user_names_string = "-";
+                        }
+
+                        ?>
+                        <tr>
+                            <td>
+                                <a class="text-dark text-bold" href="#" data-toggle="modal" data-target="#editRoleModal<?php echo $role_id; ?>">
+                                    <?php echo $role_name; ?>
+                                </a>
+                                <div class="text-secondary"><?php echo $role_description; ?></div>
+                            </td>
+                            <td><?php echo $user_names_string; ?></td>
+                            <td><?php echo $role_admin ? 'Yes' : 'No' ; ?></td>
+                            <td>
+                                <?php if ($role_id !== 3) { ?>
+                                    <div class="dropdown dropleft text-center">
+                                        <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                            <i class="fas fa-ellipsis-h"></i>
+                                        </button>
+                                        <div class="dropdown-menu">
+
+                                            <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editRoleModal<?php echo $role_id; ?>">
+                                                <i class="fas fa-fw fa-user-edit mr-2"></i>Edit
+                                            </a>
+
+                                            <?php if (empty($role_archived_at) && $role_user_count == 0) { ?>
+                                                <div class="dropdown-divider"></div>
+                                                <a class="dropdown-item text-danger confirm-link" href="post.php?archive_role=<?php echo $role_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                                    <i class="fas fa-fw fa-archive mr-2"></i>Archive
+                                                </a>
+                                            <?php } ?>
+
+                                        </div>
+                                    </div>
+                                <?php } ?>
+                            </td>
+                        </tr>
+
+                        <?php
+
+                        require "modals/admin_role_edit_modal.php";
+
+
+                    }
+
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once "includes/filter_footer.php";
+            ?>
+        </div>
+    </div>
+
+<?php
+
+require_once "modals/admin_role_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_settings_ai.php

@@ -0,0 +1,77 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+ ?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-robot mr-2"></i>AI</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <div class="form-group">
+                <label>AI Provider</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-robot"></i></span>
+                    </div>
+                    <select class="form-control select2" name="provider">
+                        <option value="" <?php if($config_ai_enable == 0) { echo "selected"; } ?> >Disabled</option>
+                        <option <?php if($config_ai_provider == "Ollama") { echo "selected"; } ?> >Ollama</option>
+                        <option <?php if($config_ai_provider == "OpenAI") { echo "selected"; } ?> >OpenAI</option>
+                        <option <?php if($config_ai_provider == "LocalAI") { echo "selected"; } ?> >LocalAI</option>
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>AI Model</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-robot"></i></span>
+                    </div>
+                    <input type="text" class="form-control" name="model" value="<?php echo nullable_htmlentities($config_ai_model); ?>" placeholder="ex gpt-4">
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>URL</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
+                    </div>
+                    <input type="url" class="form-control" name="url" value="<?php echo nullable_htmlentities($config_ai_url); ?>" placeholder="ex https://ai.company.ext/api">
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>API Key</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                    </div>
+                    <input type="text" class="form-control" name="api_key" value="<?php echo nullable_htmlentities($config_ai_api_key); ?>" placeholder="Enter API key here">
+                </div>
+            </div>
+
+            <hr>
+
+            <button type="submit" name="edit_ai_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+
+        </form>
+
+        <div class="mt-5">
+            <h5>Test AI Rewording</h5>
+            <textarea id="textInput" class="form-control tinymceAI mb-3" rows="10"></textarea>
+        </div>
+
+        <script src="js/ai_reword.js"></script>
+
+    </div>
+</div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_company.php

@@ -1,38 +1,50 @@
-<div class="modal" id="editCompanyModal<?php echo $company_id; ?>" tabindex="-1">
-    <div class="modal-dialog">
-        <div class="modal-content bg-dark">
-            <div class="modal-header">
-                <h5 class="modal-title"><i class="fa fa-fw fa-building mr-2"></i>Editing company: <strong><?php echo $company_name; ?></strong></h5>
-                <button type="button" class="close text-white" data-dismiss="modal">
-                    <span>&times;</span>
-                </button>
-            </div>
+<?php
+require_once "includes/inc_all_admin.php";
+
+
+$sql = mysqli_query($mysqli,"SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
+
+$row = mysqli_fetch_array($sql);
+$company_id = intval($row['company_id']);
+$company_name = nullable_htmlentities($row['company_name']);
+$company_country = nullable_htmlentities($row['company_country']);
+$company_address = nullable_htmlentities($row['company_address']);
+$company_city = nullable_htmlentities($row['company_city']);
+$company_state = nullable_htmlentities($row['company_state']);
+$company_zip = nullable_htmlentities($row['company_zip']);
+$company_phone = formatPhoneNumber($row['company_phone']);
+$company_email = nullable_htmlentities($row['company_email']);
+$company_website = nullable_htmlentities($row['company_website']);
+$company_logo = nullable_htmlentities($row['company_logo']);
+$company_locale = nullable_htmlentities($row['company_locale']);
+$company_currency = nullable_htmlentities($row['company_currency']);
+
+$company_initials = nullable_htmlentities(initials($company_name));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header">
+            <h3 class="card-title"><i class="fas fa-fw fa-briefcase mr-2"></i>Company Details</h3>
+        </div>
+        <div class="card-body">
             <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
-                <input type="hidden" name="company_id" value="<?php echo $company_id; ?>">
-                <input type="hidden" name="existing_file_name" value="<?php echo $company_logo; ?>">
-                <div class="modal-body bg-white">
-
-                    <ul class="nav nav-pills nav-justified mb-3">
-                        <li class="nav-item">
-                            <a class="nav-link active" data-toggle="pill" href="#pills-details<?php echo $company_id; ?>">Details</a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="nav-link" data-toggle="pill" href="#pills-address<?php echo $company_id; ?>">Address</a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="nav-link" data-toggle="pill" href="#pills-contact<?php echo $company_id; ?>">Contact</a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="nav-link" data-toggle="pill" href="#pills-locale<?php echo $company_id; ?>">Locale</a>
-                        </li>
-                    </ul>
-
-                    <hr>
-
-                    <div class="tab-content">
-
-                        <div class="tab-pane fade show active" id="pills-details<?php echo $company_id; ?>">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
+                    <div class="row">
+                        <div class="col-md-3 text-center">
+                            <?php if($company_logo) { ?>
+                            <img class="img-thumbnail" src="<?php echo "uploads/settings/$company_logo"; ?>">
+                            <a href="post.php?remove_company_logo" class="btn btn-outline-danger btn-block">Remove Logo</a>
+                            <hr>
+                            <?php } ?>
+                            <div class="form-group">
+                                <label>Upload company logo</label>
+                                <input type="file" class="form-control-file" name="file" accept=".jpg, .jpeg, .png">
+                            </div>
+                        </div>
+                        
+                        <div class="col-md-9">
                             <div class="form-group">
                                 <label>Name <strong class="text-danger">*</strong></label>
                                 <div class="input-group">
@@ -43,20 +55,6 @@
                                 </div>
                             </div>
 
-                            <div class="card col-md-2">
-                                <div class="card-body">
-                                    <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
-                                </div>
-                            </div>
-
-                            <div class="form-group">
-                                <input type="file" class="form-control-file" name="file">
-                            </div>
-
-                        </div>
-
-                        <div class="tab-pane fade" id="pills-address<?php echo $company_id; ?>">
-
                             <div class="form-group">
                                 <label>Address</label>
                                 <div class="input-group">
@@ -88,7 +86,7 @@
                             </div>
 
                             <div class="form-group">
-                                <label>Zip / Postal Code</label>
+                                <label>Postal Code</label>
                                 <div class="input-group">
                                     <div class="input-group-prepend">
                                         <span class="input-group-text"><i class="fab fa-fw fa-usps"></i></span>
@@ -101,7 +99,7 @@
                                 <label>Country</label>
                                 <div class="input-group">
                                     <div class="input-group-prepend">
-                                        <span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
+                                        <span class="input-group-text"><i class="fa fa-fw fa-globe-americas"></i></span>
                                     </div>
                                     <select class="form-control select2" name="country">
                                         <option value="">- Country -</option>
@@ -112,10 +110,6 @@
                                 </div>
                             </div>
 
-                        </div>
-
-                        <div class="tab-pane fade" id="pills-contact<?php echo $company_id; ?>">
-
                             <div class="form-group">
                                 <label>Phone</label>
                                 <div class="input-group">
@@ -146,50 +140,16 @@
                                 </div>
                             </div>
 
+                            <hr>
+
+                            <button type="submit" name="edit_company" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
                         </div>
-
-                        <div class="tab-pane fade" id="pills-locale<?php echo $company_id; ?>">
-
-                            <div class="form-group">
-                                <label>Locale <strong class="text-danger">*</strong></label>
-                                <div class="input-group">
-                                    <div class="input-group-prepend">
-                                        <span class="input-group-text"><i class="fa fa-fw fa-flag"></i></span>
-                                    </div>
-                                    <select class="form-control select2" name="locale" required>
-                                        <option value="">- Select a Locale -</option>
-                                        <?php foreach($locales_array as $locale_code => $locale_name) { ?>
-                                            <option <?php if ($company_locale == $locale_code) { echo "selected"; } ?> value="<?php echo $locale_code; ?>"><?php echo "$locale_code - $locale_name"; ?></option>
-                                        <?php } ?>
-                                    </select>
-                                </div>
-                            </div>
-
-                            <div class="form-group">
-                                <label>Currency <strong class="text-danger">*</strong></label>
-                                <div class="input-group">
-                                    <div class="input-group-prepend">
-                                        <span class="input-group-text"><i class="fa fa-fw fa-money-bill"></i></span>
-                                    </div>
-                                    <select class="form-control select2" name="currency_code" required>
-                                        <option value="">- Currency -</option>
-                                        <?php foreach($currencies_array as $currency_code => $currency_name) { ?>
-                                            <option <?php if ($company_currency == $currency_code) { echo "selected"; } ?> value="<?php echo $currency_code; ?>"><?php echo "$currency_code - $currency_name"; ?></option>
-                                        <?php } ?>
-                                    </select>
-                                </div>
-                            </div>
-
-                        </div>
-
                     </div>
-
-                </div>
-                <div class="modal-footer bg-white">
-                    <button type="submit" name="edit_company" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
-                    <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
                 </div>
             </form>
         </div>
     </div>
-</div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_custom_fields.php

@@ -0,0 +1,124 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "custom_field_label";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+if (isset($_GET['table'])) {
+    $table = sanitizeInput($_GET['table']);
+} else {
+    $table = "client_assets";
+}
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM custom_fields
+    WHERE custom_field_label LIKE '%$q%'
+    AND custom_field_table = '$table'
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fa fa-fw fa-th-list mr-2"></i><?php echo nullable_htmlentities($table); ?> Fields</h3>
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#createCustomFieldModal"><i class="fas fa-plus mr-2"></i>Create</button>
+            </div>
+        </div>
+        <div class="card-body">
+            <form autocomplete="off">
+                <input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>">
+                <div class="row">
+                    <div class="col-sm-4 mb-2">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search">
+                            <div class="input-group-append">
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-sm-8">
+                        <div class="btn-group float-right">
+                            <a href="?table=client_assets" class="btn <?php if ($table == 'client_assets') { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">Assets</a>
+                            <a href="?table=clients" class="btn <?php if ($table == 'clients') { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">Clients</a>
+                        </div>
+                    </div>
+                </div>
+            </form>
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=custom_field_label&order=<?php echo $disp; ?>">Label</a></th>
+                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=custom_field_type&order=<?php echo $disp; ?>">Type</a></th>
+                        <th class="text-center">Action</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $custom_field_id = intval($row['custom_field_id']);
+                        $custom_field_label = nullable_htmlentities($row['custom_field_label']);
+                        $custom_field_type = nullable_htmlentities($row['custom_field_type']);
+                        $custom_field_location = intval($row['custom_field_location']);
+                        $custom_field_order = intval($row['custom_field_order']);
+                        
+                        ?>
+                        <tr>
+                            <td><a class="text-dark" href="#" data-toggle="modal" data-target="#editCustomFieldModal<?php echo $custom_field_id; ?>"><?php echo $custom_field_label; ?></a></td>
+                            <td><?php echo $custom_field_type; ?></td>
+                            <td>
+                                <div class="dropdown dropleft text-center">
+                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                        <i class="fas fa-ellipsis-h"></i>
+                                    </button>
+                                    <div class="dropdown-menu">
+                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCustomFieldModal<?php echo $custom_field_id; ?>">
+                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                        </a>
+                                        <div class="dropdown-divider"></div>
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_custom_field=<?php echo $custom_field_id; ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                        </a>
+                                    </div>
+                                </div>
+                            </td>
+                        </tr>
+
+                        <?php
+
+                        //$colors_diff = array_diff($colors_array,$colors_used_array);
+
+                        include "custom_field_edit_modal.php";
+
+
+                    }
+
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once "includes/filter_footer.php";
+ ?>
+        </div>
+    </div>
+
+<?php
+require_once "custom_field_create_modal.php";
+
+require_once "includes/footer.php";
+

admin_settings_default.php

@@ -0,0 +1,252 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+ ?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-cogs mr-2"></i>Defaults</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <div class="form-group">
+                <label>Start Page</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-home"></i></span>
+                    </div>
+                    <select class="form-control select2" name="start_page" data-tags="true" required>
+                        <?php if (!in_array($config_start_page, array_keys($start_page_select_array))) { ?>
+                            <option selected> <?php echo nullable_htmlentities($config_start_page); ?></option>
+                        <?php } ?>
+                        <?php foreach ($start_page_select_array as $start_page_value => $start_page_name) { ?>
+                            <option <?php if ($start_page_value == $config_start_page) { echo "selected"; } ?>
+                                value="<?php echo nullable_htmlentities($start_page_value); ?>">
+                                <?php echo nullable_htmlentities($start_page_name); ?>
+                            </option>
+                        <?php }?>
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Calendar</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
+                    </div>
+                    <select class="form-control select2" name="calendar">
+                        <option value="0">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM calendars ORDER BY calendar_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $calendar_id = intval($row['calendar_id']);
+                            $calendar_name = nullable_htmlentities($row['calendar_name']); ?>
+                            <option <?php if ($config_default_calendar == $calendar_id) {
+                                        echo "selected";
+                                    } ?> value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>
+                        <?php } ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Transfer From Account</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-exchange-alt"></i></span>
+                    </div>
+                    <select class="form-control select2" name="transfer_from_account">
+                        <option value="0">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $account_id = intval($row['account_id']);
+                            $account_name = nullable_htmlentities($row['account_name']); ?>
+                            <option <?php if ($config_default_transfer_from_account == $account_id) {
+                                        echo "selected";
+                                    } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
+                        <?php } ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Transfer To Account</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-exchange-alt"></i></span>
+                    </div>
+                    <select class="form-control select2" name="transfer_to_account">
+                        <option value="0">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $account_id = intval($row['account_id']);
+                            $account_name = nullable_htmlentities($row['account_name']); ?>
+                            <option <?php if ($config_default_transfer_to_account == $account_id) {
+                                        echo "selected";
+                                    } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
+                        <?php } ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Payment Account</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-credit-card"></i></span>
+                    </div>
+                    <select class="form-control select2" name="payment_account">
+                        <option value="0">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $account_id = intval($row['account_id']);
+                            $account_name = nullable_htmlentities($row['account_name']); ?>
+                            <option <?php if ($config_default_payment_account == $account_id) {
+                                        echo "selected";
+                                    } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
+                        <?php
+                        }
+                        ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Expense Account</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-shopping-cart"></i></span>
+                    </div>
+                    <select class="form-control select2" name="expense_account">
+                        <option value="0">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $account_id = intval($row['account_id']);
+                            $account_name = nullable_htmlentities($row['account_name']); ?>
+                            <option <?php if ($config_default_expense_account == $account_id) {
+                                        echo "selected";
+                                    } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
+                        <?php } ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Payment Method</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-credit-card"></i></span>
+                    </div>
+                    <select class="form-control select2" name="payment_method">
+                        <option value="">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' ORDER BY category_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $payment_method = nullable_htmlentities($row['category_name']); ?>
+                            <option <?php if ($config_default_payment_method == $payment_method) {
+                                        echo "selected";
+                                    } ?>><?php echo $payment_method; ?></option>
+                        <?php } ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Expense Payment Method</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-credit-card"></i></span>
+                    </div>
+                    <select class="form-control select2" name="expense_payment_method">
+                        <option value="">- None -</option>
+                        <?php
+
+                        $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_type = 'Payment Method' ORDER BY category_name ASC");
+                        while ($row = mysqli_fetch_array($sql)) {
+                            $payment_method = nullable_htmlentities($row['category_name']); ?>
+                            <option <?php if ($config_default_expense_payment_method == $payment_method) {
+                                        echo "selected";
+                                    } ?>><?php echo $payment_method; ?></option>
+                        <?php } ?>
+
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Net Terms</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
+                    </div>
+                    <select class="form-control select2" name="net_terms">
+                        <?php foreach ($net_terms_array as $net_term_value => $net_term_name) { ?>
+                            <option <?php if ($config_default_net_terms == $net_term_value) {
+                                        echo "selected";
+                                    } ?> value="<?php echo $net_term_value; ?>"><?php echo $net_term_name; ?></option>
+                        <?php } ?>
+                    </select>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Client Hourly Rate</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
+                    </div>
+                    <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="hourly_rate" value="<?php echo number_format($config_default_hourly_rate, 2, '.', ''); ?>" placeholder="0.00" required>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Phone Mask</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-phone"></i></span>
+                    </div>
+                    <select class="form-control select2" name="phone_mask">
+                        <?php
+                            $sql = mysqli_query($mysqli, "SELECT config_phone_mask FROM settings WHERE company_id = 1");
+                            while ($row = mysqli_fetch_array($sql)) {
+                                $phone_mask = intval($row['config_phone_mask']);
+                            } ?>
+                            <option <?php if ($phone_mask == 1) { echo "selected"; }?> value=1>
+                                US Format - e.g. (412) 888-9999
+                            </option>
+                            <option <?php if ($phone_mask == 0) { echo "selected"; }?> value=0>
+                                Non-US Format - e.g. 4128889999
+                            </option>
+                    </select>
+                </div>
+            </div>
+
+            <hr>
+
+            <button type="submit" name="edit_default_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+
+        </form>
+    </div>
+</div>
+
+<?php
+require_once "includes/footer.php";

admin_settings_integration.php

@@ -0,0 +1,43 @@
+<?php
+require_once "includes/inc_all_admin.php";
+ ?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-plug mr-2"></i>Integration Settings</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <h4>Client Portal SSO via Microsoft Entra</h4>
+            <div class="form-group">
+                <label>MS Entra OAuth App (Client) ID</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
+                    </div>
+                    <input type="text" class="form-control" name="azure_client_id" placeholder="e721e3b6-01d6-50e8-7f22-c84d951a52e7" value="<?php echo nullable_htmlentities($config_azure_client_id); ?>">
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>MS Entra OAuth Secret</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                    </div>
+                    <input type="password" class="form-control" name="azure_client_secret" placeholder="Auto-generated from App Registration" value="<?php echo nullable_htmlentities($config_azure_client_secret); ?>" autocomplete="new-password">
+                </div>
+            </div>
+
+            <hr>
+
+            <button type="submit" name="edit_integrations_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+
+        </form>
+    </div>
+</div>
+
+<?php require_once "includes/footer.php";
+

admin_settings_invoice.php

@@ -1,14 +1,16 @@
 <?php
-require_once("inc_all_settings.php"); ?>
+require_once "includes/inc_all_admin.php";
+ ?>
 
     <div class="card card-dark">
         <div class="card-header py-3">
-            <h3 class="card-title"><i class="fas fa-fw fa-file mr-2"></i>Invoice Settings</h3>
+            <h3 class="card-title"><i class="fas fa-fw fa-file-invoice mr-2"></i>Invoice Settings</h3>
         </div>
         <div class="card-body">
             <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-                <legend>Invoice</legend>
+                <h4>Invoice</h4>
 
                 <div class="form-group">
                     <label>Invoice Prefix</label>
@@ -16,7 +18,7 @@ require_once("inc_all_settings.php"); ?>
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
                         </div>
-                        <input type="text" class="form-control" name="config_invoice_prefix" placeholder="Invoice Prefix" value="<?php echo htmlentities($config_invoice_prefix); ?>" required>
+                        <input type="text" class="form-control" name="config_invoice_prefix" placeholder="Invoice Prefix" value="<?php echo nullable_htmlentities($config_invoice_prefix); ?>" required>
                     </div>
                 </div>
 
@@ -32,32 +34,42 @@ require_once("inc_all_settings.php"); ?>
 
                 <div class="form-group">
                     <label>Invoice Footer</label>
-                    <textarea class="form-control" rows="4" name="config_invoice_footer"><?php echo htmlentities($config_invoice_footer); ?></textarea>
+                    <textarea class="form-control" rows="4" name="config_invoice_footer"><?php echo nullable_htmlentities($config_invoice_footer); ?></textarea>
                 </div>
 
-                <div class="form-group">
-                    <label>From Email</label>
-                    <div class="input-group">
-                        <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
-                        </div>
-                        <input type="email" class="form-control" name="config_invoice_from_email" placeholder="From Email" value="<?php echo htmlentities($config_invoice_from_email); ?>">
+                <h5>Invoice Late Fees</h5>
+
+                 <div class="form-group">
+                    <div class="custom-control custom-switch">
+                        <input type="checkbox" class="custom-control-input" name="config_invoice_late_fee_enable" <?php if ($config_invoice_late_fee_enable == 1) { echo "checked"; } ?> value="1" id="customSwitch1">
+                        <label class="custom-control-label" for="customSwitch1">Enable Late Fee</label>
                     </div>
                 </div>
 
                 <div class="form-group">
-                    <label>From Name</label>
+                    <label>Late Fee %</label>
                     <div class="input-group">
                         <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+                            <span class="input-group-text"><i class="fa fa-fw fa-percent"></i></span>
                         </div>
-                        <input type="text" class="form-control" name="config_invoice_from_name" placeholder="From Name" value="<?php echo htmlentities($config_invoice_from_name); ?>">
+                        <input type="number" class="form-control" min="0" max="100" step="0.01" name="config_invoice_late_fee_percent" value="<?php echo $config_invoice_late_fee_percent; ?>">
+                    </div>
+                    <small class="text-secondary">We recommend updating the invoice footer to include policies on your late charges. This will be applied every 30 days after the invoice Due Date.</small>
+                </div>
+
+                <div class="form-group">
+                    <label>Email address to notify when invoices are paid online <small class="text-secondary">(Ideally a distribution list/shared mailbox)</small></label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-bell"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_invoice_paid_notification_email" placeholder="Address to notify for paid invoices, leave blank for none" value="<?php echo nullable_htmlentities($config_invoice_paid_notification_email); ?>">
                     </div>
                 </div>
 
                 <hr>
 
-                <legend>Recurring Invoice</legend>
+                <h4>Recurring Invoice</h4>
 
                 <div class="form-group">
                     <label>Recurring Prefix</label>
@@ -65,7 +77,7 @@ require_once("inc_all_settings.php"); ?>
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
                         </div>
-                        <input type="text" class="form-control" name="config_recurring_prefix" placeholder="Recurring Prefix" value="<?php echo htmlentities($config_recurring_prefix); ?>" required>
+                        <input type="text" class="form-control" name="config_recurring_prefix" placeholder="Recurring Prefix" value="<?php echo nullable_htmlentities($config_recurring_prefix); ?>" required>
                     </div>
                 </div>
 
@@ -90,4 +102,5 @@ require_once("inc_all_settings.php"); ?>
     </div>
 
 <?php
-require_once("footer.php");
+require_once "includes/footer.php";
+

admin_settings_localization.php

@@ -0,0 +1,79 @@
+<?php
+require_once "includes/inc_all_admin.php";
+
+
+$sql = mysqli_query($mysqli,"SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
+
+$row = mysqli_fetch_array($sql);
+$company_locale = nullable_htmlentities($row['company_locale']);
+$company_currency = nullable_htmlentities($row['company_currency']);
+
+// Get a list of all available timezones
+$timezones = DateTimeZone::listIdentifiers();
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-globe mr-2"></i>Localization</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="form-group">
+                    <label>Language <strong class="text-danger">*</strong></label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-language"></i></span>
+                        </div>
+                        <select class="form-control select2" name="locale" required>
+                            <option value="">- Select a Locale -</option>
+                            <?php foreach($locales_array as $locale_code => $locale_name) { ?>
+                                <option <?php if ($company_locale == $locale_code) { echo "selected"; } ?> value="<?php echo $locale_code; ?>"><?php echo $locale_name; ?></option>
+                            <?php } ?>
+                        </select>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>Currency <strong class="text-danger">*</strong></label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-money-bill"></i></span>
+                        </div>
+                        <select class="form-control select2" name="currency_code" required>
+                            <option value="">- Currency -</option>
+                            <?php foreach($currencies_array as $currency_code => $currency_name) { ?>
+                                <option <?php if ($company_currency == $currency_code) { echo "selected"; } ?> value="<?php echo $currency_code; ?>"><?php echo "$currency_code - $currency_name"; ?></option>
+                            <?php } ?>
+                        </select>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>Timezone <strong class="text-danger">*</strong></label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-business-time"></i></span>
+                        </div>
+                        <select class="form-control select2" name="timezone" required>
+                            <option value="">- Select a Timezone -</option>
+                            <?php foreach ($timezones as $tz) { ?>
+                                <option <?php if ($config_timezone == $tz) { echo "selected"; } ?> value="<?php echo $tz; ?>"><?php echo $tz; ?></option>
+                            <?php } ?>
+                        </select>
+                    </div>
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_localization" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+            </form>
+        </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_mail.php

@@ -0,0 +1,331 @@
+<?php
+require_once "includes/inc_all_admin.php";
+ ?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-envelope mr-2"></i>SMTP Mail Settings <small>(For Sending Email)</small></h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="form-group">
+                    <label>SMTP Host</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_smtp_host" placeholder="Mail Server Address" value="<?php echo nullable_htmlentities($config_smtp_host); ?>" required>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>SMTP Port</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
+                        </div>
+                        <input type="number" min="0" class="form-control" name="config_smtp_port" placeholder="Mail Server Port Number" value="<?php echo intval($config_smtp_port); ?>" required>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>Encryption</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+                        </div>
+                        <select class="form-control" name="config_smtp_encryption">
+                            <option value=''>None</option>
+                            <option <?php if ($config_smtp_encryption == 'tls') { echo "selected"; } ?> value="tls">TLS</option>
+                            <option <?php if ($config_smtp_encryption == 'ssl') { echo "selected"; } ?> value="ssl">SSL</option>
+                        </select>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>SMTP Username</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_smtp_username" placeholder="Username (Leave blank if no auth is required)" value="<?php echo nullable_htmlentities($config_smtp_username); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>SMTP Password</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                        </div>
+                        <input type="password" class="form-control" data-toggle="password" name="config_smtp_password" placeholder="Password (Leave blank if no auth is required)" value="<?php echo nullable_htmlentities($config_smtp_password); ?>" autocomplete="new-password">
+                        <div class="input-group-append">
+                            <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+                        </div>
+                    </div>
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_mail_smtp_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+            </form>
+        </div>
+    </div>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-envelope mr-2"></i>IMAP Mail Settings <small>(For Monitoring Ticket Inbox)</small></h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="form-group">
+                    <label>IMAP Host</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-server"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_imap_host" placeholder="Incoming Mail Server Address (for email to ticket parsing)" value="<?php echo nullable_htmlentities($config_imap_host); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>IMAP Port</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
+                        </div>
+                        <input type="number" min="0" class="form-control" name="config_imap_port" placeholder="Incoming Mail Server Port Number (993)" value="<?php echo intval($config_imap_port); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>IMAP Encryption</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+                        </div>
+                        <select class="form-control" name="config_imap_encryption">
+                            <option value=''>None</option>
+                            <option <?php if ($config_imap_encryption == 'tls') { echo "selected"; } ?> value="tls">TLS</option>
+                            <option <?php if ($config_imap_encryption == 'ssl') { echo "selected"; } ?> value="ssl">SSL</option>
+                        </select>
+                    </div>
+                </div>
+
+                <div class='form-group'>
+                    <label>IMAP Username</label>
+                    <div class='input-group'>
+                        <div class='input-group-prepend'>
+                            <span class='input-group-text'><i class='fa fa-fw fa-user'></i></span>
+                        </div>
+                        <input type='text' class='form-control' name='config_imap_username' placeholder='Username' value="<?php
+                        echo nullable_htmlentities($config_imap_username); ?>" required>
+                    </div>
+                </div>
+
+                <div class='form-group'>
+                    <label>IMAP Password</label>
+                    <div class='input-group'>
+                        <div class='input-group-prepend'>
+                            <span class='input-group-text'><i class='fa fa-fw fa-key'></i></span>
+                        </div>
+                        <input type='password' class='form-control' data-toggle='password' name='config_imap_password' placeholder='Password' value="<?php
+                        echo nullable_htmlentities($config_imap_password); ?>" autocomplete='new-password' required>
+                        <div class='input-group-append'>
+                            <span class='input-group-text'><i class='fa fa-fw fa-eye'></i></span>
+                        </div>
+                    </div>
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_mail_imap_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+            </form>
+        </div>
+    </div>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-paper-plane mr-2"></i>Mail From Configuration</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <p>Each of the "From Email" Addresses need to be able to send email on behalf of the SMTP user configured above
+                <h5>System Default</h5>
+                <p class="text-secondary">(used for system tasks such as sending share links)</p>
+                <div class="form-group">
+                    <label>From Email</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_mail_from_email" placeholder="Email Address (ex noreply@yourcompany.com)" value="<?php echo nullable_htmlentities($config_mail_from_email); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>From Name</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_mail_from_name" placeholder="Name (ex YourCompany)" value="<?php echo nullable_htmlentities($config_mail_from_name); ?>">
+                    </div>
+                </div>
+
+                <h5>Invoices</h5>
+                <p class="text-secondary">(used for when invoice emails are sent)</p>
+
+                <div class="form-group">
+                    <label>From Email</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_invoice_from_email" placeholder="Email (ex billing@yourcompany.com)" value="<?php echo nullable_htmlentities($config_invoice_from_email); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>From Name</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_invoice_from_name" placeholder="Name (ex CompanyName Billing)" value="<?php echo nullable_htmlentities($config_invoice_from_name); ?>">
+                    </div>
+                </div>
+
+                <h5>Quotes</h5>
+                <p class="text-secondary">(used for when quote emails are sent)</p>
+
+                <div class="form-group">
+                    <label>From Email</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_quote_from_email" placeholder="Email (ex sales@yourcompany.com)" value="<?php echo nullable_htmlentities($config_quote_from_email); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>From Name</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_quote_from_name" placeholder="Name (ex YourCompany Sales)" value="<?php echo nullable_htmlentities($config_quote_from_name); ?>">
+                    </div>
+                </div>
+
+                <h5>Tickets</h5>
+                <p class="text-secondary">(used for when tickets are created and emailed to a client)</p>
+
+                <div class="form-group">
+                    <label>From Email</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_ticket_from_email" placeholder="Email (ex support@yourcompany.com)" value="<?php echo nullable_htmlentities($config_ticket_from_email); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>From Name</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_ticket_from_name" placeholder="Name (ex YourCompany Support)" value="<?php echo nullable_htmlentities($config_ticket_from_name); ?>">
+                    </div>
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_mail_from_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+            </form>
+        </div>
+    </div>
+
+    <?php if (!empty($config_smtp_host) && !empty($config_smtp_port) && !empty($config_mail_from_email) && !empty($config_mail_from_name)) { ?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-paper-plane mr-2"></i>Test Email Sending</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="input-group">
+                    <select class="form-control select2" name="test_email" required>
+                        <option value="">- Select an Email Address to send from -</option>
+                        <?php
+                        if ($config_mail_from_email) {
+                        ?>
+                        <option value="1"><?php echo nullable_htmlentities($config_mail_from_name); ?> (<?php echo nullable_htmlentities($config_mail_from_email); ?>)</option>
+                        <?php } ?>
+
+                        <?php
+                        if ($config_invoice_from_email) {
+                        ?>
+                        <option value="2"><?php echo nullable_htmlentities($config_invoice_from_name); ?> (<?php echo nullable_htmlentities($config_invoice_from_email); ?>)</option>
+                        <?php } ?>
+
+                        <?php
+                        if ($config_quote_from_email) {
+                        ?>
+                        <option value="3"><?php echo nullable_htmlentities($config_quote_from_name); ?> (<?php echo nullable_htmlentities($config_quote_from_email); ?>)</option>
+                        <?php } ?>
+
+                        <?php
+                        if ($config_ticket_from_email) {
+                        ?>
+                        <option value="4"><?php echo nullable_htmlentities($config_ticket_from_name); ?> (<?php echo nullable_htmlentities($config_ticket_from_email); ?>)</option>
+                        <?php } ?>
+
+                        
+                    </select>
+                    <input type="email" class="form-control " name="email_to" placeholder="Email address to send to">
+                    <div class="input-group-append">
+                        <button type="submit" name="test_email_smtp" class="btn btn-success"><i class="fas fa-fw fa-paper-plane mr-2"></i>Send</button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+
+    <?php } ?>
+
+    <?php if (!empty($config_imap_username) && !empty($config_imap_password) && !empty($config_imap_host) && !empty($config_imap_port)) { ?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-plug mr-2"></i>Test IMAP Connection</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="input-group-append">
+                    <button type="submit" name="test_email_imap" class="btn btn-success"><i class="fas fa-fw fa-inbox mr-2"></i>Test</button>
+                </div>
+            </form>
+        </div>
+    </div>
+
+    <?php } ?>
+
+<?php require_once "includes/footer.php";
+

admin_settings_module.php

@@ -0,0 +1,82 @@
+<?php
+require_once "includes/inc_all_admin.php";
+ ?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-cube mr-2"></i>Modules</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <div class="form-group">
+                <div class="custom-control custom-switch">
+                    <input type="checkbox" class="custom-control-input" name="config_module_enable_itdoc" <?php if ($config_module_enable_itdoc == 1) { echo "checked"; } ?> value="1" id="customSwitch1">
+                    <label class="custom-control-label" for="customSwitch1">Show IT Documentation</label>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <div class="custom-control custom-switch">
+                    <input type="checkbox" class="custom-control-input" name="config_module_enable_ticketing" <?php if ($config_module_enable_ticketing == 1) { echo "checked"; } ?> value="1" id="customSwitch2">
+                    <label class="custom-control-label" for="customSwitch2">Show Ticketing</label>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <div class="custom-control custom-switch">
+                    <input type="checkbox" class="custom-control-input" name="config_module_enable_accounting" <?php if ($config_module_enable_accounting == 1) { echo "checked"; } ?> value="1" id="customSwitch3">
+                    <label class="custom-control-label" for="customSwitch3">Show Invoicing / Accounting</label>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <div class="custom-control custom-switch">
+                    <input type="checkbox" class="custom-control-input" name="config_client_portal_enable" <?php if ($config_client_portal_enable == 1) { echo "checked"; } ?> value="1" id="customSwitch4">
+                    <label class="custom-control-label" for="customSwitch4">Enable Client Portal</label>
+                </div>
+            </div>
+
+            <hr>
+
+            <div class="form-group">
+                <div class="custom-control custom-switch">
+                    <input type="checkbox" disabled class="custom-control-input" name="config_whitelabel_enabled" <?php if ($config_whitelabel_enabled == 1) { echo "checked"; } ?> value="1" id="customSwitch5">
+                    <label class="custom-control-label" for="customSwitch5">White-label <small class="text-secondary">(Hides 'Powered by ITFlow' banner)</small></label>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>White-label key</label>
+                <textarea class="form-control" name="config_whitelabel_key" rows="2" placeholder="Enter a key to enable white-labelling the client portal"><?php echo nullable_htmlentities($config_whitelabel_key); ?></textarea>
+            </div>
+
+            <?php if ($config_whitelabel_enabled == 1 && validateWhitelabelKey($config_whitelabel_key)) {
+                $key_info = validateWhitelabelKey($config_whitelabel_key);
+                $key_desc = $key_info["description"];
+                $key_org = $key_info["organisation"];
+                $key_expires = $key_info["expires"];
+                ?>
+                <div class="form-group">
+                    <p>White-labelling is active - thank you for your support! :)</p>
+                    <ul>
+                        <li>Key: <?php echo $key_desc ?></li>
+                        <li>Org: <?php echo $key_org ?></li>
+                        <li>Expires: <?php echo $key_expires; if ($key_expires < date('Y-m-d H:i:s')) { echo " (expiring) "; } ?></li>
+                    </ul>
+
+                </div>
+            <?php } ?>
+
+            <hr>
+
+            <button type="submit" name="edit_module_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+        </form>
+    </div>
+</div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_notification.php

@@ -0,0 +1,183 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-bell mr-2"></i>Notifications</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="form-group">
+                    <div class="custom-control custom-switch">
+                        <input type="checkbox" class="custom-control-input" name="config_enable_cron" <?php if ($config_enable_cron == 1) { echo "checked"; } ?> value="1" id="enableCronSwitch">
+                        <label class="custom-control-label" for="enableCronSwitch">Enable Cron (recommended) <small>(several cron scripts must also be added to cron with correct schedules, <a href="https://docs.itflow.org/cron">docs</a>)</small></label>
+                    </div>
+                </div>
+
+                <table class="table table-bordered">
+                    <thead class="thead-dark">
+                        <tr>
+                            <th>Notification</th>
+                            <th>App Notify</th>
+                            <th>Tech Email Notify</th>
+                            <th>Client Email Notify</th>
+                            <th>Create Ticket</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <tr>
+                            <th colspan=5>Expirations</th>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-globe mr-2"></i>Domain Expiration Notice</div>
+                                <small class="text-muted">
+                                    (This setting triggers a notification when a domain is approaching its expiration date, specifically at 1, 7, 14, 30 and 90 days prior to expiry.)
+                                </small>
+                            </th>
+                            <td>
+                                <div class="custom-control custom-checkbox text-center">
+                                  <input type="checkbox" class="custom-control-input" name="config_enable_alert_domain_expire" id="customCheck1" <?php if ($config_enable_alert_domain_expire == 1) { echo "checked"; } ?> value="1">
+                                  <label class="custom-control-label" for="customCheck1"></label>      
+                                </div>
+                            </td>
+                            <td></td>
+                            <td></td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-lock mr-2"></i>Certificate Expiration Notice</div>
+                                <small class="text-muted">
+                                    (This setting triggers a notification when a certificate is approaching its expiration date, specifically at 1, 7, 14, 30 and 90 days prior to expiry.)
+                                </small>
+                            </th>
+                            <td>
+                            </td>
+                            <td></td>
+                            <td></td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-desktop mr-2"></i>Asset Warranty Expiration Notice</div>
+                                <small class="text-muted">
+                                    (This setting triggers a notification when an asset is approaching its expiration date, specifically at 1, 7, 14, 30 and 90 days prior to expiry.)
+                                </small>
+                            </th>
+                            <td>
+                            </td>
+                            <td></td>
+                            <td></td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th colspan=5>Billing</th>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-file-invoice mr-2"></i>Invoice Reminders</div>
+                                <small class="text-muted">
+                                    (This will automatically dispatch a reminder email for the invoice to the primary contact's email every 30 days following the invoice's due date.)
+                                </small>
+                            </th>
+                            <td>
+                                
+                            </td>
+                            <td></td>
+                            <td>
+                                <div class="custom-control custom-checkbox text-center">
+                                    <input type="checkbox" class="custom-control-input" name="config_send_invoice_reminders" <?php if ($config_send_invoice_reminders == 1) { echo "checked"; } ?> value="1" id="sendInvoiceRemindersSwitch">
+                                    <label class="custom-control-label" for="sendInvoiceRemindersSwitch"></label>
+                                </div>
+                            </td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-redo-alt mr-2"></i>Send Recurring Invoice</div>
+                                <small class="text-muted">
+                                    (This will notify all primary and billing contacts of a client that a new invoice was generated from recurring invoices)
+                                </small>
+                            </th>
+                            <td>
+                                
+                            </td>
+                            <td></td>
+                            <td>
+                                <div class="custom-control custom-checkbox text-center">
+                                    <input type="checkbox" class="custom-control-input" name="config_recurring_auto_send_invoice" <?php if ($config_recurring_auto_send_invoice == 1) { echo "checked"; } ?> value="1" id="sendRecurringSwitch">
+                                    <label class="custom-control-label" for="sendRecurringSwitch"></label>
+                                </div>
+                            </td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th colspan=5>Operational</th>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-bell mr-2"></i>Send clients general notification emails</div>
+                                <small class="text-secondary">(Should clients receive automatic emails when tickets are raised/closed?)</small>
+                            </th>
+                            <td></td>
+                            <td></td>
+                            <td>
+                                <div class="custom-control custom-checkbox text-center">
+                                    <input type="checkbox" class="custom-control-input" name="config_ticket_client_general_notifications" <?php if($config_ticket_client_general_notifications == 1){ echo "checked"; } ?> value="1" id="ticketNotificationSwitch">
+                                    <label class="custom-control-label" for="ticketNotificationSwitch"></label>
+                                </div>
+                            </td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-link mr-2"></i>Shared Item View</div>
+                                <small class="text-secondary">(Notify when Shared items are viewed)</small>
+                            </th>
+                            <td></td>
+                            <td></td>
+                            <td>
+                            </td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-clock mr-2"></i>Cron Execution</div>
+                                <small class="text-secondary">(Notify when the nightly cron job ran)</small>
+                            </th>
+                            <td></td>
+                            <td></td>
+                            <td>
+                            </td>
+                            <td></td>
+                        </tr>
+                        <tr>
+                            <th>
+                                <div><i class="fas fa-fw fa-download mr-2"></i>ITFlow Updates</div>
+                                <small class="text-secondary">(Notify when ITFlow has an update)</small>
+                            </th>
+                            <td></td>
+                            <td></td>
+                            <td>
+                            </td>
+                            <td></td>
+                        </tr>
+                    </tbody>
+                </table>
+
+                <hr>
+
+                <button type="submit" name="edit_notification_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+
+            </form>
+        </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";

admin_settings_online_payment.php

@@ -0,0 +1,154 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-credit-card mr-2"></i>Online Payment</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <div class="form-group">
+                    <div class="custom-control custom-switch">
+                        <input type="checkbox" class="custom-control-input" name="config_stripe_enable" <?php if ($config_stripe_enable == 1) { echo "checked"; } ?> value="1" id="enableStripeSwitch">
+                        <label class="custom-control-label" for="enableStripeSwitch">Enable Stripe</label>
+                    </div>
+                </div>
+
+                <div class="<?php if ($config_stripe_enable == 0) { echo "d-none"; } ?>">
+
+                    <div class="form-group">
+                        <label>Publishable key <strong class="text-danger">*</strong></label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+                            </div>
+                            <input type="text" class="form-control" name="config_stripe_publishable" placeholder="Stripe Publishable API Key (pk_...)" value="<?php echo nullable_htmlentities($config_stripe_publishable); ?>">
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <label>Secret key <strong class="text-danger">*</strong></label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                            </div>
+                            <input type="text" class="form-control" name="config_stripe_secret" placeholder="Stripe Secret API Key (sk_...)" value="<?php echo nullable_htmlentities($config_stripe_secret); ?>">
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <label>Account <strong class="text-danger">*</strong></label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fas fa-fw fa-piggy-bank"></i></span>
+                            </div>
+                            <select class="form-control select2" name="config_stripe_account">
+                                <option value="">- Account -</option>
+                                <?php
+                                $sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_archived_at IS NULL ORDER BY account_name ASC");
+                                while ($row = mysqli_fetch_array($sql_accounts)) {
+                                    $account_id = intval($row['account_id']);
+                                    $account_name = nullable_htmlentities($row['account_name']);
+                                    ?>
+
+                                    <option value="<?php echo $account_id ?>" <?php if ($account_id == $config_stripe_account) { echo "selected"; } ?>><?php echo $account_name ?></option>
+                                    <?php
+                                }
+                                ?>
+                            </select>
+                        </div>
+                    </div>
+
+                    <hr>
+
+                    <div class="form-group">
+                        <label>Expense Vendor</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
+                            </div>
+                            <select class="form-control select2" name="config_stripe_expense_vendor">
+                                <option value="">- Do not expense Stripe fees -</option>
+                                <?php
+
+                                $sql_select = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = 0 AND vendor_template = 0 AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
+                                while ($row = mysqli_fetch_array($sql_select)) {
+                                    $vendor_id = intval($row['vendor_id']);
+                                    $vendor_name = nullable_htmlentities($row['vendor_name']);
+                                    ?>
+                                    <option <?php if ($config_stripe_expense_vendor == $vendor_id) { ?> selected <?php } ?> value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
+                                <?php
+                                }
+                                ?>
+                            </select>
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <label>Expense Category</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-list"></i></span>
+                            </div>
+                            <select class="form-control select2" name="config_stripe_expense_category">
+                                <option value="">- Do not expense Stripe fees -</option>
+                                <?php
+
+                                $sql_select = mysqli_query($mysqli, "SELECT category_id, category_name FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL ORDER BY category_name ASC");
+                                while ($row = mysqli_fetch_array($sql_select)) {
+                                    $category_id = intval($row['category_id']);
+                                    $category_name = nullable_htmlentities($row['category_name']);
+                                    ?>
+                                    <option <?php if ($config_stripe_expense_category == $category_id) { ?> selected <?php } ?> value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
+                                    <?php
+                                }
+
+                                ?>
+                            </select>
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <label>Percentage Fee to expense</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-percent"></i></span>
+                            </div>
+                            <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="config_stripe_percentage_fee" placeholder="Enter Percentage" value="<?php echo $config_stripe_percentage_fee * 100; ?>">
+                        </div>
+                        <small class="form-text text-muted">See <a href="https://stripe.com/pricing" target="_blank">here <i class="fas fa-fw fa-external-link-alt"></i></a> for the latest Stripe Fees.</small>
+                    </div>
+
+                    <div class="form-group">
+                        <label>Flat Fee to expense</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-shopping-cart"></i></span>
+                            </div>
+                            <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*\.?[0-9]{0,2}" name="config_stripe_flat_fee" placeholder="0.030" value="<?php echo number_format($config_stripe_flat_fee, 2, '.', ''); ?>">
+                        </div>
+                        <small class="form-text text-muted">See <a href="https://stripe.com/pricing" target="_blank">here <i class="fas fa-fw fa-external-link-alt"></i></a> for the latest Stripe Fees.</small>
+                    </div>
+
+                </div>
+
+                <div class="alert alert-secondary">Currently, we only integrate with Stripe. Please see <a href="https://forum.itflow.org/d/439-payment-integrations-megathread" target="_blank">this forum post</a>.</div>
+
+        </div>
+
+        <hr>
+
+        <button type="submit" name="edit_online_payment_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+        </form>
+    </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_online_payment_clients.php

@@ -0,0 +1,70 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+$stripe_clients_sql = mysqli_query($mysqli, "SELECT * FROM client_stripe LEFT JOIN clients ON client_stripe.client_id = clients.client_id");
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-credit-card mr-2"></i>Online Payment - Client info</h3>
+        </div>
+
+        <div class="card-body">
+
+            <table class="table border border-dark">
+                <thead class="thead-dark">
+                <tr>
+                    <th>Client</th>
+                    <th>Stripe Customer ID</th>
+                    <th>Stripe Payment ID</th>
+                    <th class="text-center">Action</th>
+                </tr>
+                </thead>
+                <tbody>
+
+                <?php
+                while ($row = mysqli_fetch_array($stripe_clients_sql)) {
+                    $client_id = intval($row['client_id']);
+                    $client_name = nullable_htmlentities($row['client_name']);
+                    $stripe_id = nullable_htmlentities($row['stripe_id']);
+                    $stripe_pm = nullable_htmlentities($row['stripe_pm']);
+
+                    ?>
+
+                    <tr>
+                        <td><?php echo "$client_name ($client_id)" ?></td>
+                        <td><?php echo $stripe_id; ?></td>
+                        <td><?php echo $stripe_pm ?></td>
+                        <td>
+                            <div class="dropdown dropleft text-center">
+                                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                    <i class="fas fa-ellipsis-h"></i>
+                                </button>
+                                <div class="dropdown-menu">
+                                    <?php if (!empty($stripe_pm)) { ?>
+                                        <a class="dropdown-item text-danger confirm-link" href="post.php?stripe_remove_pm&client_id=<?php echo $client_id ?>&pm=<?php echo $stripe_pm ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                            <i class="fas fa-fw fa-credit-card mr-2"></i>Delete payment method
+                                        </a>
+                                    <?php } else { ?>
+                                        <a data-toggle="tooltip" data-placement="left" title="May result in duplicate customer records in Stripe" class="dropdown-item text-danger confirm-link" href="post.php?stripe_reset_customer&client_id=<?php echo $client_id ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Reset Stripe
+                                        </a>
+                                    <?php } ?>
+                                </div>
+                            </div>
+                        </td>
+
+                    </tr>
+
+                <?php } ?>
+
+                </tbody>
+            </table>
+
+        </div>
+
+    </div>
+
+<?php
+require_once "includes/footer.php";

admin_settings_project.php

@@ -0,0 +1,44 @@
+<?php
+require_once "includes/inc_all_admin.php";
+ ?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-project-diagram mr-2"></i>Project Settings</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <h4>Project</h4>
+
+                <div class="form-group">
+                    <label>Project Prefix</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_project_prefix" placeholder="Project Prefix" value="<?php echo nullable_htmlentities($config_project_prefix); ?>" required>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>Next Number</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
+                        </div>
+                        <input type="number" min="0" class="form-control" name="config_project_next_number" placeholder="Next Project Number" value="<?php echo intval($config_project_next_number); ?>" required>
+                    </div>
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_project_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+            </form>
+        </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";

admin_settings_quote.php

@@ -1,12 +1,14 @@
 <?php
-require_once("inc_all_settings.php"); ?>
+require_once "includes/inc_all_admin.php";
+ ?>
 
     <div class="card card-dark">
         <div class="card-header py-3">
-            <h3 class="card-title"><i class="fas fa-fw fa-file mr-2"></i>Quote Settings</h3>
+            <h3 class="card-title"><i class="fas fa-fw fa-comment-dollar mr-2"></i>Quote Settings</h3>
         </div>
         <div class="card-body">
             <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
                 <div class="form-group">
                     <label>Quote Prefix</label>
@@ -14,7 +16,7 @@ require_once("inc_all_settings.php"); ?>
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
                         </div>
-                        <input type="text" class="form-control" name="config_quote_prefix" placeholder="Quote Prefix" value="<?php echo htmlentities($config_quote_prefix); ?>" required>
+                        <input type="text" class="form-control" name="config_quote_prefix" placeholder="Quote Prefix" value="<?php echo nullable_htmlentities($config_quote_prefix); ?>" required>
                     </div>
                 </div>
 
@@ -30,26 +32,16 @@ require_once("inc_all_settings.php"); ?>
 
                 <div class="form-group">
                     <label>Quote Footer</label>
-                    <textarea class="form-control" rows="4" name="config_quote_footer"><?php echo htmlentities($config_quote_footer); ?></textarea>
+                    <textarea class="form-control" rows="4" name="config_quote_footer"><?php echo nullable_htmlentities($config_quote_footer); ?></textarea>
                 </div>
 
                 <div class="form-group">
-                    <label>From Email</label>
+                    <label>Email address to notify when quotes are accepted/declined <small class="text-secondary">(Ideally a distribution list/shared mailbox)</small></label>
                     <div class="input-group">
                         <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                            <span class="input-group-text"><i class="fa fa-fw fa-bell"></i></span>
                         </div>
-                        <input type="email" class="form-control" name="config_quote_from_email" placeholder="From Email" value="<?php echo htmlentities($config_quote_from_email); ?>">
-                    </div>
-                </div>
-
-                <div class="form-group">
-                    <label>From Name</label>
-                    <div class="input-group">
-                        <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
-                        </div>
-                        <input type="text" class="form-control" name="config_quote_from_name" placeholder="Name" value="<?php echo htmlentities($config_quote_from_name); ?>">
+                        <input type="email" class="form-control" name="config_quote_notification_email" placeholder="Address to notify for quote accept/declines, leave blank for none" value="<?php echo nullable_htmlentities($config_quote_notification_email); ?>">
                     </div>
                 </div>
 
@@ -62,4 +54,5 @@ require_once("inc_all_settings.php"); ?>
     </div>
 
 <?php
-require_once("footer.php");
+require_once "includes/footer.php";
+

admin_settings_security.php

@@ -0,0 +1,66 @@
+<?php
+require_once "includes/inc_all_admin.php";
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-shield-alt mr-2"></i>Security</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <div class="form-group">
+                <label>Login Message</label>
+                <textarea class="form-control" name="config_login_message" rows="5" placeholder="Enter a message to be displayed on the login screen"><?php echo nullable_htmlentities($config_login_message); ?></textarea>
+            </div>
+
+            <div class="form-group">
+                <div class="custom-control custom-switch">
+                    <input type="checkbox" class="custom-control-input" name="config_login_key_required" <?php if ($config_login_key_required == 1) { echo "checked"; } ?> value="1" id="customSwitch1">
+                    <label class="custom-control-label" for="customSwitch1">Require a login key to access the technician login page?</label>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Login key secret value <small class="text-secondary">(This must be provided in the URL as /login.php?key=<?php echo nullable_htmlentities($config_login_key_secret)?>)</small></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                    </div>
+                    <input type="text" class="form-control" name="config_login_key_secret" pattern="\w{3,99}" placeholder="Something really easy for techs to remember: e.g. MYSECRET" value="<?php echo nullable_htmlentities($config_login_key_secret); ?>">
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>2FA Remember Me Expire <small class="text-secondary">(The amount of days before a device 2FA remember me token will expire)</small></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
+                    </div>
+                    <input type="number" class="form-control" name="config_login_remember_me_expire" placeholder="Enter Days to Expire" value="<?php echo intval($config_login_remember_me_expire); ?>">
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Log retention <small class="text-secondary">(The amount of days before app/audit/auth logs are deleted during nightly cron)</small></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
+                    </div>
+                    <input type="number" class="form-control" name="config_log_retention" placeholder="Enter days to retain" value="<?php echo intval($config_log_retention); ?>">
+                </div>
+            </div>
+
+            <hr>
+
+            <button type="submit" name="edit_security_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
+
+        </form>
+    </div>
+</div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_telemetry.php

@@ -1,18 +1,21 @@
 <?php
-require_once("inc_all_settings.php"); ?>
+require_once "includes/inc_all_admin.php";
+ ?>
 
     <div class="card card-dark">
         <div class="card-header py-3">
-            <h3 class="card-title"><i class="fas fa-fw fa-broadcast-tower mr-2"></i>Telemetry</h3>
+            <h3 class="card-title"><i class="fas fa-fw fa-satellite-dish mr-2"></i>Telemetry</h3>
         </div>
         <div class="card-body">
 
             <p class="text-center">Installation ID: <strong><?php echo $installation_id; ?></strong></p>
 
             <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
                 <div class="form-group">
-                    <label>Telemery</label>
+                    <label>Telemetry</label>
+                    <p><i>If you can't measure it, you can't improve it. Please consider turning on telemetry data to provide valuable insights on how you're using ITFlow - so we can improve it for everyone. </i></p>
                     <div class="input-group">
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-broadcast-tower"></i></span>
@@ -23,18 +26,11 @@ require_once("inc_all_settings.php"); ?>
                             <option <?php if ($config_telemetry == "2") { echo "selected"; } ?> value = "2">Detailed</option>
                         </select>
                     </div>
-                </div>
-
-                <div class="form-group">
-                    <label>Comments</label>
-                    <textarea class="form-control" rows="4" name="comments" placeholder="Any Comments to send before hitting Send Telemetry Data?"></textarea>
+                    <small class="form-text">We respect your privacy. <a href="https://docs.itflow.org/telemetry" target="_blank">Click here <i class="fas fa-external-link-alt"></i></a> for additional details regarding the information we gather. </small>
                 </div>
 
                 <hr>
 
-                <?php if ($config_telemetry > 0) { ?>
-                    <button type="submit" name="send_telemetry_data" class="btn btn-success"><i class="fas fa-fw fa-paper-plane mr-2"></i>Send Telemetry Data</button>
-                <?php } ?>
                 <button type="submit" name="edit_telemetry_settings" class="btn btn-primary text-bold float-right"><i class="fas fa-check mr-2"></i>Save</button>
 
             </form>
@@ -42,4 +38,5 @@ require_once("inc_all_settings.php"); ?>
     </div>
 
 <?php
-require_once("footer.php");
+require_once "includes/footer.php";
+

admin_settings_theme.php

@@ -0,0 +1,67 @@
+<?php
+require_once "includes/inc_all_admin.php";
+ ?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-paint-brush mr-2"></i>Theme</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <label>Select a Theme</label>
+                <div class="form-row">
+
+                    <?php
+
+                    foreach ($theme_colors_array as $theme_color) {
+
+                        ?>
+
+                        <div class="col-3 text-center mb-3">
+                            <div class="form-group">
+                                <div class="custom-control custom-radio">
+                                    <input class="custom-control-input" type="radio" onchange="this.form.submit()" id="customRadio<?php echo $theme_color; ?>" name="edit_theme_settings" value="<?php echo $theme_color; ?>" <?php if ($config_theme == $theme_color) { echo "checked"; } ?>>
+                                    <label for="customRadio<?php echo $theme_color; ?>" class="custom-control-label">
+                                        <i class="fa fa-fw fa-6x fa-circle text-<?php echo $theme_color; ?>"></i>
+                                        <br>
+                                        <?php echo $theme_color; ?>
+                                    </label>
+                                </div>
+                            </div>
+                        </div>
+
+                    <?php } ?>
+
+                </div>
+
+            </form>
+        </div>
+    </div>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-image mr-2"></i>Favicon</h3>
+        </div>
+        <div class="card-body">
+            <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+                <img class="mb-3" src="<?php if(file_exists("uploads/favicon.ico")) { echo "uploads/favicon.ico"; } else { echo "favicon.ico"; } ?>">
+
+                <div class="form-group">
+                    <input type="file" class="form-control-file" name="file" accept=".ico">
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_favicon_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Upload Icon</button>
+
+            </form>
+        </div>
+    </div>
+
+<?php
+require_once "includes/footer.php";
+

admin_settings_ticket.php

@@ -1,5 +1,6 @@
 <?php
-require_once("inc_all_settings.php"); ?>
+require_once "includes/inc_all_admin.php";
+ ?>
 
     <div class="card card-dark">
         <div class="card-header py-3">
@@ -7,6 +8,7 @@ require_once("inc_all_settings.php"); ?>
         </div>
         <div class="card-body">
             <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
                 <div class="form-group">
                     <label>Ticket Prefix</label>
@@ -14,7 +16,7 @@ require_once("inc_all_settings.php"); ?>
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-life-ring"></i></span>
                         </div>
-                        <input type="text" class="form-control" name="config_ticket_prefix" placeholder="Ticket Prefix" value="<?php echo htmlentities($config_ticket_prefix); ?>">
+                        <input type="text" class="form-control" name="config_ticket_prefix" placeholder="Ticket Prefix" value="<?php echo nullable_htmlentities($config_ticket_prefix); ?>" pattern="^[A-Za-z-]+$" title="Only letters and hyphens are allowed" required>
                     </div>
                 </div>
 
@@ -24,41 +26,50 @@ require_once("inc_all_settings.php"); ?>
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
                         </div>
-                        <input type="number" min="0" class="form-control" name="config_ticket_next_number" placeholder="Next Ticket Number" value="<?php echo intval($config_ticket_next_number); ?>" required>
-                    </div>
-                </div>
-
-                <div class="form-group">
-                    <label>From Email</label>
-                    <div class="input-group">
-                        <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
-                        </div>
-                        <input type="email" class="form-control" name="config_ticket_from_email" placeholder="From Email" value="<?php echo htmlentities($config_ticket_from_email); ?>">
-                    </div>
-                </div>
-
-                <div class="form-group">
-                    <label>From Name</label>
-                    <div class="input-group">
-                        <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
-                        </div>
-                        <input type="text" class="form-control" name="config_ticket_from_name" placeholder="Name" value="<?php echo htmlentities($config_ticket_from_name); ?>">
+                        <input type="number" min="<?php echo intval($config_ticket_next_number); ?>" class="form-control" name="config_ticket_next_number" placeholder="Next Ticket Number" value="<?php echo intval($config_ticket_next_number); ?>" required>
                     </div>
                 </div>
 
                 <div class="form-group">
                     <div class="custom-control custom-switch">
                         <input type="checkbox" class="custom-control-input" name="config_ticket_email_parse" <?php if($config_ticket_email_parse == 1){ echo "checked"; } ?> value="1" id="emailToTicketParseSwitch">
-                        <label class="custom-control-label" for="emailToTicketParseSwitch">Email-to-ticket parsing (Beta) <small>(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
+                        <label class="custom-control-label" for="emailToTicketParseSwitch">Email-to-ticket parsing <small class="text-secondary">(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
                     </div>
                 </div>
 
                 <div class="form-group">
                     <div class="custom-control custom-switch">
-                        <input type="checkbox" class="custom-control-input" name="config_ticket_client_general_notifications" <?php if($config_ticket_client_general_notifications == 1){ echo "checked"; } ?> value="1" id="ticketNotificationSwitch">
-                        <label class="custom-control-label" for="ticketNotificationSwitch">Send clients general notification emails <small>(Should clients receive automatic emails when tickets are raised/closed?)</small></label>
+                        <input type="checkbox" class="custom-control-input" name="config_ticket_email_parse_unknown_senders" <?php if($config_ticket_email_parse_unknown_senders == 1){ echo "checked"; } ?> value="1" id="emailToTicketAnonParseSwitch" <?php if($config_ticket_email_parse == 0){ echo "disabled"; } ?>>
+                        <label class="custom-control-label" for="emailToTicketAnonParseSwitch">Create tickets for emails from unknown senders/domains <small class="text-secondary">(Enable to ensure all emails automatically create tickets)</small></label>
+                    </div>
+                </div>
+
+                <?php if ($config_module_enable_accounting) { ?>
+                <div class="form-group">
+                    <div class="custom-control custom-switch">
+                        <input type="checkbox" class="custom-control-input" name="config_ticket_default_billable" <?php if ($config_ticket_default_billable == 1) { echo "checked"; } ?> value="1" id="ticketBillableSwitch">
+                        <label class="custom-control-label" for="ticketBillableSwitch">Default to Billable <small class="text-secondary">(This will check the billable box on all new tickets)</small></label>
+                    </div>
+                </div>
+                <?php } ?>
+
+                <div class="form-group">
+                    <label>Number of hours to auto close resolved tickets</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
+                        </div>
+                        <input type="number" min="72" class="form-control" name="config_ticket_autoclose_hours" placeholder="Delay in hours before a resolved ticket is fully closed" value="<?php echo intval($config_ticket_autoclose_hours); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>Email address to notify when new tickets are raised <small class="text-secondary">(Ideally a distribution list/shared mailbox)</small></label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-bell"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_ticket_new_ticket_notification_email" placeholder="Address to notify for new tickets, leave blank for none" value="<?php echo nullable_htmlentities($config_ticket_new_ticket_notification_email); ?>">
                     </div>
                 </div>
 
@@ -71,4 +82,5 @@ require_once("inc_all_settings.php"); ?>
     </div>
 
 <?php
-require_once("footer.php");
+require_once "includes/footer.php";
+

admin_software_template.php

@@ -1,21 +1,21 @@
 <?php
 
 // Default Column Sortby Filter
-$sb = "software_name";
-$o = "ASC";
+$sort = "software_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
 
-require_once("inc_all_settings.php");
 
 //Rebuild URL
-$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
+$url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
     $mysqli,
-    "SELECT SQL_CALC_FOUND_ROWS * FROM software 
-    LEFT JOIN logins ON login_software_id = software_id
+    "SELECT SQL_CALC_FOUND_ROWS * FROM software
     WHERE software_template = 1 
-    AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%' OR software_key LIKE '%$q%') 
-    ORDER BY $sb $o LIMIT $record_from, $record_to"
+    AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%') 
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                 <div class="col-md-4">
                     <div class="input-group mb-3 mb-md-0">
-                        <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
+                        <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search License Templates">
                         <div class="input-group-append">
                             <button class="btn btn-dark"><i class="fa fa-search"></i></button>
                         </div>
@@ -48,14 +48,25 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive">
+        <div class="table-responsive-sm">
             <table class="table table-striped table-borderless table-hover">
                 <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
                 <tr>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_name&o=<?php echo $disp; ?>">Template</a></th>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_type&o=<?php echo $disp; ?>">Type</a></th>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_license_type&o=<?php echo $disp; ?>">License Type</a></th>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_seats&o=<?php echo $disp; ?>">Seats</a></th>
+                    <th>
+                        <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=software_name&order=<?php echo $disp; ?>">
+                            Template <?php if ($sort == 'software_name') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>
+                        <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=software_type&order=<?php echo $disp; ?>">
+                            Type <?php if ($sort == 'software_type') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>
+                        <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=software_license_type&order=<?php echo $disp; ?>">
+                            License Type <?php if ($sort == 'software_license_type') { echo $order_icon; } ?>
+                        </a>
+                    </th>
                     <th class="text-center">Action</th>
                 </tr>
                 </thead>
@@ -64,22 +75,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                 while($row = mysqli_fetch_array($sql)){
                     $software_id = intval($row['software_id']);
-                    $software_name = htmlentities($row['software_name']);
-                    $software_version = htmlentities($row['software_version']);
-                    $software_type = htmlentities($row['software_type']);
-                    $software_license_type = htmlentities($row['software_license_type']);
-                    $software_key = htmlentities($row['software_key']);
-                    $software_seats = htmlentities($row['software_seats']);
-                    $software_purchase = htmlentities($row['software_purchase']);
-                    $software_expire = htmlentities($row['software_expire']);
-                    $software_notes = htmlentities($row['software_notes']);
+                    $software_name = nullable_htmlentities($row['software_name']);
+                    $software_version = nullable_htmlentities($row['software_version']);
+                    $software_description = nullable_htmlentities($row['software_description']);
+                    $software_type = nullable_htmlentities($row['software_type']);
+                    $software_license_type = nullable_htmlentities($row['software_license_type']);
+                    $software_notes = nullable_htmlentities($row['software_notes']);
 
                     ?>
                     <tr>
-                        <td><a class="text-dark text-bold" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>"><?php echo "$software_name<br><span class='text-secondary'>$software_version</span>"; ?></a></td>
+                        <td>
+                            <a class="text-dark" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>">
+                                <div class="media">
+                                    <i class="fa fa-fw fa-2x fa-cube mr-3"></i>
+                                    <div class="media-body">
+                                        <div><?php echo "$software_name <span>$software_version</span>"; ?></div>
+                                        <div><small class="text-secondary"><?php echo $software_description; ?></small></div>
+                                    </div>
+                                </div>
+                            </a>
+                        </td>
                         <td><?php echo $software_type; ?></td>
                         <td><?php echo $software_license_type; ?></td>
-                        <td><?php echo $software_seats; ?></td>
                         <td>
                             <div class="dropdown dropleft text-center">
                                 <button class="btn btn-secondary btn-sm" data-toggle="dropdown">
@@ -91,7 +108,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                     </a>
                                     <?php if($session_user_role == 3) { ?>
                                         <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger text-bold" href="post.php?delete_software=<?php echo $software_id; ?>">
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_software=<?php echo $software_id; ?>">
                                             <i class="fas fa-fw fa-trash mr-2"></i>Delete
                                         </a>
                                     <?php } ?>
@@ -102,7 +119,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                     <?php
 
-                    require("settings_software_template_edit_modal.php");
+                    require "modals/admin_software_template_edit_modal.php";
+
                 }
 
                 ?>
@@ -110,10 +128,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </tbody>
             </table>
         </div>
-        <?php require_once("pagination.php"); ?>
+        <?php require_once "includes/filter_footer.php";
+ ?>
     </div>
 </div>
 
 <?php
-require_once("settings_software_template_add_modal.php");
-require_once("footer.php");
+require_once "modals/admin_software_template_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_tag.php

@@ -1,47 +1,26 @@
 <?php
 
 // Default Column Sortby Filter
-$sb = "tag_name";
-$o = "ASC";
+$sort = "tag_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
 
-require_once("inc_all_settings.php");
 
 //Rebuild URL
-$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
+$url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
     $mysqli,
     "SELECT SQL_CALC_FOUND_ROWS * FROM tags
     WHERE tag_name LIKE '%$q%'
-    AND company_id = $session_company_id
-    ORDER BY $sb $o LIMIT $record_from, $record_to"
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
-$colors_used_array = [];
-
-if ($num_rows > 0) {
-    //Colors Used
-    $sql_colors_used = mysqli_query(
-        $mysqli,
-        "SELECT tag_color FROM tags
-        WHERE tag_archived_at IS NULL
-        AND company_id = $session_company_id"
-    );
-
-    while ($color_used_row = mysqli_fetch_array($sql_colors_used)) {
-        $colors_used_array[] = $color_used_row['tag_color'];
-    }
-    $colors_diff = array_diff($colors_array, $colors_used_array);
-
-} else {
-    $colors_diff = $colors_array;
-}
-
 ?>
 
-
     <div class="card card-dark">
         <div class="card-header py-2">
             <h3 class="card-title mt-2"><i class="fas fa-fw fa-tags mr-2"></i>Tags</h3>
@@ -55,7 +34,7 @@ if ($num_rows > 0) {
                 <div class="col-sm-4 mb-2">
                     <form autocomplete="off">
                         <div class="input-group">
-                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tags">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Tags">
                             <div class="input-group-append">
                                 <button class="btn btn-primary"><i class="fa fa-search"></i></button>
                             </div>
@@ -67,13 +46,20 @@ if ($num_rows > 0) {
             </div>
 
             <hr>
-            <div class="table-responsive">
+            <div class="table-responsive-sm">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=tag_name&o=<?php echo $disp; ?>">Name</a></th>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=tag_type&o=<?php echo $disp; ?>">Type</a></th>
-                        <th>Color</th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=tag_name&order=<?php echo $disp; ?>">
+                                Name <?php if ($sort == 'tag_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=tag_type&order=<?php echo $disp; ?>">
+                                Type <?php if ($sort == 'tag_type') { echo $order_icon; } ?>
+                            </a>
+                        </th>
                         <th class="text-center">Action</th>
                     </tr>
                     </thead>
@@ -82,16 +68,30 @@ if ($num_rows > 0) {
 
                     while ($row = mysqli_fetch_array($sql)) {
                         $tag_id = intval($row['tag_id']);
-                        $tag_name = htmlentities($row['tag_name']);
-                        $tag_type = htmlentities($row['tag_type']);
-                        $tag_color = htmlentities($row['tag_color']);
-                        $tag_icon = htmlentities($row['tag_icon']);
+                        $tag_name = nullable_htmlentities($row['tag_name']);
+                        $tag_type = intval($row['tag_type']);
+                        if ( $tag_type == 1) {
+                            $tag_type_display = "Client Tag";
+                        } elseif ( $tag_type == 2) {
+                            $tag_type_display = "Location Tag";
+                        } elseif ( $tag_type == 3) {
+                            $tag_type_display = "Contact Tag";
+                        } elseif ( $tag_type == 4) {
+                            $tag_type_display = "Credential Tag";
+                        } else {
+                            $tag_type_display = "Unknown Tag";
+                        }
+                        $tag_color = nullable_htmlentities($row['tag_color']);
+                        $tag_icon = nullable_htmlentities($row['tag_icon']);
 
                         ?>
                         <tr>
-                            <td><?php echo "<i class='fas fa-fw fa-$tag_icon mr-2'></i>"; ?><a class="text-dark" href="#" data-toggle="modal" data-target="#editTagModal<?php echo $tag_id; ?>"><?php echo "$tag_name"; ?></a></td>
-                            <td><?php echo $tag_type; ?></td>
-                            <td><i class="fa fa-3x fa-circle" style="color:<?php echo $tag_color; ?>;"></i></td>
+                            <td>
+                                <a href="#" data-toggle="modal" data-target="#editTagModal<?php echo $tag_id; ?>">
+                                    <span class='badge text-light p-2 mr-1' style="background-color: <?php echo $tag_color; ?>"><i class="fa fa-fw fa-<?php echo $tag_icon; ?> mr-2"></i><?php echo $tag_name; ?></span>
+                                </a>
+                            </td>
+                            <td><?php echo $tag_type_display; ?></td>
                             <td>
                                 <div class="dropdown dropleft text-center">
                                     <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
@@ -102,7 +102,7 @@ if ($num_rows > 0) {
                                             <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                         </a>
                                         <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger text-bold" href="post.php?delete_tag=<?php echo $tag_id; ?>">
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_tag=<?php echo $tag_id; ?>">
                                             <i class="fas fa-fw fa-trash mr-2"></i>Delete
                                         </a>
                                     </div>
@@ -112,7 +112,8 @@ if ($num_rows > 0) {
 
                         <?php
 
-                        require("settings_tag_edit_modal.php");
+                        require "modals/admin_tag_edit_modal.php";
+
 
                     }
 
@@ -121,10 +122,13 @@ if ($num_rows > 0) {
                     </tbody>
                 </table>
             </div>
-            <?php require_once("pagination.php"); ?>
+            <?php require_once "includes/filter_footer.php";
+ ?>
         </div>
     </div>
 
 <?php
-require_once("settings_tag_add_modal.php");
-require_once("footer.php");
+require_once "modals/admin_tag_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_tax.php

@@ -1,20 +1,20 @@
 <?php
 
 // Default Column Sortby Filter
-$sb = "tax_name";
-$o = "ASC";
+$sort = "tax_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
 
-require_once("inc_all_settings.php");
 
 //Rebuild URL
-$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
+$url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
-    $mysqli, 
+    $mysqli,
     "SELECT * FROM taxes
     WHERE tax_archived_at IS NULL
-    AND company_id = $session_company_id
-    ORDER BY $sb $o"
+    ORDER BY $sort $order"
 );
 
 $num_rows = mysqli_num_rows($sql);
@@ -29,12 +29,20 @@ $num_rows = mysqli_num_rows($sql);
             </div>
         </div>
         <div class="card-body">
-            <div class="table-responsive">
+            <div class="table-responsive-sm">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows == 0) { echo "d-none"; } ?>">
                     <tr>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=tax_name&o=<?php echo $disp; ?>">Name</a></th>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=tax_percent&o=<?php echo $disp; ?>">Percent</a></th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=tax_name&order=<?php echo $disp; ?>">
+                                Name <?php if ($sort == 'tax_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=tax_percent&order=<?php echo $disp; ?>">
+                                Percent <?php if ($sort == 'tax_percent') { echo $order_icon; } ?>
+                            </a>
+                        </th>
                         <th class="text-center">Action</th>
                     </tr>
                     </thead>
@@ -43,7 +51,7 @@ $num_rows = mysqli_num_rows($sql);
 
                     while ($row = mysqli_fetch_array($sql)) {
                         $tax_id = intval($row['tax_id']);
-                        $tax_name = htmlentities($row['tax_name']);
+                        $tax_name = nullable_htmlentities($row['tax_name']);
                         $tax_percent = floatval($row['tax_percent']);
 
                         ?>
@@ -60,7 +68,7 @@ $num_rows = mysqli_num_rows($sql);
                                             <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                         </a>
                                         <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger" href="post.php?archive_tax=<?php echo $tax_id; ?>">
+                                        <a class="dropdown-item text-danger confirm-link" href="post.php?archive_tax=<?php echo $tax_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
                                             <i class="fas fa-fw fa-archive mr-2"></i>Archive
                                         </a>
                                     </div>
@@ -70,7 +78,8 @@ $num_rows = mysqli_num_rows($sql);
 
                         <?php
 
-                        require("settings_tax_edit_modal.php");
+                        require "modals/admin_tax_edit_modal.php";
+
                     }
 
                     if ($num_rows == 0) {
@@ -87,5 +96,7 @@ $num_rows = mysqli_num_rows($sql);
     </div>
 
 <?php
-require_once("settings_tax_add_modal.php");
-require_once("footer.php");
+require_once "modals/admin_tax_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_ticket_status.php

@@ -0,0 +1,135 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "ticket_status_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM ticket_statuses
+    WHERE ticket_status_name LIKE '%$q%'
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fas fa-fw fa-info-circle mr-2"></i>Tickets Statuses</h3>
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketStatusModal"><i class="fas fa-plus mr-2"></i>New Ticket Status</button>
+            </div>
+        </div>
+
+        <div class="card-body">
+            <div class="row">
+                <div class="col-sm-4 mb-2">
+                    <form autocomplete="off">
+                        <div class="input-group">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Ticket Statuses">
+                            <div class="input-group-append">
+                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+                <div class="col-sm-8">
+                </div>
+            </div>
+
+            <hr>
+            <div class="table-responsive-sm">
+                <table class="table table-striped table-borderless table-hover">
+                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                    <tr>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_status_name&order=<?php echo $disp; ?>">
+                                Name <?php if ($sort == 'ticket_status_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_status_color&order=<?php echo $disp; ?>">
+                                Color <?php if ($sort == 'ticket_status_color') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_status_active&order=<?php echo $disp; ?>">
+                                Status <?php if ($sort == 'ticket_status_active') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th class="text-center">Action</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $ticket_status_id = intval($row['ticket_status_id']);
+                        $ticket_status_name = nullable_htmlentities($row['ticket_status_name']);
+                        $ticket_status_color = nullable_htmlentities($row['ticket_status_color']);
+                        $ticket_status_active = intval($row['ticket_status_active']);
+                        if ($ticket_status_active) {
+                            $ticket_status_display = "<div class='text-success text-bold'>Active</div>";
+                        } else {
+                            $ticket_status_display = "<div class='text-secondary'>Disabled</div>";
+                        }
+
+                        ?>
+                        <tr>
+                            <td>
+                                <a href="#" data-toggle="modal" data-target="#editTicketStatusModal<?php echo $ticket_status_id; ?>">
+                                    <?php echo $ticket_status_name; ?>
+                                </a>
+                            </td>
+                            <td>
+                                <span class='badge badge-pill text-light p-2' style="background-color: <?php echo $ticket_status_color; ?>"><?php echo $ticket_status_name; ?></span>
+                            <td><?php echo $ticket_status_display; ?></td>
+                            <td>
+                                <?php if ( $ticket_status_id > 5 ) { ?>
+                                <div class="dropdown dropleft text-center">
+                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                        <i class="fas fa-ellipsis-h"></i>
+                                    </button>
+                                    <div class="dropdown-menu">
+                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketStatusModal<?php echo $ticket_status_id; ?>">
+                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                        </a>
+                                        <div class="dropdown-divider"></div>
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket_status=<?php echo $ticket_status_id; ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                        </a>
+                                    </div>
+                                </div>
+                                <?php } ?>
+                            </td>
+                        </tr>
+
+                        <?php
+                        if ( $ticket_status_id > 5 ) {
+                            require "modals/admin_ticket_status_edit_modal.php";
+                        }
+                    }
+
+                    ?>
+
+                    </tbody>
+                </table>
+            </div>
+            <?php require_once "includes/filter_footer.php";
+ ?>
+        </div>
+    </div>
+
+<?php
+require_once "modals/admin_ticket_status_add_modal.php";
+
+require_once "includes/footer.php";
+

admin_ticket_template.php

@@ -0,0 +1,119 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "ticket_template_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM ticket_templates
+    WHERE (ticket_template_name LIKE '%$q%' OR ticket_template_description LIKE '%$q%')
+    AND ticket_template_archived_at IS NULL
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fas fa-fw fa-life-ring mr-2"></i>Ticket Templates</h3>
+        <div class="card-tools">
+            <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketTemplateModal"><i class="fas fa-plus mr-2"></i>New Ticket Template</button>
+        </div>
+    </div>
+    <div class="card-body">
+        <form autocomplete="off">
+            <div class="row">
+
+                <div class="col-md-4">
+                    <div class="input-group mb-3 mb-md-0">
+                        <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Ticket Templates">
+                        <div class="input-group-append">
+                            <button class="btn btn-dark"><i class="fa fa-search"></i></button>
+                        </div>
+                    </div>
+                </div>
+
+                <div class="col-md-8">
+                </div>
+
+            </div>
+        </form>
+        <hr>
+        <div class="table-responsive-sm">
+            <table class="table table-striped table-borderless table-hover">
+                <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
+                <tr>
+                    <th>
+                        <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_template_name&order=<?php echo $disp; ?>">
+                            Template <?php if ($sort == 'ticket_template_name') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>Tasks</th>
+                    <th class="text-center">Action</th>
+                </tr>
+                </thead>
+                <tbody>
+                <?php
+
+                while($row = mysqli_fetch_array($sql)){
+                    $ticket_template_id = intval($row['ticket_template_id']);
+                    $ticket_template_name = nullable_htmlentities($row['ticket_template_name']);
+                    $ticket_template_description = nullable_htmlentities($row['ticket_template_description']);
+                    $ticket_template_subject = nullable_htmlentities($row['ticket_template_subject']);
+                    $ticket_template_created_at = nullable_htmlentities($row['ticket_template_created_at']);
+
+                    ?>
+                    <tr>
+                        <td>
+                            <a class="text-dark">
+                                <div class="media">
+                                    <i class="fa fa-fw fa-2x fa-life-ring mr-3"></i>
+                                    <div class="media-body">
+                                        <div>
+                                            <a href="admin_ticket_template_details.php?ticket_template_id=<?php echo $ticket_template_id; ?>">
+                                                <?php echo $ticket_template_name; ?>
+                                            </a>
+                                        </div>
+                                        <div><small class="text-secondary"><?php echo $ticket_template_description; ?></small></div>
+                                    </div>
+                                </div>
+                            </a>
+                        </td>
+                        <td>0</td>
+                        <td>
+                            <div class="dropdown dropleft text-center">
+                                <button class="btn btn-secondary btn-sm" data-toggle="dropdown">
+                                    <i class="fas fa-ellipsis-h"></i>
+                                </button>
+                                <div class="dropdown-menu">
+                                    <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket_template=<?php echo $ticket_template_id; ?>">
+                                        <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                    </a>
+                                </div>
+                            </div>
+                        </td>
+                    </tr>
+
+                <?php } ?>
+
+                </tbody>
+            </table>
+        </div>
+        <?php require_once "includes/filter_footer.php";
+ ?>
+    </div>
+</div>
+
+<?php
+require_once "modals/admin_ticket_template_add_modal.php";
+require_once "includes/footer.php";
+

admin_ticket_template_details.php

@@ -0,0 +1,144 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+
+//Initialize the HTML Purifier to prevent XSS
+require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
+
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+if (isset($_GET['ticket_template_id'])) {
+    $ticket_template_id = intval($_GET['ticket_template_id']);
+}
+
+$sql_ticket_templates = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
+
+$row = mysqli_fetch_array($sql_ticket_templates);
+
+$ticket_template_name = nullable_htmlentities($row['ticket_template_name']);
+$ticket_template_description = nullable_htmlentities($row['ticket_template_description']);
+$ticket_template_subject = nullable_htmlentities($row['ticket_template_subject']);
+$ticket_template_details = $purifier->purify($row['ticket_template_details']);
+$ticket_template_created_at = nullable_htmlentities($row['ticket_template_created_at']);
+$ticket_template_updated_at = nullable_htmlentities($row['ticket_template_updated_at']);
+
+// Get Task Templates
+$sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id ORDER BY task_template_order ASC, task_template_id ASC");
+
+?>
+
+    <ol class="breadcrumb d-print-none">
+        <li class="breadcrumb-item">
+            <a href="clients.php">Home</a>
+        </li>
+        <li class="breadcrumb-item">
+            <a href="admin_user.php">Admin</a>
+        </li>
+        <li class="breadcrumb-item">
+            <a href="admin_ticket_template.php">Ticket Templates</a>
+        </li>
+        <li class="breadcrumb-item active"><i class="fas fa-life-ring mr-2"></i><?php echo $ticket_template_name; ?></li>
+    </ol>
+
+    <div class="row">
+        <div class="col-8">
+
+            <div class="card card-dark">
+                <div class="card-header">
+                    <h3 class="card-title mt-2">
+                        <div class="media">
+                            <i class="fa fa-fw fa-2x fa-life-ring mr-3"></i>
+                            <div class="media-body">
+                                <h3 class="mb-0"><?php echo $ticket_template_name; ?></h3>
+                                <div><small class="text-secondary"><?php echo $ticket_template_description; ?></small></div>
+                            </div>
+                        </div>
+                    </h3>
+                    <div class="card-tools">
+                        <button type="button" class="btn btn-default btn-sm" data-toggle="modal" data-target="#editTicketTemplateModal">
+                            <i class="fas fa-edit"></i>
+                        </button>
+                    </div>
+                </div>
+                <h5><?php echo $ticket_template_subject; ?></h5>
+                <div class="card-body prettyContent">
+                    <?php echo $ticket_template_details; ?>
+                </div>
+            </div>
+
+        </div>
+
+        <div class="col-4">
+
+            <div class="card card-dark">
+                <div class="card-header">
+                    <h5 class="card-title"><i class="fa fa-fw fa-tasks mr-2"></i>Tasks</h5>
+                </div>
+                <div class="card-body">
+                    <form action="post.php" method="post" autocomplete="off">
+                        <input type="hidden" name="ticket_template_id" value="<?php echo $ticket_template_id; ?>">
+                        <div class="form-group">
+                            <div class="input-group">
+                                <div class="input-group-prepend">
+                                    <span class="input-group-text"><i class="fa fa-fw fa-tasks"></i></span>
+                                </div>
+                                <input type="text" class="form-control" name="task_name" placeholder="Create a task" required>
+                                <div class="input-group-append">
+                                    <button type="submit" name="add_ticket_template_task" class="btn btn-primary"><i class="fas fa-fw fa-check"></i></button>
+                                </div>
+                            </div>
+                        </div>
+                    </form>
+                    <table class="table table-striped table-sm">
+                        <?php
+                        while($row = mysqli_fetch_array($sql_task_templates)){
+                            $task_id = intval($row['task_template_id']);
+                            $task_name = nullable_htmlentities($row['task_template_name']);
+                            $task_order = intval($row['task_template_order']);
+                            $task_completion_estimate = intval($row['task_template_completion_estimate']);
+                            $task_description = nullable_htmlentities($row['task_template_description']);
+                            ?>
+                            <tr>
+                                <td><i class="far fa-fw fa-square text-secondary"></i></td>
+                                <td><span class="text-secondary"><?php echo $task_completion_estimate; ?>m</span> - <?php echo $task_name; ?></td>
+                                <td class="text-right">
+                                    <div class="float-right">
+                                        <div class="dropdown dropleft text-center">
+                                            <button class="btn btn-link text-secondary btn-sm" type="button" data-toggle="dropdown">
+                                                <i class="fas fa-fw fa-ellipsis-v"></i>
+                                            </button>
+                                            <div class="dropdown-menu">
+                                                <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTaskModal<?php echo $task_id; ?>">
+                                                    <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                                </a>
+                                                <div class="dropdown-divider"></div>
+                                                <a class="dropdown-item text-danger confirm-link" href="post.php?delete_task_template=<?php echo $task_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                                    <i class="fas fa-fw fa-trash-alt mr-2"></i>Delete
+                                                </a>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </td>
+                            </tr>
+                            <?php
+                            require "modals/task_edit_modal.php";
+                        }
+                        ?>
+                    </table>
+                </div>
+            </div>
+
+        </div>
+
+    </div>
+
+    <script src="js/pretty_content.js"></script>
+
+<?php
+
+require_once "modals/admin_ticket_template_edit_modal.php";
+require_once "includes/footer.php";

admin_update.php

@@ -0,0 +1,88 @@
+<?php
+require_once "includes/inc_all_admin.php";
+
+require_once "includes/database_version.php";
+
+$updates = fetchUpdates();
+
+$latest_version = $updates->latest_version;
+$current_version = $updates->current_version;
+$result = $updates->result;
+
+$git_log = shell_exec("git log $repo_branch..origin/$repo_branch --pretty=format:'<tr><td>%h</td><td>%ar</td><td>%s</td></tr>'");
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-download mr-2"></i>Update</h3>
+        </div>
+        <div class="card-body" style="text-align: center;">
+
+            <!-- Check if git fetch result was successful (0), if not show a warning -->
+            <?php if ($result !== 0) { ?>
+                <div class="alert alert-danger">
+                    <strong>WARNING: Could not find execute 'git fetch'.</strong>
+                    <br><br>
+                    <i>Error details:- <?php echo shell_exec("git fetch 2>&1"); ?></i>
+                    <br>
+                    <br>Things to check: Is Git installed? Is the Git origin/remote correct? Are web server file permissions too strict?
+                    <br>Seek support on the <a href="https://forum.itflow.org">Forum</a> if required - include relevant PHP error logs & ITFlow debug output
+                </div>
+            <?php } ?>
+
+            <?php if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { ?>
+                <div class="alert alert-warning">
+                    <strong>Ensure you have a current <a href="https://docs.itflow.org/backups">app & database backup</a> before updating!</strong>
+                </div>
+                <br>
+                <a class="btn btn-dark btn-lg my-4" href="post.php?update_db"><i class="fas fa-fw fa-4x fa-download mb-1"></i><h5>Update Database</h5></a>
+                <br>
+                <small class="text-secondary">Current DB Version: <?php echo CURRENT_DATABASE_VERSION; ?></small>
+                <br>
+                <small class="text-secondary">Latest DB Version: <?php echo LATEST_DATABASE_VERSION; ?></small>
+                <br>
+                <hr>
+
+            <?php } else {
+                if (!empty($git_log)) { ?>
+
+                    <a class="btn btn-primary btn-lg my-4" href="post.php?update"><i class="fas fa-fw fa-4x fa-download mb-1"></i><h5>Update App</h5></a>
+                    <a class="btn btn-danger btn-lg" href="post.php?update&force_update=1"><i class="fas fa-fw fa-4x fa-hammer mb-1"></i><h5>FORCE Update App</h5></a>
+
+                <?php } else { ?>
+                    <p><strong>Application Release Version:<br><strong class="text-dark"><?php echo APP_VERSION; ?></strong></p>
+                    <p class="text-secondary">Database Version:<br><strong class="text-dark"><?php echo CURRENT_DATABASE_VERSION; ?></strong></p>
+                    <p class="text-secondary">Code Commit:<br><strong class="text-dark"><?php echo $current_version; ?></strong></p>
+                    <p class="text-muted">You are up to date!<br>Everything is going to be alright</p>
+                    <i class="far fa-3x text-dark fa-smile-wink"></i><br>
+                <?php }
+            }
+
+            if (!empty($git_log)) { ?>
+                <table class="table ">
+                    <thead>
+                    <tr>
+                        <th>Commit</th>
+                        <th>When</th>
+                        <th>Description</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+                    echo $git_log;
+                    ?>
+                    </tbody>
+                </table>
+                <?php
+            }
+
+            ?>
+
+        </div>
+    </div>
+
+<?php
+
+require_once "includes/footer.php";
+

admin_user.php

@@ -0,0 +1,243 @@
+<?php
+
+// Default Column Sortby Filter
+$sort = "user_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
+
+
+//Rebuild URL
+$url_query_strings_sort = http_build_query($get_copy);
+
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings, user_roles
+    WHERE users.user_id = user_settings.user_id
+    AND user_settings.user_role = user_roles.user_role_id
+    AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
+    AND user_archived_at IS NULL
+    ORDER BY $sort $order LIMIT $record_from, $record_to"
+);
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fas fa-fw fa-users mr-2"></i>Users</h3>
+        <div class="card-tools">
+            <div class="btn-group">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addUserModal">
+                    <i class="fas fa-fw fa-user-plus mr-2"></i>New User
+                </button>
+                <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
+                <div class="dropdown-menu">
+                    <!--<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#userInviteModal"><i class="fas fa-paper-plane mr-2"></i>Invite User</a>-->
+                    <?php if ($num_rows[0] > 1) { ?>
+                        <div class="dropdown-divider"></div>
+                        <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#resetAllUserPassModal"><i class="fas fa-skull-crossbones mr-2"></i>IR</a>
+                    <?php } ?>
+                </div>
+            </div>
+        </div>
+    </div>
+    <div class="card-body">
+        <form class="mb-4" autocomplete="off">
+            <div class="row">
+                <div class="col-md-4">
+                    <div class="input-group">
+                        <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Users">
+                        <div class="input-group-append">
+                            <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+                        </div>
+                    </div>
+                </div>
+                <div class="col-md-8">
+                    <div class="float-right">
+                        <button type="button" class="btn btn-default" data-toggle="modal" data-target="#exportUserModal"><i class="fa fa-fw fa-download mr-2"></i>Export</button>
+                    </div>
+                </div>
+            </div>
+        </form>
+        <hr>
+        <div class="table-responsive-sm">
+            <table class="table table-striped table-borderless table-hover">
+                <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
+                <tr>
+                    <th class="text-center">
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_name&order=<?php echo $disp; ?>">
+                            Name <?php if ($sort == 'user_name') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_email&order=<?php echo $disp; ?>">
+                            Email <?php if ($sort == 'user_email') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role&order=<?php echo $disp; ?>">
+                            Role <?php if ($sort == 'user_role') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_status&order=<?php echo $disp; ?>">
+                            Status <?php if ($sort == 'user_status') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <th class="text-center">MFA</th>
+                    <th>
+                        Last Login
+                    </th>
+                    <th class="text-center">Action</th>
+                </tr>
+                </thead>
+                <tbody>
+                <?php
+
+                while ($row = mysqli_fetch_array($sql)) {
+                    $user_id = intval($row['user_id']);
+                    $user_name = nullable_htmlentities($row['user_name']);
+                    $user_email = nullable_htmlentities($row['user_email']);
+                    $user_status = intval($row['user_status']);
+                    if ($user_status == 2) {
+                        $user_status_display = "<span class='text-info'>Invited</span>";
+                    } elseif ($user_status == 1) {
+                        $user_status_display = "<span class='text-success'>Active</span>";
+                    } else{
+                        $user_status_display = "<span class='text-danger'>Disabled</span>";
+                    }
+                    $user_avatar = nullable_htmlentities($row['user_avatar']);
+                    $user_token = nullable_htmlentities($row['user_token']);
+                    if(empty($user_token)) {
+                        $mfa_status_display = "<i class='fas fa-fw fa-unlock text-danger'></i>";
+                    } else {
+                        $mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>";
+                    }
+                    $user_config_force_mfa = intval($row['user_config_force_mfa']);
+                    $user_role = $row['user_role'];
+                    $user_role_display = nullable_htmlentities($row['user_role_name']);
+                    $user_initials = nullable_htmlentities(initials($user_name));
+
+                    $sql_last_login = mysqli_query(
+                        $mysqli,
+                        "SELECT * FROM logs
+                        WHERE log_user_id = $user_id AND log_type = 'Login'
+                        ORDER BY log_id DESC LIMIT 1"
+                    );
+                    if (mysqli_num_rows($sql_last_login) == 0) {
+                        $last_login = "<span class='text-bold'>Never logged in</span>";
+                    } else {
+                        $row = mysqli_fetch_array($sql_last_login);
+                        $log_created_at = nullable_htmlentities($row['log_created_at']);
+                        $log_ip = nullable_htmlentities($row['log_ip']);
+                        $log_user_agent = nullable_htmlentities($row['log_user_agent']);
+                        $log_user_os = getOS($log_user_agent);
+                        $log_user_browser = getWebBrowser($log_user_agent);
+                        $last_login = "$log_created_at<small class='text-secondary'><div class='mt-1'>$log_user_os</div><div class='mt-1'>$log_user_browser</div><div class='mt-1'><i class='fa fa-fw fa-globe'></i> $log_ip</div></small>";
+                    }
+
+                    // Get User Client Access Permissions
+                    $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id");
+                    $client_access_array = [];
+                    while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
+                        $client_access_array[] = intval($row['client_id']);
+                    }
+
+                    $sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $user_id");
+                    $remember_token_count = mysqli_num_rows($sql_remember_tokens);
+
+
+
+                    ?>
+                    <tr>
+                        <td class="text-center">
+                            <a class="text-dark" href="#" <?php if ($user_id !== $session_user_id) {   // Prevent modifying self ?> data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>" <?php } ?>>
+                                <?php if (!empty($user_avatar)) { ?>
+                                    <img class="img-size-50 img-circle" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
+                                <?php } else { ?>
+                                    <span class="fa-stack fa-2x">
+                                        <i class="fa fa-circle fa-stack-2x text-secondary"></i>
+                                        <span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
+                                    </span>
+                                    <br>
+                                <?php } ?>
+
+                                <div class="text-secondary"><?php echo $user_name; ?></div>
+                            </a>
+                        </td>
+                        <td><a href="mailto:<?php echo $user_email; ?>"><?php echo $user_email; ?></a></td>
+                        <td><?php echo $user_role_display; ?></td>
+                        <td><?php echo $user_status_display; ?></td>
+                        <td class="text-center"><?php echo $mfa_status_display; ?></td>
+                        <td><?php echo $last_login; ?></td>
+                        <td>
+                            <?php if ($user_id !== $session_user_id) {   // Prevent modifying self ?>
+                            <div class="dropdown dropleft text-center">
+                                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                    <i class="fas fa-ellipsis-h"></i>
+                                </button>
+                                <div class="dropdown-menu">
+                                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>">
+                                        <i class="fas fa-fw fa-user-edit mr-2"></i>Edit
+                                    </a>
+                                    <?php if ($remember_token_count > 0) { ?>
+                                    <a class="dropdown-item" href="post.php?revoke_remember_me=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-ban mr-2"></i>Revoke <?php echo $remember_token_count; ?> Remember Tokens
+                                    </a>
+                                    <?php } ?>
+                                    <?php if ($user_status == 0) { ?>
+                                        <a class="dropdown-item text-success" href="post.php?activate_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                            <i class="fas fa-fw fa-user-check mr-2"></i>Activate
+                                        </a>
+                                    <?php }elseif ($user_status == 1) { ?>
+                                        <a class="dropdown-item text-danger" href="post.php?disable_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                            <i class="fas fa-fw fa-user-slash mr-2"></i>Disable
+                                        </a>
+                                    <?php } ?>
+                                    <div class="dropdown-divider"></div>
+                                    <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#archiveUserModal<?php echo $user_id; ?>">
+                                        <i class="fas fa-fw fa-archive mr-2"></i>Archive
+                                    </a>
+                                </div>
+                            </div>
+                            <?php } ?>
+                        </td>
+                    </tr>
+
+                    <?php
+
+                    require "modals/admin_user_edit_modal.php";
+
+                    require "modals/admin_user_archive_modal.php";
+
+
+                }
+
+                ?>
+
+                </tbody>
+            </table>
+        </div>
+        <?php require_once "includes/filter_footer.php";
+ ?>
+    </div>
+</div>
+<script>
+    function generatePassword() {
+        document.getElementById("password").value = "<?php echo randomString() ?>"
+    }
+</script>
+
+<?php
+
+require_once "modals/admin_user_add_modal.php";
+
+require_once "modals/admin_user_invite_modal.php";
+
+require_once "modals/admin_user_export_modal.php";
+
+require_once "modals/admin_user_all_reset_password_modal.php";
+
+require_once "includes/footer.php";
+

admin_vendor_template.php

@@ -1,19 +1,20 @@
 <?php
 
 // Default Column Sortby Filter
-$sb = "vendor_name";
-$o = "ASC";
+$sort = "vendor_name";
+$order = "ASC";
+
+require_once "includes/inc_all_admin.php";
 
-require_once("inc_all_settings.php");
 
 //Rebuild URL
-$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
+$url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
     $mysqli,
     "SELECT SQL_CALC_FOUND_ROWS * FROM vendors
     WHERE vendor_template = 1
-    AND (vendor_name LIKE '%$q%' OR vendor_description LIKE '%$q%' OR vendor_account_number LIKE '%$q%' OR vendor_website LIKE '%$q%' OR vendor_contact_name LIKE '%$q%' OR vendor_email LIKE '%$q%' OR vendor_phone LIKE '%$phone_query%') ORDER BY $sb $o LIMIT $record_from, $record_to"
+    AND (vendor_name LIKE '%$q%' OR vendor_description LIKE '%$q%' OR vendor_account_number LIKE '%$q%' OR vendor_website LIKE '%$q%' OR vendor_contact_name LIKE '%$q%' OR vendor_email LIKE '%$q%' OR vendor_phone LIKE '%$phone_query%') ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
@@ -37,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                     <div class="col-md-4">
                         <div class="input-group mb-3 mb-md-0">
-                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors Templates">
+                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Vendors Templates">
                             <div class="input-group-append">
                                 <button class="btn btn-dark"><i class="fa fa-search"></i></button>
                             </div>
@@ -51,8 +52,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>
-                        <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=vendor_name&o=<?php echo $disp; ?>">Vendor</a></th>
-                        <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=vendor_description&o=<?php echo $disp; ?>">Description</a></th>
+                        <th>
+                            <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=vendor_name&order=<?php echo $disp; ?>">
+                                Vendor <?php if ($sort == 'vendor_name') { echo $order_icon; } ?>
+                            </a>
+                        </th>
+                        <th>
+                            <a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=vendor_description&order=<?php echo $disp; ?>">
+                                Description <?php if ($sort == 'vendor_description') { echo $order_icon; } ?>
+                            </a>
+                        </th>
                         <th>Contact</th>
                         <th class="text-center">Action</th>
                     </tr>
@@ -62,28 +71,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                     while ($row = mysqli_fetch_array($sql)) {
                         $vendor_id = intval($row['vendor_id']);
-                        $vendor_name = htmlentities($row['vendor_name']);
-                        $vendor_description = htmlentities($row['vendor_description']);
+                        $vendor_name = nullable_htmlentities($row['vendor_name']);
+                        $vendor_description = nullable_htmlentities($row['vendor_description']);
                         if (empty($vendor_description)) {
                             $vendor_description_display = "-";
                         } else {
                             $vendor_description_display = $vendor_description;
                         }
-                        $vendor_account_number = htmlentities($row['vendor_account_number']);
-                        $vendor_contact_name = htmlentities($row['vendor_contact_name']);
+                        $vendor_account_number = nullable_htmlentities($row['vendor_account_number']);
+                        $vendor_contact_name = nullable_htmlentities($row['vendor_contact_name']);
                         if (empty($vendor_contact_name)) {
                             $vendor_contact_name_display = "-";
                         } else {
                             $vendor_contact_name_display = $vendor_contact_name;
                         }
                         $vendor_phone = formatPhoneNumber($row['vendor_phone']);
-                        $vendor_extension = htmlentities($row['vendor_extension']);
-                        $vendor_email = htmlentities($row['vendor_email']);
-                        $vendor_website = htmlentities($row['vendor_website']);
-                        $vendor_hours = htmlentities($row['vendor_hours']);
-                        $vendor_sla = htmlentities($row['vendor_sla']);
-                        $vendor_code = htmlentities($row['vendor_code']);
-                        $vendor_notes = htmlentities($row['vendor_notes']);
+                        $vendor_extension = nullable_htmlentities($row['vendor_extension']);
+                        $vendor_email = nullable_htmlentities($row['vendor_email']);
+                        $vendor_website = nullable_htmlentities($row['vendor_website']);
+                        $vendor_hours = nullable_htmlentities($row['vendor_hours']);
+                        $vendor_sla = nullable_htmlentities($row['vendor_sla']);
+                        $vendor_code = nullable_htmlentities($row['vendor_code']);
+                        $vendor_notes = nullable_htmlentities($row['vendor_notes']);
                         $vendor_template = intval($row['vendor_template']);
 
                         ?>
@@ -135,7 +144,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                         </a>
                                         <?php if ($session_user_role == 3) { ?>
                                             <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger text-bold" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">
+                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">
                                                 <i class="fas fa-fw fa-trash mr-2"></i>Delete
                                             </a>
                                         <?php } ?>
@@ -146,7 +155,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                         <?php
 
-                        require("vendor_template_edit_modal.php");
+                        require "modals/admin_vendor_template_edit_modal.php";
+
                     }
 
                     ?>
@@ -154,10 +164,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     </tbody>
                 </table>
             </div>
-            <?php require_once("pagination.php"); ?>
+            <?php require_once "includes/filter_footer.php";
+ ?>
         </div>
     </div>
 
 <?php
-require_once("vendor_template_add_modal.php");
-require_once("footer.php");
+require_once "modals/admin_vendor_template_add_modal.php";
+
+require_once "includes/footer.php";
+

ajax.php

@@ -6,46 +6,31 @@
  * Always returns data in JSON format, unless otherwise specified
  */
 
-require_once("config.php");
-require_once("functions.php");
-require_once("check_login.php");
-require_once("rfc6238.php");
+require_once "config.php";
+require_once "functions.php";
+require_once "check_login.php";
+require_once "plugins/totp/totp.php";
 
 /*
  * Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
  */
 if (isset($_GET['certificate_fetch_parse_json_details'])) {
+
     // PHP doesn't appreciate attempting SSL sockets to non-existent domains
     if (empty($_GET['domain'])) {
         exit();
     }
-    $domain = $_GET['domain'];
 
-    // FQDNs in database shouldn't have a URL scheme, adding one
-    $domain = "https://".$domain;
+    $name = $_GET['domain'];
 
-    // Parse host and port
-    $url = parse_url($domain, PHP_URL_HOST);
-    $port = parse_url($domain, PHP_URL_PORT);
-    // Default port
-    if (!$port) {
-        $port = "443";
-    }
+    // Get SSL cert for domain (if exists)
+    $certificate = getSSL($name);
 
-    // Get certificate (using verify peer false to allow for self-signed certs)
-    $socket = "ssl://$url:$port";
-    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => true, "verify_peer" => false,)));
-    $read = stream_socket_client($socket, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
-    $cert = stream_context_get_params($read);
-    $cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
-    openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
-
-    // Process data
-    if ($cert_public_key_obj) {
+    if ($certificate['success'] == "TRUE") {
         $response['success'] = "TRUE";
-        $response['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
-        $response['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
-        $response['public_key'] = $export; //nl2br
+        $response['expire'] = $certificate['expire'];
+        $response['issued_by'] = $certificate['issued_by'];
+        $response['public_key'] = $certificate['public_key'];
     } else {
         $response['success'] = "FALSE";
     }
@@ -70,7 +55,7 @@ if (isset($_GET['certificate_get_json_details'])) {
     }
 
     // Get all domains for this client that could be linked to this certificate
-    $domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = '$client_id' AND company_id = '$session_company_id'");
+    $domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = $client_id");
     while ($row = mysqli_fetch_array($domains_sql)) {
         $response['domains'][] = $row;
     }
@@ -82,7 +67,7 @@ if (isset($_GET['certificate_get_json_details'])) {
  * Looks up info for a given domain ID from the database, used to dynamically populate modal fields
  */
 if (isset($_GET['domain_get_json_details'])) {
-    validateTechRole();
+    enforceUserPermission('module_support');
 
     $domain_id = intval($_GET['domain_id']);
     $client_id = intval($_GET['client_id']);
@@ -94,11 +79,29 @@ if (isset($_GET['domain_get_json_details'])) {
     }
 
     // Get all registrars/webhosts (vendors) for this client that could be linked to this domain
-    $vendor_sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = $client_id");
+    $vendor_sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = $client_id AND vendor_archived_at IS NULL ORDER BY vendor_name ASC");
     while ($row = mysqli_fetch_array($vendor_sql)) {
         $response['vendors'][] = $row;
     }
 
+    // Get domain history
+    $history_sql = mysqli_query($mysqli, "SELECT * FROM domain_history WHERE domain_history_domain_id = $domain_id");
+    $history_html = "<table class='table table-sm table-striped border table-hover'>";
+    $history_html .= "<thead class='thead-dark'><tr><th>Date</th><th>Field</th><th>Before</th><th>After</th></tr></thead><tbody>";
+    while ($row = mysqli_fetch_array($history_sql)) {
+        // Fetch data from the query and create table rows
+        $history_html .= "<tr>";
+        $history_html .= "<td>" . htmlspecialchars(date('Y-m-d', strtotime($row['domain_history_modified_at']))) . "</td>";
+        $history_html .= "<td>" . htmlspecialchars($row['domain_history_column']) . "</td>";
+        $history_html .= "<td>" . htmlspecialchars($row['domain_history_old_value']) . "</td>";
+        $history_html .= "<td>" . htmlspecialchars($row['domain_history_new_value']) . "</td>";
+        $history_html .= "</tr>";
+    }
+    $history_html .= "</tbody></table>";
+
+    // Return the HTML content to JavaScript
+    $response['history'] = $history_html;
+
     echo json_encode($response);
 }
 
@@ -110,17 +113,19 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
 
     $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
 
-    $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, client_name, contact_name FROM tickets
-      LEFT JOIN clients ON ticket_client_id = client_id 
-      LEFT JOIN contacts ON ticket_contact_id = contact_id
-      WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'");
+    $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, ticket_status_name, client_name, contact_name FROM tickets
+        LEFT JOIN clients ON ticket_client_id = client_id 
+        LEFT JOIN contacts ON ticket_contact_id = contact_id
+        LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+        WHERE ticket_number = $merge_into_ticket_number");
 
     if (mysqli_num_rows($sql) == 0) {
         //Do nothing.
+        echo "No ticket found!";
     } else {
         //Return ticket, client and contact details for the given ticket number
         $response = mysqli_fetch_array($sql);
-        $response = array_map('htmlentities', $response);
+
         echo json_encode($response);
     }
 }
@@ -143,8 +148,8 @@ if (isset($_GET['network_get_json_details'])) {
     // Lookup all client locations, as networks can be associated with any client location
     $locations_sql = mysqli_query(
         $mysqli,
-        "SELECT location_id, location_name FROM locations 
-        WHERE location_client_id = '$client_id' AND company_id = '$session_company_id'"
+        "SELECT location_id, location_name FROM locations
+         WHERE location_client_id = '$client_id'"
     );
     while ($row = mysqli_fetch_array($locations_sql)) {
         $response['locations'][] = $row;
@@ -158,10 +163,10 @@ if (isset($_POST['client_set_notes'])) {
     $notes = sanitizeInput($_POST['notes']);
 
     // Update notes
-    mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'");
+    mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = $client_id");
 
     // Logging
-    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
+    logAction("Client", "Edit", "$session_name edited client notes", $client_id);
 
 }
 
@@ -169,11 +174,39 @@ if (isset($_POST['contact_set_notes'])) {
     $contact_id = intval($_POST['contact_id']);
     $notes = sanitizeInput($_POST['notes']);
 
+    // Get Contact Details and Client ID for Logging
+    $sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id 
+        FROM contacts WHERE contact_id = $contact_id"
+    );
+    $row = mysqli_fetch_array($sql);
+    $contact_name = sanitizeInput($row['contact_name']);
+    $client_id = intval($row['contact_client_id']);
+
     // Update notes
     mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id");
 
     // Logging
-    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
+    logAction("Contact", "Edit", "$session_name edited contact notes for $contact_name", $client_id, $contact_id);
+
+}
+
+if (isset($_POST['asset_set_notes'])) {
+    $asset_id = intval($_POST['asset_id']);
+    $notes = sanitizeInput($_POST['notes']);
+
+    // Get Asset Details and Client ID for Logging
+    $sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id 
+        FROM assets WHERE asset_id = $asset_id"
+    );
+    $row = mysqli_fetch_array($sql);
+    $asset_name = sanitizeInput($row['asset_name']);
+    $client_id = intval($row['asset_client_id']);
+
+    // Update notes
+    mysqli_query($mysqli, "UPDATE assets SET asset_notes = '$notes' WHERE asset_id = $asset_id");
+
+    // Logging
+    logAction("Asset", "Edit", "$session_name edited asset notes for $asset_name", $client_id, $asset_id);
 
 }
 
@@ -185,7 +218,7 @@ if (isset($_POST['contact_set_notes'])) {
 if (isset($_GET['ticket_add_view'])) {
     $ticket_id = intval($_GET['ticket_id']);
 
-    mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = '$ticket_id', view_user_id = '$session_user_id', view_timestamp = NOW()");
+    mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = $ticket_id, view_user_id = $session_user_id, view_timestamp = NOW()");
 }
 
 /*
@@ -196,7 +229,7 @@ if (isset($_GET['ticket_add_view'])) {
 if (isset($_GET['ticket_query_views'])) {
     $ticket_id = intval($_GET['ticket_id']);
 
-    $query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = '$ticket_id' AND view_user_id != '$session_user_id' AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
+    $query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = $ticket_id AND view_user_id != $session_user_id AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
     while ($row = mysqli_fetch_array($query)) {
         $users[] = $row['user_name'];
     }
@@ -205,10 +238,10 @@ if (isset($_GET['ticket_query_views'])) {
         $users = array_unique($users);
         if (count($users) > 1) {
             // Multiple viewers
-            $response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket.");
+            $response['message'] = "<i class='fas fa-fw fa-eye mr-2'></i>" . nullable_htmlentities(implode(", ", $users) . " are viewing this ticket.");
         } else {
             // Single viewer
-            $response['message'] = htmlentities(implode("", $users) . " is viewing this ticket.");
+            $response['message'] = "<i class='fas fa-fw fa-eye mr-2'></i>" . nullable_htmlentities(implode("", $users) . " is viewing this ticket.");
         }
     } else {
         // No viewers
@@ -230,23 +263,39 @@ if (isset($_GET['share_generate_link'])) {
     $client_id = intval($_GET['client_id']);
     $item_type = sanitizeInput($_GET['type']);
     $item_id = intval($_GET['id']);
+    $item_email = sanitizeInput($_GET['contact_email']);
     $item_note = sanitizeInput($_GET['note']);
     $item_view_limit = intval($_GET['views']);
+    $item_view_limit_wording = "";
+    if ($item_view_limit == 1) {
+        $item_view_limit_wording = " and may only be viewed <strong>once</strong>, before the link is destroyed.";
+    }
     $item_expires = sanitizeInput($_GET['expires']);
+    $item_expires_friendly = "never"; // default never
+    if ($item_expires == "1 HOUR") {
+        $item_expires_friendly = "1 hour";
+    } elseif ($item_expires == "24 HOUR") {
+        $item_expires_friendly = "1 day";
+    } elseif ($item_expires == "168 HOUR") {
+        $item_expires_friendly = "1 week";
+    } elseif ($item_expires == "730 HOUR") {
+        $item_expires_friendly = "1 month";
+    }
+
     $item_key = randomString(156);
 
     if ($item_type == "Document") {
-        $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
+        $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1"));
         $item_name = sanitizeInput($row['document_name']);
     }
 
     if ($item_type == "File") {
-        $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
+        $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = $item_id AND file_client_id = $client_id LIMIT 1"));
         $item_name = sanitizeInput($row['file_name']);
     }
 
     if ($item_type == "Login") {
-        $login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
+        $login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = $item_id AND login_client_id = $client_id LIMIT 1");
         $row = mysqli_fetch_array($login);
 
         $item_name = sanitizeInput($row['login_name']);
@@ -266,32 +315,82 @@ if (isset($_GET['share_generate_link'])) {
     }
 
     // Insert entry into DB
-    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
+    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_recipient = '$item_email', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id");
     $share_id = $mysqli->insert_id;
 
     // Return URL
     if ($item_type == "Login") {
-        $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
+        $url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
     }
     else {
-        $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
+        $url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key";
     }
+
+    $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
+    $row = mysqli_fetch_array($sql);
+    $company_name = sanitizeInput($row['company_name']);
+    $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
+
+    // Sanitize Config vars from get_settings.php
+    $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+    $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+    $config_mail_from_name = sanitizeInput($config_mail_from_name);
+    $config_mail_from_email = sanitizeInput($config_mail_from_email);
+
+    // Send user e-mail, if specified
+    if(!empty($config_smtp_host) && filter_var($item_email, FILTER_VALIDATE_EMAIL)){
+
+        $subject = "Time sensitive - $company_name secure link enclosed";
+        if ($item_expires_friendly == "never") {
+            $subject = "$company_name secure link enclosed";
+        }
+        $body = "Hello,<br><br>$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".<br><br>The link will expire in <strong>$item_expires_friendly</strong>$item_view_limit_wording.<br><br><strong><a href=\'$url\'>Click here to access your secure content</a></strong><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
+
+        // Add the intended recipient disclosure
+        $body .= "<br><br><em>This email and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify the sender and delete this email. Unauthorized use, disclosure, or distribution is prohibited.</em>";
+
+        $data = [
+            [
+                'from' => $config_mail_from_email,
+                'from_name' => $config_mail_from_name,
+                'recipient' => $item_email,
+                'recipient_name' => $item_email,
+                'subject' => $subject,
+                'body' => $body
+            ]
+        ];
+
+        addToMailQueue($data);
+
+    }
+
     echo json_encode($url);
 
     // Logging
-    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
+    logAction("Share", "Create", "$session_name created shared link for $item_type - $item_name", $client_id, $item_id);
 
 }
 
 /*
- *  Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields
+ *  Looks up info for a given recurring (was scheduled) ticket ID from the database, used to dynamically populate modal edit fields
  */
-if (isset($_GET['scheduled_ticket_get_json_details'])) {
+if (isset($_GET['recurring_ticket_get_json_details'])) {
     validateTechRole();
 
     $client_id = intval($_GET['client_id']);
     $ticket_id = intval($_GET['ticket_id']);
 
+    // Get all contacts, to allow tickets to be raised under a specific contact
+    $contact_sql = mysqli_query($mysqli, "SELECT contact_id, contact_name FROM contacts
+    WHERE contact_client_id = $client_id
+    AND contact_archived_at IS NULL
+    ORDER BY contact_primary DESC, contact_technical DESC, contact_name ASC"
+    );
+    while ($row = mysqli_fetch_array($contact_sql)) {
+        $response['contacts'][] = $row;
+    }
+
+    // Get ticket details
     $ticket_sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets
     WHERE scheduled_ticket_id = $ticket_id
     AND scheduled_ticket_client_id = $client_id LIMIT 1");
@@ -299,21 +398,134 @@ if (isset($_GET['scheduled_ticket_get_json_details'])) {
         $response['ticket'][] = $row;
     }
 
+    // Get assets
     $asset_sql = mysqli_query($mysqli, "SELECT asset_id, asset_name FROM assets WHERE asset_client_id = $client_id AND asset_archived_at IS NULL");
     while ($row = mysqli_fetch_array($asset_sql)) {
         $response['assets'][] = $row;
     }
 
+    // Get technicians to auto assign the ticket to
+    $sql_agents = mysqli_query(
+        $mysqli,
+        "SELECT users.user_id, user_name FROM users
+            LEFT JOIN user_settings on users.user_id = user_settings.user_id
+            WHERE user_role > 1
+            AND user_status = 1
+            AND user_archived_at IS NULL
+            ORDER BY user_name ASC"
+    );
+    while ($row = mysqli_fetch_array($sql_agents)) {
+        $response['agents'][] = $row;
+    }
+
     echo json_encode($response);
 
 }
 
 /*
- * Dynamic TOTP for client login page
- * When provided with a TOTP secret, returns a 6-digit code
+ * Looks up info for a given quote ID from the database, used to dynamically populate modal fields
  */
-if (isset($_GET['get_totp_token'])) {
-    $otp = TokenAuth6238::getTokenCode($_GET['totp_secret']);
+if (isset($_GET['quote_get_json_details'])) {
+    $quote_id = intval($_GET['quote_id']);
+
+    // Get quote details
+    $quote_sql = mysqli_query(
+        $mysqli,
+        "SELECT * FROM quotes
+        LEFT JOIN clients ON quote_client_id = client_id
+        WHERE quote_id = $quote_id LIMIT 1"
+    );
+
+    while ($row = mysqli_fetch_array($quote_sql)) {
+        $response['quote'][] = $row;
+    }
+
+
+    // Get all income-related categories for quoting
+    $quote_created_at = $response['quote'][0]['quote_created_at'];
+    $category_sql = mysqli_query(
+        $mysqli,
+        "SELECT category_id, category_name FROM categories
+        WHERE category_type = 'Income' AND (category_archived_at > '$quote_created_at' OR category_archived_at IS NULL)
+        ORDER BY category_name"
+    );
+
+    while ($row = mysqli_fetch_array($category_sql)) {
+        $response['categories'][] = $row;
+    }
+
+    echo json_encode($response);
 
-    echo json_encode($otp);
+}
+
+/*
+ * Returns sorted list of active clients
+ */
+if (isset($_GET['get_active_clients'])) {
+
+    $client_sql = mysqli_query(
+        $mysqli,
+        "SELECT client_id, client_name FROM clients
+        WHERE client_archived_at IS NULL
+        ORDER BY client_accessed_at DESC"
+    );
+
+    while ($row = mysqli_fetch_array($client_sql)) {
+        $response['clients'][] = $row;
+    }
+
+    echo json_encode($response);
+}
+
+/*
+ * Returns ordered list of active contacts for a specified client
+ */
+if (isset($_GET['get_client_contacts'])) {
+    $client_id = intval($_GET['client_id']);
+
+    $contact_sql = mysqli_query(
+        $mysqli,
+        "SELECT contact_id, contact_name, contact_primary, contact_important, contact_technical FROM contacts
+        WHERE contacts.contact_archived_at IS NULL AND contact_client_id = $client_id
+        ORDER BY contact_primary DESC, contact_technical DESC, contact_important DESC, contact_name"
+    );
+
+    while ($row = mysqli_fetch_array($contact_sql)) {
+        $response['contacts'][] = $row;
+    }
+
+    echo json_encode($response);
+}
+
+/*
+ * NEW TOTP getter for client login/passwords page
+ * When provided with a login ID, checks permissions and returns the 6-digit code
+ */
+if (isset($_GET['get_totp_token_via_id'])) {
+    validateTechRole();
+
+    $login_id = intval($_GET['login_id']);
+
+    $sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT login_name, login_otp_secret, login_client_id FROM logins WHERE login_id = $login_id"));
+    $name = sanitizeInput($sql['login_name']);
+    $totp_secret = $sql['login_otp_secret'];
+    $client_id = intval($sql['login_client_id']);
+
+    $otp = TokenAuth6238::getTokenCode(strtoupper($totp_secret));
+    echo json_encode($otp);
+
+    // Logging
+    //  Only log the TOTP view if the user hasn't already viewed this specific login entry recently, this prevents logs filling if a user hovers across an entry a few times
+    $check_recent_totp_view_logged_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS recent_totp_view FROM logs WHERE log_type = 'Login' AND log_action = 'View TOTP' AND log_user_id = $session_user_id AND log_entity_id = $login_id AND log_client_id = $client_id AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
+    $recent_totp_view_logged_count = intval($check_recent_totp_view_logged_sql['recent_totp_view']);
+
+    if ($recent_totp_view_logged_count == 0) {
+        // Logging
+        logAction("Credential", "View TOTP", "$session_name viewed credential TOTP code for $name", $client_id, $login_id);
+
+    }
+}
+
+if (isset($_GET['get_readable_pass'])) {
+    echo json_encode(GenerateReadablePassword(4));
 }

api/v1/assets/asset_model.php

@@ -2,15 +2,23 @@
 
 // Variable assignment from POST (or: blank/from DB is updating)
 if (isset($_POST['asset_name'])) {
-    $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
+    $name = sanitizeInput($_POST['asset_name']);
 } elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
     $name = $asset_row['asset_name'];
 } else {
     $name = '';
 }
 
+if (isset($_POST['asset_description'])) {
+    $description = sanitizeInput($_POST['asset_description']);
+} elseif (isset($asset_row) && isset($asset_row['asset_description'])) {
+    $description = $asset_row['asset_description'];
+} else {
+    $description = '';
+}
+
 if (isset($_POST['asset_type'])) {
-    $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
+    $type = sanitizeInput($_POST['asset_type']);
 } elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
     $type = $asset_row['asset_type'];
 } else {
@@ -18,14 +26,14 @@ if (isset($_POST['asset_type'])) {
 }
 
 if (isset($_POST['asset_make'])) {
-    $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
+    $make = sanitizeInput($_POST['asset_make']);
 } elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
     $make = $asset_row['asset_make'];
 } else {
     $make = '';
 }
 if (isset($_POST['asset_model'])) {
-    $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
+    $model = sanitizeInput($_POST['asset_model']);
 } elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
     $model = $asset_row['asset_model'];
 } else {
@@ -33,7 +41,7 @@ if (isset($_POST['asset_model'])) {
 }
 
 if (isset($_POST['asset_serial'])) {
-    $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
+    $serial = sanitizeInput($_POST['asset_serial']);
 } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
     $serial = $asset_row['asset_serial'];
 } else {
@@ -41,7 +49,7 @@ if (isset($_POST['asset_serial'])) {
 }
 
 if (isset($_POST['asset_os'])) {
-    $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
+    $os = sanitizeInput($_POST['asset_os']);
 } elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
     $os = $asset_row['asset_os'];
 } else {
@@ -49,23 +57,31 @@ if (isset($_POST['asset_os'])) {
 }
 
 if (isset($_POST['asset_ip'])) {
-    $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
-} elseif (isset($asset_row) && isset($asset_row['asset_ip'])) {
-    $aip = $asset_row['asset_ip'];
+    $ip = sanitizeInput($_POST['asset_ip']);
+} elseif (isset($asset_row) && isset($asset_row['interface_ip'])) {
+    $ip = $asset_row['interface_ip'];
 } else {
-    $aip = '';
+    $ip = '';
 }
 
 if (isset($_POST['asset_mac'])) {
-    $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
-} elseif (isset($asset_row) && isset($asset_row['asset_mac'])) {
-    $mac = $asset_row['asset_mac'];
+    $mac = sanitizeInput($_POST['asset_mac']);
+} elseif (isset($asset_row) && isset($asset_row['interface_mac'])) {
+    $mac = $asset_row['interface_mac'];
 } else {
     $mac = '';
 }
 
+if (isset($_POST['asset_uri'])) {
+    $uri = sanitizeInput($_POST['asset_uri']);
+} elseif (isset($asset_row) && isset($asset_row['asset_uri'])) {
+    $uri = $asset_row['asset_uri'];
+} else {
+    $uri = '';
+}
+
 if (isset($_POST['asset_status'])) {
-    $status = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_status'])));
+    $status = sanitizeInput($_POST['asset_status']);
 } elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
     $status = $asset_row['asset_status'];
 } else {
@@ -73,31 +89,31 @@ if (isset($_POST['asset_status'])) {
 }
 
 if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
-    $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
+    $purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
-    $purchase_date = $asset_row['asset_purchase_date'];
+    $purchase_date = "'" . $asset_row['asset_purchase_date'] . "'";
 } else {
-    $purchase_date = "0000-00-00";
+    $purchase_date = "NULL";
 }
 
 if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
-    $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
+    $warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
-    $warranty_expire = $asset_row['asset_warranty_expire'];
+    $warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'";
 } else {
-    $warranty_expire = "0000-00-00";
+    $warranty_expire = "NULL";
 }
 
 if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
-    $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
+    $install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
-    $install_date = $asset_row['asset_install_date'];
+    $install_date = "'" . $asset_row['asset_install_date'] . "'";
 } else {
-    $install_date = "0000-00-00";
+    $install_date = "NULL";
 }
 
 if (isset($_POST['asset_notes'])) {
-    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
+    $notes = sanitizeInput($_POST['asset_notes']);
 } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
     $notes = $asset_row['asset_notes'];
 } else {
@@ -130,8 +146,8 @@ if (isset($_POST['asset_contact_id'])) {
 
 if (isset($_POST['asset_network_id'])) {
     $network = intval($_POST['asset_network_id']);
-} elseif (isset($asset_row) && isset($asset_row['asset_network_id'])) {
-    $network = $asset_row['asset_network_id'];
+} elseif (isset($asset_row) && isset($asset_row['interface_network_id'])) {
+    $network = $asset_row['interface_network_id'];
 } else {
     $network = '0';
 }

api/v1/assets/create.php

@@ -1,26 +1,33 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_post_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
 
 // Parse POST info
-require_once('asset_model.php');
+require_once 'asset_model.php';
+
 
 // Default
 $insert_id = false;
 
 if (!empty($name) && !empty($client_id)) {
     // Insert into Database
-    $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_client_id = $client_id");
 
     if ($insert_sql) {
         $insert_id = mysqli_insert_id($mysqli);
 
-        //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
+        // Add Primary Interface
+        mysqli_query($mysqli,"INSERT INTO asset_interfaces SET interface_name = 'Primary', interface_mac = '$mac', interface_ip = '$ip', interface_port = 'eth0', interface_primary = 1, interface_network_id = $network, interface_asset_id = $insert_id");
+
+        // Logging
+        logAction("Asset", "Create", "$name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created asset $name via API ($api_key_name)", $client_id);
     }
 }
 
 // Output
-require_once('../create_output.php');
+require_once '../create_output.php';
+

api/v1/assets/delete.php

@@ -1,7 +1,9 @@
 <?php
-require_once('../validate_api_key.php');
+require_once '../validate_api_key.php';
+
+
+require_once '../require_post_method.php';
 
-require_once('../require_post_method.php');
 
 // Parse ID
 $asset_id = intval($_POST['asset_id']);
@@ -10,19 +12,23 @@ $asset_id = intval($_POST['asset_id']);
 $delete_count = false;
 
 if (!empty($asset_id)) {
-    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"));
     $asset_name = $row['asset_name'];
 
-    $delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
+
+    // Delete Interfaces
+    mysqli_query($mysqli,"DELETE FROM asset_interfaces WHERE interface_asset_id = $asset_id");
 
     // Check delete & get affected rows
     if ($delete_sql && !empty($asset_name)) {
         $delete_count = mysqli_affected_rows($mysqli);
 
-        //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
+        // Logging
+        logAction("Asset", "Delete", "$asset_name via API ($api_key_name)", $client_id);
     }
 }
 
 // Output
-require_once('../delete_output.php');
+require_once '../delete_output.php';
+

api/v1/assets/read.php

@@ -1,41 +1,49 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Asset via ID (single)
 if (isset($_GET['asset_id'])) {
     $id = intval($_GET['asset_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $id AND asset_client_id LIKE '$client_id'");
 
 } elseif (isset($_GET['asset_type'])) {
     // Asset query via type
-
     $type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
 } elseif (isset($_GET['asset_name'])) {
     // Asset query via name
-
     $name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
 } elseif (isset($_GET['asset_serial'])) {
     // Asset query via serial
-
     $serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
-} elseif (isset($_GET['client_id'])) {
-    // Asset query via client ID
+} elseif (isset($_GET['asset_mac'])) {
+    // Asset query via mac
+    $mac = mysqli_real_escape_string($mysqli, $_GET['asset_mac']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE interface_mac = '$mac' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
-}
+} elseif (isset($_GET['asset_uri'])) {
+    // Asset query via uri
+    $uri = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri = '$uri' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
-// All assets
-else {
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+} elseif (isset($_GET['asset_uri_2'])) {
+    // Asset query via uri2
+    $uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri_2 = '$uri2' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+
+}else {
+    // All assets (by client ID or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";

api/v1/assets/update.php

@@ -1,7 +1,9 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_post_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
 
 // Parse ID
 $asset_id = intval($_POST['asset_id']);
@@ -11,22 +13,27 @@ $update_count = false;
 
 if (!empty($asset_id)) {
 
-    $asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+    $asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id LIMIT 1"));
 
     // Variable assignment from POST - assigning the current database value if a value is not provided
-    require_once('asset_model.php');
+    require_once 'asset_model.php';
 
-    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+
+    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
 
     // Check insert & get insert ID
     if ($update_sql) {
         $update_count = mysqli_affected_rows($mysqli);
 
-        //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
+        // Update Primary Interface
+        mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_mac = '$mac', interface_ip = '$ip', interface_network_id = $network WHERE interface_asset_id = $asset_id AND interface_primary = 1");
+
+        // Logging
+        logAction("Asset", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited asset $name via API ($api_key_name)", $client_id);
     }
 }
 
 // Output
-require_once('../update_output.php');
+require_once '../update_output.php';
+

api/v1/certificates/read.php

@@ -1,29 +1,25 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Specific certificate via ID (single)
 if (isset($_GET['certificate_id'])) {
     $id = intval($_GET['certificate_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id'");
 
 } elseif (isset($_GET['certificate_name'])) {
     // Certificate by name
-
     $name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
-
-} elseif (isset($_GET['client_id'])) {
-    // Certificate via client ID
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 
 } else {
-    // All certificates
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
+    // All certificates (by client ID or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/clients/client_model.php

@@ -0,0 +1,83 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['client_name'])) {
+    $name = sanitizeInput($_POST['client_name']);
+} elseif ($client_row) {
+    $name = $client_row['client_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['client_type'])) {
+    $type = sanitizeInput($_POST['client_type']);
+} elseif ($client_row) {
+    $type = $client_row['client_type'];
+} else {
+    $type = '';
+}
+
+if (isset($_POST['client_website'])) {
+    $website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website']));
+} elseif ($client_row) {
+    $website = $client_row['client_website'];
+} else {
+    $website = '';
+}
+
+if (isset($_POST['client_referral'])) {
+    $referral = sanitizeInput($_POST['client_referral']);
+} elseif ($client_row) {
+    $referral = $client_row['client_referral'];
+} else {
+    $referral = '';
+}
+
+if (isset($_POST['client_rate'])) {
+    $rate = floatval($_POST['client_rate']);
+} elseif ($client_row) {
+    $rate = $client_row['client_rate'];
+} else {
+    $rate = '';
+}
+
+if (isset($_POST['client_currency_code'])) {
+    $currency_code = sanitizeInput($_POST['client_currency_code']);
+} elseif ($client_row) {
+    $currency_code = $client_row['client_currency_code'];
+} else {
+    $currency_code = '';
+}
+
+if (isset($_POST['client_net_terms'])) {
+    $net_terms = intval($_POST['client_net_terms']);
+} elseif ($client_row) {
+    $net_terms = $client_row['client_net_terms'];
+} else {
+    $net_terms = '';
+}
+
+if (isset($_POST['client_tax_id_number'])) {
+    $tax_id_number = sanitizeInput($_POST['client_tax_id_number']);
+} elseif ($client_row) {
+    $tax_id_number = $client_row['client_tax_id_number'];
+} else {
+    $tax_id_number = '';
+}
+
+if (isset($_POST['client_is_lead'])) {
+    $lead = intval($_POST['client_is_lead']);
+} elseif ($client_row) {
+    $lead = $client_row['client_is_lead'];
+} else {
+    $lead = 0; // Default: Not a lead
+}
+
+if (isset($_POST['client_notes'])) {
+    $notes = sanitizeInput($_POST['client_notes']);
+} elseif ($client_row) {
+    $notes = $client_row['client_notes'];
+} else {
+    $notes = '';
+}

api/v1/clients/create.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse Info
+require_once 'client_model.php';
+
+
+// Default
+$insert_id = false;
+
+// To add a client, we just need a name and an "ANY CLIENT" API key
+if (!empty($name) && $client_id == 0) {
+
+    // Insert client
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_rate = $rate, client_currency_code = '$currency_code', client_net_terms = $net_terms, client_tax_id_number = '$tax_id_number', client_lead = $lead, client_notes = '$notes', client_accessed_at = NOW()");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+        
+        // Logging
+        logAction("Client", "Create", "$name via API ($api_key_name)", $insert_id);
+        logAction("API", "Success", "Created client $name via API ($api_key_name)", $insert_id);
+    }
+
+}
+
+// Output
+require_once '../create_output.php';

api/v1/clients/read.php

@@ -1,24 +1,19 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
 
-// Specific client via ID (single)
-if (isset($_GET['client_id'])) {
-    $id = intval($_GET['client_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
-
-} elseif (isset($_GET['client_name'])) {
-    // Specific client via name (single)
+require_once '../require_get_method.php';
 
+// Specific client via name (single)
+if (isset($_GET['client_name'])) {
     $name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id'");
 
 } else {
-    // All clients
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
+    // All clients (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/contacts/contact_model.php

@@ -3,7 +3,7 @@ define('number_regex', '/[^0-9]/');
 
 // Variable assignment from POST (or: blank/from DB is updating)
 if (isset($_POST['contact_name'])) {
-    $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
+    $name = sanitizeInput($_POST['contact_name']);
 } elseif ($contact_row) {
     $name = $contact_row['contact_name'];
 } else {
@@ -11,7 +11,7 @@ if (isset($_POST['contact_name'])) {
 }
 
 if (isset($_POST['contact_title'])) {
-    $title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
+    $title = sanitizeInput($_POST['contact_title']);
 } elseif ($contact_row) {
     $title = $contact_row['contact_title'];
 } else {
@@ -19,7 +19,7 @@ if (isset($_POST['contact_title'])) {
 }
 
 if (isset($_POST['contact_department'])) {
-    $department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
+    $department = sanitizeInput($_POST['contact_department']);
 } elseif ($contact_row) {
     $department = $contact_row['contact_department'];
 } else {
@@ -27,7 +27,7 @@ if (isset($_POST['contact_department'])) {
 }
 
 if (isset($_POST['contact_email'])) {
-    $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
+    $email = sanitizeInput($_POST['contact_email']);
 } elseif ($contact_row) {
     $email = $contact_row['contact_email'];
 } else {
@@ -59,19 +59,19 @@ if (isset($_POST['contact_mobile'])) {
 }
 
 if (isset($_POST['contact_notes'])) {
-    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
+    $notes = sanitizeInput($_POST['contact_notes']);
 } elseif ($contact_row) {
     $notes = $contact_row['contact_notes'];
 } else {
     $notes = '';
 }
 
-if (isset($_POST['contact_auth_method'])) {
-    $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
+if (isset($_POST['contact_primary'])) {
+    $primary = intval($_POST['contact_primary']);
 } elseif ($contact_row) {
-    $auth_method = $contact_row['contact_auth_method'];
+    $primary = $contact_row['contact_primary'];
 } else {
-    $auth_method = '';
+    $primary = '0';
 }
 
 if (isset($_POST['contact_important'])) {

api/v1/contacts/create.php

@@ -1,10 +1,13 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_post_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
 
 // Parse Info
-require_once('contact_model.php');
+require_once 'contact_model.php';
+
 
 // Default
 $insert_id = false;
@@ -17,18 +20,20 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
     if (mysqli_num_rows($email_duplication_sql) == 0) {
 
         // Insert contact
-        $insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_created_at = NOW(), contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
+        $insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_primary = '$primary', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id");
 
         // Check insert & get insert ID
         if ($insert_sql) {
             $insert_id = mysqli_insert_id($mysqli);
-            //Logging
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+            
+            // Logging
+            logAction("Contact", "Create", "$name via API ($api_key_name)", $client_id, $insert_id);
+            logAction("API", "Success", "Created contact $name via API ($api_key_name)", $client_id);
         }
 
     }
 }
 
 // Output
-require_once('../create_output.php');
+require_once '../create_output.php';
+

api/v1/contacts/delete.php

@@ -1,7 +1,9 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_post_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
 
 // Parse ID
 $contact_id = intval($_POST['contact_id']);
@@ -10,19 +12,20 @@ $contact_id = intval($_POST['contact_id']);
 $delete_count = false;
 
 if (!empty($contact_id)) {
-    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1"));
     $contact_name = $row['contact_name'];
 
-    $delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1");
 
     // Check delete & get affected rows
     if ($delete_sql && !empty($contact_name)) {
         $delete_count = mysqli_affected_rows($mysqli);
 
-        //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
+        // Logging
+        logAction("Contact", "Delete", "$contact_name via API ($api_key_name)", $client_id);
     }
 }
 
 // Output
-require_once('../delete_output.php');
+require_once '../delete_output.php';
+

api/v1/contacts/read.php

@@ -1,24 +1,30 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Specific contact via ID (single)
 if (isset($_GET['contact_id'])) {
     $id = intval($_GET['contact_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id'");
 
 } elseif (isset($_GET['contact_email'])) {
     // Specific contact via email (single)
-
     $email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id'");
+
+} elseif (isset($_GET['contact_phone_or_mobile'])) {
+    // Specific contact via phone number or mobile (single)
+    $phone_or_mob = mysqli_real_escape_string($mysqli, $_GET['contact_phone_or_mobile']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_mobile = '$phone_or_mob' OR contact_phone = '$phone_or_mob' AND contact_client_id LIKE '$client_id' LIMIT 1");
 
 } else {
-    // All contacts
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
+    // All contacts (by client ID, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/contacts/update.php

@@ -1,7 +1,9 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_post_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
 
 // Parse Info
 $contact_id = intval($_POST['contact_id']);
@@ -11,22 +13,23 @@ $update_count = false;
 
 if (!empty($contact_id)) {
 
-    $contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+    $contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id LIMIT 1"));
 
     // Variable assignment from POST - assigning the current database value if a value is not provided
-    require_once('contact_model.php');
+    require_once 'contact_model.php';
 
-    $update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile',  contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_updated_at = NOW(), contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
+
+    $update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile',  contact_notes = '$notes', contact_primary = '$primary', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id WHERE contact_id = $contact_id LIMIT 1");
 
     // Check insert & get insert ID
     if ($update_sql) {
         $update_count = mysqli_affected_rows($mysqli);
 
-        //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+        // Logging
+        logAction("Contact", "Edit", "$name via API ($api_key_name)", $client_id, $contact_id);
+        logAction("API", "Success", "Edited contact $name via API ($api_key_name)", $client_id);
     }
 }
 
 // Output
-require_once('../update_output.php');
+require_once '../update_output.php';

api/v1/credentials/create.php

@@ -0,0 +1,30 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse info
+require_once 'credential_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($api_key_decrypt_password) && !empty($name) && !(empty($password))) {
+
+    // Add credential
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id, login_client_id = $client_id");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Credential", "Create", "$name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created credential $name via API ($api_key_name)", $client_id);
+    }
+
+}
+
+// Output
+require_once '../create_output.php';

api/v1/credentials/credential_model.php

@@ -0,0 +1,120 @@
+<?php
+
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+$api_key_decrypt_password = '';
+if (isset($_POST['api_key_decrypt_password'])) {
+    $api_key_decrypt_password = $_POST['api_key_decrypt_password']; // No sanitization
+}
+
+if (isset($_POST['login_name'])) {
+    $name = sanitizeInput($_POST['login_name']);
+} elseif (isset($credential_row) && isset($credential_row['login_name'])) {
+    $name = $credential_row['login_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['login_description'])) {
+    $description = sanitizeInput($_POST['login_description']);
+} elseif (isset($credential_row) && isset($credential_row['login_description'])) {
+    $description = $credential_row['login_description'];
+} else {
+    $description = '';
+}
+
+if (isset($_POST['login_uri'])) {
+    $uri = sanitizeInput($_POST['login_uri']);
+} elseif (isset($credential_row) && isset($credential_row['login_uri'])) {
+    $uri = $credential_row['login_uri'];
+} else {
+    $uri = '';
+}
+
+if (isset($_POST['login_uri_2'])) {
+    $uri_2 = sanitizeInput($_POST['login_uri_2']);
+} elseif (isset($credential_row) && isset($credential_row['login_uri_2'])) {
+    $uri_2 = $credential_row['login_uri_2'];
+} else {
+    $uri_2 = '';
+}
+
+if (isset($_POST['login_username'])) {
+    $username = $_POST['login_username'];
+    $username = apiEncryptLoginEntry($username, $api_key_decrypt_hash, $api_key_decrypt_password);
+} elseif (isset($credential_row) && isset($credential_row['login_username'])) {
+    $username = $credential_row['login_username'];
+} else {
+    $username = '';
+}
+
+if (isset($_POST['login_password'])) {
+    $password = $_POST['login_password'];
+    $password = apiEncryptLoginEntry($password, $api_key_decrypt_hash, $api_key_decrypt_password);
+    $password_changed = true;
+} elseif (isset($credential_row) && isset($credential_row['login_password'])) {
+    $password = $credential_row['login_password'];
+    $password_changed = false;
+} else {
+    $password = '';
+    $password_changed = false;
+}
+
+
+
+if (isset($_POST['login_otp_secret'])) {
+    $otp_secret = sanitizeInput($_POST['login_otp_secret']);
+} elseif (isset($credential_row) && isset($credential_row['login_otp_secret'])) {
+    $otp_secret = $credential_row['login_otp_secret'];
+} else {
+    $otp_secret = '';
+}
+
+if (isset($_POST['login_note'])) {
+    $note = sanitizeInput($_POST['login_note']);
+} elseif (isset($credential_row) && isset($credential_row['login_note'])) {
+    $note = $credential_row['login_note'];
+} else {
+    $note = '';
+}
+
+if (isset($_POST['login_important'])) {
+    $important = intval($_POST['login_important']);
+} elseif (isset($credential_row) && isset($credential_row['login_important'])) {
+    $important = $credential_row['login_important'];
+} else {
+    $important = '';
+}
+
+if (isset($_POST['login_contact_id'])) {
+    $contact_id = intval($_POST['login_contact_id']);
+} elseif (isset($credential_row) && isset($credential_row['login_contact_id'])) {
+    $contact_id = $credential_row['login_contact_id'];
+} else {
+    $contact_id = '';
+}
+
+if (isset($_POST['login_vendor_id'])) {
+    $vendor_id = intval($_POST['login_vendor_id']);
+} elseif (isset($credential_row) && isset($credential_row['login_vendor_id'])) {
+    $vendor_id = $credential_row['login_vendor_id'];
+} else {
+    $vendor_id = '';
+}
+
+if (isset($_POST['login_asset_id'])) {
+    $asset_id = intval($_POST['login_asset_id']);
+} elseif (isset($credential_row) && isset($credential_row['login_asset_id'])) {
+    $asset_id = $credential_row['login_asset_id'];
+} else {
+    $asset_id = '';
+}
+
+if (isset($_POST['login_software_id'])) {
+    $software_id = intval($_POST['login_software_id']);
+} elseif (isset($credential_row) && isset($credential_row['login_software_id'])) {
+    $software_id = $credential_row['login_software_id'];
+} else {
+    $software_id = '';
+}

api/v1/credentials/read.php

@@ -0,0 +1,59 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
+// Defaults
+$sql = false;
+
+$api_key_decrypt_password = '';
+if (isset($_GET['api_key_decrypt_password'])) {
+    $api_key_decrypt_password = $_GET['api_key_decrypt_password']; // No sanitization
+}
+
+// Specific credential/login via ID (single)
+if (isset($_GET['login_id']) && !empty($api_key_decrypt_password)) {
+
+    $id = intval($_GET['login_id']);
+
+    $sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$id' AND login_client_id LIKE '$client_id' LIMIT 1");
+
+
+} elseif (!empty($api_key_decrypt_password)) {
+    // All credentials ("logins")
+
+    $sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id LIKE '$client_id' ORDER BY login_id LIMIT $limit OFFSET $offset");
+
+}
+
+// Output - Not using the standard API read_output.php
+// Usually we just output what is in the database, but credentials need to be decrypted first.
+
+if ($sql && mysqli_num_rows($sql) > 0) {
+
+    $return_arr['success'] = "True";
+    $return_arr['count'] = mysqli_num_rows($sql);
+
+    $row = array();
+    while ($row = mysqli_fetch_array($sql)) {
+        $row['login_username'] = apiDecryptLoginEntry($row['login_username'], $api_key_decrypt_hash, $api_key_decrypt_password);
+        $row['login_password'] = apiDecryptLoginEntry($row['login_password'], $api_key_decrypt_hash, $api_key_decrypt_password);
+        $return_arr['data'][] = $row;
+    }
+
+    echo json_encode($return_arr);
+    exit();
+}
+else {
+    $return_arr['success'] = "False";
+    $return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
+
+    // Log any database/schema related errors to the PHP Error log
+    if (mysqli_error($mysqli)) {
+        error_log("API Database Error: " . mysqli_error($mysqli));
+    }
+
+    echo json_encode($return_arr);
+    exit();
+}

api/v1/credentials/update.php

@@ -0,0 +1,38 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$login_id = intval($_POST['login_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($_POST['api_key_decrypt_password']) && !empty($login_id)) {
+
+    $credential_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$login_id' AND login_client_id = $client_id LIMIT 1"));
+
+    // Variable assignment from POST - assigning the current database value if a value is not provided
+    require_once 'credential_model.php';
+
+    $update_sql = mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id, login_client_id = $client_id WHERE login_id = '$login_id' AND login_client_id = $client_id LIMIT 1");
+
+    // Check insert & get insert ID
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        if ($password_changed) {
+            mysqli_query($mysqli, "UPDATE logins SET login_password_changed_at = NOW() WHERE login_id = $login_id LIMIT 1");
+        }
+
+        // Logging
+        logAction("Credential", "Edit", "$name via API ($api_key_name)", $client_id, $login_id);
+        logAction("API", "Success", "Updated credential $name via API ($api_key_name)", $client_id);
+    }
+
+}
+
+// Output
+require_once '../update_output.php';

api/v1/documents/create.php

@@ -0,0 +1,33 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse info
+require_once 'document_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($name) && !(empty($content))) {
+
+    // Create document
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Update field document_parent to be the same id as document ID as this is the only version of the document.
+        mysqli_query($mysqli,"UPDATE documents SET document_parent = $insert_id WHERE document_id = $insert_id");
+
+        // Logging
+        logAction("Document", "Create", "$name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created document $name via API ($api_key_name)", $client_id);
+    }
+
+}
+
+// Output
+require_once '../create_output.php';

api/v1/documents/document_model.php

@@ -0,0 +1,43 @@
+<?php
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['document_name'])) {
+    $name = sanitizeInput($_POST['document_name']);
+} elseif (isset($document_row) && isset($document_row['document_name'])) {
+    $name = $document_row['document_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['document_description'])) {
+    $description = sanitizeInput($_POST['document_description']);
+} elseif (isset($document_row) && isset($document_row['document_description'])) {
+    $description = $document_row['document_description'];
+} else {
+    $description = '';
+}
+
+if (isset($_POST['document_content'])) {
+    $content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
+} elseif (isset($document_row) && isset($document_row['document_content'])) {
+    $content = $document_row['document_content'];
+} else {
+    $content = '';
+}
+
+// Raw content (used for FULL INDEX searching)
+if (isset($_POST['document_content'])) {
+    $content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
+} elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
+    $content_raw = $document_row['document_content_raw'];
+} else {
+    $content_raw = '';
+}
+
+if (isset($_POST['document_folder_id'])) {
+    $folder = intval($_POST['document_content']);
+} elseif (isset($document_row) && isset($document_row['document_folder_id'])) {
+    $folder = intval($document_row['document_folder_id']);
+} else {
+    $folder = 0;
+}

api/v1/documents/read.php

@@ -1,19 +1,20 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 if (isset($_GET['document_id'])) {
     // Document via ID (single)
-
     $id = intval($_GET['document_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
 
 } else {
-    // All documents
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
+    // All documents (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/documents/update.php

@@ -0,0 +1,60 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$document_id = intval($_POST['document_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($document_id)) {
+
+    $document_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$document_id' AND document_client_id = $client_id LIMIT 1"));
+
+    // Variable assignment from POST - assigning the current database value if a value is not provided
+    require_once 'document_model.php';
+
+    // Documents are a little weird as we update them by *inserting* a new document row
+    $update_insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
+
+    // Check insert & get insert ID
+    if ($update_insert_sql) {
+        $insert_id = $new_document_id = mysqli_insert_id($mysqli);
+
+        // Update the parent ID of the new document to match its new document ID
+        mysqli_query($mysqli,"UPDATE documents SET document_parent = $new_document_id WHERE document_id = $new_document_id");
+
+        // Link all existing links with old document with new document
+        mysqli_query($mysqli,"UPDATE documents SET document_parent = $new_document_id, document_archived_at = NOW() WHERE document_parent = $document_id");
+
+        // Update Links to the new parent document:-
+        // Document files
+        mysqli_query($mysqli,"UPDATE document_files SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Contact documents
+        mysqli_query($mysqli,"UPDATE contact_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Asset documents
+        mysqli_query($mysqli,"UPDATE asset_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Software documents
+        mysqli_query($mysqli,"UPDATE software_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Vendor documents
+        mysqli_query($mysqli,"UPDATE vendor_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Logging
+        logAction("Document", "Edit", "$name via API ($api_key_name) previous version kept", $client_id, $insert_id);
+        logAction("API", "Success", "Edited document $name via API ($api_key_name)", $client_id);
+
+        // Override update count to 1 for API to report a success (as we inserted a document, not "updated" an existing row)
+        $update_count = 1;
+    }
+
+}
+
+// Output
+require_once '../update_output.php';

api/v1/domains/read.php

@@ -1,29 +1,25 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Specific domain via ID (single)
 if (isset($_GET['domain_id'])) {
     $id = intval($_GET['domain_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id'");
 
 } elseif (isset($_GET['domain_name'])) {
     // Domain by name
-
     $name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
-
-} elseif (isset($_GET['client_id'])) {
-    // Domain via client ID
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
 } else {
-    // All domains
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
+    // All domains (by client ID or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/expenses/read.php

@@ -1,7 +1,9 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Expenses aren't stored against client IDs, so we instead validate the API key is for All Clients
 
@@ -9,13 +11,14 @@ if (isset($_GET['expense_id']) && $client_id == "%") {
     // Expense via ID (single)
 
     $id = intval($_GET['expense_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id'");
 
 } elseif ($client_id == "%") {
     // All expenses
 
-    $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE company_id = '$company_id' ORDER BY expense_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM expenses ORDER BY expense_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/invoices/read.php

@@ -1,19 +1,20 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 if (isset($_GET['invoice_id'])) {
     // Invoice via ID (single)
-
     $id = intval($_GET['invoice_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id'");
 
 } else {
-    // All invoices
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
+    // All invoices (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/locations/read.php

@@ -0,0 +1,20 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
+
+if (isset($_GET['location_id'])) {
+    // Location via ID (single)
+    $id = intval($_GET['location_id']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = '$id' AND location_client_id LIKE '$client_id'");
+
+} else {
+    // All locations (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id LIKE '$client_id' ORDER BY location_id LIMIT $limit OFFSET $offset");
+}
+
+// Output
+require_once "../read_output.php";
+

api/v1/networks/read.php

@@ -1,29 +1,25 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Specific network via ID (single)
 if (isset($_GET['network_id'])) {
     $id = intval($_GET['network_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id'");
 
 } elseif (isset($_GET['network_name'])) {
     // Network by name
-
     $name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
-
-} elseif (isset($_GET['client_id'])) {
-    // Network via client ID
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 
 } else {
-    // All networks
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
+    // All networks (by client ID or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/payments/read.php

@@ -1,7 +1,9 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Payments aren't stored against client IDs, so we instead validate the API key is for All Clients
 
@@ -10,19 +12,20 @@ if (isset($_GET['payment_id']) && $client_id == "%") {
     // Payment via ID (single)
 
     $id = intval($_GET['payment_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
 
 } elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
     // Payments for an invoice
 
     $id = intval($_GET['payment_invoice_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
 
 } elseif ($client_id == "%") {
     // All payments
 
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE company_id = '$company_id' ORDER BY payment_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/products/read.php

@@ -1,21 +1,22 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Products aren't stored against client IDs, so we instead validate the API key is for All Clients
 
 if (isset($_GET['product_id']) && $client_id == "%") {
     // product via ID (single)
-
     $id = intval($_GET['product_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id'");
 
 } elseif ($client_id == "%") {
     // All products
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE company_id = '$company_id' ORDER BY product_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM products ORDER BY product_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/quotes/read.php

@@ -1,19 +1,20 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 if (isset($_GET['quote_id'])) {
     // quote via ID (single)
-
     $id = intval($_GET['quote_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id'");
 
 } else {
-    // All quotes
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
+    // All quotes (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/require_post_method.php

@@ -9,6 +9,6 @@ if ($_SERVER['REQUEST_METHOD'] !== "POST") {
 
 // Client ID must be specific for INSERT/UPDATE/DELETE queries
 // If this API key allows any client, set $client_id to the one specified, else leave it
-if ($client_id == 0) {
+if ($client_id == 0 && isset($_POST['client_id'])) {
     $client_id = intval($_POST['client_id']);
-}
+}

api/v1/software/read.php

@@ -1,41 +1,35 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Specific software via ID (single)
 if (isset($_GET['software_id'])) {
     $id = intval($_GET['software_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id'");
 
 } elseif (isset($_GET['software_key'])) {
     // Specific software via key
-
     $key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 
 } elseif (isset($_GET['software_name'])) {
     // Software by name
-
     $name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
 } elseif (isset($_GET['software_type'])) {
     // Software via type
-
     $type = intval($_GET['software_type']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
-
-} elseif (isset($_GET['client_id'])) {
-    // Software via client ID
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 
 } else {
-    // All software(s)
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+    // All software(s) (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/tickets/create.php

@@ -0,0 +1,56 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Ticket-related settings
+require_once "../../../get_settings.php";
+
+$sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = 1");
+$row = mysqli_fetch_array($sql);
+$company_name = $row['company_name'];
+$company_phone = formatPhoneNumber($row['company_phone']);
+
+// Parse Info
+$ticket_row = false; // Creation, not an update
+require_once 'ticket_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($subject)) {
+
+    if (!is_int($client_id)) {
+        $client_id = 0;
+    }
+
+    // If no contact is selected automatically choose the primary contact for the client (if client set)
+    if ($contact == 0 && $client_id != 0) {
+        $sql = mysqli_query($mysqli,"SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1");
+        $row = mysqli_fetch_array($sql);
+        $contact = intval($row['contact_id']);
+    }
+
+    //Get the next Ticket Number and add 1 for the new ticket number
+    $ticket_number = $config_ticket_next_number;
+    $new_config_ticket_next_number = $config_ticket_next_number + 1;
+    mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
+
+    // Insert ticket
+    $url_key = randomString(156);
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 1, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_created_by = 0, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_client_id = $client_id");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Ticket", "Create", "Created ticket $config_ticket_prefix$ticket_number $subject via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created ticket $config_ticket_prefix$ticket_number $subject via API ($api_key_name)", $client_id);
+    }
+
+}
+
+// Output
+require_once '../create_output.php';

api/v1/tickets/read.php

@@ -1,18 +1,25 @@
 <?php
 
-require_once('../validate_api_key.php');
-require_once('../require_get_method.php');
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
 
 // Specific ticket via ID (single)
 if (isset($_GET['ticket_id'])) {
     $id = intval($_GET['ticket_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
+    $sql = mysqli_query(
+        $mysqli,
+        "SELECT * FROM tickets
+        LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+        WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'"
+    );
 
 } else {
-    // All tickets
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
+    // All tickets (by client ID if given, or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
-require_once("../read_output.php");
+require_once "../read_output.php";
+

api/v1/tickets/ticket_model.php

@@ -0,0 +1,61 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['ticket_contact_id'])) {
+    $contact = intval($_POST['ticket_contact_id']);
+} elseif ($ticket_row) {
+    $contact = $ticket_row['ticket_contact_id'];
+} else {
+    $contact = '0';
+}
+
+if (isset($_POST['ticket_subject'])) {
+    $subject = sanitizeInput($_POST['ticket_subject']);
+} elseif ($ticket_row) {
+    $subject = $ticket_row['ticket_subject'];
+} else {
+    $subject = '';
+}
+
+
+if (isset($_POST['ticket_priority'])) {
+    $priority = sanitizeInput($_POST['ticket_priority']);
+} elseif ($ticket_row) {
+    $priority = $ticket_row['ticket_priority'];
+} else {
+    $priority = 'Low';
+}
+
+
+if (isset($_POST['ticket_details'])) {
+    $details = sanitizeInput($_POST['ticket_details']) . "<br>";
+} elseif ($ticket_row) {
+    $details = $ticket_row['ticket_details'];
+} else {
+    $details = '< blank ><br>';
+}
+
+if (isset($_POST['ticket_vendor_id'])) {
+    $vendor_id = intval($_POST['ticket_vendor_id']);
+} elseif ($ticket_row) {
+    $vendor_id = $ticket_row['ticket_vendor_id'];
+} else {
+    $vendor_id = '0';
+}
+
+if (isset($_POST['ticket_vendor_ticket_id'])) {
+    $vendor_ticket_number = intval($_POST['ticket_vendor_ticket_id']);
+} elseif ($ticket_row) {
+    $vendor_ticket_number = $ticket_row['ticket_vendor_ticket_id'];
+} else {
+    $vendor_ticket_number = '0';
+}
+
+if (isset($_POST['ticket_assigned_to'])) {
+    $assigned_to = intval($_POST['ticket_assigned_to']);
+} elseif ($ticket_row) {
+    $assigned_to = $ticket_row['ticket_assigned_to'];
+} else {
+    $assigned_to = '0';
+}

api/v1/validate_api_key.php

@@ -7,8 +7,8 @@
  */
 
 // Includes
-require_once(__DIR__ . '../../../functions.php');
-require_once(__DIR__ . "../../../config.php");
+require_once __DIR__ . '../../../functions.php';
+require_once __DIR__ . "../../../config.php";
 
 // JSON header
 header('Content-Type: application/json');
@@ -17,8 +17,12 @@ header('Content-Type: application/json');
 $_POST = json_decode(file_get_contents('php://input'), true);
 
 // Get IP & UA
-$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
-$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
+$ip = sanitizeInput(getIP());
+$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
+
+// Temp Added this to work with the new logAction function
+$session_ip = $ip;
+$session_user_agent = $user_agent;
 
 // Setup return array
 $return_arr = array();
@@ -56,15 +60,15 @@ if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
 
 // Set API key variable
 if (isset($_GET['api_key'])) {
-    $api_key = $_GET['api_key'];
+    $api_key = sanitizeInput($_GET['api_key']);
 }
 if (isset($_POST['api_key'])) {
-    $api_key = $_POST['api_key'];
+    $api_key = sanitizeInput($_POST['api_key']);
 }
 
 // Validate API key
 if (isset($api_key)) {
-    $api_key = mysqli_real_escape_string($mysqli, $api_key);
+    $api_key = sanitizeInput($api_key);
 
     $sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
 
@@ -72,7 +76,7 @@ if (isset($api_key)) {
     if (mysqli_num_rows($sql) !== 1) {
         // Invalid Key
         header(WORDING_UNAUTHORIZED);
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent'");
 
         $return_arr['success'] = "False";
         $return_arr['message'] = "Authentication failed. API key is invalid or has expired.";
@@ -88,8 +92,8 @@ if (isset($api_key)) {
         // Set client ID, company ID & key name
         $row = mysqli_fetch_array($sql);
         $api_key_name = htmlentities($row['api_key_name']);
-        $client_id = $row['api_key_client_id'];
-        $company_id = $row['company_id'];
+        $api_key_decrypt_hash = $row['api_key_decrypt_hash']; // No sanitization
+        $client_id = intval($row['api_key_client_id']);
 
         // Set limit & offset for queries
         if (isset($_GET['limit'])) {

api/v1/vendors/read.php

@@ -0,0 +1,19 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_get_method.php';
+
+// Specific vendor via their ID (single)
+if (isset($_GET['vendor_id'])) {
+    $id = intval($_GET['vendor_id']);
+    $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = '$id' AND vendor_client_id LIKE '$client_id'");
+
+} else {
+    // All Vendors (by client ID or all in general if key permits)
+    $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id LIKE '$client_id' ORDER BY vendor_id LIMIT $limit OFFSET $offset");
+}
+
+// Output
+require_once "../read_output.php";
+

base32static.php

@@ -1,96 +0,0 @@
-<?php
-/**
- * Encode in Base32 based on RFC 4648.
- * Requires 20% more space than base64
- * Great for case-insensitive filesystems like Windows and URL's  (except for = char which can be excluded using the pad option for urls)
- *
- * @package default
- * @author Bryan Ruiz
- **/
-class Base32Static {
-    private static $map = array(
-        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', //  7
-        'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
-        'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
-        'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
-        '='  // padding character
-    );
-
-    private static $flippedMap = array(
-        'A'=>'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7',
-        'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15',
-        'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23',
-        'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31'
-    );
-
-    /**
-     * Use padding false when encoding for urls
-     *
-     * @return base32 encoded string
-     * @author Bryan Ruiz
-     **/
-    public static function encode($input, $padding = true) {
-        if (empty($input)) return "";
-
-        $input = str_split($input);
-        $binaryString = "";
-
-        for ($i = 0; $i < count($input); $i++) {
-            $binaryString .= str_pad(base_convert(ord($input[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
-        }
-
-        $fiveBitBinaryArray = str_split($binaryString, 5);
-        $base32 = "";
-        $i=0;
-
-        while($i < count($fiveBitBinaryArray)) {
-            $base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5, '0'), 2, 10)];
-            $i++;
-        }
-
-        if ($padding && ($x = strlen($binaryString) % 40) != 0) {
-            if ($x == 8) $base32 .= str_repeat(self::$map[32], 6);
-            else if ($x == 16) $base32 .= str_repeat(self::$map[32], 4);
-            else if ($x == 24) $base32 .= str_repeat(self::$map[32], 3);
-            else if ($x == 32) $base32 .= self::$map[32];
-        }
-
-        return $base32;
-    }
-
-    public static function decode($input) {
-        if (empty($input)) return;
-
-        $paddingCharCount = substr_count($input, self::$map[32]);
-        $allowedValues = array(6,4,3,1,0);
-
-        if (!in_array($paddingCharCount, $allowedValues)) return false;
-
-        for ($i=0; $i<4; $i++){
-            if ($paddingCharCount == $allowedValues[$i] &&
-                substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false;
-        }
-
-        $input = str_replace('=', '', $input);
-        $input = str_split($input);
-        $binaryString = "";
-
-        for ($i=0; $i < count($input); $i = $i+8) {
-            $x = "";
-
-            if (!in_array($input[$i], self::$map)) return false;
-
-            for ($j=0; $j < 8; $j++) {
-                $x .= str_pad(base_convert(@self::$flippedMap[@$input[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
-            }
-
-            $eightBits = str_split($x, 8);
-
-            for ($z = 0; $z < count($eightBits); $z++) {
-                $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y:"";
-            }
-        }
-
-        return $binaryString;
-    }
-}

blank.php

@@ -1,35 +1,55 @@
-<?php require_once("inc_all.php"); ?>
+<?php require_once "includes/inc_all.php"; ?>
 
-<!-- Breadcrumbs-->
-<ol class="breadcrumb">
-    <li class="breadcrumb-item">
-        <a href="index.html">Dashboard</a>
-    </li>
-    <li class="breadcrumb-item active">Blank Page</li>
-</ol>
+    <!-- Breadcrumbs-->
+    <ol class="breadcrumb">
+        <li class="breadcrumb-item">
+            <a href="index.html">Dashboard</a>
+        </li>
+        <li class="breadcrumb-item active">Blank Page</li>
+    </ol>
 
-<!-- Page Content -->
-<h1>Blank Page</h1>
-<hr>
-<p>This is a great starting point for new custom pages.</p>
+    <!-- Page Content -->
+    <h1>Blank Page</h1>
+    <hr>
+    <p>This is a great starting point for new custom pages.</p>
 
-<?php echo CURRENT_DATABASE_VERSION; ?>
-<br>
-
-<?php echo randomString(100); ?>
-<br>
-<form>
 <?php
-$timezones = DateTimeZone::listIdentifiers();
-echo '<select name="timezone">';
-foreach ($timezones as $timezone) {
-  echo '<option value="' . $timezone . '">' . $timezone . '</option>';
-}
-echo '</select>';
+
+$start_date = date('Y') . "-10-10";
+
+echo "<H1>$start_date</H1>";
+
+echo "<H2>User Agent</H2>";
+echo getUserAgent();
+
 
 ?>
-</form>
+    <br>
+
+    <dl>
+        <dt>Requester</dt>
+        <dd>Sam Adams</dd>
+
+        <dt>Created</dt>
+        <dd><time datetime="2024-04-11T17:52:30+00:00" title="2024-04-11 13:52" data-datetime="calendar">Today at 13:52</time></dd>
+
+        <dt>Last activity</dt>
+        <dd><time datetime="2024-04-11T18:08:55+00:00" title="2024-04-11 14:08" data-datetime="calendar">Today at 14:08</time></dd>
+    </dl>
+
+    <?php echo randomString(100); ?>
+    <br>
+    <textarea class="tinymceTest"></textarea>
+
+    <textarea class="tinymce"></textarea>
+
+    <textarea class="tinymceTicket"></textarea>
+<?php
+// show the current Date and Time
+$date_time = date('Y-m-d H:i:s');
+echo "Current Date and Time: <strong>$date_time</strong>";
+?>
 
 <script>toastr.success('Have Fun Wozz!!')</script>
 
-<?php require_once("footer.php"); ?>
+<?php require_once "includes/footer.php";

budget.php

@@ -0,0 +1,113 @@
+<?php
+
+require_once "includes/inc_all.php";
+
+// Perms
+enforceUserPermission('module_financial');
+
+// Fetch categories
+$query = "SELECT category_id, category_name FROM categories WHERE category_type ='Expense' AND category_archived_at IS NULL";
+$result = mysqli_query($mysqli, $query);
+$categories = [];
+while($row = mysqli_fetch_assoc($result)) {
+    $categories[] = $row;
+}
+
+// Fetch years with budget
+$query = "SELECT DISTINCT budget_year FROM budget ORDER BY budget_year ASC";
+$result = mysqli_query($mysqli, $query);
+$years = [];
+while ($row = mysqli_fetch_assoc($result)) {
+    $years[] = $row['budget_year'];
+}
+
+// Fetch current year budgets
+$currentYear = date("Y");
+if (isset($_GET['year'])) {
+    $currentYear = intval($_GET['year']);
+}
+
+$query = "SELECT * FROM budget WHERE budget_year = $currentYear";
+$result = mysqli_query($mysqli, $query);
+$budgets = [];
+while ($row = mysqli_fetch_assoc($result)) {
+    $budgets[] = $row;
+}
+
+$months = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+$columnTotals = array_fill(0, 12, 0);
+$grandTotal = 0;
+
+?>
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fas fa-fw fa-balance-scale mr-2"></i>Budget for <span id="currentYear"><?php echo $currentYear; ?></span></h3>
+        <div class="card-tools">
+            <a href="budget_edit.php" class="btn btn-primary">
+                <i class="fas fa-edit mr-2"></i>Edit Budget
+            </a>
+        </div>
+    </div>
+    <div class="card-body">
+    <form id="yearForm" method="GET" action="budget.php">
+        <div class="form-group">
+            <select class="form-control" name="year" id="yearSelect" onchange="submit();">
+                <?php foreach ($years as $year): ?>
+                    <option value="<?php echo $year; ?>" <?php if ($year == $currentYear) { echo 'selected'; } ?>><?php echo $year; ?></option>
+                <?php endforeach; ?>
+            </select>
+        </div>
+    </form>
+    <table class="table table-bordered table-striped">
+        <thead>
+        <tr>
+            <th>Expense</th>
+            <?php foreach ($months as $month): ?>
+                <th><?php echo $month; ?></th>
+            <?php endforeach; ?>
+            <th>Total</th>
+        </tr>
+        </thead>
+        <tbody>
+        <?php foreach ($categories as $category): ?>
+            <tr>
+                <td><?php echo nullable_htmlentities($category['category_name']); ?></td>
+                <?php
+                $rowTotal = 0;
+                foreach ($months as $index => $month):
+                    $amount = getBudgetAmount($budgets, $category['category_id'], $index + 1);
+                    $rowTotal += $amount;
+                    $columnTotals[$index] += $amount;
+                ?>
+                    <td><?php echo $amount; ?></td>
+                <?php endforeach; ?>
+                <td><?php echo $rowTotal; ?></td>
+            </tr>
+        <?php
+        $grandTotal += $rowTotal;
+        endforeach; ?>
+        </tbody>
+        <tfoot>
+        <tr>
+            <th>Total</th>
+            <?php foreach ($columnTotals as $total): ?>
+                <th><?php echo $total; ?></th>
+            <?php endforeach; ?>
+            <th><?php echo $grandTotal; ?></th>
+        </tr>
+        </tfoot>
+    </table>
+</div>
+
+<?php
+function getBudgetAmount($budgets, $categoryId, $month) {
+    foreach ($budgets as $budget) {
+        if ($budget['budget_category_id'] == $categoryId && $budget['budget_month'] == $month) {
+            return intval($budget['budget_amount']);
+        }
+    }
+    return 0;
+}
+
+require_once "includes/footer.php";
+?>

budget_edit.php

@@ -0,0 +1,114 @@
+<?php
+
+require_once "includes/inc_all.php";
+
+enforceUserPermission('module_financial', 2);
+
+// Fetch categories
+$query = "SELECT category_id, category_name FROM categories WHERE category_type ='Expense' AND category_archived_at IS NULL";
+$result = mysqli_query($mysqli, $query);
+$categories = [];
+while($row = mysqli_fetch_assoc($result)) {
+    $categories[] = $row;
+}
+
+// Fetch current year budgets
+$currentYear = date("Y");
+if(isset($_GET['year'])) {
+    $currentYear = intval($_GET['year']);
+}
+
+$query = "SELECT * FROM budget WHERE budget_year = $currentYear";
+$result = mysqli_query($mysqli, $query);
+$budgets = [];
+while($row = mysqli_fetch_assoc($result)) {
+    $budgets[] = $row;
+}
+
+$months = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+$columnTotals = array_fill(0, 12, 0);
+$grandTotal = 0;
+
+?>
+<div class="card card-dark">
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fas fa-fw fa-balance-scale mr-2"></i>Editing Budget for <span id="currentYear"><?php echo $currentYear; ?></span></h3>
+        <div class="card-tools">
+            <a href="budget.php" class="btn btn-default text-dark">
+                <i class="fas fa-eye mr-2"></i>View Budget
+            </a>
+            <button type="submit" name="save_budget" form="budgetForm" class="btn btn-primary"><i class="fas fa-fw fa-check mr-2"></i>Save Budget</button>
+            <button type="submit" name="delete_budget" form="budgetForm" class="btn btn-danger"><i class="fas fa-fw fa-trash mr-2"></i>Delete Budget</button>
+        </div>
+    </div>
+    <div class="card-body">
+    
+    <form id="yearForm" method="GET" action="budget.php">
+        <div class="form-group">
+            <select class="form-control" name="year" id="yearSelect" onchange="submit();">
+                <?php for ($i = $currentYear - 10; $i <= $currentYear + 5; $i++): ?>
+                    <option value="<?php echo $i; ?>" <?php if ($i == $currentYear) echo 'selected'; ?>><?php echo $i; ?></option>
+                <?php endfor; ?>
+            </select>
+        </div>
+    </form>
+    <form id="budgetForm" method="POST" action="post.php">
+        <input type="hidden" name="year" value="<?php echo $currentYear; ?>">
+        <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+        <table class="table table-bordered table-striped">
+            <thead>
+            <tr>
+                <th>Expense</th>
+                <?php foreach ($months as $month): ?>
+                    <th><?php echo $month; ?></th>
+                <?php endforeach; ?>
+                <th>Total</th>
+            </tr>
+            </thead>
+            <tbody>
+            <?php foreach ($categories as $category): ?>
+                <tr>
+                    <td><?php echo nullable_htmlentities($category['category_name']); ?></td>
+                    <?php
+                    $rowTotal = 0;
+                    foreach ($months as $index => $month):
+                        $amount = getBudgetAmount($budgets, $category['category_id'], $index + 1);
+                        $rowTotal += $amount;
+                        $columnTotals[$index] += $amount;
+                    ?>
+                        <td><input type='text' inputmode='numeric' pattern='[0-9]*' class="form-control" name="budget[<?php echo intval($category['category_id']); ?>][<?php echo $index + 1; ?>]" value="<?php echo $amount; ?>"></td>
+                    <?php endforeach; ?>
+                    <td><?php echo $rowTotal; ?></td>
+                </tr>
+            <?php
+            $grandTotal += $rowTotal;
+            endforeach; ?>
+            </tbody>
+            <tfoot>
+            <tr>
+                <th>Total</th>
+                <?php foreach ($columnTotals as $total): ?>
+                    <th><?php echo $total; ?></th>
+                <?php endforeach; ?>
+                <th><?php echo $grandTotal; ?></th>
+            </tr>
+            </tfoot>
+        </table>
+    </form>
+    </div>
+
+</div>
+
+<?php
+function getBudgetAmount($budgets, $categoryId, $month) {
+    foreach ($budgets as $budget) {
+        if ($budget['budget_category_id'] == $categoryId && $budget['budget_month'] == $month) {
+            return intval($budget['budget_amount']);
+        }
+    }
+    return 0;
+}
+
+require_once "includes/footer.php";
+?>

calendar_events.php

@@ -1,48 +1,105 @@
 <?php
 
-require_once("inc_all.php");
+require_once "includes/inc_all.php";
+
 
 if (isset($_GET['calendar_id'])) {
     $calendar_selected_id = intval($_GET['calendar_id']);
 }
 
 ?>
-<link href='plugins/fullcalendar/main.min.css' rel='stylesheet' />
 
-<div id='calendar'></div>
+<!-- So that when hovering over a created event it turns into a hand instead of cursor -->
+<style>
+    .fc-event {
+        cursor: pointer;
+    }
+</style>
+
+<div class="row">
+    
+    <div class="col-md-3">
+        <div class="card">
+            <div class="card-header py-2">
+                <h3 class="card-title mt-1">Calendars</h3>
+                <div class="card-tools">
+                    <button type="button" class="btn btn-dark btn-sm" data-toggle="modal" data-target="#addCalendarModal"><i class="fas fa-plus"></i></button>
+                </div>
+            </div>
+            <div class="card-body">
+                
+                <form>
+                    <?php
+                    $sql = mysqli_query($mysqli, "SELECT * FROM calendars");
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $calendar_id = intval($row['calendar_id']);
+                        $calendar_name = nullable_htmlentities($row['calendar_name']);
+                        $calendar_color = nullable_htmlentities($row['calendar_color']);
+                    ?>
+                    <div class="form-group">
+                        <i class="fas fa-fw fa-circle mr-2" style="color:<?php echo $calendar_color; ?>;"></i><?php echo $calendar_name; ?>
+                        <button type="button" class="btn btn-link btn-sm float-right" data-toggle="modal" data-target="#editCalendarModal<?php echo $calendar_id; ?>"><i class="fas fa-fw fa-pencil-alt text-secondary"></i></button>
+                    </div>
+                    <?php
+                        require "modals/calendar_edit_modal.php";
+                    }
+                    ?>
+                </form>
+            </div>
+        </div>
+        <div class="card">
+            <div class="card-header py-2">
+                <h3 class="card-title mt-1">System Calendars</h3>
+                <div class="card-tools">
+                    <button type="button" class="btn btn-dark btn-sm"><i class="fas fa-eye"></i></button>
+                </div>
+            </div>
+            <div class="card-body">
+            </div>
+        </div>
+    </div>
+    
+    <div class="col-md-9">
+        <div class="card">
+            <div id='calendar'></div>
+        </div>
+    </div>
+
+</div>
 
 <?php
 
-require_once("calendar_event_add_modal.php");
-require_once("calendar_add_modal.php");
-require_once("category_quick_add_modal.php");
+require_once "modals/calendar_event_add_modal.php";
+
+require_once "modals/calendar_add_modal.php";
+
 
 //loop through IDs and create a modal for each
-$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
+$sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
 while ($row = mysqli_fetch_array($sql)) {
-    $event_id = $row['event_id'];
-    $event_title = htmlentities($row['event_title']);
-    $event_description = htmlentities($row['event_description']);
-    $event_start = htmlentities($row['event_start']);
-    $event_end = htmlentities($row['event_end']);
-    $event_repeat = htmlentities($row['event_repeat']);
-    $calendar_id = $row['calendar_id'];
-    $calendar_name = htmlentities($row['calendar_name']);
-    $calendar_color = htmlentities($row['calendar_color']);
-    $client_id = $row['event_client_id'];
-
-    require("calendar_event_edit_modal.php");
+    $event_id = intval($row['event_id']);
+    $event_title = nullable_htmlentities($row['event_title']);
+    $event_description = nullable_htmlentities($row['event_description']);
+    $event_location = nullable_htmlentities($row['event_location']);
+    $event_start = nullable_htmlentities($row['event_start']);
+    $event_end = nullable_htmlentities($row['event_end']);
+    $event_repeat = nullable_htmlentities($row['event_repeat']);
+    $calendar_id = intval($row['calendar_id']);
+    $calendar_name = nullable_htmlentities($row['calendar_name']);
+    $calendar_color = nullable_htmlentities($row['calendar_color']);
+    $client_id = intval($row['event_client_id']);
 
+    require "modals/calendar_event_edit_modal.php";
 }
 
 ?>
 
-<?php require_once("footer.php"); ?>
+<?php require_once "includes/footer.php";
+?>
 
-<script src='plugins/fullcalendar/main.min.js'></script>
+<script src='plugins/fullcalendar/dist/index.global.js'></script>
 
 <script>
-
     document.addEventListener('DOMContentLoaded', function() {
         var calendarEl = document.getElementById('calendar');
 
@@ -50,107 +107,217 @@ while ($row = mysqli_fetch_array($sql)) {
             themeSystem: 'bootstrap',
             defaultView: 'dayGridMonth',
             customButtons: {
-                addEvent: {
-                    bootstrapFontAwesome: 'fa fa-plus',
+                newEvent: {
+                    text: 'New Event',
+                    bootstrapFontAwesome: 'fas fa-plus',
                     click: function() {
                         $("#addCalendarEventModal").modal();
                     }
-                },
-                addCalendar: {
-                    bootstrapFontAwesome: 'fa fa-calendar-plus',
-                    click: function() {
-                        $("#addCalendarModal").modal();
-                    }
                 }
             },
             headerToolbar: {
                 left: 'prev,next today',
                 center: 'title',
-                right: 'dayGridMonth,timeGridWeek,timeGridDay,listMonth addEvent addCalendar'
+                right: 'dayGridMonth,timeGridWeek,timeGridDay,listMonth newEvent'
             },
-            events: [
-                <?php
-                $sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
-                while ($row = mysqli_fetch_array($sql)) {
-                    $event_id = intval($row['event_id']);
-                    $event_title = json_encode($row['event_title']);
-                    $event_start = json_encode($row['event_start']);
-                    $event_end = json_encode($row['event_end']);
-                    $calendar_id = intval($row['calendar_id']);
-                    $calendar_name = json_encode($row['calendar_name']);
-                    $calendar_color = json_encode($row['calendar_color']);
+            <?php if (!$session_mobile) {
+            ?>aspectRatio: 2.5,
+        <?php } else { ?>
+            aspectRatio: 0.7,
+        <?php } ?>
+        navLinks: true, // can click day/week names to navigate views
+        selectable: true,
+        height: '90vh',
 
-                    echo "{ id: $event_id, title: $event_title, start: $event_start, end: $event_end, color: $calendar_color },";
-                }
+        selectMirror: true,
+        eventClick: function(editEvent) {
+            $('#editEventModal' + editEvent.event.id).modal();
+        },
+        dayMaxEvents: true, // allow "more" link when too many events
+        views: {
+            timeGrid: {
+                dayMaxEventRows: 3, // adjust to 6 only for timeGridWeek/timeGridDay
+                expandRows: true,
+                nowIndicator: true,
+                eventMaxStack: 1,
+            },
+            dayGrid: {
+                dayMaxEvents: 3, // adjust to 6 only for timeGridWeek/timeGridDay
+                expandRows: true,
+            },
 
-                //Invoices Created
-                $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id WHERE clients.company_id = $session_company_id");
-                while ($row = mysqli_fetch_array($sql)) {
-                    $event_id = intval($row['invoice_id']);
-                    $event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope']);
-                    $event_start = json_encode($row['invoice_date']);
+        },
+        events: [
+            <?php
+            $sql = mysqli_query($mysqli, "SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id");
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['event_id']);
+                $event_title = json_encode($row['event_title']);
+                $event_start = json_encode($row['event_start']);
+                $event_end = json_encode($row['event_end']);
+                $calendar_id = intval($row['calendar_id']);
+                $calendar_name = json_encode($row['calendar_name']);
+                $calendar_color = json_encode($row['calendar_color']);
 
-                    echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'blue', url: 'invoice.php?invoice_id=$event_id' },";
-                }
-
-                //Quotes Created
-                $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id WHERE clients.company_id = $session_company_id");
-                while ($row = mysqli_fetch_array($sql)) {
-                    $event_id = intval($row['quote_id']);
-                    $event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']);
-                    $event_start = json_encode($row['quote_date']);
-
-                    echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'purple', url: 'quote.php?quote_id=$event_id' },";
-                }
-
-                //Tickets Created
-                $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id WHERE clients.company_id = $session_company_id");
-                while ($row = mysqli_fetch_array($sql)) {
-                    $event_id = intval($row['ticket_id']);
-                    $event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject']);
-                    $event_start = json_encode($row['ticket_created_at']);
-
-                    echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'orange', url: 'ticket.php?ticket_id=$event_id' },";
-
-                }
-
-                //Vendors Added Created
-                $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE vendor_template = 0 AND clients.company_id = $session_company_id");
-                while ($row = mysqli_fetch_array($sql)) {
-                    $event_id = intval($row['vendor_id']);
-                    $client_id = intval($row['client_id']);
-                    $event_title = json_encode($row['vendor_name']);
-                    $event_start = json_encode($row['vendor_created_at']);
-
-                    echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'brown', url: 'client_vendors.php?client_id=$client_id' },";
-                }
-
-                //Clients Added
-                $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE clients.company_id = $session_company_id");
-                while ($row = mysqli_fetch_array($sql)) {
-                    $event_id = intval($row['client_id']);
-                    $event_title = json_encode($row['client_name']);
-                    $event_start = json_encode($row['client_created_at']);
-
-                    echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'green', url: 'client_overview.php?client_id=$event_id' },";
-                }
-                ?>
-
-
-            ],
-            eventClick: function(editEvent) {
-                $('#editEventModal'+editEvent.event.id).modal();
+                echo "{ id: $event_id, title: $event_title, start: $event_start, end: $event_end, color: $calendar_color },";
             }
+
+            //Invoices Created
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id");
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['invoice_id']);
+                $scope = strval($row['invoice_scope']);
+                if (empty($scope)) {
+                    $scope = "Not Set";
+                }
+                $event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " created -scope: " . $scope);
+                $event_start = json_encode($row['invoice_date']);
+
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, display: 'list-item', color: 'blue', url: 'invoice.php?invoice_id=$event_id' },";
+            }
+
+            //Quotes Created
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id");
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['quote_id']);
+                $event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']);
+                $event_start = json_encode($row['quote_date']);
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, display: 'list-item', color: 'purple', url: 'quote.php?quote_id=$event_id' },";
+            }
+
+            //Tickets Created
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients
+                LEFT JOIN tickets ON client_id = ticket_client_id
+                LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+                LEFT JOIN users ON ticket_assigned_to = user_id"
+            );
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['ticket_id']);
+                $ticket_status = intval($row['ticket_status']);
+                $ticket_status_name = strval($row['ticket_status_name']);
+                $username = $row['user_name'];
+                if (empty($username)) {
+                    $username = "";
+                } else {
+                    //Limit to  characters and add ...
+                    $username = "[". substr($row['user_name'], 0, 9) . "...]";
+                }
+
+                $event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " created - " . $row['ticket_subject'] . " " . $username . "{" . $ticket_status_name . "}");
+                $event_start = json_encode($row['ticket_created_at']);
+
+                if ($ticket_status == 1) {
+                    $event_color = "red";
+                } elseif ($ticket_status == 2) {
+                    $event_color = "blue";
+                }  elseif ($ticket_status == 3) {
+                    $event_color = "grey";
+                } else {
+                    $event_color = "black";
+                }
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, color: '$event_color', url: 'ticket.php?ticket_id=$event_id' },";
+            }
+
+            // Recurring Tickets
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients
+                LEFT JOIN scheduled_tickets ON client_id = scheduled_ticket_client_id
+                LEFT JOIN users ON scheduled_ticket_assigned_to = user_id"
+            );
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['scheduled_ticket_id']);
+                $client_id = intval($row['client_id']);
+                $username = $row['user_name'];
+                $frequency = $row['scheduled_ticket_frequency'];
+                if (empty($username)) {
+                    $username = "";
+                } else {
+                    //Limit to  characters and add ...
+                    $username = "[". substr($row['user_name'], 0, 9) . "...]";
+                }
+
+                $event_title = json_encode("R Ticket ($frequency) - " . $row['scheduled_ticket_subject'] . " " . $username);
+                $event_start = json_encode($row['scheduled_ticket_next_run']);
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, color: '$event_color', url: 'client_recurring_tickets.php?client_id=$client_id' },";
+            }
+
+            //Tickets Scheduled
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients 
+                LEFT JOIN tickets ON client_id = ticket_client_id
+                LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+                LEFT JOIN users ON ticket_assigned_to = user_id
+                WHERE ticket_schedule IS NOT NULL"
+            );
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['ticket_id']);
+                $username = $row['user_name'];
+                if (empty($username)) {
+                    $username = "";
+                } else {
+                    //Limit to  characters and add ...
+                    $username = substr($row['user_name'], 0, 9) . "...";
+                }
+
+                if (strtotime($row['ticket_schedule']) < time()) {
+                    if (!empty($row['ticket_schedule'])) {
+                        $event_color = "red";
+                    } else {
+                        $event_color = "green";
+                    }
+                } else {
+                    $event_color = "grey";
+                }
+
+                $ticket_status = strval($row['ticket_status_name']);
+                $event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " scheduled - " . $row['ticket_subject'] . " [" . $username . "]{" . $ticket_status . "}");
+                $event_start = json_encode($row['ticket_schedule']);
+
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, color: '$event_color', url: 'ticket.php?ticket_id=$event_id' },";
+            }
+
+            //Vendors Added Created
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE vendor_template = 0");
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['vendor_id']);
+                $client_id = intval($row['client_id']);
+                $event_title = json_encode("Vendor : '" . $row['vendor_name'] . "' created");
+                $event_start = json_encode($row['vendor_created_at']);
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'brown', url: 'client_vendors.php?client_id=$client_id' },";
+            }
+
+            //Clients Added
+            $sql = mysqli_query($mysqli, "SELECT * FROM clients");
+            while ($row = mysqli_fetch_array($sql)) {
+                $event_id = intval($row['client_id']);
+                $event_title = json_encode("Client: '" . $row['client_name'] . "' created");
+                $event_start = json_encode($row['client_created_at']);
+
+                echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'brown', url: 'client_overview.php?client_id=$event_id' },";
+            }
+            ?>
+        ],
+        eventOrder: 'allDay,start,-duration,title',
+
+        <?php
+        // User preference for Calendar start day (Sunday/Monday)
+        // Fetch User Dashboard Settings
+        $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT user_config_calendar_first_day FROM user_settings WHERE user_id = $session_user_id"));
+        $user_config_calendar_first_day = intval($row['user_config_calendar_first_day']);
+        ?>
+        firstDay: <?php echo $user_config_calendar_first_day ?>,
         });
 
         calendar.render();
     });
-
 </script>
 
 <!-- Automatically set new event end date to 1 hr after start date -->
 <script>
-
     // Function - called when user leaves field (onblur)
     function updateIncrementEndTime() {
 
@@ -160,15 +327,19 @@ while ($row = mysqli_fetch_array($sql)) {
         // Create a date object
         let new_end = new Date(start);
 
+        // Get the time zone offset in minutes, convert it to milliseconds
+        let offsetInMilliseconds = new_end.getTimezoneOffset() * 60 * 1000;
+
+        // Adjust the date by the time zone offset before adding an hour
+        new_end = new Date(new_end.getTime() - offsetInMilliseconds);
+
         // Set the end date to 1 hr in the future
-        new_end.setHours(new_end.getHours() + 1)
+        new_end.setHours(new_end.getHours() + 1);
 
         // Get the date back as a string, with the milliseconds trimmed off
         new_end = new_end.toISOString().replace(/.\d+Z$/g, "");
 
         // Update the end date field
         document.getElementById("event_add_end").value = new_end;
-
     }
-
 </script>

categories.php

@@ -1,138 +0,0 @@
-<?php
-
-// Default Column Sortby Filter
-$sb = "category_name";
-$o = "ASC";
-
-require_once("inc_all_settings.php");
-
-if (isset($_GET['category'])) {
-    $category = sanitizeInput($_GET['category']);
-} else {
-    $category = "Expense";
-}
-
-//Rebuild URL
-$url_query_strings_sb = http_build_query(array_merge($_GET, array('sb' => $sb, 'o' => $o)));
-
-$sql = mysqli_query(
-    $mysqli,
-    "SELECT SQL_CALC_FOUND_ROWS * FROM categories
-    WHERE category_name LIKE '%$q%'
-    AND category_type = '$category'
-    AND category_archived_at IS NULL
-    AND company_id = $session_company_id 
-    ORDER BY $sb $o LIMIT $record_from, $record_to"
-);
-
-$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-
-$colors_used_array = [];
-
-//Colors Used
-$sql_colors_used = mysqli_query(
-    $mysqli,
-    "SELECT category_color FROM categories 
-    WHERE category_type = '$category'
-    AND category_archived_at IS NULL
-    AND company_id = $session_company_id"
-);
-
-while ($color_used_row = mysqli_fetch_array($sql_colors_used)) {
-    $colors_used_array[] = $color_used_row['category_color'];
-}
-$colors_diff = array_diff($colors_array, $colors_used_array);
-
-?>
-
-
-    <div class="card card-dark">
-        <div class="card-header py-2">
-            <h3 class="card-title mt-2"><i class="fa fa-fw fa-list mr-2"></i><?php echo htmlentities($category); ?> Categories</h3>
-            <div class="card-tools">
-                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-plus mr-2"></i>New</button>
-            </div>
-        </div>
-        <div class="card-body">
-            <form autocomplete="off">
-                <input type="hidden" name="category" value="<?php echo htmlentities($category); ?>">
-                <div class="row">
-                    <div class="col-sm-4 mb-2">
-                        <div class="input-group">
-                            <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories">
-                            <div class="input-group-append">
-                                <button class="btn btn-primary"><i class="fa fa-search"></i></button>
-                            </div>
-                        </div>
-                    </div>
-                    <div class="col-sm-8">
-                        <div class="btn-group float-right">
-                            <a href="?category=Expense" class="btn <?php if ($category == 'Expense') { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">Expense</a>
-                            <a href="?category=Income" class="btn <?php if ($category == 'Income') { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">Income</a>
-                            <a href="?category=Referral" class="btn <?php if ($category == 'Referral') { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">Referral</a>
-                            <a href="?category=Payment Method" class="btn <?php if ($category == 'Payment Method') { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">Payment Method</a>
-                        </div>
-                    </div>
-                </div>
-            </form>
-            <hr>
-            <div class="table-responsive">
-                <table class="table table-striped table-borderless table-hover">
-                    <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
-                    <tr>
-                        <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=category_name&o=<?php echo $disp; ?>">Name</a></th>
-                        <th>Color</th>
-                        <th class="text-center">Action</th>
-                    </tr>
-                    </thead>
-                    <tbody>
-                    <?php
-
-                    while ($row = mysqli_fetch_array($sql)) {
-                        $category_id = intval($row['category_id']);
-                        $category_name = htmlentities($row['category_name']);
-                        $category_color = htmlentities($row['category_color']);
-                        //$colors_used_array[] = $row['category_color'];
-
-                        ?>
-                        <tr>
-                            <td><a class="text-dark" href="#" data-toggle="modal" data-target="#editCategoryModal<?php echo $category_id; ?>"><?php echo $category_name; ?></a></td>
-                            <td><i class="fa fa-3x fa-circle" style="color:<?php echo $category_color; ?>;"></i></td>
-                            <td>
-                                <div class="dropdown dropleft text-center">
-                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
-                                        <i class="fas fa-ellipsis-h"></i>
-                                    </button>
-                                    <div class="dropdown-menu">
-                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editCategoryModal<?php echo $category_id; ?>">
-                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
-                                        </a>
-                                        <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger" href="post.php?archive_category=<?php echo $category_id; ?>">
-                                            <i class="fas fa-fw fa-archive mr-2"></i>Archive
-                                        </a>
-                                    </div>
-                                </div>
-                            </td>
-                        </tr>
-
-                        <?php
-
-                        //$colors_diff = array_diff($colors_array,$colors_used_array);
-
-                        include("category_edit_modal.php");
-
-                    }
-
-                    ?>
-
-                    </tbody>
-                </table>
-            </div>
-            <?php require_once("pagination.php"); ?>
-        </div>
-    </div>
-
-<?php
-require_once("category_add_modal.php");
-require_once("footer.php");