AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-05-06 03:07:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AS1024:v26.3
Branches Tags
AS1024:master AS1024:develop AS1024:ticket-task-approvals AS1024:duplicate-numbering-racecondition AS1024:undefined-asset-handling AS1024:revert-1176-Whit3XLightning-patch-2 AS1024:Before-Multi-Company-Removal
AS1024:v26.05 AS1024:v26.04 AS1024:v26.4 AS1024:v26.3 AS1024:v26.02 AS1024:v25.12 AS1024:v25.11 AS1024:v25.10 AS1024:v25.09 AS1024:v25.06 AS1024:v25.05 AS1024:v25.03 AS1024:v25.02.4 AS1024:v25.02.3 AS1024:v25.02.1 AS1024:v25.02 AS1024:v25.01.3 AS1024:v25.02.2 AS1024:v25.01.2 AS1024:v25.01
..
compare: AS1024:develop
Branches Tags
AS1024:master AS1024:develop AS1024:ticket-task-approvals AS1024:duplicate-numbering-racecondition AS1024:undefined-asset-handling AS1024:revert-1176-Whit3XLightning-patch-2 AS1024:Before-Multi-Company-Removal
AS1024:v26.05 AS1024:v26.04 AS1024:v26.4 AS1024:v26.3 AS1024:v26.02 AS1024:v25.12 AS1024:v25.11 AS1024:v25.10 AS1024:v25.09 AS1024:v25.06 AS1024:v25.05 AS1024:v25.03 AS1024:v25.02.4 AS1024:v25.02.3 AS1024:v25.02.1 AS1024:v25.02 AS1024:v25.01.3 AS1024:v25.02.2 AS1024:v25.01.2 AS1024:v25.01

67 Commits
v26.3 ... develop

Author SHA1 Message Date
johnnyq
67382a4c4c Fix extra } 2026-05-04 16:56:37 -04:00
johnnyq
351e81231f Update Changelog Bump Release 2026-05-04 16:50:18 -04:00
johnnyq
0ecd76329c Bump TCPDF from 6.11.2 to 6.11.3 2026-05-04 16:15:30 -04:00
johnnyq
f5da94a278 Bump TinyMCE from 8.4.0 to 8.5.0 2026-05-04 16:07:56 -04:00
johnnyq
e0f2fc1e1b Enforce Client Access Restriction on ajax call get_totp_token_via_id 2026-05-04 15:48:40 -04:00
johnnyq
8094e6e761 Credentials: Enforce Credential Perm and client perm on credient edit / view modals 2026-05-04 15:37:02 -04:00
johnnyq
a7c4136d60 Enforce Credential Permissions on contact, asset details both full page and modals 2026-05-04 15:30:33 -04:00
johnnyq
67f9f9ec76 Client Overview: Enforce visibility permissions on credentials in client overview 2026-05-04 13:38:31 -04:00
johnnyq
90232c82c0 Fix broken add saved card, by commenting CSRF Check on add saved card in client post 2026-05-04 12:59:01 -04:00
johnnyq
0cdb780b88 Stripe Payment: Rollback stipe-php from 20.0.0 back to 19.4.1 to fix a isses with adding saved paymentss, Stripe updated their API in which we will update to a later date 2026-05-04 12:32:12 -04:00
johnnyq
a6d996b83f Projects: Fixing missing ' regression 2026-04-27 13:17:21 -04:00
johnnyq
b6e3176ed0 Projects: Fix slow load by using an optimized query to count tickets and tasks 2026-04-27 13:15:11 -04:00
wrongecho
e762ebb88b Show correct currency for the account balance when adding payment to invoice 2026-04-27 14:07:05 +01:00
wrongecho
163581cbcd Expire all PW reset tokens nightly with cron 2026-04-27 13:36:39 +01:00
johnnyq
e9c3ee4661 Shared Items via secure link: Do not delete shared items that have not been viewed before cron runs 2026-04-24 11:40:38 -04:00
johnnyq
90de4e4fe3 Client: Fix Client Abbreviation being converted to an int on edit 2026-04-17 12:15:56 -04:00
johnnyq
cb9ac33fbe Update changelog 2026-04-16 15:18:47 -04:00
johnnyq
319ccbad01 Revert "API: Add some missing end points" 
This reverts commit c4ba2bc326.
 2026-04-16 15:16:08 -04:00
johnnyq
4e862053e8 Fix Missing CSRF in unused modals 2026-04-13 13:19:12 -04:00
johnnyq
9c0c8ec239 Update Changelog 2026-04-12 11:41:15 -04:00
johnnyq
715aadb9d3 Update Changelog 2026-04-12 11:34:46 -04:00
johnnyq
f94458690e API: Remove Payment Endpoint for now 2026-04-12 11:26:56 -04:00
johnnyq
134b5e6491 Update changelog 2026-04-11 18:47:35 -04:00
johnnyq
c4ba2bc326 API: Add some missing end points 2026-04-11 18:21:03 -04:00
johnnyq
1e02322382 API: Invoice_items only return if item_id or invoice_id is specified and do not return all invoice items 2026-04-11 17:57:22 -04:00
johnnyq
81f87e3960 Update Changelog 2026-04-11 14:07:11 -04:00
johnnyq
efaeac3c14 Networks: Added Import Networks 2026-04-11 14:06:31 -04:00
johnnyq
bb06ced05b update Changelog 2026-04-11 13:43:26 -04:00
johnnyq
ed564f64ff Merge branch 'develop' of github.com:itflow-org/itflow into develop 2026-04-11 13:33:30 -04:00
johnnyq
830f40edee API: Add Invoice Items read endpoint 2026-04-11 13:32:50 -04:00
wrongecho
ec9a148e97 API - Fix documents not falling back to DB values 2026-04-09 16:07:44 +01:00
wrongecho
5efdfc53ff Asset API - History 2026-04-09 15:25:21 +01:00
johnnyq
c1bb1694a0 Update Changelog 2026-04-08 12:54:05 -04:00
johnnyq
82b5613335 Bump TinyMCE from 8.3.2 to 8.4.0 2026-04-08 12:51:25 -04:00
johnnyq
123a581583 Bump stripe-php from 19.4.1 to 20.0.0 2026-04-08 12:44:45 -04:00
johnnyq
346d7ed9f0 Update the changelog 2026-04-05 12:06:12 -04:00
johnnyq
b79a6c390e Move some arrays out of load global settings and into their own entity 2026-04-05 12:00:56 -04:00
johnnyq
fae74a8b1e Software: Add Additional License Types 2026-04-05 11:48:07 -04:00
johnnyq
c434b5e6f0 Categories: Fix Restore function and restore icon and color 2026-04-04 18:22:05 -04:00
johnnyq
e7ed88e10e Remove custom_hosting tables from db.sql 2026-04-04 18:14:13 -04:00
johnnyq
78971d1ccb Setup cli: add categories to mimic setup web ui 2026-04-04 18:09:29 -04:00
johnnyq
8a4bb2e80d Update App version 2026-04-04 17:51:14 -04:00
johnnyq
c25b5aac9d Update Changelog 2026-04-04 17:49:48 -04:00
johnnyq
4856c5cb1f Update Changelog 2026-04-04 17:46:56 -04:00
johnnyq
065e674a68 Quotes: Fix Quote Copy missing client 2026-04-04 17:38:12 -04:00
wrongecho
20be416fa6 API 
- Fix credential errors since field names changed
- Sort domains properly
 2026-04-04 11:20:52 +01:00
wrongecho
4617f44cda - Prevent error 500s when existing data can't be cleanly re-inserted to database 2026-04-04 11:01:34 +01:00
wrongecho
0ae4c2fac9 - Prevent error 500s when existing data can't be cleanly re-inserted to database 
- Full support for asset_uri_2
 2026-04-04 10:52:32 +01:00
wrongecho
9389f2cc91 More helpful error 2026-04-04 10:49:50 +01:00
wrongecho
52c2ba69cb Don't set client ID from POST - this is properly done via require_post_method instead only if it's an all-clients key. 2026-04-04 10:49:40 +01:00
wrongecho
8591758cd7 Fix asset read api - uri_2 2026-04-04 10:18:21 +01:00
johnnyq
02d217402c Categories: Moved note type, software type, rack type to be creatable/editable Categories with common defaults and descriptions 2026-03-31 18:05:16 -04:00
johnnyq
52eb0b9c21 Files: Allow .swb file extensions for MikroTik Backups 2026-03-31 17:19:27 -04:00
johnnyq
5698da9c5b Update Changelog 2026-03-30 17:41:52 -04:00
johnnyq
aa19472512 Ticket: Fix missing contact in version 1 Create Ticket 2026-03-30 17:38:44 -04:00
johnnyq
11288ce782 Fix missing setting DB Version 2026-03-30 17:31:15 -04:00
johnnyq
383897ee27 Assets: Moved asset status to be creatable/editable Categories with common defaults and descriptions also Add category description to add / edit modals and description underneath category name 2026-03-30 17:25:51 -04:00
johnnyq
7bed0231d2 Categories: Make category type pretty Capitalize words, replace _ with space 2026-03-30 15:29:13 -04:00
johnnyq
d8359e1049 Network Interface Types: Moved to creatable/editable Categories with common defaults 2026-03-30 15:24:09 -04:00
johnnyq
35fb8b1ee6 Update Changelog for 26.03.1 Release 2026-03-30 11:58:22 -04:00
wrongecho
793b14885b Remove unnecessary blank line in account.php 2026-03-30 10:28:45 +01:00
johnnyq
bb3e311fb7 Racks: Fix Device Removal 2026-03-27 17:02:13 -04:00
johnnyq
65b53dd7f4 Tables: Removed removed -sm in table-responsive to fix some responsive issues also adding margin between top and bottom tags in clients and moved the tags in its own div 2026-03-26 13:30:07 -04:00
johnnyq
0e75106e1a Client POST: Added comment regarding MySQLi Prepared statement usage within Client add/edit POST 2026-03-23 13:30:03 -04:00
wrongecho
619dd0d472 Fix missing csrf tokens in category modals 2026-03-23 16:36:15 +00:00
johnnyq
22d33847c3 Fix edit client 2026-03-22 19:53:35 -04:00
johnnyq
6d1b654d0c Invoice: Do not apply late fee on first overdue reminder (day 1) 2026-03-20 17:44:33 -04:00
168 changed files with 1550 additions and 568 deletions
Expand all files Collapse all files

46
CHANGELOG.md
View File

@@ -2,16 +2,58 @@
This file documents all notable changes made to ITFlow.
## [26.05] Stable Release
### Bug Fixes
- Stripe Payment: Fix adding saved cards on client portal.
- Various client and module enforments fixes.
- Projects: Fix slow load by using an optimized query to count tickets and tasks.
- Show correct currency for the account balance when adding payment to invoice.
- Expire all Password reset tokens nightly with cron.
- Shared Items via secure link: Do not delete shared items that have not been viewed before cron runs.
- Client: Fix Client Abbreviation being converted to an int on edit.
### New Features & Updates
- Bump TinyMCE from 8.4.0 to 8.5.0.
- Bump TCPDF from 6.11.2 to 6.11.3.
- DeBump stripe-php from 20.0.0 to 19.4.1.
## [26.04] Stable Release
### Bug Fixes
- Racks: Fix Device Removal.
- Table Lists: replace class table-responsive-sm with just table-reponsive was causing ui issues with certain screen sizes.
- Client: Fix Edit erroring on certain characters.
- Category: Fix Add/Edit due to missing CSRF fields.
- Category: Fix Restore function and Icon and text color.
- Invoice: Do not apply late fee on first overdue reminder (1 day).
- Ticket: Fix issue with contact not being added with Add contact modal v1.
- Quote: Fix Copy was missing client.
- API: Don't set client ID from POST - this is properly done via require_post_method instead only if it's an all-clients key.
- API: Prevent error 500s when existing data can't be cleanly re-inserted to database.
- API: Add more helpful errors.
- API: Fix asset read uri_2 field.
- API: Various other field fixes.
### New Features & Updates
- Categories: Add Description Field.
- Categories: Add DB Field for order.
- Categories: Move Asset Status and Network Interface Type to categories so custom ones can be created and edited.
- Categories: Moved note type, software type, rack type to be creatable/editable Categories with common defaults and descriptions
- Files: Allow .swb file for MikroTik Backup Files.
- Software: Added additonal License Types including Perpetual, Site, etc.
- API: Invoice Items: Add read endpoint.
- Networks: Added Import.
- Bump TinyMCE from 8.3.2 to 8.4.0.
- Bump stripe-php from 19.4.1 to 20.0.0.
## [26.03] Stable Release
### Bug Fixes
- Ticket Templates: Fix Task Sorting.
- Ticket Templates: Fix Task Sortinhahahg.
- Ticket: Lower autoclose setting minimum value from 48 to 24 Hours.
- Ticket: Fix Task Approval.
- Recurring Ticket: add empty value placeholder for Ticket Frequency.
- Documents/Files: Fix redirect after File Upload to redirect to files instead of the non existent documents.
- Setup: Fix base url tacking on /setup when not installing via script.
### New Features & Updates
- Clients: Net Terms: Added common 45 and 15 Days, removed 14 Days not as common.
- Clients: Bulk Action Set Net Terms Added.

42
admin/category.php
View File

@@ -28,14 +28,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-list-ul mr-2"></i>
<?php echo nullable_htmlentities($category); ?> Categories
<?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?> Categories
</h3>
<?php
if (!isset($_GET['archived'])) {
?>
<div class="card-tools">
<button type="button" class="btn btn-primary ajax-modal" data-modal-url="modals/category/category_add.php?category=<?= nullable_htmlentities($category) ?>"><i
class="fas fa-plus mr-2"></i>New <?php echo nullable_htmlentities($category); ?> Category</button>
class="fas fa-plus mr-2"></i>New <?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?> Category</button>
</div>
<?php
}
@@ -51,7 +51,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
value="<?php if (isset($q)) {
echo stripslashes(nullable_htmlentities($q));
} ?>"
placeholder="Search <?php echo nullable_htmlentities($category); ?> Categories ">
placeholder="Search <?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?> Categories ">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
@@ -83,6 +83,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else {
echo 'btn-default';
} ?>">Ticket</a>
<a href="?category=network_interface"
class="btn <?php if ($category == 'network_interface') {
echo 'btn-primary';
} else {
echo 'btn-default';
} ?>">Network Interface</a>
<a href="?category=asset_status"
class="btn <?php if ($category == 'asset_status') {
echo 'btn-primary';
} else {
echo 'btn-default';
} ?>">Asset Status</a>
<a href="?category=software_type"
class="btn <?php if ($category == 'software_type') {
echo 'btn-primary';
} else {
echo 'btn-default';
} ?>">Software Type</a>
<a href="?category=rack_type"
class="btn <?php if ($category == 'rack_type') {
echo 'btn-primary';
} else {
echo 'btn-default';
} ?>">Rack Type</a>
<a href="?category=contact_note_type"
class="btn <?php if ($category == 'contact_note_type') {
echo 'btn-primary';
} else {
echo 'btn-default';
} ?>">Contact Note Type</a>
<a href="?<?php echo $url_query_strings_sort ?>&archived=1"
class="btn <?php if (isset($_GET['archived'])) {
echo 'btn-primary';
@@ -114,6 +144,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_assoc($sql)) {
$category_id = intval($row['category_id']);
$category_name = nullable_htmlentities($row['category_name']);
$category_description = nullable_htmlentities($row['category_description']);
$category_color = nullable_htmlentities($row['category_color']);
?>
@@ -122,6 +153,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="text-dark ajax-modal" href="#"
data-modal-url="modals/category/category_edit.php?id=<?= $category_id ?>">
<?php echo $category_name; ?>
<div><small class="text-secondary"><?= $category_description ?></small></div>
</a>
</td>
<td><i class="fa fa-3x fa-circle" style="color:<?php echo $category_color; ?>;"></i></td>
@@ -134,9 +166,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php
if ($archived) {
?>
<a class="dropdown-item text-success confirm-link"
<a class="dropdown-item text-info confirm-link"
href="post.php?restore_category=<?php echo $category_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Restore
<i class="fas fa-fw fa-redo mr-2"></i>Restore
</a>
<a class="dropdown-item text-danger confirm-link"
href="post.php?delete_category=<?php echo $category_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">

67
admin/database_updates.php
View File

@@ -4334,11 +4334,70 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.2'");
}
//
// // if (CURRENT_DATABASE_VERSION == '2.4.2') {
// // Insert queries here required to update to DB version 2.4.3
if (CURRENT_DATABASE_VERSION == '2.4.2') {
mysqli_query($mysqli, "ALTER TABLE `categories` ADD `category_description` VARCHAR(255) DEFAULT NULL AFTER `category_name`");
mysqli_query($mysqli, "ALTER TABLE `categories` ADD `category_order` INT(11) NOT NULL DEFAULT 0 AFTER `category_icon`");
// Create network_interfaces
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ethernet', category_type = 'network_interface', category_order = 1"); // 1
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP', category_type = 'network_interface', category_order = 2"); // 2
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP+', category_type = 'network_interface', category_order = 3"); // 3
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP28', category_type = 'network_interface', category_order = 4"); // 4
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP-DD', category_type = 'network_interface', category_order = 5"); // 5
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Coaxial', category_type = 'network_interface', category_order = 6"); // 6
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Fiber', category_type = 'network_interface', category_order = 7"); // 7
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'WiFi', category_type = 'network_interface', category_order = 8"); // 8
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.3'");
}
if (CURRENT_DATABASE_VERSION == '2.4.3') {
// Asset Status
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ready to Deploy', category_description = 'Asset is configured and ready to be assigned', category_type = 'asset_status', category_order = 1"); // 1
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Deployed', category_description = 'Asset is actively in use and assigned to a client or location', category_type = 'asset_status', category_order = 2"); // 2
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Out for Repair', category_description = 'Asset has been sent out for servicing or repair', category_type = 'asset_status', category_order = 3"); // 3
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Lost', category_description = 'Asset location is unknown and cannot be accounted for', category_type = 'asset_status', category_order = 4"); // 4
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Stolen', category_description = 'Asset has been reported stolen', category_type = 'asset_status', category_order = 5"); // 5
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Retired', category_description = 'Asset has been decommissioned and is no longer in service', category_type = 'asset_status', category_order = 6"); // 6
// Contact note types
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Call', category_description = 'Phone call with a client or contact', category_icon = 'fa-phone-alt', category_type = 'contact_note_type', category_order = 1"); // 1
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Email', category_description = 'Email correspondence with a client or contact', category_icon = 'fa-envelope', category_type = 'contact_note_type', category_order = 2"); // 2
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Meeting', category_description = 'Scheduled meeting with a client or contact', category_icon = 'fa-handshake', category_type = 'contact_note_type', category_order = 3"); // 3
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'In Person', category_description = 'In person visit or on-site interaction', category_icon = 'fa-people-arrows', category_type = 'contact_note_type', category_order = 4"); // 4
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Note', category_description = 'General note or internal comment', category_icon = 'fa-sticky-note', category_type = 'contact_note_type', category_order = 5"); // 5
// Rack Types
mysqli_query($mysqli, "INSERT INTO categories SET category_name = '2-Post Open Frame', category_description = 'Two-post open frame rack for patch panels and lightweight equipment', category_type = 'rack_type', category_order = 1"); // 1
mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Open Frame', category_description = 'Four-post open frame rack for servers and heavier equipment', category_type = 'rack_type', category_order = 2"); // 2
mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Enclosed Cabinet', category_description = 'Four-post enclosed cabinet with doors and sides for secure equipment housing', category_type = 'rack_type', category_order = 3"); // 3
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Open', category_description = 'Open frame rack mounted directly to a wall for small deployments', category_type = 'rack_type', category_order = 4"); // 4
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Enclosed', category_description = 'Enclosed cabinet rack mounted to a wall with a locking door', category_type = 'rack_type', category_order = 5"); // 5
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Rack type does not fit any standard category', category_type = 'rack_type', category_order = 6"); // 6
// Software Types
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Software as a Service (SaaS)', category_description = 'Cloud-hosted software accessed via a web browser or API', category_type = 'software_type', category_order = 1"); // 1
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Productivity Suite', category_description = 'Bundled office and collaboration tools such as Microsoft 365 or Google Workspace', category_type = 'software_type', category_order = 2"); // 2
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Web Application', category_description = 'Application hosted on a web server and accessed through a browser', category_type = 'software_type', category_order = 3"); // 3
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Desktop Application', category_description = 'Application installed and run locally on a workstation or laptop', category_type = 'software_type', category_order = 4"); // 4
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Mobile Application', category_description = 'Application installed and run on a mobile device or tablet', category_type = 'software_type', category_order = 5"); // 5
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Security Software', category_description = 'Software providing antivirus, endpoint protection, or security monitoring', category_type = 'software_type', category_order = 6"); // 6
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'System Software', category_description = 'Low-level software managing hardware resources and system operations', category_type = 'software_type', category_order = 7"); // 7
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Operating System', category_description = 'Core software managing hardware and providing a platform for applications', category_type = 'software_type', category_order = 8"); // 8
mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Software type does not fit any standard category', category_type = 'software_type', category_order = 9"); // 9
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.4'");
}
// if (CURRENT_DATABASE_VERSION == '2.4.4') {
// // Insert queries here required to update to DB version 2.4.5
// // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.3'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.5'");
// }
} else {

13
admin/modals/category/category_add.php
View File

@@ -9,12 +9,13 @@ $category_types_array = ['Expense', 'Income', 'Referral', 'Ticket'];
?>
<div class="modal-header bg-dark">
<h5 class="modal-title"><i class="fa fa-fw fa-list-ul mr-2"></i>New <strong><?= nullable_htmlentities($category) ?></strong> Category</h5>
<h5 class="modal-title"><i class="fa fa-fw fa-list-ul mr-2"></i>New <strong><?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?></strong> Category</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="modal-body">
@@ -59,6 +60,16 @@ $category_types_array = ['Expense', 'Income', 'Referral', 'Ticket'];
</div>
</div>
<div class="form-group">
<label>Description</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fas fa-fw fa-align-left"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Enter a description" maxlength="200">
</div>
</div>
</div>
<div class="modal-footer">
<button type="submit" name="add_category" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create Category</button>

12
admin/modals/category/category_edit.php
View File

@@ -8,6 +8,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_id = $cate
$row = mysqli_fetch_assoc($sql);
$category_name = nullable_htmlentities($row['category_name']);
$category_description = nullable_htmlentities($row['category_description']);
$category_color = nullable_htmlentities($row['category_color']);
$category_type = nullable_htmlentities($row['category_type']);
@@ -21,6 +22,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="category_id" value="<?php echo $category_id; ?>">
<input type="hidden" name="type" value="<?php echo $category_type; ?>">
<div class="modal-body">
@@ -45,6 +47,16 @@ ob_start();
</div>
</div>
<div class="form-group">
<label>Description</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fas fa-fw fa-align-left"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Enter a description" maxlength="200" value="<?= $category_description ?>">
</div>
</div>
</div>
<div class="modal-footer">
<button type="submit" name="edit_category" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>

2
admin/modals/contract_template/contract_template_add.php
View File

@@ -30,6 +30,8 @@ ob_start();
</ul>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="modal-body">
<div class="tab-content" id="contractTemplateTabContent">

1
admin/modals/contract_template/contract_template_edit.php
View File

@@ -52,6 +52,7 @@ ob_start();
</ul>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="contract_template_id" value="<?php echo $contract_template_id; ?>">
<div class="modal-body">

1
admin/modals/custom_field/custom_field_create.php
View File

@@ -8,6 +8,7 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>">
<div class="modal-body">

1
admin/modals/custom_field/custom_field_edit.php
View File

@@ -8,6 +8,7 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="custom_field_id" value="<?php echo $custom_field_id; ?>">
<div class="modal-body">

25
admin/modals/software_template/software_template_add.php
View File

@@ -2,6 +2,16 @@
require_once '../../../includes/modal_header.php';
$license_types_array = array (
'Device',
'User',
'Site',
'Concurrent',
'Trial',
'Perpetual',
'Usage-based'
);
ob_start();
?>
@@ -54,9 +64,18 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<select class="form-control select2" name="type" required>
<option value="">- Type -</option>
<?php foreach($software_types_array as $software_type) { ?>
<option><?php echo $software_type; ?></option>
<option value="">- Select Type -</option>
<<?php
$sql_software_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'software_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
$software_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $software_type_select ?></option>
<?php } ?>
</select>
</div>

28
admin/modals/software_template/software_template_edit.php
View File

@@ -13,8 +13,18 @@ $software_type = nullable_htmlentities($row['software_template_type']);
$software_license_type = nullable_htmlentities($row['software_template_license_type']);
$software_notes = nullable_htmlentities($row['software_template_notes']);
// Generate the HTML form content using output buffering.
$license_types_array = array (
'Device',
'User',
'Site',
'Concurrent',
'Trial',
'Perpetual',
'Usage-based'
);
ob_start();
?>
<div class="modal-header bg-dark">
@@ -66,8 +76,20 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<select class="form-control select2" name="type" required>
<?php foreach($software_types_array as $software_type_select) { ?>
<option <?php if($software_type == $software_type_select) { echo "selected"; } ?>><?php echo $software_type_select; ?></option>
<option value="">- Select Type -</option>
<<?php
$sql_software_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'software_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
$software_type_select = nullable_htmlentities($row['category_name']);
?>
<option <?php if($software_type == $software_type_select) { echo "selected"; } ?>>
<?= $software_type_select ?>
</option>
<?php } ?>
</select>
</div>

1
admin/modals/user/user_export.php
View File

@@ -13,6 +13,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="modal-body">
</div>

6
admin/post/category.php
View File

@@ -12,7 +12,7 @@ if (isset($_POST['add_category'])) {
require_once 'category_model.php';
mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");
mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_description = '$description', category_type = '$type', category_color = '$color'");
$category_id = mysqli_insert_id($mysqli);
@@ -32,7 +32,7 @@ if (isset($_POST['edit_category'])) {
$category_id = intval($_POST['category_id']);
mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_type = '$type', category_color = '$color' WHERE category_id = $category_id");
mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_description = '$description', category_type = '$type', category_color = '$color' WHERE category_id = $category_id");
logAction("Category", "Edit", "$session_name edited category $type $name", 0, $category_id);
@@ -68,7 +68,7 @@ if (isset($_GET['restore_category'])) {
validateCSRFToken($_GET['csrf_token']);
$category_id = intval($_GET['retore_category']);
$category_id = intval($_GET['restore_category']);
// Get Category Name and Type for logging
$sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id");

1
admin/post/category_model.php
View File

@@ -2,5 +2,6 @@
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
$color = sanitizeInput($_POST['color']);

22
admin/settings_default.php
View File

@@ -1,7 +1,25 @@
<?php
require_once "includes/inc_all_admin.php";
?>
$start_page_select_array = array (
'dashboard.php'=>'Dashboard',
'clients.php'=> 'Client Management',
'tickets.php'=> 'Support Tickets',
'invoices.php' => 'Invoices'
);
$net_terms_array = array (
'0'=>'On Receipt',
'7'=>'7 Days',
'10'=>'10 Days',
'15'=>'15 Days',
'30'=>'30 Days',
'45'=>'45 Days',
'60'=>'60 Days',
'90'=>'90 Days'
);
?>
<div class="card card-dark">
<div class="card-header py-3">

126
admin/settings_theme.php
View File

@@ -1,68 +1,90 @@
<?php
require_once "includes/inc_all_admin.php";
?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-paint-brush mr-2"></i>Theme</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
$theme_colors_array = array (
'lightblue',
'blue',
'cyan',
'green',
'olive',
'teal',
'red',
'maroon',
'pink',
'purple',
'indigo',
'fuchsia',
'yellow',
'orange',
'yellow',
'black',
'navy',
'gray'
);
<label>Select a Theme</label>
<div class="form-row">
?>
<?php
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-paint-brush mr-2"></i>Theme</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
foreach ($theme_colors_array as $theme_color) {
<label>Select a Theme</label>
<div class="form-row">
?>
<?php
<div class="col-4 text-center mb-3">
<div class="form-group">
<div class="custom-control custom-radio">
<input class="custom-control-input" type="radio" onchange="this.form.submit()" id="customRadio<?php echo $theme_color; ?>" name="edit_theme_settings" value="<?php echo $theme_color; ?>" <?php if ($config_theme == $theme_color) { echo "checked"; } ?>>
<label for="customRadio<?php echo $theme_color; ?>" class="custom-control-label">
<i class="fa fa-fw fa-6x fa-circle text-<?php echo $theme_color; ?>"></i>
<br>
<?php echo $theme_color; ?>
</label>
</div>
foreach ($theme_colors_array as $theme_color) {
?>
<div class="col-4 text-center mb-3">
<div class="form-group">
<div class="custom-control custom-radio">
<input class="custom-control-input" type="radio" onchange="this.form.submit()" id="customRadio<?php echo $theme_color; ?>" name="edit_theme_settings" value="<?php echo $theme_color; ?>" <?php if ($config_theme == $theme_color) { echo "checked"; } ?>>
<label for="customRadio<?php echo $theme_color; ?>" class="custom-control-label">
<i class="fa fa-fw fa-6x fa-circle text-<?php echo $theme_color; ?>"></i>
<br>
<?php echo $theme_color; ?>
</label>
</div>
</div>
</div>
<?php } ?>
</div>
</form>
</div>
</div>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-image mr-2"></i>Favicon</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<img class="mb-3" src="<?php if(file_exists("../uploads/favicon.ico")) { echo "../uploads/favicon.ico"; } else { echo "../favicon.ico"; } ?>">
<div class="form-group">
<input type="file" class="form-control-file" name="file" accept=".ico">
</div>
<hr>
<button type="submit" name="edit_favicon_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Upload Icon</button>
<?php if(file_exists("../uploads/favicon.ico")) { ?>
<a href="post.php?reset_favicon&csrf_token=<?= $_SESSION['csrf_token'] ?>" class="btn btn-outline-danger"><i class="fas fa-redo-alt mr-2"></i>Reset Favicon</a>
<?php } ?>
</form>
</div>
</div>
</form>
</div>
</div>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-image mr-2"></i>Favicon</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<img class="mb-3" src="<?php if(file_exists("../uploads/favicon.ico")) { echo "../uploads/favicon.ico"; } else { echo "../favicon.ico"; } ?>">
<div class="form-group">
<input type="file" class="form-control-file" name="file" accept=".ico">
</div>
<hr>
<button type="submit" name="edit_favicon_settings" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Upload Icon</button>
<?php if(file_exists("../uploads/favicon.ico")) { ?>
<a href="post.php?reset_favicon&csrf_token=<?= $_SESSION['csrf_token'] ?>" class="btn btn-outline-danger"><i class="fas fa-redo-alt mr-2"></i>Reset Favicon</a>
<?php } ?>
</form>
</div>
</div>
<?php
require_once "../includes/footer.php";

2
agent/accounts.php
View File

@@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
agent/ajax.php
View File

@@ -403,6 +403,8 @@ if (isset($_GET['get_totp_token_via_id'])) {
$totp_secret = $sql['credential_otp_secret'];
$client_id = intval($sql['credential_client_id']);
enforceClientAccess();
$otp = TokenAuth6238::getTokenCode(strtoupper($totp_secret));
echo json_encode($otp);

4
agent/asset_details.php
View File

@@ -615,6 +615,8 @@ if (isset($_GET['asset_id'])) {
</form>
</div>
<?php if (lookupUserPermission('module_credential')) { // Begin Credential Enforcement ?>
<div class="card card-dark <?php if ($credential_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
@@ -744,6 +746,8 @@ if (isset($_GET['asset_id'])) {
</div>
</div>
<?php } // End Credential Enforcement ?>
<div class="card card-dark <?php if ($software_count == 0) { echo "d-none"; } ?>">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube mr-2"></i>Licenses</h3>

2
agent/certificates.php
View File

@@ -148,7 +148,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

2
agent/client_overview.php
View File

@@ -349,7 +349,7 @@ $sql_asset_retired = mysqli_query(
<?php } ?>
<?php if (mysqli_num_rows($sql_favorite_credentials) > 0) { ?>
<?php if ((mysqli_num_rows($sql_favorite_credentials) > 0) && (lookupUserPermission('module_credential'))) { ?>
<div class="col-md-4">

6
agent/clients.php
View File

@@ -444,7 +444,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
}
$client_tag_id_array[] = $client_tag_id;
$client_tag_name_display_array[] = "<a href='clients.php?tags[]=$client_tag_id'><span class='badge badge-pill text-light p-2 mr-1' style='background-color: $client_tag_color;'><i class='fas fa-$client_tag_icon fa-fw mr-1'></i>$client_tag_name</span></a>";
$client_tag_name_display_array[] = "<a href='clients.php?tags[]=$client_tag_id'><span class='mt-1 badge badge-pill text-light p-2 mr-1' style='background-color: $client_tag_color;'><i class='fas fa-$client_tag_icon fa-fw mr-1'></i>$client_tag_name</span></a>";
}
$client_tags_display = implode('', $client_tag_name_display_array);
@@ -512,10 +512,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="media-body">
<div class="text-bold"><?= $client_name ?></div>
<div class="text-secondary"><?= $client_type ?></div>
<div><?php if ($client_tags_display) { echo $client_tags_display; } ?></div>
</div>
</div>
<div class="ml-2"><?php if ($client_tags_display) { echo $client_tags_display; } ?></div>
</a>
</td>
<td>

12
agent/contact_details.php
View File

@@ -507,6 +507,8 @@ if (isset($_GET['contact_id'])) {
</div>
</div>
<?php if (lookupUserPermission('module_credential')) { // Begin Credential Enforcement ?>
<div class="card card-dark <?php if ($credential_count == 0) { echo "d-none"; } ?>">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
@@ -644,6 +646,8 @@ if (isset($_GET['contact_id'])) {
</div>
</div>
<?php } // End Credential Enforcement ?>
<div class="card card-dark <?php if ($software_count == 0) { echo "d-none"; } ?>">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube mr-2"></i>Related Licenses</h3>
@@ -1101,6 +1105,14 @@ if (isset($_GET['contact_id'])) {
<tbody>
<?php
$note_types_array = array (
'Call'=>'fa-phone-alt',
'Email'=>'fa-envelope',
'Meeting'=>'fa-handshake',
'In Person'=>'fa-people-arrows',
'Note'=>'fa-sticky-note'
);
while ($row = mysqli_fetch_assoc($sql_related_notes)) {
$contact_note_id = intval($row['contact_note_id']);
$contact_note_type = nullable_htmlentities($row['contact_note_type']);

2
agent/contacts.php
View File

@@ -288,7 +288,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form id="bulkActions" action="post.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table border">
<thead class="thead-light <?php if (!$num_rows[0]) { echo "d-none"; } ?>">
<tr>

2
agent/credentials.php
View File

@@ -276,7 +276,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

2
agent/domains.php
View File

@@ -172,7 +172,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

2
agent/expenses.php
View File

@@ -202,7 +202,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
agent/invoices.php
View File

@@ -257,7 +257,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<hr>
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

2
agent/locations.php
View File

@@ -216,7 +216,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form id="bulkActions" action="post.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

13
agent/modals/asset/asset_add.php
View File

@@ -258,8 +258,17 @@ ob_start();
</div>
<select class="form-control select2" name="status">
<option value="">- Select Status -</option>
<?php foreach($asset_status_array as $asset_status) { ?>
<option><?php echo $asset_status; ?></option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'asset_status'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$asset_status_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $asset_status_select ?></option>
<?php } ?>
</select>
</div>

17
agent/modals/asset/asset_bulk_edit_status.php
View File

@@ -26,12 +26,21 @@ ob_start();
<label>Status</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
<span class="input-group-text"><i class="fa fa-fw fa-circle"></i></span>
</div>
<select class="form-control select2" name="bulk_status">
<option value="">- Status -</option>
<?php foreach($asset_status_array as $asset_status) { ?>
<option><?php echo $asset_status; ?></option>
<option value="">- Select Status -</option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'asset_status'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$asset_status_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $asset_status_select ?></option>
<?php } ?>
</select>
</div>

16
agent/modals/asset/asset_copy.php
View File

@@ -228,8 +228,20 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-circle"></i></span>
</div>
<select class="form-control select2" name="status">
<?php foreach($asset_status_array as $asset_status_select) { ?>
<option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>><?php echo $asset_status_select; ?></option>
<option value="">- Select Status -</option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'asset_status'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$asset_status_select = nullable_htmlentities($row['category_name']);
?>
<option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>>
<?= $asset_status_select ?>
</option>
<?php } ?>
</select>
</div>

2
agent/modals/asset/asset_details.php
View File

@@ -495,7 +495,7 @@ ob_start();
</div>
<?php } ?>
<?php if ($credential_count) { ?>
<?php if (lookupUserPermission('module_credential') && ($credential_count)) { ?>
<div class="tab-pane fade" id="pills-asset-credentials">
<div class="table-responsive-sm-sm">
<table class="table table-sm table-striped table-borderless table-hover">

16
agent/modals/asset/asset_edit.php
View File

@@ -270,8 +270,20 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-circle"></i></span>
</div>
<select class="form-control select2" name="status">
<?php foreach($asset_status_array as $asset_status_select) { ?>
<option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>><?= $asset_status_select ?></option>
<option value="">- Select Status -</option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'asset_status'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$asset_status_select = nullable_htmlentities($row['category_name']);
?>
<option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>>
<?= $asset_status_select ?>
</option>
<?php } ?>
</select>
</div>

15
agent/modals/asset/asset_interface_add.php
View File

@@ -57,15 +57,24 @@ ob_start();
<!-- Type -->
<div class="form-group">
<label for="network">Type</label>
<label for="network">Interface Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
</div>
<select class="form-control select2" name="type">
<option value="">- Select Type -</option>
<?php foreach($interface_types_array as $interface_type) { ?>
<option><?php echo $interface_type; ?></option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'network_interface'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$interface_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $interface_type_select ?></option>
<?php } ?>
</select>
</div>

20
agent/modals/asset/asset_interface_bulk_edit_type.php
View File

@@ -24,16 +24,26 @@ ob_start();
<div class="modal-body">
<!-- Type -->
<div class="form-group">
<label>Interface Type</label>
<label for="network">Interface Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-ethernet"></i></span>
<span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
</div>
<select class="form-control select2" name="bulk_type">
<option value="">- Select a Type -</option>
<?php foreach($interface_types_array as $interface_type_select) { ?>
<option><?php echo $interface_type_select; ?></option>
<option value="">- Select Type -</option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'network_interface'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$interface_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $interface_type_select ?></option>
<?php } ?>
</select>
</div>

15
agent/modals/asset/asset_interface_edit.php
View File

@@ -122,16 +122,25 @@ ob_start();
<!-- Type -->
<div class="form-group">
<label for="network">Type</label>
<label for="network">Interface Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
</div>
<select class="form-control select2" name="type">
<option value="">- Select Type -</option>
<?php foreach($interface_types_array as $interface_type_select) { ?>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'network_interface'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$interface_type_select = nullable_htmlentities($row['category_name']);
?>
<option <?php if($interface_type == $interface_type_select) { echo "selected"; } ?>>
<?php echo $interface_type_select; ?>
<?= $interface_type_select ?>
</option>
<?php } ?>
</select>

15
agent/modals/asset/asset_interface_multiple_add.php
View File

@@ -38,15 +38,24 @@
<!-- Type -->
<div class="form-group">
<label for="network">Type</label>
<label for="network">Interface Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
</div>
<select class="form-control select2" name="type">
<option value="">- Select Type -</option>
<?php foreach($interface_types_array as $interface_type) { ?>
<option><?php echo $interface_type; ?></option>
<?php
$sql_interface_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'network_interface'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
$interface_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $interface_type_select ?></option>
<?php } ?>
</select>
</div>

11
agent/modals/client/client_add.php
View File

@@ -10,6 +10,17 @@ $referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_t
$sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 ORDER BY tag_name ASC");
$net_terms_array = array (
'0'=>'On Receipt',
'7'=>'7 Days',
'10'=>'10 Days',
'15'=>'15 Days',
'30'=>'30 Days',
'45'=>'45 Days',
'60'=>'60 Days',
'90'=>'90 Days'
);
ob_start();
?>

11
agent/modals/client/client_bulk_edit_net_terms.php
View File

@@ -6,6 +6,17 @@ $client_ids = array_map('intval', $_GET['client_ids'] ?? []);
$count = count($client_ids);
$net_terms_array = array (
'0'=>'On Receipt',
'7'=>'7 Days',
'10'=>'10 Days',
'15'=>'15 Days',
'30'=>'30 Days',
'45'=>'45 Days',
'60'=>'60 Days',
'90'=>'90 Days'
);
ob_start();
?>

14
agent/modals/client/client_edit.php
View File

@@ -28,9 +28,21 @@ while ($row = mysqli_fetch_assoc($sql_client_tags)) {
$client_tag_id_array[] = $client_tag_id;
}
// Generate the HTML form content using output buffering.
$net_terms_array = array (
'0'=>'On Receipt',
'7'=>'7 Days',
'10'=>'10 Days',
'15'=>'15 Days',
'30'=>'30 Days',
'45'=>'45 Days',
'60'=>'60 Days',
'90'=>'90 Days'
);
ob_start();
?>
<div class="modal-header bg-dark">
<h5 class="modal-title"><i class='fa fa-fw fa-user-edit mr-2'></i>Editing Client: <strong><?php echo $client_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">

5
agent/modals/contact/contact_details.php
View File

@@ -334,7 +334,8 @@ ob_start();
</a>
<?php } ?>
<?php if ($credential_count) { ?>
<?php
if (lookupUserPermission('module_credential') && ($credential_count)) { ?>
<a class="nav-link <?= ($first_tab === "credentials") ? "active" : "" ?>"
data-toggle="pill"
href="#pills-contact-credentials<?= $contact_id ?>"
@@ -519,7 +520,7 @@ ob_start();
</div>
<?php } ?>
<?php if ($credential_count) { ?>
<?php if (lookupUserPermission('module_credential') && ($credential_count)) { ?>
<div class="tab-pane fade <?= ($first_tab === "credentials") ? "show active" : "" ?>" id="pills-contact-credentials<?= $contact_id ?>">
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover table-sm dataTables" style="width:100%">

13
agent/modals/contact/contact_note_add.php
View File

@@ -32,8 +32,17 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-comment"></i></span>
</div>
<select class="form-control select2" name="type">
<?php foreach ($note_types_array as $note_type => $note_type_icon) { ?>
<option><?php echo nullable_htmlentities($note_type); ?></option>
<?php
$sql_contact_note_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'contact_note_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_contact_note_types_select)) {
$contact_note_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $contact_note_type_select ?></option>
<?php } ?>
</select>
</div>

4
agent/modals/credential/credential_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php';
enforceUserPermission('module_credential', 2);
$credential_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
@@ -32,6 +34,8 @@ while ($row = mysqli_fetch_assoc($sql_credential_tags)) {
$credential_tag_id_array[] = $credential_tag_id;
}
enforceClientAccess();
// Generate the HTML form content using output buffering.
ob_start();
?>

5
agent/modals/credential/credential_view.php
View File

@@ -2,11 +2,14 @@
require_once '../../../includes/modal_header.php';
enforceUserPermission('module_credential');
$credential_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$client_id = intval($row['credential_client_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
@@ -23,6 +26,8 @@ if (empty($credential_otp_secret)) {
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_created_at = nullable_htmlentities($row['credential_created_at']);
enforceClientAccess();
// Generate the HTML form content using output buffering.
ob_start();
?>

2
agent/modals/file/file_upload.php
View File

@@ -50,7 +50,7 @@ ob_start();
</div>
<div class="form-group">
<input type="file" class="form-control-file" name="file[]" multiple id="fileInput" accept=".jpg, .jpeg, .gif, .png, .webp, .pdf, .txt, .md, .doc, .docx, .odt, .csv, .xls, .xlsx, .ods, .pptx, .odp, .zip, .tar, .gz, .msg, .json, .wav, .mp3, .ogg, .mov, .mp4, .av1, .ovpn, .cfg, .ps1, .vsdx, .drawio, .pfx, .unf, .key, .stk, .bat">
<input type="file" class="form-control-file" name="file[]" multiple id="fileInput" accept=".jpg, .jpeg, .gif, .png, .webp, .pdf, .txt, .md, .doc, .docx, .odt, .csv, .xls, .xlsx, .ods, .pptx, .odp, .zip, .tar, .gz, .msg, .json, .wav, .mp3, .ogg, .mov, .mp4, .av1, .ovpn, .cfg, .ps1, .vsdx, .drawio, .pfx, .unf, .key, .stk, .bat, .swb">
</div>
<small class="text-secondary">Up to 20 files can be uploaded at once by holding down CTRL and selecting files</small>

37
agent/modals/network/network_import.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
require_once '../../../includes/modal_header.php';
$client_id = intval($_GET['client_id'] ?? 0);
ob_start();
?>
<div class="modal-header bg-dark">
<h5 class="modal-title"><i class="fas fa-fw fa-network-wired mr-2"></i>Import Networks</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?= $client_id ?>">
<div class="modal-body">
<p><strong>Format csv file with headings &amp; data:</strong><br>Name, Description, VLAN, Network (CIDR), Gateway, IP Range, Primary DNS, Secondary DNS</p>
<hr>
<div class="form-group my-4">
<input type="file" class="form-control-file" name="file" accept=".csv" required>
</div>
<hr>
<div>Download: <a class="text-bold" href="post.php?download_networks_csv_template=<?= $client_id ?>">sample csv template</a></div>
</div>
<div class="modal-footer">
<button type="submit" name="import_networks_csv" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Import</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
<?php
require_once '../../../includes/modal_footer.php';

3
agent/modals/payment/payment_add.php
View File

@@ -95,6 +95,7 @@ ob_start();
$account_id = intval($row['account_id']);
$account_name = nullable_htmlentities($row['account_name']);
$opening_balance = floatval($row['opening_balance']);
$account_currency = nullable_htmlentities($row['account_currency_code']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_assoc($sql_payments);
@@ -113,7 +114,7 @@ ob_start();
?>
<option <?php if ($config_default_payment_account == $account_id) { echo "selected"; } ?>
value="<?php echo $account_id; ?>">
<?php echo $account_name; ?> [$<?php echo number_format($account_balance, 2); ?>]
<?php echo $account_name; ?> [<?php echo numfmt_format_currency($currency_format, $account_balance, $account_currency); ?>]
</option>
<?php

4
agent/modals/quote/quote_add.php
View File

@@ -29,7 +29,7 @@ ob_start();
</div>
<?php if ($client_id) { ?>
<input type="hidden" name="client" value="<?php echo $client_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<?php } else { ?>
<div class="form-group">
@@ -38,7 +38,7 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<select class="form-control select2" name="client" required>
<select class="form-control select2" name="client_id" required>
<option value="">- Client -</option>
<?php

13
agent/modals/rack/rack_add.php
View File

@@ -43,8 +43,17 @@ ob_start();
</div>
<select class="form-control select2" name="type" required>
<option value="">- Type -</option>
<?php foreach($rack_type_select_array as $rack_type) { ?>
<option><?php echo $rack_type; ?></option>
<?php
$sql_rack_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'rack_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_rack_types_select)) {
$rack_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $rack_type_select ?></option>
<?php } ?>
</select>
</div>

15
agent/modals/rack/rack_edit.php
View File

@@ -59,8 +59,19 @@ ob_start();
</div>
<select class="form-control select2" name="type" required>
<option value="">- Type -</option>
<?php foreach($rack_type_select_array as $rack_type_select) { ?>
<option <?php if ($rack_type == $rack_type_select) { echo "selected"; } ?>><?php echo $rack_type_select; ?></option>
<?php
$sql_rack_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'rack_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_rack_types_select)) {
$rack_type_select = nullable_htmlentities($row['category_name']);
?>
<option <?php if ($rack_type == $rack_type_select) { echo "selected"; } ?>>
<?= $rack_type_select ?>
</option>
<?php } ?>
</select>
</div>

23
agent/modals/software/software_add.php
View File

@@ -4,6 +4,16 @@ require_once '../../../includes/modal_header.php';
$client_id = intval($_GET['client_id'] ?? 0);
$license_types_array = array (
'Device',
'User',
'Site',
'Concurrent',
'Trial',
'Perpetual',
'Usage-based'
);
ob_start();
?>
@@ -79,8 +89,17 @@ ob_start();
</div>
<select class="form-control select2" name="type" required>
<option value="">- Select Type -</option>
<?php foreach ($software_types_array as $software_type) { ?>
<option><?php echo $software_type; ?></option>
<<?php
$sql_software_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'software_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
$software_type_select = nullable_htmlentities($row['category_name']);
?>
<option><?= $software_type_select ?></option>
<?php } ?>
</select>
</div>

29
agent/modals/software/software_edit.php
View File

@@ -41,9 +41,20 @@ while ($row = mysqli_fetch_assoc($contact_licenses_sql)) {
}
$contact_licenses = implode(',', $contact_licenses_array);
// Generate the HTML form content using output buffering.
$license_types_array = array (
'Device',
'User',
'Site',
'Concurrent',
'Trial',
'Perpetual',
'Usage-based'
);
ob_start();
?>
<div class="modal-header bg-dark">
<h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>Editing license: <strong><?php echo $software_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
@@ -86,8 +97,20 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<select class="form-control select2" name="type" required>
<?php foreach($software_types_array as $software_type_select) { ?>
<option <?php if ($software_type == $software_type_select) { echo "selected"; } ?>><?php echo $software_type_select; ?></option>
<option value="">- Select Type -</option>
<<?php
$sql_software_types_select = mysqli_query($mysqli, "
SELECT category_name FROM categories
WHERE category_type = 'software_type'
AND category_archived_at IS NULL
ORDER BY category_order ASC, category_name ASC
");
while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
$software_type_select = nullable_htmlentities($row['category_name']);
?>
<option <?php if ($software_type == $software_type_select) { echo "selected"; } ?>>
<?= $software_type_select ?>
</option>
<?php } ?>
</select>
</div>

2
agent/modals/ticket/ticket_add.php
View File

@@ -247,7 +247,7 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<select class="form-control select2" name="contact">
<select class="form-control select2" name="contact_id">
<option value="0">- No One -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_title, contact_primary, contact_technical FROM contacts WHERE contact_client_id = $client_id AND contact_archived_at IS NULL ORDER BY contact_primary DESC, contact_technical DESC, contact_name ASC");

12
agent/networks.php
View File

@@ -79,15 +79,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary ajax-modal" data-modal-url="modals/network/network_add.php?<?= $client_url ?>&location_id=<?= $location_filter ?>"><i class="fas fa-plus mr-2"></i>New Network</button>
<?php if ($num_rows[0] > 0) { ?>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<?php if ($num_rows[0] > 0) { ?>
<a class="dropdown-item text-dark ajax-modal" href="#"
data-modal-url="modals/network/network_export.php?<?= $client_url ?>">
<i class="fa fa-fw fa-download mr-2"></i>Export
</a>
<?php } ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-dark ajax-modal" href="#"
data-modal-url="modals/network/network_import.php?<?= $client_url ?>">
<i class="fa fa-fw fa-upload mr-2"></i>Import
</a>
</div>
<?php } ?>
</div>
</div>
@@ -187,7 +193,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">

2
agent/payments.php
View File

@@ -138,7 +138,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

1
agent/post/account.php
View File

@@ -12,7 +12,6 @@ if (isset($_POST['add_account'])) {
enforceUserPermission('module_financial', 2);
$name = sanitizeInput($_POST['name']);
$opening_balance = floatval($_POST['opening_balance']);
$currency_code = sanitizeInput($_POST['currency_code']);

64
agent/post/client.php
View File

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_client'])) {
// JQ - Using Prepared MySQLi Statements here for show this is not our standard and is only used in the client add/edit POST.
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
@@ -260,25 +262,63 @@ if (isset($_POST['edit_client'])) {
$client_id = intval($_POST['client_id']);
mysqli_query($mysqli, "UPDATE clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_rate = $rate, client_net_terms = $net_terms, client_tax_id_number = '$tax_id_number', client_lead = $lead, client_abbreviation = '$abbreviation', client_notes = '$notes' WHERE client_id = $client_id");
// Update client using prepared statement
$query = mysqli_prepare(
$mysqli,
"UPDATE clients SET
client_name = ?,
client_type = ?,
client_website = ?,
client_referral = ?,
client_rate = ?,
client_net_terms = ?,
client_tax_id_number = ?,
client_lead = ?,
client_abbreviation = ?,
client_notes = ?
WHERE client_id = ?"
);
mysqli_stmt_bind_param(
$query,
"ssssdisissi",
$name,
$type,
$website,
$referral,
$rate,
$net_terms,
$tax_id_number,
$lead,
$abbreviation,
$notes,
$client_id
);
mysqli_stmt_execute($query);
// Create Referral if it doesn't exist
$sql = mysqli_query($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = '$referral'");
if(mysqli_num_rows($sql) == 0) {
mysqli_query($mysqli, "INSERT INTO categories SET category_name = '$referral', category_type = 'Referral'");
// Create referral category if it doesn't exist
$query = mysqli_prepare($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = ?");
mysqli_stmt_bind_param($query, "s", $referral);
mysqli_stmt_execute($query);
mysqli_stmt_store_result($query);
if (mysqli_stmt_num_rows($query) == 0) {
$query = mysqli_prepare($mysqli, "INSERT INTO categories SET category_name = ?, category_type = 'Referral'");
mysqli_stmt_bind_param($query, "s", $referral);
mysqli_stmt_execute($query);
logAction("Category", "Create", "$session_name created referral category $referral");
}
// Tags
// Delete existing tags
mysqli_query($mysqli, "DELETE FROM client_tags WHERE client_id = $client_id");
// Tags - delete existing and re-insert
$query = mysqli_prepare($mysqli, "DELETE FROM client_tags WHERE client_id = ?");
mysqli_stmt_bind_param($query, "i", $client_id);
mysqli_stmt_execute($query);
// Add new tags
if(isset($_POST['tags'])) {
foreach($_POST['tags'] as $tag) {
if (isset($_POST['tags'])) {
$query = mysqli_prepare($mysqli, "INSERT INTO client_tags SET client_id = ?, tag_id = ?");
foreach ($_POST['tags'] as $tag) {
$tag = intval($tag);
mysqli_query($mysqli, "INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
mysqli_stmt_bind_param($query, "ii", $client_id, $tag);
mysqli_stmt_execute($query);
}
}

2
agent/post/file.php
View File

@@ -33,7 +33,7 @@ if (isset($_POST['upload_files'])) {
'odt', 'csv', 'xls', 'xlsx', 'ods', 'pptx', 'odp', 'zip', 'tar', 'gz',
'msg', 'json', 'wav', 'mp3', 'ogg', 'mov', 'mp4', 'av1', 'ovpn',
'cfg', 'ps1', 'vsdx', 'drawio', 'pfx', 'pages', 'numbers', 'unf', 'unifi',
'key', 'bat', 'stk'
'key', 'bat', 'stk', 'swb'
];
// Loop through each uploaded file

160
agent/post/network.php
View File

@@ -188,7 +188,7 @@ if (isset($_POST['export_networks_csv'])) {
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM networks LEFT JOIN client ON client_id = network_client_id WHERE network_archived_at IS NULL $client_query $access_permission_query ORDER BY network_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM networks LEFT JOIN clients ON client_id = network_client_id WHERE network_archived_at IS NULL $client_query $access_permission_query ORDER BY network_name ASC");
$num_rows = mysqli_num_rows($sql);
@@ -227,3 +227,161 @@ if (isset($_POST['export_networks_csv'])) {
exit;
}
// ============================================================
// Add these two blocks to agent/post/network.php
// Place them alongside the existing export_networks_csv block.
// ============================================================
// ----------------------------------------------------------
// CSV Template Download
// GET: post.php?download_networks_csv_template=<client_id>
// ----------------------------------------------------------
if (isset($_GET['download_networks_csv_template'])) {
$delimiter = ",";
$enclosure = '"';
$escape = '\\';
$filename = "Networks-Template.csv";
$f = fopen('php://memory', 'w');
$fields = array('Name', 'Description', 'VLAN', 'Network (CIDR)', 'Gateway', 'IP Range', 'Primary DNS', 'Secondary DNS');
fputcsv($f, $fields, $delimiter, $enclosure, $escape);
// One example row so the user can see expected formatting
$example = array('Office LAN', 'Main office network', '10', '192.168.1.0/24', '192.168.1.1', '192.168.1.100-192.168.1.200', '8.8.8.8', '8.8.4.4');
fputcsv($f, $example, $delimiter, $enclosure, $escape);
fseek($f, 0);
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="' . $filename . '";');
fpassthru($f);
exit;
}
// ----------------------------------------------------------
// CSV Import
// POST: post.php (name="import_networks_csv")
// ----------------------------------------------------------
if (isset($_POST['import_networks_csv'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
enforceClientAccess();
$error = false;
// File provided?
if (!empty($_FILES['file']['tmp_name'])) {
$file_name = $_FILES['file']['tmp_name'];
} else {
flash_alert("Please select a file to upload.", 'error');
redirect();
}
// Check extension
$file_extension = strtolower(end(explode('.', $_FILES['file']['name'])));
if ($file_extension !== 'csv') {
$error = true;
flash_alert("Bad file extension — only .csv files are accepted.", 'error');
}
// Check not empty
elseif ($_FILES['file']['size'] < 1) {
$error = true;
flash_alert("Bad file size (empty file?).", 'error');
}
// Check column count matches the 8-column export/template format
else {
$f = fopen($file_name, 'r');
$f_columns = fgetcsv($f, 1000, ',');
fclose($f);
if (count($f_columns) !== 8) {
$error = true;
flash_alert("Bad column count — expected 8 columns: Name, Description, VLAN, Network (CIDR), Gateway, IP Range, Primary DNS, Secondary DNS.", 'error');
}
}
// Parse and insert
if (!$error) {
$file = fopen($file_name, 'r');
fgetcsv($file, 1000, ','); // Skip header row
$row_count = 0;
$duplicate_count = 0;
while (($column = fgetcsv($file, 1000, ',')) !== false) {
$duplicate_detect = 0;
$name = isset($column[0]) ? sanitizeInput($column[0]) : '';
$description = isset($column[1]) ? sanitizeInput($column[1]) : '';
$vlan = isset($column[2]) ? intval($column[2]) : 0;
$network = isset($column[3]) ? sanitizeInput($column[3]) : '';
$gateway = isset($column[4]) ? sanitizeInput($column[4]) : '';
$dhcp_range = isset($column[5]) ? sanitizeInput($column[5]) : '';
$primary_dns = isset($column[6]) ? sanitizeInput($column[6]) : '';
$secondary_dns = isset($column[7]) ? sanitizeInput($column[7]) : '';
// Skip rows with no name
if ($name === '') {
continue;
}
// Duplicate check — same name + network address for this client
$dup_check = mysqli_query($mysqli,
"SELECT network_id FROM networks
WHERE network_name = '$name'
AND network = '$network'
AND network_client_id = $client_id
AND network_archived_at IS NULL
LIMIT 1"
);
if (mysqli_num_rows($dup_check) > 0) {
$duplicate_detect = 1;
}
if ($duplicate_detect === 0) {
mysqli_query($mysqli,
"INSERT INTO networks SET
network_name = '$name',
network_description = '$description',
network_vlan = $vlan,
network = '$network',
network_gateway = '$gateway',
network_dhcp_range = '$dhcp_range',
network_primary_dns = '$primary_dns',
network_secondary_dns = '$secondary_dns',
network_client_id = $client_id"
);
$row_count++;
} else {
$duplicate_count++;
}
}
fclose($file);
logAction("Network", "Import", "$session_name imported $row_count network(s). $duplicate_count duplicate(s) found and not imported", $client_id);
flash_alert("$row_count Network(s) imported, $duplicate_count duplicate(s) detected and not imported");
redirect();
}
if ($error) {
redirect();
}
}

4
agent/post/quote.php
View File

@@ -14,7 +14,7 @@ if (isset($_POST['add_quote'])) {
require_once 'quote_model.php';
$client_id = intval($_POST['client']);
$client_id = intval($_POST['client_id']);
enforceClientAccess();
@@ -55,7 +55,7 @@ if (isset($_POST['add_quote_copy'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_POST['quote_id']);
$client_id = intval($_POST['client']);
$client_id = intval($_POST['client_id']);
$date = sanitizeInput($_POST['date']);
$expire = sanitizeInput($_POST['expire']);

2
agent/post/rack.php
View File

@@ -265,7 +265,7 @@ if (isset($_POST['edit_rack_unit'])) {
if (isset($_GET['remove_rack_unit'])) {
validateCSRFToken($_POST['csrf_token']);
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);

2
agent/products.php
View File

@@ -169,7 +169,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

5
agent/project_details.php
View File

@@ -341,13 +341,13 @@ if (isset($_GET['project_id'])) {
<div class="card-body p-0">
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-border table-hover">
<thead class="thead-light">
<tr>
<td class="bg-light checkbox-column">
<div class="form-check">
<input class="form-check-input" id="selectAllCheckbox" type="checkbox" onclick="checkAll(this)" onkeydown="checkAll(this)">
<input class="form-check-input" id="selectAllCheckbox" type="checkbox" onclick="checkAll(this)">
</div>
</td>
<th>
@@ -494,7 +494,6 @@ if (isset($_GET['project_id'])) {
<td><?php echo $client_name; ?></td>
</tr>
<?php } ?>
</tbody>

28
agent/projects.php
View File

@@ -108,7 +108,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-hover table-borderless">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>
@@ -190,34 +190,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
// Get Tasks and Tickets Stats
// Get Tickets
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id");
$ticket_count = mysqli_num_rows($sql_tickets);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('ticket_id') AS count FROM tickets WHERE ticket_project_id = $project_id"));
$ticket_count = $row['count'];
// Get Closed Ticket Count
$sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL");
$closed_ticket_count = mysqli_num_rows($sql_closed_tickets);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('ticket_id') AS count FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL"));
$closed_ticket_count = $row['count'];
// Ticket Closed Percent
if($ticket_count) {
$tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100);
}
// Get All Tasks
$sql_tasks = mysqli_query($mysqli,
"SELECT * FROM tickets, tasks
WHERE ticket_id = task_ticket_id
AND ticket_project_id = $project_id"
);
$task_count = mysqli_num_rows($sql_tasks);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS count FROM tickets, tasks WHERE ticket_id = task_ticket_id AND ticket_project_id = $project_id"));
$task_count = $row['count'];
// Get Completed Task Count
$sql_tasks_completed = mysqli_query($mysqli,
"SELECT * FROM tickets, tasks
WHERE ticket_id = task_ticket_id
AND ticket_project_id = $project_id
AND task_completed_at IS NOT NULL"
);
$completed_task_count = mysqli_num_rows($sql_tasks_completed);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS count FROM tickets, tasks WHERE ticket_id = task_ticket_id AND ticket_project_id = $project_id AND task_completed_at IS NOT NULL"));
$completed_task_count = $row['count'];
// Tasks Completed Percent
if($task_count) {

2
agent/quotes.php
View File

@@ -91,7 +91,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

2
agent/recurring_expenses.php
View File

@@ -63,7 +63,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
agent/recurring_invoices.php
View File

@@ -93,7 +93,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

2
agent/recurring_tickets.php
View File

@@ -212,7 +212,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

2
agent/revenues.php
View File

@@ -60,7 +60,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

2
agent/services.php
View File

@@ -110,7 +110,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
agent/software.php
View File

@@ -146,7 +146,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

5
agent/ticket_list.php
View File

@@ -3,7 +3,7 @@
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if (!$num_rows[0]) { echo "d-none"; } ?> text-nowrap">
<tr>
@@ -172,6 +172,9 @@
// Get Tasks
// Get Tasks
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS count FROM tickets, tasks WHERE ticket_id = task_ticket_id AND ticket_project_id = $project_id"));
$task_count = $row['count'];
$sql_tasks = mysqli_query( $mysqli, "SELECT * FROM tasks WHERE task_ticket_id = $ticket_id ORDER BY task_created_at ASC");
$task_count = mysqli_num_rows($sql_tasks);
// Get Completed Task Count

2
agent/transfers.php
View File

@@ -120,7 +120,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

2
agent/trips.php
View File

@@ -85,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</form>
<hr>
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>

2
agent/vendors.php
View File

@@ -113,7 +113,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<form id="bulkActions" action="post.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="table-responsive-sm">
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>

38
api/v1/assets/asset_model.php
View File

@@ -4,7 +4,7 @@
if (isset($_POST['asset_name'])) {
$name = sanitizeInput($_POST['asset_name']);
} elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
$name = $asset_row['asset_name'];
$name = mysqli_real_escape_string($mysqli, $asset_row['asset_name']);
} else {
$name = '';
}
@@ -12,7 +12,7 @@ if (isset($_POST['asset_name'])) {
if (isset($_POST['asset_description'])) {
$description = sanitizeInput($_POST['asset_description']);
} elseif (isset($asset_row) && isset($asset_row['asset_description'])) {
$description = $asset_row['asset_description'];
$description = mysqli_real_escape_string($mysqli, $asset_row['asset_description']);
} else {
$description = '';
}
@@ -20,7 +20,7 @@ if (isset($_POST['asset_description'])) {
if (isset($_POST['asset_type'])) {
$type = sanitizeInput($_POST['asset_type']);
} elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
$type = $asset_row['asset_type'];
$type = mysqli_real_escape_string($mysqli, $asset_row['asset_type']);
} else {
$type = '';
}
@@ -28,14 +28,14 @@ if (isset($_POST['asset_type'])) {
if (isset($_POST['asset_make'])) {
$make = sanitizeInput($_POST['asset_make']);
} elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
$make = $asset_row['asset_make'];
$make = mysqli_real_escape_string($mysqli, $asset_row['asset_make']);
} else {
$make = '';
}
if (isset($_POST['asset_model'])) {
$model = sanitizeInput($_POST['asset_model']);
} elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
$model = $asset_row['asset_model'];
$model = mysqli_real_escape_string($mysqli, $asset_row['asset_model']);
} else {
$model = '';
}
@@ -43,7 +43,7 @@ if (isset($_POST['asset_model'])) {
if (isset($_POST['asset_serial'])) {
$serial = sanitizeInput($_POST['asset_serial']);
} elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
$serial = $asset_row['asset_serial'];
$serial = mysqli_real_escape_string($mysqli, $asset_row['asset_serial']);
} else {
$serial = '';
}
@@ -51,7 +51,7 @@ if (isset($_POST['asset_serial'])) {
if (isset($_POST['asset_os'])) {
$os = sanitizeInput($_POST['asset_os']);
} elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
$os = $asset_row['asset_os'];
$os = mysqli_real_escape_string($mysqli, $asset_row['asset_os']);
} else {
$os = '';
}
@@ -59,7 +59,7 @@ if (isset($_POST['asset_os'])) {
if (isset($_POST['asset_ip'])) {
$ip = sanitizeInput($_POST['asset_ip']);
} elseif (isset($asset_row) && isset($asset_row['interface_ip'])) {
$ip = $asset_row['interface_ip'];
$ip = mysqli_real_escape_string($mysqli, $asset_row['interface_ip']);
} else {
$ip = '';
}
@@ -67,7 +67,7 @@ if (isset($_POST['asset_ip'])) {
if (isset($_POST['asset_mac'])) {
$mac = sanitizeInput($_POST['asset_mac']);
} elseif (isset($asset_row) && isset($asset_row['interface_mac'])) {
$mac = $asset_row['interface_mac'];
$mac = mysqli_real_escape_string($mysqli, $asset_row['interface_mac']);
} else {
$mac = '';
}
@@ -75,15 +75,23 @@ if (isset($_POST['asset_mac'])) {
if (isset($_POST['asset_uri'])) {
$uri = sanitizeInput($_POST['asset_uri']);
} elseif (isset($asset_row) && isset($asset_row['asset_uri'])) {
$uri = $asset_row['asset_uri'];
$uri = mysqli_real_escape_string($mysqli, $asset_row['asset_uri']);
} else {
$uri = '';
}
if (isset($_POST['asset_uri_2'])) {
$uri_2 = sanitizeInput($_POST['asset_uri_2']);
} elseif (isset($asset_row) && isset($asset_row['asset_uri_2'])) {
$uri_2 = mysqli_real_escape_string($mysqli, $asset_row['asset_uri_2']);
} else {
$uri_2 = '';
}
if (isset($_POST['asset_status'])) {
$status = sanitizeInput($_POST['asset_status']);
} elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
$status = $asset_row['asset_status'];
$status = mysqli_real_escape_string($mysqli, $asset_row['asset_status']);
} else {
$status = '';
}
@@ -91,7 +99,7 @@ if (isset($_POST['asset_status'])) {
if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
$purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'";
} elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
$purchase_date = "'" . $asset_row['asset_purchase_date'] . "'";
$purchase_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_purchase_date']) . "'";
} else {
$purchase_date = "NULL";
}
@@ -99,7 +107,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
$warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'";
} elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
$warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'";
$warranty_expire = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_warranty_expire']) . "'";
} else {
$warranty_expire = "NULL";
}
@@ -107,7 +115,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi
if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
$install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'";
} elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
$install_date = "'" . $asset_row['asset_install_date'] . "'";
$install_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_install_date']) . "'";
} else {
$install_date = "NULL";
}
@@ -115,7 +123,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date']))
if (isset($_POST['asset_notes'])) {
$notes = sanitizeInput($_POST['asset_notes']);
} elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
$notes = $asset_row['asset_notes'];
$notes = mysqli_real_escape_string($mysqli, $asset_row['asset_notes']);
} else {
$notes = '';
}

2
api/v1/assets/read.php
View File

@@ -37,7 +37,7 @@ if (isset($_GET['asset_id'])) {
} elseif (isset($_GET['asset_uri_2'])) {
// Asset query via uri2
$uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
$uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri_2']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri_2 = '$uri2' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}else {

6
api/v1/assets/update.php
View File

@@ -18,8 +18,7 @@ if (!empty($asset_id)) {
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once 'asset_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
// Check insert & get insert ID
if ($update_sql) {
@@ -28,6 +27,9 @@ if (!empty($asset_id)) {
// Update Primary Interface
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_mac = '$mac', interface_ip = '$ip', interface_network_id = $network WHERE interface_asset_id = $asset_id AND interface_primary = 1");
// Add to History
mysqli_query($mysqli,"INSERT INTO asset_history SET asset_history_status = '$status', asset_history_description = 'API updated $name ($api_key_name)', asset_history_asset_id = $asset_id");
// Logging
logAction("Asset", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited asset $name via API ($api_key_name)", $client_id);

16
api/v1/clients/client_model.php
View File

@@ -5,7 +5,7 @@
if (isset($_POST['client_name'])) {
$name = sanitizeInput($_POST['client_name']);
} elseif ($client_row) {
$name = $client_row['client_name'];
$name = mysqli_real_escape_string($mysqli, $client_row['client_name']);
} else {
$name = '';
}
@@ -13,7 +13,7 @@ if (isset($_POST['client_name'])) {
if (isset($_POST['client_type'])) {
$type = sanitizeInput($_POST['client_type']);
} elseif ($client_row) {
$type = $client_row['client_type'];
$type = mysqli_real_escape_string($mysqli, $client_row['client_type']);
} else {
$type = '';
}
@@ -21,7 +21,7 @@ if (isset($_POST['client_type'])) {
if (isset($_POST['client_website'])) {
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website']));
} elseif ($client_row) {
$website = $client_row['client_website'];
$website = mysqli_real_escape_string($mysqli, $client_row['client_website']);
} else {
$website = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['client_website'])) {
if (isset($_POST['client_referral'])) {
$referral = sanitizeInput($_POST['client_referral']);
} elseif ($client_row) {
$referral = $client_row['client_referral'];
$referral = mysqli_real_escape_string($mysqli, $client_row['client_referral']);
} else {
$referral = '';
}
@@ -45,7 +45,7 @@ if (isset($_POST['client_rate'])) {
if (isset($_POST['client_currency_code'])) {
$currency_code = sanitizeInput($_POST['client_currency_code']);
} elseif ($client_row) {
$currency_code = $client_row['client_currency_code'];
$currency_code = mysqli_real_escape_string($mysqli, $client_row['client_currency_code']);
} else {
$currency_code = '';
}
@@ -61,7 +61,7 @@ if (isset($_POST['client_net_terms'])) {
if (isset($_POST['client_tax_id_number'])) {
$tax_id_number = sanitizeInput($_POST['client_tax_id_number']);
} elseif ($client_row) {
$tax_id_number = $client_row['client_tax_id_number'];
$tax_id_number = mysqli_real_escape_string($mysqli, $client_row['client_tax_id_number']);
} else {
$tax_id_number = '';
}
@@ -69,7 +69,7 @@ if (isset($_POST['client_tax_id_number'])) {
if (isset($_POST['client_abbreviation'])) {
$abbreviation = sanitizeInput(substr($_POST['client_abbreviation'], 0, 6));
} elseif ($client_row) {
$abbreviation = $client_row['client_abbreviation'];
$abbreviation = mysqli_real_escape_string($mysqli, $client_row['client_abbreviation']);
} else {
$abbreviation = '';
}
@@ -85,7 +85,7 @@ if (isset($_POST['client_is_lead'])) {
if (isset($_POST['client_notes'])) {
$notes = sanitizeInput($_POST['client_notes']);
} elseif ($client_row) {
$notes = $client_row['client_notes'];
$notes = mysqli_real_escape_string($mysqli, $client_row['client_notes']);
} else {
$notes = '';
}

3
api/v1/clients/update.php
View File

@@ -3,9 +3,6 @@
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse Info
$client_id = intval($_POST['client_id']);
// Default
$update_count = false;

16
api/v1/contacts/contact_model.php
View File

@@ -5,7 +5,7 @@ define('number_regex', '/[^0-9]/');
if (isset($_POST['contact_name'])) {
$name = sanitizeInput($_POST['contact_name']);
} elseif ($contact_row) {
$name = $contact_row['contact_name'];
$name = mysqli_real_escape_string($mysqli, $contact_row['contact_name']);
} else {
$name = '';
}
@@ -13,7 +13,7 @@ if (isset($_POST['contact_name'])) {
if (isset($_POST['contact_title'])) {
$title = sanitizeInput($_POST['contact_title']);
} elseif ($contact_row) {
$title = $contact_row['contact_title'];
$title = mysqli_real_escape_string($mysqli, $contact_row['contact_title']);
} else {
$title = '';
}
@@ -21,7 +21,7 @@ if (isset($_POST['contact_title'])) {
if (isset($_POST['contact_department'])) {
$department = sanitizeInput($_POST['contact_department']);
} elseif ($contact_row) {
$department = $contact_row['contact_department'];
$department = mysqli_real_escape_string($mysqli, $contact_row['contact_department']);
} else {
$department = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['contact_department'])) {
if (isset($_POST['contact_email'])) {
$email = sanitizeInput($_POST['contact_email']);
} elseif ($contact_row) {
$email = $contact_row['contact_email'];
$email = mysqli_real_escape_string($mysqli, $contact_row['contact_email']);
} else {
$email = '';
}
@@ -37,7 +37,7 @@ if (isset($_POST['contact_email'])) {
if (isset($_POST['contact_phone'])) {
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
} elseif ($contact_row) {
$phone = $contact_row['contact_phone'];
$phone = mysqli_real_escape_string($mysqli, $contact_row['contact_phone']);
} else {
$phone = '';
}
@@ -45,7 +45,7 @@ if (isset($_POST['contact_phone'])) {
if (isset($_POST['contact_extension'])) {
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
} elseif ($contact_row) {
$extension = $contact_row['contact_extension'];
$extension = mysqli_real_escape_string($mysqli, $contact_row['contact_extension']);
} else {
$extension = '';
}
@@ -53,7 +53,7 @@ if (isset($_POST['contact_extension'])) {
if (isset($_POST['contact_mobile'])) {
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
} elseif ($contact_row) {
$mobile = $contact_row['contact_mobile'];
$mobile = mysqli_real_escape_string($mysqli, $contact_row['contact_mobile']);
} else {
$mobile = '';
}
@@ -61,7 +61,7 @@ if (isset($_POST['contact_mobile'])) {
if (isset($_POST['contact_notes'])) {
$notes = sanitizeInput($_POST['contact_notes']);
} elseif ($contact_row) {
$notes = $contact_row['contact_notes'];
$notes = mysqli_real_escape_string($mysqli, $contact_row['contact_notes']);
} else {
$notes = '';
}

2
api/v1/credentials/create.php
View File

@@ -13,7 +13,7 @@ $insert_id = false;
if (!empty($api_key_decrypt_password) && !empty($name) && !(empty($password))) {
// Add credential
$insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id");
$insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_favorite = $favorite, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id");
// Check insert & get insert ID
if ($insert_sql) {

32
api/v1/credentials/credential_model.php
View File

@@ -11,7 +11,7 @@ if (isset($_POST['api_key_decrypt_password'])) {
if (isset($_POST['credential_name'])) {
$name = sanitizeInput($_POST['credential_name']);
} elseif (isset($credential_row) && isset($credential_row['credential_name'])) {
$name = $credential_row['credential_name'];
$name = mysqli_real_escape_string($mysqli, $credential_row['credential_name']);
} else {
$name = '';
}
@@ -19,7 +19,7 @@ if (isset($_POST['credential_name'])) {
if (isset($_POST['credential_description'])) {
$description = sanitizeInput($_POST['credential_description']);
} elseif (isset($credential_row) && isset($credential_row['credential_description'])) {
$description = $credential_row['credential_description'];
$description = mysqli_real_escape_string($mysqli, $credential_row['credential_description']);
} else {
$description = '';
}
@@ -27,7 +27,7 @@ if (isset($_POST['credential_description'])) {
if (isset($_POST['credential_uri'])) {
$uri = sanitizeInput($_POST['credential_uri']);
} elseif (isset($credential_row) && isset($credential_row['credential_uri'])) {
$uri = $credential_row['credential_uri'];
$uri = mysqli_real_escape_string($mysqli, $credential_row['credential_uri']);
} else {
$uri = '';
}
@@ -35,7 +35,7 @@ if (isset($_POST['credential_uri'])) {
if (isset($_POST['credential_uri_2'])) {
$uri_2 = sanitizeInput($_POST['credential_uri_2']);
} elseif (isset($credential_row) && isset($credential_row['credential_uri_2'])) {
$uri_2 = $credential_row['credential_uri_2'];
$uri_2 = mysqli_real_escape_string($mysqli, $credential_row['credential_uri_2']);
} else {
$uri_2 = '';
}
@@ -61,12 +61,10 @@ if (isset($_POST['credential_password'])) {
$password_changed = false;
}
if (isset($_POST['credential_otp_secret'])) {
$otp_secret = sanitizeInput($_POST['credential_otp_secret']);
} elseif (isset($credential_row) && isset($credential_row['credential_otp_secret'])) {
$otp_secret = $credential_row['credential_otp_secret'];
$otp_secret = mysqli_real_escape_string($mysqli, $credential_row['credential_otp_secret']);
} else {
$otp_secret = '';
}
@@ -74,17 +72,17 @@ if (isset($_POST['credential_otp_secret'])) {
if (isset($_POST['credential_note'])) {
$note = sanitizeInput($_POST['credential_note']);
} elseif (isset($credential_row) && isset($credential_row['credential_note'])) {
$note = $credential_row['credential_note'];
$note = mysqli_real_escape_string($mysqli, $credential_row['credential_note']);
} else {
$note = '';
}
if (isset($_POST['credential_important'])) {
$important = intval($_POST['credential_important']);
} elseif (isset($credential_row) && isset($credential_row['credential_important'])) {
$important = $credential_row['credential_important'];
if (isset($_POST['credential_favorite'])) {
$favorite = intval($_POST['credential_favorite']);
} elseif (isset($credential_row) && isset($credential_row['credential_favorite'])) {
$favorite = $credential_row['credential_favorite'];
} else {
$important = '';
$favorite = 0;
}
if (isset($_POST['credential_contact_id'])) {
@@ -92,7 +90,7 @@ if (isset($_POST['credential_contact_id'])) {
} elseif (isset($credential_row) && isset($credential_row['credential_contact_id'])) {
$contact_id = $credential_row['credential_contact_id'];
} else {
$contact_id = '';
$contact_id = 0;
}
if (isset($_POST['credential_vendor_id'])) {
@@ -100,7 +98,7 @@ if (isset($_POST['credential_vendor_id'])) {
} elseif (isset($credential_row) && isset($credential_row['credential_vendor_id'])) {
$vendor_id = $credential_row['credential_vendor_id'];
} else {
$vendor_id = '';
$vendor_id = 0;
}
if (isset($_POST['credential_asset_id'])) {
@@ -108,7 +106,7 @@ if (isset($_POST['credential_asset_id'])) {
} elseif (isset($credential_row) && isset($credential_row['credential_asset_id'])) {
$asset_id = $credential_row['credential_asset_id'];
} else {
$asset_id = '';
$asset_id = 0;
}
if (isset($_POST['credential_software_id'])) {
@@ -116,5 +114,5 @@ if (isset($_POST['credential_software_id'])) {
} elseif (isset($credential_row) && isset($credential_row['credential_software_id'])) {
$software_id = $credential_row['credential_software_id'];
} else {
$software_id = '';
$software_id = 0;
}

2
api/v1/credentials/update.php
View File

@@ -17,7 +17,7 @@ if (!empty($_POST['api_key_decrypt_password']) && !empty($credential_id)) {
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once 'credential_model.php';
$update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1");
$update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_favorite = $favorite, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1");
// Check insert & get insert ID
if ($update_sql) {

8
api/v1/documents/document_model.php
View File

@@ -4,7 +4,7 @@
if (isset($_POST['document_name'])) {
$name = sanitizeInput($_POST['document_name']);
} elseif (isset($document_row) && isset($document_row['document_name'])) {
$name = $document_row['document_name'];
$name = mysqli_real_escape_string($mysqli, $document_row['document_name']);
} else {
$name = '';
}
@@ -12,7 +12,7 @@ if (isset($_POST['document_name'])) {
if (isset($_POST['document_description'])) {
$description = sanitizeInput($_POST['document_description']);
} elseif (isset($document_row) && isset($document_row['document_description'])) {
$description = $document_row['document_description'];
$description = mysqli_real_escape_string($mysqli, $document_row['document_description']);
} else {
$description = '';
}
@@ -20,7 +20,7 @@ if (isset($_POST['document_description'])) {
if (isset($_POST['document_content'])) {
$content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
} elseif (isset($document_row) && isset($document_row['document_content'])) {
$content = $document_row['document_content'];
$content = mysqli_real_escape_string($mysqli, $document_row['document_content']);
} else {
$content = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['document_content'])) {
if (isset($_POST['document_content'])) {
$content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
} elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
$content_raw = $document_row['document_content_raw'];
$content_raw = mysqli_real_escape_string($mysqli, $document_row['document_content_raw']);
} else {
$content_raw = '';
}

12
api/v1/documents/update.php
View File

@@ -60,8 +60,18 @@ if (!empty($document_id)) {
$document_version_id = mysqli_insert_id($mysqli);
// 3) Variable assignment from POST (uses trigger you already have)
// 3) Variable assignment from POST
// This should set: $name, $description, $content (raw html), $folder, etc.
// Fetch current doc data (fresh)
$document_row = mysqli_fetch_assoc(mysqli_query($mysqli, "
SELECT * FROM documents
WHERE document_client_id = $client_id
AND document_id = $document_id
LIMIT 1
"));
// Assign variables from POST or fallback to DB
require_once 'document_model.php';
// Process NEW HTML content: save base64 images to /uploads/documents/<document_id>/

2
api/v1/domains/read.php
View File

@@ -13,7 +13,7 @@ if (isset($_GET['domain_id'])) {
} elseif (isset($_GET['domain_name'])) {
// Domain by name
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
} else {
// All domains (by client ID or all in general if key permits)

64
api/v1/invoice_items/read.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
/*
* API - Invoice Items - Read
* GET /api/v1/invoice_items/read.php
*
* Returns line items belonging to invoices scoped to the API key's client.
*
* Parameters (GET):
* api_key required - Your API key
* invoice_id required* - Return items for a single invoice
* item_id required* - Return a single line item by its own ID
* * One of invoice_id or item_id must be provided
* limit optional - Max rows to return (default 50)
* offset optional - Offset for pagination (default 0)
*
* Security:
* - invoice_items are always joined to invoices so that invoice_client_id
* is checked against the API key's client scope. A scoped key can never
* read items belonging to another client, even when item_id is supplied
* directly.
* - $client_id is set to "%" by validate_api_key.php for All-Clients keys,
* which causes the LIKE to match every client — consistent with other
* endpoints in this API.
*/
require_once '../validate_api_key.php';
require_once '../require_get_method.php';
if (isset($_GET['item_id'])) {
// Single line item by item_id — still JOIN to invoices to enforce client scope
$item_id = intval($_GET['item_id']);
$sql = mysqli_query($mysqli,
"SELECT ii.*
FROM invoice_items ii
INNER JOIN invoices i ON i.invoice_id = ii.item_invoice_id
WHERE ii.item_id = '$item_id'
AND i.invoice_client_id LIKE '$client_id'
LIMIT 1"
);
} elseif (isset($_GET['invoice_id'])) {
// All items on a specific invoice
$invoice_id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli,
"SELECT ii.*
FROM invoice_items ii
INNER JOIN invoices i ON i.invoice_id = ii.item_invoice_id
WHERE ii.item_invoice_id = '$invoice_id'
AND i.invoice_client_id LIKE '$client_id'
ORDER BY ii.item_order ASC, ii.item_id ASC
LIMIT $limit OFFSET $offset"
);
} else {
// No filter supplied — reject the request
http_response_code(400);
echo json_encode([
'success' => 'False',
'message' => 'A filter is required. Please supply either invoice_id or item_id.',
'count' => 0,
'data' => []
]);
exit;
}
// Output
require_once "../read_output.php";

18
api/v1/locations/location_model.php
View File

@@ -5,7 +5,7 @@
if (isset($_POST['location_name'])) {
$name = sanitizeInput($_POST['location_name']);
} elseif ($location_row) {
$name = $location_row['location_name'];
$name = mysqli_real_escape_string($mysqli, $location_row['location_name']);
} else {
$name = '';
}
@@ -13,7 +13,7 @@ if (isset($_POST['location_name'])) {
if (isset($_POST['location_description'])) {
$description = sanitizeInput($_POST['location_description']);
} elseif ($location_row) {
$description = $location_row['location_description'];
$description = mysqli_real_escape_string($mysqli, $location_row['location_description']);
} else {
$description = '';
}
@@ -21,7 +21,7 @@ if (isset($_POST['location_description'])) {
if (isset($_POST['location_country'])) {
$country = sanitizeInput($_POST['location_country']);
} elseif ($location_row) {
$country = $location_row['location_country'];
$country = mysqli_real_escape_string($mysqli, $location_row['location_country']);
} else {
$country = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['location_country'])) {
if (isset($_POST['location_address'])) {
$address = sanitizeInput($_POST['location_address']);
} elseif ($location_row) {
$address = $location_row['location_address'];
$address = mysqli_real_escape_string($mysqli, $location_row['location_address']);
} else {
$address = '';
}
@@ -37,7 +37,7 @@ if (isset($_POST['location_address'])) {
if (isset($_POST['location_city'])) {
$city = sanitizeInput($_POST['location_city']);
} elseif ($location_row) {
$city = $location_row['location_city'];
$city = mysqli_real_escape_string($mysqli, $location_row['location_city']);
} else {
$city = '';
}
@@ -45,7 +45,7 @@ if (isset($_POST['location_city'])) {
if (isset($_POST['location_state'])) {
$state = sanitizeInput($_POST['location_state']);
} elseif ($location_row) {
$state = $location_row['location_state'];
$state = mysqli_real_escape_string($mysqli, $location_row['location_state']);
} else {
$state = '';
}
@@ -53,7 +53,7 @@ if (isset($_POST['location_state'])) {
if (isset($_POST['location_zip'])) {
$zip = sanitizeInput($_POST['location_zip']);
} elseif ($location_row) {
$zip = $location_row['location_zip'];
$zip = mysqli_real_escape_string($mysqli, $location_row['location_zip']);
} else {
$zip = '';
}
@@ -61,7 +61,7 @@ if (isset($_POST['location_zip'])) {
if (isset($_POST['location_hours'])) {
$hours = sanitizeInput($_POST['location_hours']);
} elseif ($location_row) {
$hours = $location_row['location_hours'];
$hours = mysqli_real_escape_string($mysqli, $location_row['location_hours']);
} else {
$hours = '';
}
@@ -69,7 +69,7 @@ if (isset($_POST['location_hours'])) {
if (isset($_POST['location_notes'])) {
$notes = sanitizeInput($_POST['location_notes']);
} elseif ($location_row) {
$notes = $location_row['location_notes'];
$notes = mysqli_real_escape_string($mysqli, $location_row['location_notes']);
} else {
$notes = '';
}

31
api/v1/payments/read.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_get_method.php';
// Payments aren't stored against client IDs, so we instead validate the API key is for All Clients
if (isset($_GET['payment_id']) && $client_id == "%") {
// Payment via ID (single)
$id = intval($_GET['payment_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
// Payments for an invoice
$id = intval($_GET['payment_invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
} elseif ($client_id == "%") {
// All payments
$sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
}
// Output
require_once "../read_output.php";

8
api/v1/tickets/ticket_model.php
View File

@@ -21,7 +21,7 @@ if (isset($_POST['ticket_asset_id'])) {
if (isset($_POST['ticket_subject'])) {
$subject = sanitizeInput($_POST['ticket_subject']);
} elseif ($ticket_row) {
$subject = $ticket_row['ticket_subject'];
$subject = mysqli_real_escape_string($mysqli, $ticket_row['ticket_subject']);
} else {
$subject = '';
}
@@ -30,16 +30,16 @@ if (isset($_POST['ticket_subject'])) {
if (isset($_POST['ticket_priority'])) {
$priority = sanitizeInput($_POST['ticket_priority']);
} elseif ($ticket_row) {
$priority = $ticket_row['ticket_priority'];
$priority = mysqli_real_escape_string($mysqli, $ticket_row['ticket_priority']);
} else {
$priority = 'Low';
}
if (isset($_POST['ticket_details'])) {
$details = mysqli_escape_string($mysqli, $_POST['ticket_details'] . "<br>");
$details = mysqli_real_escape_string($mysqli, $_POST['ticket_details'] . "<br>");
} elseif ($ticket_row) {
$details = $ticket_row['ticket_details'];
$details = mysqli_real_escape_string($mysqli, $ticket_row['ticket_details']);
} else {
$details = '< blank ><br>';
}

2
api/v1/update_output.php
View File

@@ -16,7 +16,7 @@ if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
// Query returned false: something went wrong, or it was declined due to required variables missing
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc).";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc) or no rows changed.";
// Log any database/schema related errors to the PHP Error log
if (mysqli_error($mysqli)) {

2
client/post.php
View File

@@ -855,7 +855,7 @@ if (isset($_GET['create_stripe_checkout'])) {
if (isset($_GET['stripe_save_card'])) {
validateCSRFToken($_GET['csrf_token']);
// validateCSRFToken($_GET['csrf_token']); Broken with Stripe Save Card JQ 2026-5-4
if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
redirect("post.php?logout");

5
cron/cron.php
View File

@@ -105,13 +105,14 @@ logApp("Cron", "info", "Cron Started");
mysqli_query($mysqli, "TRUNCATE TABLE ticket_views");
// Clean-up shared items that have been used
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_views = item_view_limit");
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_view_limit > 0 AND item_views >= item_view_limit");
// Clean-up shared items that have expired
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_expire_at < NOW()");
// Invalidate any password reset links
mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = NULL WHERE user_archived_at IS NULL");
mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = NULL"); // TODO: Make this 'expired' tokens only when we actually use expiry
// Clean-up old dismissed notifications
mysqli_query($mysqli, "DELETE FROM notifications WHERE notification_dismissed_at < CURDATE() - INTERVAL 90 DAY");
@@ -524,7 +525,7 @@ if ($config_send_invoice_reminders == 1) {
// Late Charges
if ($config_invoice_late_fee_enable == 1) {
if ($config_invoice_late_fee_enable == 1 && $day > 1) {
$todays_date = date('Y-m-d');
$late_fee_amount = ($invoice_amount * $config_invoice_late_fee_percent) / 100;

8
db.sql
View File

@@ -1,4 +1,4 @@
/*M!999999\- enable the sandbox mode */
/*M!999999\- enable the sandbox mode */
-- MariaDB dump 10.19 Distrib 10.11.14-MariaDB, for debian-linux-gnu (x86_64)
--
-- Host: localhost Database: itflow_dev
@@ -449,9 +449,11 @@ DROP TABLE IF EXISTS `categories`;
CREATE TABLE `categories` (
`category_id` int(11) NOT NULL AUTO_INCREMENT,
`category_name` varchar(200) NOT NULL,
`category_description` varchar(255) DEFAULT NULL,
`category_type` varchar(200) NOT NULL,
`category_color` varchar(200) DEFAULT NULL,
`category_icon` varchar(200) DEFAULT NULL,
`category_order` int(11) NOT NULL DEFAULT 0,
`category_parent` int(11) DEFAULT 0,
`category_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`category_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
@@ -1293,8 +1295,6 @@ CREATE TABLE `invoice_items` (
`item_archived_at` datetime DEFAULT NULL,
`item_tax_id` int(11) NOT NULL DEFAULT 0,
`item_product_id` int(11) NOT NULL DEFAULT 0,
`item_quote_id` int(11) NOT NULL DEFAULT 0,
`item_recurring_invoice_id` int(11) NOT NULL DEFAULT 0,
`item_invoice_id` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`item_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@@ -2997,4 +2997,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2026-03-07 18:46:25
-- Dump completed on 2026-04-04 18:13:53

2
includes/app_version.php
View File

@@ -5,4 +5,4 @@
* Update this file each time we merge develop into master. Format is YY.MM (add a .v if there is more than one release a month.
*/
DEFINE("APP_VERSION", "26.03");
DEFINE("APP_VERSION", "26.05");

2
includes/database_version.php
View File

@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "2.4.2");
DEFINE("LATEST_DATABASE_VERSION", "2.4.4");

135
includes/load_global_settings.php
View File

@@ -135,28 +135,6 @@ $config_whitelabel_key = $row['config_whitelabel_key'];
// Select Arrays
$theme_colors_array = array (
'lightblue',
'blue',
'cyan',
'green',
'olive',
'teal',
'red',
'maroon',
'pink',
'purple',
'indigo',
'fuchsia',
'yellow',
'orange',
'yellow',
'black',
'navy',
'gray'
);
$colors_array = array (
'lightblue',
'blue',
@@ -180,29 +158,10 @@ $colors_array = array (
'olive'
);
$net_terms_array = array (
'0'=>'On Receipt',
'7'=>'7 Days',
'10'=>'10 Days',
'15'=>'15 Days',
'30'=>'30 Days',
'45'=>'45 Days',
'60'=>'60 Days',
'90'=>'90 Days'
);
$records_per_page_array = array ('5','10','15','20','30','50','100');
include_once "settings_localization_array.php";
$category_types_array = array (
'Expense',
'Income',
'Payment Method',
'Referral'
);
$asset_types_array = array (
'Laptop'=>'fa-laptop',
'Desktop'=>'fa-desktop',
@@ -219,97 +178,3 @@ $asset_types_array = array (
'Virtual Machine'=>'fa-cloud',
'Other'=>'fa-tag'
);
$software_types_array = array (
'Software as a Service (SaaS)',
'Productivity Suites',
'Web Application',
'Desktop Application',
'Mobile Application',
'Security Software',
'System Software',
'Operating System',
'Other'
);
$license_types_array = array (
'Device',
'User'
);
$document_types_array = array (
'0'=>'Document',
'1'=>'Template',
'2'=>'Global Template'
);
$asset_status_array = array (
'Ready to Deploy',
'Deployed',
'Out for Repair',
'Lost',
'Stolen',
'Retired'
);
$ticket_status_array = array (
'Open',
'On Hold',
'Auto Close',
'Closed'
);
$industry_select_array = array(
"Accounting",
"Agriculture",
"Automotive",
"Construction",
"Education",
"Entertainent",
"Finance",
"Government",
"Healthcare",
"Hospititality",
"Information Technology",
"Insurance",
"Pharmacy",
"Law",
"Manufacturing",
"Marketing & Advertising",
"Military",
"Non-Profit",
"Real Estate",
"Retail",
"Services",
"Transportation",
"Other" // An 'Other' option for industries not listed
);
$start_page_select_array = array (
'dashboard.php'=>'Dashboard',
'clients.php'=> 'Client Management',
'tickets.php'=> 'Support Tickets',
'invoices.php' => 'Invoices'
);
$rack_type_select_array = array(
"Open Wall-Mount",
"Enclosed Wall-Mount",
"Open Floor-Standing",
"Enclosed Floor-Standing",
"Other"
);
$note_types_array = array (
'Call'=>'fa-phone-alt',
'Email'=>'fa-envelope',
'Meeting'=>'fa-handshake',
'In Person'=>'fa-people-arrows',
'Note'=>'fa-sticky-note'
);
$interface_types_array = array (
'Ethernet',
'SFP',
'WiFi'
);

5
plugins/TCPDF/CHANGELOG.TXT
View File

@@ -1,3 +1,8 @@
6.11.3 (2026-04-21)
- Added deprecation notice.
- Improved composer.json.
- Added Makefile for common automation tasks.
6.11.2 (2026-03-03)
- Refactor setCompression().

Some files were not shown because too many files have changed in this diff Show More