Fix extra }

This reverts commit c4ba2bc326.

CHANGELOG.md

@@ -2,16 +2,58 @@
 
 This file documents all notable changes made to ITFlow.
 
+## [26.05] Stable Release
+### Bug Fixes
+- Stripe Payment: Fix adding saved cards on client portal.
+- Various client and module enforments fixes. 
+- Projects: Fix slow load by using an optimized query to count tickets and tasks.
+- Show correct currency for the account balance when adding payment to invoice.
+- Expire all Password reset tokens nightly with cron.
+- Shared Items via secure link: Do not delete shared items that have not been viewed before cron runs.
+- Client: Fix Client Abbreviation being converted to an int on edit.
+
+### New Features & Updates 
+- Bump TinyMCE from 8.4.0 to 8.5.0.
+- Bump TCPDF from 6.11.2 to 6.11.3.
+- DeBump stripe-php from 20.0.0 to 19.4.1.
+
+## [26.04] Stable Release
+### Bug Fixes
+- Racks: Fix Device Removal.
+- Table Lists: replace class table-responsive-sm with just table-reponsive was causing ui issues with certain screen sizes.
+- Client: Fix Edit erroring on certain characters.
+- Category: Fix Add/Edit due to missing CSRF fields.
+- Category: Fix Restore function and Icon and text color.
+- Invoice: Do not apply late fee on first overdue reminder (1 day).
+- Ticket: Fix issue with contact not being added with Add contact modal v1.
+- Quote: Fix Copy was missing client.
+- API: Don't set client ID from POST - this is properly done via require_post_method instead only if it's an all-clients key.
+- API: Prevent error 500s when existing data can't be cleanly re-inserted to database.
+- API: Add more helpful errors.
+- API: Fix asset read uri_2 field.
+- API: Various other field fixes.
+
+### New Features & Updates 
+- Categories: Add Description Field.
+- Categories: Add DB Field for order.
+- Categories: Move Asset Status and Network Interface Type to categories so custom ones can be created and edited.
+- Categories: Moved note type, software type, rack type to be creatable/editable Categories with common defaults and descriptions
+- Files: Allow .swb file for MikroTik Backup Files.
+- Software: Added additonal License Types including Perpetual, Site, etc.
+- API: Invoice Items: Add read endpoint.
+- Networks: Added Import.
+- Bump TinyMCE from 8.3.2 to 8.4.0.
+- Bump stripe-php from 19.4.1 to 20.0.0.
+
 ## [26.03] Stable Release
 ### Bug Fixes
-- Ticket Templates: Fix Task Sorting.
+- Ticket Templates: Fix Task Sortinhahahg.
 - Ticket: Lower autoclose setting minimum value from 48 to 24 Hours.
 - Ticket: Fix Task Approval.
 - Recurring Ticket: add empty value placeholder for Ticket Frequency.
 - Documents/Files: Fix redirect after File Upload to redirect to files instead of the non existent documents.
 - Setup: Fix base url tacking on /setup when not installing via script.
 
-
 ### New Features & Updates 
 - Clients: Net Terms: Added common 45 and 15 Days, removed 14 Days not as common.
 - Clients: Bulk Action Set Net Terms Added.

admin/category.php

@@ -28,14 +28,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 <div class="card card-dark">
     <div class="card-header py-2">
         <h3 class="card-title mt-2"><i class="fa fa-fw fa-list-ul mr-2"></i>
-            <?php echo nullable_htmlentities($category); ?> Categories
+            <?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?> Categories
         </h3>
         <?php
             if (!isset($_GET['archived'])) {
         ?>
         <div class="card-tools">
             <button type="button" class="btn btn-primary ajax-modal" data-modal-url="modals/category/category_add.php?category=<?= nullable_htmlentities($category) ?>"><i
-                    class="fas fa-plus mr-2"></i>New <?php echo nullable_htmlentities($category); ?> Category</button>
+                    class="fas fa-plus mr-2"></i>New <?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?> Category</button>
         </div>
         <?php
             }
@@ -51,7 +51,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                             value="<?php if (isset($q)) {
                                 echo stripslashes(nullable_htmlentities($q));
                             } ?>"
-                            placeholder="Search <?php echo nullable_htmlentities($category); ?> Categories ">
+                            placeholder="Search <?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?> Categories ">
                         <div class="input-group-append">
                             <button class="btn btn-primary"><i class="fa fa-search"></i></button>
                         </div>
@@ -83,6 +83,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                            } else {
                                echo 'btn-default';
                            } ?>">Ticket</a>
+                        <a href="?category=network_interface"
+                           class="btn <?php if ($category == 'network_interface') {
+                               echo 'btn-primary';
+                           } else {
+                               echo 'btn-default';
+                           } ?>">Network Interface</a>
+                        <a href="?category=asset_status"
+                           class="btn <?php if ($category == 'asset_status') {
+                               echo 'btn-primary';
+                           } else {
+                               echo 'btn-default';
+                           } ?>">Asset Status</a>
+                        <a href="?category=software_type"
+                           class="btn <?php if ($category == 'software_type') {
+                               echo 'btn-primary';
+                           } else {
+                               echo 'btn-default';
+                           } ?>">Software Type</a>
+                        <a href="?category=rack_type"
+                           class="btn <?php if ($category == 'rack_type') {
+                               echo 'btn-primary';
+                           } else {
+                               echo 'btn-default';
+                           } ?>">Rack Type</a>
+                        <a href="?category=contact_note_type"
+                           class="btn <?php if ($category == 'contact_note_type') {
+                               echo 'btn-primary';
+                           } else {
+                               echo 'btn-default';
+                           } ?>">Contact Note Type</a>
                         <a href="?<?php echo $url_query_strings_sort ?>&archived=1"
                             class="btn <?php if (isset($_GET['archived'])) {
                                 echo 'btn-primary';
@@ -114,6 +144,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     while ($row = mysqli_fetch_assoc($sql)) {
                         $category_id = intval($row['category_id']);
                         $category_name = nullable_htmlentities($row['category_name']);
+                        $category_description = nullable_htmlentities($row['category_description']);
                         $category_color = nullable_htmlentities($row['category_color']);
 
                         ?>
@@ -122,6 +153,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                 <a class="text-dark ajax-modal" href="#"
                                     data-modal-url="modals/category/category_edit.php?id=<?= $category_id ?>">
                                     <?php echo $category_name; ?>
+                                    <div><small class="text-secondary"><?= $category_description ?></small></div>
                                 </a>
                             </td>
                             <td><i class="fa fa-3x fa-circle" style="color:<?php echo $category_color; ?>;"></i></td>
@@ -134,9 +166,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                         <?php
                                         if ($archived) {
                                             ?>
-                                            <a class="dropdown-item text-success confirm-link"
+                                            <a class="dropdown-item text-info confirm-link"
                                                 href="post.php?restore_category=<?php echo $category_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
-                                                <i class="fas fa-fw fa-archive mr-2"></i>Restore
+                                                <i class="fas fa-fw fa-redo mr-2"></i>Restore
                                             </a>
                                             <a class="dropdown-item text-danger confirm-link"
                                                 href="post.php?delete_category=<?php echo $category_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">

admin/database_updates.php

@@ -4334,11 +4334,70 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.2'");
 
     }
-    //
+
-    // // if (CURRENT_DATABASE_VERSION == '2.4.2') {
+    if (CURRENT_DATABASE_VERSION == '2.4.2') {
-    //     // Insert queries here required to update to DB version 2.4.3
+
+        mysqli_query($mysqli, "ALTER TABLE `categories` ADD `category_description` VARCHAR(255) DEFAULT NULL AFTER `category_name`");
+        mysqli_query($mysqli, "ALTER TABLE `categories` ADD `category_order` INT(11) NOT NULL DEFAULT 0 AFTER `category_icon`");
+
+        // Create network_interfaces
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ethernet', category_type = 'network_interface', category_order = 1"); // 1
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP', category_type = 'network_interface', category_order = 2"); // 2
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP+', category_type = 'network_interface', category_order = 3"); // 3
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP28', category_type = 'network_interface', category_order = 4"); // 4
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP-DD', category_type = 'network_interface', category_order = 5"); // 5
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Coaxial', category_type = 'network_interface', category_order = 6"); // 6
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Fiber', category_type = 'network_interface', category_order = 7"); // 7
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'WiFi', category_type = 'network_interface', category_order = 8"); // 8
+
+
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.3'");
+    }
+
+    if (CURRENT_DATABASE_VERSION == '2.4.3') {
+        // Asset Status
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ready to Deploy', category_description = 'Asset is configured and ready to be assigned', category_type = 'asset_status', category_order = 1"); // 1
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Deployed', category_description = 'Asset is actively in use and assigned to a client or location', category_type = 'asset_status', category_order = 2"); // 2
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Out for Repair', category_description = 'Asset has been sent out for servicing or repair', category_type = 'asset_status', category_order = 3"); // 3
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Lost', category_description = 'Asset location is unknown and cannot be accounted for', category_type = 'asset_status', category_order = 4"); // 4
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Stolen', category_description = 'Asset has been reported stolen', category_type = 'asset_status', category_order = 5"); // 5
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Retired', category_description = 'Asset has been decommissioned and is no longer in service', category_type = 'asset_status', category_order = 6"); // 6
+
+        // Contact note types
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Call', category_description = 'Phone call with a client or contact', category_icon = 'fa-phone-alt', category_type = 'contact_note_type', category_order = 1"); // 1
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Email', category_description = 'Email correspondence with a client or contact', category_icon = 'fa-envelope', category_type = 'contact_note_type', category_order = 2"); // 2
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Meeting', category_description = 'Scheduled meeting with a client or contact', category_icon = 'fa-handshake', category_type = 'contact_note_type', category_order = 3"); // 3
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'In Person', category_description = 'In person visit or on-site interaction', category_icon = 'fa-people-arrows', category_type = 'contact_note_type', category_order = 4"); // 4
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Note', category_description = 'General note or internal comment', category_icon = 'fa-sticky-note', category_type = 'contact_note_type', category_order = 5"); // 5
+
+        // Rack Types
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = '2-Post Open Frame', category_description = 'Two-post open frame rack for patch panels and lightweight equipment', category_type = 'rack_type', category_order = 1"); // 1
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Open Frame', category_description = 'Four-post open frame rack for servers and heavier equipment', category_type = 'rack_type', category_order = 2"); // 2
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Enclosed Cabinet', category_description = 'Four-post enclosed cabinet with doors and sides for secure equipment housing', category_type = 'rack_type', category_order = 3"); // 3
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Open', category_description = 'Open frame rack mounted directly to a wall for small deployments', category_type = 'rack_type', category_order = 4"); // 4
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Enclosed', category_description = 'Enclosed cabinet rack mounted to a wall with a locking door', category_type = 'rack_type', category_order = 5"); // 5
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Rack type does not fit any standard category', category_type = 'rack_type', category_order = 6"); // 6
+
+        // Software Types
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Software as a Service (SaaS)', category_description = 'Cloud-hosted software accessed via a web browser or API', category_type = 'software_type', category_order = 1"); // 1
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Productivity Suite', category_description = 'Bundled office and collaboration tools such as Microsoft 365 or Google Workspace', category_type = 'software_type', category_order = 2"); // 2
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Web Application', category_description = 'Application hosted on a web server and accessed through a browser', category_type = 'software_type', category_order = 3"); // 3
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Desktop Application', category_description = 'Application installed and run locally on a workstation or laptop', category_type = 'software_type', category_order = 4"); // 4
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Mobile Application', category_description = 'Application installed and run on a mobile device or tablet', category_type = 'software_type', category_order = 5"); // 5
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Security Software', category_description = 'Software providing antivirus, endpoint protection, or security monitoring', category_type = 'software_type', category_order = 6"); // 6
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'System Software', category_description = 'Low-level software managing hardware resources and system operations', category_type = 'software_type', category_order = 7"); // 7
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Operating System', category_description = 'Core software managing hardware and providing a platform for applications', category_type = 'software_type', category_order = 8"); // 8
+        mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Software type does not fit any standard category', category_type = 'software_type', category_order = 9"); // 9
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.4'");
+
+    }
+
+    // if (CURRENT_DATABASE_VERSION == '2.4.4') {
+    //     // Insert queries here required to update to DB version 2.4.5
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.3'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.5'");
     // }
 
 } else {

admin/modals/category/category_add.php

@@ -9,12 +9,13 @@ $category_types_array = ['Expense', 'Income', 'Referral', 'Ticket'];
 ?>
 
 <div class="modal-header bg-dark">
-    <h5 class="modal-title"><i class="fa fa-fw fa-list-ul mr-2"></i>New <strong><?= nullable_htmlentities($category) ?></strong> Category</h5>
+    <h5 class="modal-title"><i class="fa fa-fw fa-list-ul mr-2"></i>New <strong><?= nullable_htmlentities(ucwords(str_replace('_', ' ', $category))); ?></strong> Category</h5>
     <button type="button" class="close text-white" data-dismiss="modal">
         <span>&times;</span>
     </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
     <div class="modal-body">
 
@@ -59,6 +60,16 @@ $category_types_array = ['Expense', 'Income', 'Referral', 'Ticket'];
             </div>
         </div>
 
+        <div class="form-group">
+            <label>Description</label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fas fa-fw fa-align-left"></i></span>
+                </div>
+                <input type="text" class="form-control" name="description" placeholder="Enter a description" maxlength="200">
+            </div>
+        </div>
+
     </div>
     <div class="modal-footer">
         <button type="submit" name="add_category" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create Category</button>

admin/modals/category/category_edit.php

@@ -8,6 +8,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_id = $cate
 
 $row = mysqli_fetch_assoc($sql);
 $category_name = nullable_htmlentities($row['category_name']);
+$category_description = nullable_htmlentities($row['category_description']);
 $category_color = nullable_htmlentities($row['category_color']);
 $category_type = nullable_htmlentities($row['category_type']);
 
@@ -21,6 +22,7 @@ ob_start();
     </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
     <input type="hidden" name="category_id" value="<?php echo $category_id; ?>">
     <input type="hidden" name="type" value="<?php echo $category_type; ?>">
     <div class="modal-body">
@@ -45,6 +47,16 @@ ob_start();
             </div>
         </div>
 
+        <div class="form-group">
+            <label>Description</label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fas fa-fw fa-align-left"></i></span>
+                </div>
+                <input type="text" class="form-control" name="description" placeholder="Enter a description" maxlength="200" value="<?= $category_description ?>">
+            </div>
+        </div>
+
     </div>
     <div class="modal-footer">
         <button type="submit" name="edit_category" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>

admin/modals/contract_template/contract_template_add.php

@@ -30,6 +30,8 @@ ob_start();
 </ul>
 
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
     <div class="modal-body">
         <div class="tab-content" id="contractTemplateTabContent">
 

admin/modals/contract_template/contract_template_edit.php

@@ -52,6 +52,7 @@ ob_start();
 </ul>
 
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
     <input type="hidden" name="contract_template_id" value="<?php echo $contract_template_id; ?>">
 
     <div class="modal-body">

admin/modals/custom_field/custom_field_create.php

@@ -8,6 +8,7 @@
                 </button>
             </div>
             <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
                 <input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>">
 
                 <div class="modal-body">

admin/modals/custom_field/custom_field_edit.php

@@ -8,6 +8,7 @@
                 </button>
             </div>
             <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
                 <input type="hidden" name="custom_field_id" value="<?php echo $custom_field_id; ?>">
                 <div class="modal-body">
 

admin/modals/software_template/software_template_add.php

@@ -2,6 +2,16 @@
 
 require_once '../../../includes/modal_header.php';
 
+$license_types_array = array (
+    'Device',
+    'User',
+    'Site',
+    'Concurrent',
+    'Trial',
+    'Perpetual',
+    'Usage-based'
+);
+
 ob_start();
 
 ?>
@@ -54,9 +64,18 @@ ob_start();
                     <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
                 </div>
                 <select class="form-control select2" name="type" required>
-                    <option value="">- Type -</option>
+                    <option value="">- Select Type -</option>
-                    <?php foreach($software_types_array as $software_type) { ?>
+                    <<?php
-                        <option><?php echo $software_type; ?></option>
+                    $sql_software_types_select = mysqli_query($mysqli, "
+                        SELECT category_name FROM categories
+                        WHERE category_type = 'software_type'
+                        AND category_archived_at IS NULL
+                        ORDER BY category_order ASC, category_name ASC
+                    ");
+                    while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
+                        $software_type_select = nullable_htmlentities($row['category_name']);
+                        ?>
+                        <option><?= $software_type_select ?></option>
                     <?php } ?>
                 </select>
             </div>

admin/modals/software_template/software_template_edit.php

@@ -13,8 +13,18 @@ $software_type = nullable_htmlentities($row['software_template_type']);
 $software_license_type = nullable_htmlentities($row['software_template_license_type']);
 $software_notes = nullable_htmlentities($row['software_template_notes']);
 
-// Generate the HTML form content using output buffering.
+$license_types_array = array (
+    'Device',
+    'User',
+    'Site',
+    'Concurrent',
+    'Trial',
+    'Perpetual',
+    'Usage-based'
+);
+
 ob_start();
+
 ?>
 
 <div class="modal-header bg-dark">
@@ -66,8 +76,20 @@ ob_start();
                     <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
                 </div>
                 <select class="form-control select2" name="type" required>
-                    <?php foreach($software_types_array as $software_type_select) { ?>
+                    <option value="">- Select Type -</option>
-                        <option <?php if($software_type == $software_type_select) { echo "selected"; } ?>><?php echo $software_type_select; ?></option>
+                    <<?php
+                    $sql_software_types_select = mysqli_query($mysqli, "
+                        SELECT category_name FROM categories
+                        WHERE category_type = 'software_type'
+                        AND category_archived_at IS NULL
+                        ORDER BY category_order ASC, category_name ASC
+                    ");
+                    while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
+                        $software_type_select = nullable_htmlentities($row['category_name']);
+                        ?>
+                        <option <?php if($software_type == $software_type_select) { echo "selected"; } ?>>
+                            <?= $software_type_select ?>
+                        </option>
                     <?php } ?>
                 </select>
             </div>

admin/modals/user/user_export.php

@@ -13,6 +13,7 @@ ob_start();
     </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
     <div class="modal-body">
 
     </div>

admin/post/category.php

@@ -12,7 +12,7 @@ if (isset($_POST['add_category'])) {
 
     require_once 'category_model.php';
 
-    mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'");
+    mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_description = '$description', category_type = '$type', category_color = '$color'");
 
     $category_id = mysqli_insert_id($mysqli);
 
@@ -32,7 +32,7 @@ if (isset($_POST['edit_category'])) {
 
     $category_id = intval($_POST['category_id']);
 
-    mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_type = '$type', category_color = '$color' WHERE category_id = $category_id");
+    mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_description = '$description', category_type = '$type', category_color = '$color' WHERE category_id = $category_id");
 
     logAction("Category", "Edit", "$session_name edited category $type $name", 0, $category_id);
 
@@ -68,7 +68,7 @@ if (isset($_GET['restore_category'])) {
 
     validateCSRFToken($_GET['csrf_token']);
 
-    $category_id = intval($_GET['retore_category']);
+    $category_id = intval($_GET['restore_category']);
 
     // Get Category Name and Type for logging
     $sql = mysqli_query($mysqli,"SELECT category_name, category_type FROM categories WHERE category_id = $category_id");

admin/post/category_model.php

@@ -2,5 +2,6 @@
 defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 $name = sanitizeInput($_POST['name']);
+$description = sanitizeInput($_POST['description']);
 $type = sanitizeInput($_POST['type']);
 $color = sanitizeInput($_POST['color']);

admin/settings_default.php

@@ -1,7 +1,25 @@
 <?php
-
 require_once "includes/inc_all_admin.php";
- ?>
+
+$start_page_select_array = array (
+    'dashboard.php'=>'Dashboard',
+    'clients.php'=> 'Client Management',
+    'tickets.php'=> 'Support Tickets',
+    'invoices.php' => 'Invoices'
+);
+
+$net_terms_array = array (
+    '0'=>'On Receipt',
+    '7'=>'7 Days',
+    '10'=>'10 Days',
+    '15'=>'15 Days',
+    '30'=>'30 Days',
+    '45'=>'45 Days',
+    '60'=>'60 Days',
+    '90'=>'90 Days'
+);
+
+?>
 
 <div class="card card-dark">
     <div class="card-header py-3">

admin/settings_theme.php

@@ -1,8 +1,30 @@
 <?php
 require_once "includes/inc_all_admin.php";
- ?>
 
-    <div class="card card-dark">
+$theme_colors_array = array (
+    'lightblue',
+    'blue',
+    'cyan',
+    'green',
+    'olive',
+    'teal',
+    'red',
+    'maroon',
+    'pink',
+    'purple',
+    'indigo',
+    'fuchsia',
+    'yellow',
+    'orange',
+    'yellow',
+    'black',
+    'navy',
+    'gray'
+);
+
+?>
+
+<div class="card card-dark">
     <div class="card-header py-3">
         <h3 class="card-title"><i class="fas fa-fw fa-paint-brush mr-2"></i>Theme</h3>
     </div>
@@ -38,9 +60,9 @@ require_once "includes/inc_all_admin.php";
 
         </form>
     </div>
-    </div>
+</div>
 
-    <div class="card card-dark">
+<div class="card card-dark">
     <div class="card-header py-3">
         <h3 class="card-title"><i class="fas fa-fw fa-image mr-2"></i>Favicon</h3>
     </div>
@@ -62,7 +84,7 @@ require_once "includes/inc_all_admin.php";
             <?php } ?>
         </form>
     </div>
-    </div>
+</div>
 
 <?php
 require_once "../includes/footer.php";

agent/accounts.php

@@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </div>
             </form>
             <hr>
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>

agent/ajax.php

@@ -403,6 +403,8 @@ if (isset($_GET['get_totp_token_via_id'])) {
     $totp_secret = $sql['credential_otp_secret'];
     $client_id = intval($sql['credential_client_id']);
 
+    enforceClientAccess();
+
     $otp = TokenAuth6238::getTokenCode(strtoupper($totp_secret));
     echo json_encode($otp);
 

agent/asset_details.php

@@ -615,6 +615,8 @@ if (isset($_GET['asset_id'])) {
                     </form>
                 </div>
 
+                <?php if (lookupUserPermission('module_credential')) { // Begin Credential Enforcement ?>
+
                 <div class="card card-dark <?php if ($credential_count == 0) { echo "d-none"; } ?>">
                     <div class="card-header">
                         <h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
@@ -744,6 +746,8 @@ if (isset($_GET['asset_id'])) {
                     </div>
                 </div>
 
+                <?php } // End Credential Enforcement ?>
+
                 <div class="card card-dark <?php if ($software_count == 0) { echo "d-none"; } ?>">
                     <div class="card-header py-2">
                         <h3 class="card-title mt-2"><i class="fa fa-fw fa-cube mr-2"></i>Licenses</h3>

agent/certificates.php

@@ -148,7 +148,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
 
             <form id="bulkActions" action="post.php" method="post">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

agent/client_overview.php

@@ -349,7 +349,7 @@ $sql_asset_retired = mysqli_query(
 
     <?php } ?>
 
-    <?php if (mysqli_num_rows($sql_favorite_credentials) > 0) { ?>
+    <?php if ((mysqli_num_rows($sql_favorite_credentials) > 0) && (lookupUserPermission('module_credential'))) { ?>
 
     <div class="col-md-4">
 

agent/clients.php

@@ -444,7 +444,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         }
 
                         $client_tag_id_array[] = $client_tag_id;
-                        $client_tag_name_display_array[] = "<a href='clients.php?tags[]=$client_tag_id'><span class='badge badge-pill text-light p-2 mr-1' style='background-color: $client_tag_color;'><i class='fas fa-$client_tag_icon fa-fw mr-1'></i>$client_tag_name</span></a>";
+                        $client_tag_name_display_array[] = "<a href='clients.php?tags[]=$client_tag_id'><span class='mt-1 badge badge-pill text-light p-2 mr-1' style='background-color: $client_tag_color;'><i class='fas fa-$client_tag_icon fa-fw mr-1'></i>$client_tag_name</span></a>";
                     }
                     $client_tags_display = implode('', $client_tag_name_display_array);
 
@@ -512,10 +512,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                     <div class="media-body">
                                         <div class="text-bold"><?= $client_name ?></div>
                                         <div class="text-secondary"><?= $client_type ?></div>
-                                        <div><?php if ($client_tags_display) { echo $client_tags_display; } ?></div>
-                                    </div>
-                                </div>
 
+                                    </div>
+                                </div>
+                                <div class="ml-2"><?php if ($client_tags_display) { echo $client_tags_display; } ?></div>
                             </a>
                         </td>
                         <td>

agent/contact_details.php

@@ -507,6 +507,8 @@ if (isset($_GET['contact_id'])) {
                 </div>
             </div>
 
+            <?php if (lookupUserPermission('module_credential')) { // Begin Credential Enforcement ?>
+
             <div class="card card-dark <?php if ($credential_count == 0) { echo "d-none"; } ?>">
                 <div class="card-header py-2">
                     <h3 class="card-title mt-2"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
@@ -644,6 +646,8 @@ if (isset($_GET['contact_id'])) {
                 </div>
             </div>
 
+            <?php } // End Credential Enforcement ?>
+
             <div class="card card-dark <?php if ($software_count == 0) { echo "d-none"; } ?>">
                 <div class="card-header py-2">
                     <h3 class="card-title mt-2"><i class="fa fa-fw fa-cube mr-2"></i>Related Licenses</h3>
@@ -1101,6 +1105,14 @@ if (isset($_GET['contact_id'])) {
                             <tbody>
                             <?php
 
+                            $note_types_array = array (
+                                'Call'=>'fa-phone-alt',
+                                'Email'=>'fa-envelope',
+                                'Meeting'=>'fa-handshake',
+                                'In Person'=>'fa-people-arrows',
+                                'Note'=>'fa-sticky-note'
+                            );
+
                             while ($row = mysqli_fetch_assoc($sql_related_notes)) {
                                 $contact_note_id = intval($row['contact_note_id']);
                                 $contact_note_type = nullable_htmlentities($row['contact_note_type']);

agent/contacts.php

@@ -288,7 +288,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <form id="bulkActions" action="post.php" method="post" enctype="multipart/form-data">
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table border">
                     <thead class="thead-light <?php if (!$num_rows[0]) { echo "d-none"; } ?>">
                     <tr>

agent/credentials.php

@@ -276,7 +276,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <form id="bulkActions" action="post.php" method="post">
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                         <tr>

agent/domains.php

@@ -172,7 +172,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
 
             <form id="bulkActions" action="post.php" method="post">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

agent/expenses.php

@@ -202,7 +202,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </form>
             <hr>
 
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>

agent/invoices.php

@@ -257,7 +257,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <hr>
         <form id="bulkActions" action="post.php" method="post">
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                         <tr>

agent/locations.php

@@ -216,7 +216,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <form id="bulkActions" action="post.php" method="post" enctype="multipart/form-data">
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>

agent/modals/asset/asset_add.php

@@ -258,8 +258,17 @@ ob_start();
                         </div>
                         <select class="form-control select2" name="status">
                             <option value="">- Select Status -</option>
-                            <?php foreach($asset_status_array as $asset_status) { ?>
+                            <?php
-                                <option><?php echo $asset_status; ?></option>
+                            $sql_interface_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'asset_status'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                                $asset_status_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option><?= $asset_status_select ?></option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/asset/asset_bulk_edit_status.php

@@ -26,12 +26,21 @@ ob_start();
             <label>Status</label>
             <div class="input-group">
                 <div class="input-group-prepend">
-                    <span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
+                    <span class="input-group-text"><i class="fa fa-fw fa-circle"></i></span>
                 </div>
                 <select class="form-control select2" name="bulk_status">
-                    <option value="">- Status -</option>
+                    <option value="">- Select Status -</option>
-                    <?php foreach($asset_status_array as $asset_status) { ?>
+                    <?php
-                        <option><?php echo $asset_status; ?></option>
+                    $sql_interface_types_select = mysqli_query($mysqli, "
+                        SELECT category_name FROM categories
+                        WHERE category_type = 'asset_status'
+                        AND category_archived_at IS NULL
+                        ORDER BY category_order ASC, category_name ASC
+                    ");
+                    while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                        $asset_status_select = nullable_htmlentities($row['category_name']);
+                        ?>
+                        <option><?= $asset_status_select ?></option>
                     <?php } ?>
                 </select>
             </div>

agent/modals/asset/asset_copy.php

@@ -228,8 +228,20 @@ ob_start();
                             <span class="input-group-text"><i class="fa fa-fw fa-circle"></i></span>
                         </div>
                         <select class="form-control select2" name="status">
-                            <?php foreach($asset_status_array as $asset_status_select) { ?>
+                            <option value="">- Select Status -</option>
-                                <option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>><?php echo $asset_status_select; ?></option>
+                            <?php
+                            $sql_interface_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'asset_status'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                                $asset_status_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>>
+                                    <?= $asset_status_select ?>
+                                </option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/asset/asset_details.php

@@ -495,7 +495,7 @@ ob_start();
         </div>
         <?php } ?>
 
-        <?php if ($credential_count) { ?>
+        <?php if (lookupUserPermission('module_credential') && ($credential_count)) { ?>
         <div class="tab-pane fade" id="pills-asset-credentials">
             <div class="table-responsive-sm-sm">
                 <table class="table table-sm table-striped table-borderless table-hover">

agent/modals/asset/asset_edit.php

@@ -270,8 +270,20 @@ ob_start();
                             <span class="input-group-text"><i class="fa fa-fw fa-circle"></i></span>
                         </div>
                         <select class="form-control select2" name="status">
-                            <?php foreach($asset_status_array as $asset_status_select) { ?>
+                            <option value="">- Select Status -</option>
-                                <option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>><?= $asset_status_select ?></option>
+                            <?php
+                            $sql_interface_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'asset_status'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                                $asset_status_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option <?php if ($asset_status_select == $asset_status) { echo "selected"; } ?>>
+                                    <?= $asset_status_select ?>
+                                </option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/asset/asset_interface_add.php

@@ -57,15 +57,24 @@ ob_start();
 
                 <!-- Type -->
                 <div class="form-group">
-                    <label for="network">Type</label>
+                    <label for="network">Interface Type</label>
                     <div class="input-group">
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
                         </div>
                         <select class="form-control select2" name="type">
                             <option value="">- Select Type -</option>
-                            <?php foreach($interface_types_array as $interface_type) { ?>
+                            <?php
-                                <option><?php echo $interface_type; ?></option>
+                            $sql_interface_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'network_interface'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                                $interface_type_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option><?= $interface_type_select ?></option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/asset/asset_interface_bulk_edit_type.php

@@ -24,16 +24,26 @@ ob_start();
 
     <div class="modal-body">
 
+        <!-- Type -->
         <div class="form-group">
-            <label>Interface Type</label>
+            <label for="network">Interface Type</label>
             <div class="input-group">
                 <div class="input-group-prepend">
-                    <span class="input-group-text"><i class="fa fa-fw fa-ethernet"></i></span>
+                    <span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
                 </div>
                 <select class="form-control select2" name="bulk_type">
-                    <option value="">- Select a Type -</option>
+                    <option value="">- Select Type -</option>
-                    <?php foreach($interface_types_array as $interface_type_select) { ?>
+                    <?php
-                        <option><?php echo $interface_type_select; ?></option>
+                    $sql_interface_types_select = mysqli_query($mysqli, "
+                        SELECT category_name FROM categories
+                        WHERE category_type = 'network_interface'
+                        AND category_archived_at IS NULL
+                        ORDER BY category_order ASC, category_name ASC
+                    ");
+                    while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                        $interface_type_select = nullable_htmlentities($row['category_name']);
+                        ?>
+                        <option><?= $interface_type_select ?></option>
                     <?php } ?>
                 </select>
             </div>

agent/modals/asset/asset_interface_edit.php

@@ -122,16 +122,25 @@ ob_start();
 
                 <!-- Type -->
                 <div class="form-group">
-                    <label for="network">Type</label>
+                    <label for="network">Interface Type</label>
                     <div class="input-group">
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
                         </div>
                         <select class="form-control select2" name="type">
                             <option value="">- Select Type -</option>
-                            <?php foreach($interface_types_array as $interface_type_select) { ?>
+                            <?php
+                            $sql_interface_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'network_interface'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                                $interface_type_select = nullable_htmlentities($row['category_name']);
+                                ?>
                                 <option <?php if($interface_type == $interface_type_select) { echo "selected"; } ?>>
-                                    <?php echo $interface_type_select; ?>
+                                    <?= $interface_type_select ?>
                                 </option>
                             <?php } ?>
                         </select>

agent/modals/asset/asset_interface_multiple_add.php

@@ -38,15 +38,24 @@
 
                     <!-- Type -->
                     <div class="form-group">
-                        <label for="network">Type</label>
+                        <label for="network">Interface Type</label>
                         <div class="input-group">
                             <div class="input-group-prepend">
                                 <span class="input-group-text"><i class="fa fa-fw fa-plug"></i></span>
                             </div>
                             <select class="form-control select2" name="type">
                                 <option value="">- Select Type -</option>
-                                <?php foreach($interface_types_array as $interface_type) { ?>
+                                <?php
-                                    <option><?php echo $interface_type; ?></option>
+                                $sql_interface_types_select = mysqli_query($mysqli, "
+                                    SELECT category_name FROM categories
+                                    WHERE category_type = 'network_interface'
+                                    AND category_archived_at IS NULL
+                                    ORDER BY category_order ASC, category_name ASC
+                                ");
+                                while ($row = mysqli_fetch_assoc($sql_interface_types_select)) {
+                                    $interface_type_select = nullable_htmlentities($row['category_name']);
+                                    ?>
+                                    <option><?= $interface_type_select ?></option>
                                 <?php } ?>
                             </select>
                         </div>

agent/modals/client/client_add.php

@@ -10,6 +10,17 @@ $referral_sql = mysqli_query($mysqli, "SELECT * FROM categories WHERE category_t
 
 $sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 1 ORDER BY tag_name ASC");
 
+$net_terms_array = array (
+    '0'=>'On Receipt',
+    '7'=>'7 Days',
+    '10'=>'10 Days',
+    '15'=>'15 Days',
+    '30'=>'30 Days',
+    '45'=>'45 Days',
+    '60'=>'60 Days',
+    '90'=>'90 Days'
+);
+
 ob_start();
 
 ?>

agent/modals/client/client_bulk_edit_net_terms.php

@@ -6,6 +6,17 @@ $client_ids = array_map('intval', $_GET['client_ids'] ?? []);
 
 $count = count($client_ids);
 
+$net_terms_array = array (
+    '0'=>'On Receipt',
+    '7'=>'7 Days',
+    '10'=>'10 Days',
+    '15'=>'15 Days',
+    '30'=>'30 Days',
+    '45'=>'45 Days',
+    '60'=>'60 Days',
+    '90'=>'90 Days'
+);
+
 ob_start();
 
 ?>

agent/modals/client/client_edit.php

@@ -28,9 +28,21 @@ while ($row = mysqli_fetch_assoc($sql_client_tags)) {
     $client_tag_id_array[] = $client_tag_id;
 }
 
-// Generate the HTML form content using output buffering.
+$net_terms_array = array (
+    '0'=>'On Receipt',
+    '7'=>'7 Days',
+    '10'=>'10 Days',
+    '15'=>'15 Days',
+    '30'=>'30 Days',
+    '45'=>'45 Days',
+    '60'=>'60 Days',
+    '90'=>'90 Days'
+);
+
 ob_start();
+
 ?>
+
 <div class="modal-header bg-dark">
     <h5 class="modal-title"><i class='fa fa-fw fa-user-edit mr-2'></i>Editing Client: <strong><?php echo $client_name; ?></strong></h5>
     <button type="button" class="close text-white" data-dismiss="modal">

agent/modals/contact/contact_details.php

@@ -334,7 +334,8 @@ ob_start();
                         </a>
                     <?php } ?>
 
-                    <?php if ($credential_count) { ?>
+                    <?php
+                    if (lookupUserPermission('module_credential') && ($credential_count)) { ?>
                         <a class="nav-link <?= ($first_tab === "credentials") ? "active" : "" ?>"
                            data-toggle="pill"
                            href="#pills-contact-credentials<?= $contact_id ?>"
@@ -519,7 +520,7 @@ ob_start();
                 </div>
                 <?php } ?>
 
-                <?php if ($credential_count) { ?>
+                <?php if (lookupUserPermission('module_credential') && ($credential_count)) { ?>
                 <div class="tab-pane fade <?= ($first_tab === "credentials") ? "show active" : "" ?>" id="pills-contact-credentials<?= $contact_id ?>">
                     <div class="table-responsive-sm">
                         <table class="table table-striped table-borderless table-hover table-sm dataTables" style="width:100%">

agent/modals/contact/contact_note_add.php

@@ -32,8 +32,17 @@ ob_start();
                     <span class="input-group-text"><i class="fa fa-fw fa-comment"></i></span>
                 </div>
                 <select class="form-control select2" name="type">
-                    <?php foreach ($note_types_array as $note_type => $note_type_icon) { ?>
+                    <?php
-                    <option><?php echo nullable_htmlentities($note_type); ?></option>
+                    $sql_contact_note_types_select = mysqli_query($mysqli, "
+                        SELECT category_name FROM categories
+                        WHERE category_type = 'contact_note_type'
+                        AND category_archived_at IS NULL
+                        ORDER BY category_order ASC, category_name ASC
+                    ");
+                    while ($row = mysqli_fetch_assoc($sql_contact_note_types_select)) {
+                        $contact_note_type_select = nullable_htmlentities($row['category_name']);
+                        ?>
+                        <option><?= $contact_note_type_select ?></option>
                     <?php } ?>
                 </select>
             </div>

agent/modals/credential/credential_edit.php

@@ -2,6 +2,8 @@
 
 require_once '../../../includes/modal_header.php';
 
+enforceUserPermission('module_credential', 2);
+
 $credential_id = intval($_GET['id']);
 
 $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
@@ -32,6 +34,8 @@ while ($row = mysqli_fetch_assoc($sql_credential_tags)) {
     $credential_tag_id_array[] = $credential_tag_id;
 }
 
+enforceClientAccess();
+
 // Generate the HTML form content using output buffering.
 ob_start();
 ?>

agent/modals/credential/credential_view.php

@@ -2,11 +2,14 @@
 
 require_once '../../../includes/modal_header.php';
 
+enforceUserPermission('module_credential');
+
 $credential_id = intval($_GET['id']);
 
 $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
 
 $row = mysqli_fetch_assoc($sql);
+$client_id = intval($row['credential_client_id']);
 $credential_name = nullable_htmlentities($row['credential_name']);
 $credential_description = nullable_htmlentities($row['credential_description']);
 $credential_uri = nullable_htmlentities($row['credential_uri']);
@@ -23,6 +26,8 @@ if (empty($credential_otp_secret)) {
 $credential_note = nullable_htmlentities($row['credential_note']);
 $credential_created_at = nullable_htmlentities($row['credential_created_at']);
 
+enforceClientAccess();
+
 // Generate the HTML form content using output buffering.
 ob_start();
 ?>

agent/modals/file/file_upload.php

@@ -50,7 +50,7 @@ ob_start();
         </div>
 
         <div class="form-group">
-            <input type="file" class="form-control-file" name="file[]" multiple id="fileInput" accept=".jpg, .jpeg, .gif, .png, .webp, .pdf, .txt, .md, .doc, .docx, .odt, .csv, .xls, .xlsx, .ods, .pptx, .odp, .zip, .tar, .gz, .msg, .json, .wav, .mp3, .ogg, .mov, .mp4, .av1, .ovpn, .cfg, .ps1, .vsdx, .drawio, .pfx, .unf, .key, .stk, .bat">
+            <input type="file" class="form-control-file" name="file[]" multiple id="fileInput" accept=".jpg, .jpeg, .gif, .png, .webp, .pdf, .txt, .md, .doc, .docx, .odt, .csv, .xls, .xlsx, .ods, .pptx, .odp, .zip, .tar, .gz, .msg, .json, .wav, .mp3, .ogg, .mov, .mp4, .av1, .ovpn, .cfg, .ps1, .vsdx, .drawio, .pfx, .unf, .key, .stk, .bat, .swb">
         </div>
         <small class="text-secondary">Up to 20 files can be uploaded at once by holding down CTRL and selecting files</small>
 

agent/modals/network/network_import.php

@@ -0,0 +1,37 @@
+<?php
+
+require_once '../../../includes/modal_header.php';
+
+$client_id = intval($_GET['client_id'] ?? 0);
+
+ob_start();
+
+?>
+
+<div class="modal-header bg-dark">
+    <h5 class="modal-title"><i class="fas fa-fw fa-network-wired mr-2"></i>Import Networks</h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
+</div>
+<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+    <input type="hidden" name="client_id" value="<?= $client_id ?>">
+
+    <div class="modal-body">
+        <p><strong>Format csv file with headings &amp; data:</strong><br>Name, Description, VLAN, Network (CIDR), Gateway, IP Range, Primary DNS, Secondary DNS</p>
+        <hr>
+        <div class="form-group my-4">
+            <input type="file" class="form-control-file" name="file" accept=".csv" required>
+        </div>
+        <hr>
+        <div>Download: <a class="text-bold" href="post.php?download_networks_csv_template=<?= $client_id ?>">sample csv template</a></div>
+    </div>
+    <div class="modal-footer">
+        <button type="submit" name="import_networks_csv" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Import</button>
+        <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+    </div>
+</form>
+
+<?php
+require_once '../../../includes/modal_footer.php';

agent/modals/payment/payment_add.php

@@ -95,6 +95,7 @@ ob_start();
                         $account_id = intval($row['account_id']);
                         $account_name = nullable_htmlentities($row['account_name']);
                         $opening_balance = floatval($row['opening_balance']);
+                        $account_currency = nullable_htmlentities($row['account_currency_code']);
 
                         $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
                         $row = mysqli_fetch_assoc($sql_payments);
@@ -113,7 +114,7 @@ ob_start();
                     ?>
                         <option <?php if ($config_default_payment_account == $account_id) { echo "selected"; } ?>
                             value="<?php echo $account_id; ?>">
-                            <?php echo $account_name; ?> [$<?php echo number_format($account_balance, 2); ?>]
+                            <?php echo $account_name; ?> [<?php echo numfmt_format_currency($currency_format, $account_balance, $account_currency);  ?>]
                         </option>
 
                     <?php

agent/modals/quote/quote_add.php

@@ -29,7 +29,7 @@ ob_start();
         </div>
 
         <?php if ($client_id) { ?>
-            <input type="hidden" name="client" value="<?php echo $client_id; ?>">
+            <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
         <?php } else { ?>
 
             <div class="form-group">
@@ -38,7 +38,7 @@ ob_start();
                     <div class="input-group-prepend">
                         <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
                     </div>
-                    <select class="form-control select2" name="client" required>
+                    <select class="form-control select2" name="client_id" required>
                         <option value="">- Client -</option>
                         <?php
 

agent/modals/rack/rack_add.php

@@ -43,8 +43,17 @@ ob_start();
                         </div>
                         <select class="form-control select2" name="type" required>
                             <option value="">- Type -</option>
-                            <?php foreach($rack_type_select_array as $rack_type) { ?>
+                            <?php
-                                <option><?php echo $rack_type; ?></option>
+                            $sql_rack_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'rack_type'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_rack_types_select)) {
+                                $rack_type_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option><?= $rack_type_select ?></option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/rack/rack_edit.php

@@ -59,8 +59,19 @@ ob_start();
                         </div>
                         <select class="form-control select2" name="type" required>
                             <option value="">- Type -</option>
-                            <?php foreach($rack_type_select_array as $rack_type_select) { ?>
+                            <?php
-                                <option <?php if ($rack_type == $rack_type_select) { echo "selected"; } ?>><?php echo $rack_type_select; ?></option>
+                            $sql_rack_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'rack_type'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_rack_types_select)) {
+                                $rack_type_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option <?php if ($rack_type == $rack_type_select) { echo "selected"; } ?>>
+                                    <?= $rack_type_select ?>
+                                </option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/software/software_add.php

@@ -4,6 +4,16 @@ require_once '../../../includes/modal_header.php';
 
 $client_id = intval($_GET['client_id'] ?? 0);
 
+$license_types_array = array (
+    'Device',
+    'User',
+    'Site',
+    'Concurrent',
+    'Trial',
+    'Perpetual',
+    'Usage-based'
+);
+
 ob_start();
 
 ?>
@@ -79,8 +89,17 @@ ob_start();
                         </div>
                         <select class="form-control select2" name="type" required>
                             <option value="">- Select Type -</option>
-                            <?php foreach ($software_types_array as $software_type) { ?>
+                            <<?php
-                                <option><?php echo $software_type; ?></option>
+                            $sql_software_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'software_type'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
+                                $software_type_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option><?= $software_type_select ?></option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/software/software_edit.php

@@ -41,9 +41,20 @@ while ($row = mysqli_fetch_assoc($contact_licenses_sql)) {
 }
 $contact_licenses = implode(',', $contact_licenses_array);
 
-// Generate the HTML form content using output buffering.
+$license_types_array = array (
+    'Device',
+    'User',
+    'Site',
+    'Concurrent',
+    'Trial',
+    'Perpetual',
+    'Usage-based'
+);
+
 ob_start();
+
 ?>
+
 <div class="modal-header bg-dark">
     <h5 class="modal-title"><i class="fa fa-fw fa-cube mr-2"></i>Editing license: <strong><?php echo $software_name; ?></strong></h5>
     <button type="button" class="close text-white" data-dismiss="modal">
@@ -86,8 +97,20 @@ ob_start();
                             <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
                         </div>
                         <select class="form-control select2" name="type" required>
-                            <?php foreach($software_types_array as $software_type_select) { ?>
+                            <option value="">- Select Type -</option>
-                                <option <?php if ($software_type == $software_type_select) { echo "selected"; } ?>><?php echo $software_type_select; ?></option>
+                            <<?php
+                            $sql_software_types_select = mysqli_query($mysqli, "
+                                SELECT category_name FROM categories
+                                WHERE category_type = 'software_type'
+                                AND category_archived_at IS NULL
+                                ORDER BY category_order ASC, category_name ASC
+                            ");
+                            while ($row = mysqli_fetch_assoc($sql_software_types_select)) {
+                                $software_type_select = nullable_htmlentities($row['category_name']);
+                                ?>
+                                <option <?php if ($software_type == $software_type_select) { echo "selected"; } ?>>
+                                    <?= $software_type_select ?>
+                                </option>
                             <?php } ?>
                         </select>
                     </div>

agent/modals/ticket/ticket_add.php

@@ -247,7 +247,7 @@ ob_start();
                             <div class="input-group-prepend">
                                 <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
                             </div>
-                            <select class="form-control select2" name="contact">
+                            <select class="form-control select2" name="contact_id">
                                 <option value="0">- No One -</option>
                                 <?php
                                 $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_title, contact_primary, contact_technical FROM contacts WHERE contact_client_id = $client_id AND contact_archived_at IS NULL ORDER BY contact_primary DESC, contact_technical DESC, contact_name ASC");

agent/networks.php

@@ -79,15 +79,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <div class="card-tools">
             <div class="btn-group">
                 <button type="button" class="btn btn-primary ajax-modal" data-modal-url="modals/network/network_add.php?<?= $client_url ?>&location_id=<?= $location_filter ?>"><i class="fas fa-plus mr-2"></i>New Network</button>
-                <?php if ($num_rows[0] > 0) { ?>
                     <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
                     <div class="dropdown-menu">
+                        <?php if ($num_rows[0] > 0) { ?>
                         <a class="dropdown-item text-dark ajax-modal" href="#"
                             data-modal-url="modals/network/network_export.php?<?= $client_url ?>">
                             <i class="fa fa-fw fa-download mr-2"></i>Export
                         </a>
-                    </div>
                         <?php } ?>
+                        <div class="dropdown-divider"></div>
+                        <a class="dropdown-item text-dark ajax-modal" href="#"
+                            data-modal-url="modals/network/network_import.php?<?= $client_url ?>">
+                            <i class="fa fa-fw fa-upload mr-2"></i>Import
+                        </a>
+                    </div>
+
             </div>
 
         </div>
@@ -187,7 +193,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
 
             <form id="bulkActions" action="post.php" method="post">
                 <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">

agent/payments.php

@@ -138,7 +138,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </div>
             </form>
             <hr>
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                     <tr>

agent/post/account.php

@@ -12,7 +12,6 @@ if (isset($_POST['add_account'])) {
 
     enforceUserPermission('module_financial', 2);
 
-
     $name = sanitizeInput($_POST['name']);
     $opening_balance = floatval($_POST['opening_balance']);
     $currency_code = sanitizeInput($_POST['currency_code']);

agent/post/client.php

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_POST['add_client'])) {
 
+    // JQ - Using Prepared MySQLi Statements here for show this is not our standard and is only used in the client add/edit POST.
+
     validateCSRFToken($_POST['csrf_token']);
 
     enforceUserPermission('module_client', 2);
@@ -260,25 +262,63 @@ if (isset($_POST['edit_client'])) {
 
     $client_id = intval($_POST['client_id']);
 
-    mysqli_query($mysqli, "UPDATE clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_rate = $rate, client_net_terms = $net_terms, client_tax_id_number = '$tax_id_number', client_lead = $lead, client_abbreviation = '$abbreviation', client_notes = '$notes' WHERE client_id = $client_id");
+    // Update client using prepared statement
+    $query = mysqli_prepare(
+        $mysqli,
+        "UPDATE clients SET
+        client_name = ?,
+        client_type = ?,
+        client_website = ?,
+        client_referral = ?,
+        client_rate = ?,
+        client_net_terms = ?,
+        client_tax_id_number = ?,
+        client_lead = ?,
+        client_abbreviation = ?,
+        client_notes = ?
+        WHERE client_id = ?"
+    );
+    mysqli_stmt_bind_param(
+        $query,
+        "ssssdisissi",
+        $name,
+        $type,
+        $website,
+        $referral,
+        $rate,
+        $net_terms,
+        $tax_id_number,
+        $lead,
+        $abbreviation,
+        $notes,
+        $client_id
+    );
+    mysqli_stmt_execute($query);
 
-    // Create Referral if it doesn't exist
+    // Create referral category if it doesn't exist
-    $sql = mysqli_query($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = '$referral'");
+    $query = mysqli_prepare($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = ?");
-    if(mysqli_num_rows($sql) == 0) {
+    mysqli_stmt_bind_param($query, "s", $referral);
-        mysqli_query($mysqli, "INSERT INTO categories SET category_name = '$referral', category_type = 'Referral'");
+    mysqli_stmt_execute($query);
+    mysqli_stmt_store_result($query);
+    if (mysqli_stmt_num_rows($query) == 0) {
+        $query = mysqli_prepare($mysqli, "INSERT INTO categories SET category_name = ?, category_type = 'Referral'");
+        mysqli_stmt_bind_param($query, "s", $referral);
+        mysqli_stmt_execute($query);
 
         logAction("Category", "Create", "$session_name created referral category $referral");
     }
 
-    // Tags
+    // Tags - delete existing and re-insert
-    // Delete existing tags
+    $query = mysqli_prepare($mysqli, "DELETE FROM client_tags WHERE client_id = ?");
-    mysqli_query($mysqli, "DELETE FROM client_tags WHERE client_id = $client_id");
+    mysqli_stmt_bind_param($query, "i", $client_id);
+    mysqli_stmt_execute($query);
 
-    // Add new tags
+    if (isset($_POST['tags'])) {
-    if(isset($_POST['tags'])) {
+        $query = mysqli_prepare($mysqli, "INSERT INTO client_tags SET client_id = ?, tag_id = ?");
-        foreach($_POST['tags'] as $tag) {
+        foreach ($_POST['tags'] as $tag) {
             $tag = intval($tag);
-            mysqli_query($mysqli, "INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
+            mysqli_stmt_bind_param($query, "ii", $client_id, $tag);
+            mysqli_stmt_execute($query);
         }
     }
 

agent/post/file.php

@@ -33,7 +33,7 @@ if (isset($_POST['upload_files'])) {
         'odt', 'csv', 'xls', 'xlsx', 'ods', 'pptx', 'odp', 'zip', 'tar', 'gz',
         'msg', 'json', 'wav', 'mp3', 'ogg', 'mov', 'mp4', 'av1', 'ovpn',
         'cfg', 'ps1', 'vsdx', 'drawio', 'pfx', 'pages', 'numbers', 'unf', 'unifi',
-        'key', 'bat', 'stk'
+        'key', 'bat', 'stk', 'swb'
     ];
 
     // Loop through each uploaded file

agent/post/network.php

@@ -188,7 +188,7 @@ if (isset($_POST['export_networks_csv'])) {
         $file_name_prepend = "$session_company_name-";
     }
 
-    $sql = mysqli_query($mysqli,"SELECT * FROM networks LEFT JOIN client ON client_id = network_client_id WHERE network_archived_at IS NULL $client_query $access_permission_query ORDER BY network_name ASC");
+    $sql = mysqli_query($mysqli,"SELECT * FROM networks LEFT JOIN clients ON client_id = network_client_id WHERE network_archived_at IS NULL $client_query $access_permission_query ORDER BY network_name ASC");
 
     $num_rows = mysqli_num_rows($sql);
 
@@ -227,3 +227,161 @@ if (isset($_POST['export_networks_csv'])) {
     exit;
 
 }
+
+// ============================================================
+// Add these two blocks to agent/post/network.php
+// Place them alongside the existing export_networks_csv block.
+// ============================================================
+
+// ----------------------------------------------------------
+// CSV Template Download
+// GET: post.php?download_networks_csv_template=<client_id>
+// ----------------------------------------------------------
+if (isset($_GET['download_networks_csv_template'])) {
+
+    $delimiter = ",";
+    $enclosure = '"';
+    $escape    = '\\';
+    $filename  = "Networks-Template.csv";
+
+    $f = fopen('php://memory', 'w');
+
+    $fields = array('Name', 'Description', 'VLAN', 'Network (CIDR)', 'Gateway', 'IP Range', 'Primary DNS', 'Secondary DNS');
+    fputcsv($f, $fields, $delimiter, $enclosure, $escape);
+
+    // One example row so the user can see expected formatting
+    $example = array('Office LAN', 'Main office network', '10', '192.168.1.0/24', '192.168.1.1', '192.168.1.100-192.168.1.200', '8.8.8.8', '8.8.4.4');
+    fputcsv($f, $example, $delimiter, $enclosure, $escape);
+
+    fseek($f, 0);
+
+    header('Content-Type: text/csv');
+    header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+    fpassthru($f);
+    exit;
+
+}
+
+// ----------------------------------------------------------
+// CSV Import
+// POST: post.php  (name="import_networks_csv")
+// ----------------------------------------------------------
+if (isset($_POST['import_networks_csv'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    enforceUserPermission('module_support', 2);
+
+    $client_id = intval($_POST['client_id']);
+
+    enforceClientAccess();
+
+    $error = false;
+
+    // File provided?
+    if (!empty($_FILES['file']['tmp_name'])) {
+        $file_name = $_FILES['file']['tmp_name'];
+    } else {
+        flash_alert("Please select a file to upload.", 'error');
+        redirect();
+    }
+
+    // Check extension
+    $file_extension = strtolower(end(explode('.', $_FILES['file']['name'])));
+    if ($file_extension !== 'csv') {
+        $error = true;
+        flash_alert("Bad file extension — only .csv files are accepted.", 'error');
+    }
+
+    // Check not empty
+    elseif ($_FILES['file']['size'] < 1) {
+        $error = true;
+        flash_alert("Bad file size (empty file?).", 'error');
+    }
+
+    // Check column count matches the 8-column export/template format
+    else {
+        $f = fopen($file_name, 'r');
+        $f_columns = fgetcsv($f, 1000, ',');
+        fclose($f);
+
+        if (count($f_columns) !== 8) {
+            $error = true;
+            flash_alert("Bad column count — expected 8 columns: Name, Description, VLAN, Network (CIDR), Gateway, IP Range, Primary DNS, Secondary DNS.", 'error');
+        }
+    }
+
+    // Parse and insert
+    if (!$error) {
+        $file = fopen($file_name, 'r');
+        fgetcsv($file, 1000, ','); // Skip header row
+
+        $row_count       = 0;
+        $duplicate_count = 0;
+
+        while (($column = fgetcsv($file, 1000, ',')) !== false) {
+
+            $duplicate_detect = 0;
+
+            $name         = isset($column[0]) ? sanitizeInput($column[0]) : '';
+            $description  = isset($column[1]) ? sanitizeInput($column[1]) : '';
+            $vlan         = isset($column[2]) ? intval($column[2])         : 0;
+            $network      = isset($column[3]) ? sanitizeInput($column[3]) : '';
+            $gateway      = isset($column[4]) ? sanitizeInput($column[4]) : '';
+            $dhcp_range   = isset($column[5]) ? sanitizeInput($column[5]) : '';
+            $primary_dns  = isset($column[6]) ? sanitizeInput($column[6]) : '';
+            $secondary_dns = isset($column[7]) ? sanitizeInput($column[7]) : '';
+
+            // Skip rows with no name
+            if ($name === '') {
+                continue;
+            }
+
+            // Duplicate check — same name + network address for this client
+            $dup_check = mysqli_query($mysqli,
+                "SELECT network_id FROM networks
+                 WHERE network_name = '$name'
+                   AND network = '$network'
+                   AND network_client_id = $client_id
+                   AND network_archived_at IS NULL
+                 LIMIT 1"
+            );
+
+            if (mysqli_num_rows($dup_check) > 0) {
+                $duplicate_detect = 1;
+            }
+
+            if ($duplicate_detect === 0) {
+                mysqli_query($mysqli,
+                    "INSERT INTO networks SET
+                        network_name         = '$name',
+                        network_description  = '$description',
+                        network_vlan         = $vlan,
+                        network              = '$network',
+                        network_gateway      = '$gateway',
+                        network_dhcp_range   = '$dhcp_range',
+                        network_primary_dns  = '$primary_dns',
+                        network_secondary_dns = '$secondary_dns',
+                        network_client_id    = $client_id"
+                );
+                $row_count++;
+            } else {
+                $duplicate_count++;
+            }
+        }
+
+        fclose($file);
+
+        logAction("Network", "Import", "$session_name imported $row_count network(s). $duplicate_count duplicate(s) found and not imported", $client_id);
+
+        flash_alert("$row_count Network(s) imported, $duplicate_count duplicate(s) detected and not imported");
+
+        redirect();
+    }
+
+    if ($error) {
+        redirect();
+    }
+
+}

agent/post/quote.php

@@ -14,7 +14,7 @@ if (isset($_POST['add_quote'])) {
 
     require_once 'quote_model.php';
 
-    $client_id = intval($_POST['client']);
+    $client_id = intval($_POST['client_id']);
 
     enforceClientAccess();
 
@@ -55,7 +55,7 @@ if (isset($_POST['add_quote_copy'])) {
     enforceUserPermission('module_sales', 2);
 
     $quote_id = intval($_POST['quote_id']);
-    $client_id = intval($_POST['client']);
+    $client_id = intval($_POST['client_id']);
     $date = sanitizeInput($_POST['date']);
     $expire = sanitizeInput($_POST['expire']);
 

agent/post/rack.php

@@ -265,7 +265,7 @@ if (isset($_POST['edit_rack_unit'])) {
 
 if (isset($_GET['remove_rack_unit'])) {
 
-    validateCSRFToken($_POST['csrf_token']);
+    validateCSRFToken($_GET['csrf_token']);
 
     enforceUserPermission('module_support', 2);
 

agent/products.php

@@ -169,7 +169,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             <form id="bulkActions" action="post.php" method="post">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-                <div class="table-responsive-sm">
+                <div class="table-responsive">
                     <table class="table table-striped table-borderless table-hover">
                         <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                         <tr>

agent/project_details.php

@@ -341,13 +341,13 @@ if (isset($_GET['project_id'])) {
                 <div class="card-body p-0">
                     <form id="bulkActions" action="post.php" method="post">
                         <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-                        <div class="table-responsive-sm">
+                        <div class="table-responsive">
                             <table class="table table-border table-hover">
                                 <thead class="thead-light">
                                 <tr>
                                     <td class="bg-light checkbox-column">
                                         <div class="form-check">
-                                            <input class="form-check-input" id="selectAllCheckbox" type="checkbox" onclick="checkAll(this)" onkeydown="checkAll(this)">
+                                            <input class="form-check-input" id="selectAllCheckbox" type="checkbox" onclick="checkAll(this)">
                                         </div>
                                     </td>
                                     <th>
@@ -494,7 +494,6 @@ if (isset($_GET['project_id'])) {
                                         <td><?php echo $client_name; ?></td>
                                     </tr>
 
-
                                 <?php } ?>
 
                                 </tbody>

agent/projects.php

@@ -108,7 +108,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
             <table class="table table-striped table-hover table-borderless">
                 <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                 <tr>
@@ -190,34 +190,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                     // Get Tasks and Tickets Stats
                     // Get Tickets
-                    $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id");
+                    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('ticket_id') AS count FROM tickets WHERE ticket_project_id = $project_id"));
-                    $ticket_count = mysqli_num_rows($sql_tickets);
+                    $ticket_count = $row['count'];
 
                     // Get Closed Ticket Count
-                    $sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL");
+                    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('ticket_id') AS count FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL"));
-
+                    $closed_ticket_count = $row['count'];
-                    $closed_ticket_count = mysqli_num_rows($sql_closed_tickets);
 
                     // Ticket Closed Percent
                     if($ticket_count) {
                         $tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100);
                     }
                     // Get All Tasks
-                    $sql_tasks = mysqli_query($mysqli,
+                    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS count FROM tickets, tasks WHERE ticket_id = task_ticket_id AND ticket_project_id = $project_id"));
-                        "SELECT * FROM tickets, tasks
+                    $task_count = $row['count'];
-                        WHERE ticket_id = task_ticket_id
-                        AND ticket_project_id = $project_id"
-                    );
-                    $task_count = mysqli_num_rows($sql_tasks);
 
                     // Get Completed Task Count
-                    $sql_tasks_completed = mysqli_query($mysqli,
+                    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS count FROM tickets, tasks WHERE ticket_id = task_ticket_id AND ticket_project_id = $project_id AND task_completed_at IS NOT NULL"));
-                        "SELECT * FROM tickets, tasks
+                    $completed_task_count = $row['count'];
-                        WHERE ticket_id = task_ticket_id
-                        AND ticket_project_id = $project_id
-                        AND task_completed_at IS NOT NULL"
-                    );
-                    $completed_task_count = mysqli_num_rows($sql_tasks_completed);
 
                     // Tasks Completed Percent
                     if($task_count) {

agent/quotes.php

@@ -91,7 +91,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
             <table class="table table-striped table-borderless table-hover">
                 <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                 <tr>

agent/recurring_expenses.php

@@ -63,7 +63,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </div>
             </form>
             <hr>
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>

agent/recurring_invoices.php

@@ -93,7 +93,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
             <table class="table table-striped table-borderless table-hover">
                 <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                 <tr>

agent/recurring_tickets.php

@@ -212,7 +212,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         </form>
         <hr>
 
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
 
             <form id="bulkActions" action="post.php" method="post">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">

agent/revenues.php

@@ -60,7 +60,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </div>
         </form>
         <hr>
-        <div class="table-responsive-sm">
+        <div class="table-responsive">
             <table class="table table-striped table-borderless table-hover">
                 <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                 <tr>

agent/services.php

@@ -110,7 +110,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             </form>
             <hr>
 
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>

agent/software.php

@@ -146,7 +146,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </div>
             </form>
             <hr>
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                     <tr>

agent/ticket_list.php

@@ -3,7 +3,7 @@
         <form id="bulkActions" action="post.php" method="post">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-                <div class="table-responsive-sm">
+                <div class="table-responsive">
                     <table class="table table-striped table-borderless table-hover">
                         <thead class="text-dark <?php if (!$num_rows[0]) { echo "d-none"; } ?> text-nowrap">
                         <tr>
@@ -172,6 +172,9 @@
 
 
                             // Get Tasks
+                            // Get Tasks
+                            $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS count FROM tickets, tasks WHERE ticket_id = task_ticket_id AND ticket_project_id = $project_id"));
+                            $task_count = $row['count'];
                             $sql_tasks = mysqli_query( $mysqli, "SELECT * FROM tasks WHERE task_ticket_id = $ticket_id ORDER BY task_created_at ASC");
                             $task_count = mysqli_num_rows($sql_tasks);
                                     // Get Completed Task Count

agent/transfers.php

@@ -120,7 +120,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </div>
             </form>
             <hr>
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                     <tr>

agent/trips.php

@@ -85,7 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </div>
             </form>
             <hr>
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>

agent/vendors.php

@@ -113,7 +113,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <form id="bulkActions" action="post.php" method="post">
             <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-            <div class="table-responsive-sm">
+            <div class="table-responsive">
                 <table class="table table-striped table-borderless table-hover">
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
                     <tr>

api/v1/assets/asset_model.php

@@ -4,7 +4,7 @@
 if (isset($_POST['asset_name'])) {
     $name = sanitizeInput($_POST['asset_name']);
 } elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
-    $name = $asset_row['asset_name'];
+    $name = mysqli_real_escape_string($mysqli, $asset_row['asset_name']);
 } else {
     $name = '';
 }
@@ -12,7 +12,7 @@ if (isset($_POST['asset_name'])) {
 if (isset($_POST['asset_description'])) {
     $description = sanitizeInput($_POST['asset_description']);
 } elseif (isset($asset_row) && isset($asset_row['asset_description'])) {
-    $description = $asset_row['asset_description'];
+    $description = mysqli_real_escape_string($mysqli, $asset_row['asset_description']);
 } else {
     $description = '';
 }
@@ -20,7 +20,7 @@ if (isset($_POST['asset_description'])) {
 if (isset($_POST['asset_type'])) {
     $type = sanitizeInput($_POST['asset_type']);
 } elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
-    $type = $asset_row['asset_type'];
+    $type = mysqli_real_escape_string($mysqli, $asset_row['asset_type']);
 } else {
     $type = '';
 }
@@ -28,14 +28,14 @@ if (isset($_POST['asset_type'])) {
 if (isset($_POST['asset_make'])) {
     $make = sanitizeInput($_POST['asset_make']);
 } elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
-    $make = $asset_row['asset_make'];
+    $make = mysqli_real_escape_string($mysqli, $asset_row['asset_make']);
 } else {
     $make = '';
 }
 if (isset($_POST['asset_model'])) {
     $model = sanitizeInput($_POST['asset_model']);
 } elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
-    $model = $asset_row['asset_model'];
+    $model = mysqli_real_escape_string($mysqli, $asset_row['asset_model']);
 } else {
     $model = '';
 }
@@ -43,7 +43,7 @@ if (isset($_POST['asset_model'])) {
 if (isset($_POST['asset_serial'])) {
     $serial = sanitizeInput($_POST['asset_serial']);
 } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
-    $serial = $asset_row['asset_serial'];
+    $serial = mysqli_real_escape_string($mysqli, $asset_row['asset_serial']);
 } else {
     $serial = '';
 }
@@ -51,7 +51,7 @@ if (isset($_POST['asset_serial'])) {
 if (isset($_POST['asset_os'])) {
     $os = sanitizeInput($_POST['asset_os']);
 } elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
-    $os = $asset_row['asset_os'];
+    $os = mysqli_real_escape_string($mysqli, $asset_row['asset_os']);
 } else {
     $os = '';
 }
@@ -59,7 +59,7 @@ if (isset($_POST['asset_os'])) {
 if (isset($_POST['asset_ip'])) {
     $ip = sanitizeInput($_POST['asset_ip']);
 } elseif (isset($asset_row) && isset($asset_row['interface_ip'])) {
-    $ip = $asset_row['interface_ip'];
+    $ip = mysqli_real_escape_string($mysqli, $asset_row['interface_ip']);
 } else {
     $ip = '';
 }
@@ -67,7 +67,7 @@ if (isset($_POST['asset_ip'])) {
 if (isset($_POST['asset_mac'])) {
     $mac = sanitizeInput($_POST['asset_mac']);
 } elseif (isset($asset_row) && isset($asset_row['interface_mac'])) {
-    $mac = $asset_row['interface_mac'];
+    $mac = mysqli_real_escape_string($mysqli, $asset_row['interface_mac']);
 } else {
     $mac = '';
 }
@@ -75,15 +75,23 @@ if (isset($_POST['asset_mac'])) {
 if (isset($_POST['asset_uri'])) {
     $uri = sanitizeInput($_POST['asset_uri']);
 } elseif (isset($asset_row) && isset($asset_row['asset_uri'])) {
-    $uri = $asset_row['asset_uri'];
+    $uri = mysqli_real_escape_string($mysqli, $asset_row['asset_uri']);
 } else {
     $uri = '';
 }
 
+if (isset($_POST['asset_uri_2'])) {
+    $uri_2 = sanitizeInput($_POST['asset_uri_2']);
+} elseif (isset($asset_row) && isset($asset_row['asset_uri_2'])) {
+    $uri_2 = mysqli_real_escape_string($mysqli, $asset_row['asset_uri_2']);
+} else {
+    $uri_2 = '';
+}
+
 if (isset($_POST['asset_status'])) {
     $status = sanitizeInput($_POST['asset_status']);
 } elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
-    $status = $asset_row['asset_status'];
+    $status = mysqli_real_escape_string($mysqli, $asset_row['asset_status']);
 } else {
     $status = '';
 }
@@ -91,7 +99,7 @@ if (isset($_POST['asset_status'])) {
 if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
     $purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
-    $purchase_date = "'" . $asset_row['asset_purchase_date'] . "'";
+    $purchase_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_purchase_date']) . "'";
 } else {
     $purchase_date = "NULL";
 }
@@ -99,7 +107,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
 if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
     $warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
-    $warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'";
+    $warranty_expire = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_warranty_expire']) . "'";
 } else {
     $warranty_expire = "NULL";
 }
@@ -107,7 +115,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi
 if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
     $install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
-    $install_date = "'" . $asset_row['asset_install_date'] . "'";
+    $install_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_install_date']) . "'";
 } else {
     $install_date = "NULL";
 }
@@ -115,7 +123,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date']))
 if (isset($_POST['asset_notes'])) {
     $notes = sanitizeInput($_POST['asset_notes']);
 } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
-    $notes = $asset_row['asset_notes'];
+    $notes = mysqli_real_escape_string($mysqli, $asset_row['asset_notes']);
 } else {
     $notes = '';
 }

api/v1/assets/read.php

@@ -37,7 +37,7 @@ if (isset($_GET['asset_id'])) {
 
 } elseif (isset($_GET['asset_uri_2'])) {
     // Asset query via uri2
-    $uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
+    $uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri_2']);
     $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri_2 = '$uri2' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 
 }else {

api/v1/assets/update.php

@@ -18,8 +18,7 @@ if (!empty($asset_id)) {
     // Variable assignment from POST - assigning the current database value if a value is not provided
     require_once 'asset_model.php';
 
-
+    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
-    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
 
     // Check insert & get insert ID
     if ($update_sql) {
@@ -28,6 +27,9 @@ if (!empty($asset_id)) {
         // Update Primary Interface
         mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_mac = '$mac', interface_ip = '$ip', interface_network_id = $network WHERE interface_asset_id = $asset_id AND interface_primary = 1");
 
+        // Add to History
+        mysqli_query($mysqli,"INSERT INTO asset_history SET asset_history_status = '$status', asset_history_description = 'API updated $name ($api_key_name)', asset_history_asset_id = $asset_id");
+
         // Logging
         logAction("Asset", "Edit", "$name via API ($api_key_name)", $client_id);
         logAction("API", "Success", "Edited asset $name via API ($api_key_name)", $client_id);

api/v1/clients/client_model.php

@@ -5,7 +5,7 @@
 if (isset($_POST['client_name'])) {
     $name = sanitizeInput($_POST['client_name']);
 } elseif ($client_row) {
-    $name = $client_row['client_name'];
+    $name = mysqli_real_escape_string($mysqli, $client_row['client_name']);
 } else {
     $name = '';
 }
@@ -13,7 +13,7 @@ if (isset($_POST['client_name'])) {
 if (isset($_POST['client_type'])) {
     $type = sanitizeInput($_POST['client_type']);
 } elseif ($client_row) {
-    $type = $client_row['client_type'];
+    $type = mysqli_real_escape_string($mysqli, $client_row['client_type']);
 } else {
     $type = '';
 }
@@ -21,7 +21,7 @@ if (isset($_POST['client_type'])) {
 if (isset($_POST['client_website'])) {
     $website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website']));
 } elseif ($client_row) {
-    $website = $client_row['client_website'];
+    $website = mysqli_real_escape_string($mysqli, $client_row['client_website']);
 } else {
     $website = '';
 }
@@ -29,7 +29,7 @@ if (isset($_POST['client_website'])) {
 if (isset($_POST['client_referral'])) {
     $referral = sanitizeInput($_POST['client_referral']);
 } elseif ($client_row) {
-    $referral = $client_row['client_referral'];
+    $referral = mysqli_real_escape_string($mysqli, $client_row['client_referral']);
 } else {
     $referral = '';
 }
@@ -45,7 +45,7 @@ if (isset($_POST['client_rate'])) {
 if (isset($_POST['client_currency_code'])) {
     $currency_code = sanitizeInput($_POST['client_currency_code']);
 } elseif ($client_row) {
-    $currency_code = $client_row['client_currency_code'];
+    $currency_code = mysqli_real_escape_string($mysqli, $client_row['client_currency_code']);
 } else {
     $currency_code = '';
 }
@@ -61,7 +61,7 @@ if (isset($_POST['client_net_terms'])) {
 if (isset($_POST['client_tax_id_number'])) {
     $tax_id_number = sanitizeInput($_POST['client_tax_id_number']);
 } elseif ($client_row) {
-    $tax_id_number = $client_row['client_tax_id_number'];
+    $tax_id_number = mysqli_real_escape_string($mysqli, $client_row['client_tax_id_number']);
 } else {
     $tax_id_number = '';
 }
@@ -69,7 +69,7 @@ if (isset($_POST['client_tax_id_number'])) {
 if (isset($_POST['client_abbreviation'])) {
     $abbreviation = sanitizeInput(substr($_POST['client_abbreviation'], 0, 6));
 } elseif ($client_row) {
-    $abbreviation = $client_row['client_abbreviation'];
+    $abbreviation = mysqli_real_escape_string($mysqli, $client_row['client_abbreviation']);
 } else {
     $abbreviation = '';
 }
@@ -85,7 +85,7 @@ if (isset($_POST['client_is_lead'])) {
 if (isset($_POST['client_notes'])) {
     $notes = sanitizeInput($_POST['client_notes']);
 } elseif ($client_row) {
-    $notes = $client_row['client_notes'];
+    $notes = mysqli_real_escape_string($mysqli, $client_row['client_notes']);
 } else {
     $notes = '';
 }

api/v1/clients/update.php

@@ -3,9 +3,6 @@
 require_once '../validate_api_key.php';
 require_once '../require_post_method.php';
 
-// Parse Info
-$client_id = intval($_POST['client_id']);
-
 // Default
 $update_count = false;
 

api/v1/contacts/contact_model.php

@@ -5,7 +5,7 @@ define('number_regex', '/[^0-9]/');
 if (isset($_POST['contact_name'])) {
     $name = sanitizeInput($_POST['contact_name']);
 } elseif ($contact_row) {
-    $name = $contact_row['contact_name'];
+    $name = mysqli_real_escape_string($mysqli, $contact_row['contact_name']);
 } else {
     $name = '';
 }
@@ -13,7 +13,7 @@ if (isset($_POST['contact_name'])) {
 if (isset($_POST['contact_title'])) {
     $title = sanitizeInput($_POST['contact_title']);
 } elseif ($contact_row) {
-    $title = $contact_row['contact_title'];
+    $title = mysqli_real_escape_string($mysqli, $contact_row['contact_title']);
 } else {
     $title = '';
 }
@@ -21,7 +21,7 @@ if (isset($_POST['contact_title'])) {
 if (isset($_POST['contact_department'])) {
     $department = sanitizeInput($_POST['contact_department']);
 } elseif ($contact_row) {
-    $department = $contact_row['contact_department'];
+    $department = mysqli_real_escape_string($mysqli, $contact_row['contact_department']);
 } else {
     $department = '';
 }
@@ -29,7 +29,7 @@ if (isset($_POST['contact_department'])) {
 if (isset($_POST['contact_email'])) {
     $email = sanitizeInput($_POST['contact_email']);
 } elseif ($contact_row) {
-    $email = $contact_row['contact_email'];
+    $email = mysqli_real_escape_string($mysqli, $contact_row['contact_email']);
 } else {
     $email = '';
 }
@@ -37,7 +37,7 @@ if (isset($_POST['contact_email'])) {
 if (isset($_POST['contact_phone'])) {
     $phone = preg_replace(number_regex, '', $_POST['contact_phone']);
 } elseif ($contact_row) {
-    $phone = $contact_row['contact_phone'];
+    $phone = mysqli_real_escape_string($mysqli, $contact_row['contact_phone']);
 } else {
     $phone = '';
 }
@@ -45,7 +45,7 @@ if (isset($_POST['contact_phone'])) {
 if (isset($_POST['contact_extension'])) {
     $extension = preg_replace(number_regex, '', $_POST['contact_extension']);
 } elseif ($contact_row) {
-    $extension = $contact_row['contact_extension'];
+    $extension = mysqli_real_escape_string($mysqli, $contact_row['contact_extension']);
 } else {
     $extension = '';
 }
@@ -53,7 +53,7 @@ if (isset($_POST['contact_extension'])) {
 if (isset($_POST['contact_mobile'])) {
     $mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
 } elseif ($contact_row) {
-    $mobile = $contact_row['contact_mobile'];
+    $mobile = mysqli_real_escape_string($mysqli, $contact_row['contact_mobile']);
 } else {
     $mobile = '';
 }
@@ -61,7 +61,7 @@ if (isset($_POST['contact_mobile'])) {
 if (isset($_POST['contact_notes'])) {
     $notes = sanitizeInput($_POST['contact_notes']);
 } elseif ($contact_row) {
-    $notes = $contact_row['contact_notes'];
+    $notes = mysqli_real_escape_string($mysqli, $contact_row['contact_notes']);
 } else {
     $notes = '';
 }

api/v1/credentials/create.php

@@ -13,7 +13,7 @@ $insert_id = false;
 if (!empty($api_key_decrypt_password) && !empty($name) && !(empty($password))) {
 
     // Add credential
-    $insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id");
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_favorite = $favorite, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id");
 
     // Check insert & get insert ID
     if ($insert_sql) {

api/v1/credentials/credential_model.php

@@ -11,7 +11,7 @@ if (isset($_POST['api_key_decrypt_password'])) {
 if (isset($_POST['credential_name'])) {
     $name = sanitizeInput($_POST['credential_name']);
 } elseif (isset($credential_row) && isset($credential_row['credential_name'])) {
-    $name = $credential_row['credential_name'];
+    $name = mysqli_real_escape_string($mysqli, $credential_row['credential_name']);
 } else {
     $name = '';
 }
@@ -19,7 +19,7 @@ if (isset($_POST['credential_name'])) {
 if (isset($_POST['credential_description'])) {
     $description = sanitizeInput($_POST['credential_description']);
 } elseif (isset($credential_row) && isset($credential_row['credential_description'])) {
-    $description = $credential_row['credential_description'];
+    $description = mysqli_real_escape_string($mysqli, $credential_row['credential_description']);
 } else {
     $description = '';
 }
@@ -27,7 +27,7 @@ if (isset($_POST['credential_description'])) {
 if (isset($_POST['credential_uri'])) {
     $uri = sanitizeInput($_POST['credential_uri']);
 } elseif (isset($credential_row) && isset($credential_row['credential_uri'])) {
-    $uri = $credential_row['credential_uri'];
+    $uri = mysqli_real_escape_string($mysqli, $credential_row['credential_uri']);
 } else {
     $uri = '';
 }
@@ -35,7 +35,7 @@ if (isset($_POST['credential_uri'])) {
 if (isset($_POST['credential_uri_2'])) {
     $uri_2 = sanitizeInput($_POST['credential_uri_2']);
 } elseif (isset($credential_row) && isset($credential_row['credential_uri_2'])) {
-    $uri_2 = $credential_row['credential_uri_2'];
+    $uri_2 = mysqli_real_escape_string($mysqli, $credential_row['credential_uri_2']);
 } else {
     $uri_2 = '';
 }
@@ -61,12 +61,10 @@ if (isset($_POST['credential_password'])) {
     $password_changed = false;
 }
 
-
-
 if (isset($_POST['credential_otp_secret'])) {
     $otp_secret = sanitizeInput($_POST['credential_otp_secret']);
 } elseif (isset($credential_row) && isset($credential_row['credential_otp_secret'])) {
-    $otp_secret = $credential_row['credential_otp_secret'];
+    $otp_secret = mysqli_real_escape_string($mysqli, $credential_row['credential_otp_secret']);
 } else {
     $otp_secret = '';
 }
@@ -74,17 +72,17 @@ if (isset($_POST['credential_otp_secret'])) {
 if (isset($_POST['credential_note'])) {
     $note = sanitizeInput($_POST['credential_note']);
 } elseif (isset($credential_row) && isset($credential_row['credential_note'])) {
-    $note = $credential_row['credential_note'];
+    $note = mysqli_real_escape_string($mysqli, $credential_row['credential_note']);
 } else {
     $note = '';
 }
 
-if (isset($_POST['credential_important'])) {
+if (isset($_POST['credential_favorite'])) {
-    $important = intval($_POST['credential_important']);
+    $favorite = intval($_POST['credential_favorite']);
-} elseif (isset($credential_row) && isset($credential_row['credential_important'])) {
+} elseif (isset($credential_row) && isset($credential_row['credential_favorite'])) {
-    $important = $credential_row['credential_important'];
+    $favorite = $credential_row['credential_favorite'];
 } else {
-    $important = '';
+    $favorite = 0;
 }
 
 if (isset($_POST['credential_contact_id'])) {
@@ -92,7 +90,7 @@ if (isset($_POST['credential_contact_id'])) {
 } elseif (isset($credential_row) && isset($credential_row['credential_contact_id'])) {
     $contact_id = $credential_row['credential_contact_id'];
 } else {
-    $contact_id = '';
+    $contact_id = 0;
 }
 
 if (isset($_POST['credential_vendor_id'])) {
@@ -100,7 +98,7 @@ if (isset($_POST['credential_vendor_id'])) {
 } elseif (isset($credential_row) && isset($credential_row['credential_vendor_id'])) {
     $vendor_id = $credential_row['credential_vendor_id'];
 } else {
-    $vendor_id = '';
+    $vendor_id = 0;
 }
 
 if (isset($_POST['credential_asset_id'])) {
@@ -108,7 +106,7 @@ if (isset($_POST['credential_asset_id'])) {
 } elseif (isset($credential_row) && isset($credential_row['credential_asset_id'])) {
     $asset_id = $credential_row['credential_asset_id'];
 } else {
-    $asset_id = '';
+    $asset_id = 0;
 }
 
 if (isset($_POST['credential_software_id'])) {
@@ -116,5 +114,5 @@ if (isset($_POST['credential_software_id'])) {
 } elseif (isset($credential_row) && isset($credential_row['credential_software_id'])) {
     $software_id = $credential_row['credential_software_id'];
 } else {
-    $software_id = '';
+    $software_id = 0;
 }

api/v1/credentials/update.php

@@ -17,7 +17,7 @@ if (!empty($_POST['api_key_decrypt_password']) && !empty($credential_id)) {
     // Variable assignment from POST - assigning the current database value if a value is not provided
     require_once 'credential_model.php';
 
-    $update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1");
+    $update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_favorite = $favorite, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1");
 
     // Check insert & get insert ID
     if ($update_sql) {

api/v1/documents/document_model.php

@@ -4,7 +4,7 @@
 if (isset($_POST['document_name'])) {
     $name = sanitizeInput($_POST['document_name']);
 } elseif (isset($document_row) && isset($document_row['document_name'])) {
-    $name = $document_row['document_name'];
+    $name = mysqli_real_escape_string($mysqli, $document_row['document_name']);
 } else {
     $name = '';
 }
@@ -12,7 +12,7 @@ if (isset($_POST['document_name'])) {
 if (isset($_POST['document_description'])) {
     $description = sanitizeInput($_POST['document_description']);
 } elseif (isset($document_row) && isset($document_row['document_description'])) {
-    $description = $document_row['document_description'];
+    $description = mysqli_real_escape_string($mysqli, $document_row['document_description']);
 } else {
     $description = '';
 }
@@ -20,7 +20,7 @@ if (isset($_POST['document_description'])) {
 if (isset($_POST['document_content'])) {
     $content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
 } elseif (isset($document_row) && isset($document_row['document_content'])) {
-    $content = $document_row['document_content'];
+    $content = mysqli_real_escape_string($mysqli, $document_row['document_content']);
 } else {
     $content = '';
 }
@@ -29,7 +29,7 @@ if (isset($_POST['document_content'])) {
 if (isset($_POST['document_content'])) {
     $content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
 } elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
-    $content_raw = $document_row['document_content_raw'];
+    $content_raw = mysqli_real_escape_string($mysqli, $document_row['document_content_raw']);
 } else {
     $content_raw = '';
 }

api/v1/documents/update.php

@@ -60,8 +60,18 @@ if (!empty($document_id)) {
 
         $document_version_id = mysqli_insert_id($mysqli);
 
-        // 3) Variable assignment from POST (uses	trigger you already have)
+        // 3) Variable assignment from POST
         // This should set: $name, $description, $content (raw html), $folder, etc.
+
+        // Fetch current doc data (fresh)
+        $document_row = mysqli_fetch_assoc(mysqli_query($mysqli, "
+        SELECT * FROM documents
+        WHERE document_client_id = $client_id
+           AND document_id = $document_id
+        LIMIT 1
+        "));
+
+        // Assign variables from POST or fallback to DB
         require_once 'document_model.php';
 
         // Process NEW HTML content: save base64 images to /uploads/documents/<document_id>/

api/v1/domains/read.php

@@ -13,7 +13,7 @@ if (isset($_GET['domain_id'])) {
 } elseif (isset($_GET['domain_name'])) {
     // Domain by name
     $name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
 
 } else {
     // All domains (by client ID or all in general if key permits)

api/v1/invoice_items/read.php

@@ -0,0 +1,64 @@
+<?php
+/*
+ * API - Invoice Items - Read
+ * GET /api/v1/invoice_items/read.php
+ *
+ * Returns line items belonging to invoices scoped to the API key's client.
+ *
+ * Parameters (GET):
+ *   api_key        required  - Your API key
+ *   invoice_id     required* - Return items for a single invoice
+ *   item_id        required* - Return a single line item by its own ID
+ *                  * One of invoice_id or item_id must be provided
+ *   limit          optional  - Max rows to return (default 50)
+ *   offset         optional  - Offset for pagination (default 0)
+ *
+ * Security:
+ *   - invoice_items are always joined to invoices so that invoice_client_id
+ *     is checked against the API key's client scope. A scoped key can never
+ *     read items belonging to another client, even when item_id is supplied
+ *     directly.
+ *   - $client_id is set to "%" by validate_api_key.php for All-Clients keys,
+ *     which causes the LIKE to match every client — consistent with other
+ *     endpoints in this API.
+ */
+require_once '../validate_api_key.php';
+require_once '../require_get_method.php';
+
+if (isset($_GET['item_id'])) {
+    // Single line item by item_id — still JOIN to invoices to enforce client scope
+    $item_id = intval($_GET['item_id']);
+    $sql = mysqli_query($mysqli,
+        "SELECT ii.*
+         FROM invoice_items ii
+         INNER JOIN invoices i ON i.invoice_id = ii.item_invoice_id
+         WHERE ii.item_id = '$item_id'
+           AND i.invoice_client_id LIKE '$client_id'
+         LIMIT 1"
+    );
+} elseif (isset($_GET['invoice_id'])) {
+    // All items on a specific invoice
+    $invoice_id = intval($_GET['invoice_id']);
+    $sql = mysqli_query($mysqli,
+        "SELECT ii.*
+         FROM invoice_items ii
+         INNER JOIN invoices i ON i.invoice_id = ii.item_invoice_id
+         WHERE ii.item_invoice_id = '$invoice_id'
+           AND i.invoice_client_id LIKE '$client_id'
+         ORDER BY ii.item_order ASC, ii.item_id ASC
+         LIMIT $limit OFFSET $offset"
+    );
+} else {
+    // No filter supplied — reject the request
+    http_response_code(400);
+    echo json_encode([
+        'success' => 'False',
+        'message' => 'A filter is required. Please supply either invoice_id or item_id.',
+        'count'   => 0,
+        'data'    => []
+    ]);
+    exit;
+}
+
+// Output
+require_once "../read_output.php";

api/v1/locations/location_model.php

@@ -5,7 +5,7 @@
 if (isset($_POST['location_name'])) {
     $name = sanitizeInput($_POST['location_name']);
 } elseif ($location_row) {
-    $name = $location_row['location_name'];
+    $name = mysqli_real_escape_string($mysqli, $location_row['location_name']);
 } else {
     $name = '';
 }
@@ -13,7 +13,7 @@ if (isset($_POST['location_name'])) {
 if (isset($_POST['location_description'])) {
     $description = sanitizeInput($_POST['location_description']);
 } elseif ($location_row) {
-    $description = $location_row['location_description'];
+    $description = mysqli_real_escape_string($mysqli, $location_row['location_description']);
 } else {
     $description = '';
 }
@@ -21,7 +21,7 @@ if (isset($_POST['location_description'])) {
 if (isset($_POST['location_country'])) {
     $country = sanitizeInput($_POST['location_country']);
 } elseif ($location_row) {
-    $country = $location_row['location_country'];
+    $country = mysqli_real_escape_string($mysqli, $location_row['location_country']);
 } else {
     $country = '';
 }
@@ -29,7 +29,7 @@ if (isset($_POST['location_country'])) {
 if (isset($_POST['location_address'])) {
     $address = sanitizeInput($_POST['location_address']);
 } elseif ($location_row) {
-    $address = $location_row['location_address'];
+    $address = mysqli_real_escape_string($mysqli, $location_row['location_address']);
 } else {
     $address = '';
 }
@@ -37,7 +37,7 @@ if (isset($_POST['location_address'])) {
 if (isset($_POST['location_city'])) {
     $city = sanitizeInput($_POST['location_city']);
 } elseif ($location_row) {
-    $city = $location_row['location_city'];
+    $city = mysqli_real_escape_string($mysqli, $location_row['location_city']);
 } else {
     $city = '';
 }
@@ -45,7 +45,7 @@ if (isset($_POST['location_city'])) {
 if (isset($_POST['location_state'])) {
     $state = sanitizeInput($_POST['location_state']);
 } elseif ($location_row) {
-    $state = $location_row['location_state'];
+    $state = mysqli_real_escape_string($mysqli, $location_row['location_state']);
 } else {
     $state = '';
 }
@@ -53,7 +53,7 @@ if (isset($_POST['location_state'])) {
 if (isset($_POST['location_zip'])) {
     $zip = sanitizeInput($_POST['location_zip']);
 } elseif ($location_row) {
-    $zip = $location_row['location_zip'];
+    $zip = mysqli_real_escape_string($mysqli, $location_row['location_zip']);
 } else {
     $zip = '';
 }
@@ -61,7 +61,7 @@ if (isset($_POST['location_zip'])) {
 if (isset($_POST['location_hours'])) {
     $hours = sanitizeInput($_POST['location_hours']);
 } elseif ($location_row) {
-    $hours = $location_row['location_hours'];
+    $hours = mysqli_real_escape_string($mysqli, $location_row['location_hours']);
 } else {
     $hours = '';
 }
@@ -69,7 +69,7 @@ if (isset($_POST['location_hours'])) {
 if (isset($_POST['location_notes'])) {
     $notes = sanitizeInput($_POST['location_notes']);
 } elseif ($location_row) {
-    $notes = $location_row['location_notes'];
+    $notes = mysqli_real_escape_string($mysqli, $location_row['location_notes']);
 } else {
     $notes = '';
 }

api/v1/payments/read.php

@@ -1,31 +0,0 @@
-<?php
-
-require_once '../validate_api_key.php';
-
-require_once '../require_get_method.php';
-
-
-// Payments aren't stored against client IDs, so we instead validate the API key is for All Clients
-
-
-if (isset($_GET['payment_id']) && $client_id == "%") {
-    // Payment via ID (single)
-
-    $id = intval($_GET['payment_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
-
-} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
-    // Payments for an invoice
-
-    $id = intval($_GET['payment_invoice_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
-
-} elseif ($client_id == "%") {
-    // All payments
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
-}
-
-// Output
-require_once "../read_output.php";
-

api/v1/tickets/ticket_model.php

@@ -21,7 +21,7 @@ if (isset($_POST['ticket_asset_id'])) {
 if (isset($_POST['ticket_subject'])) {
     $subject = sanitizeInput($_POST['ticket_subject']);
 } elseif ($ticket_row) {
-    $subject = $ticket_row['ticket_subject'];
+    $subject = mysqli_real_escape_string($mysqli, $ticket_row['ticket_subject']);
 } else {
     $subject = '';
 }
@@ -30,16 +30,16 @@ if (isset($_POST['ticket_subject'])) {
 if (isset($_POST['ticket_priority'])) {
     $priority = sanitizeInput($_POST['ticket_priority']);
 } elseif ($ticket_row) {
-    $priority = $ticket_row['ticket_priority'];
+    $priority = mysqli_real_escape_string($mysqli, $ticket_row['ticket_priority']);
 } else {
     $priority = 'Low';
 }
 
 
 if (isset($_POST['ticket_details'])) {
-    $details = mysqli_escape_string($mysqli, $_POST['ticket_details'] . "<br>");
+    $details = mysqli_real_escape_string($mysqli, $_POST['ticket_details'] . "<br>");
 } elseif ($ticket_row) {
-    $details = $ticket_row['ticket_details'];
+    $details = mysqli_real_escape_string($mysqli, $ticket_row['ticket_details']);
 } else {
     $details = '< blank ><br>';
 }

api/v1/update_output.php

@@ -16,7 +16,7 @@ if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
 // Query returned false: something went wrong, or it was declined due to required variables missing
 else {
     $return_arr['success'] = "False";
-    $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc).";
+    $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc) or no rows changed.";
 
     // Log any database/schema related errors to the PHP Error log
     if (mysqli_error($mysqli)) {

client/post.php

@@ -855,7 +855,7 @@ if (isset($_GET['create_stripe_checkout'])) {
 
 if (isset($_GET['stripe_save_card'])) {
 
-    validateCSRFToken($_GET['csrf_token']);
+    // validateCSRFToken($_GET['csrf_token']); Broken with Stripe Save Card JQ 2026-5-4
 
     if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
         redirect("post.php?logout");

cron/cron.php

@@ -105,13 +105,14 @@ logApp("Cron", "info", "Cron Started");
 mysqli_query($mysqli, "TRUNCATE TABLE ticket_views");
 
 // Clean-up shared items that have been used
-mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_views = item_view_limit");
+mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_view_limit > 0 AND item_views >= item_view_limit");
 
 // Clean-up shared items that have expired
 mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_expire_at < NOW()");
 
 // Invalidate any password reset links
 mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = NULL WHERE user_archived_at IS NULL");
+mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = NULL"); // TODO: Make this 'expired' tokens only when we actually use expiry
 
 // Clean-up old dismissed notifications
 mysqli_query($mysqli, "DELETE FROM notifications WHERE notification_dismissed_at < CURDATE() - INTERVAL 90 DAY");
@@ -524,7 +525,7 @@ if ($config_send_invoice_reminders == 1) {
 
             // Late Charges
 
-            if ($config_invoice_late_fee_enable == 1) {
+            if ($config_invoice_late_fee_enable == 1 && $day > 1) {
 
                 $todays_date = date('Y-m-d');
                 $late_fee_amount = ($invoice_amount * $config_invoice_late_fee_percent) / 100;

db.sql

@@ -449,9 +449,11 @@ DROP TABLE IF EXISTS `categories`;
 CREATE TABLE `categories` (
   `category_id` int(11) NOT NULL AUTO_INCREMENT,
   `category_name` varchar(200) NOT NULL,
+  `category_description` varchar(255) DEFAULT NULL,
   `category_type` varchar(200) NOT NULL,
   `category_color` varchar(200) DEFAULT NULL,
   `category_icon` varchar(200) DEFAULT NULL,
+  `category_order` int(11) NOT NULL DEFAULT 0,
   `category_parent` int(11) DEFAULT 0,
   `category_created_at` datetime NOT NULL DEFAULT current_timestamp(),
   `category_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
@@ -1293,8 +1295,6 @@ CREATE TABLE `invoice_items` (
   `item_archived_at` datetime DEFAULT NULL,
   `item_tax_id` int(11) NOT NULL DEFAULT 0,
   `item_product_id` int(11) NOT NULL DEFAULT 0,
-  `item_quote_id` int(11) NOT NULL DEFAULT 0,
-  `item_recurring_invoice_id` int(11) NOT NULL DEFAULT 0,
   `item_invoice_id` int(11) NOT NULL DEFAULT 0,
   PRIMARY KEY (`item_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@@ -2997,4 +2997,4 @@ CREATE TABLE `vendors` (
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2026-03-07 18:46:25
+-- Dump completed on 2026-04-04 18:13:53

includes/app_version.php

@@ -5,4 +5,4 @@
  * Update this file each time we merge develop into master. Format is YY.MM (add a .v if there is more than one release a month.
  */
 
-DEFINE("APP_VERSION", "26.03");
+DEFINE("APP_VERSION", "26.05");

includes/database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "2.4.2");
+DEFINE("LATEST_DATABASE_VERSION", "2.4.4");

includes/load_global_settings.php

@@ -135,28 +135,6 @@ $config_whitelabel_key = $row['config_whitelabel_key'];
 
 
 // Select Arrays
-
-$theme_colors_array = array (
-    'lightblue',
-    'blue',
-    'cyan',
-    'green',
-    'olive',
-    'teal',
-    'red',
-    'maroon',
-    'pink',
-    'purple',
-    'indigo',
-    'fuchsia',
-    'yellow',
-    'orange',
-    'yellow',
-    'black',
-    'navy',
-    'gray'
-);
-
 $colors_array = array (
     'lightblue',
     'blue',
@@ -180,29 +158,10 @@ $colors_array = array (
     'olive'
 );
 
-$net_terms_array = array (
-    '0'=>'On Receipt',
-    '7'=>'7 Days',
-    '10'=>'10 Days',
-    '15'=>'15 Days',
-    '30'=>'30 Days',
-    '45'=>'45 Days',
-    '60'=>'60 Days',
-    '90'=>'90 Days'
-);
-
 $records_per_page_array = array ('5','10','15','20','30','50','100');
 
 include_once "settings_localization_array.php";
 
-
-$category_types_array = array (
-    'Expense',
-    'Income',
-    'Payment Method',
-    'Referral'
-);
-
 $asset_types_array = array (
     'Laptop'=>'fa-laptop',
     'Desktop'=>'fa-desktop',
@@ -219,97 +178,3 @@ $asset_types_array = array (
     'Virtual Machine'=>'fa-cloud',
     'Other'=>'fa-tag'
 );
-
-$software_types_array = array (
-    'Software as a Service (SaaS)',
-    'Productivity Suites',
-    'Web Application',
-    'Desktop Application',
-    'Mobile Application',
-    'Security Software',
-    'System Software',
-    'Operating System',
-    'Other'
-);
-
-$license_types_array = array (
-    'Device',
-    'User'
-);
-
-$document_types_array = array (
-    '0'=>'Document',
-    '1'=>'Template',
-    '2'=>'Global Template'
-);
-
-$asset_status_array = array (
-    'Ready to Deploy',
-    'Deployed',
-    'Out for Repair',
-    'Lost',
-    'Stolen',
-    'Retired'
-);
-
-$ticket_status_array = array (
-    'Open',
-    'On Hold',
-    'Auto Close',
-    'Closed'
-);
-
-$industry_select_array = array(
-    "Accounting",
-    "Agriculture",
-    "Automotive",
-    "Construction",
-    "Education",
-    "Entertainent",
-    "Finance",
-    "Government",
-    "Healthcare",
-    "Hospititality",
-    "Information Technology",
-    "Insurance",
-    "Pharmacy",
-    "Law",
-    "Manufacturing",
-    "Marketing & Advertising",
-    "Military",
-    "Non-Profit",
-    "Real Estate",
-    "Retail",
-    "Services",
-    "Transportation",
-    "Other" // An 'Other' option for industries not listed
-);
-
-$start_page_select_array = array (
-    'dashboard.php'=>'Dashboard',
-    'clients.php'=> 'Client Management',
-    'tickets.php'=> 'Support Tickets',
-    'invoices.php' => 'Invoices'
-);
-
-$rack_type_select_array = array(
-    "Open Wall-Mount",
-    "Enclosed Wall-Mount",
-    "Open Floor-Standing",
-    "Enclosed Floor-Standing",
-    "Other"
-);
-
-$note_types_array = array (
-    'Call'=>'fa-phone-alt',
-    'Email'=>'fa-envelope',
-    'Meeting'=>'fa-handshake',
-    'In Person'=>'fa-people-arrows',
-    'Note'=>'fa-sticky-note'
-);
-
-$interface_types_array = array (
-    'Ethernet',
-    'SFP',
-    'WiFi'
-);

plugins/TCPDF/CHANGELOG.TXT

@@ -1,3 +1,8 @@
+6.11.3 (2026-04-21)
+	- Added deprecation notice.
+	- Improved composer.json.
+	- Added Makefile for common automation tasks.
+
 6.11.2 (2026-03-03)
 	- Refactor setCompression().