diff --git a/CHANGELOG.md b/CHANGELOG.md index b802af8a..04a0a3ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,44 @@ This file documents all notable changes made to ITFlow. +## [25.03.4] + +### Fixed +- Ability to remove additional assets from the ticket details screen. +- Fix the ability to remove assets from edit ticket not working when only 1 asset exists. +- Fix Database Backup corruption. +- Client Portal - show ticket number instead of ticket id in ticket listing. +- Add Purchase Reference to copy asset. +- Add Link to asset details from the global search. +- Fix Bulk assign ticket only showing contacts instead of ITFlow users. + + +## [25.03.3] + +### Fixed +- Fix adding ITFlow user. +- Do not alert on inactive recurring invoices. +- Fix ticket user assignment including bulk assignment. +- Fix adding a location phone extension. +- Do not default to +1 Country code, instead default to null. +- Do not format numbers unless a country code is entered. +- Fix editing network location. +- Fix ticket redaction on client replies. +- Remove more from user activity as it requires admin privledges. +- Fix MFA Enforcement page. + +## [25.03.2] + +### Fixed +- Revert DB.sql change + +## [25.03.1] + +### Fixed +- Phone number missing in various sections. +- Match Database. +- Client Export Only display licenses users and assets from the selected client only. + ## [25.03] ### Fixed diff --git a/admin_settings_company.php b/admin_settings_company.php index 3b9a3fc1..dceee89e 100644 --- a/admin_settings_company.php +++ b/admin_settings_company.php @@ -119,7 +119,7 @@ $company_initials = nullable_htmlentities(initials($company_name));
- + diff --git a/ajax/ajax_asset_copy.php b/ajax/ajax_asset_copy.php index dd648ce8..a491fb4d 100644 --- a/ajax/ajax_asset_copy.php +++ b/ajax/ajax_asset_copy.php @@ -364,6 +364,16 @@ ob_start(); +
+ +
+
+ +
+ +
+
+
diff --git a/ajax/ajax_contact_details.php b/ajax/ajax_contact_details.php index 4edce4a8..bd91b576 100644 --- a/ajax/ajax_contact_details.php +++ b/ajax/ajax_contact_details.php @@ -22,7 +22,7 @@ $contact_phone_country_code = nullable_htmlentities($row['contact_phone_country_ $contact_phone = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_phone_country_code)); $contact_extension = nullable_htmlentities($row['contact_extension']); $contact_mobile_country_code = nullable_htmlentities($row['contact_mobile_country_code']); -$contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_mobile_country_code)); +$contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_mobile'], $contact_mobile_country_code)); $contact_email = nullable_htmlentities($row['contact_email']); $contact_photo = nullable_htmlentities($row['contact_photo']); $contact_pin = nullable_htmlentities($row['contact_pin']); diff --git a/ajax/ajax_contact_edit.php b/ajax/ajax_contact_edit.php index 9e650361..86e7d73e 100644 --- a/ajax/ajax_contact_edit.php +++ b/ajax/ajax_contact_edit.php @@ -19,7 +19,7 @@ $contact_extension = nullable_htmlentities($row['contact_extension']); $contact_phone_country_code = nullable_htmlentities($row['contact_phone_country_code']); $contact_phone = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_phone_country_code)); $contact_mobile_country_code = nullable_htmlentities($row['contact_mobile_country_code']); -$contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_mobile_country_code)); +$contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_mobile'], $contact_mobile_country_code)); $contact_email = nullable_htmlentities($row['contact_email']); $contact_pin = nullable_htmlentities($row['contact_pin']); $contact_photo = nullable_htmlentities($row['contact_photo']); @@ -121,7 +121,7 @@ ob_start();
- " placeholder="Code" maxlength="4"> + " placeholder="+" maxlength="4">
@@ -141,7 +141,7 @@ ob_start();
- " placeholder="Code" maxlength="4"> + " placeholder="+" maxlength="4"> diff --git a/ajax/ajax_location_edit.php b/ajax/ajax_location_edit.php index 23098d95..fb84acbc 100644 --- a/ajax/ajax_location_edit.php +++ b/ajax/ajax_location_edit.php @@ -209,7 +209,7 @@ ob_start();
- " placeholder="Code" maxlength="4"> + @@ -229,7 +229,7 @@ ob_start();
- " placeholder="Code" maxlength="4"> + diff --git a/ajax/ajax_network_edit.php b/ajax/ajax_network_edit.php index fb53f4b0..71b6139d 100644 --- a/ajax/ajax_network_edit.php +++ b/ajax/ajax_network_edit.php @@ -90,7 +90,7 @@ ob_start(); $location_id = intval($row['location_id']); $location_name = nullable_htmlentities($row['location_name']); ?> - - - - -
@@ -44,7 +37,7 @@ ob_start();
- +
diff --git a/ajax/ajax_vendor_edit.php b/ajax/ajax_vendor_edit.php index 27c84742..b4be05c1 100644 --- a/ajax/ajax_vendor_edit.php +++ b/ajax/ajax_vendor_edit.php @@ -127,7 +127,7 @@ ob_start();
- " placeholder="Code" maxlength="4"> + diff --git a/client/ticket_view_all.php b/client/ticket_view_all.php index 50812f3b..5c33edf2 100644 --- a/client/ticket_view_all.php +++ b/client/ticket_view_all.php @@ -62,7 +62,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT ticket_id, ticket_prefix, ticket_nu $ticket_contact_name = nullable_htmlentities($row['contact_name']); echo ""; - echo " $ticket_prefix$ticket_id"; + echo " $ticket_prefix$ticket_number"; echo " $ticket_subject"; echo "$ticket_contact_name"; echo "$ticket_status"; diff --git a/contact_details.php b/contact_details.php index f77f7051..f77ff726 100644 --- a/contact_details.php +++ b/contact_details.php @@ -32,7 +32,7 @@ if (isset($_GET['contact_id'])) { $contact_phone = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_phone_country_code)); $contact_extension = nullable_htmlentities($row['contact_extension']); $contact_mobile_country_code = nullable_htmlentities($row['contact_mobile_country_code']); - $contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_mobile_country_code)); + $contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_mobile'], $contact_mobile_country_code)); $contact_email = nullable_htmlentities($row['contact_email']); $contact_photo = nullable_htmlentities($row['contact_photo']); $contact_pin = nullable_htmlentities($row['contact_pin']); diff --git a/database_updates.php b/database_updates.php index 1cc29ceb..3a7a593e 100644 --- a/database_updates.php +++ b/database_updates.php @@ -3424,10 +3424,43 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.1.2'"); } - // if (CURRENT_DATABASE_VERSION == '2.1.2') { - // // Insert queries here required to update to DB version 2.1.3 + if (CURRENT_DATABASE_VERSION == '2.1.2') { + + // Update country_code to NULL for `contacts` table + mysqli_query($mysqli, "ALTER TABLE `contacts` MODIFY `contact_phone_country_code` VARCHAR(10) DEFAULT NULL"); + mysqli_query($mysqli, "ALTER TABLE `contacts` MODIFY `contact_mobile_country_code` VARCHAR(10) DEFAULT NULL"); + + // Update country_code to NULL for `locations` table + mysqli_query($mysqli, "ALTER TABLE `locations` MODIFY `location_phone_country_code` VARCHAR(10) DEFAULT NULL"); + mysqli_query($mysqli, "ALTER TABLE `locations` MODIFY `location_fax_country_code` VARCHAR(10) DEFAULT NULL"); + + // Update country_code to NULL for `vendors` table + mysqli_query($mysqli, "ALTER TABLE `vendors` MODIFY `vendor_phone_country_code` VARCHAR(10) DEFAULT NULL"); + + // Update country_code to NULL for `companies` table + mysqli_query($mysqli, "ALTER TABLE `companies` MODIFY `company_phone_country_code` VARCHAR(10) DEFAULT NULL"); + + // Set country_code to NULL for `contacts` table + mysqli_query($mysqli, "UPDATE `contacts` SET `contact_phone_country_code` = NULL"); + mysqli_query($mysqli, "UPDATE `contacts` SET `contact_mobile_country_code` = NULL"); + + // Set country_code to NULL for `locations` table + mysqli_query($mysqli, "UPDATE `locations` SET `location_phone_country_code` = NULL"); + mysqli_query($mysqli, "UPDATE `locations` SET `location_fax_country_code` = NULL"); + + // Set country_code to NULL for `vendors` table + mysqli_query($mysqli, "UPDATE `vendors` SET `vendor_phone_country_code` = NULL"); + + // Set country_code to NULL for `companies` table + mysqli_query($mysqli, "UPDATE `companies` SET `company_phone_country_code` = NULL"); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.1.3'"); + } + + // if (CURRENT_DATABASE_VERSION == '2.1.3') { + // // Insert queries here required to update to DB version 2.1.4 // // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.1.3'"); + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.1.4'"); // } } else { diff --git a/db.sql b/db.sql index e7e25b7d..bfb82256 100644 --- a/db.sql +++ b/db.sql @@ -546,7 +546,7 @@ CREATE TABLE `companies` ( `company_state` varchar(200) DEFAULT NULL, `company_zip` varchar(200) DEFAULT NULL, `company_country` varchar(200) DEFAULT NULL, - `company_phone_country_code` varchar(10) DEFAULT '1', + `company_phone_country_code` varchar(10) DEFAULT NULL, `company_phone` varchar(200) DEFAULT NULL, `company_email` varchar(200) DEFAULT NULL, `company_website` varchar(200) DEFAULT NULL, @@ -680,10 +680,10 @@ CREATE TABLE `contacts` ( `contact_name` varchar(200) NOT NULL, `contact_title` varchar(200) DEFAULT NULL, `contact_email` varchar(200) DEFAULT NULL, - `contact_phone_country_code` varchar(10) DEFAULT '1', + `contact_phone_country_code` varchar(10) DEFAULT NULL, `contact_phone` varchar(200) DEFAULT NULL, `contact_extension` varchar(200) DEFAULT NULL, - `contact_mobile_country_code` varchar(10) DEFAULT '1', + `contact_mobile_country_code` varchar(10) DEFAULT NULL, `contact_mobile` varchar(200) DEFAULT NULL, `contact_photo` varchar(200) DEFAULT NULL, `contact_pin` varchar(255) DEFAULT NULL, @@ -1115,10 +1115,10 @@ CREATE TABLE `locations` ( `location_city` varchar(200) DEFAULT NULL, `location_state` varchar(200) DEFAULT NULL, `location_zip` varchar(200) DEFAULT NULL, - `location_phone_country_code` varchar(10) DEFAULT '1', + `location_phone_country_code` varchar(10) DEFAULT NULL, `location_phone` varchar(200) DEFAULT NULL, `location_phone_extension` varchar(10) DEFAULT NULL, - `location_fax_country_code` varchar(10) DEFAULT '1', + `location_fax_country_code` varchar(10) DEFAULT NULL, `location_fax` varchar(200) DEFAULT NULL, `location_hours` varchar(200) DEFAULT NULL, `location_photo` varchar(200) DEFAULT NULL, @@ -2468,7 +2468,7 @@ CREATE TABLE `vendors` ( `vendor_name` varchar(200) NOT NULL, `vendor_description` varchar(200) DEFAULT NULL, `vendor_contact_name` varchar(200) DEFAULT NULL, - `vendor_phone_country_code` varchar(10) DEFAULT '1', + `vendor_phone_country_code` varchar(10) DEFAULT NULL, `vendor_phone` varchar(200) DEFAULT NULL, `vendor_extension` varchar(200) DEFAULT NULL, `vendor_email` varchar(200) DEFAULT NULL, @@ -2498,4 +2498,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2025-03-26 11:13:46 +-- Dump completed on 2025-03-31 12:05:41 diff --git a/functions.php b/functions.php index aac5502c..31008b8d 100644 --- a/functions.php +++ b/functions.php @@ -194,140 +194,161 @@ function truncate($text, $chars) { } function formatPhoneNumber($phoneNumber, $country_code = '', $show_country_code = false) { - // Remove all non-digit characters $digits = preg_replace('/\D/', '', $phoneNumber); $formatted = ''; + // If no digits at all, fallback early + if (strlen($digits) === 0) { + return $phoneNumber; + } + + // Helper function to safely check the first digit + $startsWith = function($str, $char) { + return isset($str[0]) && $str[0] === $char; + }; + switch ($country_code) { - case '1': // USA/Canada — (123) 456-7890 + case '1': // USA/Canada if (strlen($digits) === 10) { $formatted = '(' . substr($digits, 0, 3) . ') ' . substr($digits, 3, 3) . '-' . substr($digits, 6); } break; - case '44': // UK — 07123 456 789 - if ($digits[0] === '0') $digits = substr($digits, 1); + case '44': // UK + if ($startsWith($digits, '0')) { + $digits = substr($digits, 1); + } if (strlen($digits) === 10) { $formatted = '0' . substr($digits, 0, 4) . ' ' . substr($digits, 4, 3) . ' ' . substr($digits, 7); } break; - case '61': // Australia — 0412 345 678 - if ($digits[0] === '0') $digits = substr($digits, 1); + case '61': // Australia + if ($startsWith($digits, '0')) { + $digits = substr($digits, 1); + } if (strlen($digits) === 9) { $formatted = '0' . substr($digits, 0, 4) . ' ' . substr($digits, 4, 3) . ' ' . substr($digits, 7); } break; - case '91': // India — 91234 56789 + case '91': // India if (strlen($digits) === 10) { $formatted = substr($digits, 0, 5) . ' ' . substr($digits, 5); } break; - case '81': // Japan — 03-1234-5678 - if ($digits[0] === '0') $digits = substr($digits, 1); + case '81': // Japan + if ($startsWith($digits, '0')) { + $digits = substr($digits, 1); + } if (strlen($digits) >= 9 && strlen($digits) <= 10) { $formatted = '0' . substr($digits, 0, 2) . '-' . substr($digits, 2, 4) . '-' . substr($digits, 6); } break; - case '49': // Germany — 030 12345678 - if ($digits[0] === '0') $digits = substr($digits, 1); + case '49': // Germany + if ($startsWith($digits, '0')) { + $digits = substr($digits, 1); + } if (strlen($digits) >= 10) { $formatted = '0' . substr($digits, 0, 3) . ' ' . substr($digits, 3); } break; - case '33': // France — 01 23 45 67 89 - if ($digits[0] === '0') $digits = substr($digits, 1); + case '33': // France + if ($startsWith($digits, '0')) { + $digits = substr($digits, 1); + } if (strlen($digits) === 9) { $formatted = '0' . implode(' ', str_split($digits, 2)); } break; - case '34': // Spain — 612 345 678 + case '34': // Spain if (strlen($digits) === 9) { $formatted = substr($digits, 0, 3) . ' ' . substr($digits, 3, 3) . ' ' . substr($digits, 6); } break; - case '39': // Italy — 312 345 6789 - if ($digits[0] === '0') $digits = substr($digits, 1); + case '39': // Italy + if ($startsWith($digits, '0')) { + $digits = substr($digits, 1); + } $formatted = '0' . implode(' ', str_split($digits, 3)); break; - case '55': // Brazil — (11) 91234-5678 + case '55': // Brazil if (strlen($digits) === 11) { $formatted = '(' . substr($digits, 0, 2) . ') ' . substr($digits, 2, 5) . '-' . substr($digits, 7); } break; - case '7': // Russia — 8 (912) 345-67-89 - if ($digits[0] === '8') $digits = substr($digits, 1); + case '7': // Russia + if ($startsWith($digits, '8')) { + $digits = substr($digits, 1); + } if (strlen($digits) === 10) { $formatted = '8 (' . substr($digits, 0, 3) . ') ' . substr($digits, 3, 3) . '-' . substr($digits, 6, 2) . '-' . substr($digits, 8); } break; - case '86': // China — 138 0013 8000 + case '86': // China if (strlen($digits) === 11) { $formatted = substr($digits, 0, 3) . ' ' . substr($digits, 3, 4) . ' ' . substr($digits, 7); } break; - case '82': // South Korea — 010-1234-5678 + case '82': // South Korea if (strlen($digits) === 11) { $formatted = substr($digits, 0, 3) . '-' . substr($digits, 3, 4) . '-' . substr($digits, 7); } break; - case '62': // Indonesia — 0812 3456 7890 - if ($digits[0] !== '0') $digits = '0' . $digits; + case '62': // Indonesia + if (!$startsWith($digits, '0')) { + $digits = '0' . $digits; + } if (strlen($digits) === 12) { $formatted = substr($digits, 0, 4) . ' ' . substr($digits, 4, 4) . ' ' . substr($digits, 8); } break; - case '63': // Philippines — 0912 345 6789 + case '63': // Philippines if (strlen($digits) === 11) { $formatted = substr($digits, 0, 4) . ' ' . substr($digits, 4, 3) . ' ' . substr($digits, 7); } break; - case '234': // Nigeria — 0801 234 5678 - if ($digits[0] !== '0') $digits = '0' . $digits; + case '234': // Nigeria + if (!$startsWith($digits, '0')) { + $digits = '0' . $digits; + } if (strlen($digits) === 11) { $formatted = substr($digits, 0, 4) . ' ' . substr($digits, 4, 3) . ' ' . substr($digits, 7); } break; - case '27': // South Africa — 082 123 4567 + case '27': // South Africa if (strlen($digits) >= 9 && strlen($digits) <= 10) { $formatted = substr($digits, 0, 3) . ' ' . substr($digits, 3, 3) . ' ' . substr($digits, 6); } break; - case '971': // UAE — 050 123 4567 + case '971': // UAE if (strlen($digits) === 9) { $formatted = substr($digits, 0, 3) . ' ' . substr($digits, 3, 3) . ' ' . substr($digits, 6); } break; default: - // If no match, do nothing here and use fallback below + // fallback — do nothing, use raw digits later break; } - // Fallback if formatting failed - if (!$formatted && strlen($digits) >= 7) { - $formatted = substr($digits, 0, 3) . ' ' . substr($digits, 3, 3) . ' ' . substr($digits, 6); - } - - // Still no formatting? Use raw digits if (!$formatted) { - $formatted = $digits ?: $phoneNumber; // Use original input if digits are empty + $formatted = $digits ?: $phoneNumber; } return $show_country_code && $country_code ? "+$country_code $formatted" : $formatted; diff --git a/global_search.php b/global_search.php index 045c6ed5..7e64d5d3 100644 --- a/global_search.php +++ b/global_search.php @@ -721,7 +721,6 @@ if (isset($_GET['query'])) { } else { $asset_serial_display = $asset_serial; } - $asset_mac = nullable_htmlentities($row['asset_mac']); $asset_uri = nullable_htmlentities($row['asset_uri']); $asset_status = nullable_htmlentities($row['asset_status']); $asset_created_at = nullable_htmlentities($row['asset_created_at']); @@ -746,9 +745,9 @@ if (isset($_GET['query'])) { ?> - + - + diff --git a/includes/app_version.php b/includes/app_version.php index 956cbfa0..f7d4a284 100644 --- a/includes/app_version.php +++ b/includes/app_version.php @@ -5,4 +5,4 @@ * Update this file each time we merge develop into master. Format is YY.MM (add a .v if there is more than one release a month. */ -DEFINE("APP_VERSION", "25.03"); +DEFINE("APP_VERSION", "25.03.4"); diff --git a/includes/database_version.php b/includes/database_version.php index 021f1386..66ba4bf3 100644 --- a/includes/database_version.php +++ b/includes/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "2.1.2"); +DEFINE("LATEST_DATABASE_VERSION", "2.1.3"); diff --git a/mfa_enforcement.php b/mfa_enforcement.php index 74c0a40c..289ef2fb 100644 --- a/mfa_enforcement.php +++ b/mfa_enforcement.php @@ -1,7 +1,7 @@ - +
-
+
- + +
-
- +
+
+ +
diff --git a/modals/client_add_modal.php b/modals/client_add_modal.php index a83d4cd9..4aba1450 100644 --- a/modals/client_add_modal.php +++ b/modals/client_add_modal.php @@ -208,7 +208,7 @@
- +
@@ -228,7 +228,7 @@
- + @@ -267,7 +267,7 @@
- + @@ -287,7 +287,7 @@
- + diff --git a/modals/contact_add_modal.php b/modals/contact_add_modal.php index a10fd71f..9586d709 100644 --- a/modals/contact_add_modal.php +++ b/modals/contact_add_modal.php @@ -101,7 +101,7 @@
- + @@ -121,7 +121,7 @@
- + diff --git a/modals/location_add_modal.php b/modals/location_add_modal.php index b12e3a1e..cdd43b99 100644 --- a/modals/location_add_modal.php +++ b/modals/location_add_modal.php @@ -184,7 +184,7 @@
- + @@ -204,7 +204,7 @@
- + diff --git a/modals/ticket_add_watcher_modal.php b/modals/ticket_add_watcher_modal.php index c1c47e53..ab6a1cf3 100644 --- a/modals/ticket_add_watcher_modal.php +++ b/modals/ticket_add_watcher_modal.php @@ -21,7 +21,7 @@ - + diff --git a/post/admin/admin_backup.php b/post/admin/admin_backup.php index dfb0509a..7ad9fde8 100644 --- a/post/admin/admin_backup.php +++ b/post/admin/admin_backup.php @@ -7,84 +7,68 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_GET['download_database'])) { - validateCSRFToken($_GET['csrf_token']); - // Get All Table Names From the Database - $tables = array(); - $sql = "SHOW TABLES"; - $result = mysqli_query($mysqli, $sql); + global $mysqli, $database; - while ($row = mysqli_fetch_row($result)) { + $backupFileName = date('Y-m-d_H-i-s') . '_backup.sql'; + + header('Content-Type: application/sql'); + header('Content-Disposition: attachment; filename="' . $backupFileName . '"'); + header('Cache-Control: no-store, no-cache, must-revalidate'); + header('Pragma: no-cache'); + header('Expires: 0'); + + if (ob_get_level()) ob_end_clean(); + flush(); + + // Start of dump file — charset declaration + echo "-- UTF-8 + Foreign Key Safe Dump\n"; + echo "SET NAMES 'utf8mb4';\n"; + echo "SET foreign_key_checks = 0;\n\n"; + + // Get all tables + $tables = []; + $res = $mysqli->query("SHOW TABLES"); + while ($row = $res->fetch_row()) { $tables[] = $row[0]; } - $sqlScript = ""; foreach ($tables as $table) { + // Table structure + $createRes = $mysqli->query("SHOW CREATE TABLE `$table`"); + $createRow = $createRes->fetch_assoc(); + $createSQL = array_values($createRow)[1]; - // Prepare SQLscript for creating table structure - $query = "SHOW CREATE TABLE $table"; - $result = mysqli_query($mysqli, $query); - $row = mysqli_fetch_row($result); + echo "\n-- ----------------------------\n"; + echo "-- Table structure for `$table`\n"; + echo "-- ----------------------------\n"; + echo "DROP TABLE IF EXISTS `$table`;\n"; + echo $createSQL . ";\n\n"; - $sqlScript .= "\n\n" . $row[1] . ";\n\n"; + // Table data + $dataRes = $mysqli->query("SELECT * FROM `$table`"); + if ($dataRes->num_rows > 0) { + echo "-- Dumping data for table `$table`\n"; + while ($row = $dataRes->fetch_assoc()) { + $columns = array_map(fn($col) => '`' . $mysqli->real_escape_string($col) . '`', array_keys($row)); + $values = array_map(function ($val) use ($mysqli) { + if (is_null($val)) return "NULL"; + return "'" . $mysqli->real_escape_string($val) . "'"; + }, array_values($row)); - - $query = "SELECT * FROM $table"; - $result = mysqli_query($mysqli, $query); - - $columnCount = mysqli_num_fields($result); - - // Prepare SQLscript for dumping data for each table - for ($i = 0; $i < $columnCount; $i ++) { - while ($row = mysqli_fetch_row($result)) { - $sqlScript .= "INSERT INTO $table VALUES("; - for ($j = 0; $j < $columnCount; $j ++) { - - if (isset($row[$j])) { - $sqlScript .= '"' . $row[$j] . '"'; - } else { - $sqlScript .= '""'; - } - if ($j < ($columnCount - 1)) { - $sqlScript .= ','; - } - } - $sqlScript .= ");\n"; + echo "INSERT INTO `$table` (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $values) . ");\n"; } + echo "\n"; } - - $sqlScript .= "\n"; } - if (!empty($sqlScript)) { - - $company_name = $session_company_name; - // Save the SQL script to a backup file - $backup_file_name = date('Y-m-d') . '_ITFlow_backup.sql'; - $fileHandler = fopen($backup_file_name, 'w+'); - $number_of_lines = fwrite($fileHandler, $sqlScript); - fclose($fileHandler); - - // Download the SQL backup file to the browser - header('Content-Description: File Transfer'); - header('Content-Type: application/octet-stream'); - header('Content-Disposition: attachment; filename=' . basename($backup_file_name)); - header('Content-Transfer-Encoding: binary'); - header('Expires: 0'); - header('Cache-Control: must-revalidate'); - header('Pragma: public'); - header('Content-Length: ' . filesize($backup_file_name)); - ob_clean(); - flush(); - readfile($backup_file_name); - exec('rm ' . $backup_file_name); - } - - // Logging - logAction("Database", "Download", "$session_name downloaded the database"); + //FINAL STEP: Re-enable foreign key checks + echo "\nSET foreign_key_checks = 1;\n"; + logAction("Database", "Download", "$session_name downloaded the database."); $_SESSION['alert_message'] = "Database downloaded"; + exit; } if (isset($_POST['backup_master_key'])) { diff --git a/post/admin/admin_settings_company.php b/post/admin/admin_settings_company.php index 5f11db43..3df3c4a1 100644 --- a/post/admin/admin_settings_company.php +++ b/post/admin/admin_settings_company.php @@ -12,6 +12,7 @@ if (isset($_POST['edit_company'])) { $state = sanitizeInput($_POST['state']); $zip = sanitizeInput($_POST['zip']); $country = sanitizeInput($_POST['country']); + $phone_country_code = preg_replace("/[^0-9]/", '',$_POST['phone_country_code']); $phone = preg_replace("/[^0-9]/", '',$_POST['phone']); $email = sanitizeInput($_POST['email']); $website = sanitizeInput($_POST['website']); @@ -40,7 +41,7 @@ if (isset($_POST['edit_company'])) { } } - mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1"); + mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone_country_code = '$phone_country_code', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1"); // Logging logAction("Settings", "Edit", "$session_name edited company details"); diff --git a/post/admin/admin_user.php b/post/admin/admin_user.php index 632fd083..862e4ea4 100644 --- a/post/admin/admin_user.php +++ b/post/admin/admin_user.php @@ -15,7 +15,7 @@ if (isset($_POST['add_user'])) { $password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT); $user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($_POST['password'])); - mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' user_role_id = $role"); + mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext', user_role_id = $role"); $user_id = mysqli_insert_id($mysqli); @@ -217,7 +217,7 @@ if (isset($_GET['disable_user'])) { // Un-assign tickets mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = 0 WHERE ticket_assigned_to = $user_id AND ticket_closed_at IS NULL"); - mysqli_query($mysqli, "UPDATE scheduled_tickets SET scheduled_ticket_assigned_to = 0 WHERE scheduled_ticket_assigned_to = $user_id"); + mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_assigned_to = 0 WHERE recurring_ticket_assigned_to = $user_id"); // Logging logAction("User", "Disable", "$session_name disabled user $name", 0, $user_id); diff --git a/post/user/client.php b/post/user/client.php index 4ab99da6..ff2c194e 100644 --- a/post/user/client.php +++ b/post/user/client.php @@ -54,7 +54,7 @@ if (isset($_POST['add_client'])) { // Create Location if (!empty($location_phone) || !empty($address) || !empty($city) || !empty($state) || !empty($zip)) { - mysqli_query($mysqli, "INSERT INTO locations SET location_name = 'Primary', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$location_phone_country_code', location_phone = '$location_phone', location_extension = '$location_extension', location_fax_country_code = '$location_fax_country_code', location_fax = '$location_fax', location_country = '$country', location_primary = 1, location_client_id = $client_id"); + mysqli_query($mysqli, "INSERT INTO locations SET location_name = 'Primary', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$location_phone_country_code', location_phone = '$location_phone', location_phone_extension = '$location_extension', location_fax_country_code = '$location_fax_country_code', location_fax = '$location_fax', location_country = '$country', location_primary = 1, location_client_id = $client_id"); //Extended Logging $extended_log_description .= ", primary location $address added"; @@ -641,7 +641,7 @@ if (isset($_POST["export_client_pdf"])) { $contact_phone = nullable_htmlentities(formatPhoneNumber($row["contact_phone"], $contact_phone_country_code)); $contact_extension = nullable_htmlentities($row["contact_extension"]); $contact_mobile_country_code = nullable_htmlentities($row["contact_mobile_country_code"]); - $contact_mobile = nullable_htmlentities(formatPhoneNumber($row["contact_phone"], $contact_mobile_country_code)); + $contact_mobile = nullable_htmlentities(formatPhoneNumber($row["contact_mobile"], $contact_mobile_country_code)); $contact_email = nullable_htmlentities($row["contact_email"]); $client_website = nullable_htmlentities($row["client_website"]); @@ -716,6 +716,8 @@ if (isset($_POST["export_client_pdf"])) { software ON software_contacts.software_id = software.software_id WHERE software_archived_at IS NULL AND contact_archived_at IS NULL + AND software_client_id = $client_id + AND contact_client_id = $client_id ORDER BY contact_name, software_name;" ); @@ -732,6 +734,8 @@ if (isset($_POST["export_client_pdf"])) { software ON software_assets.software_id = software.software_id WHERE software_archived_at IS NULL AND asset_archived_at IS NULL + AND software_client_id = $client_id + AND asset_client_id = $client_id ORDER BY asset_name, software_name;" ); @@ -825,7 +829,7 @@ if (isset($_POST["export_client_pdf"])) { $contact_extension = "x$contact_extension"; } $contact_mobile_country_code = nullable_htmlentities($row["contact_mobile_country_code"]); - $contact_mobile = nullable_htmlentities(formatPhoneNumber($row["contact_phone"], $contact_mobile_country_code)); + $contact_mobile = nullable_htmlentities(formatPhoneNumber($row["contact_mobile"], $contact_mobile_country_code)); $html .= " $contact_name diff --git a/post/user/contact.php b/post/user/contact.php index 1d4552c3..1d70ef05 100644 --- a/post/user/contact.php +++ b/post/user/contact.php @@ -122,7 +122,7 @@ if (isset($_POST['edit_contact'])) { } - mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone_country_code = '$phone_country_code', contact_phone = '$phone', contact_extension = '$extension', contact_mobile_country_code = '$phone_country_code', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id, contact_user_id = $contact_user_id WHERE contact_id = $contact_id"); + mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone_country_code = '$phone_country_code', contact_phone = '$phone', contact_extension = '$extension', contact_mobile_country_code = '$mobile_country_code', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id, contact_user_id = $contact_user_id WHERE contact_id = $contact_id"); // Upload Photo if (isset($_FILES['file']['tmp_name'])) { diff --git a/post/user/location.php b/post/user/location.php index b4d150bc..087215b1 100644 --- a/post/user/location.php +++ b/post/user/location.php @@ -17,7 +17,7 @@ if(isset($_POST['add_location'])){ mkdir("uploads/clients/$client_id"); } - mysqli_query($mysqli,"INSERT INTO locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone = '$phone', location_phone_extension = '$extension', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact, location_client_id = $client_id"); + mysqli_query($mysqli,"INSERT INTO locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact, location_client_id = $client_id"); $location_id = mysqli_insert_id($mysqli); @@ -79,7 +79,7 @@ if(isset($_POST['edit_location'])){ mkdir("uploads/clients/$client_id"); } - mysqli_query($mysqli,"UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone = '$phone', location_phone_extension = '$extension', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact WHERE location_id = $location_id"); + mysqli_query($mysqli,"UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_phone_country_code = '$phone_country_code', location_phone = '$phone', location_phone_extension = '$extension', location_fax_country_code = '$fax_country_code', location_fax = '$fax', location_hours = '$hours', location_notes = '$notes', location_contact_id = $contact WHERE location_id = $location_id"); // Update Primay location in clients if primary location is checked if ($location_primary == 1) { diff --git a/post/user/location_model.php b/post/user/location_model.php index 6b33250c..a62147f8 100644 --- a/post/user/location_model.php +++ b/post/user/location_model.php @@ -10,8 +10,10 @@ $city = sanitizeInput($_POST['city']); $state = sanitizeInput($_POST['state']); $zip = sanitizeInput($_POST['zip']); $phone = preg_replace("/[^0-9]/", '',$_POST['phone']); +$phone_country_code = preg_replace("/[^0-9]/", '',$_POST['phone_country_code']); $extension = preg_replace("/[^0-9]/", '',$_POST['extension']); $fax = preg_replace("/[^0-9]/", '',$_POST['fax']); +$fax_country_code = preg_replace("/[^0-9]/", '',$_POST['fax_country_code']); $hours = sanitizeInput($_POST['hours']); $notes = sanitizeInput($_POST['notes']); $contact = intval($_POST['contact'] ?? 0); diff --git a/post/user/ticket.php b/post/user/ticket.php index 6b283571..c40f46ec 100644 --- a/post/user/ticket.php +++ b/post/user/ticket.php @@ -203,6 +203,10 @@ if (isset($_POST['edit_ticket'])) { $additional_asset_id = intval($additional_asset); mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); } + } else { + // If no additional assets are provided, delete them all + // This handles cases where the assets input might be cleared or not set at all. + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); } // Get contact/ticket details after update for logging / email purposes @@ -494,6 +498,41 @@ if (isset($_GET['delete_ticket_watcher'])) { header("Location: " . $_SERVER["HTTP_REFERER"]); } +if (isset($_GET['delete_ticket_additional_asset'])) { + + enforceUserPermission('module_support', 2); + + $asset_id = intval($_GET['delete_ticket_additional_asset']); + $ticket_id = intval($_GET['ticket_id']); + + // Get ticket / asset details for logging + $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets + JOIN tickets ON ticket_id = $ticket_id + JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE asset_id = $asset_id" + ); + $row = mysqli_fetch_array($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status_name = sanitizeInput($row['ticket_status_name']); + $asset_name = sanitizeInput($row['asset_name']); + $client_id = intval($row['ticket_client_id']); + + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id"); + + // History + mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id"); + + // Logging + logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Removed asset $asset_name from ticket."; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + if (isset($_POST['edit_ticket_asset'])) { enforceUserPermission('module_support', 2); @@ -576,7 +615,7 @@ if (isset($_POST['assign_ticket'])) { $agent_name = "No One"; } else { // Get & verify assigned agent details - $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assigned_to AND user_settings.user_role > 1"); + $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to"); $agent_details = mysqli_fetch_array($agent_details_sql); $agent_name = sanitizeInput($agent_details['user_name']); @@ -732,7 +771,7 @@ if (isset($_POST['bulk_assign_ticket'])) { $agent_name = "No One"; } else { // Get & verify assigned agent details - $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to AND user_settings.user_role > 1"); + $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to"); $agent_details = mysqli_fetch_array($agent_details_sql); $agent_name = sanitizeInput($agent_details['user_name']); @@ -1572,6 +1611,25 @@ if (isset($_POST['edit_ticket_reply'])) { header("Location: " . $_SERVER["HTTP_REFERER"]); } +if (isset($_POST['redact_ticket_reply'])) { + + enforceUserPermission('module_support', 2); + + $ticket_reply_id = intval($_POST['ticket_reply_id']); + $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); + + $client_id = intval($_POST['client_id']); + + mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id"); + + // Logging + logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id); + + $_SESSION['alert_message'] = "Ticket reply redacted"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + if (isset($_GET['archive_ticket_reply'])) { enforceUserPermission('module_support', 2); diff --git a/recurring_invoice.php b/recurring_invoice.php index 5bd578c6..a510f522 100644 --- a/recurring_invoice.php +++ b/recurring_invoice.php @@ -164,7 +164,7 @@ if (isset($_GET['recurring_invoice_id'])) { Force Send
- + Delete diff --git a/recurring_invoices.php b/recurring_invoices.php index 7bcda6f2..2df9bf03 100644 --- a/recurring_invoices.php +++ b/recurring_invoices.php @@ -257,7 +257,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- + Delete diff --git a/scripts/cron.php b/scripts/cron.php index a4506389..bca02acd 100644 --- a/scripts/cron.php +++ b/scripts/cron.php @@ -879,7 +879,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) { } //End Recurring Invoices Loop // Flag any active recurring "next run" dates that are in the past -$sql_invalid_recurring_invoices = mysqli_query($mysqli, "SELECT * FROM recurring_invoices WHERE recurring_invoice_next_date < CURDATE()"); +$sql_invalid_recurring_invoices = mysqli_query($mysqli, "SELECT * FROM recurring_invoices WHERE recurring_invoice_next_date < CURDATE() AND recurring_invoice_status = 1"); while ($row = mysqli_fetch_array($sql_invalid_recurring_invoices)) { $invoice_prefix = sanitizeInput($row['recurring_invoice_prefix']); $invoice_number = intval($row['recurring_invoice_number']); diff --git a/ticket.php b/ticket.php index 5155ab17..3b28d0f2 100644 --- a/ticket.php +++ b/ticket.php @@ -1058,6 +1058,11 @@ if (isset($_GET['ticket_id'])) { data-ajax-id=""> + + + + + -
- ">See More... -
+ +
+ ">See More... +
+
@@ -86,9 +88,11 @@ $sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs ?> -
- See More... -
+ +
+ See More... +
+