Johnny
+10
-1
@@ -7,6 +7,14 @@ if (isset($_GET['client_id'])) {
|
||||
require_once "includes/inc_all.php";
|
||||
}
|
||||
|
||||
// Perms
|
||||
enforceUserPermission('module_sales');
|
||||
$invoice_permission_snippet = '';
|
||||
if (!empty($client_access_string)) {
|
||||
$invoice_permission_snippet = "AND invoice_client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
|
||||
if (isset($_GET['invoice_id'])) {
|
||||
|
||||
$invoice_id = intval($_GET['invoice_id']);
|
||||
@@ -17,7 +25,8 @@ if (isset($_GET['invoice_id'])) {
|
||||
LEFT JOIN clients ON invoice_client_id = client_id
|
||||
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
|
||||
LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1
|
||||
WHERE invoice_id = $invoice_id"
|
||||
WHERE invoice_id = $invoice_id
|
||||
$invoice_permission_snippet"
|
||||
);
|
||||
|
||||
if (mysqli_num_rows($sql) == 0) {
|
||||
|
||||
@@ -17,6 +17,10 @@ if (isset($_GET['client_id'])) {
|
||||
|
||||
// Perms
|
||||
enforceUserPermission('module_sales');
|
||||
$invoice_permission_snippet = '';
|
||||
if (!empty($client_access_string)) {
|
||||
$invoice_permission_snippet = "AND invoice_client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' $client_query"));
|
||||
$sent_count = $row['num'];
|
||||
@@ -94,6 +98,7 @@ $sql = mysqli_query(
|
||||
$overdue_query
|
||||
AND DATE(invoice_date) BETWEEN '$dtf' AND '$dtt'
|
||||
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%')
|
||||
$invoice_permission_snippet
|
||||
$client_query
|
||||
ORDER BY $sort $order LIMIT $record_from, $record_to"
|
||||
);
|
||||
|
||||
@@ -7,6 +7,13 @@ if (isset($_GET['client_id'])) {
|
||||
require_once "includes/inc_all.php";
|
||||
}
|
||||
|
||||
// Perms
|
||||
enforceUserPermission('module_sales');
|
||||
$quote_permission_snippet = '';
|
||||
if (!empty($client_access_string)) {
|
||||
$quote_permission_snippet = "AND quote_client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
if (isset($_GET['quote_id'])) {
|
||||
|
||||
$quote_id = intval($_GET['quote_id']);
|
||||
@@ -17,7 +24,8 @@ if (isset($_GET['quote_id'])) {
|
||||
LEFT JOIN clients ON quote_client_id = client_id
|
||||
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
|
||||
LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1
|
||||
WHERE quote_id = $quote_id"
|
||||
WHERE quote_id = $quote_id
|
||||
$quote_permission_snippet"
|
||||
);
|
||||
|
||||
if (mysqli_num_rows($sql) == 0) {
|
||||
|
||||
@@ -17,6 +17,10 @@ if (isset($_GET['client_id'])) {
|
||||
|
||||
// Perms
|
||||
enforceUserPermission('module_sales');
|
||||
$quote_permission_snippet = '';
|
||||
if (!empty($client_access_string)) {
|
||||
$quote_permission_snippet = "AND quote_client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
$sql = mysqli_query(
|
||||
$mysqli,
|
||||
@@ -25,6 +29,7 @@ $sql = mysqli_query(
|
||||
LEFT JOIN categories ON quote_category_id = category_id
|
||||
WHERE (CONCAT(quote_prefix,quote_number) LIKE '%$q%' OR quote_scope LIKE '%$q%' OR category_name LIKE '%$q%' OR quote_status LIKE '%$q%' OR quote_amount LIKE '%$q%' OR client_name LIKE '%$q%')
|
||||
AND DATE(quote_date) BETWEEN '$dtf' AND '$dtt'
|
||||
$quote_permission_snippet
|
||||
$client_query
|
||||
ORDER BY $sort $order LIMIT $record_from, $record_to"
|
||||
);
|
||||
|
||||
+5
-7
@@ -11,6 +11,10 @@ if (isset($_GET['client_id'])) {
|
||||
|
||||
// Perms
|
||||
enforceUserPermission('module_support');
|
||||
$ticket_permission_snippet = '';
|
||||
if (!empty($client_access_string)) {
|
||||
$ticket_permission_snippet = "AND ticket_client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
// Initialize the HTML Purifier to prevent XSS
|
||||
require_once "plugins/htmlpurifier/HTMLPurifier.standalone.php";
|
||||
@@ -20,12 +24,6 @@ $purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting
|
||||
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
// Ticket client access snippet
|
||||
$ticket_permission_snippet = '';
|
||||
if (!empty($client_access_string)) {
|
||||
$ticket_permission_snippet = "AND ticket_client_id IN ($client_access_string)";
|
||||
}
|
||||
|
||||
if (isset($_GET['ticket_id'])) {
|
||||
$ticket_id = intval($_GET['ticket_id']);
|
||||
|
||||
@@ -51,7 +49,7 @@ if (isset($_GET['ticket_id'])) {
|
||||
if (mysqli_num_rows($sql) == 0) {
|
||||
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1><a class='btn btn-lg btn-secondary mt-3' href='tickets.php'><i class='fa fa-fw fa-arrow-left'></i> Go Back</a></center>";
|
||||
|
||||
include_once "footer.php";
|
||||
include_once "includes/footer.php";
|
||||
} else {
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
||||
Reference in New Issue
Block a user