ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Move the initialization of ip, user agent, browser and os vars to guest_header.php

Browse Source 
- General tidy and bugfixing of undefined vars
This commit is contained in:
Marcus Hill
2023-02-08 14:24:47 +00:00
parent 38fcf3fb9c
commit 52243c0a1d
4 changed files with 1503 additions and 1530 deletions
Download Patch File Download Diff File Expand all files Collapse all files
guest_header.php
+3 -1
View File
@@ -6,7 +6,9 @@ require_once("functions.php");
session_start(); session_start();
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP()))); $ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT'])); $ua = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli, getOS($ua)));
$browser = strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($ua)));
?> ?>
guest_pay_invoice_stripe.php
-3
View File
@@ -13,9 +13,6 @@ $config_stripe_publishable = htmlentities($stripe_vars['config_stripe_publishabl
$config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']); $config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']);
$config_stripe_account = intval($stripe_vars['config_stripe_account']); $config_stripe_account = intval($stripe_vars['config_stripe_account']);
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, getOS($user_agent))));
$browser = trim(strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($user_agent))));
// Check Stripe is configured // Check Stripe is configured
if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) { if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) {
echo "<br><h2>Stripe payments not enabled/configured</h2>"; echo "<br><h2>Stripe payments not enabled/configured</h2>";
guest_view_invoice.php
+117 -141
View File
@@ -2,12 +2,18 @@
require_once("guest_header.php"); require_once("guest_header.php");
if (isset($_GET['invoice_id'], $_GET['url_key'])) { if (!isset($_GET['invoice_id'], $_GET['url_key'])) {
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']); $url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$invoice_id = intval($_GET['invoice_id']); $invoice_id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices $sql = mysqli_query(
$mysqli,
"SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN contacts ON primary_contact = contact_id
@@ -15,117 +21,114 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
LEFT JOIN settings ON settings.company_id = companies.company_id LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE invoice_id = $invoice_id WHERE invoice_id = $invoice_id
AND invoice_url_key = '$url_key'" AND invoice_url_key = '$url_key'"
); );
if (mysqli_num_rows($sql) == 1) { if (mysqli_num_rows($sql) !== 1) {
// Invalid invoice/key
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id']; $invoice_id = $row['invoice_id'];
$invoice_prefix = htmlentities($row['invoice_prefix']); $invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']); $invoice_number = htmlentities($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']); $invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date']; $invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due']; $invoice_due = $row['invoice_due'];
$invoice_amount = floatval($row['invoice_amount']); $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']); $invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']); $invoice_note = htmlentities($row['invoice_note']);
$invoice_category_id = $row['invoice_category_id']; $invoice_category_id = $row['invoice_category_id'];
$client_id = $row['client_id']; $client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']); $client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']); $client_net_terms = htmlentities($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = intval($row['config_default_net_terms']);
} }
$company_id = $row['company_id']; $company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']); $company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']); $company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = htmlentities($row['company_email']);
$company_logo = htmlentities($row['company_logo']); $company_website = htmlentities($row['company_website']);
if (!empty($company_logo)) { $company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
} }
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']); $config_invoice_footer = htmlentities($row['config_invoice_footer']);
$config_stripe_enable = $row['config_stripe_enable']; $config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_publishable = $row['config_stripe_publishable']; $config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret']; $config_stripe_secret = $row['config_stripe_secret'];
//Set Currency Format //Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$ip = strip_tags(mysqli_real_escape_string($mysqli,getIP())); $invoice_tally_total = 0; // Default
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); //Set Badge color based off of invoice status
$os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent))); $invoice_badge_color = getInvoiceBadgeColor($invoice_status);
$browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
$invoice_tally_total = 0; // Default //Update status to Viewed only if invoice_status = "Sent"
if ($invoice_status == 'Sent') {
//Set Badge color based off of invoice status
$invoice_badge_color = getInvoiceBadgeColor($invoice_status);
//Update status to Viewed only if invoice_status = "Sent"
if ($invoice_status == 'Sent') {
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Viewed' WHERE invoice_id = $invoice_id"); mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Viewed' WHERE invoice_id = $invoice_id");
} }
//Mark viewed in history //Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
//Prevent SQL Error if client_name has ' in their name example Bill's Market if ($invoice_status !== 'Paid') {
if ($invoice_status !== 'Paid') {
$client_name_escaped = mysqli_real_escape_string($mysqli, $row['client_name']); $client_name_escaped = mysqli_real_escape_string($mysqli, $row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
} }
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC"); $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
//Add up all the payments for the invoice and get the total amount paid to the invoice //Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid); $row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid']; $amount_paid = $row['amount_paid'];
$balance = $invoice_amount - $amount_paid; $balance = $invoice_amount - $amount_paid;
//check to see if overdue //check to see if overdue
$invoice_color = $invoice_badge_color; // Default $invoice_color = $invoice_badge_color; // Default
if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") { if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") {
$unixtime_invoice_due = strtotime($invoice_due) + 86400; $unixtime_invoice_due = strtotime($invoice_due) + 86400;
if ($unixtime_invoice_due < time()) { if ($unixtime_invoice_due < time()) {
$invoice_color = "text-danger"; $invoice_color = "text-danger";
} }
} }
?> // Invoice individual items
$sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC");
<div class="card"> ?>
<div class="card">
<div class="card-header bg-light d-print-none"> <div class="card-header bg-light d-print-none">
<div class="float-right"> <div class="float-right">
<a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fa fa-fw fa-history"></i> Invoice History</a> <a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fa fa-fw fa-history"></i> Invoice History</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a> <a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a> <a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a>
<?php <?php
if ($invoice_status != "Paid" && $invoice_status != "Cancelled" && $invoice_status != "Draft" && $config_stripe_enable == 1) { if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?>
?>
<?php
if ($config_stripe_enable == 1) {
?>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card"></i> Pay Online <small>(Coming Soon)</small></a> <a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card"></i> Pay Online <small>(Coming Soon)</small></a>
<?php } ?> <?php } ?>
<?php } ?>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
@@ -185,8 +188,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
</div> </div>
</div> </div>
<?php $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC"); ?>
<div class="row mb-4"> <div class="row mb-4">
<div class="col-md-12"> <div class="col-md-12">
<div class="card"> <div class="card">
@@ -230,11 +231,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td> <td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td>
</tr> </tr>
<?php <?php } ?>
}
?>
</tbody> </tbody>
</table> </table>
@@ -283,13 +280,13 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<hr class="mt-5"> <hr class="mt-5">
<center style="white-space:pre-line"><?php echo $config_invoice_footer; ?></center> <div style="white-space:pre-line; text-align: center;"><?php echo $config_invoice_footer; ?></div>
</div>
</div> </div>
</div>
<script src='plugins/pdfmake/pdfmake.min.js'></script> <script src='plugins/pdfmake/pdfmake.min.js'></script>
<script src='plugins/pdfmake/vfs_fonts.js'></script> <script src='plugins/pdfmake/vfs_fonts.js'></script>
<script> <script>
var docDefinition = { var docDefinition = {
info: { info: {
@@ -707,16 +704,15 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
columnGap: 20 columnGap: 20
} }
} }
</script> </script>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due < CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_date DESC"); // PREVIOUS UNPAID INVOICES
if (mysqli_num_rows($sql) > 1) { $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due < CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_date DESC");
?>
if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none card-danger"> <div class="card d-print-none card-danger">
<div class="card-header"> <div class="card-header">
@@ -765,17 +761,15 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
</table> </table>
</div> </div>
</div> </div>
<?php
}
?>
<?php <?php } // End previous unpaid invoices
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due > CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC");
if (mysqli_num_rows($sql) > 1) { // CURRENT INVOICES
?> $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due > CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC");
if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none card-light"> <div class="card d-print-none card-light">
@@ -817,27 +811,24 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td> <td class="text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td>
</tr> </tr>
<?php <?php } ?>
}
?>
</tbody> </tbody>
</table> </table>
</div> </div>
</div> </div>
<?php <?php
} }
?> ?>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC"); // PREVIOUS PAID INVOICES
if (mysqli_num_rows($sql) > 1) { $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC");
?>
if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none collapse" id="collapsePreviousInvoices"> <div class="card d-print-none collapse" id="collapsePreviousInvoices">
<div class="card-header bg-dark"> <div class="card-header bg-dark">
@@ -895,7 +886,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
$payment_note = "Late"; $payment_note = "Late";
$difference = strtotime($payment_date) - strtotime($invoice_due); $difference = strtotime($payment_date) - strtotime($invoice_due);
$days = floor($difference / (60*60*24) ) . " Days"; $days = floor($difference / (60*60*24) ) . " Days";
}else{ } else {
$payment_note = ""; $payment_note = "";
$days = ""; $days = "";
} }
@@ -908,32 +899,17 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<tr> <tr>
<td colspan="4"><?php echo $payment_date; ?> - <?php echo numfmt_format_currency($currency_format, $payment_amount, $payment_currency_code); ?> - <?php echo $payment_method; ?> - <?php echo $payment_reference; ?> - <?php echo $days; ?> <?php echo $payment_note; ?></td> <td colspan="4"><?php echo $payment_date; ?> - <?php echo numfmt_format_currency($currency_format, $payment_amount, $payment_currency_code); ?> - <?php echo $payment_method; ?> - <?php echo $payment_reference; ?> - <?php echo $days; ?> <?php echo $payment_note; ?></td>
</tr> </tr>
<?php
} <?php } ?>
?> <?php } ?>
<?php
}
?>
</tbody> </tbody>
</table> </table>
</div> </div>
</div> </div>
<?php <?php } // End previous paid invoices
}
?>
<?php
}else{
echo "GTFO";
}
}else{
echo "GTFO";
}
?>
<?php include("guest_footer.php"); ?> require_once("guest_footer.php");
guest_view_quote.php
+80 -82
View File
@@ -1,13 +1,20 @@
<?php <?php
include("guest_header.php"); require_once("guest_header.php");
if (isset($_GET['quote_id'], $_GET['url_key'])) { if (!isset($_GET['quote_id'], $_GET['url_key'])) {
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$quote_id = intval($_GET['quote_id']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes $url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$quote_id = intval($_GET['quote_id']);
$sql = mysqli_query(
$mysqli,
"SELECT * FROM quotes
LEFT JOIN clients ON quote_client_id = client_id LEFT JOIN clients ON quote_client_id = client_id
LEFT JOIN locations ON primary_location = location_id LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id LEFT JOIN contacts ON primary_contact = contact_id
@@ -15,74 +22,75 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
LEFT JOIN settings ON settings.company_id = companies.company_id LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE quote_id = $quote_id WHERE quote_id = $quote_id
AND quote_url_key = '$url_key'" AND quote_url_key = '$url_key'"
); );
if (mysqli_num_rows($sql) == 1) { if (mysqli_num_rows($sql) !== 1) {
// Invalid quote/key
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$quote_id = $row['quote_id']; $quote_id = $row['quote_id'];
$quote_prefix = htmlentities($row['quote_prefix']); $quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']); $quote_number = htmlentities($row['quote_number']);
$quote_status = htmlentities($row['quote_status']); $quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date']; $quote_date = $row['quote_date'];
$quote_amount = floatval($row['quote_amount']); $quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']); $quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']); $quote_note = htmlentities($row['quote_note']);
$category_id = $row['category_id']; $category_id = $row['category_id'];
$client_id = $row['client_id']; $client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']); $client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']); $location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']); $location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']); $location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']); $location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']); $contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']); $contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']); $contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']); $client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']); $client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']); $client_net_terms = htmlentities($row['client_net_terms']);
if ($client_net_terms == 0) { if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms; $client_net_terms = intval($row['config_default_net_terms']);
} }
$company_id = $row['company_id']; $company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']); $company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']); $company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']); $company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']); $company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']); $company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']); $company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']); $company_email = htmlentities($row['company_email']);
$company_logo = htmlentities($row['company_logo']); $company_website = htmlentities($row['company_website']);
if (!empty($company_logo)) { $company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo")); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
} }
$company_locale = htmlentities($row['company_locale']); $company_locale = htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']); $config_quote_footer = htmlentities($row['config_quote_footer']);
//Set Currency Format //Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$ip = strip_tags(mysqli_real_escape_string($mysqli,getIP())); //Update status to Viewed only if invoice_status = "Sent"
if ($quote_status == 'Sent') {
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent)));
$browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
//Update status to Viewed only if invoice_status = "Sent"
if ($quote_status == 'Sent') {
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Viewed' WHERE quote_id = $quote_id"); mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Viewed' WHERE quote_id = $quote_id");
} }
//Mark viewed in history //Mark viewed in history
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
//Prevent SQL Error if client_name has ' in their name example Bill's Market if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
$client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']); $client_name_escaped = mysqli_escape_string($mysqli, $row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
}
?> ?>
<div class="card"> <div class="card">
@@ -171,6 +179,8 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
<tbody> <tbody>
<?php <?php
$total_tax = $sub_total = 0; // Default 0
while ($row = mysqli_fetch_array($sql_items)) { while ($row = mysqli_fetch_array($sql_items)) {
$item_id = $row['item_id']; $item_id = $row['item_id'];
$item_name = htmlentities($row['item_name']); $item_name = htmlentities($row['item_name']);
@@ -224,12 +234,6 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
<td>Subtotal</td> <td>Subtotal</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?></td> <td class="text-right"><?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?></td>
</tr> </tr>
<?php if ($discount > 0) { ?>
<tr class="border-bottom">
<td>Discount</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $quote_discount, $quote_currency_code); ?></td>
</tr>
<?php } ?>
<?php if ($total_tax > 0) { ?> <?php if ($total_tax > 0) { ?>
<tr class="border-bottom"> <tr class="border-bottom">
<td>Tax</td> <td>Tax</td>
@@ -247,15 +251,15 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
<hr class="mt-5"> <hr class="mt-5">
<center style="white-space:pre-line"><?php echo $config_quote_footer; ?></center> <div style="white-space:pre-line; text-align: center;"><?php echo $config_quote_footer; ?></div>
</div> </div>
</div> </div>
<script src='plugins/pdfmake/pdfmake.min.js'></script> <script src='plugins/pdfmake/pdfmake.min.js'></script>
<script src='plugins/pdfmake/vfs_fonts.js'></script> <script src='plugins/pdfmake/vfs_fonts.js'></script>
<script> <script>
var docDefinition = { var docDefinition = {
info: { info: {
title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>, title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>,
author: <?php echo json_encode(html_entity_decode($company_name)) ?> author: <?php echo json_encode(html_entity_decode($company_name)) ?>
@@ -636,15 +640,9 @@ var docDefinition = {
defaultStyle: { defaultStyle: {
columnGap: 20, columnGap: 20,
} }
} }
</script> </script>
<?php <?php
}else{ require_once("guest_footer.php");
echo "GTFO";
}
}else{
echo "GTFO";
} ?>
<?php include("guest_footer.php");