Merge pull request #610 from wrongecho/minor-fixes

Minor changes/fixes
2023-02-08 14:54:15 -05:00
parent b1e2f15148 78aca0f615
commit 9e549adb7e
10 changed files with 1977 additions and 1982 deletions
@@ -390,7 +390,7 @@ function getDomainRecords($name) {
        return $records;
    }
-    $domain = escapeshellarg($name);
+    $domain = escapeshellarg(str_replace('www.', '', $name));
    $records['a'] = substr(trim(strip_tags(shell_exec("dig +short $domain"))), 0, 254);
    $records['ns'] = substr(trim(strip_tags(shell_exec("dig +short NS $domain"))), 0, 254);
    $records['mx'] = substr(trim(strip_tags(shell_exec("dig +short MX $domain"))), 0, 254);
@@ -68,7 +68,7 @@ if (isset($_GET['stripe_create_pi'])) {
    }
    $config_stripe_secret = $row['config_stripe_secret'];
-    $pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $client_name";
+    $pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $invoice_prefix$invoice_number";
    // Create a PaymentIntent with amount, currency and client details
    try {
@@ -6,7 +6,9 @@ require_once("functions.php");
 session_start();
 $ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
-$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
+$ua = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
 $os = strip_tags(mysqli_real_escape_string($mysqli, getOS($ua)));
 $browser = strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($ua)));
 ?>
@@ -13,9 +13,6 @@ $config_stripe_publishable = htmlentities($stripe_vars['config_stripe_publishabl
 $config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']);
 $config_stripe_account = intval($stripe_vars['config_stripe_account']);
 $os = trim(strip_tags(mysqli_real_escape_string($mysqli, getOS($user_agent))));
 $browser = trim(strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($user_agent))));
 // Check Stripe is configured
 if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) {
    echo "<br><h2>Stripe payments not enabled/configured</h2>";
@@ -223,7 +220,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
    $client_name = htmlentities($row['client_name']);
    $contact_name = $row['contact_name'];
    $contact_email = $row['contact_email'];
-    $company_name = htmlentities($row['company_name']);
+    $company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name']));
    $company_phone = htmlentities($row['company_phone']);
    $company_locale = htmlentities($row['company_locale']);
@@ -250,6 +247,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
    mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = '$pi_amount_paid', payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id");
    mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
    // Notify
    mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $pi_client_id, company_id = $invoice_company_id");
    // Logging
    $extended_log_desc = '';
    if (!$pi_livemode) {
@@ -2,12 +2,18 @@
 require_once("guest_header.php");
-if (isset($_GET['invoice_id'], $_GET['url_key'])) {
+if (!isset($_GET['invoice_id'], $_GET['url_key'])) {
    echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
    require_once("guest_footer.php");
    exit();
 }
 $url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
 $invoice_id = intval($_GET['invoice_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM invoices 
+$sql = mysqli_query(
    $mysqli,
    "SELECT * FROM invoices
    LEFT JOIN clients ON invoice_client_id = client_id
    LEFT JOIN locations ON primary_location = location_id
    LEFT JOIN contacts ON primary_contact = contact_id
@@ -17,7 +23,12 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
    AND invoice_url_key = '$url_key'"
 );
-    if (mysqli_num_rows($sql) == 1) {
+if (mysqli_num_rows($sql) !== 1) {
    // Invalid invoice/key
    echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
    require_once("guest_footer.php");
    exit();
 }
 $row = mysqli_fetch_array($sql);
 $invoice_id = $row['invoice_id'];
@@ -44,7 +55,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 $client_currency_code = htmlentities($row['client_currency_code']);
 $client_net_terms = htmlentities($row['client_net_terms']);
 if ($client_net_terms == 0) {
-            $client_net_terms = $config_default_net_terms;
+    $client_net_terms = intval($row['config_default_net_terms']);
 }
 $company_id = $row['company_id'];
 $company_name = htmlentities($row['company_name']);
@@ -54,6 +65,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 $company_zip = htmlentities($row['company_zip']);
 $company_phone = formatPhoneNumber($row['company_phone']);
 $company_email = htmlentities($row['company_email']);
 $company_website = htmlentities($row['company_website']);
 $company_logo = htmlentities($row['company_logo']);
 if (!empty($company_logo)) {
    $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
@@ -67,12 +79,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 //Set Currency Format
 $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
        $ip = strip_tags(mysqli_real_escape_string($mysqli,getIP()));
        $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
        $os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent)));
        $browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
 $invoice_tally_total = 0; // Default
 //Set Badge color based off of invoice status
@@ -86,10 +92,10 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 //Mark viewed in history
 mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
-        //Prevent SQL Error if client_name has ' in their name example Bill's Market
+if ($invoice_status !== 'Paid') {
-        $client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']);
+    $client_name_escaped = mysqli_real_escape_string($mysqli, $row['client_name']);
    mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
-
+}
 $sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
 //Add up all the payments for the invoice and get the total amount paid to the invoice
@@ -108,6 +114,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
    }
 }
 // Invoice individual items
 $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC");
 ?>
 <div class="card">
@@ -117,14 +126,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
            <a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a>
            <a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a>
            <?php
-                    if ($invoice_status != "Paid" && $invoice_status  != "Cancelled" && $invoice_status != "Draft" && $config_stripe_enable == 1) {
+            if ($invoice_status !== "Paid" && $invoice_status  !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?>
                        ?>
                        <?php
                        if ($config_stripe_enable == 1) {
                            ?>
                <a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card"></i> Pay Online <small>(Coming Soon)</small></a>
            <?php } ?>
                    <?php } ?>
        </div>
    </div>
    <div class="card-body">
@@ -184,8 +188,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
            </div>
        </div>
                <?php $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC"); ?>
        <div class="row mb-4">
            <div class="col-md-12">
                <div class="card">
@@ -229,11 +231,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
                                    <td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td>
                                </tr>
-                                        <?php
+                            <?php } ?>
                                    }
                                    ?>
                            </tbody>
                        </table>
@@ -282,7 +280,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
        <hr class="mt-5">
-                <center style="white-space:pre-line"><?php echo $config_invoice_footer; ?></center>
+        <div style="white-space:pre-line; text-align: center;"><?php echo $config_invoice_footer; ?></div>
    </div>
 </div>
@@ -710,12 +708,11 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 <?php
 // PREVIOUS UNPAID INVOICES
 $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due < CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_date DESC");
-        if (mysqli_num_rows($sql) > 1) {
+if (mysqli_num_rows($sql) > 1) { ?>
            ?>
    <div class="card d-print-none card-danger">
        <div class="card-header">
@@ -764,17 +761,15 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
            </table>
        </div>
    </div>
            <?php
        }
        ?>
-        <?php
+<?php } // End previous unpaid invoices
 // CURRENT INVOICES
 $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due > CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC");
-        if (mysqli_num_rows($sql) > 1) {
+if (mysqli_num_rows($sql) > 1) { ?>
            ?>
    <div class="card d-print-none card-light">
@@ -816,9 +811,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
                        <td class="text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td>
                    </tr>
-                            <?php
+                <?php } ?>
                        }
                        ?>
                </tbody>
            </table>
@@ -831,12 +824,11 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 <?php
 // PREVIOUS PAID INVOICES
 $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC");
-        if (mysqli_num_rows($sql) > 1) {
+if (mysqli_num_rows($sql) > 1) { ?>
            ?>
    <div class="card d-print-none collapse" id="collapsePreviousInvoices">
        <div class="card-header bg-dark">
@@ -907,32 +899,17 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
                        <tr>
                            <td colspan="4"><?php echo $payment_date; ?> - <?php echo numfmt_format_currency($currency_format, $payment_amount, $payment_currency_code); ?> - <?php echo $payment_method; ?> - <?php echo $payment_reference; ?> - <?php echo $days; ?> <?php echo $payment_note; ?></td>
                        </tr>
                                <?php
-                            }
+                    <?php } ?>
-                            ?>
+                <?php } ?>
                            <?php
                        }
                        ?>
                </tbody>
            </table>
        </div>
    </div>
-            <?php
+<?php } // End previous paid invoices
        }
        ?>
        <?php
    }else{
        echo "GTFO";
    }
 }else{
    echo "GTFO";
 }
 ?>
-<?php include("guest_footer.php"); ?>
+require_once("guest_footer.php");
@@ -1,13 +1,20 @@
 <?php
-include("guest_header.php");
+require_once("guest_header.php");
 if (!isset($_GET['quote_id'], $_GET['url_key'])) {
    echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
    require_once("guest_footer.php");
    exit();
 }
 if (isset($_GET['quote_id'], $_GET['url_key'])) {
 $url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
 $quote_id = intval($_GET['quote_id']);
-  $sql = mysqli_query($mysqli,"SELECT * FROM quotes
+$sql = mysqli_query(
    $mysqli,
    "SELECT * FROM quotes
    LEFT JOIN clients ON quote_client_id = client_id
    LEFT JOIN locations ON primary_location = location_id
    LEFT JOIN contacts ON primary_contact = contact_id
@@ -17,7 +24,12 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
    AND quote_url_key = '$url_key'"
 );
-  if (mysqli_num_rows($sql) == 1) {
+if (mysqli_num_rows($sql) !== 1) {
    // Invalid quote/key
    echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
    require_once("guest_footer.php");
    exit();
 }
 $row = mysqli_fetch_array($sql);
@@ -44,7 +56,7 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
 $client_currency_code = htmlentities($row['client_currency_code']);
 $client_net_terms = htmlentities($row['client_net_terms']);
 if ($client_net_terms == 0) {
-      $client_net_terms = $config_default_net_terms;
+    $client_net_terms = intval($row['config_default_net_terms']);
 }
 $company_id = $row['company_id'];
 $company_name = htmlentities($row['company_name']);
@@ -54,6 +66,7 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
 $company_zip = htmlentities($row['company_zip']);
 $company_phone = formatPhoneNumber($row['company_phone']);
 $company_email = htmlentities($row['company_email']);
 $company_website = htmlentities($row['company_website']);
 $company_logo = htmlentities($row['company_logo']);
 if (!empty($company_logo)) {
    $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
@@ -64,12 +77,6 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
 //Set Currency Format
 $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
    $ip = strip_tags(mysqli_real_escape_string($mysqli,getIP()));
    $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
    $os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent)));
    $browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
 //Update status to Viewed only if invoice_status = "Sent"
 if ($quote_status == 'Sent') {
    mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Viewed' WHERE quote_id = $quote_id");
@@ -78,9 +85,10 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
 //Mark viewed in history
 mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
-    //Prevent SQL Error if client_name has ' in their name example Bill's Market
+if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
    $client_name_escaped = mysqli_escape_string($mysqli, $row['client_name']);
    mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
 }
 ?>
@@ -171,6 +179,8 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
                                <tbody>
                                <?php
                                $total_tax = $sub_total = 0; // Default 0
                                while ($row = mysqli_fetch_array($sql_items)) {
                                    $item_id = $row['item_id'];
                                    $item_name = htmlentities($row['item_name']);
@@ -224,12 +234,6 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
                            <td>Subtotal</td>
                            <td class="text-right"><?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?></td>
                        </tr>
              <?php if ($discount > 0) { ?>
              <tr class="border-bottom">
                <td>Discount</td>
                <td class="text-right"><?php echo numfmt_format_currency($currency_format, $quote_discount, $quote_currency_code); ?></td>          
              </tr>
              <?php } ?>
                        <?php if ($total_tax > 0) { ?>
                            <tr class="border-bottom">
                                <td>Tax</td>
@@ -247,7 +251,7 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
            <hr class="mt-5">
-      <center style="white-space:pre-line"><?php echo $config_quote_footer; ?></center>
+            <div style="white-space:pre-line; text-align: center;"><?php echo $config_quote_footer; ?></div>
        </div>
    </div>
@@ -639,12 +643,6 @@ var docDefinition = {
        }
    </script>
 <?php 
  }else{
    echo "GTFO";
  }
 }else{
  echo "GTFO";
 } ?>
-<?php include("guest_footer.php");
+<?php
 require_once("guest_footer.php");
@@ -6,7 +6,9 @@ if (isset($_GET['invoice_id'])) {
    $invoice_id = intval($_GET['invoice_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM invoices 
+    $sql = mysqli_query(
        $mysqli,
        "SELECT * FROM invoices
        LEFT JOIN clients ON invoice_client_id = client_id
        LEFT JOIN locations ON primary_location = location_id
        LEFT JOIN contacts ON primary_contact = contact_id
@@ -15,8 +17,10 @@ if (isset($_GET['invoice_id'])) {
    );
    if (mysqli_num_rows($sql) == 0) {
-        echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1></center>";
+        echo '<h1 class="text-secondary mt-5" style="text-align: center">Nothing to see here</h1>';
-    } else {
+        require_once("footer.php");
        exit();
    }
    $row = mysqli_fetch_array($sql);
    $invoice_id = $row['invoice_id'];
@@ -260,8 +264,10 @@ if (isset($_GET['invoice_id'])) {
                                    <tr>
                                        <td class="text-center d-print-none">
                                            <?php if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled") { ?>
                                                <a class="text-secondary" href="#" data-toggle="modal" data-target="#editItemModal<?php echo $item_id; ?>"><i class="fa fa-fw fa-edit"></i></a>
                                                <a class="text-danger" href="post.php?delete_invoice_item=<?php echo $item_id; ?>"><i class="fa fa-fw fa-trash-alt"></i></a>
                                            <?php } ?>
                                        </td>
                                        <td><?php echo $item_name; ?></td>
                                        <td><div style="white-space:pre-line"><?php echo $item_description; ?></div></td>
@@ -273,13 +279,15 @@ if (isset($_GET['invoice_id'])) {
                                    <?php
-                                        include("item_edit_modal.php");
+                                    if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled") {
                                        require("item_edit_modal.php");
                                    }
                                }
                                ?>
-                                    <tr class="d-print-none">
+                                <tr class="d-print-none" <?php if ($invoice_status == "Paid" || $invoice_status == "Cancelled") { echo "hidden"; } ?>>
                                    <form action="post.php" method="post" autocomplete="off">
                                        <input type="hidden" name="invoice_id" value="<?php echo $invoice_id; ?>">
                                        <td></td>
@@ -477,11 +485,9 @@ if (isset($_GET['invoice_id'])) {
    include_once("invoice_edit_modal.php");
    include_once("invoice_note_modal.php");
    include_once("category_quick_add_modal.php");
    }
 }
-include("footer.php");
+require_once("footer.php");
 ?>
@@ -2948,7 +2948,7 @@ if(isset($_GET['dismiss_all_notifications'])){
    $_SESSION['alert_message'] = "$num_notifications Notifications Dismissed";
-    header("Location: notifications.php");
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
@@ -5,7 +5,9 @@ if (isset($_GET['quote_id'])) {
    $quote_id = intval($_GET['quote_id']);
-    $sql = mysqli_query($mysqli,"SELECT * FROM quotes 
+    $sql = mysqli_query(
        $mysqli,
        "SELECT * FROM quotes
        LEFT JOIN clients ON quote_client_id = client_id
        LEFT JOIN locations ON primary_location = location_id
        LEFT JOIN contacts ON primary_contact = contact_id
@@ -13,6 +15,12 @@ if (isset($_GET['quote_id'])) {
        WHERE quote_id = $quote_id"
    );
    if (mysqli_num_rows($sql) == 0) {
        echo '<h1 class="text-secondary mt-5" style="text-align: center">Nothing to see here</h1>';
        require_once("footer.php");
        exit();
    }
    $row = mysqli_fetch_array($sql);
    $quote_id = $row['quote_id'];
    $quote_prefix = htmlentities($row['quote_prefix']);
@@ -235,8 +243,10 @@ if (isset($_GET['quote_id'])) {
                                    <tr>
                                        <td class="text-center d-print-none">
                                            <?php if ($quote_status !== "Invoiced" && $quote_status !== "Accepted" && $quote_status !== "Declined") { ?>
                                                <a class="text-secondary" href="#" data-toggle="modal" data-target="#editItemModal<?php echo $item_id; ?>"><i class="fa fa-fw fa-edit"></i></a>
                                                <a class="text-danger" href="post.php?delete_quote_item=<?php echo $item_id; ?>"><i class="fa fa-fw fa-trash-alt"></i></a>
                                            <?php } ?>
                                        </td>
                                        <td><?php echo $item_name; ?></td>
                                        <td><div style="white-space:pre-line"><?php echo $item_description; ?></div></td>
@@ -248,13 +258,15 @@ if (isset($_GET['quote_id'])) {
                                    <?php
-                                    include("item_edit_modal.php");
+                                    if ($quote_status !== "Invoiced" && $quote_status !== "Accepted" && $quote_status !== "Declined") {
                                        require("item_edit_modal.php");
                                    }
                                }
                                ?>
-                                <tr class="d-print-none">
+                                <tr class="d-print-none" <?php if ($quote_status == "Invoiced" || $quote_status == "Accepted" || $quote_status == "Declined") { echo "hidden"; } ?>>
                                    <form action="post.php" method="post" autocomplete="off">
                                        <input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
                                        <td></td>
@@ -992,7 +992,7 @@ if (isset($_POST['add_company_settings'])) {
    mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company_id");
    $latest_database_version = LATEST_DATABASE_VERSION;
-    mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_current_database_version = '$latest_database_version',  config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_recurring_auto_send_invoice = 1, config_default_net_terms = 30, config_send_invoice_reminders = 1, config_enable_cron = 0, config_ticket_next_number = 1");
+    mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_current_database_version = '$latest_database_version',  config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_recurring_auto_send_invoice = 1, config_default_net_terms = 30, config_send_invoice_reminders = 1, config_enable_cron = 0, config_ticket_next_number = 1, config_ticket_prefix = 'TCK-'");
    //Create Some Data