ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #610 from wrongecho/minor-fixes

Browse Source 
Minor changes/fixes
This commit is contained in:
Johnny
2023-02-08 14:54:15 -05:00
committed by GitHub
parent b1e2f15148 78aca0f615
commit 9e549adb7e
10 changed files with 1977 additions and 1982 deletions
Download Patch File Download Diff File Expand all files Collapse all files
functions.php
+1 -1
View File
@@ -390,7 +390,7 @@ function getDomainRecords($name) {
return $records;
}
$domain = escapeshellarg($name);
$domain = escapeshellarg(str_replace('www.', '', $name));
$records['a'] = substr(trim(strip_tags(shell_exec("dig +short $domain"))), 0, 254);
$records['ns'] = substr(trim(strip_tags(shell_exec("dig +short NS $domain"))), 0, 254);
$records['mx'] = substr(trim(strip_tags(shell_exec("dig +short MX $domain"))), 0, 254);
guest_ajax.php
+1 -1
View File
@@ -68,7 +68,7 @@ if (isset($_GET['stripe_create_pi'])) {
}
$config_stripe_secret = $row['config_stripe_secret'];
$pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $client_name";
$pi_description = "ITFlow: $client_name payment of $invoice_currency_code $balance_to_pay for $invoice_prefix$invoice_number";
// Create a PaymentIntent with amount, currency and client details
try {
guest_header.php
+3 -1
View File
@@ -6,7 +6,9 @@ require_once("functions.php");
session_start();
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ua = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli, getOS($ua)));
$browser = strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($ua)));
?>
guest_pay_invoice_stripe.php
+4 -4
View File
@@ -13,9 +13,6 @@ $config_stripe_publishable = htmlentities($stripe_vars['config_stripe_publishabl
$config_stripe_secret = htmlentities($stripe_vars['config_stripe_secret']);
$config_stripe_account = intval($stripe_vars['config_stripe_account']);
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, getOS($user_agent))));
$browser = trim(strip_tags(mysqli_real_escape_string($mysqli, getWebBrowser($user_agent))));
// Check Stripe is configured
if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) {
echo "<br><h2>Stripe payments not enabled/configured</h2>";
@@ -223,7 +220,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$client_name = htmlentities($row['client_name']);
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];
$company_name = htmlentities($row['company_name']);
$company_name = mysqli_real_escape_string($mysqli, htmlentities($row['company_name']));
$company_phone = htmlentities($row['company_phone']);
$company_locale = htmlentities($row['company_locale']);
@@ -250,6 +247,9 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = '$pi_amount_paid', payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id, company_id = $invoice_company_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id, company_id = $invoice_company_id");
// Notify
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $pi_client_id, company_id = $invoice_company_id");
// Logging
$extended_log_desc = '';
if (!$pi_livemode) {
guest_view_invoice.php
+118 -141
View File
@@ -2,12 +2,18 @@
require_once("guest_header.php");
if (isset($_GET['invoice_id'], $_GET['url_key'])) {
if (!isset($_GET['invoice_id'], $_GET['url_key'])) {
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$invoice_id = intval($_GET['invoice_id']);
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$invoice_id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices
$sql = mysqli_query(
$mysqli,
"SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
@@ -15,116 +21,114 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE invoice_id = $invoice_id
AND invoice_url_key = '$url_key'"
);
);
if (mysqli_num_rows($sql) == 1) {
if (mysqli_num_rows($sql) !== 1) {
// Invalid invoice/key
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']);
$invoice_category_id = $row['invoice_category_id'];
$client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = htmlentities($row['invoice_currency_code']);
$invoice_note = htmlentities($row['invoice_note']);
$invoice_category_id = $row['invoice_category_id'];
$client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']);
}
$company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']);
$config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
}
$company_locale = htmlentities($row['company_locale']);
$config_invoice_footer = htmlentities($row['config_invoice_footer']);
$config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_publishable = $row['config_stripe_publishable'];
$config_stripe_secret = $row['config_stripe_secret'];
//Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
//Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$ip = strip_tags(mysqli_real_escape_string($mysqli,getIP()));
$invoice_tally_total = 0; // Default
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent)));
$browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
//Set Badge color based off of invoice status
$invoice_badge_color = getInvoiceBadgeColor($invoice_status);
$invoice_tally_total = 0; // Default
//Set Badge color based off of invoice status
$invoice_badge_color = getInvoiceBadgeColor($invoice_status);
//Update status to Viewed only if invoice_status = "Sent"
if ($invoice_status == 'Sent') {
//Update status to Viewed only if invoice_status = "Sent"
if ($invoice_status == 'Sent') {
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Viewed' WHERE invoice_id = $invoice_id");
}
}
//Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
//Mark viewed in history
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_created_at = NOW(), history_invoice_id = $invoice_id, company_id = $company_id");
//Prevent SQL Error if client_name has ' in their name example Bill's Market
$client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']);
if ($invoice_status !== 'Paid') {
$client_name_escaped = mysqli_real_escape_string($mysqli, $row['client_name']);
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Viewed', notification = 'Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
}
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$balance = $invoice_amount - $amount_paid;
$balance = $invoice_amount - $amount_paid;
//check to see if overdue
$invoice_color = $invoice_badge_color; // Default
if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") {
//check to see if overdue
$invoice_color = $invoice_badge_color; // Default
if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") {
$unixtime_invoice_due = strtotime($invoice_due) + 86400;
if ($unixtime_invoice_due < time()) {
$invoice_color = "text-danger";
}
}
}
?>
// Invoice individual items
$sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC");
<div class="card">
?>
<div class="card">
<div class="card-header bg-light d-print-none">
<div class="float-right">
<a class="btn btn-secondary" data-toggle="collapse" href="#collapsePreviousInvoices"><i class="fa fa-fw fa-history"></i> Invoice History</a>
<a class="btn btn-primary" href="#" onclick="window.print();"><i class="fa fa-fw fa-print"></i> Print</a>
<a class="btn btn-primary" href="#" onclick="pdfMake.createPdf(docDefinition).download('<?php echo "$invoice_date-$company_name-Invoice-$invoice_prefix$invoice_number.pdf"; ?>');"><i class="fa fa-fw fa-download"></i> Download</a>
<?php
if ($invoice_status != "Paid" && $invoice_status != "Cancelled" && $invoice_status != "Draft" && $config_stripe_enable == 1) {
?>
<?php
if ($config_stripe_enable == 1) {
?>
if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled" && $invoice_status !== "Draft" && $config_stripe_enable == 1) { ?>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card"></i> Pay Online <small>(Coming Soon)</small></a>
<?php } ?>
<?php } ?>
</div>
</div>
<div class="card-body">
@@ -184,8 +188,6 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
</div>
</div>
<?php $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC"); ?>
<div class="row mb-4">
<div class="col-md-12">
<div class="card">
@@ -229,11 +231,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?></td>
</tr>
<?php
}
?>
<?php } ?>
</tbody>
</table>
@@ -282,13 +280,13 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<hr class="mt-5">
<center style="white-space:pre-line"><?php echo $config_invoice_footer; ?></center>
</div>
<div style="white-space:pre-line; text-align: center;"><?php echo $config_invoice_footer; ?></div>
</div>
</div>
<script src='plugins/pdfmake/pdfmake.min.js'></script>
<script src='plugins/pdfmake/vfs_fonts.js'></script>
<script>
<script src='plugins/pdfmake/pdfmake.min.js'></script>
<script src='plugins/pdfmake/vfs_fonts.js'></script>
<script>
var docDefinition = {
info: {
@@ -706,16 +704,15 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
columnGap: 20
}
}
</script>
</script>
<?php
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due < CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_date DESC");
// PREVIOUS UNPAID INVOICES
if (mysqli_num_rows($sql) > 1) {
?>
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due < CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_date DESC");
if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none card-danger">
<div class="card-header">
@@ -764,17 +761,15 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
</table>
</div>
</div>
<?php
}
?>
<?php
<?php } // End previous unpaid invoices
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due > CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC");
if (mysqli_num_rows($sql) > 1) {
// CURRENT INVOICES
?>
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_due > CURDATE() AND(invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Partial') ORDER BY invoice_number DESC");
if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none card-light">
@@ -816,27 +811,24 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?></td>
</tr>
<?php
}
?>
<?php } ?>
</tbody>
</table>
</div>
</div>
<?php
}
?>
}
?>
<?php
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC");
// PREVIOUS PAID INVOICES
if (mysqli_num_rows($sql) > 1) {
?>
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC");
if (mysqli_num_rows($sql) > 1) { ?>
<div class="card d-print-none collapse" id="collapsePreviousInvoices">
<div class="card-header bg-dark">
@@ -894,7 +886,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
$payment_note = "Late";
$difference = strtotime($payment_date) - strtotime($invoice_due);
$days = floor($difference / (60*60*24) ) . " Days";
}else{
} else {
$payment_note = "";
$days = "";
}
@@ -907,32 +899,17 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
<tr>
<td colspan="4"><?php echo $payment_date; ?> - <?php echo numfmt_format_currency($currency_format, $payment_amount, $payment_currency_code); ?> - <?php echo $payment_method; ?> - <?php echo $payment_reference; ?> - <?php echo $days; ?> <?php echo $payment_note; ?></td>
</tr>
<?php
}
<?php } ?>
?>
<?php
}
?>
<?php } ?>
</tbody>
</table>
</div>
</div>
<?php
}
?>
<?php } // End previous paid invoices
<?php
}else{
echo "GTFO";
}
}else{
echo "GTFO";
}
?>
<?php include("guest_footer.php"); ?>
require_once("guest_footer.php");
guest_view_quote.php
+80 -82
View File
@@ -1,13 +1,20 @@
<?php
include("guest_header.php");
require_once("guest_header.php");
if (isset($_GET['quote_id'], $_GET['url_key'])) {
if (!isset($_GET['quote_id'], $_GET['url_key'])) {
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
$quote_id = intval($_GET['quote_id']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes
$url_key = mysqli_real_escape_string($mysqli, $_GET['url_key']);
$quote_id = intval($_GET['quote_id']);
$sql = mysqli_query(
$mysqli,
"SELECT * FROM quotes
LEFT JOIN clients ON quote_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
@@ -15,74 +22,75 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
LEFT JOIN settings ON settings.company_id = companies.company_id
WHERE quote_id = $quote_id
AND quote_url_key = '$url_key'"
);
);
if (mysqli_num_rows($sql) == 1) {
if (mysqli_num_rows($sql) !== 1) {
// Invalid quote/key
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
require_once("guest_footer.php");
exit();
}
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_array($sql);
$quote_id = $row['quote_id'];
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']);
$category_id = $row['category_id'];
$client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$quote_id = $row['quote_id'];
$quote_prefix = htmlentities($row['quote_prefix']);
$quote_number = htmlentities($row['quote_number']);
$quote_status = htmlentities($row['quote_status']);
$quote_date = $row['quote_date'];
$quote_amount = floatval($row['quote_amount']);
$quote_currency_code = htmlentities($row['quote_currency_code']);
$quote_note = htmlentities($row['quote_note']);
$category_id = $row['category_id'];
$client_id = $row['client_id'];
$client_name = htmlentities($row['client_name']);
$location_address = htmlentities($row['location_address']);
$location_city = htmlentities($row['location_city']);
$location_state = htmlentities($row['location_state']);
$location_zip = htmlentities($row['location_zip']);
$contact_email = htmlentities($row['contact_email']);
$contact_phone = formatPhoneNumber($row['contact_phone']);
$contact_extension = htmlentities($row['contact_extension']);
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$client_website = htmlentities($row['client_website']);
$client_currency_code = htmlentities($row['client_currency_code']);
$client_net_terms = htmlentities($row['client_net_terms']);
if ($client_net_terms == 0) {
$client_net_terms = intval($row['config_default_net_terms']);
}
$company_id = $row['company_id'];
$company_name = htmlentities($row['company_name']);
$company_address = htmlentities($row['company_address']);
$company_city = htmlentities($row['company_city']);
$company_state = htmlentities($row['company_state']);
$company_zip = htmlentities($row['company_zip']);
$company_phone = formatPhoneNumber($row['company_phone']);
$company_email = htmlentities($row['company_email']);
$company_website = htmlentities($row['company_website']);
$company_logo = htmlentities($row['company_logo']);
if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$company_locale = htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']);
}
$company_locale = htmlentities($row['company_locale']);
$config_quote_footer = htmlentities($row['config_quote_footer']);
//Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
//Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$ip = strip_tags(mysqli_real_escape_string($mysqli,getIP()));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent)));
$browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
//Update status to Viewed only if invoice_status = "Sent"
if ($quote_status == 'Sent') {
//Update status to Viewed only if invoice_status = "Sent"
if ($quote_status == 'Sent') {
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Viewed' WHERE quote_id = $quote_id");
}
}
//Mark viewed in history
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
//Mark viewed in history
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
//Prevent SQL Error if client_name has ' in their name example Bill's Market
$client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']);
if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Viewed") {
$client_name_escaped = mysqli_escape_string($mysqli, $row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
}
?>
?>
<div class="card">
@@ -171,6 +179,8 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
<tbody>
<?php
$total_tax = $sub_total = 0; // Default 0
while ($row = mysqli_fetch_array($sql_items)) {
$item_id = $row['item_id'];
$item_name = htmlentities($row['item_name']);
@@ -224,12 +234,6 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
<td>Subtotal</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?></td>
</tr>
<?php if ($discount > 0) { ?>
<tr class="border-bottom">
<td>Discount</td>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $quote_discount, $quote_currency_code); ?></td>
</tr>
<?php } ?>
<?php if ($total_tax > 0) { ?>
<tr class="border-bottom">
<td>Tax</td>
@@ -247,15 +251,15 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
<hr class="mt-5">
<center style="white-space:pre-line"><?php echo $config_quote_footer; ?></center>
<div style="white-space:pre-line; text-align: center;"><?php echo $config_quote_footer; ?></div>
</div>
</div>
<script src='plugins/pdfmake/pdfmake.min.js'></script>
<script src='plugins/pdfmake/vfs_fonts.js'></script>
<script>
<script src='plugins/pdfmake/vfs_fonts.js'></script>
<script>
var docDefinition = {
var docDefinition = {
info: {
title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>,
author: <?php echo json_encode(html_entity_decode($company_name)) ?>
@@ -636,15 +640,9 @@ var docDefinition = {
defaultStyle: {
columnGap: 20,
}
}
</script>
}
</script>
<?php
}else{
echo "GTFO";
}
}else{
echo "GTFO";
} ?>
<?php include("guest_footer.php");
require_once("guest_footer.php");
invoice.php
+14 -8
View File
@@ -6,7 +6,9 @@ if (isset($_GET['invoice_id'])) {
$invoice_id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices
$sql = mysqli_query(
$mysqli,
"SELECT * FROM invoices
LEFT JOIN clients ON invoice_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
@@ -15,8 +17,10 @@ if (isset($_GET['invoice_id'])) {
);
if (mysqli_num_rows($sql) == 0) {
echo "<center><h1 class='text-secondary mt-5'>Nothing to see here</h1></center>";
} else {
echo '<h1 class="text-secondary mt-5" style="text-align: center">Nothing to see here</h1>';
require_once("footer.php");
exit();
}
$row = mysqli_fetch_array($sql);
$invoice_id = $row['invoice_id'];
@@ -260,8 +264,10 @@ if (isset($_GET['invoice_id'])) {
<tr>
<td class="text-center d-print-none">
<?php if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled") { ?>
<a class="text-secondary" href="#" data-toggle="modal" data-target="#editItemModal<?php echo $item_id; ?>"><i class="fa fa-fw fa-edit"></i></a>
<a class="text-danger" href="post.php?delete_invoice_item=<?php echo $item_id; ?>"><i class="fa fa-fw fa-trash-alt"></i></a>
<?php } ?>
</td>
<td><?php echo $item_name; ?></td>
<td><div style="white-space:pre-line"><?php echo $item_description; ?></div></td>
@@ -273,13 +279,15 @@ if (isset($_GET['invoice_id'])) {
<?php
include("item_edit_modal.php");
if ($invoice_status !== "Paid" && $invoice_status !== "Cancelled") {
require("item_edit_modal.php");
}
}
?>
<tr class="d-print-none">
<tr class="d-print-none" <?php if ($invoice_status == "Paid" || $invoice_status == "Cancelled") { echo "hidden"; } ?>>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="invoice_id" value="<?php echo $invoice_id; ?>">
<td></td>
@@ -477,11 +485,9 @@ if (isset($_GET['invoice_id'])) {
include_once("invoice_edit_modal.php");
include_once("invoice_note_modal.php");
include_once("category_quick_add_modal.php");
}
}
include("footer.php");
require_once("footer.php");
?>
post.php
+1 -1
View File
@@ -2948,7 +2948,7 @@ if(isset($_GET['dismiss_all_notifications'])){
$_SESSION['alert_message'] = "$num_notifications Notifications Dismissed";
header("Location: notifications.php");
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
quote.php
+25 -13
View File
@@ -5,7 +5,9 @@ if (isset($_GET['quote_id'])) {
$quote_id = intval($_GET['quote_id']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes
$sql = mysqli_query(
$mysqli,
"SELECT * FROM quotes
LEFT JOIN clients ON quote_client_id = client_id
LEFT JOIN locations ON primary_location = location_id
LEFT JOIN contacts ON primary_contact = contact_id
@@ -13,6 +15,12 @@ if (isset($_GET['quote_id'])) {
WHERE quote_id = $quote_id"
);
if (mysqli_num_rows($sql) == 0) {
echo '<h1 class="text-secondary mt-5" style="text-align: center">Nothing to see here</h1>';
require_once("footer.php");
exit();
}
$row = mysqli_fetch_array($sql);
$quote_id = $row['quote_id'];
$quote_prefix = htmlentities($row['quote_prefix']);
@@ -57,25 +65,25 @@ if (isset($_GET['quote_id'])) {
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC");
$sql_history = mysqli_query($mysqli, "SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC");
//Set Badge color based off of quote status
if ($quote_status == "Sent") {
$quote_badge_color = "warning text-white";
}elseif ($quote_status == "Viewed") {
} elseif ($quote_status == "Viewed") {
$quote_badge_color = "primary";
}elseif ($quote_status == "Accepted") {
} elseif ($quote_status == "Accepted") {
$quote_badge_color = "success";
}elseif ($quote_status == "Declined") {
} elseif ($quote_status == "Declined") {
$quote_badge_color = "danger";
}elseif ($quote_status == "Invoiced") {
} elseif ($quote_status == "Invoiced") {
$quote_badge_color = "info";
}else{
} else {
$quote_badge_color = "secondary";
}
//Product autocomplete
$products_sql = mysqli_query($mysqli,"SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id");
$products_sql = mysqli_query($mysqli, "SELECT product_name AS label, product_description AS description, product_price AS price FROM products WHERE company_id = $session_company_id");
if (mysqli_num_rows($products_sql) > 0) {
while ($row = mysqli_fetch_array($products_sql)) {
@@ -194,7 +202,7 @@ if (isset($_GET['quote_id'])) {
</div>
</div>
<?php $sql_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id ORDER BY item_id ASC"); ?>
<?php $sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_quote_id = $quote_id ORDER BY item_id ASC"); ?>
<div class="row mb-4">
<div class="col-md-12">
@@ -235,8 +243,10 @@ if (isset($_GET['quote_id'])) {
<tr>
<td class="text-center d-print-none">
<?php if ($quote_status !== "Invoiced" && $quote_status !== "Accepted" && $quote_status !== "Declined") { ?>
<a class="text-secondary" href="#" data-toggle="modal" data-target="#editItemModal<?php echo $item_id; ?>"><i class="fa fa-fw fa-edit"></i></a>
<a class="text-danger" href="post.php?delete_quote_item=<?php echo $item_id; ?>"><i class="fa fa-fw fa-trash-alt"></i></a>
<?php } ?>
</td>
<td><?php echo $item_name; ?></td>
<td><div style="white-space:pre-line"><?php echo $item_description; ?></div></td>
@@ -248,13 +258,15 @@ if (isset($_GET['quote_id'])) {
<?php
include("item_edit_modal.php");
if ($quote_status !== "Invoiced" && $quote_status !== "Accepted" && $quote_status !== "Declined") {
require("item_edit_modal.php");
}
}
?>
<tr class="d-print-none">
<tr class="d-print-none" <?php if ($quote_status == "Invoiced" || $quote_status == "Accepted" || $quote_status == "Declined") { echo "hidden"; } ?>>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
<td></td>
@@ -267,7 +279,7 @@ if (isset($_GET['quote_id'])) {
<option value="0">None</option>
<?php
$taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC");
$taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC");
while ($row = mysqli_fetch_array($taxes_sql)) {
$tax_id = $row['tax_id'];
$tax_name = htmlentities($row['tax_name']);
@@ -556,7 +568,7 @@ require_once("footer.php");
$total_tax = 0;
$sub_total = 0;
$sql_invoice_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id ORDER BY item_id ASC");
$sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_quote_id = $quote_id ORDER BY item_id ASC");
while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_name = $row['item_name'];
setup.php
+1 -1
View File
@@ -992,7 +992,7 @@ if (isset($_POST['add_company_settings'])) {
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company_id");
$latest_database_version = LATEST_DATABASE_VERSION;
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_current_database_version = '$latest_database_version', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_recurring_auto_send_invoice = 1, config_default_net_terms = 30, config_send_invoice_reminders = 1, config_enable_cron = 0, config_ticket_next_number = 1");
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_current_database_version = '$latest_database_version', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_recurring_auto_send_invoice = 1, config_default_net_terms = 30, config_send_invoice_reminders = 1, config_enable_cron = 0, config_ticket_next_number = 1, config_ticket_prefix = 'TCK-'");
//Create Some Data