Merge branch 'master' into code-tidy

README.md

@@ -88,7 +88,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https://
 
 1. Install a LAMP stack (Linux, Apache, MariaDB, PHP)
    ```sh
-   sudo apt install git apache2 php libapache2-mod-php php-intl php-mysqli php-curl mariadb-server
+   sudo apt install git apache2 php libapache2-mod-php php-intl php-imap php-mysqli php-curl mariadb-server
    ```  
 2. Clone the repo
    ```sh

check_login.php

@@ -16,9 +16,10 @@ if (!isset($config_enable_setup) || $config_enable_setup == 1) {
   exit;
 }
 
-if (!$_SESSION['logged']) {
+// Check user is logged in with a valid session
+if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
   header("Location: login.php");
-  die;
+  exit;
 }
 
 // SESSION FINGERPRINT

client_overview.php

@@ -31,9 +31,9 @@ $sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains
 
   <!-- Notes -->
 
-  <div class="col-9">
+  <div class="col-md-9">
 
-    <div class="card card-dark mb-5 elevation-3">
+    <div class="card card-dark mb-3 elevation-3">
       <div class="card-header">
         <h5 class="card-title"><i class="fa fa-fw fa-edit mr-2"></i>Quick Notes</h5>
       </div>

client_software.php

@@ -14,6 +14,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o
 $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM software 
   LEFT JOIN logins ON login_software_id = software_id
   WHERE software_client_id = $client_id
+  AND software_template = 0
   AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%' OR software_key LIKE '%$q%') 
   ORDER BY $sb $o LIMIT $record_from, $record_to");
 
@@ -24,8 +25,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 <div class="card card-dark">
   <div class="card-header py-2">
     <h3 class="card-title mt-2"><i class="fa fa-fw fa-cube"></i> Licenses</h3>
+    <button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
+    <div class="dropdown-menu">
+      <a class="dropdown-item text-dark" href="client_software_templates.php?client_id=<?php echo $client_id; ?>">Templates</a>
+    </div>
     <div class="card-tools">
-      <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareModal"><i class="fas fa-fw fa-plus"></i> New License</button>
+      <div class="btn-group">
+        <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareModal">
+          <i class="fas fa-fw fa-plus"></i> New License
+        </button>
+        <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
+        <div class="dropdown-menu">
+          <a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#addSoftwareFromTemplateModal">From Template</a>
+        </div>
+      </div>
     </div>
   </div>
   <div class="card-body">
@@ -184,5 +197,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 </div>
 
 <?php include("client_software_add_modal.php"); ?>
+<?php include("client_software_add_from_template_modal.php"); ?>
 
 <?php include("footer.php"); ?>

client_software_add_from_template_modal.php

@@ -0,0 +1,49 @@
+<div class="modal" id="addSoftwareFromTemplateModal" tabindex="-1">
+  <div class="modal-dialog">
+    <div class="modal-content bg-dark">
+      <div class="modal-header">
+        <h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License from Template</h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+          <span>&times;</span>
+        </button>
+      </div>
+      <form action="post.php" method="post" autocomplete="off">
+        <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
+        <div class="modal-body bg-white">
+
+          <label>Template</label>
+          <div class="form-group">
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-puzzle-piece"></i></span>
+              </div>
+              <select class="form-control" name="software_template_id" required>
+                <option value="">- Select Template -</option>
+                <?php
+                $sql_software_templates = mysqli_query($mysqli,"SELECT * FROM software WHERE software_template = 1 AND company_id = $session_company_id AND software_archived_at IS NULL ORDER BY software_name ASC");
+                while($row = mysqli_fetch_array($sql_software_templates)){
+                  $software_template_id = $row['software_id'];
+                  $software_template_name = htmlentities($row['software_name']);
+
+                ?>
+                <option value="<?php echo $software_template_id ?>"><?php echo $software_template_name; ?></option>
+                <?php
+                } 
+                ?>
+                
+              </select>
+            </div>
+          </div>
+        
+        </div>
+        
+        <div class="modal-footer bg-white">
+
+          <button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
+          <button type="submit" name="add_software_from_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
+
+        </div>
+      </form>
+    </div>
+  </div>
+</div>

client_software_template_add_modal.php

@@ -0,0 +1,74 @@
+<div class="modal" id="addSoftwareTemplateModal" tabindex="-1">
+  <div class="modal-dialog">
+    <div class="modal-content bg-dark">
+      <div class="modal-header">
+        <h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License Template</h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+          <span>&times;</span>
+        </button>
+      </div>
+      <form action="post.php" method="post" autocomplete="off">
+        <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
+        <div class="modal-body bg-white">
+
+          <div class="form-group">
+            <label>Template Name <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
+              </div>
+              <input type="text" class="form-control" name="name" placeholder="Software name" required autofocus>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>Version</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
+              </div>
+              <input type="text" class="form-control" name="version" placeholder="Software version">
+            </div>
+          </div>
+          
+          <div class="form-group">
+            <label>Type <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+              </div>
+              <select class="form-control select2" name="type" required>
+                <option value="">- Type -</option>
+                <?php foreach($software_types_array as $software_type) { ?>
+                <option><?php echo $software_type; ?></option>
+                <?php } ?>
+              </select> 
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>License Type</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
+              </div>
+              <select class="form-control select2" name="license_type">
+                <option value="">- Select a License Type -</option>
+                <?php foreach($license_types_array as $license_type) { ?>
+                <option><?php echo $license_type; ?></option>
+                <?php } ?>
+              </select> 
+            </div>
+          </div>
+
+          <textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes"></textarea>
+
+        </div>
+        <div class="modal-footer bg-white">
+          <button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
+          <button type="submit" name="add_software_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create Template</button>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>

client_software_template_edit_modal.php

@@ -0,0 +1,73 @@
+<div class="modal" id="editSoftwareTemplateModal<?php echo $software_id; ?>" tabindex="-1">
+  <div class="modal-dialog">
+    <div class="modal-content bg-dark">
+      <div class="modal-header">
+        <h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> Editing template: <strong><?php echo $software_name; ?></strong></h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+          <span>&times;</span>
+        </button>
+      </div>
+      <form action="post.php" method="post" autocomplete="off">
+        <input type="hidden" name="software_id" value="<?php echo $software_id; ?>">
+        <div class="modal-body bg-white">    
+
+          <div class="form-group">
+            <label>Template Name <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
+              </div>
+              <input type="text" class="form-control" name="name" placeholder="Software name" value="<?php echo $software_name; ?>" required>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>Version</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
+              </div>
+              <input type="text" class="form-control" name="version" placeholder="Software version" value="<?php echo $software_version; ?>">
+            </div>
+          </div>
+          
+          <div class="form-group">
+            <label>Type <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+              </div>
+              <select class="form-control select2" name="type" required>
+                <?php foreach($software_types_array as $software_type_select) { ?>
+                <option <?php if($software_type == $software_type_select) { echo "selected"; } ?>><?php echo $software_type_select; ?></option>
+                <?php } ?>
+              </select>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>License Type</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
+              </div>
+              <select class="form-control select2" name="license_type">
+                <option value="">- Select a License Type -</option>
+                <?php foreach($license_types_array as $license_type_select) { ?>
+                <option <?php if($license_type_select == $software_license_type){ echo "selected"; } ?>><?php echo $license_type_select; ?></option>
+                <?php } ?>
+              </select> 
+            </div>
+          </div>
+          
+          <textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes"><?php echo $software_notes; ?></textarea>
+
+        </div>
+        <div class="modal-footer bg-white">
+          <button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
+          <button type="submit" name="edit_software_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save Template</button>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>

client_software_templates.php

@@ -0,0 +1,119 @@
+<?php include("inc_all_client.php"); ?>
+
+<?php 
+
+if(!empty($_GET['sb'])){
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
+}else{
+  $sb = "software_name";
+}
+
+//Rebuild URL
+$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
+
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM software 
+  LEFT JOIN logins ON login_software_id = software_id
+  WHERE software_template = 1 
+  AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%' OR software_key LIKE '%$q%') 
+  ORDER BY $sb $o LIMIT $record_from, $record_to");
+
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+
+?>
+
+<div class="card card-dark">
+  <div class="card-header py-2">
+    <h3 class="card-title mt-2"><i class="fa fa-fw fa-cube"></i> Licenses Templates</h3>
+    <button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
+    <div class="dropdown-menu">
+      <a class="dropdown-item text-dark" href="client_software.php?client_id=<?php echo $client_id; ?>">Licenses</a>
+    </div>
+    <div class="card-tools">
+      <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareTemplateModal"><i class="fas fa-fw fa-plus"></i> New Template</button>
+    </div>
+  </div>
+  <div class="card-body">
+    <form autocomplete="off">
+      <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
+      <div class="row">
+        
+        <div class="col-md-4">
+          <div class="input-group mb-3 mb-md-0">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Licenses">
+            <div class="input-group-append">
+              <button class="btn btn-dark"><i class="fa fa-search"></i></button>
+            </div>
+          </div>
+        </div>
+
+        <div class="col-md-8">
+        </div>
+
+      </div>
+    </form>
+    <hr>
+    <div class="table-responsive">
+      <table class="table table-striped table-borderless table-hover">
+        <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
+          <tr>
+            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_name&o=<?php echo $disp; ?>">Template</a></th>
+            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_type&o=<?php echo $disp; ?>">Type</a></th>
+            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_license_type&o=<?php echo $disp; ?>">License Type</a></th>
+            <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_seats&o=<?php echo $disp; ?>">Seats</a></th>
+            <th class="text-center">Action</th>
+          </tr>
+        </thead>
+        <tbody>
+          <?php
+    
+          while($row = mysqli_fetch_array($sql)){    
+            $software_id = $row['software_id'];
+            $software_name = htmlentities($row['software_name']);
+            $software_version = htmlentities($row['software_version']);
+            $software_type = htmlentities($row['software_type']);
+            $software_license_type = htmlentities($row['software_license_type']);
+            $software_key = htmlentities($row['software_key']);
+            $software_seats = htmlentities($row['software_seats']);
+            $software_purchase = $row['software_purchase'];
+            $software_expire = $row['software_expire'];
+            $software_notes = htmlentities($row['software_notes']);
+
+          ?>
+          <tr>
+            <td><a class="text-dark" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>"><?php echo "$software_name<br><span class='text-secondary'>$software_version</span>"; ?></a></td>
+            <td><?php echo $software_type; ?></td>
+            <td><?php echo $software_license_type; ?></td>
+            <td><?php echo "$software_seats"; ?></td>
+            <td>
+              <div class="dropdown dropleft text-center">
+                <button class="btn btn-secondary btn-sm" data-toggle="dropdown">
+                  <i class="fas fa-ellipsis-h"></i>
+                </button>
+                <div class="dropdown-menu">
+                  <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>">Edit</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
+                  <?php } ?>
+                </div>
+              </div> 
+            </td>
+          </tr>
+
+          <?php
+
+          include("client_software_template_edit_modal.php");
+          }
+          
+          ?>
+
+        </tbody>
+      </table>      
+    </div>
+    <?php include("pagination.php"); ?>
+  </div>
+</div>
+
+<?php include("client_software_template_add_modal.php"); ?>
+
+<?php include("footer.php"); ?>

cron.php

@@ -8,7 +8,7 @@
 
 $sql_companies = mysqli_query($mysqli,"SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id");
 
-while ($row = mysqli_fetch_array($sql_companies)) {
+while($row = mysqli_fetch_array($sql_companies)){
     $company_id = $row['company_id'];
     $company_name = $row['company_name'];
     $company_phone = formatPhoneNumber($row['company_phone']);
@@ -32,11 +32,13 @@ while ($row = mysqli_fetch_array($sql_companies)) {
     // Tickets
     $config_ticket_prefix = $row['config_ticket_prefix'];
     $config_ticket_next_number = $row['config_ticket_next_number'];
+    $config_ticket_from_name = $row['config_ticket_from_name'];
+    $config_ticket_from_email = $row['config_ticket_from_email'];
 
     // Set Currency Format
     $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
 
-  if ($config_enable_cron == 1) {
+    if($config_enable_cron == 1){
 
         //Logging
         mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Cron', log_action = 'Started', log_description = 'Cron started for $company_name', company_id = $company_id");
@@ -47,7 +49,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
 
         $domainAlertArray = [1,7,14,30,90,120];
 
-    foreach($domainAlertArray as $day) {
+        foreach($domainAlertArray as $day){
 
             //Get Domains Expiring
             $sql = mysqli_query($mysqli,"SELECT * FROM domains
@@ -56,7 +58,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
         AND domains.company_id = $company_id"
             );
 
-      while ($row = mysqli_fetch_array($sql)) {
+            while($row = mysqli_fetch_array($sql)){
                 $domain_id = $row['domain_id'];
                 $domain_name = mysqli_real_escape_string($mysqli,$row['domain_name']);
                 $domain_expire = $row['domain_expire'];
@@ -73,7 +75,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
 
         $certificateAlertArray = [1,7,14,30,90,120];
 
-    foreach($certificateAlertArray as $day) {
+        foreach($certificateAlertArray as $day){
 
             //Get Certs Expiring
             $sql = mysqli_query($mysqli,"SELECT * FROM certificates
@@ -82,7 +84,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
         AND certificates.company_id = $company_id"
             );
 
-      while ($row = mysqli_fetch_array($sql)) {
+            while($row = mysqli_fetch_array($sql)){
                 $certificate_id = $row['certificate_id'];
                 $certificate_name = mysqli_real_escape_string($mysqli,$row['certificate_name']);
                 $certificate_domain = $row['certificate_domain'];
@@ -100,7 +102,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
 
         $warranty_alert_array = [1,7,14,30,90,120];
 
-    foreach($warranty_alert_array as $day) {
+        foreach($warranty_alert_array as $day){
 
             //Get Asset Warranty Expiring
             $sql = mysqli_query($mysqli,"SELECT * FROM assets 
@@ -109,7 +111,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
         AND assets.company_id = $company_id"
             );
 
-      while ($row = mysqli_fetch_array($sql)) {
+            while($row = mysqli_fetch_array($sql)){
                 $asset_id = $row['asset_id'];
                 $asset_name = mysqli_real_escape_string($mysqli,$row['asset_name']);
                 $asset_warranty_expire = $row['asset_warranty_expire'];
@@ -131,8 +133,8 @@ while ($row = mysqli_fetch_array($sql_companies)) {
         // Get scheduled tickets for today
         $sql_scheduled_tickets = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets WHERE scheduled_ticket_next_run = '$today_text'");
 
-    if (mysqli_num_rows($sql_scheduled_tickets) > 0) {
+        if(mysqli_num_rows($sql_scheduled_tickets) > 0){
-      while ($row = mysqli_fetch_array($sql_scheduled_tickets)) {
+            while($row = mysqli_fetch_array($sql_scheduled_tickets)){
                 $schedule_id = $row['scheduled_ticket_id'];
                 $subject = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_subject']);
                 $details = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_details']);
@@ -151,29 +153,67 @@ while ($row = mysqli_fetch_array($sql_companies)) {
 
                 // Raise the ticket
                 mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = $created_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, company_id = $company_id");
+                $id = mysqli_insert_id($mysqli);
 
                 // Logging
                 mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'System created scheduled $frequency ticket - $subject', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id, log_user_id = $created_id");
 
+                // E-mail client
+                if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
+
+                    // Get contact/ticket/company details
+                    $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets 
+                      LEFT JOIN clients ON ticket_client_id = client_id 
+                      LEFT JOIN contacts ON ticket_contact_id = contact_id
+                      LEFT JOIN companies ON tickets.company_id = companies.company_id
+                      WHERE ticket_id = $id AND tickets.company_id = $company_id");
+                    $row = mysqli_fetch_array($sql);
+
+                    $contact_name = $row['contact_name'];
+                    $contact_email = $row['contact_email'];
+                    $ticket_prefix = $row['ticket_prefix'];
+                    $ticket_number = $row['ticket_number'];
+                    $ticket_subject = $row['ticket_subject'];
+                    $company_phone = formatPhoneNumber($row['company_phone']);
+
+                    // Verify contact email is valid
+                    if(filter_var($contact_email, FILTER_VALIDATE_EMAIL)){
+
+                        $subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject (scheduled)";
+                        $body    = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$ticket_subject\" has been automatically created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
+
+                        $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+                            $config_ticket_from_email, $config_ticket_from_name,
+                            $contact_email, $contact_name,
+                            $subject, $body);
+
+                        if ($mail !== true) {
+                            mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', notification_timestamp = NOW(), company_id = $company_id");
+                            mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail',  company_id = $company_id");
+                        }
+
+                    }
+                }
+
                 // Set the next run date
-        if ($frequency == "weekly") {
+                if($frequency == "weekly"){
                     // Note: We seemingly have to initialize a new datetime for each loop to avoid stacking the dates
                     $now = new DateTime();
                     $next_run = date_add($now, date_interval_create_from_date_string('1 week'));
                 }
-        elseif ($frequency == "monthly") {
+                elseif($frequency == "monthly"){
                     $now = new DateTime();
                     $next_run = date_add($now, date_interval_create_from_date_string('1 month'));
                 }
-        elseif ($frequency == "quarterly") {
+                elseif($frequency == "quarterly"){
                     $now = new DateTime();
                     $next_run = date_add($now, date_interval_create_from_date_string('3 months'));
                 }
-        elseif ($frequency == "biannually") {
+                elseif($frequency == "biannually"){
                     $now = new DateTime();
                     $next_run = date_add($now, date_interval_create_from_date_string('6 months'));
                 }
-        elseif ($frequency == "annually") {
+                elseif($frequency == "annually"){
                     $now = new DateTime();
                     $next_run = date_add($now, date_interval_create_from_date_string('12 months'));
                 }
@@ -201,7 +241,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
         //$invoiceAlertArray = [$config_invoice_overdue_reminders];
         $invoiceAlertArray = [30,60,90,120,150,180,210,240,270,300,330,360,390,420,450,480,510,540,570,590,620];
 
-    foreach($invoiceAlertArray as $day) {
+        foreach($invoiceAlertArray as $day){
 
             $sql = mysqli_query($mysqli,"SELECT * FROM invoices
         LEFT JOIN clients ON invoice_client_id = client_id
@@ -214,7 +254,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
         ORDER BY invoice_number DESC"
             );
 
-      while ($row = mysqli_fetch_array($sql)) {
+            while($row = mysqli_fetch_array($sql)){
                 $invoice_id = $row['invoice_id'];
                 $invoice_prefix = $row['invoice_prefix'];
                 $invoice_number = $row['invoice_number'];
@@ -254,12 +294,12 @@ while ($row = mysqli_fetch_array($sql_companies)) {
 
         }
 
-    //Send Recurring Invoices that match today's date and are active
+        //Send Recurring Invoices that match todays date and are active
 
         //Loop through all recurring that match today's date and is active
         $sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id");
 
-    while ($row = mysqli_fetch_array($sql_recurring)) {
+        while($row = mysqli_fetch_array($sql_recurring)){
             $recurring_id = $row['recurring_id'];
             $recurring_scope = $row['recurring_scope'];
             $recurring_frequency = $row['recurring_frequency'];
@@ -294,10 +334,10 @@ while ($row = mysqli_fetch_array($sql_companies)) {
             //Copy Items from original recurring invoice to new invoice
             $sql_invoice_items = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_id = $recurring_id ORDER BY item_id ASC");
 
-      while ($row = mysqli_fetch_array($sql_invoice_items)) {
+            while($row = mysqli_fetch_array($sql_invoice_items)){
                 $item_id = $row['item_id'];
-        $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape in case of ,
+                $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape incase of ,
-        $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape in case of ,
+                $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape incase of ,
                 $item_quantity = $row['item_quantity'];
                 $item_price = $row['item_price'];
                 $item_subtotal = $row['item_subtotal'];
@@ -318,7 +358,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
 
             mysqli_query($mysqli,"UPDATE recurring SET recurring_last_sent = CURDATE(), recurring_next_date = DATE_ADD(CURDATE(), INTERVAL 1 $recurring_frequency), recurring_updated_at = NOW() WHERE recurring_id = $recurring_id");
 
-      if ($config_recurring_auto_send_invoice == 1) {
+            if($config_recurring_auto_send_invoice == 1){
                 $sql = mysqli_query($mysqli,"SELECT * FROM invoices
           LEFT JOIN clients ON invoice_client_id = client_id
           LEFT JOIN contacts ON contact_id = primary_contact

cron_ticket_email_parser.php

@@ -63,7 +63,7 @@ if ($emails) {
     foreach($emails as $email) {
 
         // Get message details
-    $metadata = imap_fetch_overview($imap, $email); // Date, Subject, Size
+        $metadata = imap_fetch_overview($imap, $email,0); // Date, Subject, Size
         $header = imap_headerinfo($imap, $email); // To get the From as an email, not a contact name
         $message = imap_fetchbody($imap, $email, 1); // Body
 
@@ -172,6 +172,7 @@ if ($emails) {
 
 
                 // E-mail client notification that ticket has been created
+                if ($config_ticket_client_general_notifications == 1) {
 
                     $email_subject = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject";
                     $email_body    = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.<br><br>Ticket: $config_ticket_prefix$ticket_number<br>Subject: $subject<br>Status: Open<br>https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
@@ -186,6 +187,7 @@ if ($emails) {
                         mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $session_company_id");
                     }
 
+                }
 
 
             } else {

database_updates.php

@@ -7,17 +7,17 @@
 
 // Check if our database versions are defined
 // If undefined, the file is probably being accessed directly rather than called via post.php?update_db
-if (!defined("LATEST_DATABASE_VERSION") || !defined("CURRENT_DATABASE_VERSION") || !isset($mysqli)) {
+if(!defined("LATEST_DATABASE_VERSION") || !defined("CURRENT_DATABASE_VERSION") || !isset($mysqli)){
     echo "Cannot access this file directly.";
     exit();
 }
 
 // Check if we need an update
-if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
+if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
 
     // We need updates!
 
-  if (CURRENT_DATABASE_VERSION == '0.0.1') {
+    if(CURRENT_DATABASE_VERSION == '0.0.1'){
         // Insert queries here required to update to DB version 0.0.2
 
         mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_itdoc` TINYINT(1) DEFAULT 1 AFTER `config_backup_path`");
@@ -28,7 +28,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.2'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.2') {
+    if(CURRENT_DATABASE_VERSION == '0.0.2'){
         // Insert queries here required to update to DB version 0.0.3
 
         // Add document content raw column & index
@@ -36,7 +36,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
 
         // Populate content raw column with existing document data
         $documents_sql = mysqli_query($mysqli, "SELECT * FROM `documents`");
-    while ($row = mysqli_fetch_array($documents_sql)) {
+        while($row = mysqli_fetch_array($documents_sql)){
             $id = $row['document_id'];
             $name = $row['document_name'];
             $content = $row['document_content'];
@@ -52,7 +52,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.3'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.3') {
+    if(CURRENT_DATABASE_VERSION == '0.0.3'){
         // Insert queries here required to update to DB version 0.0.4
         // mysqli_query($mysqli, "ALTER TABLE .....");
 
@@ -151,7 +151,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
 
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.4') {
+    if(CURRENT_DATABASE_VERSION == '0.0.4'){
         // Queries here required to update to DB version 0.0.5
 
         mysqli_query($mysqli, "ALTER TABLE `assets` DROP `asset_meshcentral_id`;");
@@ -162,7 +162,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.5'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.5') {
+    if(CURRENT_DATABASE_VERSION == '0.0.5'){
         // Insert queries here required to update to DB version 0.0.6
 
         mysqli_query($mysqli, "UPDATE documents SET document_folder_id = 0");
@@ -175,7 +175,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.6'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.6') {
+    if(CURRENT_DATABASE_VERSION == '0.0.6'){
         // Insert queries here required to update to DB version 0.0.7
         mysqli_query($mysqli, "ALTER TABLE contacts ADD contact_department VARCHAR(200) NULL AFTER contact_title");
         mysqli_query($mysqli, "DROP TABLE departments");
@@ -184,7 +184,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.7'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.7') {
+    if(CURRENT_DATABASE_VERSION == '0.0.7'){
         // Insert queries here required to update to DB version 0.0.8
 
         // Add contact_department column to tables without it (fresh installs) - this will cause an error if it already exists so catch and discard it
@@ -198,7 +198,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.8'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.8') {
+    if(CURRENT_DATABASE_VERSION == '0.0.8'){
         // Insert queries here required to update to DB version 0.0.9
 
         mysqli_query($mysqli, "ALTER TABLE `revenues` CHANGE `revenue_created_at` `revenue_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, CHANGE `revenue_updated_at` `revenue_updated_at` DATETIME on update CURRENT_TIMESTAMP NULL DEFAULT NULL; ");
@@ -207,7 +207,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.9'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.0.9') {
+    if(CURRENT_DATABASE_VERSION == '0.0.9'){
         // Insert queries here required to update to DB version 0.0.9
         // Remove unused tables
         mysqli_query($mysqli, "DROP TABLE contracts");
@@ -221,7 +221,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.0'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.0') {
+    if(CURRENT_DATABASE_VERSION == '0.1.0'){
         // Insert queries here required to update to DB version 0.1.1
         // Logs don't get archived
         mysqli_query($mysqli, "ALTER TABLE `logs` DROP `log_archived_at`");
@@ -241,9 +241,9 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.1'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.1') {
+    if(CURRENT_DATABASE_VERSION == '0.1.1'){
         // Insert queries here required to update to DB version 0.1.2
-    // Create Many-to-Many Relationship tables for Assets, Contacts, Software and Vendors
+        // Create Many to Many Relationship tables for Assets, Contacts, Software and Vendors
 
         mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))");
         mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))");
@@ -265,7 +265,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.2'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.2') {
+    if(CURRENT_DATABASE_VERSION == '0.1.2'){
         // Insert queries here required to update to DB version 0.1.3
         mysqli_query($mysqli, "ALTER TABLE `logs` ADD `log_entity_id` INT NOT NULL DEFAULT '0' AFTER `log_user_id`");
 
@@ -273,7 +273,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.3'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.3') {
+    if(CURRENT_DATABASE_VERSION == '0.1.3'){
         // Insert queries here required to update to DB version 0.1.4
         mysqli_query($mysqli, "ALTER TABLE assets ADD asset_status VARCHAR(200) NULL AFTER asset_mac");
 
@@ -281,7 +281,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.4'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.4') {
+    if(CURRENT_DATABASE_VERSION == '0.1.4'){
         // Insert queries here required to update to DB version 0.1.5
         mysqli_query($mysqli, "ALTER TABLE `domains` ADD `domain_txt` TEXT NULL DEFAULT NULL AFTER `domain_mail_servers`");
 
@@ -289,7 +289,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.5'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.5') {
+    if(CURRENT_DATABASE_VERSION == '0.1.5'){
         // Insert queries here required to update to DB version 0.1.6
         // Remove Mailing List Tables
         mysqli_query($mysqli, "DROP TABLE campaigns");
@@ -299,7 +299,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.6'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.6') {
+    if(CURRENT_DATABASE_VERSION == '0.1.6'){
         // Insert queries here required to update to DB version 0.1.7
         //Remove custom links
         mysqli_query($mysqli, "DROP TABLE custom_links");
@@ -307,7 +307,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.7'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.7') {
+    if(CURRENT_DATABASE_VERSION == '0.1.7'){
         // Insert queries here required to update to DB version 0.1.8
         mysqli_query($mysqli, "ALTER TABLE `settings` DROP `config_backup_enable`");
         mysqli_query($mysqli, "ALTER TABLE `settings` DROP `config_backup_path`");
@@ -316,14 +316,14 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.8'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.8') {
+    if(CURRENT_DATABASE_VERSION == '0.1.8'){
         // Insert queries here required to update to DB version 0.1.9
         mysqli_query($mysqli, "ALTER TABLE `settings` DROP `config_base_url`");
         // Then, update the database to the next sequential version
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.1.9'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.1.9') {
+    if(CURRENT_DATABASE_VERSION == '0.1.9'){
         // Insert queries here required to update to DB version 0.2.0
         // Allow contacts to reset their portal password
         mysqli_query($mysqli, "ALTER TABLE contacts ADD contact_password_reset_token VARCHAR(200) NULL DEFAULT NULL AFTER contact_password_hash");
@@ -332,7 +332,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.0'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.0') {
+    if(CURRENT_DATABASE_VERSION == '0.2.0'){
         //Insert queries here required to update to DB version 0.2.1
 
         mysqli_query($mysqli, "ALTER TABLE `vendors` 
@@ -369,7 +369,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.1'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.1') {
+    if(CURRENT_DATABASE_VERSION == '0.2.1'){
         // Insert queries here required to update to DB version 0.2.2
         mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_ticket_email_parse` INT(1) NOT NULL DEFAULT '0' AFTER `config_ticket_from_email`");
         mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_imap_host` VARCHAR(200) NULL DEFAULT NULL AFTER `config_mail_from_name`, ADD `config_imap_port` INT(5) NULL DEFAULT NULL AFTER `config_imap_host`, ADD `config_imap_encryption` VARCHAR(200) NULL DEFAULT NULL AFTER `config_imap_port`;");
@@ -378,7 +378,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.2'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.2') {
+    if(CURRENT_DATABASE_VERSION == '0.2.2'){
         // Insert queries here required to update to DB version 0.2.3
 
         // Add contact_important field to those who don't have it (installed before March 2022)
@@ -392,7 +392,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.3'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.3') {
+    if(CURRENT_DATABASE_VERSION == '0.2.3'){
 
         //Create New interfaces Table
         mysqli_query($mysqli, "CREATE TABLE `interfaces` (`interface_id` int(11) AUTO_INCREMENT PRIMARY KEY,
@@ -413,18 +413,18 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
 
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.4') {
+    if(CURRENT_DATABASE_VERSION == '0.2.4'){
         mysqli_query($mysqli, "CREATE TABLE `contact_assets` (`contact_id` int(11) NOT NULL,`asset_id` int(11) NOT NULL, PRIMARY KEY (`contact_id`,`asset_id`))");
 
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.5'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.5') {
+    if(CURRENT_DATABASE_VERSION == '0.2.5'){
         mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_status` TINYINT(1) DEFAULT 1 AFTER `user_password`");
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.6'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.6') {
+    if(CURRENT_DATABASE_VERSION == '0.2.6'){
         // Insert queries here required to update to DB version 0.2.7
         mysqli_query($mysqli, "ALTER TABLE `contacts` ADD `contact_token_expire` DATETIME NULL DEFAULT NULL AFTER `contact_password_reset_token`");
 
@@ -436,7 +436,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.7'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.7') {
+    if(CURRENT_DATABASE_VERSION == '0.2.7'){
 
         mysqli_query($mysqli, "ALTER TABLE `vendors` ADD `vendor_template` TINYINT(1) DEFAULT 0 AFTER `vendor_notes`");
         mysqli_query($mysqli, "ALTER TABLE `software` ADD `software_template` TINYINT(1) DEFAULT 0 AFTER `software_notes`");
@@ -446,21 +446,35 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.8'");
     }
 
-  if (CURRENT_DATABASE_VERSION == '0.2.8') {
+    if(CURRENT_DATABASE_VERSION == '0.2.8'){
 
         mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_theme` VARCHAR(200) DEFAULT 'blue' AFTER `config_module_enable_ticketing`");
 
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.9'");
     }
 
-//if (CURRENT_DATABASE_VERSION == '0.2.9') {
+    if(CURRENT_DATABASE_VERSION == '0.2.9'){
-  // Insert queries here required to update to DB version 0.3.0
+
+        mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_ticket_client_general_notifications` INT(1) NOT NULL DEFAULT '1' AFTER `config_ticket_email_parse`");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.0'");
+    }
+
+    if(CURRENT_DATABASE_VERSION == '0.3.0'){
+        mysqli_query($mysqli, "ALTER TABLE `notifications` ADD `notification_user_id` TINYINT(1) DEFAULT 0 AFTER `notification_client_id`");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.1'");
+    }
+
+    
+    //if(CURRENT_DATABASE_VERSION == '0.3.1'){
+    // Insert queries here required to update to DB version 0.3.2
 
     // Then, update the database to the next sequential version
-  // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.0'");
+    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.2'");
     //}
 
 
-}else{
+} else {
     // Up-to-date
 }

database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "0.2.9");
+DEFINE("LATEST_DATABASE_VERSION", "0.3.1");

db.sql

@@ -722,6 +722,7 @@ CREATE TABLE `notifications` (
   `notification_dismissed_at` datetime DEFAULT NULL,
   `notification_dismissed_by` int(11) DEFAULT NULL,
   `notification_client_id` int(11) DEFAULT NULL,
+  `notification_user_id` tinyint(1) DEFAULT 0,
   `company_id` int(11) NOT NULL,
   PRIMARY KEY (`notification_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@@ -1066,6 +1067,7 @@ CREATE TABLE `settings` (
   `config_ticket_from_name` varchar(200) DEFAULT NULL,
   `config_ticket_from_email` varchar(200) DEFAULT NULL,
   `config_ticket_email_parse` int(1) NOT NULL DEFAULT 0,
+  `config_ticket_client_general_notifications` int(1) NOT NULL DEFAULT 1,
   `config_enable_cron` tinyint(1) DEFAULT NULL,
   `config_recurring_auto_send_invoice` tinyint(1) DEFAULT NULL,
   `config_enable_alert_domain_expire` tinyint(1) DEFAULT NULL,
@@ -1079,6 +1081,7 @@ CREATE TABLE `settings` (
   `config_module_enable_itdoc` tinyint(1) NOT NULL DEFAULT 1,
   `config_module_enable_accounting` tinyint(1) NOT NULL DEFAULT 1,
   `config_module_enable_ticketing` tinyint(1) NOT NULL DEFAULT 1,
+  `config_theme` varchar(200) DEFAULT 'blue',
   PRIMARY KEY (`company_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
@@ -1516,4 +1519,4 @@ CREATE TABLE `vendors` (
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2023-01-18 20:12:49
+-- Dump completed on 2023-01-22 20:00:27

functions.php

@@ -87,7 +87,6 @@ function get_ip() {
 }
 
 function get_web_browser($user_browser) {
-  //$user_agent = $log_user_agent;
   $browser        =   "Unknown Browser";
   $browser_array  =   array(
     '/msie/i'       =>  "<i class='fab fa-fw fa-internet-explorer text-secondary'></i> Internet Explorer",

get_settings.php

@@ -58,6 +58,7 @@ $config_ticket_next_number = $row['config_ticket_next_number'];
 $config_ticket_from_name = $row['config_ticket_from_name'];
 $config_ticket_from_email = $row['config_ticket_from_email'];
 $config_ticket_email_parse = $row['config_ticket_email_parse'];
+$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications'];
 
 // Alerts
 $config_enable_cron = $row['config_enable_cron'];

guest_view_invoice.php

@@ -68,8 +68,10 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
     $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
 
     $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
-    $os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
+    
-    $browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
+    $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+    $os = strip_tags(mysqli_real_escape_string($mysqli,get_os($session_user_agent)));
+    $browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser($session_user_agent)));
 
     //Set Badge color based off of invoice status
     if ($invoice_status == "Sent") {

guest_view_quote.php

@@ -64,10 +64,11 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
     //Set Currency Format
   	$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
 
-    $ip = get_ip();
+    $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
-    $os = get_os();
+    
-    $browser = get_web_browser();
+    $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
-    $device = get_device();
+    $os = strip_tags(mysqli_real_escape_string($mysqli,get_os($session_user_agent)));
+    $browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser($session_user_agent)));
 
     //Update status to Viewed only if invoice_status = "Sent" 
     if ($quote_status == 'Sent') {
@@ -75,11 +76,11 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
     }
 
     //Mark viewed in history
-    mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser - $device', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
 
     //Prevent SQL Error if client_name has ' in their name example Bill's Market
     $client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']);
-    mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser - $device', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
 
   ?>
 

inc_client_top_head.php

@@ -6,7 +6,7 @@ $location_phone = formatPhoneNumber($location_phone);
 
 ?>
 
-<div class="card mb-3">
+<div class="card">
   <div class="card-body">
     <div class="row">
       <div class="col-md">

login.php

@@ -5,13 +5,41 @@ if (!file_exists('config.php')) {
     exit;
 }
 
-include("config.php");
+require_once("config.php");
-include("functions.php");
+require_once("functions.php");
+require_once("rfc6238.php");
 
 // IP & User Agent for logging
 $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
 $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
 
+// Block brute force password attacks - check recent failed login attempts for this IP
+//  Block access if more than 15 failed login attempts have happened in the last 10 minutes
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)"));
+$failed_login_count = $row['failed_login_count'];
+
+if ($failed_login_count >= 15) {
+
+    // Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Blocked', log_description = '$ip was blocked access to login due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
+
+    // Inform user & quit processing page
+    exit("<h2>$config_app_name</h2>Your IP address has been blocked due to repeated failed login attempts. Please try again later. <br><br>This action has been logged.");
+}
+
+// Query Settings for "default" company (as companies are being removed shortly)
+$sql_settings = mysqli_query($mysqli,"SELECT * FROM settings WHERE company_id = 1");
+$row = mysqli_fetch_array($sql_settings);
+
+// Mail
+$config_smtp_host = $row['config_smtp_host'];
+$config_smtp_port = $row['config_smtp_port'];
+$config_smtp_encryption = $row['config_smtp_encryption'];
+$config_smtp_username = $row['config_smtp_username'];
+$config_smtp_password = $row['config_smtp_password'];
+$config_mail_from_email = $row['config_mail_from_email'];
+$config_mail_from_name = $row['config_mail_from_name'];
+
 // HTTP-Only cookies
 ini_set("session.cookie_httponly", True);
 
@@ -26,45 +54,67 @@ if (isset($_POST['login'])) {
     // Sessions should start after the user has POSTed data
     session_start();
 
-    // Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
-    $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
-    $failed_login_count = $row['failed_login_count'];
-
-    // Login brute force check
-    if ($failed_login_count >= 10) {
-
-        // Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
-
-        // Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company)
-        if ($failed_login_count == 10) {
-            mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'");
-        }
-
-        // Inform user
-        $response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>';
-
-    } else {
     // Passed login brute force check
     $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
     $password = $_POST['password'];
+
+    $current_code = 0; // Default value
     if (isset($_POST['current_code'])) {
         $current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
     }
 
     $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
+
+    // Check password
     if ($row && password_verify($password, $row['user_password'])) {
 
-            // User variables
+        // User password correct (partial login)
-            $token = $row['user_token'];
+
+        // Set temporary user variables
         $user_name = strip_tags(mysqli_real_escape_string($mysqli, $row['user_name']));
         $user_id = $row['user_id'];
+        $user_email = $row['user_email'];
+        $token = $row['user_token'];
+
+        // Checking for user 2FA
+        if (empty($token) || TokenAuth6238::verify($token, $current_code)) {
+
+            // FULL LOGIN SUCCESS - 2FA not configured or was successful
+
+            // Check this login isn't suspicious
+            $sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ip_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_ip = '$ip' AND log_user_id = '$user_id'"));
+            $ip_previous_logins = $sql_ip_prev_logins['ip_previous_logins'];
+
+            $sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ua_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_user_agent = '$user_agent' AND log_user_id = '$user_id'"));
+            $ua_prev_logins = $sql_ua_prev_logins['ua_previous_logins'];
+
+            // Notify if both the user agent and IP are different
+            if (!empty($config_smtp_host) && $ip_previous_logins == 0 && $ua_prev_logins == 0) {
+                $subject = "$config_app_name new login for $user_name";
+                $body = "Hi $user_name, <br><br>A recent successful login to your $config_app_name account was considered a little unusual. If this was you, you can safely ignore this email!<br><br>IP Address: $ip<br> User Agent: $user_agent <br><br>If you did not perform this login, your credentials may be compromised. <br><br>Thanks, <br>ITFlow";
+
+                $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+                    $config_mail_from_email, $config_mail_from_name,
+                    $user_email, $user_name,
+                    $subject, $body);
+            }
+
+
+            // Determine whether 2FA was used (for logs)
+            $extended_log = ''; // Default value
+            if ($current_code !== 0 ) {
+                $extended_log = 'with 2FA';
+            }
+
+            // Logging successful login
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in $extended_log', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
 
             // Session info
             $_SESSION['user_id'] = $user_id;
             $_SESSION['user_name'] = $user_name;
             $_SESSION['user_role'] = $row['user_role'];
             $_SESSION['csrf_token'] = bin2hex(random_bytes(78));
+            $_SESSION['logged'] = TRUE;
 
             // Setup encryption session key
             if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
@@ -84,12 +134,6 @@ if (isset($_POST['login'])) {
                 }
             }
 
-            if (empty($token)) {
-                // Full Login successful
-
-                $_SESSION['logged'] = TRUE;
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
-
             // Show start page/dashboard depending on role
             if ($row['user_role'] == 2) {
                 header("Location: dashboard_technical.php");
@@ -97,11 +141,15 @@ if (isset($_POST['login'])) {
                 header("Location: dashboard_financial.php");
             }
 
-            } else {
-                // Prompt for MFA
 
-                $token_field = "<div class='input-group mb-3'>
+        } else {
-                <input type='text' class='form-control' placeholder='Token' name='current_code' autofocus>
+
+            // MFA is configured and needs to be confirmed, or was unsuccessful
+
+            // HTML code for the token input field
+            $token_field = "
+                    <div class='input-group mb-3'>
+                        <input type='text' class='form-control' placeholder='2FA Token' name='current_code' required autofocus>
                         <div class='input-group-append'>
                           <div class='input-group-text'>
                             <span class='fas fa-key'></span>
@@ -109,42 +157,43 @@ if (isset($_POST['login'])) {
                         </div>
                       </div>";
 
-                require_once("rfc6238.php");
+            // Log/notify if MFA was unsuccessful
+            if ($current_code !== 0) {
 
-                if (TokenAuth6238::verify($token, $current_code)) {
+                // Logging
-                    // Full login (with MFA) successful
-                    $_SESSION['logged'] = TRUE;
-                    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
-
-                    // Show start page/dashboard depending on role
-                    if ($row['user_role'] == 2) {
-                        header("Location: dashboard_technical.php");
-                    } else {
-                        header("Location: dashboard_financial.php");
-                    }
-
-                } else {
                 mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
 
+                // Email the tech to advise their credentials may be compromised
+                if (!empty($config_smtp_host)) {
+                    $subject = "Important: $config_app_name failed 2FA login attempt for $user_name";
+                    $body = "Hi $user_name, <br><br>A recent login to your $config_app_name account was unsuccessful due to an incorrect 2FA code. If you did not attempt this login, your credentials may be compromised. <br><br>Thanks, <br>ITFlow";
+
+                    $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+                        $config_mail_from_email, $config_mail_from_name,
+                        $user_email, $user_name,
+                        $subject, $body);
+                }
+
+                // HTML feedback for incorrect 2FA code
                 $response = "
-              <div class='alert alert-primary'>
+                      <div class='alert alert-warning'>
                         Please Enter 2FA Key!
                         <button class='close' data-dismiss='alert'>&times;</button>
-              </div>
+                      </div>";
-            ";
             }
         }
 
     } else {
+
+        // Password incorrect or user doesn't exist - show generic error
+
         mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
 
         $response = "
               <div class='alert alert-danger'>
                 Incorrect username or password.
                 <button class='close' data-dismiss='alert'>&times;</button>
-          </div>
+              </div>";
-        ";
-        }
     }
 }
 
@@ -176,10 +225,10 @@ if (isset($_POST['login'])) {
     <!-- /.login-logo -->
     <div class="card">
         <div class="card-body login-card-body">
-      <p class="login-box-msg"><?php if (isset($response)) { echo $response; } ?></p>
+            <p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
             <form method="post">
                 <div class="input-group mb-3">
-          <input type="text" class="form-control" placeholder="Agent Email" name="email" value="<?php if (!empty($token_field)) { echo $email; }?>" required <?php if (empty($token_field)) { echo "autofocus"; } ?> >
+                    <input type="text" class="form-control" placeholder="Agent Email" name="email" value="<?php if(!empty($token_field)){ echo $email; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
                     <div class="input-group-append">
                         <div class="input-group-text">
                             <span class="fas fa-envelope"></span>
@@ -187,14 +236,14 @@ if (isset($_POST['login'])) {
                     </div>
                 </div>
                 <div class="input-group mb-3">
-          <input type="password" class="form-control" placeholder="Agent Password" name="password" value="<?php if (!empty($token_field)) { echo $password; } ?>" required>
+                    <input type="password" class="form-control" placeholder="Agent Password" name="password" value="<?php if(!empty($token_field)){ echo $password; } ?>" required>
                     <div class="input-group-append">
                         <div class="input-group-text">
                             <span class="fas fa-lock"></span>
                         </div>
                     </div>
                 </div>
-          <?php if (!empty($token_field)) { echo $token_field; } ?>
+                <?php if(!empty($token_field)){ echo $token_field; } ?>
 
                 <button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button>
 

logs.php

@@ -169,7 +169,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             <td><?php echo $log_action; ?></td>
             <td><?php echo $log_description; ?></td>
             <td><?php echo $log_ip; ?></td>
-            <td><?php echo "$log_user_os<br>$log_user_browser<br>$log_user_agent"; ?></td>
+            <td><?php echo "$log_user_os<br>$log_user_browser"; ?></td>
           </tr>
 
           <?php

settings_ticket.php

@@ -1,6 +1,6 @@
 <?php include("inc_all_settings.php"); ?>
 
-<div class="card card-dark">
+    <div class="card card-dark">
         <div class="card-header py-3">
             <h3 class="card-title"><i class="fa fa-fw fa-life-ring"></i> Ticket Settings</h3>
         </div>
@@ -49,16 +49,21 @@
 
 
                 <div class="custom-control custom-switch mb-2">
-        <input type="checkbox" class="custom-control-input" name="config_ticket_email_parse" <?php if ($config_ticket_email_parse == 1) { echo "checked"; } ?> value="1" id="customSwitch1">
+                    <input type="checkbox" class="custom-control-input" name="config_ticket_email_parse" <?php if($config_ticket_email_parse == 1){ echo "checked"; } ?> value="1" id="customSwitch1">
                     <label class="custom-control-label" for="customSwitch1">Email-to-ticket parsing (Beta) <small>(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
                 </div>
 
+                <div class="custom-control custom-switch mb-2">
+                    <input type="checkbox" class="custom-control-input" name="config_ticket_client_general_notifications" <?php if($config_ticket_client_general_notifications == 1){ echo "checked"; } ?> value="1" id="customSwitch2">
+                    <label class="custom-control-label" for="customSwitch2">Send clients general notification emails <small>(Should clients receive automatic emails when tickets are raised/closed?)</small></label>
+                </div>
+
                 <hr>
 
                 <button type="submit" name="edit_ticket_settings" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
 
             </form>
         </div>
-</div>
+    </div>
 
 <?php include("footer.php");

tickets.php

@@ -167,15 +167,14 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
 
             <div class='card-tools'>
                 <div class="float-left">
-                    <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal"><i
+                    <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal">
-                                class="fas fa-fw fa-plus"></i> New Ticket
+                        <i class="fas fa-fw fa-plus"></i> New Ticket
                     </button>
-
                 </div>
             </div>
         </div>
         <div class="card-body">
-            <form class="mb-4" autocomplete="off">
+            <form autocomplete="off">
                 <div class="row">
                     <div class="col-sm-4">
                         <div class="input-group">
@@ -206,7 +205,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                     </div>
                 </div>
 
-                <div class="collapse mt-3 <?php if (!empty($_GET['dtf'])) {
+                <div class="collapse <?php if (!empty($_GET['dtf'])) {
                     echo "show";
                 } ?>" id="advancedFilter">
                     <div class="row">
@@ -408,7 +407,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                                 </a>
                             </td>
                             <td>
-                              <a href="ticket.php?ticket_id=<?php echo $ticket_id; ?>"><?php echo $ticket_subject; ?></a>
+                              <strong><a href="ticket.php?ticket_id=<?php echo $ticket_id; ?>"><?php echo $ticket_subject; ?></a></strong>
                             </td>
                             <td>
                                 <strong><a href="client_tickets.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a></strong>