ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into code-tidy

Browse Source
This commit is contained in:
wrongecho
2023-01-23 19:21:43 +00:00
committed by GitHub
parent d34c26d176 13edae48dc
commit b19c7a6f49
23 changed files with 2893 additions and 2317 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -88,7 +88,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https://
1. Install a LAMP stack (Linux, Apache, MariaDB, PHP)
```sh
sudo apt install git apache2 php libapache2-mod-php php-intl php-mysqli php-curl mariadb-server
sudo apt install git apache2 php libapache2-mod-php php-intl php-imap php-mysqli php-curl mariadb-server
```
2. Clone the repo
```sh
check_login.php
+3 -2
View File
@@ -16,9 +16,10 @@ if (!isset($config_enable_setup) || $config_enable_setup == 1) {
exit;
}
if (!$_SESSION['logged']) {
// Check user is logged in with a valid session
if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
header("Location: login.php");
die;
exit;
}
// SESSION FINGERPRINT
client_overview.php
+2 -2
View File
@@ -31,9 +31,9 @@ $sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains
<!-- Notes -->
<div class="col-9">
<div class="col-md-9">
<div class="card card-dark mb-5 elevation-3">
<div class="card card-dark mb-3 elevation-3">
<div class="card-header">
<h5 class="card-title"><i class="fa fa-fw fa-edit mr-2"></i>Quick Notes</h5>
</div>
client_software.php
+15 -1
View File
@@ -14,6 +14,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM software
LEFT JOIN logins ON login_software_id = software_id
WHERE software_client_id = $client_id
AND software_template = 0
AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%' OR software_key LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
@@ -24,8 +25,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube"></i> Licenses</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="client_software_templates.php?client_id=<?php echo $client_id; ?>">Templates</a>
</div>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareModal"><i class="fas fa-fw fa-plus"></i> New License</button>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareModal">
<i class="fas fa-fw fa-plus"></i> New License
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#addSoftwareFromTemplateModal">From Template</a>
</div>
</div>
</div>
</div>
<div class="card-body">
@@ -184,5 +197,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</div>
<?php include("client_software_add_modal.php"); ?>
<?php include("client_software_add_from_template_modal.php"); ?>
<?php include("footer.php"); ?>
client_software_add_from_template_modal.php
+49
View File
@@ -0,0 +1,49 @@
<div class="modal" id="addSoftwareFromTemplateModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License from Template</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<label>Template</label>
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-puzzle-piece"></i></span>
</div>
<select class="form-control" name="software_template_id" required>
<option value="">- Select Template -</option>
<?php
$sql_software_templates = mysqli_query($mysqli,"SELECT * FROM software WHERE software_template = 1 AND company_id = $session_company_id AND software_archived_at IS NULL ORDER BY software_name ASC");
while($row = mysqli_fetch_array($sql_software_templates)){
$software_template_id = $row['software_id'];
$software_template_name = htmlentities($row['software_name']);
?>
<option value="<?php echo $software_template_id ?>"><?php echo $software_template_name; ?></option>
<?php
}
?>
</select>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_software_from_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create</button>
</div>
</form>
</div>
</div>
</div>
client_software_template_add_modal.php
+74
View File
@@ -0,0 +1,74 @@
<div class="modal" id="addSoftwareTemplateModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> New License Template</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">
<label>Template Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Software name" required autofocus>
</div>
</div>
<div class="form-group">
<label>Version</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<input type="text" class="form-control" name="version" placeholder="Software version">
</div>
</div>
<div class="form-group">
<label>Type <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<select class="form-control select2" name="type" required>
<option value="">- Type -</option>
<?php foreach($software_types_array as $software_type) { ?>
<option><?php echo $software_type; ?></option>
<?php } ?>
</select>
</div>
</div>
<div class="form-group">
<label>License Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<select class="form-control select2" name="license_type">
<option value="">- Select a License Type -</option>
<?php foreach($license_types_array as $license_type) { ?>
<option><?php echo $license_type; ?></option>
<?php } ?>
</select>
</div>
</div>
<textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes"></textarea>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_software_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Create Template</button>
</div>
</form>
</div>
</div>
</div>
client_software_template_edit_modal.php
+73
View File
@@ -0,0 +1,73 @@
<div class="modal" id="editSoftwareTemplateModal<?php echo $software_id; ?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cube"></i> Editing template: <strong><?php echo $software_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="software_id" value="<?php echo $software_id; ?>">
<div class="modal-body bg-white">
<div class="form-group">
<label>Template Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Software name" value="<?php echo $software_name; ?>" required>
</div>
</div>
<div class="form-group">
<label>Version</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<input type="text" class="form-control" name="version" placeholder="Software version" value="<?php echo $software_version; ?>">
</div>
</div>
<div class="form-group">
<label>Type <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<select class="form-control select2" name="type" required>
<?php foreach($software_types_array as $software_type_select) { ?>
<option <?php if($software_type == $software_type_select) { echo "selected"; } ?>><?php echo $software_type_select; ?></option>
<?php } ?>
</select>
</div>
</div>
<div class="form-group">
<label>License Type</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-cube"></i></span>
</div>
<select class="form-control select2" name="license_type">
<option value="">- Select a License Type -</option>
<?php foreach($license_types_array as $license_type_select) { ?>
<option <?php if($license_type_select == $software_license_type){ echo "selected"; } ?>><?php echo $license_type_select; ?></option>
<?php } ?>
</select>
</div>
</div>
<textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes"><?php echo $software_notes; ?></textarea>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-outline-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_software_template" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save Template</button>
</div>
</form>
</div>
</div>
</div>
client_software_templates.php
+119
View File
@@ -0,0 +1,119 @@
<?php include("inc_all_client.php"); ?>
<?php
if(!empty($_GET['sb'])){
$sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
}else{
$sb = "software_name";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM software
LEFT JOIN logins ON login_software_id = software_id
WHERE software_template = 1
AND (software_name LIKE '%$q%' OR software_type LIKE '%$q%' OR software_key LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-cube"></i> Licenses Templates</h3>
<button type="button" class="btn btn-dark dropdown-toggle ml-1" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="client_software.php?client_id=<?php echo $client_id; ?>">Licenses</a>
</div>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addSoftwareTemplateModal"><i class="fas fa-fw fa-plus"></i> New Template</button>
</div>
</div>
<div class="card-body">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="row">
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo strip_tags(htmlentities($q)); } ?>" placeholder="Search Licenses">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
<div class="col-md-8">
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_name&o=<?php echo $disp; ?>">Template</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_type&o=<?php echo $disp; ?>">Type</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_license_type&o=<?php echo $disp; ?>">License Type</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=software_seats&o=<?php echo $disp; ?>">Seats</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$software_id = $row['software_id'];
$software_name = htmlentities($row['software_name']);
$software_version = htmlentities($row['software_version']);
$software_type = htmlentities($row['software_type']);
$software_license_type = htmlentities($row['software_license_type']);
$software_key = htmlentities($row['software_key']);
$software_seats = htmlentities($row['software_seats']);
$software_purchase = $row['software_purchase'];
$software_expire = $row['software_expire'];
$software_notes = htmlentities($row['software_notes']);
?>
<tr>
<td><a class="text-dark" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>"><?php echo "$software_name<br><span class='text-secondary'>$software_version</span>"; ?></a></td>
<td><?php echo $software_type; ?></td>
<td><?php echo $software_license_type; ?></td>
<td><?php echo "$software_seats"; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareTemplateModal<?php echo $software_id; ?>">Edit</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>
</tr>
<?php
include("client_software_template_edit_modal.php");
}
?>
</tbody>
</table>
</div>
<?php include("pagination.php"); ?>
</div>
</div>
<?php include("client_software_template_add_modal.php"); ?>
<?php include("footer.php"); ?>
cron.php
+41 -1
View File
@@ -32,6 +32,8 @@ while ($row = mysqli_fetch_array($sql_companies)) {
// Tickets
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email'];
// Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
@@ -151,10 +153,48 @@ while ($row = mysqli_fetch_array($sql_companies)) {
// Raise the ticket
mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = $created_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, company_id = $company_id");
$id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'System created scheduled $frequency ticket - $subject', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id, log_user_id = $created_id");
// E-mail client
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get contact/ticket/company details
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN companies ON tickets.company_id = companies.company_id
WHERE ticket_id = $id AND tickets.company_id = $company_id");
$row = mysqli_fetch_array($sql);
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_subject = $row['ticket_subject'];
$company_phone = formatPhoneNumber($row['company_phone']);
// Verify contact email is valid
if(filter_var($contact_email, FILTER_VALIDATE_EMAIL)){
$subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject (scheduled)";
$body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$ticket_subject\" has been automatically created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
$contact_email, $contact_name,
$subject, $body);
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', notification_timestamp = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $company_id");
}
}
}
// Set the next run date
if($frequency == "weekly"){
// Note: We seemingly have to initialize a new datetime for each loop to avoid stacking the dates
@@ -254,7 +294,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
}
//Send Recurring Invoices that match today's date and are active
//Send Recurring Invoices that match todays date and are active
//Loop through all recurring that match today's date and is active
$sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id");
cron_ticket_email_parser.php
+3 -1
View File
@@ -63,7 +63,7 @@ if ($emails) {
foreach($emails as $email) {
// Get message details
$metadata = imap_fetch_overview($imap, $email); // Date, Subject, Size
$metadata = imap_fetch_overview($imap, $email,0); // Date, Subject, Size
$header = imap_headerinfo($imap, $email); // To get the From as an email, not a contact name
$message = imap_fetchbody($imap, $email, 1); // Body
@@ -172,6 +172,7 @@ if ($emails) {
// E-mail client notification that ticket has been created
if ($config_ticket_client_general_notifications == 1) {
$email_subject = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject";
$email_body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.<br><br>Ticket: $config_ticket_prefix$ticket_number<br>Subject: $subject<br>Status: Open<br>https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
@@ -186,6 +187,7 @@ if ($emails) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $session_company_id");
}
}
} else {
database_updates.php
+18 -4
View File
@@ -243,7 +243,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
if(CURRENT_DATABASE_VERSION == '0.1.1'){
// Insert queries here required to update to DB version 0.1.2
// Create Many-to-Many Relationship tables for Assets, Contacts, Software and Vendors
// Create Many to Many Relationship tables for Assets, Contacts, Software and Vendors
mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))");
mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))");
@@ -453,11 +453,25 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.9'");
}
//if (CURRENT_DATABASE_VERSION == '0.2.9') {
// Insert queries here required to update to DB version 0.3.0
if(CURRENT_DATABASE_VERSION == '0.2.9'){
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_ticket_client_general_notifications` INT(1) NOT NULL DEFAULT '1' AFTER `config_ticket_email_parse`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.0'");
}
if(CURRENT_DATABASE_VERSION == '0.3.0'){
mysqli_query($mysqli, "ALTER TABLE `notifications` ADD `notification_user_id` TINYINT(1) DEFAULT 0 AFTER `notification_client_id`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.1'");
}
//if(CURRENT_DATABASE_VERSION == '0.3.1'){
// Insert queries here required to update to DB version 0.3.2
// Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.0'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.2'");
//}
database_version.php
+1 -1
View File
@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "0.2.9");
DEFINE("LATEST_DATABASE_VERSION", "0.3.1");
db.sql
+4 -1
View File
@@ -722,6 +722,7 @@ CREATE TABLE `notifications` (
`notification_dismissed_at` datetime DEFAULT NULL,
`notification_dismissed_by` int(11) DEFAULT NULL,
`notification_client_id` int(11) DEFAULT NULL,
`notification_user_id` tinyint(1) DEFAULT 0,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`notification_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@@ -1066,6 +1067,7 @@ CREATE TABLE `settings` (
`config_ticket_from_name` varchar(200) DEFAULT NULL,
`config_ticket_from_email` varchar(200) DEFAULT NULL,
`config_ticket_email_parse` int(1) NOT NULL DEFAULT 0,
`config_ticket_client_general_notifications` int(1) NOT NULL DEFAULT 1,
`config_enable_cron` tinyint(1) DEFAULT NULL,
`config_recurring_auto_send_invoice` tinyint(1) DEFAULT NULL,
`config_enable_alert_domain_expire` tinyint(1) DEFAULT NULL,
@@ -1079,6 +1081,7 @@ CREATE TABLE `settings` (
`config_module_enable_itdoc` tinyint(1) NOT NULL DEFAULT 1,
`config_module_enable_accounting` tinyint(1) NOT NULL DEFAULT 1,
`config_module_enable_ticketing` tinyint(1) NOT NULL DEFAULT 1,
`config_theme` varchar(200) DEFAULT 'blue',
PRIMARY KEY (`company_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
@@ -1516,4 +1519,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2023-01-18 20:12:49
-- Dump completed on 2023-01-22 20:00:27
functions.php
-1
View File
@@ -87,7 +87,6 @@ function get_ip() {
}
function get_web_browser($user_browser) {
//$user_agent = $log_user_agent;
$browser = "Unknown Browser";
$browser_array = array(
'/msie/i' => "<i class='fab fa-fw fa-internet-explorer text-secondary'></i> Internet Explorer",
get_settings.php
+1
View File
@@ -58,6 +58,7 @@ $config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email'];
$config_ticket_email_parse = $row['config_ticket_email_parse'];
$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications'];
// Alerts
$config_enable_cron = $row['config_enable_cron'];
guest_view_invoice.php
+4 -2
View File
@@ -68,8 +68,10 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os($session_user_agent)));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser($session_user_agent)));
//Set Badge color based off of invoice status
if ($invoice_status == "Sent") {
guest_view_quote.php
+7 -6
View File
@@ -64,10 +64,11 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
//Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$ip = get_ip();
$os = get_os();
$browser = get_web_browser();
$device = get_device();
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os($session_user_agent)));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser($session_user_agent)));
//Update status to Viewed only if invoice_status = "Sent"
if ($quote_status == 'Sent') {
@@ -75,11 +76,11 @@ if (isset($_GET['quote_id'], $_GET['url_key'])) {
}
//Mark viewed in history
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser - $device', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
//Prevent SQL Error if client_name has ' in their name example Bill's Market
$client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser - $device', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
?>
inc_client_top_head.php
+1 -1
View File
@@ -6,7 +6,7 @@ $location_phone = formatPhoneNumber($location_phone);
?>
<div class="card mb-3">
<div class="card">
<div class="card-body">
<div class="row">
<div class="col-md">
login.php
+102 -53
View File
@@ -5,13 +5,41 @@ if (!file_exists('config.php')) {
exit;
}
include("config.php");
include("functions.php");
require_once("config.php");
require_once("functions.php");
require_once("rfc6238.php");
// IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// Block brute force password attacks - check recent failed login attempts for this IP
// Block access if more than 15 failed login attempts have happened in the last 10 minutes
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)"));
$failed_login_count = $row['failed_login_count'];
if ($failed_login_count >= 15) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Blocked', log_description = '$ip was blocked access to login due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Inform user & quit processing page
exit("<h2>$config_app_name</h2>Your IP address has been blocked due to repeated failed login attempts. Please try again later. <br><br>This action has been logged.");
}
// Query Settings for "default" company (as companies are being removed shortly)
$sql_settings = mysqli_query($mysqli,"SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
// Mail
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = $row['config_smtp_port'];
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
$config_mail_from_email = $row['config_mail_from_email'];
$config_mail_from_name = $row['config_mail_from_name'];
// HTTP-Only cookies
ini_set("session.cookie_httponly", True);
@@ -26,45 +54,67 @@ if (isset($_POST['login'])) {
// Sessions should start after the user has POSTed data
session_start();
// Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$failed_login_count = $row['failed_login_count'];
// Login brute force check
if ($failed_login_count >= 10) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company)
if ($failed_login_count == 10) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'");
}
// Inform user
$response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>';
} else {
// Passed login brute force check
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password'];
$current_code = 0; // Default value
if (isset($_POST['current_code'])) {
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
}
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
// Check password
if ($row && password_verify($password, $row['user_password'])) {
// User variables
$token = $row['user_token'];
// User password correct (partial login)
// Set temporary user variables
$user_name = strip_tags(mysqli_real_escape_string($mysqli, $row['user_name']));
$user_id = $row['user_id'];
$user_email = $row['user_email'];
$token = $row['user_token'];
// Checking for user 2FA
if (empty($token) || TokenAuth6238::verify($token, $current_code)) {
// FULL LOGIN SUCCESS - 2FA not configured or was successful
// Check this login isn't suspicious
$sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ip_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_ip = '$ip' AND log_user_id = '$user_id'"));
$ip_previous_logins = $sql_ip_prev_logins['ip_previous_logins'];
$sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ua_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_user_agent = '$user_agent' AND log_user_id = '$user_id'"));
$ua_prev_logins = $sql_ua_prev_logins['ua_previous_logins'];
// Notify if both the user agent and IP are different
if (!empty($config_smtp_host) && $ip_previous_logins == 0 && $ua_prev_logins == 0) {
$subject = "$config_app_name new login for $user_name";
$body = "Hi $user_name, <br><br>A recent successful login to your $config_app_name account was considered a little unusual. If this was you, you can safely ignore this email!<br><br>IP Address: $ip<br> User Agent: $user_agent <br><br>If you did not perform this login, your credentials may be compromised. <br><br>Thanks, <br>ITFlow";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$user_email, $user_name,
$subject, $body);
}
// Determine whether 2FA was used (for logs)
$extended_log = ''; // Default value
if ($current_code !== 0 ) {
$extended_log = 'with 2FA';
}
// Logging successful login
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in $extended_log', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
// Session info
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_role'] = $row['user_role'];
$_SESSION['csrf_token'] = bin2hex(random_bytes(78));
$_SESSION['logged'] = TRUE;
// Setup encryption session key
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
@@ -84,12 +134,6 @@ if (isset($_POST['login'])) {
}
}
if (empty($token)) {
// Full Login successful
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
// Show start page/dashboard depending on role
if ($row['user_role'] == 2) {
header("Location: dashboard_technical.php");
@@ -97,11 +141,15 @@ if (isset($_POST['login'])) {
header("Location: dashboard_financial.php");
}
} else {
// Prompt for MFA
$token_field = "<div class='input-group mb-3'>
<input type='text' class='form-control' placeholder='Token' name='current_code' autofocus>
} else {
// MFA is configured and needs to be confirmed, or was unsuccessful
// HTML code for the token input field
$token_field = "
<div class='input-group mb-3'>
<input type='text' class='form-control' placeholder='2FA Token' name='current_code' required autofocus>
<div class='input-group-append'>
<div class='input-group-text'>
<span class='fas fa-key'></span>
@@ -109,42 +157,43 @@ if (isset($_POST['login'])) {
</div>
</div>";
require_once("rfc6238.php");
// Log/notify if MFA was unsuccessful
if ($current_code !== 0) {
if (TokenAuth6238::verify($token, $current_code)) {
// Full login (with MFA) successful
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
// Show start page/dashboard depending on role
if ($row['user_role'] == 2) {
header("Location: dashboard_technical.php");
} else {
header("Location: dashboard_financial.php");
}
} else {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
// Email the tech to advise their credentials may be compromised
if (!empty($config_smtp_host)) {
$subject = "Important: $config_app_name failed 2FA login attempt for $user_name";
$body = "Hi $user_name, <br><br>A recent login to your $config_app_name account was unsuccessful due to an incorrect 2FA code. If you did not attempt this login, your credentials may be compromised. <br><br>Thanks, <br>ITFlow";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$user_email, $user_name,
$subject, $body);
}
// HTML feedback for incorrect 2FA code
$response = "
<div class='alert alert-primary'>
<div class='alert alert-warning'>
Please Enter 2FA Key!
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
</div>";
}
}
} else {
// Password incorrect or user doesn't exist - show generic error
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$response = "
<div class='alert alert-danger'>
Incorrect username or password.
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
}
</div>";
}
}
logs.php
+1 -1
View File
@@ -169,7 +169,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<td><?php echo $log_action; ?></td>
<td><?php echo $log_description; ?></td>
<td><?php echo $log_ip; ?></td>
<td><?php echo "$log_user_os<br>$log_user_browser<br>$log_user_agent"; ?></td>
<td><?php echo "$log_user_os<br>$log_user_browser"; ?></td>
</tr>
<?php
post.php
+164 -33
View File
@@ -156,7 +156,9 @@ if (isset($_POST['edit_user'])) {
$role = intval($_POST['role']);
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
$extended_log_description = '';
if(!empty($_POST['2fa'])) {
$two_fa = $_POST['2fa'];
}
if(!file_exists("uploads/users/$user_id/")) {
mkdir("uploads/users/$user_id");
@@ -285,6 +287,32 @@ if (isset($_POST['edit_profile'])) {
$logout = FALSE;
$extended_log_description = '';
// Email notification when password or email is changed
$user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $user_id"));
$user_old_email = $user_old_email_sql['user_email'];
if (!empty($config_smtp_host) && (!empty($new_password) || $user_old_email !== $email)) {
// Determine exactly what changed
if ($user_old_email !== $email && !empty($new_password)) {
$details = "Your e-mail address and password were changed. New email: $email.";
}
elseif ($user_old_email !== $email) {
$details = "Your email address was changed. New email: $email.";
}
elseif (!empty($new_password)) {
$details = "Your password was changed.";
}
$subject = "$config_app_name account update confirmation for $name";
$body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$user_old_email, $name,
$subject, $body);
}
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
@@ -333,8 +361,6 @@ if (isset($_POST['edit_profile'])) {
}
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
if(!empty($new_password)){
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
@@ -361,6 +387,8 @@ if (isset($_POST['edit_profile'])) {
$extended_log_description .= ", extension access disabled";
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name modified their preferences$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
@@ -952,9 +980,9 @@ if (isset($_POST['edit_ticket_settings'])) {
$config_ticket_from_email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_email'])));
$config_ticket_from_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_name'])));
$config_ticket_email_parse = intval($_POST['config_ticket_email_parse']);
$config_ticket_client_general_notifications = intval($_POST['config_ticket_client_general_notifications']);
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name', config_ticket_email_parse = '$config_ticket_email_parse' WHERE company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name', config_ticket_email_parse = '$config_ticket_email_parse', config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = 'Ticket settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
@@ -1108,6 +1136,17 @@ if (isset($_POST['disable_2fa'])) {
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name disabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
// Email notification
if (!empty($config_smtp_host)) {
$subject = "$config_app_name account update confirmation for $session_name";
$body = "Hi $session_name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>2FA was disabled.</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$session_email, $session_name,
$subject, $body);
}
$_SESSION['alert_message'] = "Two-factor authentication disabled";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -2737,7 +2776,7 @@ if (isset($_POST['add_invoice_copy'])) {
//Generate a unique URL key for clients to access
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$invoice_scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_amount = '$invoice_amount', invoice_currency_code = '$invoice_currency_code', invoice_note = '$invoice_note', invoice_url_key = '$url_key', invoice_client_id = $client_id, company_id = $session_company_id") or die();
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$invoice_scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_amount = '$invoice_amount', invoice_currency_code = '$invoice_currency_code', invoice_note = '$invoice_note', invoice_url_key = '$url_key', invoice_client_id = $client_id, company_id = $session_company_id") or die(mysql_error());
$new_invoice_id = mysqli_insert_id($mysqli);
@@ -3033,14 +3072,14 @@ if (isset($_GET['delete_quote'])) {
//Delete Items Associated with the Quote
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_quote_id = $quote_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$item_id = $row['item_id'];
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
}
//Delete History Associated with the Quote
$sql = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$history_id = $row['history_id'];
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id AND company_id = $session_company_id");
}
@@ -3263,14 +3302,14 @@ if (isset($_GET['delete_recurring'])) {
//Delete Items Associated with the Recurring
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_recurring_id = $recurring_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$item_id = $row['item_id'];
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
}
//Delete History Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM history WHERE history_recurring_id = $recurring_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$history_id = $row['history_id'];
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id AND company_id = $session_company_id");
}
@@ -3405,21 +3444,21 @@ if (isset($_GET['delete_invoice'])) {
//Delete Items Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$item_id = $row['item_id'];
mysqli_query($mysqli,"DELETE FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
}
//Delete History Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM history WHERE history_invoice_id = $invoice_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$history_id = $row['history_id'];
mysqli_query($mysqli,"DELETE FROM history WHERE history_id = $history_id AND company_id = $session_company_id");
}
//Delete Payments Associated with the Invoice
$sql = mysqli_query($mysqli,"SELECT * FROM payments WHERE payment_invoice_id = $invoice_id AND company_id = $session_company_id");
while ($row = mysqli_fetch_array($sql)) {
while($row = mysqli_fetch_array($sql)){;
$payment_id = $row['payment_id'];
mysqli_query($mysqli,"DELETE FROM payments WHERE payment_id = $payment_id AND company_id = $session_company_id");
}
@@ -4225,7 +4264,7 @@ if (isset($_POST["import_client_contacts_csv"])) {
//(Else)Check column count
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000);
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 8) {
$error = TRUE;
$_SESSION['alert_message'] = "Bad column count.";
@@ -4234,10 +4273,10 @@ if (isset($_POST["import_client_contacts_csv"])) {
//Else, parse the file
if(!$error){
$file = fopen($file_name, "r");
fgetcsv($file, 1000); // Skip first line
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
while (($column = fgetcsv($file, 1000)) !== FALSE) {
while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -4639,7 +4678,7 @@ if (isset($_POST["import_client_locations_csv"])) {
//(Else)Check column count
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000);
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 7) {
$error = TRUE;
$_SESSION['alert_message'] = "Bad column count.";
@@ -4648,10 +4687,10 @@ if (isset($_POST["import_client_locations_csv"])) {
//Else, parse the file
if(!$error){
$file = fopen($file_name, "r");
fgetcsv($file, 1000); // Skip first line
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
while (($column = fgetcsv($file, 1000)) !== FALSE) {
while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -4904,7 +4943,7 @@ if (isset($_POST["import_client_assets_csv"])) {
//(Else)Check column count (name, type, make, model, serial, os)
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000);
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 8) {
$error = TRUE;
$_SESSION['alert_message'] = "Bad column count.";
@@ -4913,10 +4952,10 @@ if (isset($_POST["import_client_assets_csv"])) {
//Else, parse the file
if(!$error){
$file = fopen($file_name, "r");
fgetcsv($file, 1000); // Skip first line
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
while (($column = fgetcsv($file, 1000)) !== FALSE) {
while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -5052,6 +5091,82 @@ if (isset($_GET['export_client_assets_csv'])) {
}
// Client Software/License
// Templatee
if(isset($_POST['add_software_template'])){
validateTechRole();
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$version = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['version'])));
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['type'])));
$license_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['license_type'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes', software_template = 1, software_client_id = 0, company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Template', log_action = 'Create', log_description = '$session_user_name created software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Software template created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['edit_software_template'])){
validateTechRole();
$software_id = intval($_POST['software_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$version = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['version'])));
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['type'])));
$license_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['license_type'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes' WHERE software_id = $software_id AND company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software Teplate', log_action = 'Modify', log_description = '$session_name updated software template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Software template updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['add_software_from_template'])){
// GET POST Data
$client_id = intval($_POST['client_id']);
$software_template_id = intval($_POST['software_template_id']);
// GET Software Info
$sql_software = mysqli_query($mysqli,"SELECT * FROM software WHERE software_id = $software_template_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_software);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$row['software_name'])));
$version = trim(strip_tags(mysqli_real_escape_string($mysqli,$row['software_version'])));
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$row['software_type'])));
$license_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$row['software_license_type'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$row['software_notes'])));
// Software add query
mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_type = '$type', software_license_type = '$license_type', software_notes = '$notes', software_client_id = $client_id, company_id = $session_company_id");
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Software', log_action = 'Create', log_description = 'Software created from template $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Software created from template";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['add_software'])){
validateTechRole();
@@ -5407,7 +5522,7 @@ if (isset($_POST["import_client_logins_csv"])) {
//(Else)Check column count
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000);
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 4) {
$error = TRUE;
$_SESSION['alert_message'] = "Bad column count.";
@@ -5416,10 +5531,10 @@ if (isset($_POST["import_client_logins_csv"])) {
//Else, parse the file
if(!$error){
$file = fopen($file_name, "r");
fgetcsv($file, 1000); // Skip first line
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
while (($column = fgetcsv($file, 1000)) !== FALSE) {
while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -5918,10 +6033,10 @@ if (isset($_POST['add_ticket'])) {
$id = mysqli_insert_id($mysqli);
// E-mail client
if (!empty($config_smtp_host)) {
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get contact/ticket details
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, company_phone FROM tickets
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN companies ON tickets.company_id = companies.company_id
@@ -5932,13 +6047,14 @@ if (isset($_POST['add_ticket'])) {
$contact_email = $row['contact_email'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_subject = $row['ticket_subject'];
$company_phone = formatPhoneNumber($row['company_phone']);
// Verify contact email is valid
if(filter_var($contact_email, FILTER_VALIDATE_EMAIL)){
$subject = "Ticket created - [$ticket_prefix$ticket_number] - $subject";
$body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$subject\" has been created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
$subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$ticket_subject\" has been created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
@@ -6096,10 +6212,11 @@ if (isset($_POST['assign_ticket'])) {
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = '$assigned_to' AND user_settings.user_role > 1");
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = '$assigned_to' AND user_settings.user_role > 1");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_name = $agent_details['user_name'];
$ticket_reply = "Ticket re-assigned to $agent_details[user_name].";
$agent_email = $agent_details['user_email'];
$ticket_reply = "Ticket re-assigned to $agent_name.";
if(!$agent_name){
$_SESSION['alert_type'] = "error";
@@ -6110,8 +6227,10 @@ if (isset($_POST['assign_ticket'])) {
}
// Get & verify ticket details
$ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_subject FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
$ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
$ticket_details = mysqli_fetch_array($ticket_details_sql);
$ticket_prefix = $ticket_details['ticket_prefix'];
$ticket_number = $ticket_details['ticket_number'];
$ticket_subject = $ticket_details['ticket_subject'];
if(!$ticket_subject){
@@ -6127,7 +6246,19 @@ if (isset($_POST['assign_ticket'])) {
mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id") or die(mysqli_error($mysqli));
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Modify', log_description = '$ticket_subject reassigned to $agent_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Modify', log_description = '$ticket_subject ($ticket_id) - $ticket_reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
// Email notification
if (intval($session_user_id) !== $assigned_to) {
$subject = "$config_app_name ticket $ticket_prefix$ticket_number assigned to you";
$body = "Hi $agent_name, <br><br>A ticket has been assigned to you!<br><br>ID: $ticket_prefix$ticket_number<br> Subject: $ticket_subject <br><br>Thanks, <br>$session_name<br>ITFlow";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
$agent_email, $agent_name,
$subject, $body);
}
$_SESSION['alert_message'] = "Ticket re-assigned";
@@ -6345,7 +6476,7 @@ if (isset($_GET['close_ticket'])) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
// Client notification email
if (!empty($config_smtp_host)) {
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get details
$ticket_sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets
settings_ticket.php
+5
View File
@@ -53,6 +53,11 @@
<label class="custom-control-label" for="customSwitch1">Email-to-ticket parsing (Beta) <small>(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
</div>
<div class="custom-control custom-switch mb-2">
<input type="checkbox" class="custom-control-input" name="config_ticket_client_general_notifications" <?php if($config_ticket_client_general_notifications == 1){ echo "checked"; } ?> value="1" id="customSwitch2">
<label class="custom-control-label" for="customSwitch2">Send clients general notification emails <small>(Should clients receive automatic emails when tickets are raised/closed?)</small></label>
</div>
<hr>
<button type="submit" name="edit_ticket_settings" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
tickets.php
+5 -6
View File
@@ -167,15 +167,14 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
<div class='card-tools'>
<div class="float-left">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal"><i
class="fas fa-fw fa-plus"></i> New Ticket
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal">
<i class="fas fa-fw fa-plus"></i> New Ticket
</button>
</div>
</div>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<form autocomplete="off">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
@@ -206,7 +205,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
</div>
</div>
<div class="collapse mt-3 <?php if (!empty($_GET['dtf'])) {
<div class="collapse <?php if (!empty($_GET['dtf'])) {
echo "show";
} ?>" id="advancedFilter">
<div class="row">
@@ -408,7 +407,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
</a>
</td>
<td>
<a href="ticket.php?ticket_id=<?php echo $ticket_id; ?>"><?php echo $ticket_subject; ?></a>
<strong><a href="ticket.php?ticket_id=<?php echo $ticket_id; ?>"><?php echo $ticket_subject; ?></a></strong>
</td>
<td>
<strong><a href="client_tickets.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a></strong>