diff --git a/CHANGELOG.md b/CHANGELOG.md index e06f7b4bf..5fc90a832 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,31 @@ This file documents all notable changes made to ITFlow. +## [26.04] Stable Release +### Bug Fixes +- Racks: Fix Device Removal. +- Table Lists: replace class table-responsive-sm with just table-reponsive was causing ui issues with certain screen sizes. +- Client: Fix Edit erroring on certain characters. +- Category: Fix Add/Edit due to missing CSRF fields. +- Invoice: Do not apply late fee on first overdue reminder (1 day). +- Ticket: Fix issue with contact not being added with Add contact modal v1. +- Quote: Fix Copy was missing client. +- API: Don't set client ID from POST - this is properly done via require_post_method instead only if it's an all-clients key. +- API: Prevent error 500s when existing data can't be cleanly re-inserted to database. +- API: Add more helpful errors. +- API: Fix asset read uri_2 field. +- API: Various other field fixes. + +### New Features & Updates +- Categories: Add Description Field. +- Categories: Add DB Field for order. +- Categories: Move Asset Status and Network Interface Type to categories so custom ones can be created and edited. +- Categories: Moved note type, software type, rack type to be creatable/editable Categories with common defaults and descriptions +- Files: Allow .swb file for MikroTik Backup Files. + ## [26.03] Stable Release ### Bug Fixes -- Ticket Templates: Fix Task Sorting. +- Ticket Templates: Fix Task Sortinhahahg. - Ticket: Lower autoclose setting minimum value from 48 to 24 Hours. - Ticket: Fix Task Approval. - Recurring Ticket: add empty value placeholder for Ticket Frequency. diff --git a/admin/category.php b/admin/category.php index 7613c9afa..d144b207f 100644 --- a/admin/category.php +++ b/admin/category.php @@ -28,14 +28,14 @@

- Categories + Categories

+ class="fas fa-plus mr-2">New Category
New value="" - placeholder="Search Categories "> + placeholder="Search Categories ">
@@ -83,6 +83,36 @@ class="btn ">Ticket + Network Interface + Asset Status + Software Type + Rack Type + Contact Note Type Archived while ($row = mysqli_fetch_assoc($sql)) { $category_id = intval($row['category_id']); $category_name = nullable_htmlentities($row['category_name']); + $category_description = nullable_htmlentities($row['category_description']); $category_color = nullable_htmlentities($row['category_color']); ?> @@ -122,6 +153,7 @@ class="fas fa-fw fa-archive mr-2">Archived +
diff --git a/admin/database_updates.php b/admin/database_updates.php index 86d0a0615..c4e8d115a 100644 --- a/admin/database_updates.php +++ b/admin/database_updates.php @@ -4334,11 +4334,70 @@ function processFile($file_path, $file_name, $mysqli) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.2'"); } - // - // // if (CURRENT_DATABASE_VERSION == '2.4.2') { - // // Insert queries here required to update to DB version 2.4.3 + + if (CURRENT_DATABASE_VERSION == '2.4.2') { + + mysqli_query($mysqli, "ALTER TABLE `categories` ADD `category_description` VARCHAR(255) DEFAULT NULL AFTER `category_name`"); + mysqli_query($mysqli, "ALTER TABLE `categories` ADD `category_order` INT(11) NOT NULL DEFAULT 0 AFTER `category_icon`"); + + // Create network_interfaces + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ethernet', category_type = 'network_interface', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP', category_type = 'network_interface', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP+', category_type = 'network_interface', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP28', category_type = 'network_interface', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP-DD', category_type = 'network_interface', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Coaxial', category_type = 'network_interface', category_order = 6"); // 6 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Fiber', category_type = 'network_interface', category_order = 7"); // 7 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'WiFi', category_type = 'network_interface', category_order = 8"); // 8 + + + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.3'"); + } + + if (CURRENT_DATABASE_VERSION == '2.4.3') { + // Asset Status + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ready to Deploy', category_description = 'Asset is configured and ready to be assigned', category_type = 'asset_status', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Deployed', category_description = 'Asset is actively in use and assigned to a client or location', category_type = 'asset_status', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Out for Repair', category_description = 'Asset has been sent out for servicing or repair', category_type = 'asset_status', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Lost', category_description = 'Asset location is unknown and cannot be accounted for', category_type = 'asset_status', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Stolen', category_description = 'Asset has been reported stolen', category_type = 'asset_status', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Retired', category_description = 'Asset has been decommissioned and is no longer in service', category_type = 'asset_status', category_order = 6"); // 6 + + // Contact note types + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Call', category_description = 'Phone call with a client or contact', category_icon = 'fa-phone-alt', category_type = 'contact_note_type', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Email', category_description = 'Email correspondence with a client or contact', category_icon = 'fa-envelope', category_type = 'contact_note_type', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Meeting', category_description = 'Scheduled meeting with a client or contact', category_icon = 'fa-handshake', category_type = 'contact_note_type', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'In Person', category_description = 'In person visit or on-site interaction', category_icon = 'fa-people-arrows', category_type = 'contact_note_type', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Note', category_description = 'General note or internal comment', category_icon = 'fa-sticky-note', category_type = 'contact_note_type', category_order = 5"); // 5 + + // Rack Types + mysqli_query($mysqli, "INSERT INTO categories SET category_name = '2-Post Open Frame', category_description = 'Two-post open frame rack for patch panels and lightweight equipment', category_type = 'rack_type', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Open Frame', category_description = 'Four-post open frame rack for servers and heavier equipment', category_type = 'rack_type', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Enclosed Cabinet', category_description = 'Four-post enclosed cabinet with doors and sides for secure equipment housing', category_type = 'rack_type', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Open', category_description = 'Open frame rack mounted directly to a wall for small deployments', category_type = 'rack_type', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Enclosed', category_description = 'Enclosed cabinet rack mounted to a wall with a locking door', category_type = 'rack_type', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Rack type does not fit any standard category', category_type = 'rack_type', category_order = 6"); // 6 + + // Software Types + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Software as a Service (SaaS)', category_description = 'Cloud-hosted software accessed via a web browser or API', category_type = 'software_type', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Productivity Suite', category_description = 'Bundled office and collaboration tools such as Microsoft 365 or Google Workspace', category_type = 'software_type', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Web Application', category_description = 'Application hosted on a web server and accessed through a browser', category_type = 'software_type', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Desktop Application', category_description = 'Application installed and run locally on a workstation or laptop', category_type = 'software_type', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Mobile Application', category_description = 'Application installed and run on a mobile device or tablet', category_type = 'software_type', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Security Software', category_description = 'Software providing antivirus, endpoint protection, or security monitoring', category_type = 'software_type', category_order = 6"); // 6 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'System Software', category_description = 'Low-level software managing hardware resources and system operations', category_type = 'software_type', category_order = 7"); // 7 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Operating System', category_description = 'Core software managing hardware and providing a platform for applications', category_type = 'software_type', category_order = 8"); // 8 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Software type does not fit any standard category', category_type = 'software_type', category_order = 9"); // 9 + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.4'"); + + } + + // if (CURRENT_DATABASE_VERSION == '2.4.4') { + // // Insert queries here required to update to DB version 2.4.5 // // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.3'"); + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.5'"); // } } else { diff --git a/admin/modals/category/category_add.php b/admin/modals/category/category_add.php index 8fa6ac743..d4b5715cb 100644 --- a/admin/modals/category/category_add.php +++ b/admin/modals/category/category_add.php @@ -9,12 +9,13 @@ ?>
-
New Category
+
New Category
+
@@ -59,6 +60,16 @@
+
+ +
+
+ +
+ +
+
+
diff --git a/admin/modals/category/category_edit.php b/admin/modals/category/category_edit.php index 6d7ebdb6a..5ef8fe39e 100644 --- a/admin/modals/category/category_edit.php +++ b/admin/modals/category/category_edit.php @@ -8,6 +8,7 @@ $row = mysqli_fetch_assoc($sql); $category_name = nullable_htmlentities($row['category_name']); +$category_description = nullable_htmlentities($row['category_description']); $category_color = nullable_htmlentities($row['category_color']); $category_type = nullable_htmlentities($row['category_type']); @@ -21,6 +22,7 @@
+
@@ -45,6 +47,16 @@
+
+ +
+
+ +
+ +
+
+
diff --git a/admin/modals/software_template/software_template_add.php b/admin/modals/software_template/software_template_add.php index abe132ea1..f1db368aa 100644 --- a/admin/modals/software_template/software_template_add.php +++ b/admin/modals/software_template/software_template_add.php @@ -54,9 +54,18 @@
diff --git a/admin/modals/software_template/software_template_edit.php b/admin/modals/software_template/software_template_edit.php index d12ccab30..18236c34e 100644 --- a/admin/modals/software_template/software_template_edit.php +++ b/admin/modals/software_template/software_template_edit.php @@ -66,8 +66,20 @@ diff --git a/admin/post/category.php b/admin/post/category.php index 2a0f11bbb..ac68dd7ee 100644 --- a/admin/post/category.php +++ b/admin/post/category.php @@ -12,7 +12,7 @@ require_once 'category_model.php'; - mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_type = '$type', category_color = '$color'"); + mysqli_query($mysqli,"INSERT INTO categories SET category_name = '$name', category_description = '$description', category_type = '$type', category_color = '$color'"); $category_id = mysqli_insert_id($mysqli); @@ -32,7 +32,7 @@ $category_id = intval($_POST['category_id']); - mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_type = '$type', category_color = '$color' WHERE category_id = $category_id"); + mysqli_query($mysqli,"UPDATE categories SET category_name = '$name', category_description = '$description', category_type = '$type', category_color = '$color' WHERE category_id = $category_id"); logAction("Category", "Edit", "$session_name edited category $type $name", 0, $category_id); diff --git a/admin/post/category_model.php b/admin/post/category_model.php index 81b54a390..30268bcea 100644 --- a/admin/post/category_model.php +++ b/admin/post/category_model.php @@ -2,5 +2,6 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); $name = sanitizeInput($_POST['name']); +$description = sanitizeInput($_POST['description']); $type = sanitizeInput($_POST['type']); $color = sanitizeInput($_POST['color']); diff --git a/agent/accounts.php b/agent/accounts.php index a0768ed7c..b96ffe537 100644 --- a/agent/accounts.php +++ b/agent/accounts.php @@ -38,7 +38,7 @@
-
+
"> diff --git a/agent/certificates.php b/agent/certificates.php index bbeb47739..db65cc030 100644 --- a/agent/certificates.php +++ b/agent/certificates.php @@ -148,7 +148,7 @@ class="btn btn-
-
+
diff --git a/agent/clients.php b/agent/clients.php index f7a8e0c9f..e5a0dea3a 100644 --- a/agent/clients.php +++ b/agent/clients.php @@ -444,7 +444,7 @@ class="collapse } $client_tag_id_array[] = $client_tag_id; - $client_tag_name_display_array[] = "$client_tag_name"; + $client_tag_name_display_array[] = "$client_tag_name"; } $client_tags_display = implode('', $client_tag_name_display_array); @@ -512,10 +512,10 @@ class="collapse
-
+
- +
'fa-phone-alt', + 'Email'=>'fa-envelope', + 'Meeting'=>'fa-handshake', + 'In Person'=>'fa-people-arrows', + 'Note'=>'fa-sticky-note' + ); + while ($row = mysqli_fetch_assoc($sql_related_notes)) { $contact_note_id = intval($row['contact_note_id']); $contact_note_type = nullable_htmlentities($row['contact_note_type']); diff --git a/agent/contacts.php b/agent/contacts.php index 73eacde96..40e9630ab 100644 --- a/agent/contacts.php +++ b/agent/contacts.php @@ -288,7 +288,7 @@ class="btn btn- -
+
diff --git a/agent/contact_details.php b/agent/contact_details.php index 852562913..0eee557e3 100644 --- a/agent/contact_details.php +++ b/agent/contact_details.php @@ -1101,6 +1101,14 @@ class="btn btn-secondary btn-sm" title="Unlink">
"> diff --git a/agent/credentials.php b/agent/credentials.php index 5ec6a5387..4762ecf03 100644 --- a/agent/credentials.php +++ b/agent/credentials.php @@ -276,7 +276,7 @@ class="btn btn- -
+
text-nowrap"> diff --git a/agent/domains.php b/agent/domains.php index 926b5034d..b3e492925 100644 --- a/agent/domains.php +++ b/agent/domains.php @@ -172,7 +172,7 @@ class="btn btn-
-
+
diff --git a/agent/expenses.php b/agent/expenses.php index 2403b4388..f0fa80233 100644 --- a/agent/expenses.php +++ b/agent/expenses.php @@ -202,7 +202,7 @@
-
+
"> diff --git a/agent/invoices.php b/agent/invoices.php index 7a7d10099..17466994f 100644 --- a/agent/invoices.php +++ b/agent/invoices.php @@ -257,7 +257,7 @@
-
+
text-nowrap"> diff --git a/agent/locations.php b/agent/locations.php index 164dba37f..bd91d70fc 100644 --- a/agent/locations.php +++ b/agent/locations.php @@ -216,7 +216,7 @@ class="btn btn- -
+
"> diff --git a/agent/modals/asset/asset_add.php b/agent/modals/asset/asset_add.php index bd4dcaacd..2bc7bf002 100644 --- a/agent/modals/asset/asset_add.php +++ b/agent/modals/asset/asset_add.php @@ -258,8 +258,17 @@ diff --git a/agent/modals/asset/asset_bulk_edit_status.php b/agent/modals/asset/asset_bulk_edit_status.php index 2e6407f60..6cbca8bdb 100644 --- a/agent/modals/asset/asset_bulk_edit_status.php +++ b/agent/modals/asset/asset_bulk_edit_status.php @@ -26,12 +26,21 @@
- +
diff --git a/agent/modals/asset/asset_copy.php b/agent/modals/asset/asset_copy.php index 9b903f123..a02653a93 100644 --- a/agent/modals/asset/asset_copy.php +++ b/agent/modals/asset/asset_copy.php @@ -228,8 +228,20 @@ diff --git a/agent/modals/asset/asset_edit.php b/agent/modals/asset/asset_edit.php index 6d2cccc81..78cc4e373 100644 --- a/agent/modals/asset/asset_edit.php +++ b/agent/modals/asset/asset_edit.php @@ -270,8 +270,20 @@ diff --git a/agent/modals/asset/asset_interface_add.php b/agent/modals/asset/asset_interface_add.php index 468db9d2e..8b9398955 100644 --- a/agent/modals/asset/asset_interface_add.php +++ b/agent/modals/asset/asset_interface_add.php @@ -57,15 +57,24 @@
- +
diff --git a/agent/modals/asset/asset_interface_bulk_edit_type.php b/agent/modals/asset/asset_interface_bulk_edit_type.php index 7796b9561..575d428a7 100644 --- a/agent/modals/asset/asset_interface_bulk_edit_type.php +++ b/agent/modals/asset/asset_interface_bulk_edit_type.php @@ -24,16 +24,26 @@
+
- +
- +
diff --git a/agent/modals/asset/asset_interface_edit.php b/agent/modals/asset/asset_interface_edit.php index 8d8533b32..1ed69f550 100644 --- a/agent/modals/asset/asset_interface_edit.php +++ b/agent/modals/asset/asset_interface_edit.php @@ -122,16 +122,25 @@ class="form-control"
- +
diff --git a/agent/modals/asset/asset_interface_multiple_add.php b/agent/modals/asset/asset_interface_multiple_add.php index 328ac5afa..0ffb0bca2 100644 --- a/agent/modals/asset/asset_interface_multiple_add.php +++ b/agent/modals/asset/asset_interface_multiple_add.php @@ -38,15 +38,24 @@
- +
diff --git a/agent/modals/contact/contact_note_add.php b/agent/modals/contact/contact_note_add.php index 6c3c8768c..a150c4b0f 100644 --- a/agent/modals/contact/contact_note_add.php +++ b/agent/modals/contact/contact_note_add.php @@ -32,8 +32,17 @@
diff --git a/agent/modals/file/file_upload.php b/agent/modals/file/file_upload.php index 2cb367fdc..8c41b0fab 100644 --- a/agent/modals/file/file_upload.php +++ b/agent/modals/file/file_upload.php @@ -50,7 +50,7 @@
- +
Up to 20 files can be uploaded at once by holding down CTRL and selecting files diff --git a/agent/modals/quote/quote_add.php b/agent/modals/quote/quote_add.php index 3d47bbe77..1eb3d72b0 100644 --- a/agent/modals/quote/quote_add.php +++ b/agent/modals/quote/quote_add.php @@ -29,7 +29,7 @@
- +
@@ -38,7 +38,7 @@
-
diff --git a/agent/modals/rack/rack_edit.php b/agent/modals/rack/rack_edit.php index 93418505d..28d980ad9 100644 --- a/agent/modals/rack/rack_edit.php +++ b/agent/modals/rack/rack_edit.php @@ -59,8 +59,19 @@
diff --git a/agent/modals/software/software_add.php b/agent/modals/software/software_add.php index b5fc10401..8c98a6f44 100644 --- a/agent/modals/software/software_add.php +++ b/agent/modals/software/software_add.php @@ -79,8 +79,17 @@ diff --git a/agent/modals/software/software_edit.php b/agent/modals/software/software_edit.php index 401d71f60..b456167fb 100644 --- a/agent/modals/software/software_edit.php +++ b/agent/modals/software/software_edit.php @@ -86,8 +86,20 @@ diff --git a/agent/modals/ticket/ticket_add.php b/agent/modals/ticket/ticket_add.php index 0d1f3395d..9b683c34a 100644 --- a/agent/modals/ticket/ticket_add.php +++ b/agent/modals/ticket/ticket_add.php @@ -247,7 +247,7 @@
-
-
+
diff --git a/agent/payments.php b/agent/payments.php index 936b03fe3..30f294fd3 100644 --- a/agent/payments.php +++ b/agent/payments.php @@ -138,7 +138,7 @@
-
+
text-nowrap"> diff --git a/agent/post/account.php b/agent/post/account.php index cd776049d..9140d2503 100644 --- a/agent/post/account.php +++ b/agent/post/account.php @@ -12,7 +12,6 @@ enforceUserPermission('module_financial', 2); - $name = sanitizeInput($_POST['name']); $opening_balance = floatval($_POST['opening_balance']); $currency_code = sanitizeInput($_POST['currency_code']); diff --git a/agent/post/client.php b/agent/post/client.php index 6eb859c26..90ec6ef5d 100644 --- a/agent/post/client.php +++ b/agent/post/client.php @@ -8,6 +8,8 @@ if (isset($_POST['add_client'])) { + // JQ - Using Prepared MySQLi Statements here for show this is not our standard and is only used in the client add/edit POST. + validateCSRFToken($_POST['csrf_token']); enforceUserPermission('module_client', 2); @@ -260,25 +262,63 @@ $client_id = intval($_POST['client_id']); - mysqli_query($mysqli, "UPDATE clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_rate = $rate, client_net_terms = $net_terms, client_tax_id_number = '$tax_id_number', client_lead = $lead, client_abbreviation = '$abbreviation', client_notes = '$notes' WHERE client_id = $client_id"); + // Update client using prepared statement + $query = mysqli_prepare( + $mysqli, + "UPDATE clients SET + client_name = ?, + client_type = ?, + client_website = ?, + client_referral = ?, + client_rate = ?, + client_net_terms = ?, + client_tax_id_number = ?, + client_lead = ?, + client_abbreviation = ?, + client_notes = ? + WHERE client_id = ?" + ); + mysqli_stmt_bind_param( + $query, + "ssssdisiisi", + $name, + $type, + $website, + $referral, + $rate, + $net_terms, + $tax_id_number, + $lead, + $abbreviation, + $notes, + $client_id + ); + mysqli_stmt_execute($query); - // Create Referral if it doesn't exist - $sql = mysqli_query($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = '$referral'"); - if(mysqli_num_rows($sql) == 0) { - mysqli_query($mysqli, "INSERT INTO categories SET category_name = '$referral', category_type = 'Referral'"); + // Create referral category if it doesn't exist + $query = mysqli_prepare($mysqli, "SELECT category_name FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND category_name = ?"); + mysqli_stmt_bind_param($query, "s", $referral); + mysqli_stmt_execute($query); + mysqli_stmt_store_result($query); + if (mysqli_stmt_num_rows($query) == 0) { + $query = mysqli_prepare($mysqli, "INSERT INTO categories SET category_name = ?, category_type = 'Referral'"); + mysqli_stmt_bind_param($query, "s", $referral); + mysqli_stmt_execute($query); logAction("Category", "Create", "$session_name created referral category $referral"); } - // Tags - // Delete existing tags - mysqli_query($mysqli, "DELETE FROM client_tags WHERE client_id = $client_id"); + // Tags - delete existing and re-insert + $query = mysqli_prepare($mysqli, "DELETE FROM client_tags WHERE client_id = ?"); + mysqli_stmt_bind_param($query, "i", $client_id); + mysqli_stmt_execute($query); - // Add new tags - if(isset($_POST['tags'])) { - foreach($_POST['tags'] as $tag) { + if (isset($_POST['tags'])) { + $query = mysqli_prepare($mysqli, "INSERT INTO client_tags SET client_id = ?, tag_id = ?"); + foreach ($_POST['tags'] as $tag) { $tag = intval($tag); - mysqli_query($mysqli, "INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag"); + mysqli_stmt_bind_param($query, "ii", $client_id, $tag); + mysqli_stmt_execute($query); } } diff --git a/agent/post/file.php b/agent/post/file.php index 5eb8096bb..483aae4aa 100644 --- a/agent/post/file.php +++ b/agent/post/file.php @@ -33,7 +33,7 @@ 'odt', 'csv', 'xls', 'xlsx', 'ods', 'pptx', 'odp', 'zip', 'tar', 'gz', 'msg', 'json', 'wav', 'mp3', 'ogg', 'mov', 'mp4', 'av1', 'ovpn', 'cfg', 'ps1', 'vsdx', 'drawio', 'pfx', 'pages', 'numbers', 'unf', 'unifi', - 'key', 'bat', 'stk' + 'key', 'bat', 'stk', 'swb' ]; // Loop through each uploaded file diff --git a/agent/post/quote.php b/agent/post/quote.php index 346f91da0..6d34d4a8f 100644 --- a/agent/post/quote.php +++ b/agent/post/quote.php @@ -14,7 +14,7 @@ require_once 'quote_model.php'; - $client_id = intval($_POST['client']); + $client_id = intval($_POST['client_id']); enforceClientAccess(); @@ -55,7 +55,7 @@ enforceUserPermission('module_sales', 2); $quote_id = intval($_POST['quote_id']); - $client_id = intval($_POST['client']); + $client_id = intval($_POST['client_id']); $date = sanitizeInput($_POST['date']); $expire = sanitizeInput($_POST['expire']); diff --git a/agent/post/rack.php b/agent/post/rack.php index 7b953f634..672c49a73 100644 --- a/agent/post/rack.php +++ b/agent/post/rack.php @@ -265,7 +265,7 @@ if (isset($_GET['remove_rack_unit'])) { - validateCSRFToken($_POST['csrf_token']); + validateCSRFToken($_GET['csrf_token']); enforceUserPermission('module_support', 2); diff --git a/agent/products.php b/agent/products.php index a0fb9be8b..2fed030f4 100644 --- a/agent/products.php +++ b/agent/products.php @@ -169,7 +169,7 @@ class="btn btn- -
+
text-nowrap"> diff --git a/agent/projects.php b/agent/projects.php index d58ef67c9..4809ea7d3 100644 --- a/agent/projects.php +++ b/agent/projects.php @@ -108,7 +108,7 @@ class="btn btn-
-
+
text-nowrap"> diff --git a/agent/quotes.php b/agent/quotes.php index f60658c37..f56a2e25a 100644 --- a/agent/quotes.php +++ b/agent/quotes.php @@ -91,7 +91,7 @@
-
+
text-nowrap"> diff --git a/agent/recurring_expenses.php b/agent/recurring_expenses.php index 27262add8..54dc20c1e 100644 --- a/agent/recurring_expenses.php +++ b/agent/recurring_expenses.php @@ -63,7 +63,7 @@
-
+
"> diff --git a/agent/recurring_invoices.php b/agent/recurring_invoices.php index 44159909b..32932b507 100644 --- a/agent/recurring_invoices.php +++ b/agent/recurring_invoices.php @@ -93,7 +93,7 @@
-
+
text-nowrap"> diff --git a/agent/recurring_tickets.php b/agent/recurring_tickets.php index 74d760725..bfbec629b 100644 --- a/agent/recurring_tickets.php +++ b/agent/recurring_tickets.php @@ -212,7 +212,7 @@
-
+
diff --git a/agent/revenues.php b/agent/revenues.php index 67b7240bc..2e429d4de 100644 --- a/agent/revenues.php +++ b/agent/revenues.php @@ -60,7 +60,7 @@
-
+
text-nowrap"> diff --git a/agent/services.php b/agent/services.php index fe542edc4..827550852 100644 --- a/agent/services.php +++ b/agent/services.php @@ -110,7 +110,7 @@
-
+
"> diff --git a/agent/software.php b/agent/software.php index 2c3bedad0..d1ee865db 100644 --- a/agent/software.php +++ b/agent/software.php @@ -146,7 +146,7 @@ class="btn btn-
-
+
text-nowrap"> diff --git a/agent/ticket_list.php b/agent/ticket_list.php index 2bab24e47..82775e5f9 100644 --- a/agent/ticket_list.php +++ b/agent/ticket_list.php @@ -3,7 +3,7 @@ -
+
text-nowrap"> diff --git a/agent/transfers.php b/agent/transfers.php index 6d91576bc..744b43d6c 100644 --- a/agent/transfers.php +++ b/agent/transfers.php @@ -120,7 +120,7 @@
-
+
text-nowrap"> diff --git a/agent/trips.php b/agent/trips.php index a2327c8d2..bd63a48c4 100644 --- a/agent/trips.php +++ b/agent/trips.php @@ -85,7 +85,7 @@
-
+
"> diff --git a/agent/vendors.php b/agent/vendors.php index a6dbbd0fa..ce705df00 100644 --- a/agent/vendors.php +++ b/agent/vendors.php @@ -113,7 +113,7 @@ class="btn btn- -
+
text-nowrap"> diff --git a/api/v1/assets/asset_model.php b/api/v1/assets/asset_model.php index b17db3aa1..60c90081f 100644 --- a/api/v1/assets/asset_model.php +++ b/api/v1/assets/asset_model.php @@ -4,7 +4,7 @@ if (isset($_POST['asset_name'])) { $name = sanitizeInput($_POST['asset_name']); } elseif (isset($asset_row) && isset($asset_row['asset_name'])) { - $name = $asset_row['asset_name']; + $name = mysqli_real_escape_string($mysqli, $asset_row['asset_name']); } else { $name = ''; } @@ -12,7 +12,7 @@ if (isset($_POST['asset_description'])) { $description = sanitizeInput($_POST['asset_description']); } elseif (isset($asset_row) && isset($asset_row['asset_description'])) { - $description = $asset_row['asset_description']; + $description = mysqli_real_escape_string($mysqli, $asset_row['asset_description']); } else { $description = ''; } @@ -20,7 +20,7 @@ if (isset($_POST['asset_type'])) { $type = sanitizeInput($_POST['asset_type']); } elseif (isset($asset_row) && isset($asset_row['asset_type'])) { - $type = $asset_row['asset_type']; + $type = mysqli_real_escape_string($mysqli, $asset_row['asset_type']); } else { $type = ''; } @@ -28,14 +28,14 @@ if (isset($_POST['asset_make'])) { $make = sanitizeInput($_POST['asset_make']); } elseif (isset($asset_row) && isset($asset_row['asset_make'])) { - $make = $asset_row['asset_make']; + $make = mysqli_real_escape_string($mysqli, $asset_row['asset_make']); } else { $make = ''; } if (isset($_POST['asset_model'])) { $model = sanitizeInput($_POST['asset_model']); } elseif (isset($asset_row) && isset($asset_row['asset_model'])) { - $model = $asset_row['asset_model']; + $model = mysqli_real_escape_string($mysqli, $asset_row['asset_model']); } else { $model = ''; } @@ -43,7 +43,7 @@ if (isset($_POST['asset_serial'])) { $serial = sanitizeInput($_POST['asset_serial']); } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) { - $serial = $asset_row['asset_serial']; + $serial = mysqli_real_escape_string($mysqli, $asset_row['asset_serial']); } else { $serial = ''; } @@ -51,7 +51,7 @@ if (isset($_POST['asset_os'])) { $os = sanitizeInput($_POST['asset_os']); } elseif (isset($asset_row) && isset($asset_row['asset_os'])) { - $os = $asset_row['asset_os']; + $os = mysqli_real_escape_string($mysqli, $asset_row['asset_os']); } else { $os = ''; } @@ -59,7 +59,7 @@ if (isset($_POST['asset_ip'])) { $ip = sanitizeInput($_POST['asset_ip']); } elseif (isset($asset_row) && isset($asset_row['interface_ip'])) { - $ip = $asset_row['interface_ip']; + $ip = mysqli_real_escape_string($mysqli, $asset_row['interface_ip']); } else { $ip = ''; } @@ -67,7 +67,7 @@ if (isset($_POST['asset_mac'])) { $mac = sanitizeInput($_POST['asset_mac']); } elseif (isset($asset_row) && isset($asset_row['interface_mac'])) { - $mac = $asset_row['interface_mac']; + $mac = mysqli_real_escape_string($mysqli, $asset_row['interface_mac']); } else { $mac = ''; } @@ -75,15 +75,23 @@ if (isset($_POST['asset_uri'])) { $uri = sanitizeInput($_POST['asset_uri']); } elseif (isset($asset_row) && isset($asset_row['asset_uri'])) { - $uri = $asset_row['asset_uri']; + $uri = mysqli_real_escape_string($mysqli, $asset_row['asset_uri']); } else { $uri = ''; } +if (isset($_POST['asset_uri_2'])) { + $uri_2 = sanitizeInput($_POST['asset_uri_2']); +} elseif (isset($asset_row) && isset($asset_row['asset_uri_2'])) { + $uri_2 = mysqli_real_escape_string($mysqli, $asset_row['asset_uri_2']); +} else { + $uri_2 = ''; +} + if (isset($_POST['asset_status'])) { $status = sanitizeInput($_POST['asset_status']); } elseif (isset($asset_row) && isset($asset_row['asset_status'])) { - $status = $asset_row['asset_status']; + $status = mysqli_real_escape_string($mysqli, $asset_row['asset_status']); } else { $status = ''; } @@ -91,7 +99,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) { $purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'"; } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) { - $purchase_date = "'" . $asset_row['asset_purchase_date'] . "'"; + $purchase_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_purchase_date']) . "'"; } else { $purchase_date = "NULL"; } @@ -99,7 +107,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) { $warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'"; } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) { - $warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'"; + $warranty_expire = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_warranty_expire']) . "'"; } else { $warranty_expire = "NULL"; } @@ -107,7 +115,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) { $install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'"; } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) { - $install_date = "'" . $asset_row['asset_install_date'] . "'"; + $install_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_install_date']) . "'"; } else { $install_date = "NULL"; } @@ -115,7 +123,7 @@ if (isset($_POST['asset_notes'])) { $notes = sanitizeInput($_POST['asset_notes']); } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) { - $notes = $asset_row['asset_notes']; + $notes = mysqli_real_escape_string($mysqli, $asset_row['asset_notes']); } else { $notes = ''; } diff --git a/api/v1/assets/read.php b/api/v1/assets/read.php index bf3d1d148..1dc1d9d04 100644 --- a/api/v1/assets/read.php +++ b/api/v1/assets/read.php @@ -37,7 +37,7 @@ } elseif (isset($_GET['asset_uri_2'])) { // Asset query via uri2 - $uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri']); + $uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri_2']); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri_2 = '$uri2' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); }else { diff --git a/api/v1/assets/update.php b/api/v1/assets/update.php index 86f59b578..b6d5eb772 100644 --- a/api/v1/assets/update.php +++ b/api/v1/assets/update.php @@ -18,8 +18,7 @@ // Variable assignment from POST - assigning the current database value if a value is not provided require_once 'asset_model.php'; - - $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"); + $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"); // Check insert & get insert ID if ($update_sql) { diff --git a/api/v1/clients/client_model.php b/api/v1/clients/client_model.php index 42321016e..4ab7a9c77 100644 --- a/api/v1/clients/client_model.php +++ b/api/v1/clients/client_model.php @@ -5,7 +5,7 @@ if (isset($_POST['client_name'])) { $name = sanitizeInput($_POST['client_name']); } elseif ($client_row) { - $name = $client_row['client_name']; + $name = mysqli_real_escape_string($mysqli, $client_row['client_name']); } else { $name = ''; } @@ -13,7 +13,7 @@ if (isset($_POST['client_type'])) { $type = sanitizeInput($_POST['client_type']); } elseif ($client_row) { - $type = $client_row['client_type']; + $type = mysqli_real_escape_string($mysqli, $client_row['client_type']); } else { $type = ''; } @@ -21,7 +21,7 @@ if (isset($_POST['client_website'])) { $website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website'])); } elseif ($client_row) { - $website = $client_row['client_website']; + $website = mysqli_real_escape_string($mysqli, $client_row['client_website']); } else { $website = ''; } @@ -29,7 +29,7 @@ if (isset($_POST['client_referral'])) { $referral = sanitizeInput($_POST['client_referral']); } elseif ($client_row) { - $referral = $client_row['client_referral']; + $referral = mysqli_real_escape_string($mysqli, $client_row['client_referral']); } else { $referral = ''; } @@ -45,7 +45,7 @@ if (isset($_POST['client_currency_code'])) { $currency_code = sanitizeInput($_POST['client_currency_code']); } elseif ($client_row) { - $currency_code = $client_row['client_currency_code']; + $currency_code = mysqli_real_escape_string($mysqli, $client_row['client_currency_code']); } else { $currency_code = ''; } @@ -61,7 +61,7 @@ if (isset($_POST['client_tax_id_number'])) { $tax_id_number = sanitizeInput($_POST['client_tax_id_number']); } elseif ($client_row) { - $tax_id_number = $client_row['client_tax_id_number']; + $tax_id_number = mysqli_real_escape_string($mysqli, $client_row['client_tax_id_number']); } else { $tax_id_number = ''; } @@ -69,7 +69,7 @@ if (isset($_POST['client_abbreviation'])) { $abbreviation = sanitizeInput(substr($_POST['client_abbreviation'], 0, 6)); } elseif ($client_row) { - $abbreviation = $client_row['client_abbreviation']; + $abbreviation = mysqli_real_escape_string($mysqli, $client_row['client_abbreviation']); } else { $abbreviation = ''; } @@ -85,7 +85,7 @@ if (isset($_POST['client_notes'])) { $notes = sanitizeInput($_POST['client_notes']); } elseif ($client_row) { - $notes = $client_row['client_notes']; + $notes = mysqli_real_escape_string($mysqli, $client_row['client_notes']); } else { $notes = ''; } diff --git a/api/v1/clients/update.php b/api/v1/clients/update.php index 13ec877e0..cf2fb52c0 100644 --- a/api/v1/clients/update.php +++ b/api/v1/clients/update.php @@ -3,9 +3,6 @@ require_once '../validate_api_key.php'; require_once '../require_post_method.php'; -// Parse Info -$client_id = intval($_POST['client_id']); - // Default $update_count = false; diff --git a/api/v1/contacts/contact_model.php b/api/v1/contacts/contact_model.php index dbac6bda6..e92f4246f 100644 --- a/api/v1/contacts/contact_model.php +++ b/api/v1/contacts/contact_model.php @@ -5,7 +5,7 @@ if (isset($_POST['contact_name'])) { $name = sanitizeInput($_POST['contact_name']); } elseif ($contact_row) { - $name = $contact_row['contact_name']; + $name = mysqli_real_escape_string($mysqli, $contact_row['contact_name']); } else { $name = ''; } @@ -13,7 +13,7 @@ if (isset($_POST['contact_title'])) { $title = sanitizeInput($_POST['contact_title']); } elseif ($contact_row) { - $title = $contact_row['contact_title']; + $title = mysqli_real_escape_string($mysqli, $contact_row['contact_title']); } else { $title = ''; } @@ -21,7 +21,7 @@ if (isset($_POST['contact_department'])) { $department = sanitizeInput($_POST['contact_department']); } elseif ($contact_row) { - $department = $contact_row['contact_department']; + $department = mysqli_real_escape_string($mysqli, $contact_row['contact_department']); } else { $department = ''; } @@ -29,7 +29,7 @@ if (isset($_POST['contact_email'])) { $email = sanitizeInput($_POST['contact_email']); } elseif ($contact_row) { - $email = $contact_row['contact_email']; + $email = mysqli_real_escape_string($mysqli, $contact_row['contact_email']); } else { $email = ''; } @@ -37,7 +37,7 @@ if (isset($_POST['contact_phone'])) { $phone = preg_replace(number_regex, '', $_POST['contact_phone']); } elseif ($contact_row) { - $phone = $contact_row['contact_phone']; + $phone = mysqli_real_escape_string($mysqli, $contact_row['contact_phone']); } else { $phone = ''; } @@ -45,7 +45,7 @@ if (isset($_POST['contact_extension'])) { $extension = preg_replace(number_regex, '', $_POST['contact_extension']); } elseif ($contact_row) { - $extension = $contact_row['contact_extension']; + $extension = mysqli_real_escape_string($mysqli, $contact_row['contact_extension']); } else { $extension = ''; } @@ -53,7 +53,7 @@ if (isset($_POST['contact_mobile'])) { $mobile = preg_replace(number_regex, '', $_POST['contact_mobile']); } elseif ($contact_row) { - $mobile = $contact_row['contact_mobile']; + $mobile = mysqli_real_escape_string($mysqli, $contact_row['contact_mobile']); } else { $mobile = ''; } @@ -61,7 +61,7 @@ if (isset($_POST['contact_notes'])) { $notes = sanitizeInput($_POST['contact_notes']); } elseif ($contact_row) { - $notes = $contact_row['contact_notes']; + $notes = mysqli_real_escape_string($mysqli, $contact_row['contact_notes']); } else { $notes = ''; } diff --git a/api/v1/credentials/create.php b/api/v1/credentials/create.php index 5fb2b224d..446186107 100644 --- a/api/v1/credentials/create.php +++ b/api/v1/credentials/create.php @@ -13,7 +13,7 @@ if (!empty($api_key_decrypt_password) && !empty($name) && !(empty($password))) { // Add credential - $insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id"); + $insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_favorite = $favorite, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id"); // Check insert & get insert ID if ($insert_sql) { diff --git a/api/v1/credentials/credential_model.php b/api/v1/credentials/credential_model.php index ac2faf5f0..045317273 100644 --- a/api/v1/credentials/credential_model.php +++ b/api/v1/credentials/credential_model.php @@ -11,7 +11,7 @@ if (isset($_POST['credential_name'])) { $name = sanitizeInput($_POST['credential_name']); } elseif (isset($credential_row) && isset($credential_row['credential_name'])) { - $name = $credential_row['credential_name']; + $name = mysqli_real_escape_string($mysqli, $credential_row['credential_name']); } else { $name = ''; } @@ -19,7 +19,7 @@ if (isset($_POST['credential_description'])) { $description = sanitizeInput($_POST['credential_description']); } elseif (isset($credential_row) && isset($credential_row['credential_description'])) { - $description = $credential_row['credential_description']; + $description = mysqli_real_escape_string($mysqli, $credential_row['credential_description']); } else { $description = ''; } @@ -27,7 +27,7 @@ if (isset($_POST['credential_uri'])) { $uri = sanitizeInput($_POST['credential_uri']); } elseif (isset($credential_row) && isset($credential_row['credential_uri'])) { - $uri = $credential_row['credential_uri']; + $uri = mysqli_real_escape_string($mysqli, $credential_row['credential_uri']); } else { $uri = ''; } @@ -35,7 +35,7 @@ if (isset($_POST['credential_uri_2'])) { $uri_2 = sanitizeInput($_POST['credential_uri_2']); } elseif (isset($credential_row) && isset($credential_row['credential_uri_2'])) { - $uri_2 = $credential_row['credential_uri_2']; + $uri_2 = mysqli_real_escape_string($mysqli, $credential_row['credential_uri_2']); } else { $uri_2 = ''; } @@ -61,12 +61,10 @@ $password_changed = false; } - - if (isset($_POST['credential_otp_secret'])) { $otp_secret = sanitizeInput($_POST['credential_otp_secret']); } elseif (isset($credential_row) && isset($credential_row['credential_otp_secret'])) { - $otp_secret = $credential_row['credential_otp_secret']; + $otp_secret = mysqli_real_escape_string($mysqli, $credential_row['credential_otp_secret']); } else { $otp_secret = ''; } @@ -74,17 +72,17 @@ if (isset($_POST['credential_note'])) { $note = sanitizeInput($_POST['credential_note']); } elseif (isset($credential_row) && isset($credential_row['credential_note'])) { - $note = $credential_row['credential_note']; + $note = mysqli_real_escape_string($mysqli, $credential_row['credential_note']); } else { $note = ''; } -if (isset($_POST['credential_important'])) { - $important = intval($_POST['credential_important']); -} elseif (isset($credential_row) && isset($credential_row['credential_important'])) { - $important = $credential_row['credential_important']; +if (isset($_POST['credential_favorite'])) { + $favorite = intval($_POST['credential_favorite']); +} elseif (isset($credential_row) && isset($credential_row['credential_favorite'])) { + $favorite = $credential_row['credential_favorite']; } else { - $important = ''; + $favorite = 0; } if (isset($_POST['credential_contact_id'])) { @@ -92,7 +90,7 @@ } elseif (isset($credential_row) && isset($credential_row['credential_contact_id'])) { $contact_id = $credential_row['credential_contact_id']; } else { - $contact_id = ''; + $contact_id = 0; } if (isset($_POST['credential_vendor_id'])) { @@ -100,7 +98,7 @@ } elseif (isset($credential_row) && isset($credential_row['credential_vendor_id'])) { $vendor_id = $credential_row['credential_vendor_id']; } else { - $vendor_id = ''; + $vendor_id = 0; } if (isset($_POST['credential_asset_id'])) { @@ -108,7 +106,7 @@ } elseif (isset($credential_row) && isset($credential_row['credential_asset_id'])) { $asset_id = $credential_row['credential_asset_id']; } else { - $asset_id = ''; + $asset_id = 0; } if (isset($_POST['credential_software_id'])) { @@ -116,5 +114,5 @@ } elseif (isset($credential_row) && isset($credential_row['credential_software_id'])) { $software_id = $credential_row['credential_software_id']; } else { - $software_id = ''; + $software_id = 0; } diff --git a/api/v1/credentials/update.php b/api/v1/credentials/update.php index 78c4f2962..2aff7a6bb 100644 --- a/api/v1/credentials/update.php +++ b/api/v1/credentials/update.php @@ -17,7 +17,7 @@ // Variable assignment from POST - assigning the current database value if a value is not provided require_once 'credential_model.php'; - $update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1"); + $update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_favorite = $favorite, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1"); // Check insert & get insert ID if ($update_sql) { diff --git a/api/v1/documents/document_model.php b/api/v1/documents/document_model.php index 75a93d56f..47d5962f1 100644 --- a/api/v1/documents/document_model.php +++ b/api/v1/documents/document_model.php @@ -4,7 +4,7 @@ if (isset($_POST['document_name'])) { $name = sanitizeInput($_POST['document_name']); } elseif (isset($document_row) && isset($document_row['document_name'])) { - $name = $document_row['document_name']; + $name = mysqli_real_escape_string($mysqli, $document_row['document_name']); } else { $name = ''; } @@ -12,7 +12,7 @@ if (isset($_POST['document_description'])) { $description = sanitizeInput($_POST['document_description']); } elseif (isset($document_row) && isset($document_row['document_description'])) { - $description = $document_row['document_description']; + $description = mysqli_real_escape_string($mysqli, $document_row['document_description']); } else { $description = ''; } @@ -20,7 +20,7 @@ if (isset($_POST['document_content'])) { $content = mysqli_real_escape_string($mysqli, $_POST['document_content']); } elseif (isset($document_row) && isset($document_row['document_content'])) { - $content = $document_row['document_content']; + $content = mysqli_real_escape_string($mysqli, $document_row['document_content']); } else { $content = ''; } @@ -29,7 +29,7 @@ if (isset($_POST['document_content'])) { $content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content'])); } elseif (isset($document_row) && isset($document_row['document_content_raw'])) { - $content_raw = $document_row['document_content_raw']; + $content_raw = mysqli_real_escape_string($mysqli, $document_row['document_content_raw']); } else { $content_raw = ''; } diff --git a/api/v1/domains/read.php b/api/v1/domains/read.php index b65aab999..6bbd96a27 100644 --- a/api/v1/domains/read.php +++ b/api/v1/domains/read.php @@ -13,7 +13,7 @@ } elseif (isset($_GET['domain_name'])) { // Domain by name $name = mysqli_real_escape_string($mysqli, $_GET['domain_name']); - $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); + $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset"); } else { // All domains (by client ID or all in general if key permits) diff --git a/api/v1/locations/location_model.php b/api/v1/locations/location_model.php index 6f031a790..b177a4e5d 100644 --- a/api/v1/locations/location_model.php +++ b/api/v1/locations/location_model.php @@ -5,7 +5,7 @@ if (isset($_POST['location_name'])) { $name = sanitizeInput($_POST['location_name']); } elseif ($location_row) { - $name = $location_row['location_name']; + $name = mysqli_real_escape_string($mysqli, $location_row['location_name']); } else { $name = ''; } @@ -13,7 +13,7 @@ if (isset($_POST['location_description'])) { $description = sanitizeInput($_POST['location_description']); } elseif ($location_row) { - $description = $location_row['location_description']; + $description = mysqli_real_escape_string($mysqli, $location_row['location_description']); } else { $description = ''; } @@ -21,7 +21,7 @@ if (isset($_POST['location_country'])) { $country = sanitizeInput($_POST['location_country']); } elseif ($location_row) { - $country = $location_row['location_country']; + $country = mysqli_real_escape_string($mysqli, $location_row['location_country']); } else { $country = ''; } @@ -29,7 +29,7 @@ if (isset($_POST['location_address'])) { $address = sanitizeInput($_POST['location_address']); } elseif ($location_row) { - $address = $location_row['location_address']; + $address = mysqli_real_escape_string($mysqli, $location_row['location_address']); } else { $address = ''; } @@ -37,7 +37,7 @@ if (isset($_POST['location_city'])) { $city = sanitizeInput($_POST['location_city']); } elseif ($location_row) { - $city = $location_row['location_city']; + $city = mysqli_real_escape_string($mysqli, $location_row['location_city']); } else { $city = ''; } @@ -45,7 +45,7 @@ if (isset($_POST['location_state'])) { $state = sanitizeInput($_POST['location_state']); } elseif ($location_row) { - $state = $location_row['location_state']; + $state = mysqli_real_escape_string($mysqli, $location_row['location_state']); } else { $state = ''; } @@ -53,7 +53,7 @@ if (isset($_POST['location_zip'])) { $zip = sanitizeInput($_POST['location_zip']); } elseif ($location_row) { - $zip = $location_row['location_zip']; + $zip = mysqli_real_escape_string($mysqli, $location_row['location_zip']); } else { $zip = ''; } @@ -61,7 +61,7 @@ if (isset($_POST['location_hours'])) { $hours = sanitizeInput($_POST['location_hours']); } elseif ($location_row) { - $hours = $location_row['location_hours']; + $hours = mysqli_real_escape_string($mysqli, $location_row['location_hours']); } else { $hours = ''; } @@ -69,7 +69,7 @@ if (isset($_POST['location_notes'])) { $notes = sanitizeInput($_POST['location_notes']); } elseif ($location_row) { - $notes = $location_row['location_notes']; + $notes = mysqli_real_escape_string($mysqli, $location_row['location_notes']); } else { $notes = ''; } diff --git a/api/v1/tickets/ticket_model.php b/api/v1/tickets/ticket_model.php index 633e6905c..d6bd2c5d5 100644 --- a/api/v1/tickets/ticket_model.php +++ b/api/v1/tickets/ticket_model.php @@ -21,7 +21,7 @@ if (isset($_POST['ticket_subject'])) { $subject = sanitizeInput($_POST['ticket_subject']); } elseif ($ticket_row) { - $subject = $ticket_row['ticket_subject']; + $subject = mysqli_real_escape_string($mysqli, $ticket_row['ticket_subject']); } else { $subject = ''; } @@ -30,16 +30,16 @@ if (isset($_POST['ticket_priority'])) { $priority = sanitizeInput($_POST['ticket_priority']); } elseif ($ticket_row) { - $priority = $ticket_row['ticket_priority']; + $priority = mysqli_real_escape_string($mysqli, $ticket_row['ticket_priority']); } else { $priority = 'Low'; } if (isset($_POST['ticket_details'])) { - $details = mysqli_escape_string($mysqli, $_POST['ticket_details'] . "
"); + $details = mysqli_real_escape_string($mysqli, $_POST['ticket_details'] . "
"); } elseif ($ticket_row) { - $details = $ticket_row['ticket_details']; + $details = mysqli_real_escape_string($mysqli, $ticket_row['ticket_details']); } else { $details = '< blank >
'; } diff --git a/api/v1/update_output.php b/api/v1/update_output.php index da985b541..ed9402be2 100644 --- a/api/v1/update_output.php +++ b/api/v1/update_output.php @@ -16,7 +16,7 @@ // Query returned false: something went wrong, or it was declined due to required variables missing else { $return_arr['success'] = "False"; - $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc)."; + $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc) or no rows changed."; // Log any database/schema related errors to the PHP Error log if (mysqli_error($mysqli)) { diff --git a/cron/cron.php b/cron/cron.php index 71cff90c8..4ab6c21ad 100644 --- a/cron/cron.php +++ b/cron/cron.php @@ -524,7 +524,7 @@ // Late Charges - if ($config_invoice_late_fee_enable == 1) { + if ($config_invoice_late_fee_enable == 1 && $day > 1) { $todays_date = date('Y-m-d'); $late_fee_amount = ($invoice_amount * $config_invoice_late_fee_percent) / 100; diff --git a/db.sql b/db.sql index 1e6409b04..b9b8b8e87 100644 --- a/db.sql +++ b/db.sql @@ -1,4 +1,4 @@ -/*M!999999\- enable the sandbox mode */ +/*M!999999\- enable the sandbox mode */ -- MariaDB dump 10.19 Distrib 10.11.14-MariaDB, for debian-linux-gnu (x86_64) -- -- Host: localhost Database: itflow_dev @@ -449,9 +449,11 @@ DROP TABLE IF EXISTS `categories`; CREATE TABLE `categories` ( `category_id` int(11) NOT NULL AUTO_INCREMENT, `category_name` varchar(200) NOT NULL, + `category_description` varchar(255) DEFAULT NULL, `category_type` varchar(200) NOT NULL, `category_color` varchar(200) DEFAULT NULL, `category_icon` varchar(200) DEFAULT NULL, + `category_order` int(11) NOT NULL DEFAULT 0, `category_parent` int(11) DEFAULT 0, `category_created_at` datetime NOT NULL DEFAULT current_timestamp(), `category_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), @@ -1293,8 +1295,6 @@ CREATE TABLE `invoice_items` ( `item_archived_at` datetime DEFAULT NULL, `item_tax_id` int(11) NOT NULL DEFAULT 0, `item_product_id` int(11) NOT NULL DEFAULT 0, - `item_quote_id` int(11) NOT NULL DEFAULT 0, - `item_recurring_invoice_id` int(11) NOT NULL DEFAULT 0, `item_invoice_id` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`item_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; @@ -2997,4 +2997,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2026-03-07 18:46:25 +-- Dump completed on 2026-04-04 18:13:53 diff --git a/includes/app_version.php b/includes/app_version.php index 67a54bcba..738d2d0c6 100644 --- a/includes/app_version.php +++ b/includes/app_version.php @@ -5,4 +5,4 @@ * Update this file each time we merge develop into master. Format is YY.MM (add a .v if there is more than one release a month. */ -DEFINE("APP_VERSION", "26.03"); +DEFINE("APP_VERSION", "26.04"); diff --git a/includes/database_version.php b/includes/database_version.php index d848c3e89..53c431bc9 100644 --- a/includes/database_version.php +++ b/includes/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "2.4.2"); +DEFINE("LATEST_DATABASE_VERSION", "2.4.4"); diff --git a/includes/load_global_settings.php b/includes/load_global_settings.php index dcbf8fcac..a496f634a 100644 --- a/includes/load_global_settings.php +++ b/includes/load_global_settings.php @@ -195,14 +195,6 @@ include_once "settings_localization_array.php"; - -$category_types_array = array ( - 'Expense', - 'Income', - 'Payment Method', - 'Referral' -); - $asset_types_array = array ( 'Laptop'=>'fa-laptop', 'Desktop'=>'fa-desktop', @@ -220,18 +212,6 @@ 'Other'=>'fa-tag' ); -$software_types_array = array ( - 'Software as a Service (SaaS)', - 'Productivity Suites', - 'Web Application', - 'Desktop Application', - 'Mobile Application', - 'Security Software', - 'System Software', - 'Operating System', - 'Other' -); - $license_types_array = array ( 'Device', 'User' @@ -243,73 +223,9 @@ '2'=>'Global Template' ); -$asset_status_array = array ( - 'Ready to Deploy', - 'Deployed', - 'Out for Repair', - 'Lost', - 'Stolen', - 'Retired' -); - -$ticket_status_array = array ( - 'Open', - 'On Hold', - 'Auto Close', - 'Closed' -); - -$industry_select_array = array( - "Accounting", - "Agriculture", - "Automotive", - "Construction", - "Education", - "Entertainent", - "Finance", - "Government", - "Healthcare", - "Hospititality", - "Information Technology", - "Insurance", - "Pharmacy", - "Law", - "Manufacturing", - "Marketing & Advertising", - "Military", - "Non-Profit", - "Real Estate", - "Retail", - "Services", - "Transportation", - "Other" // An 'Other' option for industries not listed -); - $start_page_select_array = array ( 'dashboard.php'=>'Dashboard', 'clients.php'=> 'Client Management', 'tickets.php'=> 'Support Tickets', 'invoices.php' => 'Invoices' ); - -$rack_type_select_array = array( - "Open Wall-Mount", - "Enclosed Wall-Mount", - "Open Floor-Standing", - "Enclosed Floor-Standing", - "Other" -); - -$note_types_array = array ( - 'Call'=>'fa-phone-alt', - 'Email'=>'fa-envelope', - 'Meeting'=>'fa-handshake', - 'In Person'=>'fa-people-arrows', - 'Note'=>'fa-sticky-note' -); - -$interface_types_array = array ( - 'Ethernet', - 'SFP', - 'WiFi' -); diff --git a/scripts/setup_cli.php b/scripts/setup_cli.php index e055707d2..903abd46d 100644 --- a/scripts/setup_cli.php +++ b/scripts/setup_cli.php @@ -329,6 +329,50 @@ function getOptionOrPrompt($key, $promptMessage, $required = false, $default = ' // Custom Links mysqli_query($mysqli,"INSERT INTO custom_links SET custom_link_name = 'Docs', custom_link_uri = 'https://docs.itflow.org', custom_link_new_tab = 1, custom_link_icon = 'question-circle'"); +// network_interfaces +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ethernet', category_type = 'network_interface', category_order = 1"); // 1 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP', category_type = 'network_interface', category_order = 2"); // 2 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP+', category_type = 'network_interface', category_order = 3"); // 3 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP28', category_type = 'network_interface', category_order = 4"); // 4 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP-DD', category_type = 'network_interface', category_order = 5"); // 5 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Coaxial', category_type = 'network_interface', category_order = 6"); // 6 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Fiber', category_type = 'network_interface', category_order = 7"); // 7 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'WiFi', category_type = 'network_interface', category_order = 8"); // 8 + +// Asset statuses +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ready to Deploy', category_description = 'Asset is configured and ready to be assigned', category_type = 'asset_status', category_order = 1"); // 1 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Deployed', category_description = 'Asset is actively in use and assigned to a client or location', category_type = 'asset_status', category_order = 2"); // 2 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Out for Repair', category_description = 'Asset has been sent out for servicing or repair', category_type = 'asset_status', category_order = 3"); // 3 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Lost', category_description = 'Asset location is unknown and cannot be accounted for', category_type = 'asset_status', category_order = 4"); // 4 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Stolen', category_description = 'Asset has been reported stolen', category_type = 'asset_status', category_order = 5"); // 5 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Retired', category_description = 'Asset has been decommissioned and is no longer in service', category_type = 'asset_status', category_order = 6"); // 6 + +// Contact note types +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Call', category_description = 'Phone call with a client or contact', category_icon = 'fa-phone-alt', category_type = 'contact_note_type', category_order = 1"); // 1 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Email', category_description = 'Email correspondence with a client or contact', category_icon = 'fa-envelope', category_type = 'contact_note_type', category_order = 2"); // 2 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Meeting', category_description = 'Scheduled meeting with a client or contact', category_icon = 'fa-handshake', category_type = 'contact_note_type', category_order = 3"); // 3 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'In Person', category_description = 'In person visit or on-site interaction', category_icon = 'fa-people-arrows', category_type = 'contact_note_type', category_order = 4"); // 4 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Note', category_description = 'General note or internal comment', category_icon = 'fa-sticky-note', category_type = 'contact_note_type', category_order = 5"); // 5 + +// Rack Types +mysqli_query($mysqli, "INSERT INTO categories SET category_name = '2-Post Open Frame', category_description = 'Two-post open frame rack for patch panels and lightweight equipment', category_type = 'rack_type', category_order = 1"); // 1 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Open Frame', category_description = 'Four-post open frame rack for servers and heavier equipment', category_type = 'rack_type', category_order = 2"); // 2 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Enclosed Cabinet', category_description = 'Four-post enclosed cabinet with doors and sides for secure equipment housing', category_type = 'rack_type', category_order = 3"); // 3 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Open', category_description = 'Open frame rack mounted directly to a wall for small deployments', category_type = 'rack_type', category_order = 4"); // 4 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Enclosed', category_description = 'Enclosed cabinet rack mounted to a wall with a locking door', category_type = 'rack_type', category_order = 5"); // 5 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Rack type does not fit any standard category', category_type = 'rack_type', category_order = 6"); // 6 + +// Software Types +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Software as a Service (SaaS)', category_description = 'Cloud-hosted software accessed via a web browser or API', category_type = 'software_type', category_order = 1"); // 1 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Productivity Suite', category_description = 'Bundled office and collaboration tools such as Microsoft 365 or Google Workspace', category_type = 'software_type', category_order = 2"); // 2 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Web Application', category_description = 'Application hosted on a web server and accessed through a browser', category_type = 'software_type', category_order = 3"); // 3 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Desktop Application', category_description = 'Application installed and run locally on a workstation or laptop', category_type = 'software_type', category_order = 4"); // 4 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Mobile Application', category_description = 'Application installed and run on a mobile device or tablet', category_type = 'software_type', category_order = 5"); // 5 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Security Software', category_description = 'Software providing antivirus, endpoint protection, or security monitoring', category_type = 'software_type', category_order = 6"); // 6 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'System Software', category_description = 'Low-level software managing hardware resources and system operations', category_type = 'software_type', category_order = 7"); // 7 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Operating System', category_description = 'Core software managing hardware and providing a platform for applications', category_type = 'software_type', category_order = 8"); // 8 +mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Software type does not fit any standard category', category_type = 'software_type', category_order = 9"); // 9 + // Finalizing mysqli_query($mysqli,"UPDATE companies SET company_locale = '$locale', company_currency = '$currency_code' WHERE company_id = 1"); mysqli_query($mysqli,"UPDATE settings SET config_timezone = '$timezone' WHERE company_id = 1"); diff --git a/setup/index.php b/setup/index.php index 86f43b761..334420cf2 100644 --- a/setup/index.php +++ b/setup/index.php @@ -583,6 +583,49 @@ function importSqlFile(mysqli $mysqli, string $path): void { // Custom Links mysqli_query($mysqli,"INSERT INTO custom_links SET custom_link_name = 'Docs', custom_link_uri = 'https://docs.itflow.org', custom_link_new_tab = 1, custom_link_icon = 'question-circle'"); + // network_interfaces + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ethernet', category_type = 'network_interface', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP', category_type = 'network_interface', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'SFP+', category_type = 'network_interface', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP28', category_type = 'network_interface', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'QSFP-DD', category_type = 'network_interface', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Coaxial', category_type = 'network_interface', category_order = 6"); // 6 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Fiber', category_type = 'network_interface', category_order = 7"); // 7 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'WiFi', category_type = 'network_interface', category_order = 8"); // 8 + + // Asset statuses + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Ready to Deploy', category_description = 'Asset is configured and ready to be assigned', category_type = 'asset_status', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Deployed', category_description = 'Asset is actively in use and assigned to a client or location', category_type = 'asset_status', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Out for Repair', category_description = 'Asset has been sent out for servicing or repair', category_type = 'asset_status', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Lost', category_description = 'Asset location is unknown and cannot be accounted for', category_type = 'asset_status', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Stolen', category_description = 'Asset has been reported stolen', category_type = 'asset_status', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Retired', category_description = 'Asset has been decommissioned and is no longer in service', category_type = 'asset_status', category_order = 6"); // 6 + + // Contact note types + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Call', category_description = 'Phone call with a client or contact', category_icon = 'fa-phone-alt', category_type = 'contact_note_type', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Email', category_description = 'Email correspondence with a client or contact', category_icon = 'fa-envelope', category_type = 'contact_note_type', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Meeting', category_description = 'Scheduled meeting with a client or contact', category_icon = 'fa-handshake', category_type = 'contact_note_type', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'In Person', category_description = 'In person visit or on-site interaction', category_icon = 'fa-people-arrows', category_type = 'contact_note_type', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Note', category_description = 'General note or internal comment', category_icon = 'fa-sticky-note', category_type = 'contact_note_type', category_order = 5"); // 5 + + // Rack Types + mysqli_query($mysqli, "INSERT INTO categories SET category_name = '2-Post Open Frame', category_description = 'Two-post open frame rack for patch panels and lightweight equipment', category_type = 'rack_type', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Open Frame', category_description = 'Four-post open frame rack for servers and heavier equipment', category_type = 'rack_type', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = '4-Post Enclosed Cabinet', category_description = 'Four-post enclosed cabinet with doors and sides for secure equipment housing', category_type = 'rack_type', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Open', category_description = 'Open frame rack mounted directly to a wall for small deployments', category_type = 'rack_type', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Wall-Mount Enclosed', category_description = 'Enclosed cabinet rack mounted to a wall with a locking door', category_type = 'rack_type', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Rack type does not fit any standard category', category_type = 'rack_type', category_order = 6"); // 6 + + // Software Types + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Software as a Service (SaaS)', category_description = 'Cloud-hosted software accessed via a web browser or API', category_type = 'software_type', category_order = 1"); // 1 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Productivity Suite', category_description = 'Bundled office and collaboration tools such as Microsoft 365 or Google Workspace', category_type = 'software_type', category_order = 2"); // 2 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Web Application', category_description = 'Application hosted on a web server and accessed through a browser', category_type = 'software_type', category_order = 3"); // 3 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Desktop Application', category_description = 'Application installed and run locally on a workstation or laptop', category_type = 'software_type', category_order = 4"); // 4 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Mobile Application', category_description = 'Application installed and run on a mobile device or tablet', category_type = 'software_type', category_order = 5"); // 5 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Security Software', category_description = 'Software providing antivirus, endpoint protection, or security monitoring', category_type = 'software_type', category_order = 6"); // 6 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'System Software', category_description = 'Low-level software managing hardware resources and system operations', category_type = 'software_type', category_order = 7"); // 7 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Operating System', category_description = 'Core software managing hardware and providing a platform for applications', category_type = 'software_type', category_order = 8"); // 8 + mysqli_query($mysqli, "INSERT INTO categories SET category_name = 'Other', category_description = 'Software type does not fit any standard category', category_type = 'software_type', category_order = 9"); // 9 $_SESSION['alert_message'] = "Company $name created";