-
-
Notifications
You must be signed in to change notification settings - Fork 168
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
53 changed files
with
3,546 additions
and
3,320 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| <?php | ||
|
|
||
| require_once '../includes/ajax_header.php'; | ||
|
|
||
| $account_id = intval($_GET['id']); | ||
|
|
||
| $sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_id = $account_id LIMIT 1"); | ||
|
|
||
| $row = mysqli_fetch_array($sql); | ||
| $account_name = nullable_htmlentities($row['account_name']); | ||
| $account_notes = nullable_htmlentities($row['account_notes']); | ||
|
|
||
| // Generate the HTML form content using output buffering. | ||
| ob_start(); | ||
| ?> | ||
|
|
||
| <div class="modal-header"> | ||
| <h5 class="modal-title"><i class="fa fa-fw fa-piggy-bank mr-2"></i>Editing account: <strong><?php echo $account_name; ?></strong></h5> | ||
| <button type="button" class="close text-white" data-dismiss="modal"> | ||
| <span>×</span> | ||
| </button> | ||
| </div> | ||
| <form action="post.php" method="post" autocomplete="off"> | ||
| <input type="hidden" name="account_id" value="<?php echo $account_id; ?>"> | ||
| <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>"> | ||
| <div class="modal-body bg-white"> | ||
| <div class="form-group"> | ||
| <label>Account Name <strong class="text-danger">*</strong></label> | ||
| <div class="input-group"> | ||
| <div class="input-group-prepend"> | ||
| <span class="input-group-text"><i class="fa fa-fw fa-piggy-bank"></i></span> | ||
| </div> | ||
| <input type="text" class="form-control" name="name" maxlength="200" value="<?php echo $account_name; ?>" required> | ||
| </div> | ||
| </div> | ||
|
|
||
| <div class="form-group"> | ||
| <label>Notes</label> | ||
| <textarea class="form-control" rows="5" placeholder="Enter some notes" name="notes"><?php echo $account_notes; ?></textarea> | ||
| </div> | ||
|
|
||
| </div> | ||
| <div class="modal-footer bg-white"> | ||
| <button type="submit" name="edit_account" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button> | ||
| <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button> | ||
| </div> | ||
| </form> | ||
|
|
||
| <?php | ||
|
|
||
| require_once "../includes/ajax_footer.php"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,109 @@ | ||
| <?php | ||
|
|
||
| require_once '../includes/ajax_header.php'; | ||
|
|
||
| $document_id = intval($_GET['id']); | ||
|
|
||
| $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id"); | ||
|
|
||
| $row = mysqli_fetch_array($sql); | ||
| $client_id = intval($row['document_client_id']); | ||
| $document_folder_id = nullable_htmlentities($row['document_folder_id']); | ||
| $document_name = nullable_htmlentities($row['document_name']); | ||
|
|
||
|
|
||
| // Generate the HTML form content using output buffering. | ||
| ob_start(); | ||
| ?> | ||
| <div class="modal-header"> | ||
| <h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Moving document: <strong><?php echo $document_name; ?></strong></h5> | ||
| <button type="button" class="close text-white" data-dismiss="modal"> | ||
| <span>×</span> | ||
| </button> | ||
| </div> | ||
| <form action="post.php" method="post" autocomplete="off"> | ||
| <input type="hidden" name="document_id" value="<?php echo $document_id; ?>"> | ||
| <div class="modal-body bg-white"> | ||
|
|
||
| <div class="form-group"> | ||
| <label>Move Document to</label> | ||
| <div class="input-group"> | ||
| <div class="input-group-prepend"> | ||
| <span class="input-group-text"><i class="fa fa-fw fa-folder"></i></span> | ||
| </div> | ||
| <select class="form-control select2" name="folder"> | ||
| <option value="0">/</option> | ||
| <?php | ||
| // Fetch all folders for the client | ||
| $sql_all_folders = mysqli_query($mysqli, "SELECT folder_id, folder_name, parent_folder FROM folders WHERE folder_location = 0 AND folder_client_id = $client_id ORDER BY folder_name ASC"); | ||
| $folders = array(); | ||
|
|
||
| // Build an associative array of folders indexed by folder_id | ||
| while ($row = mysqli_fetch_assoc($sql_all_folders)) { | ||
| $folders[$row['folder_id']] = array( | ||
| 'folder_id' => intval($row['folder_id']), | ||
| 'folder_name' => nullable_htmlentities($row['folder_name']), | ||
| 'parent_folder' => intval($row['parent_folder']), | ||
| 'children' => array() | ||
| ); | ||
| } | ||
|
|
||
| // Build the folder hierarchy | ||
| foreach ($folders as $id => &$folder) { | ||
| if ($folder['parent_folder'] != 0 && isset($folders[$folder['parent_folder']])) { | ||
| $folders[$folder['parent_folder']]['children'][] = &$folder; | ||
| } | ||
| } | ||
| unset($folder); // Break the reference | ||
|
|
||
| // Prepare a list of root folders | ||
| $root_folders = array(); | ||
| foreach ($folders as $id => $folder) { | ||
| if ($folder['parent_folder'] == 0) { | ||
| $root_folders[] = $folder; | ||
| } | ||
| } | ||
|
|
||
| // Display the folder options iteratively | ||
| $stack = array(); | ||
| foreach (array_reverse($root_folders) as $folder) { | ||
| $stack[] = array('folder' => $folder, 'level' => 0); | ||
| } | ||
|
|
||
| while (!empty($stack)) { | ||
| $node = array_pop($stack); | ||
| $folder = $node['folder']; | ||
| $level = $node['level']; | ||
|
|
||
| // Indentation for subfolders | ||
| $indentation = str_repeat(' ', $level * 4); | ||
|
|
||
| // Check if this folder is selected | ||
| $selected = ''; | ||
| if ($folder['folder_id'] == $document_folder_id) { | ||
| $selected = 'selected'; | ||
| } | ||
|
|
||
| echo "<option value=\"{$folder['folder_id']}\" $selected>$indentation{$folder['folder_name']}</option>"; | ||
|
|
||
| // Add children to the stack | ||
| if (!empty($folder['children'])) { | ||
| foreach (array_reverse($folder['children']) as $child_folder) { | ||
| $stack[] = array('folder' => $child_folder, 'level' => $level + 1); | ||
| } | ||
| } | ||
| } | ||
| ?> | ||
| </select> | ||
| </div> | ||
| </div> | ||
|
|
||
| </div> | ||
| <div class="modal-footer bg-white"> | ||
| <button type="submit" name="move_document" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Move</button> | ||
| <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button> | ||
| </div> | ||
| </form> | ||
|
|
||
| <?php | ||
| require_once "../includes/ajax_footer.php"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| <?php | ||
|
|
||
| require_once '../includes/ajax_header.php'; | ||
|
|
||
| $document_id = intval($_GET['id']); | ||
|
|
||
| $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id"); | ||
|
|
||
| $row = mysqli_fetch_array($sql); | ||
| $client_id = intval($row['document_client_id']); | ||
| $document_name = nullable_htmlentities($row['document_name']); | ||
|
|
||
|
|
||
| // Generate the HTML form content using output buffering. | ||
| ob_start(); | ||
| ?> | ||
| <div class="modal-header"> | ||
| <h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Renaming document: <strong><?php echo $document_name; ?></strong></h5> | ||
| <button type="button" class="close text-white" data-dismiss="modal"> | ||
| <span>×</span> | ||
| </button> | ||
| </div> | ||
| <form action="post.php" method="post" autocomplete="off"> | ||
| <input type="hidden" name="document_id" value="<?php echo $document_id; ?>"> | ||
| <input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> | ||
| <div class="modal-body bg-white"> | ||
|
|
||
| <div class="form-group"> | ||
| <label>Document Name <strong class="text-danger">*</strong></label> | ||
| <div class="input-group"> | ||
| <div class="input-group-prepend"> | ||
| <span class="input-group-text"><i class="fa fa-fw fa-file-alt"></i></span> | ||
| </div> | ||
| <input class="form-control" type="text" name="name" maxlength="200" value="<?php echo $document_name; ?>" required> | ||
| </div> | ||
| </div> | ||
|
|
||
| </div> | ||
| <div class="modal-footer bg-white"> | ||
| <button type="submit" name="rename_document" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Rename</button> | ||
| <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button> | ||
| </div> | ||
| </form> | ||
|
|
||
| <?php | ||
| require_once "../includes/ajax_footer.php"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| <?php | ||
|
|
||
| require_once '../includes/ajax_header.php'; | ||
|
|
||
| // Initialize the HTML Purifier to prevent XSS | ||
| require_once "../plugins/htmlpurifier/HTMLPurifier.standalone.php"; | ||
|
|
||
| $purifier_config = HTMLPurifier_Config::createDefault(); | ||
| $purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one | ||
| $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); | ||
| $purifier = new HTMLPurifier($purifier_config); | ||
|
|
||
| $document_id = intval($_GET['id']); | ||
|
|
||
| $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id"); | ||
|
|
||
| $row = mysqli_fetch_array($sql); | ||
| $document_name = nullable_htmlentities($row['document_name']); | ||
| $document_content = $purifier->purify($row['document_content']); | ||
|
|
||
|
|
||
| // Generate the HTML form content using output buffering. | ||
| ob_start(); | ||
| ?> | ||
|
|
||
| <div class="modal-header"> | ||
| <h5 class="modal-title text-white"><i class="fa fa-fw fa-file-alt mr-2"></i><?php echo $document_name; ?></h5> | ||
| <button type="button" class="close text-white" data-dismiss="modal"> | ||
| <span>×</span> | ||
| </button> | ||
| </div> | ||
| <div class="modal-body bg-white prettyContent"> | ||
| <?php echo $document_content; ?> | ||
| </div> | ||
|
|
||
| <?php | ||
| require_once "../includes/ajax_footer.php"; |
Oops, something went wrong.