diff --git a/app/admin/ajax-maintenance-mode.php b/app/admin/ajax-maintenance-mode.php
index 06cbb51..5bc2c26 100644
--- a/app/admin/ajax-maintenance-mode.php
+++ b/app/admin/ajax-maintenance-mode.php
@@ -5,7 +5,7 @@
if(!csrf_token(true)) exit;
- $status = $_REQUEST['status'];
+ $status = Request::val('status');
if($status == 'on') maintenance_mode(true);
if($status == 'off') maintenance_mode(false);
diff --git a/app/admin/getUsers.php b/app/admin/getUsers.php
index 13508cd..85a82bc 100644
--- a/app/admin/getUsers.php
+++ b/app/admin/getUsers.php
@@ -25,17 +25,14 @@
// how many results to return per call, in case of json output
$results_per_page = 50;
- $id = false;
- if(isset($_REQUEST['id'])) $id = from_utf8($_REQUEST['id']);
+ $id = from_utf8(Request::val('id'));
+ $search_term = from_utf8(Request::val('s'));
- $search_term = false;
- if(isset($_REQUEST['s'])) $search_term = from_utf8($_REQUEST['s']);
-
- $page = intval($_REQUEST['p']);
+ $page = intval(Request::val('p'));
if($page < 1) $page = 1;
$skip = $results_per_page * ($page - 1);
- $table_name = $_REQUEST['t'];
+ $table_name = Request::val('t');
if(!in_array($table_name, array_keys(getTableList()))) {
/* invalid table */
echo '{"results":[{"id":"","text":"Invalid table"}],"more":false,"elapsed":0}';
diff --git a/app/admin/incFunctions.php b/app/admin/incFunctions.php
index d441489..1465565 100644
--- a/app/admin/incFunctions.php
+++ b/app/admin/incFunctions.php
@@ -400,7 +400,7 @@ function sql($statement, &$o) {
/* log slow queries that take more than 1 sec */
$t1 = microtime(true);
- if($t1 - $t0 > 1.0 && empty($o['noSlowQueryLog']))
+ if(($t1 - $t0) > 1.0 && empty($o['noSlowQueryLog']))
logSlowQuery($statement, $t1 - $t0);
return $result;
@@ -985,62 +985,350 @@ function get_table_fields($tn = null) {
/* application schema as created in AppGini */
$schema = [
'invoices' => [
- 'id' => ['appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT"],
- 'code' => ['appgini' => "VARCHAR(20) NULL UNIQUE"],
- 'status' => ['appgini' => "VARCHAR(20) NOT NULL DEFAULT 'Unpaid'"],
- 'date_due' => ['appgini' => "DATE NULL"],
- 'client' => ['appgini' => "INT UNSIGNED NULL"],
- 'client_contact' => ['appgini' => "INT UNSIGNED NULL"],
- 'client_address' => ['appgini' => "INT UNSIGNED NULL"],
- 'client_phone' => ['appgini' => "INT UNSIGNED NULL"],
- 'client_email' => ['appgini' => "INT UNSIGNED NULL"],
- 'client_website' => ['appgini' => "INT UNSIGNED NULL"],
- 'client_comments' => ['appgini' => "INT UNSIGNED NULL"],
- 'subtotal' => ['appgini' => "DECIMAL(9,2) NULL"],
- 'discount' => ['appgini' => "DECIMAL(4,2) NULL DEFAULT '0'"],
- 'tax' => ['appgini' => "DECIMAL(9,2) NULL DEFAULT '0'"],
- 'total' => ['appgini' => "DECIMAL(9,2) NULL"],
- 'comments' => ['appgini' => "TEXT NULL"],
- 'invoice_template' => ['appgini' => "VARCHAR(100) NULL"],
- 'created' => ['appgini' => "VARCHAR(200) NULL"],
- 'last_updated' => ['appgini' => "VARCHAR(200) NULL"],
+ 'id' => [
+ 'appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT",
+ 'info' => [
+ 'caption' => 'ID',
+ 'description' => '',
+ ],
+ ],
+ 'code' => [
+ 'appgini' => "VARCHAR(20) NULL UNIQUE",
+ 'info' => [
+ 'caption' => 'Code',
+ 'description' => '',
+ ],
+ ],
+ 'status' => [
+ 'appgini' => "VARCHAR(20) NOT NULL DEFAULT 'Unpaid'",
+ 'info' => [
+ 'caption' => 'Status',
+ 'description' => '',
+ ],
+ ],
+ 'date_due' => [
+ 'appgini' => "DATE NULL",
+ 'info' => [
+ 'caption' => 'Date due',
+ 'description' => '',
+ ],
+ ],
+ 'client' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client',
+ 'description' => '',
+ ],
+ ],
+ 'client_contact' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client contact',
+ 'description' => '',
+ ],
+ ],
+ 'client_address' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client address',
+ 'description' => '',
+ ],
+ ],
+ 'client_phone' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client phone',
+ 'description' => '',
+ ],
+ ],
+ 'client_email' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client email',
+ 'description' => '',
+ ],
+ ],
+ 'client_website' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client website',
+ 'description' => '',
+ ],
+ ],
+ 'client_comments' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Client comments',
+ 'description' => '',
+ ],
+ ],
+ 'subtotal' => [
+ 'appgini' => "DECIMAL(9,2) NULL",
+ 'info' => [
+ 'caption' => 'Subtotal',
+ 'description' => 'Automatically calculated from invoice items.',
+ ],
+ ],
+ 'discount' => [
+ 'appgini' => "DECIMAL(4,2) NULL DEFAULT '0'",
+ 'info' => [
+ 'caption' => 'Discount %',
+ 'description' => 'Enter discount percentage here. Example: enter "10" (without the quotes) to apply a 10% discount off the invoice subtotal.',
+ ],
+ ],
+ 'tax' => [
+ 'appgini' => "DECIMAL(9,2) NULL DEFAULT '0'",
+ 'info' => [
+ 'caption' => 'Tax %',
+ 'description' => 'Enter tax percentage here. Example: enter "10" (without the quotes) to apply a 10% tax to the invoice.',
+ ],
+ ],
+ 'total' => [
+ 'appgini' => "DECIMAL(9,2) NULL",
+ 'info' => [
+ 'caption' => 'Total',
+ 'description' => 'Automatically calculated: (Subtotal - Discount%) + Tax%',
+ ],
+ ],
+ 'comments' => [
+ 'appgini' => "TEXT NULL",
+ 'info' => [
+ 'caption' => 'Comments',
+ 'description' => '',
+ ],
+ ],
+ 'invoice_template' => [
+ 'appgini' => "VARCHAR(100) NULL",
+ 'info' => [
+ 'caption' => 'Invoice template',
+ 'description' => 'Choose the template to use when printing this invoice',
+ ],
+ ],
+ 'created' => [
+ 'appgini' => "VARCHAR(200) NULL",
+ 'info' => [
+ 'caption' => 'Created',
+ 'description' => '',
+ ],
+ ],
+ 'last_updated' => [
+ 'appgini' => "VARCHAR(200) NULL",
+ 'info' => [
+ 'caption' => 'Last updated',
+ 'description' => '',
+ ],
+ ],
],
'clients' => [
- 'id' => ['appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT"],
- 'name' => ['appgini' => "VARCHAR(200) NULL UNIQUE"],
- 'contact' => ['appgini' => "VARCHAR(255) NULL"],
- 'title' => ['appgini' => "VARCHAR(40) NULL"],
- 'address' => ['appgini' => "TEXT NULL"],
- 'city' => ['appgini' => "VARCHAR(40) NULL"],
- 'country' => ['appgini' => "VARCHAR(40) NULL"],
- 'phone' => ['appgini' => "VARCHAR(100) NULL"],
- 'email' => ['appgini' => "VARCHAR(80) NULL"],
- 'website' => ['appgini' => "VARCHAR(200) NULL"],
- 'comments' => ['appgini' => "TEXT NULL"],
- 'unpaid_sales' => ['appgini' => "DECIMAL(10,2) NULL"],
- 'paid_sales' => ['appgini' => "DECIMAL(10,2) NULL"],
- 'total_sales' => ['appgini' => "DECIMAL(10,2) NULL"],
+ 'id' => [
+ 'appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT",
+ 'info' => [
+ 'caption' => 'ID',
+ 'description' => '',
+ ],
+ ],
+ 'name' => [
+ 'appgini' => "VARCHAR(200) NULL UNIQUE",
+ 'info' => [
+ 'caption' => 'Name',
+ 'description' => '',
+ ],
+ ],
+ 'contact' => [
+ 'appgini' => "VARCHAR(255) NULL",
+ 'info' => [
+ 'caption' => 'Contact',
+ 'description' => '',
+ ],
+ ],
+ 'title' => [
+ 'appgini' => "VARCHAR(40) NULL",
+ 'info' => [
+ 'caption' => 'Title',
+ 'description' => '',
+ ],
+ ],
+ 'address' => [
+ 'appgini' => "TEXT NULL",
+ 'info' => [
+ 'caption' => 'Address',
+ 'description' => '',
+ ],
+ ],
+ 'city' => [
+ 'appgini' => "VARCHAR(40) NULL",
+ 'info' => [
+ 'caption' => 'City',
+ 'description' => '',
+ ],
+ ],
+ 'country' => [
+ 'appgini' => "VARCHAR(40) NULL",
+ 'info' => [
+ 'caption' => 'Country',
+ 'description' => '',
+ ],
+ ],
+ 'phone' => [
+ 'appgini' => "VARCHAR(100) NULL",
+ 'info' => [
+ 'caption' => 'Phone',
+ 'description' => '',
+ ],
+ ],
+ 'email' => [
+ 'appgini' => "VARCHAR(80) NULL",
+ 'info' => [
+ 'caption' => 'Email',
+ 'description' => '',
+ ],
+ ],
+ 'website' => [
+ 'appgini' => "VARCHAR(200) NULL",
+ 'info' => [
+ 'caption' => 'Website',
+ 'description' => '',
+ ],
+ ],
+ 'comments' => [
+ 'appgini' => "TEXT NULL",
+ 'info' => [
+ 'caption' => 'Comments',
+ 'description' => '',
+ ],
+ ],
+ 'unpaid_sales' => [
+ 'appgini' => "DECIMAL(10,2) NULL",
+ 'info' => [
+ 'caption' => 'Unpaid sales',
+ 'description' => 'Automatically calculated field by summing this client\'s unpaid invoices\' total.',
+ ],
+ ],
+ 'paid_sales' => [
+ 'appgini' => "DECIMAL(10,2) NULL",
+ 'info' => [
+ 'caption' => 'Paid sales',
+ 'description' => 'Automatically calculated field by summing this client\'s paid invoices\' total.',
+ ],
+ ],
+ 'total_sales' => [
+ 'appgini' => "DECIMAL(10,2) NULL",
+ 'info' => [
+ 'caption' => 'Total sales',
+ 'description' => 'Automatically calculated field by summing this client\'s non-cancelled invoices\' total.',
+ ],
+ ],
],
'item_prices' => [
- 'id' => ['appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT"],
- 'item' => ['appgini' => "INT UNSIGNED NULL"],
- 'price' => ['appgini' => "DECIMAL(10,2) NULL DEFAULT '0.00'"],
- 'date' => ['appgini' => "DATE NULL"],
+ 'id' => [
+ 'appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT",
+ 'info' => [
+ 'caption' => 'ID',
+ 'description' => '',
+ ],
+ ],
+ 'item' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Item',
+ 'description' => '',
+ ],
+ ],
+ 'price' => [
+ 'appgini' => "DECIMAL(10,2) NULL DEFAULT '0.00'",
+ 'info' => [
+ 'caption' => 'Price',
+ 'description' => '',
+ ],
+ ],
+ 'date' => [
+ 'appgini' => "DATE NULL",
+ 'info' => [
+ 'caption' => 'Date',
+ 'description' => '',
+ ],
+ ],
],
'invoice_items' => [
- 'id' => ['appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT"],
- 'invoice' => ['appgini' => "INT UNSIGNED NULL"],
- 'item' => ['appgini' => "INT UNSIGNED NULL"],
- 'current_price' => ['appgini' => "INT UNSIGNED NULL"],
- 'catalog_price' => ['appgini' => "DECIMAL(10,2) UNSIGNED NULL"],
- 'unit_price' => ['appgini' => "DECIMAL(10,2) UNSIGNED NOT NULL"],
- 'qty' => ['appgini' => "DECIMAL(9,3) NULL DEFAULT '1'"],
- 'price' => ['appgini' => "DECIMAL(9,2) NULL"],
+ 'id' => [
+ 'appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT",
+ 'info' => [
+ 'caption' => 'ID',
+ 'description' => '',
+ ],
+ ],
+ 'invoice' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Invoice',
+ 'description' => '',
+ ],
+ ],
+ 'item' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Item',
+ 'description' => '',
+ ],
+ ],
+ 'current_price' => [
+ 'appgini' => "INT UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Current price',
+ 'description' => 'This is the current catalog price of the selected item.',
+ ],
+ ],
+ 'catalog_price' => [
+ 'appgini' => "DECIMAL(10,2) UNSIGNED NULL",
+ 'info' => [
+ 'caption' => 'Catalog price at order date',
+ 'description' => '',
+ ],
+ ],
+ 'unit_price' => [
+ 'appgini' => "DECIMAL(10,2) UNSIGNED NOT NULL",
+ 'info' => [
+ 'caption' => 'Unit price',
+ 'description' => 'You can either use the catalog price or change to a different price.',
+ ],
+ ],
+ 'qty' => [
+ 'appgini' => "DECIMAL(9,3) NULL DEFAULT '1'",
+ 'info' => [
+ 'caption' => 'Qty',
+ 'description' => '',
+ ],
+ ],
+ 'price' => [
+ 'appgini' => "DECIMAL(9,2) NULL",
+ 'info' => [
+ 'caption' => 'Price',
+ 'description' => 'Will be automatically calculated from unit price and quantity, excluding taxes.',
+ ],
+ ],
],
'items' => [
- 'id' => ['appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT"],
- 'item_description' => ['appgini' => "TEXT NULL"],
- 'unit_price' => ['appgini' => "DECIMAL(10,2) NULL"],
+ 'id' => [
+ 'appgini' => "INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT",
+ 'info' => [
+ 'caption' => 'ID',
+ 'description' => '',
+ ],
+ ],
+ 'item_description' => [
+ 'appgini' => "TEXT NULL",
+ 'info' => [
+ 'caption' => 'Item Description',
+ 'description' => '',
+ ],
+ ],
+ 'unit_price' => [
+ 'appgini' => "DECIMAL(10,2) NULL",
+ 'info' => [
+ 'caption' => 'Unit price',
+ 'description' => 'This is the most recent unit price as obtained from "Item prices" table.',
+ ],
+ ],
],
];
}
@@ -1052,7 +1340,7 @@ function get_table_fields($tn = null) {
########################################################################
function update_membership_groups() {
$tn = 'membership_groups';
- $eo = ['silentErrors' => true];
+ $eo = ['silentErrors' => true, 'noErrorQueryLog' => true];
sql(
"CREATE TABLE IF NOT EXISTS `{$tn}` (
@@ -1073,7 +1361,7 @@ function update_membership_groups() {
########################################################################
function update_membership_users() {
$tn = 'membership_users';
- $eo = ['silentErrors' => true];
+ $eo = ['silentErrors' => true, 'noErrorQueryLog' => true];
sql(
"CREATE TABLE IF NOT EXISTS `{$tn}` (
@@ -1111,7 +1399,7 @@ function update_membership_users() {
########################################################################
function update_membership_userrecords() {
$tn = 'membership_userrecords';
- $eo = ['silentErrors' => true];
+ $eo = ['silentErrors' => true, 'noErrorQueryLog' => true];
sql(
"CREATE TABLE IF NOT EXISTS `{$tn}` (
@@ -1141,7 +1429,7 @@ function update_membership_userrecords() {
########################################################################
function update_membership_grouppermissions() {
$tn = 'membership_grouppermissions';
- $eo = ['silentErrors' => true];
+ $eo = ['silentErrors' => true, 'noErrorQueryLog' => true];
sql(
"CREATE TABLE IF NOT EXISTS `{$tn}` (
@@ -1161,7 +1449,7 @@ function update_membership_grouppermissions() {
########################################################################
function update_membership_userpermissions() {
$tn = 'membership_userpermissions';
- $eo = ['silentErrors' => true];
+ $eo = ['silentErrors' => true, 'noErrorQueryLog' => true];
sql(
"CREATE TABLE IF NOT EXISTS `{$tn}` (
@@ -1182,7 +1470,7 @@ function update_membership_userpermissions() {
########################################################################
function update_membership_usersessions() {
$tn = 'membership_usersessions';
- $eo = ['silentErrors' => true];
+ $eo = ['silentErrors' => true, 'noErrorQueryLog' => true];
sql(
"CREATE TABLE IF NOT EXISTS `membership_usersessions` (
@@ -1392,7 +1680,7 @@ function csrf_token($validate = false, $token_only = false) {
}
/* validate submitted token */
- $user_token = (isset($_REQUEST['csrf_token']) ? $_REQUEST['csrf_token'] : false);
+ $user_token = Request::val('csrf_token', false);
if($csrf_token_expiry < time() || !$user_token || $user_token != $csrf_token) {
return false;
}
@@ -1654,8 +1942,9 @@ function sendmail($mail) {
$pm->Debugoutput = 'html';
$pm->Host = $cfg['smtp_server'];
$pm->Port = $cfg['smtp_port'];
- $pm->SMTPAuth = true;
+ $pm->SMTPAuth = !empty($cfg['smtp_user']) || !empty($cfg['smtp_pass']);
$pm->SMTPSecure = $cfg['smtp_encryption'];
+ $pm->SMTPAutoTLS = $cfg['smtp_encryption'] ? true : false;
$pm->Username = $cfg['smtp_user'];
$pm->Password = $cfg['smtp_pass'];
}
@@ -2101,6 +2390,7 @@ function to_utf8($str) {
* @details if the constant 'datalist_db_encoding' is not defined, original string is returned
*/
function from_utf8($str) {
+ if(!strlen($str)) return $str;
if(!defined('datalist_db_encoding')) return $str;
if(datalist_db_encoding == 'UTF-8') return $str;
return iconv('UTF-8', datalist_db_encoding, $str);
@@ -2426,7 +2716,7 @@ function parseTemplate($template) {
return $template;
}
#########################################################
- function getUploadDir($dir) {
+ function getUploadDir($dir = '') {
if($dir == '') $dir = config('adminConfig')['baseUploadPath'];
return rtrim($dir, '\\/') . '/';
diff --git a/app/admin/pageBackupRestore.php b/app/admin/pageBackupRestore.php
index 900b727..55cdaad 100644
--- a/app/admin/pageBackupRestore.php
+++ b/app/admin/pageBackupRestore.php
@@ -57,8 +57,8 @@ protected function elapsed() {
}
protected function process_request($request) {
- /* action must be a valid controller, else set to default (main) */
- $controller = isset($request['action']) ? $request['action'] : false;
+ /* action must be a valid controller, and CSRF token valid, else set to default (main) */
+ $controller = isset($request['action']) && csrf_token(true) ? $request['action'] : false;
if(!in_array($controller, $this->controllers())) $request['action'] = 'main';
$this->request = $request;
@@ -159,19 +159,21 @@ public function main() {
' ' . $this->lang['about backups'],
'class' => 'info',
'dismiss_days' => 30,
'id' => 'info-about-backups'
- ));
+ ]);
if(!$can_backup) {
- echo Notification::show(array(
+ echo Notification::show([
'message' => $this->lang['cant create backup folder'],
'class' => 'danger',
'dismiss_seconds' => 900
- ));
+ ]);
}
?>
@@ -217,7 +219,7 @@ public function main() {
var display_backups = function() {
$j.ajax({
url: page,
- data: { action: 'get_backup_files' },
+ data: { action: 'get_backup_files', csrf_token: $j('#csrf_token').val() },
success: function(resp) {
try{
var list = JSON.parse(resp);
@@ -251,7 +253,7 @@ public function main() {
$j.ajax({
url: page,
- data: { action: 'restore', md5_hash: $j(this).data('md5_hash') },
+ data: { action: 'restore', md5_hash: $j(this).data('md5_hash'), csrf_token: $j('#csrf_token').val() },
success: function() {
show_notification({
message: backup_restored,
@@ -275,7 +277,7 @@ class: 'danger',
$j.ajax({
url: page,
- data: { action: 'delete', md5_hash: $j(this).data('md5_hash') },
+ data: { action: 'delete', md5_hash: $j(this).data('md5_hash'), csrf_token: $j('#csrf_token').val() },
success: function() {
show_notification({
message: backup_deleted,
@@ -309,7 +311,7 @@ class: 'danger',
btn.addClass('btn-warning').prop('disabled', true).html(' ' + please_wait);
$j.ajax({
url: page,
- data: { action: 'create_backup' },
+ data: { action: 'create_backup', csrf_token: $j('#csrf_token').val() },
success: function() {
btn.removeClass('btn-warning btn-primary').addClass('btn-success').html(' ' + finished);
},
diff --git a/app/admin/pageEditMember.php b/app/admin/pageEditMember.php
index 7cf5648..70ec484 100644
--- a/app/admin/pageEditMember.php
+++ b/app/admin/pageEditMember.php
@@ -9,7 +9,7 @@
$anonGroup = $adminConfig['anonymousGroup'];
/* no editing of guest user */
- if(strtolower($_REQUEST['memberID']) == $anonMemberID || strtolower($_REQUEST['oldMemberID']) == $anonMemberID) {
+ if(strtolower(Request::val('memberID')) == $anonMemberID || strtolower(Request::val('oldMemberID')) == $anonMemberID) {
redirect('admin/pageViewMembers.php');
exit;
}
diff --git a/app/admin/pageEditMemberPermissions.php b/app/admin/pageEditMemberPermissions.php
index 316796c..a65b3d9 100644
--- a/app/admin/pageEditMemberPermissions.php
+++ b/app/admin/pageEditMemberPermissions.php
@@ -6,7 +6,7 @@
$tables = getTableList();
// ensure that a memberID is provided
- if(!isset($_REQUEST['memberID'])) {
+ if(!Request::has('memberID')) {
// error in request. redirect to members page.
redirect('admin/pageViewMembers.php');
}
diff --git a/app/admin/pageEditOwnership.php b/app/admin/pageEditOwnership.php
index 86693dc..0fed62a 100644
--- a/app/admin/pageEditOwnership.php
+++ b/app/admin/pageEditOwnership.php
@@ -5,20 +5,20 @@
$recID = 0;
// request to save changes?
- if(isset($_REQUEST['saveChanges'])) {
+ if(Request::val('saveChanges')) {
// csrf check
if(!csrf_token(true)) die($Translation['invalid security token']);
// validate data
- $recID = intval($_REQUEST['recID']);
- $memberID = makeSafe(strtolower($_REQUEST['memberID']));
- $groupID = intval($_REQUEST['groupID']);
+ $recID = intval(Request::val('recID'));
+ $memberID = makeSafe(strtolower(Request::val('memberID')));
+ $groupID = intval(Request::val('groupID'));
###############################
/* for ajax requests coming from the users' area, get the recID */
if(is_ajax()) {
- $tableName = $_REQUEST['t'];
- $pkValue = $_REQUEST['pkValue'];
+ $tableName = Request::val('t');
+ $pkValue = Request::val('pkValue');
if(!in_array($tableName, array_keys(getTableList()))) die($Translation['invalid table']);
diff --git a/app/admin/pageMail.php b/app/admin/pageMail.php
index 12b7d00..e9223c1 100644
--- a/app/admin/pageMail.php
+++ b/app/admin/pageMail.php
@@ -16,9 +16,9 @@
// determine and validate recipients
$memberID = new Request('memberID', 'strtolower');
- $groupID = intval($_REQUEST['groupID']);
- $sendToAll = intval($_REQUEST['sendToAll']);
- $showDebug = $_REQUEST['showDebug'] ? true : false;
+ $groupID = intval(Request::val('groupID'));
+ $sendToAll = intval(Request::val('sendToAll'));
+ $showDebug = Request::val('showDebug') ? true : false;
$isGroup = ($memberID->raw != '' ? false : true);
@@ -109,7 +109,7 @@
if($showDebug) $_SESSION["debug_{$queueFile}"] = true;
// redirect to mail queue processor
- $simulate = isset($_REQUEST['simulate']) ? '&simulate=1' : '';
+ $simulate = Request::val('simulate') ? '&simulate=1' : '';
redirect("admin/pageSender.php?queue={$queueFile}{$simulate}");
include("{$currDir}/incFooter.php");
}
@@ -131,7 +131,7 @@
-
+
diff --git a/app/admin/pageQueryLogs.php b/app/admin/pageQueryLogs.php
index 5907f11..f5fda99 100644
--- a/app/admin/pageQueryLogs.php
+++ b/app/admin/pageQueryLogs.php
@@ -7,10 +7,10 @@
'error' => 'CHAR_LENGTH(COALESCE(`error`, \'\')) > 0',
];
- $type = $_REQUEST['type'];
+ $type = Request::val('type');
if(!in_array($type, array_keys($queryTypes))) $type = 'slow';
- $page = intval($_REQUEST['page']);
+ $page = intval(Request::val('page'));
if($page < 1) $page = 1;
// Starting record from $page (page is 1-based, while firstRecord is 0-based)
diff --git a/app/admin/pageSender.php b/app/admin/pageSender.php
index 7bf1d7b..46fa366 100644
--- a/app/admin/pageSender.php
+++ b/app/admin/pageSender.php
@@ -11,8 +11,8 @@
{$Translation['invalid mail queue']}";
include("{$currDir}/incFooter.php");
diff --git a/app/admin/pageServerStatus.php b/app/admin/pageServerStatus.php
index 1f7c59d..c411c85 100644
--- a/app/admin/pageServerStatus.php
+++ b/app/admin/pageServerStatus.php
@@ -1,6 +1,6 @@
$filterer_parent) {
- $get = (isset($_REQUEST["filterer_{$filterer}"]) ? $_REQUEST["filterer_{$filterer}"] : false);
- if($get) {
+ if($get = Request::val("filterer_{$filterer}", false))
$wheres[] = "`{$field['parent_table']}`.`$filterer_parent`='" . makeSafe($get) . "'";
- }
}
}
diff --git a/app/checkMemberID.php b/app/checkMemberID.php
index 3dc9d0d..ea693f1 100644
--- a/app/checkMemberID.php
+++ b/app/checkMemberID.php
@@ -3,8 +3,8 @@
include_once("{$currDir}/lib.php");
include_once("{$currDir}/header.php");
- $current_user = isset($_REQUEST['currentUser']) ? $_REQUEST['currentUser'] : false;
- $username = is_allowed_username($_REQUEST['memberID'], $current_user);
+ $current_user = Request::val('currentUser', false);
+ $username = is_allowed_username(Request::val('memberID'), $current_user);
?>
-
+
diff --git a/online-invoicing-system.axp b/online-invoicing-system.axp
index 4374a5b..e01e9ff 100644
--- a/online-invoicing-system.axp
+++ b/online-invoicing-system.axp
@@ -1,4 +1,4 @@
-online_inovicing_system localhost UTF-8 False 12 False Europe/London False False True False bootstrap.css False True 0 2 4 6.0 2021-07-11 2:32:52 C:\xampp\htdocs\open-source-apps\online-invoicing-system\app 0 False 100 4 False True {"events":{"unpaid-invoice":{"type":"unpaid-invoice","color":"danger","textColor":"danger","table":"invoices","customWhere":"`invoices`.`status` = 'Unpaid'","title":"{5}<br>Invoice# {2}<br>{3}","allDay":true,"startDateField":"date_due","startTimeField":"","endDateField":"","endTimeField":""}},"calendars":{"unpaid-invoices":{"id":"unpaid-invoices","title":"Unpaid invoices","initial-view":"dayGridMonth","initial-date":"[last-month]","events":["unpaid-invoice"],"locale":"","groups":["Admins"],"links-home":"1","links-navmenu":"1"}}} 3:4:2:12:14:9001: [{"report_hash":"pprh7b8b2dazav20cln9","title":"Client sales over time","table":"invoices","table_index":0,"label":"client","caption1":"Client","caption2":"Sum of Invoices","group_function":"sum","group_function_field":"total","group_array":[],"look_up_table":"clients","look_up_value":"name","label_field_index":"5","date_field":"date_due","date_field_index":"4","report_header_url":"","report_footer_url":"","data_table_section":1,"barchart_section":0,"piechart_section":0,"override_permissions":0,"custom_where":"","date_separator":"\/"}] [{"label":"Mark as paid","icon":"ok","field":"status","value":"fixedValue","fixedValue":"Paid","confirmation":1,"groups":[],"hash":"1nvkk0q0ckqc7b8migay"},{"label":"Mark as cancelled","icon":"remove","field":"status","value":"fixedValue","fixedValue":"Cancelled","confirmation":1,"groups":[],"hash":"xe0xlisfn56ps9sp3p76"}] invoices False False True False False True False True True True True True True False True True 1 50 10 invoice_items; True False False 2 desc attributes_display.png 0 True 0 True horizontal False False 25% id 4 0 0 True False False True False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 True False False False 0 False 0 0 False False right 0 0 0 0 False code 15 20 0 False False False False True False False False 60 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 False False False False 10 False 0 0 False False left 0 0 0 0 False status 15 20 0 False False True False False False False False 70 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 2 1 False False False False 12 False 0 0 False False left 0 0 0 0 False date_due 9 0 0 False False False False False False False False 100 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 False False False False 1 False 0 0 False False left 0 0 0 0 False client 4 0 0 False False False False False True False False 250 False 0 False False False False 0 0 False False False 0 0 False False 0 False False name id clients True True False 0 1 False False False False 2 False 0 0 False False left 0 0 0 0 False client_contact 4 0 0 False False False False False True False False 200 False 0 False False False False 0 0 False False False 0 0 False False 0 False False contact id clients True False True 0 1 False False False False 3 False 0 0 False False left 0 0 0 0 False client_address 4 0 0 False False False False False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False address id clients True False True 0 1 True False False False 4 False 0 0 False False left 0 0 0 0 False client_phone 4 0 0 False False False False False True False False 100 False 0 False False False False 0 0 False False False 0 0 False False 0 False False phone id clients True False True 0 1 False False False False 5 False 0 0 False False left 0 0 0 0 False client_email 4 0 0 False False False False False True False False 50 False 0 False False False False 0 0 False False False 0 0 False False 0 False False email id clients True False True 0 1 True False False False 6 False 0 0 False False left 0 0 0 0 False client_website 4 0 0 False False False False False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False website id clients True False True 0 1 True False False False 8 False 0 0 False False left 0 0 0 0 False client_comments 4 0 0 False False False False False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False comments id clients True False True 0 1 True False False False 7 False 0 0 False False left 0 0 0 0 False subtotal 8 9 2 False False False False False False False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 True False False True 14 False 0 0 False False right 0 0 0 0 True online_inovicing_system localhost UTF-8 False 12 False Europe/London False False True False bootstrap.css False True 0 2 4 6.0 2021-09-13 17:56:38 C:\xampp\htdocs\open-source-apps\online-invoicing-system\app 0 False 100 4 False True {"events":{"unpaid-invoice":{"type":"unpaid-invoice","color":"danger","textColor":"danger","table":"invoices","customWhere":"`invoices`.`status` = 'Unpaid'","title":"{5}<br>Invoice# {2}<br>{3}","allDay":true,"startDateField":"date_due","startTimeField":"","endDateField":"","endTimeField":""}},"calendars":{"unpaid-invoices":{"id":"unpaid-invoices","title":"Unpaid invoices","initial-view":"dayGridMonth","initial-date":"[last-month]","events":["unpaid-invoice"],"locale":"","groups":["Admins"],"links-home":"1","links-navmenu":"1"}}} 3:4:2:12:14:9001: [{"report_hash":"pprh7b8b2dazav20cln9","title":"Client sales over time","table":"invoices","table_index":0,"label":"client","caption1":"Client","caption2":"Sum of Invoices","group_function":"sum","group_function_field":"total","group_array":[],"look_up_table":"clients","look_up_value":"name","label_field_index":"5","date_field":"date_due","date_field_index":"4","report_header_url":"","report_footer_url":"","data_table_section":1,"barchart_section":0,"piechart_section":0,"override_permissions":0,"custom_where":"","date_separator":"\/"}] [{"label":"Mark as paid","icon":"ok","field":"status","value":"fixedValue","fixedValue":"Paid","confirmation":1,"groups":[],"hash":"1nvkk0q0ckqc7b8migay"},{"label":"Mark as cancelled","icon":"remove","field":"status","value":"fixedValue","fixedValue":"Cancelled","confirmation":1,"groups":[],"hash":"xe0xlisfn56ps9sp3p76"}] invoices False False True False False True False True True True True True True False True True 1 50 10 invoice_items; True False False 2 desc attributes_display.png 0 True 0 True horizontal False False 25% id 4 0 0 True False False True False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 True False False False 0 False 0 0 False False right 0 0 0 0 False code 15 20 0 False False False False True False False False 60 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 False False False False 10 False 0 0 False False left 0 0 0 0 False status 15 20 0 False False True False False False False False 70 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 2 1 False False False False 12 False 0 0 False False left 0 0 0 0 False date_due 9 0 0 False False False False False False False False 100 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 False False False False 1 False 0 0 False False left 0 0 0 0 False client 4 0 0 False False False False False True False False 250 False 0 False False False False 0 0 False False False 0 0 False False 0 False False name id clients True True False 0 1 False False False False 2 False 0 0 False False left 0 0 0 0 False client_contact 4 0 0 False False False False False True False False 200 False 0 False False False False 0 0 False False False 0 0 False False 0 False False contact id clients True False True 0 1 False False False False 3 False 0 0 False False left 0 0 0 0 False client_address 4 0 0 False False False False False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False address id clients True False True 0 1 True False False False 4 False 0 0 False False left 0 0 0 0 False client_phone 4 0 0 False False False False False True False False 100 False 0 False False False False 0 0 False False False 0 0 False False 0 False False phone id clients True False True 0 1 False False False False 5 False 0 0 False False left 0 0 0 0 False client_email 4 0 0 False False False False False True False False 50 False 0 False False False False 0 0 False False False 0 0 False False 0 False False email id clients True False True 0 1 True False False False 6 False 0 0 False False left 0 0 0 0 False client_website 4 0 0 False False False False False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False website id clients True False True 0 1 True False False False 8 False 0 0 False False left 0 0 0 0 False client_comments 4 0 0 False False False False False True False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False comments id clients True False True 0 1 True False False False 7 False 0 0 False False left 0 0 0 0 False subtotal 8 9 2 False False False False False False False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 True False False True 14 False 0 0 False False right 0 0 0 0 True discount 8 4 2 False False False False False False False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 True False False False 13 False 0 0 False False right 0 0 0 0 False tax 8 9 2 False False False False False False False False 150 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 True False False False 15 False 0 0 False False right 0 0 0 0 False total 8 9 2 False False False False False False True False 70 False 0 False False False False 0 0 False False False 0 0 False False 0 False False False False False 0 1 False False False True 9 False 0 0 False False right 0 0 0 0 True