From 50464559aa522ce04222cebcee3cc6a115aa2902 Mon Sep 17 00:00:00 2001
From: arf20 <aruizfernandez05@gmail.com>
Date: Tue, 9 Apr 2024 16:20:32 +0200
Subject: Add proof of payment and fix HTML issues

---
 admin.php          | 12 ++++++------
 client.php         |  8 ++++----
 dbinit.sql         |  1 +
 manageinvoices.php | 52 ++++++++++++++++++++++++++++++++++++++++++----------
 manageorders.php   |  4 ++--
 manageservices.php |  4 ++--
 managetickets.php  |  4 ++--
 manageusers.php    |  4 ++--
 openticket.php     |  4 ++--
 order.php          |  4 ++--
 10 files changed, 65 insertions(+), 32 deletions(-)
diff --git a/admin.php b/admin.php
index eaa0f62..b0b37c3 100644
--- a/admin.php
+++ b/admin.php
@@ -155,12 +155,12 @@ function getorderbyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/manageusers.php">Manage users</h2>
-                    <h3><a href="/manageservices.php">Manage services</h2>
-                    <h3><a href="/manageorders.php">Manage orders</h2>
-                    <h3><a href="/managetickets.php">Manage tickets</h2>
-                    <h3><a href="/manageinvoices.php">Manage invoices</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/manageusers.php">Manage users</a></h2>
+                    <h3><a href="/manageservices.php">Manage services</a></h2>
+                    <h3><a href="/manageorders.php">Manage orders</a></h2>
+                    <h3><a href="/managetickets.php">Manage tickets</a></h2>
+                    <h3><a href="/manageinvoices.php">Manage invoices</a></h2>
                 </div>
             </div>
         </main>
diff --git a/client.php b/client.php
index a17084d..c96d8cf 100644
--- a/client.php
+++ b/client.php
@@ -102,10 +102,10 @@ function getorderbyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/order.php">Order a new service</h2>
-                    <h3><a href="/openticket.php">Open ticket</h2>
-                    <h3><a href="/pay.html">Payment methods</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/order.php">Order a new service</a></h2>
+                    <h3><a href="/openticket.php">Open ticket</a></h2>
+                    <h3><a href="/pay.html">Payment methods</a></h2>
                 </div>
             </div>
         </main>
diff --git a/dbinit.sql b/dbinit.sql
index f3476d9..0b2930c 100644
--- a/dbinit.sql
+++ b/dbinit.sql
@@ -52,6 +52,7 @@ CREATE TABLE `arfnet2`.`invoices` (
     `amount` DECIMAL(10, 4) NOT NULL ,
     `pdf` MEDIUMBLOB NOT NULL ,
     `date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+    `proof` MEDIUMBLOB DEFAULT NULL ,
     `status` ENUM('paid','unpaid') NOT NULL DEFAULT 'unpaid' ,
     PRIMARY KEY (`id`)
 );
diff --git a/manageinvoices.php b/manageinvoices.php
index 56f2490..04983b3 100644
--- a/manageinvoices.php
+++ b/manageinvoices.php
@@ -61,6 +61,20 @@ if (isset($_GET["pdf"])) {
     echo $pdf;
 }
 
+if (isset($_GET["proof"])) {
+    // Get invoice
+    $sql = "SELECT proof FROM invoices WHERE id = ?";
+    $stmt = mysqli_prepare($link, $sql);
+    mysqli_stmt_bind_param($stmt, "s", $param_id);
+    $param_id = $_GET["proof"];
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+    $proof = $result->fetch_all(MYSQLI_ASSOC)[0]["proof"];
+    header("Content-type: application/pdf");
+    header("Content-Disposition: inline;filename=\"proof.pdf\"");
+    echo $proof;
+}
+
 // POST actions
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     // edit entry
@@ -71,9 +85,25 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         $param_status = $_POST["status"];
         $param_id = $_POST["id"];
 
-        if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
-            echo "SQL error.";
-        } else header("location: ".$_SERVER['SCRIPT_NAME']);
+        if (!mysqli_stmt_execute($stmt)) {
+            die("SQL error 1.");
+        }
+
+        if (isset($_FILES["proof"])) {
+            $proof = file_get_contents($_FILES["proof"]["tmp_name"]);
+
+            $sql = "UPDATE invoices SET proof = ? WHERE id = ?";
+            $stmt = mysqli_prepare($link, $sql);
+            mysqli_stmt_bind_param($stmt, "ss", $param_proof, $param_id);
+            $param_proof = $proof;
+            $param_id = $_POST["id"];
+
+            if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
+                die("SQL error 2.");
+            }
+        }
+
+        header("location: ".$_SERVER['SCRIPT_NAME']);
     }
 }
 
@@ -132,7 +162,7 @@ function getinvoicebyid($id) {
                 <div class="col8">
                     <h2 class="center">ARFNET Client Service Ticket and Invoice Management System</h2>
                     <h3><?php echo strtoupper($type[0]).substr($type, 1); ?> panel</h3>
-                    <h3>Orders</h3>
+                    <h3>Invoices</h3>
 
                     <?php
                     if (isset($_GET["add"])) {
@@ -156,21 +186,22 @@ function getinvoicebyid($id) {
                     if (isset($_GET["edit"])) {
                         $invoice = getinvoicebyid($_GET["edit"]);
                         $client_options = $service_options = "";
-                        echo "<div class=\"form\"><h3>Edit invoice ".$invoice["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
+                        echo "<div class=\"form\"><h3>Edit invoice ".$invoice["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\" enctype=\"multipart/form-data\">\n"
                             ."<label><b>Client</b></label><br><label>".getclientbyid($invoice["client"])["username"]."</label><br>\n"
                             ."<label><b>Description</b></label><br><label>".$invoice["desc"]."</label><br>\n"
                             ."<label><b>Amount</b></label><br><label>".$invoice["amount"]."</label><br>\n"
                             ."<label><b>Date</b></label><br><label>".$invoice["date"]."</label><br>\n"
                             ."<label><b>Status</b></label><br><select name=\"status\"><option value=\"paid\" ".($invoice["status"] == "paid" ? "selected" : "").">paid</option><option value=\"unpaid\" ".($invoice["status"] == "unpaid" ? "selected" : "").">unpaid</option></select><br>\n"
-                            ."<input type=\"hidden\" name=\"id\" value=\"".$invoice["id"]."\">"
-                            ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>"
+                            ."<label><b>Proof</b></label><br><input type=\"file\" name=\"proof\"><br>\n"
+                            ."<input type=\"hidden\" name=\"id\" value=\"".$invoice["id"]."\">\n"
+                            ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>\n"
                             ."</form></div>";
                     }
                     ?>
 
                     <a href="?add">manual invoice</a>
                     <table>
-                        <tr><th>id</th><th>client</th><th>description</th><th>amount</th><th>date</th><th>pdf</th><th>status</th><th>action</th></tr>
+                        <tr><th>id</th><th>client</th><th>description</th><th>amount</th><th>date</th><th>pdf</th><th>status</th><th>proof</th><th>action</th></tr>
                         <?php
                         foreach ($invoices as $invoice) {
                             echo "<tr><td>".$invoice["id"]."</td>"
@@ -180,6 +211,7 @@ function getinvoicebyid($id) {
                             ."<td>".$invoice["date"]."</td>"
                             ."<td><a href=\"?pdf=".$invoice["id"]."\">pdf</a></td>"
                             ."<td>".$invoice["status"]."</td>"
+                            ."<td><a href=\"?proof=".$invoice["id"]."\">pdf</a></td>"
                             ."<td><a href=\"?del=".$invoice["id"]."\">del</a> <a href=\"?edit=".$invoice["id"]."\">edit</a></td></tr>\n";
                         }
                         ?>
@@ -188,8 +220,8 @@ function getinvoicebyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/admin.php">Back to admin panel</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/admin.php">Back to admin panel</a></h2>
                 </div>
             </div>
         </main>
diff --git a/manageorders.php b/manageorders.php
index 565ef91..a307adf 100644
--- a/manageorders.php
+++ b/manageorders.php
@@ -183,8 +183,8 @@ function getclientbyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/admin.php">Back to admin panel</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/admin.php">Back to admin panel</a></h2>
                 </div>
             </div>
         </main>
diff --git a/manageservices.php b/manageservices.php
index fe68c81..a69f4e6 100644
--- a/manageservices.php
+++ b/manageservices.php
@@ -138,8 +138,8 @@ function getservicebyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/admin.php">Back to admin panel</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/admin.php">Back to admin panel</a></h2>
                 </div>
             </div>
         </main>
diff --git a/managetickets.php b/managetickets.php
index 66c5b13..10f90d7 100644
--- a/managetickets.php
+++ b/managetickets.php
@@ -209,8 +209,8 @@ function getuserbyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/admin.php">Back to admin panel</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/admin.php">Back to admin panel</a></h2>
                 </div>
             </div>
         </main>
diff --git a/manageusers.php b/manageusers.php
index 7d4044d..f93788d 100644
--- a/manageusers.php
+++ b/manageusers.php
@@ -146,8 +146,8 @@ function getuserbyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/admin.php">Back to admin panel</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/admin.php">Back to admin panel</a></h2>
                 </div>
             </div>
         </main>
diff --git a/openticket.php b/openticket.php
index 6269120..3c3bf7f 100644
--- a/openticket.php
+++ b/openticket.php
@@ -152,8 +152,8 @@ function getorderbyid($id) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/client.php">Back to dashboard</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/client.php">Back to dashboard</a></h2>
                 </div>
             </div>
         </main>
diff --git a/order.php b/order.php
index 5e5675a..c51fce2 100644
--- a/order.php
+++ b/order.php
@@ -178,8 +178,8 @@ function genoption($id, $name) {
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
-                    <h3><a href="/logout.php">Logout</h2>
-                    <h3><a href="/client.php">Back to dashboard</h2>
+                    <h3><a href="/logout.php">Logout</a></h2>
+                    <h3><a href="/client.php">Back to dashboard</a></h2>
                 </div>
             </div>
         </main>
-- 
cgit v1.2.3


id	client	description	amount	date	pdf	status	action
id	client	description	amount	date	pdf	status	proof	action
".$invoice["id"]."	".$invoice["date"]."	pdf	".$invoice["status"]."	pdf	del edit