fetch_all(MYSQLI_ASSOC);
// Get invoices
$sql = "SELECT id, client, `desc`, amount, date, status FROM invoices";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$invoices = $result->fetch_all(MYSQLI_ASSOC);
// Get orders
$sql = "SELECT id, service, name, client, date, billing, status, comments FROM orders";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$orders = $result->fetch_all(MYSQLI_ASSOC);
// GET actions
//   delete entry
if (isset($_GET["del"])) {
    $sql = "DELETE FROM invoices WHERE id = ?";
    $stmt = mysqli_prepare($link, $sql);
    mysqli_stmt_bind_param($stmt, "s", $param_id);
    $param_id = $_GET["del"];
    if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) {
        echo "SQL error.";
    } else header("location: ".$_SERVER['SCRIPT_NAME']);
}
if (isset($_GET["pdf"])) {
    // Get invoice
    $sql = "SELECT pdf FROM invoices WHERE id = ?";
    $stmt = mysqli_prepare($link, $sql);
    mysqli_stmt_bind_param($stmt, "s", $param_id);
    $param_id = $_GET["pdf"];
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    $pdf = $result->fetch_all(MYSQLI_ASSOC)[0]["pdf"];
    header("Content-type: application/pdf");
    header("Content-Disposition: inline;filename=\"invoice.pdf\"");
    echo $pdf;
}
if (isset($_GET["proof"])) {
    // Get invoice
    $sql = "SELECT proof FROM invoices WHERE id = ?";
    $stmt = mysqli_prepare($link, $sql);
    mysqli_stmt_bind_param($stmt, "s", $param_id);
    $param_id = $_GET["proof"];
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    $proof = $result->fetch_all(MYSQLI_ASSOC)[0]["proof"];
    header("Content-type: application/pdf");
    header("Content-Disposition: inline;filename=\"proof.pdf\"");
    echo $proof;
}
// POST actions
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // edit entry
    if (isset($_POST["save"])) {
        $sql = "UPDATE invoices SET status = ? WHERE id = ?";
        $stmt = mysqli_prepare($link, $sql);
        mysqli_stmt_bind_param($stmt, "ss", $param_status, $param_id);
        $param_status = $_POST["status"];
        $param_id = $_POST["id"];
        if (!mysqli_stmt_execute($stmt)) {
            die("SQL error 1.");
        }
        if (isset($_FILES["proof"])) {
            $proof = file_get_contents($_FILES["proof"]["tmp_name"]);
            $sql = "UPDATE invoices SET proof = ? WHERE id = ?";
            $stmt = mysqli_prepare($link, $sql);
            mysqli_stmt_bind_param($stmt, "ss", $param_proof, $param_id);
            $param_proof = $proof;
            $param_id = $_POST["id"];
            if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
                die("SQL error 2.");
            }
        }
        header("location: ".$_SERVER['SCRIPT_NAME']);
    }
}
function getorderbyid($id) {
    global $orders;
    foreach ($orders as $order) {
        if ($order["id"] == $id) {
            return $order;
        }
    }
}
function getservicebyid($id) {
    global $services;
    foreach ($services as $service) {
        if ($service["id"] == $id) {
            return $service;
        }
    }
}
function getclientbyid($id) {
    global $clients;
    foreach ($clients as $client) {
        if ($client["id"] == $id) {
            return $client;
        }
    }
}
function getinvoicebyid($id) {
    global $invoices;
    foreach ($invoices as $invoice) {
        if ($invoice["id"] == $id) {
            return $invoice;
        }
    }
}
?>
    
        
        
        ARFNET CSTIMS
    
    
        
        
        
            
                
                    ARFNET Client Service Ticket and Invoice Management System
                     panel
                    Invoices
                    ".$client["username"]."";
                        foreach ($orders as $order)
                            //if ($order["client"] == )
                            $order_options .= "
";
                        echo "
";
                    }
                    if (isset($_GET["edit"])) {
                        $invoice = getinvoicebyid($_GET["edit"]);
                        $client_options = $service_options = "";
                        echo "
";
                    }
                    ?>
                    
manual invoice
                    
                        | id | client | description | amount | date | pdf | status | proof | action | 
|---|
                        ".$invoice["id"].""
                            ." | ".getclientbyid($invoice["client"])["username"].""
                            ." | ".$invoice["desc"].""
                            ." | ".$invoice["amount"]." €"
                            ." | ".$invoice["date"].""
                            ." | pdf"
                            ." | ".$invoice["status"].""
                            ." | pdf"
                            ." | del edit\n";
                        }
                        ?> |