itflow-org
diff --git a/‎accounts.php
+14-3 b/‎accounts.php
+14-3
diff --git a/‎ajax/ajax_account_edit.php
+51 b/‎ajax/ajax_account_edit.php
+51
diff --git a/‎ajax/ajax_document_move.php
+109 b/‎ajax/ajax_document_move.php
+109
diff --git a/‎ajax/ajax_document_rename.php
+46 b/‎ajax/ajax_document_rename.php
+46
diff --git a/‎ajax/ajax_document_view.php
+37 b/‎ajax/ajax_document_view.php
+37
@@ -85,7 +85,15 @@
                         ?>
 
                         <tr>
-                            <td><a class="text-dark" href="#" data-toggle="modal" data-target="#editAccountModal<?php echo $account_id; ?>"><?php echo $account_name; ?></a></td>
+                            <td>
+                                <a class="text-dark" href="#"
+                                    data-toggle="ajax-modal"
+                                    data-ajax-url="ajax/ajax_account_edit.php"
+                                    data-ajax-id="<?php echo $account_id; ?>"
+                                    >
+                                    <?php echo $account_name; ?>
+                                </a>
+                            </td>
                             <td><?php echo $account_currency_code; ?></td>
                             <td class="text-right"><?php echo numfmt_format_currency($currency_format, $balance, $account_currency_code); ?></td>
                             <td>
@@ -94,7 +102,11 @@
                                         <i class="fas fa-ellipsis-h"></i>
                                     </button>
                                     <div class="dropdown-menu">
-                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAccountModal<?php echo $account_id; ?>">
+                                        <a class="dropdown-item" href="#"
+                                            data-toggle="ajax-modal"
+                                            data-ajax-url="ajax/ajax_account_edit.php"
+                                            data-ajax-id="<?php echo $account_id; ?>"
+                                            >
                                             <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                         </a>
                                         <?php if ($balance == 0 && $account_id != $config_stripe_account) { //Cannot Archive an Account until it reaches 0 Balance and cant be selected as an online account ?>
@@ -109,7 +121,6 @@
                         </tr>
 
                         <?php
-                        require "modals/account_edit_modal.php";
                     }
                     ?>
 
 
@@ -0,0 +1,51 @@
+<?php
+
+require_once '../includes/ajax_header.php';
+
+$account_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM accounts WHERE account_id = $account_id LIMIT 1");
+
+$row = mysqli_fetch_array($sql);
+$account_name = nullable_htmlentities($row['account_name']);
+$account_notes = nullable_htmlentities($row['account_notes']);
+
+// Generate the HTML form content using output buffering.
+ob_start();
+?>
+
+<div class="modal-header">
+    <h5 class="modal-title"><i class="fa fa-fw fa-piggy-bank mr-2"></i>Editing account: <strong><?php echo $account_name; ?></strong></h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
+</div>
+<form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="account_id" value="<?php echo $account_id; ?>">
+    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+    <div class="modal-body bg-white">
+        <div class="form-group">
+            <label>Account Name <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-piggy-bank"></i></span>
+                </div>
+                <input type="text" class="form-control" name="name" maxlength="200" value="<?php echo $account_name; ?>" required>
+            </div>
+        </div>
+        
+        <div class="form-group">
+            <label>Notes</label>
+            <textarea class="form-control" rows="5" placeholder="Enter some notes" name="notes"><?php echo $account_notes; ?></textarea>
+        </div>
+    
+    </div>
+    <div class="modal-footer bg-white">
+        <button type="submit" name="edit_account" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+        <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+    </div>
+</form>
+
+<?php
+
+require_once "../includes/ajax_footer.php";
@@ -0,0 +1,109 @@
+<?php
+
+require_once '../includes/ajax_header.php';
+
+$document_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id");
+                     
+$row = mysqli_fetch_array($sql);
+$client_id = intval($row['document_client_id']);
+$document_folder_id = nullable_htmlentities($row['document_folder_id']);
+$document_name = nullable_htmlentities($row['document_name']);
+
+
+// Generate the HTML form content using output buffering.
+ob_start();
+?>
+<div class="modal-header">
+    <h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Moving document: <strong><?php echo $document_name; ?></strong></h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
+</div>
+<form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
+    <div class="modal-body bg-white">
+
+        <div class="form-group">
+            <label>Move Document to</label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-folder"></i></span>
+                </div>
+                <select class="form-control select2" name="folder">
+                    <option value="0">/</option>
+                    <?php
+                    // Fetch all folders for the client
+                    $sql_all_folders = mysqli_query($mysqli, "SELECT folder_id, folder_name, parent_folder FROM folders WHERE folder_location = 0 AND folder_client_id = $client_id ORDER BY folder_name ASC");
+                    $folders = array();
+
+                    // Build an associative array of folders indexed by folder_id
+                    while ($row = mysqli_fetch_assoc($sql_all_folders)) {
+                        $folders[$row['folder_id']] = array(
+                            'folder_id' => intval($row['folder_id']),
+                            'folder_name' => nullable_htmlentities($row['folder_name']),
+                            'parent_folder' => intval($row['parent_folder']),
+                            'children' => array()
+                        );
+                    }
+
+                    // Build the folder hierarchy
+                    foreach ($folders as $id => &$folder) {
+                        if ($folder['parent_folder'] != 0 && isset($folders[$folder['parent_folder']])) {
+                            $folders[$folder['parent_folder']]['children'][] = &$folder;
+                        }
+                    }
+                    unset($folder); // Break the reference
+
+                    // Prepare a list of root folders
+                    $root_folders = array();
+                    foreach ($folders as $id => $folder) {
+                        if ($folder['parent_folder'] == 0) {
+                            $root_folders[] = $folder;
+                        }
+                    }
+
+                    // Display the folder options iteratively
+                    $stack = array();
+                    foreach (array_reverse($root_folders) as $folder) {
+                        $stack[] = array('folder' => $folder, 'level' => 0);
+                    }
+
+                    while (!empty($stack)) {
+                        $node = array_pop($stack);
+                        $folder = $node['folder'];
+                        $level = $node['level'];
+
+                        // Indentation for subfolders
+                        $indentation = str_repeat('&nbsp;', $level * 4);
+
+                        // Check if this folder is selected
+                        $selected = '';
+                        if ($folder['folder_id'] == $document_folder_id) {
+                            $selected = 'selected';
+                        }
+
+                        echo "<option value=\"{$folder['folder_id']}\" $selected>$indentation{$folder['folder_name']}</option>";
+
+                        // Add children to the stack
+                        if (!empty($folder['children'])) {
+                            foreach (array_reverse($folder['children']) as $child_folder) {
+                                $stack[] = array('folder' => $child_folder, 'level' => $level + 1);
+                            }
+                        }
+                    }
+                    ?>
+                </select>
+            </div>
+        </div>
+
+    </div>
+    <div class="modal-footer bg-white">
+        <button type="submit" name="move_document" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Move</button>
+        <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+    </div>
+</form>
+
+<?php
+require_once "../includes/ajax_footer.php";
@@ -0,0 +1,46 @@
+<?php
+
+require_once '../includes/ajax_header.php';
+
+$document_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id");
+                     
+$row = mysqli_fetch_array($sql);
+$client_id = intval($row['document_client_id']);
+$document_name = nullable_htmlentities($row['document_name']);
+
+
+// Generate the HTML form content using output buffering.
+ob_start();
+?>
+<div class="modal-header">
+    <h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Renaming document: <strong><?php echo $document_name; ?></strong></h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
+</div>
+<form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
+    <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
+    <div class="modal-body bg-white">
+
+        <div class="form-group">
+            <label>Document Name <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-file-alt"></i></span>
+                </div>
+                <input class="form-control" type="text" name="name" maxlength="200" value="<?php echo $document_name; ?>" required>
+            </div>
+        </div>
+
+    </div>
+    <div class="modal-footer bg-white">
+        <button type="submit" name="rename_document" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Rename</button>
+        <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+    </div>
+</form>
+
+<?php
+require_once "../includes/ajax_footer.php";
@@ -0,0 +1,37 @@
+<?php
+
+require_once '../includes/ajax_header.php';
+
+// Initialize the HTML Purifier to prevent XSS
+require_once "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
+
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+$document_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id");
+                     
+$row = mysqli_fetch_array($sql);
+$document_name = nullable_htmlentities($row['document_name']);
+$document_content = $purifier->purify($row['document_content']);
+
+
+// Generate the HTML form content using output buffering.
+ob_start();
+?>
+
+<div class="modal-header">
+    <h5 class="modal-title text-white"><i class="fa fa-fw fa-file-alt mr-2"></i><?php echo $document_name; ?></h5>
+    <button type="button" class="close text-white" data-dismiss="modal">
+        <span>&times;</span>
+    </button>
+</div>
+<div class="modal-body bg-white prettyContent">
+    <?php echo $document_content; ?>
+</div>
+
+<?php
+require_once "../includes/ajax_footer.php";