-
I found simple invoices after looking for some sample code for email invoices and I think I can integrate into our system pretty easily. My company processes ACH and credit card payments. We have a new system that is close to completion that allows web based billing for users and allows real time download to quickbooks. Our system is php based and uses smarty as well. I need to get deeper into the code to make sure it can do what I think it can but so far it looks great.
I would like to contribute too.
The first things I would have to do for our system running SI that could be included in the released software.
1. Fix sql injection problems and any other securty issues
2. Make use of mysqli
3. Create validation class for inputs
4. Support for other payment gateways (ourselves included) with link in email to customer.
5. Integrate QuickBooks Web Connector for SI
The QuickBooks Web Connector for SI is the only thing above that would probably not be open source. Our current framework for QBWC has been in development for over a year and cost a lot of money so I don't think that my company would release that as open source.
Thats just the short list of stuff. If you guys want it and if there are any priority areas that need any work just let me know.
Thanks,
Tom -
hey tom
sounds great!
re sql injection
- awesome - were using PDO with prepared statements which makes the inputed data somewhat safe - but there is still tonnes of work required to make SI safe
re mysqli
- we use PDO which im not sure if it supports mysqli - might neeb to review zend_db as i know its got mysqli support
re validation
-awesome
- if you can use jquery validate - http://bassistance.de/jquery-plugins/jquery-plugin-validation/ would be perfect
- the milk demo is the style i would prefer - http://jquery.bassistance.de/validate/demo/milk/
- just used this in another project and it worked great
- note: would also need a php validation method aswell - incase javascript is disabled
re payment
- great - so many people have requested a paypal link etc.. this would be great!
- preferably in the biller details all the required paypal etc,, details can be setup - business name, email, etc..
- also a link in the PDF would be good if possible
re QuickBooks
- sounds great!
svn checkout trunk and go nuts!
-refer: http://code.google.com/p/simpleinvoices/source/checkout
to commit back to svn please email me ( [email protected] ) your gmail username and i'll add it to the list
also refer: http://www.simpleinvoices.org/wiki/extensions
- if there is anything else you want to commit - go for it - if you think it might not fit in with the normal Simple Invoices you can write it as an extension so people can add it on it they want
cheers
justinSmarterInvoices.com :: Simple Invoices hosting | Kelly.org.au :: Simple Invoices custom development | justin.kelly.org.au -
Hi Justin,
I am going through the code and i am unable to find where prepared statements are being used.
I don't see where the PDO prepare or execute command is being called that would protect against sql injections. Am I missing something?
This is a example of what I have used as a PDO prepared statement.
$sql = "INSERT INTO sometable (var1, var2) VALUES (?, ?)";
$rs = $dbh->prepare($sql);
$rs->execute(array($var1, $var2)); -
Hey Tom,
yep - abit different from normal - but should work as expected
let me know if you have any other queries
Cheers
JustinSmarterInvoices.com :: Simple Invoices hosting | Kelly.org.au :: Simple Invoices custom development | justin.kelly.org.au
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions 2120
- English 2106
- EspaƱol 5
- Portuguese 4
- Deutsch 5