Add basic portal functionality

2022-03-13 18:35:29 +00:00 · 2022-03-13 18:35:29 +00:00 · 1d84fade63
parent 5b274b09e6
commit 1d84fade63
4 changed files with 318 additions and 0 deletions
--- a/portal/check_login.php
+++ b/portal/check_login.php
@ -0,0 +1,33 @@
+<?php
+
+/*
+ * Client Portal
+ * Checks if the client is logged in or not
+ */
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+if(!$_SESSION['client_logged_in']){
+  header("Location: login.php");
+  die;
+}
+
+// SESSION FINGERPRINT
+$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
+$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
+
+// Get user agent
+$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+
+// Get client info
+$session_client_id = $_SESSION['client_id'];
+$session_contact_id = $_SESSION['contact_id'];
+
--- a/portal/index.php
+++ b/portal/index.php
@ -0,0 +1,72 @@
+<?php
+/*
+ * Client Portal
+ * Landing / Home page for the client portal
+ */
+
+include('../config.php');
+include('../functions.php');
+include('check_login.php');
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id' LIMIT 1");
+$contact_row = mysqli_fetch_array($contact_sql);
+
+$contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_status != 'Closed' AND ticket_contact_id = '$session_contact_id' AND ticket_client_id = '$session_client_id'");
+$tickets = mysqli_fetch_array($contact_tickets);
+?>
+
+
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title><?php echo $config_app_name; ?> | Client Portal</title>
+
+  <!-- Tell the browser to be responsive to screen width -->
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <!-- Font Awesome -->
+  <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+
+  <!-- Theme style -->
+  <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+
+  <!-- Google Font: Source Sans Pro -->
+  <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+</head>
+<div class="container">
+  <h2>Logged in as <?php echo $contact_row['contact_name'] ?></h2>
+
+  <br>
+  <h3>My open tickets</h3>
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">Subject</th>
+        <th scope="col">State</th>
+      </tr>
+    </thead>
+    <tbody>
+
+        <?php
+        while($ticket = mysqli_fetch_array($contact_tickets)){
+          echo "<tr>";
+          echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
+          echo "<td>$ticket[ticket_status]</td>";
+          echo "</tr>";
+        }
+        ?>
+    </tbody>
+  </table>
+</div>
--- a/portal/login.php
+++ b/portal/login.php
@ -0,0 +1,96 @@
+<?php
+/*
+ * Client Portal
+ * Landing / Home page for the client portal
+ */
+
+include('../config.php');
+include('../functions.php');
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
+
+  $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
+  $password = $_POST['password'];
+
+  if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
+    $_SESSION['login_message'] = 'Invalid e-mail';
+  }
+  else{
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
+    $row = mysqli_fetch_array($sql);
+    if($row['contact_auth_method'] == 'local'){
+      if(password_verify($password, $row['contact_password_hash'])){
+        $_SESSION['client_logged_in'] = TRUE;
+        $_SESSION['client_id'] = $row['contact_client_id'];
+        $_SESSION['contact_id'] = $row['contact_client_id'];
+        $_SESSION['company_id'] = $row['company_id'];
+
+        header("Location: index.php");
+
+        //TODO: Logging
+      }
+      else{
+        $_SESSION['login_message'] = 'Incorrect username or password';
+      }
+
+    }
+    else{
+      $_SESSION['login_message'] = 'Incorrect username or password';
+    }
+  }
+
+
+
+}
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title><?php echo $config_app_name; ?> | Client Portal Login</title>
+
+  <!-- Tell the browser to be responsive to screen width -->
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <!-- Font Awesome -->
+  <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+
+  <!-- Theme style -->
+  <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+
+  <!-- Google Font: Source Sans Pro -->
+  <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+</head>
+<div class="container">
+  <div class="col-4 offset-3">
+    <br>
+    <h2><?php echo $config_app_name; ?> - Client Portal Login</h2>
+
+    <form action="login.php" method="post">
+      <input class="form-control" type="text" name="email" placeholder="someone@example.com">
+
+      <input class="form-control" type="password" name="password" placeholder="Pa$$word">
+
+      <button class="btn-primary" type="submit" name="login">Login</button>
+    </form>
+    <?php
+      if(!empty($_SESSION['login_message'])){
+        echo $_SESSION['login_message'];
+        unset($_SESSION['login_message']);
+      }
+    ?>
+  </div>
+</div>
+
--- a/portal/ticket.php
+++ b/portal/ticket.php
@ -0,0 +1,117 @@
+<?php
+/*
+ * Client Portal
+ * Ticket detail page
+ */
+
+include('../config.php');
+include('../functions.php');
+include('check_login.php');
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+if(isset($_GET['id']) && intval($_GET['id'])) {
+  $ticket_id = intval($_GET['id']);
+  $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
+  $ticket = mysqli_fetch_array($ticket_sql);
+
+  if ($ticket) {
+    ?>
+
+    <!DOCTYPE html>
+    <html>
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
+
+    <!-- Tell the browser to be responsive to screen width -->
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <!-- Font Awesome -->
+    <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+
+    <!-- Theme style -->
+    <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+
+    <!-- Google Font: Source Sans Pro -->
+    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+  </head>
+  <div class="container">
+
+    <h2>Ticket Details - <?php echo $ticket['ticket_subject'] ?></h2>
+    <p>State: <?php echo $ticket['ticket_status'] ?></p>
+    <p>Priority: <?php echo $ticket['ticket_priority'] ?></p>
+
+    <hr>
+
+    <?php
+    $sql = mysqli_query($mysqli,"SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type = 'Public' ORDER BY ticket_reply_id DESC");
+
+    while($row = mysqli_fetch_array($sql)){;
+      $ticket_reply_id = $row['ticket_reply_id'];
+      $ticket_reply = $row['ticket_reply'];
+      $ticket_reply_created_at = $row['ticket_reply_created_at'];
+      $ticket_reply_by = $row['ticket_reply_by'];
+      $ticket_reply_by_display = $row['user_name'];
+      $user_id = $row['user_id'];
+      $user_avatar = $row['user_avatar'];
+      $user_initials = initials($row['user_name']);
+      ?>
+
+      <div class="card card-outline card-info mb-3">
+        <div class="card-header">
+          <h3 class="card-title">
+            <div class="media">
+              <?php if(!empty($user_avatar)){ ?>
+                <img src="<?php echo "../uploads/users/$user_id/$user_avatar"; ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle">
+              <?php }else{ ?>
+                <span class="fa-stack fa-2x">
+              <i class="fa fa-circle fa-stack-2x text-secondary"></i>
+              <span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
+            </span>
+                <?php
+              }
+              ?>
+
+              <div class="media-body">
+                <?php echo $ticket_reply_by_display; ?>
+                <br>
+                <small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "modified: $ticket_reply_updated_at"; } ?></small>
+              </div>
+            </div>
+          </h3>
+        </div>
+
+        <div class="card-body">
+          <?php echo $ticket_reply; ?>
+        </div>
+      </div>
+
+      <?php
+
+    }
+
+    ?>
+
+
+  </div>
+
+
+    <?php
+  }
+  else{
+    echo "Ticket ID not found!";
+  }
+}
+else{
+  header("Location: index.php");
+}