AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 11:24:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Contact small edits

Browse Source 
- Adjust behaviour when selecting "Send user e-mail with login details?" (show reset link OR prompt user to change password if tech set one)
- Email wording change (remove ITFlow reference and replace with MSP name)
- Show contact PIN in the portal
- Bump password min length to 8 (and enforce on tech side)
- Bugfix undefined send_email value
This commit is contained in:
Marcus Hill
2023-10-07 20:42:48 +01:00
parent 0c0d89c1a6
commit 263382073d
4 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
client_contact_edit_modal.php
View File

@@ -13,6 +13,7 @@
<input type="hidden" name="contact_important" value="0"> <input type="hidden" name="contact_important" value="0">
<input type="hidden" name="contact_billing" value="0"> <input type="hidden" name="contact_billing" value="0">
<input type="hidden" name="contact_technical" value="0"> <input type="hidden" name="contact_technical" value="0">
<input type="hidden" name="send_email" value="0">
<!-- End prevent undefined errors --> <!-- End prevent undefined errors -->
<input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>"> <input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
@@ -198,7 +199,7 @@
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div> </div>
<input type="password" class="form-control" data-toggle="password" name="contact_password" placeholder="Leave blank for no change" autocomplete="new-password"> <input type="password" class="form-control" data-toggle="password" name="contact_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
<div class="input-group-append"> <div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div> </div>
@@ -207,7 +208,7 @@
</div> </div>
<div class="form-check"> <div class="form-check">
<input type="checkbox" class="form-check-input" name="send_email" value=""/> <input type="checkbox" class="form-check-input" name="send_email" value="1"/>
<label class="form-check-label">Send user e-mail with login details?</label> <label class="form-check-label">Send user e-mail with login details?</label>
</div> </div>

1
portal/check_login.php
View File

@@ -50,6 +50,7 @@ $session_contact_initials = initials($session_contact_name);
$session_contact_title = sanitizeInput($contact['contact_title']); $session_contact_title = sanitizeInput($contact['contact_title']);
$session_contact_email = sanitizeInput($contact['contact_email']); $session_contact_email = sanitizeInput($contact['contact_email']);
$session_contact_photo = sanitizeInput($contact['contact_photo']); $session_contact_photo = sanitizeInput($contact['contact_photo']);
$session_contact_pin = sanitizeInput($contact['contact_pin']);
$session_contact_primary = intval($contact['contact_primary']); $session_contact_primary = intval($contact['contact_primary']);
$session_contact_is_technical_contact = false; $session_contact_is_technical_contact = false;

3
portal/profile.php
View File

@@ -13,6 +13,7 @@ require_once('inc_portal.php');
<p>Name: <?php echo $session_contact_name ?></p> <p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p> <p>Email: <?php echo $session_contact_email ?></p>
<p>PIN: <?php echo $session_contact_pin ?></p>
<p>Client: <?php echo $session_client_name ?></p> <p>Client: <?php echo $session_client_name ?></p>
<br> <br>
<p>Client Primary Contact: <?php if ($session_contact_primary == 1) {echo "Yes"; } else {echo "No";} ?></p> <p>Client Primary Contact: <?php if ($session_contact_primary == 1) {echo "Yes"; } else {echo "No";} ?></p>
@@ -35,7 +36,7 @@ require_once('inc_portal.php');
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div> </div>
<input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password"> <input type="password" class="form-control" minlength="8" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
</div> </div>
</div> </div>
<button type="submit" name="edit_profile" class="btn btn-primary text-bold mt-3"><i class="fas fa-check mr-2"></i>Save password</button> <button type="submit" name="edit_profile" class="btn btn-primary text-bold mt-3"><i class="fas fa-check mr-2"></i>Save password</button>

13
post/contact.php
View File

@@ -68,6 +68,7 @@ if (isset($_POST['edit_contact'])) {
require_once('post/contact_model.php'); require_once('post/contact_model.php');
$contact_id = intval($_POST['contact_id']); $contact_id = intval($_POST['contact_id']);
$send_email = intval($_POST['send_email']);
// Get Exisiting Contact Photo // Get Exisiting Contact Photo
$sql = mysqli_query($mysqli,"SELECT contact_photo FROM contacts WHERE contact_id = $contact_id"); $sql = mysqli_query($mysqli,"SELECT contact_photo FROM contacts WHERE contact_id = $contact_id");
@@ -93,7 +94,7 @@ if (isset($_POST['edit_contact'])) {
} }
// Send contact a welcome e-mail, if specified // Send contact a welcome e-mail, if specified
if (isset($_POST['send_email']) && !empty($auth_method) && !empty($config_smtp_host)) { if ($send_email && !empty($auth_method) && !empty($config_smtp_host)) {
// Un-sanitizied used in body of email // Un-sanitizied used in body of email
$contact_name = $_POST['name']; $contact_name = $_POST['name'];
@@ -102,14 +103,18 @@ if (isset($_POST['edit_contact'])) {
$config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email); $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email);
$config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name); $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name);
// Authentication info (azure, reset password, or tech-provided temporary password)
if ($auth_method == 'azure') { if ($auth_method == 'azure') {
$password_info = "Login with your Microsoft (Azure AD) account."; $password_info = "Login with your Microsoft (Azure AD) account.";
} elseif (empty($_POST['contact_password'])) {
$password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
} else { } else {
$password_info = $_POST['contact_password']; $password_info = $_POST['contact_password'] . " -- Please change on first login";
} }
$subject = sanitizeInput("Your new $session_company_name ITFlow account"); $subject = sanitizeInput("Your new $session_company_name support portal account");
$body = mysqli_real_escape_string($mysqli, "Hello, $contact_name<br><br>An ITFlow account has been set up for you. <br><br>Username: $email <br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email"); $body = mysqli_real_escape_string($mysqli, "Hello, $contact_name<br><br>$session_company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email");
// Queue Mail // Queue Mail
mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$email', email_recipient_name = '$name', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject', email_content = '$body'"); mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$email', email_recipient_name = '$name', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject', email_content = '$body'");