From 312eb4dffcfae335c354477edc05516bf602aa9a Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sun, 14 Dec 2025 13:16:54 -0500
Subject: [PATCH] Allow use of login key only for agents

---
 login.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/login.php b/login.php
index 5a639d8e..33422ee2 100644
--- a/login.php
+++ b/login.php
@@ -99,6 +99,10 @@ $config_mail_from_name  = sanitizeInput($row['config_mail_from_name']);
 $config_client_portal_enable     = intval($row['config_client_portal_enable']);
 $config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
 
+// Login key (if setup)
+$config_login_key_required = $row['config_login_key_required'];
+$config_login_key_secret = $row['config_login_key_secret'];
+
 // Azure / Entra for client
 $azure_client_id = $row['config_azure_client_id'] ?? null;
 
@@ -224,6 +228,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_
             // AGENT LOGIN FLOW
             // =========================
             if ($selectedType === 1) {
+                // Login key verification
+                //  If no/incorrect 'key' is supplied, send to client portal instead
+                if ($config_login_key_required) {
+                    if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) {
+                        redirect("client");
+                    }
+                }
 
                 $user_name                  = sanitizeInput($selectedRow['user_name']);
                 $token                      = sanitizeInput($selectedRow['user_token']);