BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes

2026-02-28 02:44:53 +00:00 · 2023-03-11 16:16:46 -05:00
parent 75da31d991
commit 48fe49cf77
164 changed files with 2154 additions and 2794 deletions
--- a/portal/check_login.php
+++ b/portal/check_login.php
@@ -28,11 +28,10 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
 // Get info from session
 $session_client_id = intval($_SESSION['client_id']);
 $session_contact_id = intval($_SESSION['contact_id']);
-$session_company_id = intval($_SESSION['company_id']);


 // Get company info from database
-$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
+$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
 $row = mysqli_fetch_array($sql);

 $session_company_name = $row['company_name'];
@@ -43,7 +42,7 @@ $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRE


 // Get contact info
-$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
+$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $session_contact_id AND contact_client_id = $session_client_id");
 $contact = mysqli_fetch_array($contact_sql);

 $session_contact_name = sanitizeInput($contact['contact_name']);
--- a/portal/inc_portal.php
+++ b/portal/inc_portal.php
@@ -19,4 +19,9 @@ if (!isset($_SESSION)) {
    session_start();
 }

+// Get Company Information
+$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
+$row = mysqli_fetch_array($sql);
+$company_name = $row['company_name'];
+
 require_once("portal_header.php");
--- a/portal/index.php
+++ b/portal/index.php
@@ -11,7 +11,7 @@ require_once("inc_portal.php");
 <div class="row">
    <div class="col-md-1 text-center">
        <?php if (!empty($session_contact_photo)) { ?>
-            <img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive">
+            <img src="<?php echo "../uploads/clients/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive">

        <?php } else { ?>

--- a/portal/invoices.php
+++ b/portal/invoices.php
@@ -17,7 +17,7 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
    <div class="row">
        <div class="col-md-1 text-center">
            <?php if (!empty($session_contact_photo)) { ?>
-                <img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive">
+                <img src="<?php echo "../uploads/clients/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive">
            <?php } else { ?>
                <span class="fa-stack fa-2x rounded-left">
                <i class="fa fa-circle fa-stack-2x text-secondary"></i>
--- a/portal/login.php
+++ b/portal/login.php
@@ -94,7 +94,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
 <div class="login-box">
    <div class="login-logo">
        <?php if (!empty($company_logo)) { ?>
-            <img alt="<?=$company_name?> logo" height="110" width="380" class="img-fluid" src="<?php echo "../uploads/settings/1/$company_logo"; ?>">
+            <img alt="<?=$company_name?> logo" height="110" width="380" class="img-fluid" src="<?php echo "../uploads/settings/$company_logo"; ?>">
        <?php } else { ?>
            <b><?=$company_name?></b> <br>Client Portal Login</h2>
        <?php } ?>
--- a/portal/login_microsoft.php
+++ b/portal/login_microsoft.php
@@ -17,7 +17,7 @@ if (!isset($_SESSION)) {
    session_start();
 }

-$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_azure_client_secret FROM settings WHERE company_id = '1'");
+$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_azure_client_secret FROM settings WHERE company_id = 1");
 $settings = mysqli_fetch_array($sql_settings);

 $client_id = $settings['config_azure_client_id'];
@@ -101,10 +101,9 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
                $_SESSION['client_logged_in'] = true;
                $_SESSION['client_id'] = $row['contact_client_id'];
                $_SESSION['contact_id'] = $row['contact_id'];
-                $_SESSION['company_id'] = $row['company_id'];
                $_SESSION['login_method'] = "azure";

-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");

                header("Location: index.php");

--- a/portal/login_reset.php
+++ b/portal/login_reset.php
@@ -42,19 +42,18 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {

        $email = sanitizeInput($_POST['email']);

-        $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
+        $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
        $row = mysqli_fetch_assoc($sql);

        $id = intval($row['contact_id']);
        $name = $row['contact_name'];
        $client = intval($row['contact_client_id']);
-        $company = intval($row['company_id']);

        if ($row['contact_email'] == $email) {
            $token = randomString(156);
            $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
            mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, company_id = $company");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");


            // Send reset email
@@ -77,8 +76,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {

            // Error handling
            if ($mail !== true) {
-                mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', company_id = $company");
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
+                mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email'");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail'");
            }

            //End Mail IF
@@ -106,7 +105,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
        $contact_row = mysqli_fetch_array($sql);
        $contact_id = intval($contact_row['contact_id']);
        $name = $contact_row['contact_name'];
-        $company = intval($contact_row['company_id']);

        // Ensure the token is correct
        if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
@@ -114,7 +112,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
            // Set password, invalidate token, logging
            $password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
            mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, company_id = $company");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");

            // Send confirmation email
            $subject = "Password reset confirmation for $company_name ITFlow Portal";
@@ -137,8 +135,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {

            // Error handling
            if ($mail !== true) {
-                mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', company_id = $company");
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
+                mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email'");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail'");
            }

            // Redirect to login page
--- a/portal/portal_footer.php
+++ b/portal/portal_footer.php
@@ -11,7 +11,7 @@
 <br>
 <hr>

-<p class="text-center"><?php echo $config_app_name ?></p>
+<p class="text-center"><?php echo htmlentities($config_app_name); ?></p>


 <!-- jQuery -->
--- a/portal/portal_header.php
+++ b/portal/portal_header.php
@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY");
 <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <title><?php echo htmlentities($config_app_name); ?> | Client Portal - Tickets</title>
+    <title><?php echo htmlentities($company_name); ?> | Client Portal - Tickets</title>

    <!-- Tell the browser to be responsive to screen width -->
    <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY");

 <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
    <div class="container">
-        <a class="navbar-brand" href="index.php"><?php echo htmlentities($config_app_name); ?></a>
+        <a class="navbar-brand" href="index.php"><?php echo htmlentities($company_name); ?></a>
        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
            <span class="navbar-toggler-icon"></span>
        </button>
--- a/portal/portal_post.php
+++ b/portal/portal_post.php
@@ -9,7 +9,7 @@ require_once("inc_portal.php");
 if (isset($_POST['add_ticket'])) {

    // Get ticket prefix/number
-    $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $session_company_id");
+    $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
    $row = mysqli_fetch_array($sql_settings);
    $config_ticket_prefix = $row['config_ticket_prefix'];
    $config_ticket_next_number = intval($row['config_ticket_next_number']);
@@ -20,8 +20,8 @@ if (isset($_POST['add_ticket'])) {
    $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
    $purifier = new HTMLPurifier($purifier_config);

-    $client_id = $session_client_id;
-    $contact = $session_contact_id;
+    $client_id = intval($session_client_id);
+    $contact = intval($session_contact_id);
    $subject = sanitizeInput($_POST['subject']);
    $details = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode(nl2br($_POST['details'])))));

@@ -35,13 +35,13 @@ if (isset($_POST['add_ticket'])) {
    // Get the next Ticket Number and add 1 for the new ticket number
    $ticket_number = $config_ticket_next_number;
    $new_config_ticket_next_number = $config_ticket_next_number + 1;
-    mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id");
+    mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");

-    mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_by = 0, ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
+    mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_by = 0, ticket_contact_id = $contact, ticket_client_id = $client_id");
    $id = mysqli_insert_id($mysqli);

    // Logging
-    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, company_id = $session_company_id");
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id");

    header("Location: ticket.php?id=" . $id);

@@ -71,7 +71,7 @@ if (isset($_POST['add_ticket_comment'])) {
    if (verifyContactTicketAccess($ticket_id, "Open")) {

        // Add the comment
-        mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_by = $session_contact_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id");
+        mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_by = $session_contact_id, ticket_reply_ticket_id = $ticket_id");

        // Update Ticket Last Response Field & set ticket to open as client has replied
        mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open' WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id LIMIT 1");
@@ -97,7 +97,7 @@ if (isset($_POST['add_ticket_feedback'])) {

        // Notify on bad feedback
        if ($feedback == "Bad") {
-            mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_client_id = $session_client_id, company_id = $session_company_id");
+            mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_client_id = $session_client_id");
        }

        // Redirect
@@ -120,10 +120,10 @@ if (isset($_GET['close_ticket'])) {
        mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Closed', ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = $session_client_id");

        // Add reply
-        mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_by = $session_contact_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id");
+        mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_by = $session_contact_id, ticket_reply_ticket_id = $ticket_id");

        //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent'");

        header("Location: ticket.php?id=" . $ticket_id);
    } else {
@@ -150,7 +150,7 @@ if (isset($_POST['edit_profile'])) {
        mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = $session_contact_id AND contact_client_id = $session_client_id");

        // Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $session_client_id, company_id = $session_company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $session_client_id");
    }
    header('Location: index.php');
 }