AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Portal - allow editing client contacts, few tweaks to header incl session notifications

This commit is contained in:
wrongecho 2024-09-05 15:16:11 +01:00
parent a23005babe
commit 49fddd4f1e
6 changed files with 171 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
portal/contact_edit.php Normal file
View File

@ -0,0 +1,114 @@
<?php
/*
* Client Portal
* Docs for PTC / technical contacts
*/
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once "inc_portal.php";
if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
header("Location: portal_post.php?logout");
exit();
}
//Initialize the HTML Purifier to prevent XSS
require_once "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
// Check for a contact ID
if (!isset($_GET['id']) && !intval($_GET['id'])) {
header("Location: contacts.php");
exit();
}
$contact_id = intval($_GET['id']);
$sql_contact = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_primary, contact_technical, contact_billing, contact_auth_method FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $session_client_id AND contacts.contact_archived_at IS NULL LIMIT 1");
$row = mysqli_fetch_array($sql_contact);
if ($row) {
$contact_id = intval($row['contact_id']);
$contact_name = nullable_htmlentities($row['contact_name']);
$contact_email = nullable_htmlentities($row['contact_email']);
$contact_primary = intval($row['contact_primary']);
$contact_technical = intval($row['contact_technical']);
$contact_billing = intval($row['contact_billing']);
} else {
header("Location: portal_post.php?logout");
exit();
}
?>
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="index.php">Home</a>
</li>
<li class="breadcrumb-item">
<a href="contacts.php">Contacts</a>
</li>
<li class="breadcrumb-item active">Edit Contact</li>
</ol>
<div class="col-md-6">
<form action="portal_post.php" method="post">
<input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>">
<!-- Prevent undefined checkbox errors on submit -->
<input type="hidden" name="contact_billing" value="0">
<input type="hidden" name="contact_technical" value="0">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<input type="text" class="form-control" name="contact_name" value="<?php echo nullable_htmlentities($contact_name) ?>" required>
</div>
</div>
<div class="form-group">
<label>Email <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
</div>
<input type="text" class="form-control" name="contact_email" value="<?php echo nullable_htmlentities($contact_email) ?>" required>
</div>
</div>
<label>Roles:</label>
<div class="form-row">
<div class="col-md-4">
<div class="form-group">
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="contactBillingCheckbox" name="contact_billing" value="1" <?php if ($contact_billing == 1) { echo "checked"; } ?>>
<label class="custom-control-label" for="contactBillingCheckbox">Billing</label>
</div>
</div>
</div>
<div class="col-md-4">
<div class="form-group">
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="contactTechnicalCheckbox" name="contact_technical" value="1" <?php if ($contact_technical == 1) { echo "checked"; } ?>>
<label class="custom-control-label" for="contactTechnicalCheckbox">Technical</label>
</div>
</div>
</div>
</div>
<?php if ($contact_primary) { echo "<i>Cannot edit the primary contact</i>"; } else { ?>
<button class="btn btn-primary" name="edit_contact">Save</button>
<?php } ?>
</form>
</div>
<?php
require_once "portal_footer.php";

2
portal/contacts.php
View File

@ -54,7 +54,7 @@ $contacts_sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_
?>
<tr>
<td><a href="contact.php?id=<?php echo $contact_id?>" disabled="disabled"><?php echo $contact_name ?></a></td>
<td><a href="contact_edit.php?id=<?php echo $contact_id?>"><?php echo $contact_name ?></a></td>
<td><?php echo $contact_email; ?></td>
<td><?php echo $contact_roles_display ?></td>
</tr>

23
portal/document.php
View File

@ -27,16 +27,31 @@ if (!isset($_GET['id']) && !intval($_GET['id'])) {
}
$document_id = intval($_GET['id']);
$sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, document_content FROM documents WHERE document_id = $document_id AND document_client_id = $session_client_id AND document_template = 0 LIMIT 1");
$sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, document_content FROM documents WHERE document_id = $document_id AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL LIMIT 1");
$row = mysqli_fetch_array($sql_document);
$document_id = intval($row['document_id']);
$document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']);
if ($row) {
$document_id = intval($row['document_id']);
$document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']);
} else {
header("Location: portal_post.php?logout");
exit();
}
?>
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="index.php">Home</a>
</li>
<li class="breadcrumb-item">
<a href="documents.php">Documents</a>
</li>
<li class="breadcrumb-item active">Document</li>
</ol>
<div class="card">
<div class="card-body prettyContent">
<h3><?php echo $document_name; ?></h3>

19
portal/portal_header.php
View File

@ -112,3 +112,22 @@ header("X-Frame-Options: DENY"); // Legacy
<hr>
</div>
</div>
<?php
//Alert Feedback
if (!empty($_SESSION['alert_message'])) {
if (!isset($_SESSION['alert_type'])) {
$_SESSION['alert_type'] = "info";
}
?>
<div class="alert alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
<?php echo nullable_htmlentities($_SESSION['alert_message']); ?>
<button class='close' data-dismiss='alert'>&times;</button>
</div>
<?php
unset($_SESSION['alert_type']);
unset($_SESSION['alert_message']);
}
?>

17
portal/portal_post.php
View File

@ -287,3 +287,20 @@ if (isset($_POST['edit_profile'])) {
}
header('Location: index.php');
}
if (isset($_POST['edit_contact'])) {
$contact_id = intval($_POST['contact_id']);
$contact_name = sanitizeInput($_POST['contact_name']);
$contact_email = sanitizeInput($_POST['contact_email']);
$contact_technical = intval($_POST['contact_technical']);
$contact_billing = intval($_POST['contact_billing']);
mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical WHERE contact_id = $contact_id AND contact_client_id = $session_client_id AND contact_archived_at IS NULL AND contact_primary = 0");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client $session_contact_name modified contact $contact_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $session_client_id, log_entity_id = $contact_id");
$_SESSION['alert_message'] = "Contact updated";
header('Location: contacts.php');
}

2
portal/ticket_add.php
View File

@ -18,7 +18,7 @@ require_once 'inc_portal.php';
<li class="breadcrumb-item active">New Ticket</li>
</ol>
<h2>Raise a new ticket</h2>
<h3>Raise a new ticket</h3>
<div class="col-md-8">
<form action="portal_post.php" method="post">