AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-14 09:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Misc tidying code spacing & formatting in accordance with SonarCloud/PSR

Browse Source
This commit is contained in:
Marcus Hill
2023-01-01 15:41:21 +00:00
parent 807d374b90
commit 6746edda1a
12 changed files with 546 additions and 555 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
portal/login_microsoft.php
View File

@@ -4,20 +4,20 @@
* OAuth Login via Microsoft IDP
*/
include('../config.php');
include('../functions.php');
require_once('../config.php');
require_once('../functions.php');
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", true);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", true);
}
session_start();
}
$sql_settings = mysqli_query($mysqli,"SELECT config_azure_client_id, config_azure_client_secret FROM settings WHERE company_id = '1'");
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_azure_client_secret FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id'];
@@ -33,15 +33,15 @@ $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/
// Returns a authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET"){
$params = array (
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'response_type' => 'code',
'response_mode' =>'form_post',
'scope' => 'https://graph.microsoft.com/User.Read',
'state' => session_id());
$params = array (
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'response_type' => 'code',
'response_mode' =>'form_post',
'scope' => 'https://graph.microsoft.com/User.Read',
'state' => session_id());
header ('Location: '.$auth_code_url.'?'.http_build_query ($params));
header('Location: '.$auth_code_url.'?'.http_build_query($params));
}
@@ -49,78 +49,75 @@ if ($_SERVER['REQUEST_METHOD'] == "GET"){
// Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()){
$params = array (
'client_id' =>$client_id,
'code' => $_POST['code'],
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code',
'client_secret' => $client_secret
);
// Send request via CURL (server side) so user cannot see the client secret
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$token_grant_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP
$access_token_response = json_decode(curl_exec($ch),1);
// Check if we have an access token
// If we do, send a request to Microsoft Graph API to get user info
if (isset($access_token_response['access_token'])){
$params = array (
'client_id' =>$client_id,
'code' => $_POST['code'],
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code',
'client_secret' => $client_secret
);
// Send request via CURL (server side) so user cannot see the client secret
$ch = curl_init();
curl_setopt ($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'],
'Content-type: application/json'));
curl_setopt ($ch, CURLOPT_URL, "https://graph.microsoft.com/v1.0/me/");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $token_grant_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP
$msgraph_response = json_decode (curl_exec ($ch), 1);
$access_token_response = json_decode(curl_exec($ch), 1);
if (isset($msgraph_response['error'])){
// Something went wrong verifying the token/using the Graph API - quit
echo "Error with MS Graph API. Details:";
var_dump ($msgraph_response['error']);
exit();
// Check if we have an access token
// If we do, send a request to Microsoft Graph API to get user info
if (isset($access_token_response['access_token'])){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'],
'Content-type: application/json'));
curl_setopt($ch, CURLOPT_URL, "https://graph.microsoft.com/v1.0/me/");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP
$msgraph_response = json_decode(curl_exec($ch), 1);
if (isset($msgraph_response['error'])){
// Something went wrong verifying the token/using the Graph API - quit
echo "Error with MS Graph API. Details:";
var_dump($msgraph_response['error']);
exit();
} elseif (isset($msgraph_response['id'])) {
$upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$upn' LIMIT 1");
$row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'azure') {
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['login_method'] = "azure";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
header("Location: index.php");
} else {
$_SESSION['login_message'] = 'Something went wrong with login. Ensure you are setup for SSO.';
header("Location: index.php");
}
}
header('Location: index.php');
} else {
echo "Error getting access_token";
}
elseif(isset($msgraph_response['id'])){
$upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$upn' LIMIT 1");
$row = mysqli_fetch_array($sql);
if($row['contact_auth_method'] == 'azure'){
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['login_method'] = "azure";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
header("Location: index.php");
}
else{
$_SESSION['login_message'] = 'Something went wrong with login. Ensure you are setup for SSO.';
header("Location: index.php");
}
}
header ('Location: index.php');
}
else{
echo "Error getting access_token";
}
}
// If the user is just sat on the page, redirect them to login to try again
if(empty($_GET)){
echo "<script> setTimeout(function(){ window.location = \"login.php\"; },1000);</script>";
if (empty($_GET)) {
echo "<script> setTimeout(function(){ window.location = \"login.php\"; },1000);</script>";
}

25
portal/login_reset.php
View File

@@ -7,19 +7,19 @@
$session_company_id = 1;
require_once('../config.php');
require_once('../functions.php');
require_once ('../get_settings.php');
require_once('../get_settings.php');
if (empty($config_smtp_host)) {
header("Location: login.php");
exit();
}
if(!isset($_SESSION)){
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
ini_set("session.cookie_httponly", true);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
ini_set("session.cookie_secure", true);
}
session_start();
}
@@ -38,7 +38,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
/*
* Send password reset email
*/
if(isset($_POST['password_reset_email_request'])){
if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
@@ -54,7 +54,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$token = key32gen();
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send reset email
@@ -82,10 +82,9 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
/*
* Do password reset
*/
}
elseif(isset($_POST['password_reset_set_password'])){
} elseif (isset($_POST['password_reset_set_password'])) {
if(!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
$_SESSION['login_message'] = WORDING_ERROR;
}
@@ -106,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
@@ -232,7 +231,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<p class="login-box-msg text-danger">
<?php
// Show feedback from session
if(!empty($_SESSION['login_message'])){
if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
@@ -268,4 +267,4 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
</script>
</body>
</html>
</html>

257
portal/portal_post.php
View File

@@ -6,156 +6,151 @@
require_once("inc_portal.php");
if(isset($_POST['add_ticket'])){
if (isset($_POST['add_ticket'])) {
// Get ticket prefix/number
$sql_settings = mysqli_query($mysqli,"SELECT * FROM settings WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql_settings);
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
// Get ticket prefix/number
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql_settings);
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
// HTML Purifier
require("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
// HTML Purifier
require_once("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
$client_id = $session_client_id;
$contact = $session_contact_id;
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])));
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode(nl2br($_POST['details'])))));
$client_id = $session_client_id;
$contact = $session_contact_id;
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['subject'])));
$details = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode(nl2br($_POST['details'])))));
// Ensure priority is low/med/high (as can be user defined)
if($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High"){
$priority = "Low";
}
else{
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['priority'])));
}
// Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
$id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id");
header("Location: ticket.php?id=" . $id);
}
if(isset($_POST['add_ticket_comment'])){
// HTML Purifier
require("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
$ticket_id = intval($_POST['ticket_id']);
// Not currently providing the client portal with a full summer note editor, but need to maintain line breaks.
// In order to maintain line breaks consistently with the agent side, we need to allow HTML tags.
// So, we need to convert line breaks to HTML and clean HTML with HTML Purifier
$comment = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode(nl2br($_POST['comment'])))));
// After stripping bad HTML, check the comment isn't just empty
if(empty($comment)){
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit;
}
// Verify the contact has access to the provided ticket ID
if(verifyContactTicketAccess($ticket_id, "Open")) {
// Add the comment
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = '$session_company_id'");
// Update Ticket Last Response Field & set ticket to open as client has replied
mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Open', ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id' LIMIT 1");
// Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
else {
// The client does not have access to this ticket
header("Location: portal_post.php?logout");
exit();
}
}
if(isset($_POST['add_ticket_feedback'])){
$ticket_id = intval($_POST['ticket_id']);
$feedback = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['add_ticket_feedback'])));
// Verify the contact has access to the provided ticket ID
if(verifyContactTicketAccess($ticket_id, "Closed")) {
// Add feedback
mysqli_query($mysqli, "UPDATE tickets SET ticket_feedback = '$feedback' WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' LIMIT 1");
// Notify on bad feedback
if($feedback == "Bad"){
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_timestamp = NOW(), notification_client_id = '$session_client_id', company_id = '$session_company_id'");
// Ensure priority is low/med/high (as can be user defined)
if ($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High") {
$priority = "Low";
} else {
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['priority'])));
}
// Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
else {
// The client does not have access to this ticket
header("Location: portal_post.php?logout");
exit();
}
// Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
$id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id");
header("Location: ticket.php?id=" . $id);
}
if(isset($_GET['close_ticket'])){
$ticket_id = intval($_GET['close_ticket']);
if (isset($_POST['add_ticket_comment'])) {
// HTML Purifier
require_once("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
// Verify the contact has access to the provided ticket ID
if(verifyContactTicketAccess($ticket_id, "Open")) {
$ticket_id = intval($_POST['ticket_id']);
// Close ticket
mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Closed', ticket_updated_at = NOW(), ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id'");
// Not currently providing the client portal with a full summer note editor, but need to maintain line breaks.
// In order to maintain line breaks consistently with the agent side, we need to allow HTML tags.
// So, we need to convert line breaks to HTML and clean HTML with HTML Purifier
$comment = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode(nl2br($_POST['comment'])))));
// Add reply
mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = $session_company_id");
// After stripping bad HTML, check the comment isn't just empty
if (empty($comment)) {
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit;
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id");
// Verify the contact has access to the provided ticket ID
if (verifyContactTicketAccess($ticket_id, "Open")) {
header("Location: ticket.php?id=" . $ticket_id);
}
else {
// The client does not have access to this ticket
// This is only a GET request, might just be a mistake
header("Location: index.php");
exit();
}
// Add the comment
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = '$session_company_id'");
// Update Ticket Last Response Field & set ticket to open as client has replied
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open', ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id' LIMIT 1");
// Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]);
} else {
// The client does not have access to this ticket
header("Location: portal_post.php?logout");
exit();
}
}
if(isset($_GET['logout'])){
setcookie("PHPSESSID", '', time() - 3600, "/");
unset($_COOKIE['PHPSESSID']);
if (isset($_POST['add_ticket_feedback'])) {
$ticket_id = intval($_POST['ticket_id']);
$feedback = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['add_ticket_feedback'])));
session_unset();
session_destroy();
// Verify the contact has access to the provided ticket ID
if (verifyContactTicketAccess($ticket_id, "Closed")) {
// Add feedback
mysqli_query($mysqli, "UPDATE tickets SET ticket_feedback = '$feedback' WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' LIMIT 1");
// Notify on bad feedback
if ($feedback == "Bad") {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_timestamp = NOW(), notification_client_id = '$session_client_id', company_id = '$session_company_id'");
}
// Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]);
} else {
// The client does not have access to this ticket
header("Location: portal_post.php?logout");
exit();
}
header('Location: login.php');
}
if(isset($_POST['edit_profile'])){
$new_password = $_POST['new_password'];
if(!empty($new_password)){
$password_hash = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
if (isset($_GET['close_ticket'])) {
$ticket_id = intval($_GET['close_ticket']);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $session_client_id, company_id = $session_company_id");
}
header('Location: index.php');
// Verify the contact has access to the provided ticket ID
if (verifyContactTicketAccess($ticket_id, "Open")) {
// Close ticket
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Closed', ticket_updated_at = NOW(), ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id'");
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = $session_company_id");
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id");
header("Location: ticket.php?id=" . $ticket_id);
} else {
// The client does not have access to this ticket - send them home
header("Location: index.php");
exit();
}
}
if (isset($_GET['logout'])) {
setcookie("PHPSESSID", '', time() - 3600, "/");
unset($_COOKIE['PHPSESSID']);
session_unset();
session_destroy();
header('Location: login.php');
}
if (isset($_POST['edit_profile'])) {
$new_password = $_POST['new_password'];
if (!empty($new_password)) {
$password_hash = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $session_client_id, company_id = $session_company_id");
}
header('Location: index.php');
}

239
portal/ticket.php
View File

@@ -6,160 +6,157 @@
require_once("inc_portal.php");
if(isset($_GET['id']) && intval($_GET['id'])) {
$ticket_id = intval($_GET['id']);
if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_id = intval($_GET['id']);
if($session_contact_id == $session_client_primary_contact_id){
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
}
else{
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
}
if ($session_contact_id == $session_client_primary_contact_id) {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
} else {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
}
$ticket = mysqli_fetch_array($ticket_sql);
$ticket = mysqli_fetch_array($ticket_sql);
if ($ticket) {
?>
<nav class="navbar navbar-dark bg-dark">
<i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket['ticket_prefix'], $ticket['ticket_number'] ?></a>
<span class="navbar-text">
if ($ticket) {
?>
<nav class="navbar navbar-dark bg-dark">
<i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket['ticket_prefix'], $ticket['ticket_number'] ?></a>
<span class="navbar-text">
<?php
if($ticket['ticket_status'] !== "Closed"){ ?>
<button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button>
<?php } ?>
if ($ticket['ticket_status'] !== "Closed") { ?>
<button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button>
<?php } ?>
</span>
</nav>
<div class="card">
<div class="card-header">
<h3 class="card-title"><b>Subject:</b> <?php echo $ticket['ticket_subject'] ?></h3>
</div>
<div class="card-body">
<p>
<b>State:</b> <?php echo $ticket['ticket_status'] ?>
<br>
<b>Priority:</b> <?php echo $ticket['ticket_priority'] ?>
</p>
<b>Issue:</b> <?php echo $ticket['ticket_details'] ?>
</div>
</div>
</nav>
<!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
<div class="card">
<div class="card-header">
<h3 class="card-title"><b>Subject:</b> <?php echo $ticket['ticket_subject'] ?></h3>
</div>
<div class="card-body">
<p>
<b>State:</b> <?php echo $ticket['ticket_status'] ?>
<br>
<b>Priority:</b> <?php echo $ticket['ticket_priority'] ?>
</p>
<b>Issue:</b> <?php echo $ticket['ticket_details'] ?>
</div>
</div>
<?php if($ticket['ticket_status'] !== "Closed") { ?>
<div class="form-group">
<form action="portal_post.php" method="post">
<div class="form-group">
<textarea class="form-control" name="comment" placeholder="Add comments.."></textarea>
</div>
<input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
<button type="submit" class="btn btn-primary" name="add_ticket_comment">Save reply</button>
</form>
</div>
<?php }
elseif(empty($ticket['ticket_feedback'])) { ?>
<!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
<h4>Rate your ticket</h4>
<?php if ($ticket['ticket_status'] !== "Closed") { ?>
<div class="form-group">
<form action="portal_post.php" method="post">
<div class="form-group">
<textarea class="form-control" name="comment" placeholder="Add comments.."></textarea>
</div>
<input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
<button type="submit" class="btn btn-primary" name="add_ticket_comment">Save reply</button>
</form>
</div>
<?php }
<form action="portal_post.php" method="post">
<input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
elseif (empty($ticket['ticket_feedback'])) { ?>
<button type="submit" class="btn btn-primary btn-lg" name="add_ticket_feedback" value="Good" onclick="this.form.submit()">
<span class="fa fa-smile" aria-hidden="true"></span> Good
</button>
<h4>Rate your ticket</h4>
<button type="submit" class="btn btn-danger btn-lg" name="add_ticket_feedback" value="Bad" onclick="this.form.submit()">
<span class="fa fa-frown" aria-hidden="true"></span> Bad
</button>
</form>
<form action="portal_post.php" method="post">
<input type="hidden" name="ticket_id" value="<?php echo $ticket['ticket_id'] ?>">
<?php }
<button type="submit" class="btn btn-primary btn-lg" name="add_ticket_feedback" value="Good" onclick="this.form.submit()">
<span class="fa fa-smile" aria-hidden="true"></span> Good
</button>
else{ ?>
<button type="submit" class="btn btn-danger btn-lg" name="add_ticket_feedback" value="Bad" onclick="this.form.submit()">
<span class="fa fa-frown" aria-hidden="true"></span> Bad
</button>
</form>
<h4>Rated <?php echo $ticket['ticket_feedback'] ?> -- Thanks for your feedback!</h4>
<?php }
<?php } ?>
else { ?>
<!-- End comments/feedback -->
<h4>Rated <?php echo $ticket['ticket_feedback'] ?> -- Thanks for your feedback!</h4>
<hr><br>
<?php } ?>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type != 'Internal' ORDER BY ticket_reply_id DESC");
<!-- End comments/feedback -->
while($row = mysqli_fetch_array($sql)){
$ticket_reply_id = $row['ticket_reply_id'];
$ticket_reply = $row['ticket_reply'];
$ticket_reply_created_at = $row['ticket_reply_created_at'];
$ticket_reply_updated_at = $row['ticket_reply_updated_at'];
$ticket_reply_by = $row['ticket_reply_by'];
$ticket_reply_type = $row['ticket_reply_type'];
<hr><br>
if($ticket_reply_type == "Client"){
$ticket_reply_by_display = $row['contact_name'];
$user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
}
else{
$ticket_reply_by_display = $row['user_name'];
$user_id = $row['user_id'];
$user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']);
$avatar_link = "../uploads/users/$user_id/$user_avatar";
}
?>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type != 'Internal' ORDER BY ticket_reply_id DESC");
<div class="card card-outline <?php if($ticket_reply_type == 'Client') {echo "card-warning"; } else{ echo "card-info"; } ?> mb-3">
<div class="card-header">
<h3 class="card-title">
<div class="media">
<?php if(!empty($user_avatar)){ ?>
<img src="<?php echo $avatar_link ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle">
<?php }else{ ?>
<span class="fa-stack fa-2x">
while ($row = mysqli_fetch_array($sql)) {
$ticket_reply_id = $row['ticket_reply_id'];
$ticket_reply = $row['ticket_reply'];
$ticket_reply_created_at = $row['ticket_reply_created_at'];
$ticket_reply_updated_at = $row['ticket_reply_updated_at'];
$ticket_reply_by = $row['ticket_reply_by'];
$ticket_reply_type = $row['ticket_reply_type'];
if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = $row['contact_name'];
$user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
} else {
$ticket_reply_by_display = $row['user_name'];
$user_id = $row['user_id'];
$user_avatar = $row['user_avatar'];
$user_initials = initials($row['user_name']);
$avatar_link = "../uploads/users/$user_id/$user_avatar";
}
?>
<div class="card card-outline <?php if ($ticket_reply_type == 'Client') { echo "card-warning"; } else { echo "card-info"; } ?> mb-3">
<div class="card-header">
<h3 class="card-title">
<div class="media">
<?php if (!empty($user_avatar)) { ?>
<img src="<?php echo $avatar_link ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle">
<?php } else { ?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
</span>
<?php
}
?>
<?php
}
?>
<div class="media-body">
<?php echo $ticket_reply_by_display; ?>
<br>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "(edited: $ticket_reply_updated_at)"; } ?></small>
</div>
<div class="media-body">
<?php echo $ticket_reply_by_display; ?>
<br>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "(edited: $ticket_reply_updated_at)"; } ?></small>
</div>
</div>
</h3>
</div>
<div class="card-body">
<?php echo $ticket_reply; ?>
</div>
</div>
</h3>
</div>
<div class="card-body">
<?php echo $ticket_reply; ?>
</div>
</div>
<?php
<?php
}
?>
<?php
} else {
echo "Ticket ID not found!";
}
?>
<?php
}
else{
echo "Ticket ID not found!";
}
}
else{
header("Location: index.php");
} else {
header("Location: index.php");
}
require_once("portal_footer.php");