AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Portal-related updates

Browse Source 
- Bug fix contact password setting
- Add invoice guest view link to invoices portal page
- Billing contacts now have access to invoices on the portal
- Technical contacts now have access to all tickets
- General housekeeping/tidying
This commit is contained in:
Marcus Hill
2023-02-04 15:28:39 +00:00
parent 04070ff67a
commit 7f02464b92
15 changed files with 929 additions and 859 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
portal/check_login.php
View File

@@ -20,17 +20,28 @@ if (!$_SESSION['client_logged_in']) {
die;
}
// SESSION FINGERPRINT
// User IP & UA
$session_ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
// Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Get info from session
$session_client_id = $_SESSION['client_id'];
$session_contact_id = $_SESSION['contact_id'];
$session_company_id = $_SESSION['company_id'];
// Get company info from database
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
$session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
// Get contact info
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact = mysqli_fetch_array($contact_sql);
@@ -41,6 +52,17 @@ $session_contact_title = strip_tags(mysqli_real_escape_string($mysqli, $contact[
$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_email']));
$session_contact_photo = $contact['contact_photo'];
$session_contact_is_technical_contact = false;
$session_contact_is_billing_contact = false;
if ($contact['contact_technical'] == 1) {
$session_contact_is_technical_contact = true;
}
if ($contact['contact_billing'] == 1) {
$session_contact_is_billing_contact = true;
}
// Get client info
$client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$session_client_id'");
$client = mysqli_fetch_array($client_sql);

58
portal/invoices.php
View File

@@ -4,21 +4,14 @@
* Invoices for PTC
*/
/*
TODO:
- Allow accounting contacts to see this page
- Tidy styling and add currency codes
- Add links to see the invoice in full (similar to invoice guest view)
*/
require_once("inc_portal.php");
if ($session_contact_id !== $session_client_primary_contact_id) {
if ($session_contact_id !== $session_client_primary_contact_id && !$session_contact_is_billing_contact) {
header("Location: portal_post.php?logout");
exit();
}
$invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $session_client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC");
$invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $session_client_id AND (invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Paid') ORDER BY invoice_date DESC");
?>
<div class="row">
@@ -53,8 +46,10 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
<tr>
<th>#</th>
<th>Scope</th>
<th>Date</th>
<th>Amount</th>
<th>Date</th>
<th>Due</th>
<th>Status</th>
</tr>
</thead>
<tbody>
@@ -65,15 +60,52 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
$invoice_prefix = htmlentities($row['invoice_prefix']);
$invoice_number = htmlentities($row['invoice_number']);
$invoice_scope = htmlentities($row['invoice_scope']);
$invoice_status = htmlentities($row['invoice_status']);
$invoice_date = $row['invoice_date'];
$invoice_due = $row['invoice_due'];
$invoice_amount = floatval($row['invoice_amount']);
$invoice_url_key = htmlentities($row['invoice_url_key']);
if (empty($invoice_scope)) {
$invoice_scope_display = "-";
} else {
$invoice_scope_display = $invoice_scope;
}
$now = time();
if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ) {
$overdue_color = "text-danger font-weight-bold";
} else {
$overdue_color = "";
}
if ($invoice_status == "Sent") {
$invoice_badge_color = "warning text-white";
} elseif ($invoice_status == "Viewed") {
$invoice_badge_color = "info";
} elseif ($invoice_status == "Partial") {
$invoice_badge_color = "primary";
} elseif ($invoice_status == "Paid") {
$invoice_badge_color = "success";
} elseif ($invoice_status == "Cancelled") {
$invoice_badge_color = "danger";
} else{
$invoice_badge_color = "secondary";
}
?>
<tr>
<td><?php echo "$invoice_prefix$invoice_number"; ?></a></td>
<td><?php echo $invoice_scope; ?></td>
<td><a target="_blank" href="\\<?php echo $config_base_url ?>/guest_view_invoice.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"?>"> <?php echo "$invoice_prefix$invoice_number"; ?></a></td>
<td><?php echo $invoice_scope_display; ?></td>
<td><?php echo numfmt_format_currency($currency_format, $invoice_amount, $session_company_currency); ?></td>
<td><?php echo $invoice_date; ?></td>
<td><?php echo $invoice_amount; ?></td>
<td class="<?php echo $overdue_color; ?>"><?php echo $invoice_due; ?></td>
<td>
<span class="p-2 badge badge-<?php echo $invoice_badge_color; ?>">
<?php echo $invoice_status; ?>
</span>
</td>
</tr>
<?php
}

20
portal/portal_functions.php
View File

@@ -7,17 +7,17 @@
/*
* Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action
*/
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state) {
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
{
// Access the global variables
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_contact_is_technical_contact, $session_client_id;
// Setup
if ($expected_ticket_state == "Closed") {
// Closed tickets
$ticket_state_snippet = "ticket_status = 'Closed'";
}
else {
} else {
// Open (working/hold) tickets
$ticket_state_snippet = "ticket_status != 'Closed'";
}
@@ -27,12 +27,12 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
$row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id'];
if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
// Client is ticket owner, or primary contact
return TRUE;
if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact)) {
// Client is ticket owner, primary contact, or a technical contact
return true;
}
// Client is NOT ticket owner or primary contact
return FALSE;
// Client is NOT ticket owner or primary/tech contact
return false;
}
}

2
portal/portal_header.php
View File

@@ -43,7 +43,7 @@
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "tickets.php" || basename($_SERVER['PHP_SELF']) == "ticket_add.php" || basename($_SERVER['PHP_SELF']) == "ticket.php") {echo "active";} ?>" href="tickets.php">Tickets</a>
</li>
<?php if ($session_contact_id == $session_client_primary_contact_id) { ?>
<?php if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_billing_contact) { ?>
<li class="nav-item">
<a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "invoices.php") {echo "active";} ?>" href="invoices.php">Invoices</a>
</li>

22
portal/profile.php
View File

@@ -4,16 +4,21 @@
* User profile
*/
require('inc_portal.php');
require_once('inc_portal.php');
?>
<h2>Profile</h2>
<h2>Profile</h2>
<p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p>
<p>Client: <?php echo $session_client_name ?></p>
<p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
<p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p>
<p>Client: <?php echo $session_client_name ?></p>
<br>
<p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Client Technical Contact: <?php if ($session_contact_is_technical_contact) {echo "Yes"; } else {echo "No";} ?></p>
<p>Client Billing Contact: <?php if ($session_contact_is_billing_contact == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
<!-- // Show option to change password if auth provider is local -->
@@ -34,8 +39,7 @@ require('inc_portal.php');
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
</form>
</div>
<?php endif ?>
<?php
require_once('portal_footer.php');
require_once('portal_footer.php');

33
portal/ticket.php
View File

@@ -9,7 +9,7 @@ require_once("inc_portal.php");
if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_id = intval($_GET['id']);
if ($session_contact_id == $session_client_primary_contact_id) {
if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact) {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
} else {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
@@ -42,14 +42,11 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<div class="card">
<div class="card-header bg-dark text-center">
<h4 class="mt-1">
Ticket <?php echo $ticket_prefix, $ticket_number ?>
Ticket <?php echo $ticket_prefix, $ticket_number ?>
<?php
if ($ticket_status !== "Closed") {
?>
<a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-sm btn-outline-success float-right text-white"><i class="fas fa-fw fa-check text-success"></i> Close ticket</a>
<?php
}
?>
if ($ticket_status !== "Closed") { ?>
<a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-sm btn-outline-success float-right text-white"><i class="fas fa-fw fa-check text-success"></i> Close ticket</a>
<?php } ?>
</h4>
</div>
@@ -61,7 +58,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<br>
<strong>Priority:</strong> <?php echo $ticket_priority ?>
</p>
<strong>Issue:</strong> <?php echo $ticket_details ?>
<?php echo $ticket_details ?>
</div>
</div>
@@ -69,7 +66,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
<?php if ($ticket_status !== "Closed") { ?>
<form action="portal_post.php" method="post">
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id ?>">
<div class="form-group">
@@ -77,7 +74,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
</div>
<button type="submit" class="btn btn-primary" name="add_ticket_comment">Save reply</button>
</form>
<?php }
elseif (empty($ticket_feedback)) { ?>
@@ -138,18 +135,18 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<div class="card-header">
<h3 class="card-title">
<div class="media">
<?php
if (!empty($user_avatar)) {
?>
<?php
if (!empty($user_avatar)) {
?>
<img src="<?php echo $avatar_link ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle">
<?php
} else {
?>
<?php
} else {
?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
</span>
<?php
<?php
}
?>

76
portal/ticket_add.php
View File

@@ -4,57 +4,57 @@
* New ticket form
*/
require('inc_portal.php');
require_once('inc_portal.php');
?>
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="index.php">Home</a>
</li>
<li class="breadcrumb-item">
<a href="tickets.php">Tickets</a>
</li>
<li class="breadcrumb-item active">New Ticket</li>
</ol>
<ol class="breadcrumb d-print-none">
<li class="breadcrumb-item">
<a href="index.php">Home</a>
</li>
<li class="breadcrumb-item">
<a href="tickets.php">Tickets</a>
</li>
<li class="breadcrumb-item active">New Ticket</li>
</ol>
<h2>Raise a new ticket</h2>
<h2>Raise a new ticket</h2>
<div class="col-md-8">
<form action="portal_post.php" method="post">
<div class="col-md-8">
<form action="portal_post.php" method="post">
<div class="form-group">
<label>Subject <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
<div class="form-group">
<label>Subject <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<input type="text" class="form-control" name="subject" placeholder="Subject" required>
</div>
<input type="text" class="form-control" name="subject" placeholder="Subject" required>
</div>
</div>
<div class="form-group">
<label>Priority <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
<div class="form-group">
<label>Priority <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="priority" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
<select class="form-control select2" name="priority" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Details <strong class="text-danger">*</strong></label>
<textarea class="form-control" rows="4" name="details" required></textarea>
</div>
<div class="form-group">
<label>Details <strong class="text-danger">*</strong></label>
<textarea class="form-control" rows="4" name="details" required></textarea>
</div>
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form>
</div>
</form>
</div>
<?php
require_once('portal_footer.php');

2
portal/ticket_view_all.php
View File

@@ -6,7 +6,7 @@
require_once('inc_portal.php');
if ($session_contact_id !== $session_client_primary_contact_id) {
if ($session_contact_id !== $session_client_primary_contact_id && !$session_contact_is_technical_contact) {
header("Location: portal_post.php?logout");
exit();
}

18
portal/tickets.php
View File

@@ -34,7 +34,7 @@ $sql_total_tickets_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS tota
$row = mysqli_fetch_array($sql_total_tickets_open);
$total_tickets_open = $row['total_tickets_open'];
//Get Total tickets
//Get Total tickets
$sql_total_tickets = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets FROM tickets WHERE ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
$row = mysqli_fetch_array($sql_total_tickets);
$total_tickets = $row['total_tickets'];
@@ -68,7 +68,7 @@ $total_tickets = $row['total_tickets'];
<div class="row">
<div class="col-md-10">
<table class="table tabled-bordered border border-dark">
<thead class="thead-dark">
<tr>
@@ -92,17 +92,17 @@ $total_tickets = $row['total_tickets'];
<td>
<a href="ticket.php?id=<?php echo $ticket_id; ?>"><?php echo "$ticket_prefix$ticket_number"; ?></a>
</td>
<td>
<td>
<a href="ticket.php?id=<?php echo $ticket_id; ?>"><?php echo $ticket_subject; ?></a>
</td>
<td><?php echo $ticket_status; ?></td>
<td><?php echo $ticket_status; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
<div class="col-md-2">
@@ -117,11 +117,11 @@ $total_tickets = $row['total_tickets'];
<a href="?status=%" class="btn btn-secondary btn-block p-3 mb-3 text-left">All my tickets | <strong><?php echo $total_tickets ?></strong></a>
<?php
if ($session_contact_id == $session_client_primary_contact_id) {
if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact) {
?>
<hr>
<a href="ticket_view_all.php" class="btn btn-dark btn-block p-2 mb-3">All Tickets</a>
<?php
@@ -131,4 +131,4 @@ $total_tickets = $row['total_tickets'];
</div>
</div>
<?php require_once("portal_footer.php"); ?>
<?php require_once("portal_footer.php"); ?>