AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-07 06:14:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Portal-related updates

Browse Source 
- Bug fix contact password setting
- Add invoice guest view link to invoices portal page
- Billing contacts now have access to invoices on the portal
- Technical contacts now have access to all tickets
- General housekeeping/tidying
This commit is contained in:
Marcus Hill
2023-02-04 15:28:39 +00:00
parent 04070ff67a
commit 7f02464b92
15 changed files with 929 additions and 859 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
portal/check_login.php
View File

@@ -20,17 +20,28 @@ if (!$_SESSION['client_logged_in']) {
die;
}
// SESSION FINGERPRINT
// User IP & UA
$session_ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
// Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Get info from session
$session_client_id = $_SESSION['client_id'];
$session_contact_id = $_SESSION['contact_id'];
$session_company_id = $_SESSION['company_id'];
// Get company info from database
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
$session_company_country = $row['company_country'];
$session_company_locale = $row['company_locale'];
$session_company_currency = $row['company_currency'];
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
// Get contact info
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact = mysqli_fetch_array($contact_sql);
@@ -41,6 +52,17 @@ $session_contact_title = strip_tags(mysqli_real_escape_string($mysqli, $contact[
$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_email']));
$session_contact_photo = $contact['contact_photo'];
$session_contact_is_technical_contact = false;
$session_contact_is_billing_contact = false;
if ($contact['contact_technical'] == 1) {
$session_contact_is_technical_contact = true;
}
if ($contact['contact_billing'] == 1) {
$session_contact_is_billing_contact = true;
}
// Get client info
$client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$session_client_id'");
$client = mysqli_fetch_array($client_sql);