Portal-related updates

- Bug fix contact password setting
- Add invoice guest view link to invoices portal page
- Billing contacts now have access to invoices on the portal
- Technical contacts now have access to all tickets
- General housekeeping/tidying

client_contact_add_modal.php

@@ -8,6 +8,12 @@
                 </button>
             </div>
             <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+                <!-- Prevent undefined checkbox errors on submit -->
+                <input type="hidden" name="primary_contact" value="0">
+                <input type="hidden" name="contact_important" value="0">
+                <input type="hidden" name="contact_billing" value="0">
+                <input type="hidden" name="contact_technical" value="0">
+                <!-- End prevent undefined errors -->
                 <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
                 <div class="modal-body bg-white">
 

client_contact_edit_modal.php

@@ -8,6 +8,12 @@
                 </button>
             </div>
             <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+                <!-- Prevent undefined checkbox errors on submit -->
+                <input type="hidden" name="primary_contact" value="0">
+                <input type="hidden" name="contact_important" value="0">
+                <input type="hidden" name="contact_billing" value="0">
+                <input type="hidden" name="contact_technical" value="0">
+                <!-- End prevent undefined errors -->
                 <input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>">
                 <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
                 <input type="hidden" name="existing_file_name" value="<?php echo $contact_photo; ?>">

guest_header.php

@@ -1,12 +1,12 @@
 <?php
 
-include("config.php");
+require_once("config.php");
-include("functions.php");
+require_once("functions.php");
 
 session_start();
 
-$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,getIP())));
+$ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
-$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
 
 ?>
 
@@ -24,8 +24,6 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_A
     <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
     <!-- Theme style -->
     <link rel="stylesheet" href="dist/css/adminlte.min.css">
-  <!-- Google Font: Source Sans Pro -->
-  <!-- <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> -->
 
     <!-- Custom Style Sheet -->
     <link href="plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
@@ -35,7 +33,7 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_A
 
 </head>
 <body class="layout-top-nav">
-  <div class="wrapper text-sm">
+<div class="wrapper text-sm">
 
     <!-- Content Wrapper. Contains page content -->
     <div class="content-wrapper">

guest_view_invoice.php

@@ -1,4 +1,6 @@
-<?php include("guest_header.php");
+<?php
+
+require_once("guest_header.php");
 
 if (isset($_GET['invoice_id'], $_GET['url_key'])) {
 
@@ -71,6 +73,8 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
         $os = strip_tags(mysqli_real_escape_string($mysqli,getOS($session_user_agent)));
         $browser = strip_tags(mysqli_real_escape_string($mysqli,getWebBrowser($session_user_agent)));
 
+        $invoice_tally_total = 0; // Default
+
         //Set Badge color based off of invoice status
         if ($invoice_status == "Sent") {
             $invoice_badge_color = "warning text-white";
@@ -108,6 +112,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key'])) {
         $balance = $invoice_amount - $amount_paid;
 
         //check to see if overdue
+        $invoice_color = $invoice_badge_color; // Default
         if ($invoice_status !== "Paid" && $invoice_status !== "Draft" && $invoice_status !== "Cancelled") {
             $unixtime_invoice_due = strtotime($invoice_due) + 86400;
             if ($unixtime_invoice_due < time()) {

invoices.php

@@ -1,125 +1,125 @@
 <?php
 
-  include("inc_all.php");
+include("inc_all.php");
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id"));
-  $sent_count = $row['num'];
+$sent_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id"));
-  $viewed_count = $row['num'];
+$viewed_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial' AND company_id = $session_company_id"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Partial' AND company_id = $session_company_id"));
-  $partial_count = $row['num'];
+$partial_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id"));
-  $draft_count = $row['num'];
+$draft_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id"));
-  $cancelled_count = $row['num'];
+$cancelled_count = $row['num'];
 
-  $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE() AND company_id = $session_company_id"));
+$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_due > CURDATE() AND company_id = $session_company_id"));
-  $overdue_count = $row['num'];
+$overdue_count = $row['num'];
 
-  $sql_total_draft = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id");
+$sql_total_draft = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_draft FROM invoices WHERE invoice_status = 'Draft' AND company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_draft);
+$row = mysqli_fetch_array($sql_total_draft);
-  $total_draft = $row['total_draft'];
+$total_draft = $row['total_draft'];
 
-  $sql_total_sent = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id");
+$sql_total_sent = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_sent FROM invoices WHERE invoice_status = 'Sent' AND company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_sent);
+$row = mysqli_fetch_array($sql_total_sent);
-  $total_sent = $row['total_sent'];
+$total_sent = $row['total_sent'];
 
-  $sql_total_viewed = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id");
+$sql_total_viewed = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_viewed FROM invoices WHERE invoice_status = 'Viewed' AND company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_viewed);
+$row = mysqli_fetch_array($sql_total_viewed);
-  $total_viewed = $row['total_viewed'];
+$total_viewed = $row['total_viewed'];
 
-  $sql_total_cancelled = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id");
+$sql_total_cancelled = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_cancelled FROM invoices WHERE invoice_status = 'Cancelled' AND company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_cancelled);
+$row = mysqli_fetch_array($sql_total_cancelled);
-  $total_cancelled = $row['total_cancelled'];
+$total_cancelled = $row['total_cancelled'];
 
-  $sql_total_partial = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoices.company_id = $session_company_id");
+$sql_total_partial = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoices.company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_partial);
+$row = mysqli_fetch_array($sql_total_partial);
-  $total_partial = $row['total_partial'];
+$total_partial = $row['total_partial'];
-  $total_partial_count = mysqli_num_rows($sql_total_partial);
+$total_partial_count = mysqli_num_rows($sql_total_partial);
 
-  $sql_total_overdue_partial = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
+$sql_total_overdue_partial = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_overdue_partial FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_status = 'Partial' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_overdue_partial);
+$row = mysqli_fetch_array($sql_total_overdue_partial);
-  $total_overdue_partial = $row['total_overdue_partial'];
+$total_overdue_partial = $row['total_overdue_partial'];
 
-  $sql_total_overdue = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
+$sql_total_overdue = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS total_overdue FROM invoices WHERE invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Paid' AND invoice_due < CURDATE() AND invoices.company_id = $session_company_id");
-  $row = mysqli_fetch_array($sql_total_overdue);
+$row = mysqli_fetch_array($sql_total_overdue);
-  $total_overdue = $row['total_overdue'];
+$total_overdue = $row['total_overdue'];
 
-  $real_overdue_amount = $total_overdue - $total_overdue_partial;
+$real_overdue_amount = $total_overdue - $total_overdue_partial;
 
 
-  if (!empty($_GET['sb'])) {
+if (!empty($_GET['sb'])) {
     $sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
-  }else{
+} else {
     $sb = "invoice_number";
-  }
+}
 
-  // Reverse default sort
+// Reverse default sort
-  if (!isset($_GET['o'])) {
+if (!isset($_GET['o'])) {
     $o = "DESC";
     $disp = "ASC";
-  }
+}
 
-  if (empty($_GET['canned_date'])) {
+if (empty($_GET['canned_date'])) {
     //Prevents lots of undefined variable errors.
     // $dtf and $dtt will be set by the below else to 0000-00-00 / 9999-00-00
     $_GET['canned_date'] = 'custom';
-  }
+}
 
-  //Invoice status from GET
+//Invoice status from GET
-  if (isset($_GET['status']) && ($_GET['status']) == 'Draft') {
+if (isset($_GET['status']) && ($_GET['status']) == 'Draft') {
     $status_query = 'Draft';
-  }elseif (isset($_GET['status']) && ($_GET['status']) == 'Sent') {
+} elseif (isset($_GET['status']) && ($_GET['status']) == 'Sent') {
     $status_query = 'Sent';
-  }elseif (isset($_GET['status']) && ($_GET['status']) == 'Viewed') {
+} elseif (isset($_GET['status']) && ($_GET['status']) == 'Viewed') {
     $status_query = 'Viewed';
-  }elseif (isset($_GET['status']) && ($_GET['status']) == 'Partial') {
+} elseif (isset($_GET['status']) && ($_GET['status']) == 'Partial') {
     $status_query = 'Partial';
-  }else{
+} else {
     $status_query = '%';
-  }
+}
 
-  //Date Filter
+//Date Filter
-  if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
+if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
     $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
     $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
-  }elseif ($_GET['canned_date'] == "today") {
+} elseif ($_GET['canned_date'] == "today") {
     $dtf = date('Y-m-d');
     $dtt = date('Y-m-d');
-  }elseif ($_GET['canned_date'] == "yesterday") {
+} elseif ($_GET['canned_date'] == "yesterday") {
     $dtf = date('Y-m-d',strtotime("yesterday"));
     $dtt = date('Y-m-d',strtotime("yesterday"));
-  }elseif ($_GET['canned_date'] == "thisweek") {
+} elseif ($_GET['canned_date'] == "thisweek") {
     $dtf = date('Y-m-d',strtotime("monday this week"));
     $dtt = date('Y-m-d');
-  }elseif ($_GET['canned_date'] == "lastweek") {
+} elseif ($_GET['canned_date'] == "lastweek") {
     $dtf = date('Y-m-d',strtotime("monday last week"));
     $dtt = date('Y-m-d',strtotime("sunday last week"));
-  }elseif ($_GET['canned_date'] == "thismonth") {
+} elseif ($_GET['canned_date'] == "thismonth") {
     $dtf = date('Y-m-01');
     $dtt = date('Y-m-d');
-  }elseif ($_GET['canned_date'] == "lastmonth") {
+} elseif ($_GET['canned_date'] == "lastmonth") {
     $dtf = date('Y-m-d',strtotime("first day of last month"));
     $dtt = date('Y-m-d',strtotime("last day of last month"));
-  }elseif ($_GET['canned_date'] == "thisyear") {
+} elseif ($_GET['canned_date'] == "thisyear") {
     $dtf = date('Y-01-01');
     $dtt = date('Y-m-d');
-  }elseif ($_GET['canned_date'] == "lastyear") {
+} elseif ($_GET['canned_date'] == "lastyear") {
     $dtf = date('Y-m-d',strtotime("first day of january last year"));
     $dtt = date('Y-m-d',strtotime("last day of december last year"));
-  }else{
+} else {
     $dtf = "0000-00-00";
     $dtt = "9999-00-00";
-  }
+}
 
-  //Rebuild URL
+//Rebuild URL
-  $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
+$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
 
-  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM invoices
+$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM invoices
     LEFT JOIN clients ON invoice_client_id = client_id
     LEFT JOIN categories ON invoice_category_id = category_id
     WHERE invoices.company_id = $session_company_id
@@ -128,7 +128,7 @@
     AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%') 
     ORDER BY $sb $o LIMIT $record_from, $record_to");
 
-  $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
 ?>
 
@@ -272,7 +272,7 @@
                     $invoice_scope = htmlentities($row['invoice_scope']);
                     if (empty($invoice_scope)) {
                         $invoice_scope_display = "-";
-            }else{
+                    } else {
                         $invoice_scope_display = $invoice_scope;
                     }
                     $invoice_status = htmlentities($row['invoice_status']);
@@ -295,21 +295,21 @@
 
                     if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ) {
                         $overdue_color = "text-danger font-weight-bold";
-            }else{
+                    } else {
                         $overdue_color = "";
                     }
 
                     if ($invoice_status == "Sent") {
                         $invoice_badge_color = "warning text-white";
-            }elseif ($invoice_status == "Viewed") {
+                    } elseif ($invoice_status == "Viewed") {
                         $invoice_badge_color = "info";
-            }elseif ($invoice_status == "Partial") {
+                    } elseif ($invoice_status == "Partial") {
                         $invoice_badge_color = "primary";
-            }elseif ($invoice_status == "Paid") {
+                    } elseif ($invoice_status == "Paid") {
                         $invoice_badge_color = "success";
-            }elseif ($invoice_status == "Cancelled") {
+                    } elseif ($invoice_status == "Cancelled") {
                         $invoice_badge_color = "danger";
-            }else{
+                    } else{
                         $invoice_badge_color = "secondary";
                     }
 
@@ -366,9 +366,9 @@
 
 <?php
 
-  include("invoice_add_modal.php");
+include("invoice_add_modal.php");
-  include("category_quick_add_modal.php");
+include("category_quick_add_modal.php");
 
-  include("footer.php");
+include("footer.php");
 
 ?>

portal/check_login.php

@@ -20,17 +20,28 @@ if (!$_SESSION['client_logged_in']) {
     die;
 }
 
-// SESSION FINGERPRINT
+// User IP & UA
 $session_ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
-
-// Get user agent
 $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
 
+
 // Get info from session
 $session_client_id = $_SESSION['client_id'];
 $session_contact_id = $_SESSION['contact_id'];
 $session_company_id = $_SESSION['company_id'];
 
+
+// Get company info from database
+$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = $session_company_id");
+$row = mysqli_fetch_array($sql);
+
+$session_company_name = $row['company_name'];
+$session_company_country = $row['company_country'];
+$session_company_locale = $row['company_locale'];
+$session_company_currency = $row['company_currency'];
+$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
+
+
 // Get contact info
 $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
 $contact = mysqli_fetch_array($contact_sql);
@@ -41,6 +52,17 @@ $session_contact_title = strip_tags(mysqli_real_escape_string($mysqli, $contact[
 $session_contact_email = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_email']));
 $session_contact_photo = $contact['contact_photo'];
 
+$session_contact_is_technical_contact = false;
+$session_contact_is_billing_contact = false;
+if ($contact['contact_technical'] == 1) {
+    $session_contact_is_technical_contact = true;
+}
+if ($contact['contact_billing'] == 1) {
+    $session_contact_is_billing_contact = true;
+}
+
+
+
 // Get client info
 $client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$session_client_id'");
 $client = mysqli_fetch_array($client_sql);

portal/invoices.php

@@ -4,21 +4,14 @@
  * Invoices for PTC
  */
 
-/*
-TODO:
-    - Allow accounting contacts to see this page
-    - Tidy styling and add currency codes
-    - Add links to see the invoice in full (similar to invoice guest view)
-*/
-
 require_once("inc_portal.php");
 
-if ($session_contact_id !== $session_client_primary_contact_id) {
+if ($session_contact_id !== $session_client_primary_contact_id && !$session_contact_is_billing_contact) {
     header("Location: portal_post.php?logout");
     exit();
 }
 
-$invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $session_client_id AND invoice_status = 'Paid' ORDER BY invoice_date DESC");
+$invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id = $session_client_id AND (invoice_status = 'Sent' OR invoice_status = 'Viewed' OR invoice_status = 'Paid') ORDER BY invoice_date DESC");
 ?>
 
     <div class="row">
@@ -53,8 +46,10 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
                 <tr>
                     <th>#</th>
                     <th>Scope</th>
-                    <th>Date</th>
                     <th>Amount</th>
+                    <th>Date</th>
+                    <th>Due</th>
+                    <th>Status</th>
                 </tr>
                 </thead>
                 <tbody>
@@ -65,15 +60,52 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
                     $invoice_prefix = htmlentities($row['invoice_prefix']);
                     $invoice_number = htmlentities($row['invoice_number']);
                     $invoice_scope = htmlentities($row['invoice_scope']);
+                    $invoice_status = htmlentities($row['invoice_status']);
                     $invoice_date = $row['invoice_date'];
+                    $invoice_due = $row['invoice_due'];
                     $invoice_amount = floatval($row['invoice_amount']);
+                    $invoice_url_key = htmlentities($row['invoice_url_key']);
+
+                    if (empty($invoice_scope)) {
+                        $invoice_scope_display = "-";
+                    } else {
+                        $invoice_scope_display = $invoice_scope;
+                    }
+
+                    $now = time();
+                    if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ) {
+                        $overdue_color = "text-danger font-weight-bold";
+                    } else {
+                        $overdue_color = "";
+                    }
+
+                    if ($invoice_status == "Sent") {
+                        $invoice_badge_color = "warning text-white";
+                    } elseif ($invoice_status == "Viewed") {
+                        $invoice_badge_color = "info";
+                    } elseif ($invoice_status == "Partial") {
+                        $invoice_badge_color = "primary";
+                    } elseif ($invoice_status == "Paid") {
+                        $invoice_badge_color = "success";
+                    } elseif ($invoice_status == "Cancelled") {
+                        $invoice_badge_color = "danger";
+                    } else{
+                        $invoice_badge_color = "secondary";
+                    }
                     ?>
 
                     <tr>
-                        <td><?php echo "$invoice_prefix$invoice_number"; ?></a></td>
+                        <td><a target="_blank" href="\\<?php echo $config_base_url ?>/guest_view_invoice.php?invoice_id=<?php echo "$invoice_id&url_key=$invoice_url_key"?>"> <?php echo "$invoice_prefix$invoice_number"; ?></a></td>
-                        <td><?php echo $invoice_scope; ?></td>
+                        <td><?php echo $invoice_scope_display; ?></td>
+                        <td><?php echo numfmt_format_currency($currency_format, $invoice_amount, $session_company_currency); ?></td>
                         <td><?php echo $invoice_date; ?></td>
-                        <td><?php echo $invoice_amount; ?></td>
+                        <td class="<?php echo $overdue_color; ?>"><?php echo $invoice_due; ?></td>
+                        <td>
+                            <span class="p-2 badge badge-<?php echo $invoice_badge_color; ?>">
+                                <?php echo $invoice_status; ?>
+                            </span>
+                        </td>
+
                     </tr>
                     <?php
                 }

portal/portal_functions.php

@@ -7,17 +7,17 @@
 /*
  * Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action
  */
-function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state) {
+function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
+{
 
     // Access the global variables
-    global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
+    global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_contact_is_technical_contact, $session_client_id;
 
     // Setup
     if ($expected_ticket_state == "Closed") {
         // Closed tickets
         $ticket_state_snippet = "ticket_status = 'Closed'";
-    }
+    } else {
-    else {
         // Open (working/hold) tickets
         $ticket_state_snippet = "ticket_status != 'Closed'";
     }
@@ -27,12 +27,12 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
     $row = mysqli_fetch_array($sql);
     $ticket_id = $row['ticket_id'];
 
-    if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
+    if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact)) {
-        // Client is ticket owner, or primary contact
+        // Client is ticket owner, primary contact, or a technical contact
-        return TRUE;
+        return true;
     }
 
-    // Client is NOT ticket owner or primary contact
+    // Client is NOT ticket owner or primary/tech contact
-    return FALSE;
+    return false;
 
 }

portal/portal_header.php

@@ -43,7 +43,7 @@
                     <li class="nav-item">
                         <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "tickets.php" || basename($_SERVER['PHP_SELF']) == "ticket_add.php" || basename($_SERVER['PHP_SELF']) == "ticket.php") {echo "active";} ?>" href="tickets.php">Tickets</a>
                     </li>
-                <?php if ($session_contact_id == $session_client_primary_contact_id) { ?>
+                <?php if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_billing_contact) { ?>
                     <li class="nav-item">
                         <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "invoices.php") {echo "active";} ?>" href="invoices.php">Invoices</a>
                     </li>

portal/profile.php

@@ -4,16 +4,21 @@
  * User profile
  */
 
-require('inc_portal.php');
+require_once('inc_portal.php');
 ?>
 
-<h2>Profile</h2>
+    <h2>Profile</h2>
 
-<p>Name: <?php echo $session_contact_name ?></p>
+    <p>Name: <?php echo $session_contact_name ?></p>
-<p>Email: <?php echo $session_contact_email ?></p>
+    <p>Email: <?php echo $session_contact_email ?></p>
-<p>Client: <?php echo $session_client_name ?></p>
+    <p>Client: <?php echo $session_client_name ?></p>
-<p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
+    <br>
-<p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
+    <p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
+    <p>Client Technical Contact: <?php if ($session_contact_is_technical_contact) {echo "Yes"; } else {echo "No";} ?></p>
+    <p>Client Billing Contact: <?php if ($session_contact_is_billing_contact == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
+
+
+    <p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
 
 
     <!--  // Show option to change password if auth provider is local -->
@@ -34,7 +39,6 @@ require('inc_portal.php');
             <button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
         </form>
     </div>
-
 <?php endif ?>
 
 <?php

portal/ticket.php

@@ -9,7 +9,7 @@ require_once("inc_portal.php");
 if (isset($_GET['id']) && intval($_GET['id'])) {
     $ticket_id = intval($_GET['id']);
 
-    if ($session_contact_id == $session_client_primary_contact_id) {
+    if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact) {
         $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
     } else {
         $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
@@ -44,12 +44,9 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
                 <h4 class="mt-1">
                     Ticket <?php echo $ticket_prefix, $ticket_number ?>
                     <?php
-                    if ($ticket_status !== "Closed") {
+                    if ($ticket_status !== "Closed") { ?>
-                    ?>
                         <a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-sm btn-outline-success float-right text-white"><i class="fas fa-fw fa-check text-success"></i> Close ticket</a>
-                    <?php
+                    <?php } ?>
-                    }
-                    ?>
                 </h4>
             </div>
 
@@ -61,7 +58,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
                     <br>
                     <strong>Priority:</strong> <?php echo $ticket_priority ?>
                 </p>
-                <strong>Issue:</strong> <?php echo $ticket_details ?>
+                <?php echo $ticket_details ?>
             </div>
         </div>
 

portal/ticket_add.php

@@ -4,10 +4,10 @@
  * New ticket form
  */
 
-require('inc_portal.php');
+require_once('inc_portal.php');
 ?>
 
-<ol class="breadcrumb d-print-none">
+    <ol class="breadcrumb d-print-none">
         <li class="breadcrumb-item">
             <a href="index.php">Home</a>
         </li>
@@ -15,11 +15,11 @@ require('inc_portal.php');
             <a href="tickets.php">Tickets</a>
         </li>
         <li class="breadcrumb-item active">New Ticket</li>
-</ol>
+    </ol>
 
-<h2>Raise a new ticket</h2>
+    <h2>Raise a new ticket</h2>
 
-<div class="col-md-8">
+    <div class="col-md-8">
         <form action="portal_post.php" method="post">
 
             <div class="form-group">
@@ -54,7 +54,7 @@ require('inc_portal.php');
             <button class="btn btn-primary" name="add_ticket">Raise ticket</button>
 
         </form>
-</div>
+    </div>
 
 <?php
 require_once('portal_footer.php');

portal/ticket_view_all.php

@@ -6,7 +6,7 @@
 
 require_once('inc_portal.php');
 
-if ($session_contact_id !== $session_client_primary_contact_id) {
+if ($session_contact_id !== $session_client_primary_contact_id && !$session_contact_is_technical_contact) {
     header("Location: portal_post.php?logout");
     exit();
 }

portal/tickets.php

@@ -117,7 +117,7 @@ $total_tickets = $row['total_tickets'];
 
         <a href="?status=%" class="btn btn-secondary btn-block p-3 mb-3 text-left">All my tickets | <strong><?php echo $total_tickets ?></strong></a>
         <?php
-        if ($session_contact_id == $session_client_primary_contact_id) {
+        if ($session_contact_id == $session_client_primary_contact_id || $session_contact_is_technical_contact) {
         ?>
 
         <hr>

post.php

@@ -4597,14 +4597,14 @@ if(isset($_POST['edit_contact'])){
     mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_auth_method = '$auth_method', contact_department = '$department', contact_location_id = $location_id WHERE contact_id = $contact_id AND company_id = $session_company_id");
 
     // Update Primary contact in clients if primary contact is checked
-    if($primary_contact > 0){
+    if ($primary_contact > 0){
         mysqli_query($mysqli,"UPDATE clients SET primary_contact = $contact_id WHERE client_id = $client_id");
     }
 
     // Set password
     if(!empty($_POST['contact_password'])){
       $password_hash = mysqli_real_escape_string($mysqli,password_hash($_POST['contact_password'], PASSWORD_DEFAULT));
-      mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_client_id = '$client_id'");
+      mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$contact_id' AND contact_client_id = '$client_id'");
     }
 
     // Send contact a welcome e-mail, if specified