Always set a random password for new portal users. This isn't an issue at the moment as we don't allow logins with empty passwords but better to be safe.

2026-02-28 02:44:53 +00:00 · 2022-10-01 19:32:40 +01:00
parent 9701aa35db
commit 851ca7fae5
2 changed files with 4 additions and 2 deletions
--- a/post.php
+++ b/post.php
@@ -3913,17 +3913,18 @@ if(isset($_POST['add_contact'])){
    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
    $location_id = intval($_POST['location']);
    $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['auth_method'])));
+    $password = password_hash(keygen(), PASSWORD_DEFAULT);


  if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
        mkdir("uploads/clients/$session_company_id/$client_id");
    }

-    mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $session_company_id");
+    mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_password_hash = '$password', contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $session_company_id");

    $contact_id = mysqli_insert_id($mysqli);

-    //Update Primay contact in clients if primary contact is checked
+    //Update Primary contact in clients if primary contact is checked
    if($primary_contact > 0){   
        mysqli_query($mysqli,"UPDATE clients SET primary_contact = $contact_id WHERE client_id = $client_id");
    }