From 8753655c9ceeba9399d6b03cb63e1e59410f29ae Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Thu, 3 Jul 2025 14:18:14 -0400
Subject: [PATCH] Do not allow client portal logins with  Contact users of a
 client that is archived

---
 client/login.php           | 2 +-
 client/login_microsoft.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/login.php b/client/login.php
index e69c6234..09f15a16 100644
--- a/client/login.php
+++ b/client/login.php
@@ -57,7 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
 
     } else {
 
-        $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
+        $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id LEFT JOIN clients ON contact_client_id = client_id WHERE user_email = '$email' AND client_archived_at IS NULL AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
         $row = mysqli_fetch_array($sql);
         $client_id = intval($row['contact_client_id']);
         $user_id = intval($row['user_id']);
diff --git a/client/login_microsoft.php b/client/login_microsoft.php
index 4c8eae65..c182a16d 100644
--- a/client/login_microsoft.php
+++ b/client/login_microsoft.php
@@ -100,7 +100,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
 
             $upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
 
-            $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$upn' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
+            $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id LEFT JOIN contact_client_id = client_id WHERE user_email = '$upn' AND user_archived_at IS NULL AND client_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
             $row = mysqli_fetch_array($sql);
             $client_id = intval($row['contact_client_id']);
             $user_id = intval($row['user_id']);