Do not allow client portal logins with Contact users of a client that is archived

2026-03-21 21:15:38 +00:00 · 2025-07-03 14:18:14 -04:00
parent 873dc1f76d
commit 8753655c9c
2 changed files with 2 additions and 2 deletions
--- a/client/login.php
+++ b/client/login.php
@@ -57,7 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
    } else {
-        $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
+        $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id LEFT JOIN clients ON contact_client_id = client_id WHERE user_email = '$email' AND client_archived_at IS NULL AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
        $row = mysqli_fetch_array($sql);
        $client_id = intval($row['contact_client_id']);
        $user_id = intval($row['user_id']);
--- a/client/login_microsoft.php
+++ b/client/login_microsoft.php
@@ -100,7 +100,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
            $upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
-            $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$upn' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
+            $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id LEFT JOIN contact_client_id = client_id WHERE user_email = '$upn' AND user_archived_at IS NULL AND client_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
            $row = mysqli_fetch_array($sql);
            $client_id = intval($row['contact_client_id']);
            $user_id = intval($row['user_id']);