diff --git a/README.md b/README.md
index d5c52ebe..2985a484 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@
     <br />
     <a href="https://demo.itflow.org"><strong>View demo</strong></a>
     <br />
-    Username: <b>demo@demo</b> | Password: <b>demo</b>
+    Username: <b>demo@demo.com</b> | Password: <b>demo</b>
     <br />
     <br />
     <a href="https://itflow.org/#about">About</a>
diff --git a/admin/database_updates.php b/admin/database_updates.php
index ee595709..b753cf0d 100644
--- a/admin/database_updates.php
+++ b/admin/database_updates.php
@@ -4134,10 +4134,30 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.8'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '2.3.8') {
-    //     // Insert queries here required to update to DB version 2.3.9
+     if (CURRENT_DATABASE_VERSION == '2.3.8') {
+
+         mysqli_query($mysqli, "
+            CREATE TABLE `task_approvals` (
+              `approval_id` int(11) NOT NULL AUTO_INCREMENT,
+              `approval_scope` enum('client','internal') NOT NULL,
+              `approval_type` enum('any','technical','billing','specific') NOT NULL,
+              `approval_required_user_id` int(11) DEFAULT NULL,
+              `approval_status` enum('pending','approved','declined') NOT NULL,
+              `approval_created_by` int(11) NOT NULL,
+              `approval_approved_by` varchar(255) DEFAULT NULL,
+              `approval_url_key` varchar(200) NOT NULL,
+              `approval_task_id` int(11) NOT NULL,
+              PRIMARY KEY (`approval_id`)
+            ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+        ");
+
+         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.9'");
+     }
+
+    // if (CURRENT_DATABASE_VERSION == '2.3.9') {
+    //     // Insert queries here required to update to DB version 2.4.0
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.9'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.0'");
     // }
 
 } else {
diff --git a/agent/ajax.php b/agent/ajax.php
index 1fae441c..ea0f7064 100644
--- a/agent/ajax.php
+++ b/agent/ajax.php
@@ -992,3 +992,23 @@ if (isset($_GET['apex_domain_check'])) {
 
     echo json_encode($response);
 }
+
+// Get internal users/techs
+if (isset($_GET['get_internal_users'])) {
+    enforceUserPermission('module_support');
+
+    $sql = mysqli_query(
+        $mysqli,
+        "SELECT user_id, user_name
+         FROM users
+         WHERE user_type = 1 AND user_status = 1 AND user_archived_at IS NULL
+         ORDER BY user_name"
+    );
+
+    while ($row = mysqli_fetch_assoc($sql)) {
+        $response['users'][] = $row;
+    }
+
+    echo json_encode($response);
+    exit;
+}
diff --git a/agent/modals/ticket/ticket_task_approver_add.php b/agent/modals/ticket/ticket_task_approver_add.php
new file mode 100644
index 00000000..03064481
--- /dev/null
+++ b/agent/modals/ticket/ticket_task_approver_add.php
@@ -0,0 +1,140 @@
+<?php
+
+require_once '../../../includes/modal_header.php';
+
+$task_id = intval($_GET['id']);
+
+$sql = mysqli_query($mysqli, "SELECT * FROM tasks
+    WHERE task_id = $task_id
+    LIMIT 1"
+);
+
+$row = mysqli_fetch_array($sql);
+$task_name = nullable_htmlentities($row['task_name']);
+
+// Generate the HTML form content using output buffering.
+ob_start();
+
+?>
+
+    <div class="modal-header bg-dark">
+        <h5 class="modal-title"><i class="fa fa-fw fa-shield-alt mr-2"></i>New approver for task <?=$task_name?></h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+            <span>&times;</span>
+        </button>
+    </div>
+    <form action="post.php" method="post" autocomplete="off">
+        <input type="hidden" name="task_id" value="<?php echo $task_id; ?>">
+        <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+
+        <div class="modal-body">
+
+            <div class="form-group">
+                <label>Approval scope <strong class="text-danger">*</strong></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-layer-group"></i></span>
+                    </div>
+                    <select class="form-control" name="approval_scope" id="approval_scope" required>
+                        <option value="">Select scope...</option>
+                        <option value="internal">Internal</option>
+                        <option value="client">Client</option>
+                    </select>
+                </div>
+            </div>
+
+
+            <div class="form-group d-none" id="approval_type_wrapper">
+                <label>Who can approve? <strong class="text-danger">*</strong></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-user-check"></i></span>
+                    </div>
+                    <select class="form-control" name="approval_type" id="approval_type" required>
+                        <!-- JS -->
+                    </select>
+                </div>
+            </div>
+
+
+            <div class="form-group d-none" id="specific_user_wrapper">
+                <label>Select specific internal approver <strong class="text-danger">*</strong></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-user-circle"></i></span>
+                    </div>
+                    <select class="form-control select2" name="approval_required_user_id" id="specific_user_select">
+                        <option value="">Select user...</option>
+                    </select>
+                </div>
+            </div>
+
+
+        </div>
+
+        <div class="modal-footer">
+            <button type="submit" name="add_ticket_task_approver" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+            <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+        </div>
+
+    </form>
+
+
+<!-- JS to make the correct boxes appear depending on if internal/client approval) -->
+<script>
+    $('#approval_scope').on('change', function() {
+        const scope = $(this).val();
+        const typeSelect = $('#approval_type');
+        const wrapper = $('#approval_type_wrapper');
+
+        typeSelect.empty();
+        $('#specific_user_wrapper').addClass('d-none');
+
+        if (!scope) {
+            wrapper.addClass('d-none');
+            return;
+        }
+
+        wrapper.removeClass('d-none');
+
+        if (scope === 'internal') {
+            typeSelect.append('<option value="">Select...</option>');
+            typeSelect.append('<option value="any">Any internal reviewer</option>');
+            typeSelect.append('<option value="specific">Specific agent</option>');
+        }
+
+        if (scope === 'client') {
+            typeSelect.append('<option value="">Select...</option>');
+            typeSelect.append('<option value="any">Ticket contact</option>');
+            typeSelect.append('<option value="technical">Technical contacts</option>');
+            typeSelect.append('<option value="billing">Billing contacts</option>');
+        }
+    });
+
+    // Specific user (internal only for now)
+    $('#approval_type').on('change', function() {
+        const type = $(this).val();
+        const scope = $('#approval_scope').val();
+        const userSelect = $('#specific_user_select');
+
+        if (type !== 'specific' || scope !== 'internal') {
+            $('#specific_user_wrapper').addClass('d-none');
+            return;
+        }
+
+        $('#specific_user_wrapper').removeClass('d-none');
+        userSelect.empty().append('<option value="">Loading...</option>');
+
+        $.getJSON('ajax.php?get_internal_users=true', function(data) {
+            userSelect.empty().append('<option value="">Select user...</option>');
+            data.users.forEach(function(u) {
+                userSelect.append(`<option value="${u.user_id}">${u.user_name}</option>`);
+            });
+        });
+    });
+
+</script>
+
+<?php
+
+require_once '../../../includes/modal_footer.php';
diff --git a/agent/modals/ticket/ticket_task_edit.php b/agent/modals/ticket/ticket_task_edit.php
index cb630833..7dab0417 100644
--- a/agent/modals/ticket/ticket_task_edit.php
+++ b/agent/modals/ticket/ticket_task_edit.php
@@ -14,6 +14,14 @@ $task_name = nullable_htmlentities($row['task_name']);
 $task_completion_estimate = intval($row['task_completion_estimate']);
 $task_completed_at = nullable_htmlentities($row['task_completed_at']);
 
+// Approvals
+$sql_task_approvals = mysqli_query($mysqli, "
+    SELECT user_name, approval_id, approval_scope, approval_type, approval_required_user_id, approval_status, approval_created_by, approval_approved_by FROM task_approvals
+    LEFT JOIN users ON user_id = approval_required_user_id
+    WHERE approval_task_id = $task_id
+    ORDER BY approval_approved_by"
+);
+
 // Generate the HTML form content using output buffering.
 ob_start();
 
@@ -27,7 +35,7 @@ ob_start();
 </div>
 <form action="post.php" method="post" autocomplete="off">
     <input type="hidden" name="task_id" value="<?php echo $task_id; ?>">
-    
+
     <div class="modal-body">
 
         <div class="form-group">
@@ -49,7 +57,53 @@ ob_start();
                 <input type="number" class="form-control" name="completion_estimate" placeholder="Estimated time to complete task in mins" value="<?php echo $task_completion_estimate; ?>">
             </div>
         </div>
-    
+
+        <?php if (mysqli_num_rows($sql_task_approvals) > 0) { ?>
+            <hr>
+            <div class="form-group">
+                <b>Task Approvals</b>
+
+                <table class="table table-sm table-bordered" style="margin-top:10px;">
+                    <thead>
+                    <tr>
+                        <th>Scope</th>
+                        <th>Type</th>
+                        <th>Status</th>
+                        <th>Action</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php while ($row = mysqli_fetch_array($sql_task_approvals)) {
+                        $approval_id = intval($row['approval_id']);
+                        $approval_scope = nullable_htmlentities($row['approval_scope']);
+                        $approval_type = nullable_htmlentities($row['approval_type']);
+                        $approval_user_name = nullable_htmlentities($row['user_name']);
+                        $approval_status = nullable_htmlentities($row['approval_status']);
+                        $approval_created_by = intval($row['approval_created_by']);
+                        $approval_approved_by = nullable_htmlentities($row['approval_approved_by']);
+                        ?>
+                        <tr>
+                            <td><?= ucfirst($approval_scope) ?></td>
+                            <td><?= ucfirst($approval_type) ?> <?php if (!empty($approval_user_name)) { echo " - $approval_user_name"; } ?></td>
+                            <td><?= ucfirst($approval_status) ?></td>
+                            <td>
+                                <?php if ($approval_status !== 'approved') { ?>
+                                    <a class="text-danger"
+                                       onclick="return confirm('Delete this approval request?');"
+                                       href="post.php?delete_ticket_task_approver=<?= $approval_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
+                                        <i class="fas fa-fw fa-trash-alt"></i>Delete
+                                    </a>
+                                    <!-- confirm-link won't work -->
+                                <?php } ?>
+                            </td>
+                        </tr>
+                    <?php } ?>
+                    </tbody>
+                </table>
+
+            </div>
+        <?php } ?>
+
     </div>
 
     <div class="modal-footer">
diff --git a/agent/post/invoice.php b/agent/post/invoice.php
index 824da9c1..b0283e32 100644
--- a/agent/post/invoice.php
+++ b/agent/post/invoice.php
@@ -570,15 +570,13 @@ if (isset($_GET['email_invoice'])) {
     }
 
     // Queue Mail
-    $data = [
-        [
+    $data[] = [
             'from' => $config_invoice_from_email,
             'from_name' => $config_invoice_from_name,
             'recipient' => $contact_email,
             'recipient_name' => $contact_name,
             'subject' => $subject,
             'body' => $body
-        ]
     ];
 
     addToMailQueue($data);
@@ -613,15 +611,13 @@ if (isset($_GET['email_invoice'])) {
         $billing_contact_name = sanitizeInput($billing_contact['contact_name']);
         $billing_contact_email = sanitizeInput($billing_contact['contact_email']);
 
-        $data = [
-            [
+        $data[] = [
                 'from' => $config_invoice_from_email,
                 'from_name' => $config_invoice_from_name,
                 'recipient' => $billing_contact_email,
                 'recipient_name' => $billing_contact_name,
                 'subject' => $subject,
                 'body' => $body
-            ]
         ];
 
         logAction("Invoice", "Email", "$session_name Emailed $billing_contact_email Invoice $invoice_prefix$invoice_number Email queued Email ID: $email_id", $client_id, $invoice_id);
diff --git a/agent/post/task.php b/agent/post/task.php
index 044d9a00..f59a955d 100644
--- a/agent/post/task.php
+++ b/agent/post/task.php
@@ -155,6 +155,247 @@ if (isset($_GET['undo_complete_task'])) {
 
 }
 
+if (isset($_POST['add_ticket_task_approver'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+    enforceUserPermission('module_support', 2);
+
+    $task_id = intval($_POST['task_id']);
+    $scope = sanitizeInput($_POST['approval_scope']);
+    $type = sanitizeInput($_POST['approval_type']);
+    $approval_url_key = randomString(32);
+
+    $required_user_id = "NULL";
+    if ($type == 'specific') {
+        $required_user_id = intval($_POST['approval_required_user_id']);
+    }
+
+    mysqli_query($mysqli, "INSERT INTO task_approvals SET approval_scope = '$scope', approval_type = '$type', approval_required_user_id = $required_user_id, approval_status = 'pending', approval_created_by = $session_user_id, approval_url_key = '$approval_url_key', approval_task_id = $task_id");
+
+    $approval_id = mysqli_insert_id($mysqli);
+
+    // Task/Ticket Info
+    $tt_row = mysqli_fetch_array(mysqli_query($mysqli, "
+        SELECT * FROM tasks
+        LEFT JOIN tickets ON ticket_id = task_ticket_id
+        LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+        WHERE task_id = $task_id LIMIT 1
+        ")
+    );
+    $task_name = sanitizeInput($tt_row['task_name']);
+    $ticket_id = intval($tt_row['task_ticket_id']);
+    $ticket_prefix = sanitizeInput($tt_row['ticket_prefix']);
+    $ticket_number = intval($tt_row['ticket_number']);
+    $ticket_subject = sanitizeInput($tt_row['ticket_subject']);
+    $ticket_status = sanitizeInput($tt_row['ticket_status_name']);
+    $ticket_url_key = sanitizeInput($tt_row['ticket_url_key']);
+    $ticket_contact_id = intval($tt_row['ticket_contact_id']);
+    $client_id = intval($tt_row['ticket_client_id']);
+
+    // --Notifications--
+
+    // Sanitize Config vars from get_settings.php
+    $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+    $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+    $config_base_url = sanitizeInput($config_base_url);
+
+    // Get Company Info
+    $crow = mysqli_fetch_array(mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"));
+    $company_name = sanitizeInput($crow['company_name']);
+    $company_phone = sanitizeInput(formatPhoneNumber($crow['company_phone'], $crow['company_phone_country_code']));
+
+    // Email contents
+    $subject = "Ticket task approval required - [$ticket_prefix$ticket_number] - $ticket_subject";
+    $body = "<i style=\'color: #808080\'>##- Please type your reply above this line -##</i><br><br>Hello,<br><br>A ticket regarding $ticket_subject has a task requiring your approval:- <br>Task name: $task_name<br>Scope/Type: $scope - $type <br><br>To approve this task, please click <a href=\'https://$config_base_url/guest/guest_approve_ticket_task.php?task_approval_id=$approval_id&url_key=$approval_url_key\'>here</a>.<br>If you require further information, please reply to this e-mail.<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: $ticket_status<br>Portal: <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$ticket_url_key\'>View ticket</a><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
+
+    if ($scope == 'internal' && $type == 'specific' && $session_user_id !== $required_user_id) {
+        mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name needs your approval for ticket $ticket_prefix$ticket_number task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = 0, notification_user_id = $required_user_id");
+
+        if (!empty($config_smtp_host)) {
+            $agent_contact = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $required_user_id AND user_archived_at IS NULL"));
+            $name = sanitizeInput($agent_contact['user_name']);
+            $email = sanitizeInput($agent_contact['user_email']);
+
+            // Only add contact to email queue if email is valid
+            if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
+                $data[] = [
+                    'from' => $config_ticket_from_email,
+                    'from_name' => $config_ticket_from_name,
+                    'recipient' => $email,
+                    'recipient_name' => $name,
+                    'subject' => $subject,
+                    'body' => $body
+                ];
+
+                addToMailQueue($data);
+            }
+
+        }
+    }
+
+    if (!empty($config_smtp_host) && $scope == 'client' && $type == 'any') {
+
+        $contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $ticket_contact_id LIMIT 1"));
+        $contact_name = sanitizeInput($contact_row['contact_name']);
+        $contact_email = sanitizeInput($contact_row['contact_email']);
+
+        $data = [];
+
+        if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
+            $data[] = [
+                'from' => $config_ticket_from_email,
+                'from_name' => $config_ticket_from_name,
+                'recipient' => $contact_email,
+                'recipient_name' => $contact_name,
+                'subject' => $subject,
+                'body' => $body
+            ];
+            addToMailQueue($data);
+        }
+
+    }
+
+    if (!empty($config_smtp_host) && $scope == 'client' && $type == 'technical') {
+
+        $sql_technical_contacts = mysqli_query(
+            $mysqli,
+            "SELECT contact_name, contact_email FROM contacts
+            WHERE contact_technical = 1
+            AND contact_email != ''
+            AND contact_client_id = $client_id"
+        );
+
+        $data = [];
+
+        while ($technical_contact = mysqli_fetch_array($sql_technical_contacts)) {
+            $technical_contact_name = sanitizeInput($technical_contact['contact_name']);
+            $technical_contact_email = sanitizeInput($technical_contact['contact_email']);
+
+            if (filter_var($technical_contact_email, FILTER_VALIDATE_EMAIL)) {
+                $data[] = [
+                    'from' => $config_ticket_from_email,
+                    'from_name' => $config_ticket_from_name,
+                    'recipient' => $technical_contact_email,
+                    'recipient_name' => $technical_contact_name,
+                    'subject' => $subject,
+                    'body' => $body
+                ];
+            }
+
+        }
+
+        addToMailQueue($data);
+
+    }
+
+    if (!empty($config_smtp_host) && $scope == 'client' && $type == 'billing') {
+
+        $sql_billing_contacts = mysqli_query(
+            $mysqli,
+            "SELECT contact_name, contact_email FROM contacts
+            WHERE contact_billing = 1
+            AND contact_email != ''
+            AND contact_client_id = $client_id"
+        );
+
+        $data = [];
+
+        while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) {
+            $billing_contact_name = sanitizeInput($billing_contact['contact_name']);
+            $billing_contact_email = sanitizeInput($billing_contact['contact_email']);
+
+            if (filter_var($billing_contact_email, FILTER_VALIDATE_EMAIL)) {
+                $data[] = [
+                        'from' => $config_ticket_from_email,
+                        'from_name' => $config_ticket_from_name,
+                        'recipient' => $billing_contact_email,
+                        'recipient_name' => $billing_contact_name,
+                        'subject' => $subject,
+                        'body' => $body
+                ];
+            }
+
+        }
+
+        addToMailQueue($data);
+
+    }
+
+    // Logging
+    logAction("Task", "Edit", "$session_name added task approver for $task_name", $client_id, $task_id);
+
+    flash_alert("Added approver");
+    redirect();
+}
+
+if (isset($_GET['approve_ticket_task'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+    enforceUserPermission('module_support', 2);
+
+    $task_id = intval($_GET['approve_task']);
+    $approval_id = intval($_GET['approval_id']);
+
+    $approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'"));
+
+    $task_name = nullable_htmlentities($approval_row['task_name']);
+    $scope = nullable_htmlentities($approval_row['approval_scope']);
+    $type = nullable_htmlentities($approval_row['approval_type']);
+    $required_user = intval($approval_row['approval_required_user_id']);
+    $created_by = intval($approval_row['approval_created_by']);
+    $ticket_id = intval($approval_row['task_ticket_id']);
+
+    if (!$approval_row) {
+        flash_alert("Cannot find/approve that task", 'error');
+        redirect();
+        exit;
+    }
+
+    // Validate approver (deny)
+    if ($required_user > 0 && $required_user !== $session_user_id) {
+        flash_alert("You cannot approve that task", 'error');
+        redirect();
+        exit;
+    }
+    if ($required_user == 0 && $type == 'any' && $created_by == $session_user_id) {
+        flash_alert("You cannot approve your own task", 'error');
+        redirect();
+        exit;
+    }
+
+    // Approve
+    mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $session_user_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'");
+
+    // Notify
+    mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = 0, notification_user_id = $created_by");
+    // TODO: Email agent
+
+    // Logging
+    logAction("Task", "Edit", "$session_name approved task $task_name (approval $approval_id)", 0, $task_id);
+
+    flash_alert("Approved");
+    redirect();
+
+}
+
+if (isset($_GET['delete_ticket_task_approver'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    enforceUserPermission('module_support', 3);
+
+    $approval_id = intval($_GET['delete_ticket_task_approver']);
+
+    mysqli_query($mysqli, "DELETE FROM task_approvals WHERE approval_id = $approval_id");
+
+    logAction("Task", "Delete", "$session_name deleted task approval request ($approval_id)", 0, 0);
+
+    flash_alert("Approval request deleted", 'error');
+
+    redirect();
+
+}
+
 if (isset($_GET['complete_all_tasks'])) {
 
     enforceUserPermission('module_support', 2);
diff --git a/agent/ticket.php b/agent/ticket.php
index 266f01db..92ee92f5 100644
--- a/agent/ticket.php
+++ b/agent/ticket.php
@@ -961,23 +961,82 @@ if (isset($_GET['ticket_id'])) {
 
                             <table class="table table-sm" id="tasks">
                                 <?php
-                                while($row = mysqli_fetch_array($sql_tasks)){
+                                while ($row = mysqli_fetch_array($sql_tasks)) {
                                     $task_id = intval($row['task_id']);
                                     $task_name = nullable_htmlentities($row['task_name']);
                                     //$task_description = nullable_htmlentities($row['task_description']); // not in db yet
                                     $task_completion_estimate = intval($row['task_completion_estimate']);
                                     $task_completed_at = nullable_htmlentities($row['task_completed_at']);
+
+                                    // Check for approvals
+                                    $task_needs_approval = false;
+                                    $task_needs_approval = mysqli_num_rows(mysqli_query(
+                                            $mysqli,
+                                            "SELECT 1 FROM task_approvals
+                                                 WHERE approval_task_id = $task_id
+                                                   AND approval_status IN ('pending','declined')
+                                                 LIMIT 1"
+                                        )) > 0;
+
+                                    $approval_id = 0;
+                                    $user_can_approve = false;
+                                    $approval_rows = mysqli_query($mysqli, "
+                                        SELECT approval_id, approval_scope, approval_type, approval_required_user_id, approval_created_by
+                                        FROM task_approvals WHERE approval_task_id = $task_id AND approval_status = 'pending'
+                                    ");
+
+                                    while ($approval = mysqli_fetch_array($approval_rows)) {
+
+                                        $scope = nullable_htmlentities($approval['approval_scope']);
+                                        $type = nullable_htmlentities($approval['approval_type']);
+                                        $required_user = intval($approval['approval_required_user_id']);
+                                        $created_by = intval($approval['approval_created_by']);
+
+                                        // Named, specific user?
+                                        if ($scope == 'internal' && $type == 'specific' && $required_user == $session_user_id) {
+                                            $user_can_approve = true;
+                                            $approval_id = intval($approval['approval_id']);
+                                            continue;
+                                        }
+
+                                        // Any internal user, but the one who created the task
+                                        if ($scope == 'internal' && $type == 'any' && $created_by !== $session_user_id) {
+                                            $user_can_approve = true;
+                                            $approval_id = intval($approval['approval_id']);
+                                            continue;
+                                        }
+
+                                    }
+
                                     ?>
                                     <tr data-task-id="<?= $task_id ?>">
                                         <td>
                                             <?php if ($task_completed_at) { ?>
                                                 <i class="far fa-check-square text-success"></i>
                                             <?php } elseif (lookupUserPermission("module_support") >= 2) { ?>
-                                                <a href="post.php?complete_task=<?php echo $task_id; ?>">
-                                                    <i class="far fa-square text-dark"></i>
-                                                </a>
+
+                                                <?php if ($task_needs_approval) { ?>
+                                                    <i class="fas fa-shield-alt text-warning"
+                                                       data-toggle="tooltip"
+                                                       data-placement="top"
+                                                       title="Approval required"></i>
+
+                                                    <?php if ($user_can_approve) { ?>
+                                                        <a class="confirm-link" href="post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
+                                                            <i class="fas fa-thumbs-up text-green"></i>
+                                                        </a>
+                                                    <?php } ?>
+
+                                                    <span class="text-dark ml-2"><?= $task_name ?></span>
+
+                                                <?php } else { ?>
+                                                    <a href="post.php?complete_task=<?php echo $task_id; ?>">
+                                                        <i class="far fa-square text-dark"></i>
+                                                    </a>
+                                                    <span class="text-dark ml-2"><?php echo $task_name; ?></span>
+                                                <?php } ?>
+
                                             <?php } ?>
-                                            <span class="text-dark ml-2"><?php echo $task_name; ?></span>
                                         </td>
                                         <td>
                                             <div class="float-right">
@@ -997,6 +1056,12 @@ if (isset($_GET['ticket_id'])) {
                                                                    data-modal-url="modals/ticket/ticket_task_edit.php?id=<?= $task_id ?>">
                                                                     <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                                                 </a>
+                                                                <?php if (!$task_completed_at) { ?>
+                                                                    <a class="dropdown-item ajax-modal" href="#"
+                                                                       data-modal-url="modals/ticket/ticket_task_approver_add.php?id=<?= $task_id ?>">
+                                                                        <i class="fas fa-fw fa-shield-alt mr-2"></i>Add Approvers
+                                                                    </a>
+                                                                <?php } ?>
                                                                 <?php if ($task_completed_at) { ?>
                                                                     <a class="dropdown-item" href="post.php?undo_complete_task=<?php echo $task_id; ?>">
                                                                         <i class="fas fa-fw fa-arrow-circle-left mr-2"></i>Mark incomplete
diff --git a/client/post.php b/client/post.php
index 39a6a7d2..1a315915 100644
--- a/client/post.php
+++ b/client/post.php
@@ -185,6 +185,43 @@ if (isset($_POST['add_ticket_comment'])) {
     }
 }
 
+if (isset($_GET['approve_ticket_task'])) {
+
+    $task_id = intval($_GET['approve_ticket_task']);
+    $approval_id = intval($_GET['approval_id']);
+    $url_key = sanitizeInput($_GET['approval_url_key']);
+
+    $approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending' AND approval_scope = 'client'"));
+
+    $task_name = nullable_htmlentities($approval_row['task_name']);
+    $scope = nullable_htmlentities($approval_row['approval_scope']);
+    $type = nullable_htmlentities($approval_row['approval_type']);
+    $required_user = intval($approval_row['approval_required_user_id']);
+    $created_by = intval($approval_row['approval_created_by']);
+    $ticket_id = intval($approval_row['task_ticket_id']);
+
+    if (!$approval_row) {
+        flash_alert("Cannot find/approve that task", 'warning');
+        redirect();
+        exit;
+    }
+
+    // Approve
+    mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $session_user_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending' AND approval_scope = 'client'");
+
+
+    // Notify tech
+    mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_contact_email approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = $session_client_id, notification_user_id = $created_by");
+    // TODO: Email agent
+
+    // Logging
+    logAction("Task", "Edit", "Contact $session_contact_email approved task $task_name (approval $approval_id)", $session_client_id, $task_id);
+
+    flash_alert("Task Approved");
+    redirect();
+
+}
+
 if (isset($_POST['add_ticket_feedback'])) {
 
     $ticket_id = intval($_POST['ticket_id']);
diff --git a/client/profile.php b/client/profile.php
index 6209fed5..fae47819 100644
--- a/client/profile.php
+++ b/client/profile.php
@@ -20,9 +20,9 @@ require_once 'includes/inc_all.php';
     <p>Client Primary Contact: <?php if ($session_contact_primary == 1) {echo "Yes"; } else {echo "No";} ?></p>
     <p>Client Technical Contact: <?php if ($session_contact_is_technical_contact) {echo "Yes"; } else {echo "No";} ?></p>
     <p>Client Billing Contact: <?php if ($session_contact_is_billing_contact == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
-
-
+    <br>
     <p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
+    <p>User ID: <?php echo $_SESSION['user_id'] ?> </p>
 
 
     <!--  // Show option to change password if auth provider is local -->
diff --git a/client/ticket.php b/client/ticket.php
index c651694f..6e85fe6e 100644
--- a/client/ticket.php
+++ b/client/ticket.php
@@ -70,6 +70,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
         );
         $completed_task_count = mysqli_num_rows($sql_tasks_completed);
 
+        // Get pending task approvals
+        $sql_task_approvals = mysqli_query($mysqli,"
+            SELECT task_id, task_name, approval_id, approval_scope, approval_type, approval_required_user_id, approval_status, approval_url_key
+            FROM tasks
+            LEFT JOIN task_approvals ON task_id = task_approvals.approval_task_id
+            WHERE task_ticket_id = $ticket_id AND task_completed_at IS NULL AND approval_scope = 'client' AND approval_status = 'pending'
+        ");
         ?>
 
         <ol class="breadcrumb d-print-none">
@@ -130,6 +137,59 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
             </div>
         </div>
 
+        <!-- Approvals -->
+        <?php if (mysqli_num_rows($sql_task_approvals) > 0) { ?>
+            <div class="card">
+                <div class="card-body">
+                    <h5>Approvals</h5>
+                    This ticket has tasks requiring approval:
+
+                    <ul>
+                        <?php
+
+                        while ($approvals = mysqli_fetch_array($sql_task_approvals)) {
+                            $task_id = intval($approvals['task_id']);
+                            $approval_id = intval($approvals['approval_id']);
+                            $task_name = nullable_htmlentities($approvals['task_name']);
+                            $approval_type = nullable_htmlentities($approvals['approval_type']);
+                            $approval_url_key = nullable_htmlentities($approvals['approval_url_key']);
+
+                            $contact_can_approve = false; // Default
+
+                            if ($approval_type == 'any') {
+                                $contact_can_approve = true;
+                            }
+
+                            if ($session_contact_primary) {
+                                $contact_can_approve = true;
+                            }
+
+                            if ($approval_type == 'technical' && $session_contact_is_technical_contact) {
+                                $contact_can_approve = true;
+                            }
+
+                            if ($approval_type == 'billing' && $session_contact_is_billing_contact) {
+                                $contact_can_approve = true;
+                            }
+
+                            ?>
+
+                            <li>
+                                <?php echo $task_name;
+                                if ($contact_can_approve) { ?> - <a href="post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&approval_url_key=<?= $approval_url_key ?>" class="confirm-link">Approve task</a> <?php }
+                                else {?> - Please ask your <?= $approval_type ?> contact to approve this task <?php } ?>
+                            </li>
+
+                        <?php } ?>
+
+                    </ul>
+
+
+
+                </div>
+            </div>
+        <?php } ?>
+
         <hr>
 
         <!-- Either show the reply comments box, option to re-open ticket, show ticket smiley feedback or thanks for feedback -->
diff --git a/db.sql b/db.sql
index 42af2911..081bd541 100644
--- a/db.sql
+++ b/db.sql
@@ -2441,6 +2441,25 @@ CREATE TABLE `tasks` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
+--
+-- Table structure for table `task_approvals`
+--
+
+DROP TABLE IF EXISTS `task_approvals`;
+CREATE TABLE IF NOT EXISTS `task_approvals` (
+  `approval_id` int(11) NOT NULL AUTO_INCREMENT,
+  `approval_scope` enum('client','internal') NOT NULL,
+  `approval_type` enum('any','technical','billing','specific') NOT NULL,
+  `approval_required_user_id` int(11) DEFAULT NULL,
+  `approval_status` enum('pending','approved','declined') NOT NULL,
+  `approval_created_by` int(11) NOT NULL,
+  `approval_approved_by` varchar(255) DEFAULT NULL,
+  `approval_url_key` varchar(200) NOT NULL,
+  `approval_task_id` int(11) NOT NULL,
+  PRIMARY KEY (`approval_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
 --
 -- Table structure for table `taxes`
 --
diff --git a/guest/guest_approve_ticket_task.php b/guest/guest_approve_ticket_task.php
new file mode 100644
index 00000000..f5ded027
--- /dev/null
+++ b/guest/guest_approve_ticket_task.php
@@ -0,0 +1,114 @@
+<?php
+
+require_once "includes/inc_all_guest.php";
+
+//Initialize the HTML Purifier to prevent XSS
+require_once "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
+
+$purifier_config = HTMLPurifier_Config::createDefault();
+$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
+$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
+$purifier = new HTMLPurifier($purifier_config);
+
+if (!isset($_GET['task_approval_id'], $_GET['url_key'])) {
+    echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
+    require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';
+    exit();
+}
+
+// Company info
+$company_sql_row = mysqli_fetch_array(mysqli_query($mysqli, "
+    SELECT
+        company_phone,
+        company_phone_country_code,
+        company_website
+    FROM
+        companies,
+        settings
+    WHERE
+        companies.company_id = settings.company_id
+        AND companies.company_id = 1"
+));
+
+$company_phone_country_code = nullable_htmlentities($company_sql_row['company_phone_country_code']);
+$company_phone = nullable_htmlentities(formatPhoneNumber($company_sql_row['company_phone'], $company_phone_country_code));
+$company_website = nullable_htmlentities($company_sql_row['company_website']);
+
+$approval_id = intval($_GET['task_approval_id']);
+$url_key = sanitizeInput($_GET['url_key']);
+
+$task_row = mysqli_fetch_assoc(mysqli_query($mysqli,
+    "SELECT * FROM task_approvals
+        LEFT JOIN tasks ON approval_task_id = task_id
+        LEFT JOIN tickets on task_ticket_id = ticket_id
+        LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+    WHERE approval_id = $approval_id AND approval_url_key = '$url_key'
+    LIMIT 1"
+));
+
+if (!$task_row) {
+    // Invalid
+    echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
+    require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';
+    exit();
+}
+
+
+$task_id = intval($task_row['task_id']);
+$task_name = nullable_htmlentities($task_row['task_name']);
+$approval_scope = nullable_htmlentities($task_row['approval_scope']);
+$approval_type = nullable_htmlentities($task_row['approval_type']);
+$approval_status = nullable_htmlentities($task_row['approval_status']);
+
+$ticket_prefix = nullable_htmlentities($task_row['ticket_prefix']);
+$ticket_number = intval($task_row['ticket_number']);
+$ticket_status = nullable_htmlentities($task_row['ticket_status_name']);
+$ticket_priority = nullable_htmlentities($task_row['ticket_priority']);
+$ticket_subject = nullable_htmlentities($task_row['ticket_subject']);
+$ticket_details = $purifier->purify($task_row['ticket_details']);
+
+?>
+
+    <div class="card mt-3">
+        <div class="card-header bg-dark text-center">
+            <h4 class="mt-1">
+                Task Approval for Ticket <?php echo $ticket_prefix, $ticket_number ?>
+            </h4>
+        </div>
+
+        <div class="card-body prettyContent">
+            <h5><strong>Subject:</strong> <?php echo $ticket_subject ?></h5>
+            <p>
+                <strong>State:</strong> <?php echo $ticket_status ?>
+                <br>
+                <strong>Priority:</strong> <?php echo $ticket_priority ?>
+                <br>
+            </p>
+            <?php echo $ticket_details ?>
+            <hr>
+            <h5>Task Approval</h5>
+            <p>
+                <strong>Task Name: </strong><?= ucfirst($task_name); ?>
+                <br>
+                <strong>Scope/Type:</strong> <?= ucfirst($approval_scope) . " - " . ucfirst($approval_type)?>
+                <br>
+                <strong>Status:</strong> <?= ucfirst($approval_status)?>
+                <br>
+                <?php
+                if ($approval_status == 'pending') { ?>
+                    <strong>Action: </strong><a href="guest_post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&approval_url_key=<?= $url_key ?>" class="confirm-link text-bold">Approve Task</a>
+                <?php } ?>
+            </p>
+
+        </div>
+    </div>
+
+    <hr>
+
+    <div class="card-footer">
+        <?php echo "<i class='fas fa-phone fa-fw mr-2'></i>$company_phone | <i class='fas fa-globe fa-fw mr-2 ml-2'></i>$company_website"; ?>
+    </div>
+
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';
+
diff --git a/guest/guest_post.php b/guest/guest_post.php
index 800cee90..707639cc 100644
--- a/guest/guest_post.php
+++ b/guest/guest_post.php
@@ -225,6 +225,39 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
 
 }
 
+if (isset($_GET['approve_ticket_task'])) {
+
+    $task_id = intval($_GET['approve_ticket_task']);
+    $approval_id = intval($_GET['approval_id']);
+    $url_key = sanitizeInput($_GET['approval_url_key']);
+
+    $approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending'"));
+
+    $task_name = nullable_htmlentities($approval_row['task_name']);
+    $scope = nullable_htmlentities($approval_row['approval_scope']);
+    $type = nullable_htmlentities($approval_row['approval_type']);
+    $required_user = intval($approval_row['approval_required_user_id']);
+    $created_by = intval($approval_row['approval_created_by']);
+    $ticket_id = intval($approval_row['task_ticket_id']);
+
+    if (!$approval_row) {
+        exit("Cannot find/approve that task");
+    }
+
+    // Approve
+    mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $required_user WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending'");
+
+    // Notify tech
+    mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Guest approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_user_id = $created_by");
+
+    // Logging
+    logAction("Task", "Edit", "Guest user approved task $task_name via link (approval $approval_id)", 0, $task_id);
+
+    flash_alert("Task Approved");
+    redirect();
+
+}
+
 if (isset($_GET['export_quote_pdf'])) {
 
     $quote_id = intval($_GET['export_quote_pdf']);
diff --git a/includes/database_version.php b/includes/database_version.php
index 63110ccf..fdccb0cb 100644
--- a/includes/database_version.php
+++ b/includes/database_version.php
@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "2.3.8");
+DEFINE("LATEST_DATABASE_VERSION", "2.3.9");
diff --git a/login.php b/login.php
index 50f6ea73..039faa0d 100644
--- a/login.php
+++ b/login.php
@@ -524,6 +524,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_
                           </div>";
                     } else {
 
+                        $user_id          = intval($selectedRow['contact_user_id']);
                         $client_id        = intval($selectedRow['contact_client_id']);
                         $contact_id       = intval($selectedRow['contact_id']);
                         $user_auth_method = sanitizeInput($selectedRow['user_auth_method']);