Merge pull request #735 from wrongecho/contact-details

Contact small edits
2023-10-08 19:55:16 -04:00 · 2023-10-08 19:55:16 -04:00 · dcd17c7556
parent 1f067c17c4 dff0b689ce
commit dcd17c7556
5 changed files with 18 additions and 10 deletions
--- a/client_contact_edit_modal.php
+++ b/client_contact_edit_modal.php
@ -13,6 +13,7 @@
                <input type="hidden" name="contact_important" value="0">
                <input type="hidden" name="contact_billing" value="0">
                <input type="hidden" name="contact_technical" value="0">
+                <input type="hidden" name="send_email" value="0">
                <!-- End prevent undefined errors -->
                <input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>">
                <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
@ -198,7 +199,7 @@
                                        <div class="input-group-prepend">
                                            <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
                                        </div>
-                                        <input type="password" class="form-control" data-toggle="password" name="contact_password" placeholder="Leave blank for no change" autocomplete="new-password">
+                                        <input type="password" class="form-control" data-toggle="password" name="contact_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
                                        <div class="input-group-append">
                                            <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
                                        </div>
@ -207,7 +208,7 @@
                            </div>

                            <div class="form-check">
-                                <input type="checkbox" class="form-check-input" name="send_email" value=""/>
+                                <input type="checkbox" class="form-check-input" name="send_email" value="1"/>
                                <label class="form-check-label">Send user e-mail with login details?</label>
                            </div>

@ -252,4 +253,4 @@
            </form>
        </div>
    </div>
-</div>
+</div>
--- a/client_contacts.php
+++ b/client_contacts.php
@ -210,7 +210,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                        </a>
                                        <?php if ($session_user_role == 3 && $contact_primary == 0) { ?>
                                            <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger" href="post.php?anonymize_contact=<?php echo $contact_id; ?>">
+                                            <a class="dropdown-item text-danger confirm-link" href="post.php?anonymize_contact=<?php echo $contact_id; ?>">
                                                <i class="fas fa-fw fa-user-secret mr-2"></i>Anonymize & Archive
                                            </a>
                                            <div class="dropdown-divider"></div>
--- a/portal/check_login.php
+++ b/portal/check_login.php
@ -50,6 +50,7 @@ $session_contact_initials = initials($session_contact_name);
 $session_contact_title = sanitizeInput($contact['contact_title']);
 $session_contact_email = sanitizeInput($contact['contact_email']);
 $session_contact_photo = sanitizeInput($contact['contact_photo']);
+$session_contact_pin = sanitizeInput($contact['contact_pin']);
 $session_contact_primary = intval($contact['contact_primary']);

 $session_contact_is_technical_contact = false;
--- a/portal/profile.php
+++ b/portal/profile.php
@ -13,6 +13,7 @@ require_once('inc_portal.php');

    <p>Name: <?php echo $session_contact_name ?></p>
    <p>Email: <?php echo $session_contact_email ?></p>
+    <p>PIN: <?php echo $session_contact_pin ?></p>
    <p>Client: <?php echo $session_client_name ?></p>
    <br>
    <p>Client Primary Contact: <?php if ($session_contact_primary == 1) {echo "Yes"; } else {echo "No";} ?></p>
@ -35,7 +36,7 @@ require_once('inc_portal.php');
                    <div class="input-group-prepend">
                        <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
                    </div>
-                    <input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
+                    <input type="password" class="form-control" minlength="8" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
                </div>
            </div>
            <button type="submit" name="edit_profile" class="btn btn-primary text-bold mt-3"><i class="fas fa-check mr-2"></i>Save password</button>
--- a/post/contact.php
+++ b/post/contact.php
@ -17,7 +17,7 @@ if (isset($_POST['add_contact'])) {
        // Set a random password
        $password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
    }
-    
+
    if (!file_exists("uploads/clients/$client_id")) {
        mkdir("uploads/clients/$client_id");
    }
@ -68,6 +68,7 @@ if (isset($_POST['edit_contact'])) {
    require_once('post/contact_model.php');

    $contact_id = intval($_POST['contact_id']);
+    $send_email = intval($_POST['send_email']);

    // Get Exisiting Contact Photo
    $sql = mysqli_query($mysqli,"SELECT contact_photo FROM contacts WHERE contact_id = $contact_id");
@ -93,7 +94,7 @@ if (isset($_POST['edit_contact'])) {
    }

    // Send contact a welcome e-mail, if specified
-    if (isset($_POST['send_email']) && !empty($auth_method) && !empty($config_smtp_host)) {
+    if ($send_email && !empty($auth_method) && !empty($config_smtp_host)) {

        // Un-sanitizied used in body of email
        $contact_name = $_POST['name'];
@ -102,14 +103,18 @@ if (isset($_POST['edit_contact'])) {
        $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email);
        $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name);

+        // Authentication info (azure, reset password, or tech-provided temporary password)
+
        if ($auth_method == 'azure') {
            $password_info = "Login with your Microsoft (Azure AD) account.";
+        } elseif (empty($_POST['contact_password'])) {
+            $password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
        } else {
-            $password_info = $_POST['contact_password'];
+            $password_info = $_POST['contact_password'] . " -- Please change on first login";
        }

-        $subject = sanitizeInput("Your new $session_company_name ITFlow account");
-        $body = mysqli_real_escape_string($mysqli, "Hello, $contact_name<br><br>An ITFlow account has been set up for you. <br><br>Username: $email <br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email");
+        $subject = sanitizeInput("Your new $session_company_name support portal account");
+        $body = mysqli_real_escape_string($mysqli, "Hello, $contact_name<br><br>$session_company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email");

        // Queue Mail
        mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$email', email_recipient_name = '$name', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject', email_content = '$body'");