AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Portal code style tidy

This commit is contained in:
Marcus Hill 2023-01-01 16:05:48 +00:00
parent ff741c223e
commit dd00f48e5b
12 changed files with 558 additions and 558 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
portal/check_login.php
View File

@ -5,27 +5,27 @@
* Checks if the client is logged in or not
*/
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
if(!$_SESSION['client_logged_in']){
header("Location: login.php");
die;
if (!$_SESSION['client_logged_in']) {
header("Location: login.php");
die;
}
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$session_ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli, get_os()));
// Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Get info from session
$session_client_id = $_SESSION['client_id'];

26
portal/inc_portal.php
View File

@ -4,19 +4,19 @@
* Includes for all pages (except login)
*/
include('../config.php');
include('../functions.php');
include('check_login.php');
include('portal_functions.php');
require_once('../config.php');
require_once('../functions.php');
require_once('check_login.php');
require_once('portal_functions.php');
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
include("portal_header.php");
require_once("portal_header.php");

146
portal/index.php
View File

@ -8,18 +8,18 @@ require_once("inc_portal.php");
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') {
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 'Closed'";
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 'Closed'";
} else {
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";
}
$contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_contact_id = '$session_contact_id' AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC");
@ -41,39 +41,39 @@ $total_tickets = $row['total_tickets'];
?>
<table>
<tr>
<th class="text-center">
<?php if(!empty($session_contact_photo)){ ?>
<img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle">
<?php }else{ ?>
<span class="fa-stack fa-2x rounded-left">
<table>
<tr>
<th class="text-center">
<?php if (!empty($session_contact_photo)) { ?>
<img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle">
<?php } else { ?>
<span class="fa-stack fa-2x rounded-left">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $session_contact_initials; ?></span>
</span>
<br>
<?php } ?>
<div class="text-dark"><?php echo $session_contact_name; ?></div>
<div><?php echo $session_contact_title; ?></div>
</th>
<th>
<div class="">
<h4 class="">Welcome, <b><?php echo $session_contact_name ?></b>!</h4>
<hr>
</div>
</th>
</tr>
</table>
<br>
<br>
<?php } ?>
<div class="text-dark"><?php echo $session_contact_name; ?></div>
<div><?php echo $session_contact_title; ?></div>
</th>
<th>
<div class="">
<h4 class="">Welcome, <b><?php echo $session_contact_name ?></b>!</h4>
<hr>
</div>
</th>
</tr>
</table>
<div class="row">
<div class="col-10">
<div class="card">
<br>
<div class="row">
<div class="col-10">
<div class="card">
<span class="border border-secondary">
<table class="table">
<thead class="thead-dark">
@ -86,46 +86,46 @@ $total_tickets = $row['total_tickets'];
<tbody>
<?php
while($ticket = mysqli_fetch_array($contact_tickets)){
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[ticket_status]</td>";
echo "</tr>";
while ($ticket = mysqli_fetch_array($contact_tickets)) {
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[ticket_status]</td>";
echo "</tr>";
}
?>
</tbody>
</table>
</span>
</div>
</div>
<div class="col-2">
<div class="card">
<a href="ticket_add.php" class="btn btn-primary">New ticket</a>
</div>
<hr>
<a href="?status=Open">
<div class="card text-white bg-danger mb-3" style="max-width: 18rem;">
<div class="card-header">My Open tickets | <b><?php echo $total_tickets_open ?></b></div>
</div>
</a>
<a href="?status=Closed">
<div class="card text-white bg-success mb-3" style="max-width: 18rem;">
<div class="card-header">Resolved tickets | <b><?php echo $total_tickets_closed ?></b></div>
</div>
</a>
<a href="?status=%">
<div class="card text-white bg-secondary mb-3" style="max-width: 18rem;">
<div class="card-header">All my tickets | <b><?php echo $total_tickets ?></b></div>
</div>
</a>
</div>
</div>
</div>
<div class="col-2">
<div class="card">
<a href="ticket_add.php" class="btn btn-primary">New ticket</a>
</div>
<hr>
<a href="?status=Open">
<div class="card text-white bg-danger mb-3" style="max-width: 18rem;">
<div class="card-header">My Open tickets | <b><?php echo $total_tickets_open ?></b></div>
</div>
</a>
<a href="?status=Closed">
<div class="card text-white bg-success mb-3" style="max-width: 18rem;">
<div class="card-header">Resolved tickets | <b><?php echo $total_tickets_closed ?></b></div>
</div>
</a>
<a href="?status=%">
<div class="card text-white bg-secondary mb-3" style="max-width: 18rem;">
<div class="card-header">All my tickets | <b><?php echo $total_tickets ?></b></div>
</div>
</a>
</div>
</div>
<?php include("portal_footer.php"); ?>
<?php require_once("portal_footer.php"); ?>

206
portal/login.php
View File

@ -9,20 +9,20 @@ require_once('../config.php');
require_once('../functions.php');
require_once ('../get_settings.php');
if(!isset($_SESSION)){
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$sql_settings = mysqli_query($mysqli,"SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id'];
@ -30,119 +30,119 @@ $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE c
$company_results = mysqli_fetch_array($company_sql);
$company_name = $company_results['company_name'];
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['login_message'] = 'Invalid e-mail';
}
else{
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$row = mysqli_fetch_array($sql);
if($row['contact_auth_method'] == 'local'){
if(password_verify($password, $row['contact_password_hash'])){
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['login_method'] = "local";
header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
}
else{
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['login_message'] = 'Invalid e-mail';
}
else{
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'local') {
if (password_verify($password, $row['contact_password_hash'])) {
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['login_method'] = "local";
header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
}
else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
}
else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Client Portal Login</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Client Portal Login</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head>
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo"><b><?=$company_name?></b> <br>Client Portal Login</h2></div>
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg text-danger">
<?php
if(!empty($_SESSION['login_message'])){
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
?>
</p>
<form method="post">
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Client Email" name="email" required autofocus>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
<div class="login-logo"><b><?=$company_name?></b> <br>Client Portal Login</h2></div>
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg text-danger">
<?php
if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
?>
</p>
<form method="post">
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Client Email" name="email" required autofocus>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Client Password" name="password" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<button type="submit" class="btn btn-success btn-block mb-3" name="login">Login</button>
<?php
if (!empty($config_smtp_host)) { ?>
<a href="login_reset.php">Forgotten password?</a>
<?php } ?>
</form>
<?php
if (!empty($client_id)) { ?>
<hr>
<div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
</div>
<?php } ?>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Client Password" name="password" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<button type="submit" class="btn btn-success btn-block mb-3" name="login">Login</button>
<?php
if (!empty($config_smtp_host)) { ?>
<a href="login_reset.php">Forgotten password?</a>
<?php } ?>
</form>
<?php
if(!empty($client_id)){ ?>
<hr>
<div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
</div>
<?php } ?>
<!-- /.login-card-body -->
</div>
<!-- /.login-card-body -->
</div>
<!-- /.div.card -->
<!-- /.div.card -->
</div>
<!-- /.login-box -->
@ -158,7 +158,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
<!-- Prevents resubmit on refresh or back -->
<script>
if(window.history.replaceState){
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>

10
portal/login_microsoft.php
View File

@ -31,7 +31,7 @@ $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/
// Initial Login Request, via Microsoft
// Returns a authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET"){
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$params = array (
'client_id' => $client_id,
@ -47,7 +47,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET"){
// Login was successful, Microsoft has returned us a authorization code via POST
// Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()){
if (isset($_POST['code']) && $_POST['state'] == session_id()) {
$params = array (
'client_id' =>$client_id,
@ -70,7 +70,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// Check if we have an access token
// If we do, send a request to Microsoft Graph API to get user info
if (isset($access_token_response['access_token'])){
if (isset($access_token_response['access_token'])) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'],
@ -81,7 +81,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
$msgraph_response = json_decode(curl_exec($ch), 1);
if (isset($msgraph_response['error'])){
if (isset($msgraph_response['error'])) {
// Something went wrong verifying the token/using the Graph API - quit
echo "Error with MS Graph API. Details:";
var_dump($msgraph_response['error']);
@ -119,5 +119,5 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// If the user is just sat on the page, redirect them to login to try again
if (empty($_GET)) {
echo "<script> setTimeout(function(){ window.location = \"login.php\"; },1000);</script>";
echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
}

358
portal/login_reset.php
View File

@ -10,22 +10,22 @@ require_once('../functions.php');
require_once('../get_settings.php');
if (empty($config_smtp_host)) {
header("Location: login.php");
exit();
header("Location: login.php");
exit();
}
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", true);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", true);
}
session_start();
// HTTP Only cookies
ini_set("session.cookie_httponly", true);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", true);
}
session_start();
}
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
$company_results = mysqli_fetch_array($company_sql);
@ -35,106 +35,106 @@ DEFINE("WORDING_ERROR", "Something went wrong! Your link may have expired. Pleas
if ($_SERVER['REQUEST_METHOD'] == "POST") {
/*
* Send password reset email
*/
if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$id = $row['contact_id'];
$name = $row['contact_name'];
$client = $row['contact_client_id'];
$company = $row['company_id'];
if ($row['contact_email'] == $email) {
$token = key32gen();
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send reset email
$subject = "Password reset for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
//End Mail IF
} else {
sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration
}
$_SESSION['login_message'] = "If your account exists, a reset link is on it's way!";
/*
* Do password reset
* Send password reset email
*/
} elseif (isset($_POST['password_reset_set_password'])) {
if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$id = $row['contact_id'];
$name = $row['contact_name'];
$client = $row['contact_client_id'];
$company = $row['company_id'];
if ($row['contact_email'] == $email) {
$token = key32gen();
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send reset email
$subject = "Password reset for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
//End Mail IF
} else {
sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration
}
$_SESSION['login_message'] = "If your account exists, a reset link is on it's way!";
/*
* Do password reset
*/
} elseif (isset($_POST['password_reset_set_password'])) {
if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
$_SESSION['login_message'] = WORDING_ERROR;
}
$token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = $contact_row['contact_id'];
$name = $contact_row['contact_name'];
$company = $contact_row['company_id'];
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
// Redirect to login page
$_SESSION['login_message'] = "Password reset successfully!";
header("Location: login.php");
exit();
} else {
$_SESSION['login_message'] = WORDING_ERROR;
}
if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
$_SESSION['login_message'] = WORDING_ERROR;
}
$token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = $contact_row['contact_id'];
$name = $contact_row['contact_name'];
$company = $contact_row['company_id'];
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
// Redirect to login page
$_SESSION['login_message'] = "Password reset successfully!";
header("Location: login.php");
exit();
} else {
$_SESSION['login_message'] = WORDING_ERROR;
}
}
}
@ -142,110 +142,110 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Password Reset</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Password Reset</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head>
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo"><b><?=$company_name?></b> <br>Password Reset</h2></div>
<div class="card">
<div class="card-body login-card-body">
<div class="login-logo"><b><?=$company_name?></b> <br>Password Reset</h2></div>
<div class="card">
<div class="card-body login-card-body">
<form method="post">
<form method="post">
<?php
/*
* Password reset form
*/
if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) {
<?php
/*
* Password reset form
*/
if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) {
$token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client'])));
$token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
// Sanity check
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>
// Sanity check
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<input type="hidden" name="token" value="<?=$token?>">
<input type="hidden" name="email" value="<?=$email?>">
<input type="hidden" name="client" value="<?=$client?>">
<input type="hidden" name="token" value="<?=$token?>">
<input type="hidden" name="email" value="<?=$email?>">
<input type="hidden" name="client" value="<?=$client?>">
<button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_set_password">Reset password</button>
<button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_set_password">Reset password</button>
<?php } else {
<?php } else {
$_SESSION['login_message'] = WORDING_ERROR;
$_SESSION['login_message'] = WORDING_ERROR;
}
}
/*
* Else: Just show the form to request a reset token email
*/
} else { ?>
/*
* Else: Just show the form to request a reset token email
*/
} else { ?>
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Registered Client Email" name="email" required autofocus>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Registered Client Email" name="email" required autofocus>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
</div>
<button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_email_request">Reset my password</button>
<button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_email_request">Reset my password</button>
<?php }
?>
<?php }
?>
</form>
</form>
<p class="login-box-msg text-danger">
<?php
// Show feedback from session
if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
?>
</p>
<p class="login-box-msg text-danger">
<?php
// Show feedback from session
if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
?>
</p>
<a href="login.php">Back to login</a>
<a href="login.php">Back to login</a>
</div>
<!-- /.login-card-body -->
</div>
<!-- /.login-card-body -->
</div>
<!-- /.div.card -->
<!-- /.div.card -->
</div>
<!-- /.login-box -->
@ -261,7 +261,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!-- Prevents resubmit on refresh or back -->
<script>
if(window.history.replaceState){
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>

44
portal/portal_functions.php
View File

@ -7,32 +7,32 @@
/*
* Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action
*/
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state){
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state) {
// Access the global variables
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
// Access the global variables
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
// Setup
if($expected_ticket_state == "Closed"){
// Closed tickets
$ticket_state_snippet = "ticket_status = 'Closed'";
}
else{
// Open (working/hold) tickets
$ticket_state_snippet = "ticket_status != 'Closed'";
}
// Setup
if ($expected_ticket_state == "Closed") {
// Closed tickets
$ticket_state_snippet = "ticket_status = 'Closed'";
}
else {
// Open (working/hold) tickets
$ticket_state_snippet = "ticket_status != 'Closed'";
}
// Verify the contact has access to the provided ticket ID
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$requested_ticket_id' AND $ticket_state_snippet AND ticket_client_id = '$session_client_id' LIMIT 1");
$row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id'];
// Verify the contact has access to the provided ticket ID
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$requested_ticket_id' AND $ticket_state_snippet AND ticket_client_id = '$session_client_id' LIMIT 1");
$row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id'];
if(intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
// Client is ticket owner, or primary contact
return TRUE;
}
if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
// Client is ticket owner, or primary contact
return TRUE;
}
// Client is NOT ticket owner or primary contact
return FALSE;
// Client is NOT ticket owner or primary contact
return FALSE;
}

88
portal/portal_header.php
View File

@ -8,61 +8,61 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head>
<!-- Navbar -->
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="index.php"><?php echo $config_app_name ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="container">
<a class="navbar-brand" href="index.php"><?php echo $config_app_name ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item <?php if(basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>">
<a class="nav-link" href="index.php">Home</a>
</li>
<?php if($session_contact_id == $session_client_primary_contact_id) { ?>
<li class="nav-item">
<a class="nav-link" href="ticket_view_all.php">All Tickets</a>
</li>
<?php } ?>
<li class="nav-item">
<a class="nav-link" href="ticket_add.php">New Ticket</a>
</li>
</ul>
<ul class="nav navbar-nav pull-right">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<?php echo $session_contact_name ?>
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="profile.php">Profile</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="portal_post.php?logout">Logout</a>
</div>
</li>
</ul>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item <?php if (basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>">
<a class="nav-link" href="index.php">Home</a>
</li>
<?php if ($session_contact_id == $session_client_primary_contact_id) { ?>
<li class="nav-item">
<a class="nav-link" href="ticket_view_all.php">All Tickets</a>
</li>
<?php } ?>
<li class="nav-item">
<a class="nav-link" href="ticket_add.php">New Ticket</a>
</li>
</ul>
<ul class="nav navbar-nav pull-right">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<?php echo $session_contact_name ?>
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="profile.php">Profile</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="portal_post.php?logout">Logout</a>
</div>
</li>
</ul>
</div>
</div>
</div>
</nav>
<br>

40
portal/profile.php
View File

@ -12,30 +12,30 @@ require('inc_portal.php');
<p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p>
<p>Client: <?php echo $session_client_name ?></p>
<p>Client Primary Contact: <?php if($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
<!-- // Show option to change password if auth provider is local -->
<?php if($_SESSION['login_method'] == 'local'): ?>
<hr>
<div class="col-md-6">
<h4>Password</h4>
<form action="portal_post.php" method="post" autocomplete="off">
<div class="form-group">
<label>New Password</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
</div>
</div>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
</form>
</div>
<!-- // Show option to change password if auth provider is local -->
<?php if ($_SESSION['login_method'] == 'local'): ?>
<hr>
<div class="col-md-6">
<h4>Password</h4>
<form action="portal_post.php" method="post" autocomplete="off">
<div class="form-group">
<label>New Password</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
</div>
</div>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
</form>
</div>
<?php endif ?>
<?php
include('portal_footer.php');
require_once('portal_footer.php');

2
portal/ticket.php
View File

@ -133,7 +133,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<div class="media-body">
<?php echo $ticket_reply_by_display; ?>
<br>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "(edited: $ticket_reply_updated_at)"; } ?></small>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if (!empty($ticket_reply_updated_at)) { echo "(edited: $ticket_reply_updated_at)"; } ?></small>
</div>
</div>
</h3>

72
portal/ticket_add.php
View File

@ -7,44 +7,44 @@
require('inc_portal.php');
?>
<h2>Raise a new ticket</h2>
<h2>Raise a new ticket</h2>
<div class="col-8">
<form action="portal_post.php" method="post">
<div class="col-8">
<form action="portal_post.php" method="post">
<div class="form-group">
<label>Subject <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<input type="text" class="form-control" name="subject" placeholder="Subject" required>
</div>
<div class="form-group">
<label>Subject <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<input type="text" class="form-control" name="subject" placeholder="Subject" required>
</div>
</div>
<div class="form-group">
<label>Priority <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="priority" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Details <strong class="text-danger">*</strong></label>
<textarea class="form-control" rows="4" name="details" required></textarea>
</div>
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form>
</div>
<div class="form-group">
<label>Priority <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="priority" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Details <strong class="text-danger">*</strong></label>
<textarea class="form-control" rows="4" name="details" required></textarea>
</div>
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form>
</div>
<?php
include('portal_footer.php');
require_once('portal_footer.php');

96
portal/ticket_view_all.php
View File

@ -6,67 +6,67 @@
require('inc_portal.php');
if($session_contact_id !== $session_client_primary_contact_id){
header("Location: portal_post.php?logout");
exit();
if ($session_contact_id !== $session_client_primary_contact_id) {
header("Location: portal_post.php?logout");
exit();
}
// Ticket status from GET
if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
// If nothing is set, assume we only want to see open tickets
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') {
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
$status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 'Closed'";
$status = 'Closed';
$ticket_status_snippet = "ticket_status = 'Closed'";
} else {
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";
$status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'";
}
$all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC");
?>
<h2>All tickets</h2>
<div class="col-md-2">
<div class="form-group">
<form method="get">
<label>Ticket Status</label>
<select class="form-control" name="status" onchange="this.form.submit()">
<option value="%" <?php if($status == "%"){echo "selected";}?> >Any</option>
<option value="Open" <?php if($status == "Open"){echo "selected";}?> >Open</option>
<option value="Closed" <?php if($status == "Closed"){echo "selected";}?> >Closed</option>
</select>
</form>
<h2>All tickets</h2>
<div class="col-md-2">
<div class="form-group">
<form method="get">
<label>Ticket Status</label>
<select class="form-control" name="status" onchange="this.form.submit()">
<option value="%" <?php if ($status == "%") {echo "selected";}?> >Any</option>
<option value="Open" <?php if ($status == "Open") {echo "selected";}?> >Open</option>
<option value="Closed" <?php if ($status == "Closed") {echo "selected";}?> >Closed</option>
</select>
</form>
</div>
</div>
</div>
<table class="table">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">Subject</th>
<th scope="col">Contact</th>
<th scope="col">Status</th>
</tr>
</thead>
<tbody>
<table class="table">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">Subject</th>
<th scope="col">Contact</th>
<th scope="col">Status</th>
</tr>
</thead>
<tbody>
<?php
while($ticket = mysqli_fetch_array($all_tickets)){
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[contact_name]</td>";
echo "<td>$ticket[ticket_status]</td>";
echo "</tr>";
}
?>
</tbody>
</table>
</div>
<?php
while ($ticket = mysqli_fetch_array($all_tickets)) {
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[contact_name]</td>";
echo "<td>$ticket[ticket_status]</td>";
echo "</tr>";
}
?>
</tbody>
</table>
</div>
<?php
include('portal_footer.php');
require_once('portal_footer.php');