Portal code style tidy

2026-02-28 02:44:53 +00:00 · 2023-01-01 16:05:48 +00:00
parent ff741c223e
commit dd00f48e5b
12 changed files with 558 additions and 558 deletions
--- a/portal/login_reset.php
+++ b/portal/login_reset.php
@@ -10,22 +10,22 @@ require_once('../functions.php');
 require_once('../get_settings.php');

 if (empty($config_smtp_host)) {
-  header("Location: login.php");
-  exit();
+    header("Location: login.php");
+    exit();
 }

 if (!isset($_SESSION)) {
-  // HTTP Only cookies
-  ini_set("session.cookie_httponly", true);
-  if ($config_https_only) {
-    // Tell client to only send cookie(s) over HTTPS
-    ini_set("session.cookie_secure", true);
-  }
-  session_start();
+    // HTTP Only cookies
+    ini_set("session.cookie_httponly", true);
+    if ($config_https_only) {
+        // Tell client to only send cookie(s) over HTTPS
+        ini_set("session.cookie_secure", true);
+    }
+    session_start();
 }

 $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
-$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));

 $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
 $company_results = mysqli_fetch_array($company_sql);
@@ -35,106 +35,106 @@ DEFINE("WORDING_ERROR", "Something went wrong! Your link may have expired. Pleas

 if ($_SERVER['REQUEST_METHOD'] == "POST") {

-  /*
-   * Send password reset email
-   */
-  if (isset($_POST['password_reset_email_request'])) {
-
-    $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
-
-    $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
-    $row = mysqli_fetch_assoc($sql);
-
-    $id = $row['contact_id'];
-    $name = $row['contact_name'];
-    $client = $row['contact_client_id'];
-    $company = $row['company_id'];
-
-    if ($row['contact_email'] == $email) {
-      $token = key32gen();
-      $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
-      mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
-      mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
-
-
-      // Send reset email
-      $subject = "Password reset for $company_name ITFlow Portal";
-      $body    = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
-
-      $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
-        $config_mail_from_email, $config_mail_from_name,
-        $email, $name,
-        $subject, $body);
-
-      // Error handling
-      if ($mail !== true) {
-          mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
-          mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
-      }
-
-      //End Mail IF
-    } else {
-      sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration
-    }
-
-    $_SESSION['login_message'] = "If your account exists, a reset link is on it's way!";
-
    /*
-     * Do password reset
+     * Send password reset email
     */
-  } elseif (isset($_POST['password_reset_set_password'])) {
+    if (isset($_POST['password_reset_email_request'])) {
+
+        $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
+
+        $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
+        $row = mysqli_fetch_assoc($sql);
+
+        $id = $row['contact_id'];
+        $name = $row['contact_name'];
+        $client = $row['contact_client_id'];
+        $company = $row['company_id'];
+
+        if ($row['contact_email'] == $email) {
+            $token = key32gen();
+            $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
+            mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
+
+
+            // Send reset email
+            $subject = "Password reset for $company_name ITFlow Portal";
+            $body    = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
+
+            $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+                $config_mail_from_email, $config_mail_from_name,
+                $email, $name,
+                $subject, $body);
+
+            // Error handling
+            if ($mail !== true) {
+                mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
+            }
+
+            //End Mail IF
+        } else {
+            sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration
+        }
+
+        $_SESSION['login_message'] = "If your account exists, a reset link is on it's way!";
+
+        /*
+         * Do password reset
+         */
+    } elseif (isset($_POST['password_reset_set_password'])) {
+
+        if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
+            $_SESSION['login_message'] = WORDING_ERROR;
+        }
+
+        $token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
+        $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
+        $client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
+
+        // Query user
+        $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
+        $contact_row = mysqli_fetch_array($sql);
+        $contact_id = $contact_row['contact_id'];
+        $name = $contact_row['contact_name'];
+        $company = $contact_row['company_id'];
+
+        // Ensure the token is correct
+        if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
+
+            // Set password, invalidate token, logging
+            $password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
+            mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
+
+            // Send confirmation email
+            $subject = "Password reset confirmation for $company_name ITFlow Portal";
+            $body    = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
+
+
+            $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+                $config_mail_from_email, $config_mail_from_name,
+                $email, $name,
+                $subject, $body);
+
+            // Error handling
+            if ($mail !== true) {
+                mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
+            }
+
+            // Redirect to login page
+            $_SESSION['login_message'] = "Password reset successfully!";
+            header("Location: login.php");
+            exit();
+
+        } else {
+            $_SESSION['login_message'] = WORDING_ERROR;
+        }
+

-    if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
-      $_SESSION['login_message'] = WORDING_ERROR;
    }

-    $token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
-    $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
-    $client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
-
-    // Query user
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
-    $contact_row = mysqli_fetch_array($sql);
-    $contact_id = $contact_row['contact_id'];
-    $name = $contact_row['contact_name'];
-    $company = $contact_row['company_id'];
-
-    // Ensure the token is correct
-    if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
-
-      // Set password, invalidate token, logging
-      $password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
-      mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
-      mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
-
-      // Send confirmation email
-      $subject = "Password reset confirmation for $company_name ITFlow Portal";
-      $body    = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
-
-
-      $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
-        $config_mail_from_email, $config_mail_from_name,
-        $email, $name,
-        $subject, $body);
-
-      // Error handling
-      if ($mail !== true) {
-          mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
-          mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
-      }
-
-      // Redirect to login page
-      $_SESSION['login_message'] = "Password reset successfully!";
-      header("Location: login.php");
-      exit();
-
-    } else {
-      $_SESSION['login_message'] = WORDING_ERROR;
-    }
-
-
-  }
-

 }

@@ -142,110 +142,110 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 <!DOCTYPE html>
 <html>
 <head>
-  <meta charset="utf-8">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title><?php echo $company_name; ?> | Password Reset</title>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title><?php echo $company_name; ?> | Password Reset</title>

-  <!-- Tell the browser to be responsive to screen width -->
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <meta name="robots" content="noindex">
+    <!-- Tell the browser to be responsive to screen width -->
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="robots" content="noindex">

-  <!-- Font Awesome -->
-  <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+    <!-- Font Awesome -->
+    <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">

-  <!-- Theme style -->
-  <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+    <!-- Theme style -->
+    <link rel="stylesheet" href="../dist/css/adminlte.min.css">

-  <!-- Google Font: Source Sans Pro -->
-  <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+    <!-- Google Font: Source Sans Pro -->
+    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
 </head>

 <body class="hold-transition login-page">
 <div class="login-box">
-  <div class="login-logo"><b><?=$company_name?></b> <br>Password Reset</h2></div>
-  <div class="card">
-    <div class="card-body login-card-body">
+    <div class="login-logo"><b><?=$company_name?></b> <br>Password Reset</h2></div>
+    <div class="card">
+        <div class="card-body login-card-body">

-      <form method="post">
+            <form method="post">

-        <?php
-        /*
-         * Password reset form
-         */
-        if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) {
+                <?php
+                /*
+                 * Password reset form
+                 */
+                if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) {

-          $token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token']));
-          $email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email']));
-          $client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client'])));
+                    $token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token']));
+                    $email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email']));
+                    $client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client'])));

-          $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
-          $contact_row = mysqli_fetch_array($sql);
+                    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
+                    $contact_row = mysqli_fetch_array($sql);

-          // Sanity check
-          if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>
+                    // Sanity check
+                    if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>

-            <div class="input-group mb-3">
-              <input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">
-              <div class="input-group-append">
-                <div class="input-group-text">
-                  <span class="fas fa-lock"></span>
-                </div>
-              </div>
-            </div>
+                        <div class="input-group mb-3">
+                            <input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">
+                            <div class="input-group-append">
+                                <div class="input-group-text">
+                                    <span class="fas fa-lock"></span>
+                                </div>
+                            </div>
+                        </div>

-            <input type="hidden" name="token" value="<?=$token?>">
-            <input type="hidden" name="email" value="<?=$email?>">
-            <input type="hidden" name="client" value="<?=$client?>">
+                        <input type="hidden" name="token" value="<?=$token?>">
+                        <input type="hidden" name="email" value="<?=$email?>">
+                        <input type="hidden" name="client" value="<?=$client?>">

-            <button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_set_password">Reset password</button>
+                        <button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_set_password">Reset password</button>


-          <?php } else {
+                    <?php } else {

-            $_SESSION['login_message'] = WORDING_ERROR;
+                        $_SESSION['login_message'] = WORDING_ERROR;

-          }
+                    }


-          /*
-           * Else: Just show the form to request a reset token email
-           */
-        } else { ?>
+                    /*
+                     * Else: Just show the form to request a reset token email
+                     */
+                } else { ?>

-          <div class="input-group mb-3">
-            <input type="text" class="form-control" placeholder="Registered Client Email" name="email" required autofocus>
-            <div class="input-group-append">
-              <div class="input-group-text">
-                <span class="fas fa-envelope"></span>
-              </div>
-            </div>
-          </div>
+                    <div class="input-group mb-3">
+                        <input type="text" class="form-control" placeholder="Registered Client Email" name="email" required autofocus>
+                        <div class="input-group-append">
+                            <div class="input-group-text">
+                                <span class="fas fa-envelope"></span>
+                            </div>
+                        </div>
+                    </div>

-          <button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_email_request">Reset my password</button>
+                    <button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_email_request">Reset my password</button>

-        <?php }
-        ?>
+                <?php }
+                ?>

-      </form>
+            </form>

-      <p class="login-box-msg text-danger">
-        <?php
-        // Show feedback from session
-        if (!empty($_SESSION['login_message'])) {
-          echo $_SESSION['login_message'];
-          unset($_SESSION['login_message']);
-        }
-        ?>
-      </p>
+            <p class="login-box-msg text-danger">
+                <?php
+                // Show feedback from session
+                if (!empty($_SESSION['login_message'])) {
+                    echo $_SESSION['login_message'];
+                    unset($_SESSION['login_message']);
+                }
+                ?>
+            </p>

-      <a href="login.php">Back to login</a>
+            <a href="login.php">Back to login</a>


+        </div>
+        <!-- /.login-card-body -->
+
    </div>
-    <!-- /.login-card-body -->
-
-  </div>
-  <!-- /.div.card -->
+    <!-- /.div.card -->

 </div>
 <!-- /.login-box -->
@@ -261,7 +261,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {

 <!-- Prevents resubmit on refresh or back -->
 <script>
-    if(window.history.replaceState){
+    if (window.history.replaceState) {
        window.history.replaceState(null,null,window.location.href);
    }
 </script>