AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-03 04:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Portal code style tidy

Browse Source
This commit is contained in:
Marcus Hill
2023-01-01 16:05:48 +00:00
parent ff741c223e
commit dd00f48e5b
12 changed files with 558 additions and 558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
portal/check_login.php
View File

@@ -5,27 +5,27 @@
* Checks if the client is logged in or not * Checks if the client is logged in or not
*/ */
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
session_start(); session_start();
} }
if(!$_SESSION['client_logged_in']){ if (!$_SESSION['client_logged_in']) {
header("Location: login.php"); header("Location: login.php");
die; die;
} }
// SESSION FINGERPRINT // SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $session_ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os())); $session_os = strip_tags(mysqli_real_escape_string($mysqli, get_os()));
// Get user agent // Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Get info from session // Get info from session
$session_client_id = $_SESSION['client_id']; $session_client_id = $_SESSION['client_id'];

26
portal/inc_portal.php
View File

@@ -4,19 +4,19 @@
* Includes for all pages (except login) * Includes for all pages (except login)
*/ */
include('../config.php'); require_once('../config.php');
include('../functions.php'); require_once('../functions.php');
include('check_login.php'); require_once('check_login.php');
include('portal_functions.php'); require_once('portal_functions.php');
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
session_start(); session_start();
} }
include("portal_header.php"); require_once("portal_header.php");

146
portal/index.php
View File

@@ -8,18 +8,18 @@ require_once("inc_portal.php");
// Ticket status from GET // Ticket status from GET
if (!isset($_GET['status'])) { if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets // If nothing is set, assume we only want to see open tickets
$status = 'Open'; $status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'"; $ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') { } elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') {
$status = 'Open'; $status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'"; $ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') { } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed'; $status = 'Closed';
$ticket_status_snippet = "ticket_status = 'Closed'"; $ticket_status_snippet = "ticket_status = 'Closed'";
} else { } else {
$status = '%'; $status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'"; $ticket_status_snippet = "ticket_status LIKE '%'";
} }
$contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_contact_id = '$session_contact_id' AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC"); $contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_contact_id = '$session_contact_id' AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC");
@@ -41,39 +41,39 @@ $total_tickets = $row['total_tickets'];
?> ?>
<table> <table>
<tr> <tr>
<th class="text-center"> <th class="text-center">
<?php if(!empty($session_contact_photo)){ ?> <?php if (!empty($session_contact_photo)) { ?>
<img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle"> <img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle">
<?php }else{ ?> <?php } else { ?>
<span class="fa-stack fa-2x rounded-left"> <span class="fa-stack fa-2x rounded-left">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $session_contact_initials; ?></span> <span class="fa fa-stack-1x text-white"><?php echo $session_contact_initials; ?></span>
</span> </span>
<br> <br>
<?php } ?>
<div class="text-dark"><?php echo $session_contact_name; ?></div>
<div><?php echo $session_contact_title; ?></div>
</th>
<th>
<div class="">
<h4 class="">Welcome, <b><?php echo $session_contact_name ?></b>!</h4>
<hr>
</div>
</th>
</tr>
</table>
<br> <?php } ?>
<div class="text-dark"><?php echo $session_contact_name; ?></div>
<div><?php echo $session_contact_title; ?></div>
</th>
<th>
<div class="">
<h4 class="">Welcome, <b><?php echo $session_contact_name ?></b>!</h4>
<hr>
</div>
</th>
</tr>
</table>
<div class="row"> <br>
<div class="col-10"> <div class="row">
<div class="card">
<div class="col-10">
<div class="card">
<span class="border border-secondary"> <span class="border border-secondary">
<table class="table"> <table class="table">
<thead class="thead-dark"> <thead class="thead-dark">
@@ -86,46 +86,46 @@ $total_tickets = $row['total_tickets'];
<tbody> <tbody>
<?php <?php
while($ticket = mysqli_fetch_array($contact_tickets)){ while ($ticket = mysqli_fetch_array($contact_tickets)) {
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[ticket_status]</td>"; echo "<td>$ticket[ticket_status]</td>";
echo "</tr>"; echo "</tr>";
} }
?> ?>
</tbody> </tbody>
</table> </table>
</span> </span>
</div>
</div>
<div class="col-2">
<div class="card">
<a href="ticket_add.php" class="btn btn-primary">New ticket</a>
</div>
<hr>
<a href="?status=Open">
<div class="card text-white bg-danger mb-3" style="max-width: 18rem;">
<div class="card-header">My Open tickets | <b><?php echo $total_tickets_open ?></b></div>
</div>
</a>
<a href="?status=Closed">
<div class="card text-white bg-success mb-3" style="max-width: 18rem;">
<div class="card-header">Resolved tickets | <b><?php echo $total_tickets_closed ?></b></div>
</div>
</a>
<a href="?status=%">
<div class="card text-white bg-secondary mb-3" style="max-width: 18rem;">
<div class="card-header">All my tickets | <b><?php echo $total_tickets ?></b></div>
</div>
</a>
</div>
</div> </div>
</div>
<div class="col-2">
<div class="card">
<a href="ticket_add.php" class="btn btn-primary">New ticket</a>
</div>
<hr>
<a href="?status=Open">
<div class="card text-white bg-danger mb-3" style="max-width: 18rem;">
<div class="card-header">My Open tickets | <b><?php echo $total_tickets_open ?></b></div>
</div>
</a>
<a href="?status=Closed"> <?php require_once("portal_footer.php"); ?>
<div class="card text-white bg-success mb-3" style="max-width: 18rem;">
<div class="card-header">Resolved tickets | <b><?php echo $total_tickets_closed ?></b></div>
</div>
</a>
<a href="?status=%">
<div class="card text-white bg-secondary mb-3" style="max-width: 18rem;">
<div class="card-header">All my tickets | <b><?php echo $total_tickets ?></b></div>
</div>
</a>
</div>
</div>
<?php include("portal_footer.php"); ?>

206
portal/login.php
View File

@@ -9,20 +9,20 @@ require_once('../config.php');
require_once('../functions.php'); require_once('../functions.php');
require_once ('../get_settings.php'); require_once ('../get_settings.php');
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
session_start(); session_start();
} }
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$sql_settings = mysqli_query($mysqli,"SELECT config_azure_client_id FROM settings WHERE company_id = '1'"); $sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings); $settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id']; $client_id = $settings['config_azure_client_id'];
@@ -30,119 +30,119 @@ $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE c
$company_results = mysqli_fetch_array($company_sql); $company_results = mysqli_fetch_array($company_sql);
$company_name = $company_results['company_name']; $company_name = $company_results['company_name'];
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])); $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password']; $password = $_POST['password'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['login_message'] = 'Invalid e-mail';
}
else{
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$row = mysqli_fetch_array($sql);
if($row['contact_auth_method'] == 'local'){
if(password_verify($password, $row['contact_password_hash'])){
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['login_method'] = "local";
header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
}
else{
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['login_message'] = 'Invalid e-mail';
} }
else{ else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$_SESSION['login_message'] = 'Incorrect username or password.'; $row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'local') {
if (password_verify($password, $row['contact_password_hash'])) {
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
$_SESSION['login_method'] = "local";
header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
}
else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
}
else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
} }
}
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Client Portal Login</title> <title><?php echo $company_name; ?> | Client Portal Login</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<!-- Font Awesome --> <!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style --> <!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css"> <link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro --> <!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head> </head>
<body class="hold-transition login-page"> <body class="hold-transition login-page">
<div class="login-box"> <div class="login-box">
<div class="login-logo"><b><?=$company_name?></b> <br>Client Portal Login</h2></div> <div class="login-logo"><b><?=$company_name?></b> <br>Client Portal Login</h2></div>
<div class="card"> <div class="card">
<div class="card-body login-card-body"> <div class="card-body login-card-body">
<p class="login-box-msg text-danger"> <p class="login-box-msg text-danger">
<?php <?php
if(!empty($_SESSION['login_message'])){ if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message']; echo $_SESSION['login_message'];
unset($_SESSION['login_message']); unset($_SESSION['login_message']);
} }
?> ?>
</p> </p>
<form method="post"> <form method="post">
<div class="input-group mb-3"> <div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Client Email" name="email" required autofocus> <input type="text" class="form-control" placeholder="Client Email" name="email" required autofocus>
<div class="input-group-append"> <div class="input-group-append">
<div class="input-group-text"> <div class="input-group-text">
<span class="fas fa-envelope"></span> <span class="fas fa-envelope"></span>
</div> </div>
</div> </div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Client Password" name="password" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<button type="submit" class="btn btn-success btn-block mb-3" name="login">Login</button>
<?php
if (!empty($config_smtp_host)) { ?>
<a href="login_reset.php">Forgotten password?</a>
<?php } ?>
</form>
<?php
if (!empty($client_id)) { ?>
<hr>
<div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
</div>
<?php } ?>
</div> </div>
<div class="input-group mb-3"> <!-- /.login-card-body -->
<input type="password" class="form-control" placeholder="Client Password" name="password" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<button type="submit" class="btn btn-success btn-block mb-3" name="login">Login</button>
<?php
if (!empty($config_smtp_host)) { ?>
<a href="login_reset.php">Forgotten password?</a>
<?php } ?>
</form>
<?php
if(!empty($client_id)){ ?>
<hr>
<div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
</div>
<?php } ?>
</div> </div>
<!-- /.login-card-body --> <!-- /.div.card -->
</div>
<!-- /.div.card -->
</div> </div>
<!-- /.login-box --> <!-- /.login-box -->
@@ -158,7 +158,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script> <script>
if(window.history.replaceState){ if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href); window.history.replaceState(null,null,window.location.href);
} }
</script> </script>

10
portal/login_microsoft.php
View File

@@ -31,7 +31,7 @@ $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/
// Initial Login Request, via Microsoft // Initial Login Request, via Microsoft
// Returns a authorization code if login was successful // Returns a authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET"){ if ($_SERVER['REQUEST_METHOD'] == "GET") {
$params = array ( $params = array (
'client_id' => $client_id, 'client_id' => $client_id,
@@ -47,7 +47,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET"){
// Login was successful, Microsoft has returned us a authorization code via POST // Login was successful, Microsoft has returned us a authorization code via POST
// Request an access token using authorization code (& client secret) (server side) // Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()){ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
$params = array ( $params = array (
'client_id' =>$client_id, 'client_id' =>$client_id,
@@ -70,7 +70,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// Check if we have an access token // Check if we have an access token
// If we do, send a request to Microsoft Graph API to get user info // If we do, send a request to Microsoft Graph API to get user info
if (isset($access_token_response['access_token'])){ if (isset($access_token_response['access_token'])) {
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'], curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'],
@@ -81,7 +81,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
$msgraph_response = json_decode(curl_exec($ch), 1); $msgraph_response = json_decode(curl_exec($ch), 1);
if (isset($msgraph_response['error'])){ if (isset($msgraph_response['error'])) {
// Something went wrong verifying the token/using the Graph API - quit // Something went wrong verifying the token/using the Graph API - quit
echo "Error with MS Graph API. Details:"; echo "Error with MS Graph API. Details:";
var_dump($msgraph_response['error']); var_dump($msgraph_response['error']);
@@ -119,5 +119,5 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// If the user is just sat on the page, redirect them to login to try again // If the user is just sat on the page, redirect them to login to try again
if (empty($_GET)) { if (empty($_GET)) {
echo "<script> setTimeout(function(){ window.location = \"login.php\"; },1000);</script>"; echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
} }

358
portal/login_reset.php
View File

@@ -10,22 +10,22 @@ require_once('../functions.php');
require_once('../get_settings.php'); require_once('../get_settings.php');
if (empty($config_smtp_host)) { if (empty($config_smtp_host)) {
header("Location: login.php"); header("Location: login.php");
exit(); exit();
} }
if (!isset($_SESSION)) { if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", true); ini_set("session.cookie_httponly", true);
if ($config_https_only) { if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", true); ini_set("session.cookie_secure", true);
} }
session_start(); session_start();
} }
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'"); $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
$company_results = mysqli_fetch_array($company_sql); $company_results = mysqli_fetch_array($company_sql);
@@ -35,106 +35,106 @@ DEFINE("WORDING_ERROR", "Something went wrong! Your link may have expired. Pleas
if ($_SERVER['REQUEST_METHOD'] == "POST") { if ($_SERVER['REQUEST_METHOD'] == "POST") {
/*
* Send password reset email
*/
if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$id = $row['contact_id'];
$name = $row['contact_name'];
$client = $row['contact_client_id'];
$company = $row['company_id'];
if ($row['contact_email'] == $email) {
$token = key32gen();
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send reset email
$subject = "Password reset for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
//End Mail IF
} else {
sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration
}
$_SESSION['login_message'] = "If your account exists, a reset link is on it's way!";
/* /*
* Do password reset * Send password reset email
*/ */
} elseif (isset($_POST['password_reset_set_password'])) { if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id, company_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$id = $row['contact_id'];
$name = $row['contact_name'];
$client = $row['contact_client_id'];
$company = $row['company_id'];
if ($row['contact_email'] == $email) {
$token = key32gen();
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send reset email
$subject = "Password reset for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser: $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
//End Mail IF
} else {
sleep(rand(2, 4)); // Mimic the e-mail send delay even if email is invalid to help prevent user enumeration
}
$_SESSION['login_message'] = "If your account exists, a reset link is on it's way!";
/*
* Do password reset
*/
} elseif (isset($_POST['password_reset_set_password'])) {
if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
$_SESSION['login_message'] = WORDING_ERROR;
}
$token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = $contact_row['contact_id'];
$name = $contact_row['contact_name'];
$company = $contact_row['company_id'];
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
// Redirect to login page
$_SESSION['login_message'] = "Password reset successfully!";
header("Location: login.php");
exit();
} else {
$_SESSION['login_message'] = WORDING_ERROR;
}
if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
$_SESSION['login_message'] = WORDING_ERROR;
} }
$token = strip_tags(mysqli_real_escape_string($mysqli, $_POST['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_POST['client'])));
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = $contact_row['contact_id'];
$name = $contact_row['contact_name'];
$company = $contact_row['company_id'];
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$email, $name,
$subject, $body);
// Error handling
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
// Redirect to login page
$_SESSION['login_message'] = "Password reset successfully!";
header("Location: login.php");
exit();
} else {
$_SESSION['login_message'] = WORDING_ERROR;
}
}
} }
@@ -142,110 +142,110 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $company_name; ?> | Password Reset</title> <title><?php echo $company_name; ?> | Password Reset</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<!-- Font Awesome --> <!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style --> <!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css"> <link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro --> <!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head> </head>
<body class="hold-transition login-page"> <body class="hold-transition login-page">
<div class="login-box"> <div class="login-box">
<div class="login-logo"><b><?=$company_name?></b> <br>Password Reset</h2></div> <div class="login-logo"><b><?=$company_name?></b> <br>Password Reset</h2></div>
<div class="card"> <div class="card">
<div class="card-body login-card-body"> <div class="card-body login-card-body">
<form method="post"> <form method="post">
<?php <?php
/* /*
* Password reset form * Password reset form
*/ */
if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) { if (isset($_GET['token']) && isset($_GET['email']) && isset($_GET['client'])) {
$token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token'])); $token = strip_tags(mysqli_real_escape_string($mysqli, $_GET['token']));
$email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email'])); $email = strip_tags(mysqli_real_escape_string($mysqli, $_GET['email']));
$client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client']))); $client = intval(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
$contact_row = mysqli_fetch_array($sql); $contact_row = mysqli_fetch_array($sql);
// Sanity check // Sanity check
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?> if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>
<div class="input-group mb-3"> <div class="input-group mb-3">
<input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8"> <input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">
<div class="input-group-append"> <div class="input-group-append">
<div class="input-group-text"> <div class="input-group-text">
<span class="fas fa-lock"></span> <span class="fas fa-lock"></span>
</div> </div>
</div> </div>
</div> </div>
<input type="hidden" name="token" value="<?=$token?>"> <input type="hidden" name="token" value="<?=$token?>">
<input type="hidden" name="email" value="<?=$email?>"> <input type="hidden" name="email" value="<?=$email?>">
<input type="hidden" name="client" value="<?=$client?>"> <input type="hidden" name="client" value="<?=$client?>">
<button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_set_password">Reset password</button> <button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_set_password">Reset password</button>
<?php } else { <?php } else {
$_SESSION['login_message'] = WORDING_ERROR; $_SESSION['login_message'] = WORDING_ERROR;
} }
/* /*
* Else: Just show the form to request a reset token email * Else: Just show the form to request a reset token email
*/ */
} else { ?> } else { ?>
<div class="input-group mb-3"> <div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Registered Client Email" name="email" required autofocus> <input type="text" class="form-control" placeholder="Registered Client Email" name="email" required autofocus>
<div class="input-group-append"> <div class="input-group-append">
<div class="input-group-text"> <div class="input-group-text">
<span class="fas fa-envelope"></span> <span class="fas fa-envelope"></span>
</div> </div>
</div> </div>
</div> </div>
<button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_email_request">Reset my password</button> <button type="submit" class="btn btn-success btn-block mb-3" name="password_reset_email_request">Reset my password</button>
<?php } <?php }
?> ?>
</form> </form>
<p class="login-box-msg text-danger"> <p class="login-box-msg text-danger">
<?php <?php
// Show feedback from session // Show feedback from session
if (!empty($_SESSION['login_message'])) { if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message']; echo $_SESSION['login_message'];
unset($_SESSION['login_message']); unset($_SESSION['login_message']);
} }
?> ?>
</p> </p>
<a href="login.php">Back to login</a> <a href="login.php">Back to login</a>
</div>
<!-- /.login-card-body -->
</div> </div>
<!-- /.login-card-body --> <!-- /.div.card -->
</div>
<!-- /.div.card -->
</div> </div>
<!-- /.login-box --> <!-- /.login-box -->
@@ -261,7 +261,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script> <script>
if(window.history.replaceState){ if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href); window.history.replaceState(null,null,window.location.href);
} }
</script> </script>

44
portal/portal_functions.php
View File

@@ -7,32 +7,32 @@
/* /*
* Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action * Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action
*/ */
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state){ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state) {
// Access the global variables // Access the global variables
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id; global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
// Setup // Setup
if($expected_ticket_state == "Closed"){ if ($expected_ticket_state == "Closed") {
// Closed tickets // Closed tickets
$ticket_state_snippet = "ticket_status = 'Closed'"; $ticket_state_snippet = "ticket_status = 'Closed'";
} }
else{ else {
// Open (working/hold) tickets // Open (working/hold) tickets
$ticket_state_snippet = "ticket_status != 'Closed'"; $ticket_state_snippet = "ticket_status != 'Closed'";
} }
// Verify the contact has access to the provided ticket ID // Verify the contact has access to the provided ticket ID
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$requested_ticket_id' AND $ticket_state_snippet AND ticket_client_id = '$session_client_id' LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$requested_ticket_id' AND $ticket_state_snippet AND ticket_client_id = '$session_client_id' LIMIT 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id']; $ticket_id = $row['ticket_id'];
if(intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) { if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
// Client is ticket owner, or primary contact // Client is ticket owner, or primary contact
return TRUE; return TRUE;
} }
// Client is NOT ticket owner or primary contact // Client is NOT ticket owner or primary contact
return FALSE; return FALSE;
} }

88
portal/portal_header.php
View File

@@ -8,61 +8,61 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title> <title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<!-- Font Awesome --> <!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style --> <!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css"> <link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro --> <!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head> </head>
<!-- Navbar --> <!-- Navbar -->
<nav class="navbar navbar-expand-lg navbar-dark bg-dark"> <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container"> <div class="container">
<a class="navbar-brand" href="index.php"><?php echo $config_app_name ?></a> <a class="navbar-brand" href="index.php"><?php echo $config_app_name ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span> <span class="navbar-toggler-icon"></span>
</button> </button>
<div class="collapse navbar-collapse" id="navbarSupportedContent"> <div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto"> <ul class="navbar-nav mr-auto">
<li class="nav-item <?php if(basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>"> <li class="nav-item <?php if (basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>">
<a class="nav-link" href="index.php">Home</a> <a class="nav-link" href="index.php">Home</a>
</li> </li>
<?php if($session_contact_id == $session_client_primary_contact_id) { ?> <?php if ($session_contact_id == $session_client_primary_contact_id) { ?>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="ticket_view_all.php">All Tickets</a> <a class="nav-link" href="ticket_view_all.php">All Tickets</a>
</li> </li>
<?php } ?> <?php } ?>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="ticket_add.php">New Ticket</a> <a class="nav-link" href="ticket_add.php">New Ticket</a>
</li> </li>
</ul> </ul>
<ul class="nav navbar-nav pull-right"> <ul class="nav navbar-nav pull-right">
<li class="nav-item dropdown"> <li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<?php echo $session_contact_name ?> <?php echo $session_contact_name ?>
</a> </a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown"> <div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="profile.php">Profile</a> <a class="dropdown-item" href="profile.php">Profile</a>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item" href="portal_post.php?logout">Logout</a> <a class="dropdown-item" href="portal_post.php?logout">Logout</a>
</div> </div>
</li> </li>
</ul> </ul>
</div>
</div> </div>
</div>
</nav> </nav>
<br> <br>

40
portal/profile.php
View File

@@ -12,30 +12,30 @@ require('inc_portal.php');
<p>Name: <?php echo $session_contact_name ?></p> <p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p> <p>Email: <?php echo $session_contact_email ?></p>
<p>Client: <?php echo $session_client_name ?></p> <p>Client: <?php echo $session_client_name ?></p>
<p>Client Primary Contact: <?php if($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p> <p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Login via: <?php echo $_SESSION['login_method'] ?> </p> <p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
<!-- // Show option to change password if auth provider is local --> <!-- // Show option to change password if auth provider is local -->
<?php if($_SESSION['login_method'] == 'local'): ?> <?php if ($_SESSION['login_method'] == 'local'): ?>
<hr> <hr>
<div class="col-md-6"> <div class="col-md-6">
<h4>Password</h4> <h4>Password</h4>
<form action="portal_post.php" method="post" autocomplete="off"> <form action="portal_post.php" method="post" autocomplete="off">
<div class="form-group"> <div class="form-group">
<label>New Password</label> <label>New Password</label>
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div> </div>
<input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password"> <input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
</div> </div>
</div> </div>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button> <button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save password</button>
</form> </form>
</div> </div>
<?php endif ?> <?php endif ?>
<?php <?php
include('portal_footer.php'); require_once('portal_footer.php');

2
portal/ticket.php
View File

@@ -133,7 +133,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<div class="media-body"> <div class="media-body">
<?php echo $ticket_reply_by_display; ?> <?php echo $ticket_reply_by_display; ?>
<br> <br>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "(edited: $ticket_reply_updated_at)"; } ?></small> <small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if (!empty($ticket_reply_updated_at)) { echo "(edited: $ticket_reply_updated_at)"; } ?></small>
</div> </div>
</div> </div>
</h3> </h3>

72
portal/ticket_add.php
View File

@@ -7,44 +7,44 @@
require('inc_portal.php'); require('inc_portal.php');
?> ?>
<h2>Raise a new ticket</h2> <h2>Raise a new ticket</h2>
<div class="col-8"> <div class="col-8">
<form action="portal_post.php" method="post"> <form action="portal_post.php" method="post">
<div class="form-group"> <div class="form-group">
<label>Subject <strong class="text-danger">*</strong></label> <label>Subject <strong class="text-danger">*</strong></label>
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div> </div>
<input type="text" class="form-control" name="subject" placeholder="Subject" required> <input type="text" class="form-control" name="subject" placeholder="Subject" required>
</div> </div>
</div>
<div class="form-group">
<label>Priority <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="priority" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Details <strong class="text-danger">*</strong></label>
<textarea class="form-control" rows="4" name="details" required></textarea>
</div>
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form>
</div> </div>
<div class="form-group">
<label>Priority <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="priority" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Details <strong class="text-danger">*</strong></label>
<textarea class="form-control" rows="4" name="details" required></textarea>
</div>
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form>
</div>
<?php <?php
include('portal_footer.php'); require_once('portal_footer.php');

96
portal/ticket_view_all.php
View File

@@ -6,67 +6,67 @@
require('inc_portal.php'); require('inc_portal.php');
if($session_contact_id !== $session_client_primary_contact_id){ if ($session_contact_id !== $session_client_primary_contact_id) {
header("Location: portal_post.php?logout"); header("Location: portal_post.php?logout");
exit(); exit();
} }
// Ticket status from GET // Ticket status from GET
if (!isset($_GET['status'])) { if (!isset($_GET['status'])) {
// If nothing is set, assume we only want to see open tickets // If nothing is set, assume we only want to see open tickets
$status = 'Open'; $status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'"; $ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') { } elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') {
$status = 'Open'; $status = 'Open';
$ticket_status_snippet = "ticket_status != 'Closed'"; $ticket_status_snippet = "ticket_status != 'Closed'";
} elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') { } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed'; $status = 'Closed';
$ticket_status_snippet = "ticket_status = 'Closed'"; $ticket_status_snippet = "ticket_status = 'Closed'";
} else { } else {
$status = '%'; $status = '%';
$ticket_status_snippet = "ticket_status LIKE '%'"; $ticket_status_snippet = "ticket_status LIKE '%'";
} }
$all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC"); $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_client_id = '$session_client_id' ORDER BY ticket_id DESC");
?> ?>
<h2>All tickets</h2> <h2>All tickets</h2>
<div class="col-md-2"> <div class="col-md-2">
<div class="form-group"> <div class="form-group">
<form method="get"> <form method="get">
<label>Ticket Status</label> <label>Ticket Status</label>
<select class="form-control" name="status" onchange="this.form.submit()"> <select class="form-control" name="status" onchange="this.form.submit()">
<option value="%" <?php if($status == "%"){echo "selected";}?> >Any</option> <option value="%" <?php if ($status == "%") {echo "selected";}?> >Any</option>
<option value="Open" <?php if($status == "Open"){echo "selected";}?> >Open</option> <option value="Open" <?php if ($status == "Open") {echo "selected";}?> >Open</option>
<option value="Closed" <?php if($status == "Closed"){echo "selected";}?> >Closed</option> <option value="Closed" <?php if ($status == "Closed") {echo "selected";}?> >Closed</option>
</select> </select>
</form> </form>
</div>
</div> </div>
</div> <table class="table">
<table class="table"> <thead>
<thead> <tr>
<tr> <th scope="col">#</th>
<th scope="col">#</th> <th scope="col">Subject</th>
<th scope="col">Subject</th> <th scope="col">Contact</th>
<th scope="col">Contact</th> <th scope="col">Status</th>
<th scope="col">Status</th> </tr>
</tr> </thead>
</thead> <tbody>
<tbody>
<?php <?php
while($ticket = mysqli_fetch_array($all_tickets)){ while ($ticket = mysqli_fetch_array($all_tickets)) {
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[contact_name]</td>"; echo "<td>$ticket[contact_name]</td>";
echo "<td>$ticket[ticket_status]</td>"; echo "<td>$ticket[ticket_status]</td>";
echo "</tr>"; echo "</tr>";
} }
?> ?>
</tbody> </tbody>
</table> </table>
</div> </div>
<?php <?php
include('portal_footer.php'); require_once('portal_footer.php');