AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cmplete Migrate Contact Users to Users

This commit is contained in:
johnnyq 2024-10-22 23:53:14 -04:00
parent ee19e1b967
commit f2dedbf8e8
11 changed files with 148 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
check_login.php
View File

@ -38,35 +38,12 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$session_user_id = intval($_SESSION['user_id']);
//REMOVE After everyone has updated
$column_check_query = "
SELECT COUNT(*)
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_NAME = 'users'
AND COLUMN_NAME = 'user_type'
";
$result = mysqli_query($mysqli, $column_check_query);
$column_exists = mysqli_fetch_row($result)[0] > 0;
if ($column_exists) {
$sql = mysqli_query(
$mysqli,
"SELECT * FROM users
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
WHERE user_type = 1
AND users.user_id = $session_user_id"
);
} else {
$sql = mysqli_query(
$mysqli,
"SELECT * FROM users
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
WHERE users.user_id = $session_user_id"
);
}
$sql = mysqli_query(
$mysqli,
"SELECT * FROM users
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
WHERE users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = sanitizeInput($row['user_name']);

3
client_contact_details.php
View File

@ -8,6 +8,7 @@ if (isset($_GET['contact_id'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts
LEFT JOIN locations ON location_id = contact_location_id
LEFT JOIN users ON user_id = contact_user_id
WHERE contact_id = $contact_id
");
@ -30,7 +31,7 @@ if (isset($_GET['contact_id'])) {
$contact_created_at = nullable_htmlentities($row['contact_created_at']);
$contact_location_id = intval($row['contact_location_id']);
$location_name = nullable_htmlentities($row['location_name']);
$auth_method = nullable_htmlentities($row['contact_auth_method']);
$auth_method = nullable_htmlentities($row['user_auth_method']);
$contact_client_id = intval($row['contact_client_id']);
// Check to see if Contact belongs to client

6
client_contacts.php
View File

@ -35,8 +35,9 @@ if (isset($_GET['location']) & !empty($_GET['location'])) {
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);
$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS contacts.*, locations.*, GROUP_CONCAT(tags.tag_name) FROM contacts
$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS contacts.*, locations.*, users.*, GROUP_CONCAT(tags.tag_name) FROM contacts
LEFT JOIN locations ON location_id = contact_location_id
LEFT JOIN users ON user_id = contact_user_id
LEFT JOIN contact_tags ON contact_tags.contact_id = contacts.contact_id
LEFT JOIN tags ON tags.tag_id = contact_tags.tag_id
WHERE contact_$archive_query
@ -290,7 +291,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
} else {
$location_name_display = $location_name;
}
$auth_method = nullable_htmlentities($row['contact_auth_method']);
$auth_method = nullable_htmlentities($row['user_auth_method']);
$contact_user_id = intval($row['contact_user_id']);
// Related Assets Query
$sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC");

38
database_updates.php
View File

@ -2252,10 +2252,42 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.6'");
}
// if (CURRENT_DATABASE_VERSION == '1.5.6') {
// // Insert queries here required to update to DB version 1.5.7
if (CURRENT_DATABASE_VERSION == '1.5.6') {
mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_auth_method` VARCHAR(200) NOT NULL DEFAULT 'local' AFTER `user_password`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.7'");
}
if (CURRENT_DATABASE_VERSION == '1.5.7') {
// Create Users for contacts that have logins enabled and that are not archived
$contacts_sql = mysqli_query($mysqli, "SELECT * FROM `contacts` WHERE contact_archived_at IS NULL AND (contact_auth_method = 'local' OR contact_auth_method = 'azure')");
while($row = mysqli_fetch_array($contacts_sql)) {
$contact_id = intval($row['contact_id']);
$contact_name = mysqli_real_escape_string($mysqli, $row['contact_name']);
$contact_email = mysqli_real_escape_string($mysqli, $row['contact_email']);
$contact_password_hash = mysqli_real_escape_string($mysqli, $row['contact_password_hash']);
$contact_auth_method = mysqli_real_escape_string($mysqli, $row['contact_auth_method']);
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$contact_password_hash', user_auth_method = '$contact_auth_method', user_type = 2");
$user_id = mysqli_insert_id($mysqli);
mysqli_query($mysqli, "UPDATE `contacts` SET `contact_user_id` = $user_id WHERE contact_id = $contact_id");
}
// Drop Login Related fields from contacts tables as everyone who has a login has been moved over
mysqli_query($mysqli, "ALTER TABLE `contacts` DROP `contact_auth_method`, DROP `contact_password_hash`, DROP `contact_password_reset_token`, DROP `contact_token_expire`");
// Add Password Reset Tokens to users tables
mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_password_reset_token` VARCHAR(200) NULL DEFAULT NULL AFTER `user_token`");
mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_password_reset_token_expire` DATETIME NULL DEFAULT NULL AFTER `user_password_reset_token`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.8'");
}
// if (CURRENT_DATABASE_VERSION == '1.5.8') {
// // Insert queries here required to update to DB version 1.5.9
// // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.7'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.9'");
// }
} else {

2
database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "1.5.6");
DEFINE("LATEST_DATABASE_VERSION", "1.5.8");

9
db.sql
View File

@ -406,10 +406,6 @@ CREATE TABLE `contacts` (
`contact_photo` varchar(200) DEFAULT NULL,
`contact_pin` varchar(255) DEFAULT NULL,
`contact_notes` text DEFAULT NULL,
`contact_auth_method` varchar(200) DEFAULT NULL,
`contact_password_hash` varchar(200) DEFAULT NULL,
`contact_password_reset_token` varchar(200) DEFAULT NULL,
`contact_token_expire` datetime DEFAULT NULL,
`contact_primary` tinyint(1) NOT NULL DEFAULT 0,
`contact_important` tinyint(1) NOT NULL DEFAULT 0,
`contact_billing` tinyint(1) DEFAULT 0,
@ -2016,9 +2012,12 @@ CREATE TABLE `users` (
`user_name` varchar(200) NOT NULL,
`user_email` varchar(200) NOT NULL,
`user_password` varchar(200) NOT NULL,
`user_auth_method` varchar(200) NOT NULL DEFAULT 'local',
`user_type` tinyint(1) NOT NULL DEFAULT 1,
`user_status` tinyint(1) NOT NULL DEFAULT 1,
`user_token` varchar(200) DEFAULT NULL,
`user_password_reset_token` varchar(200) DEFAULT NULL,
`user_password_reset_token_expire` datetime DEFAULT NULL,
`user_avatar` varchar(200) DEFAULT NULL,
`user_specific_encryption_ciphertext` varchar(200) DEFAULT NULL,
`user_php_session` varchar(255) DEFAULT NULL,
@ -2113,4 +2112,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2024-10-22 16:33:28
-- Dump completed on 2024-10-22 23:52:12

1
portal/check_login.php
View File

@ -31,6 +31,7 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Get info from session
$session_client_id = intval($_SESSION['client_id']);
$session_contact_id = intval($_SESSION['contact_id']);
$session_contact_user_id = intval($_SESSION['contact_user_id']);
// Get company info from database

11
portal/login.php
View File

@ -53,22 +53,23 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Invalid e-mail';
} else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_archived_at IS NULL LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
$row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'local') {
if (password_verify($password, $row['contact_password_hash'])) {
if ($row['user_auth_method'] == 'local') {
if (password_verify($password, $row['user_password'])) {
$_SESSION['client_logged_in'] = true;
$_SESSION['client_id'] = intval($row['contact_client_id']);
$_SESSION['user_id'] = intval($row['user_id']);
$_SESSION['contact_id'] = intval($row['contact_id']);
$_SESSION['login_method'] = "local";
header("Location: index.php");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
} else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
header("HTTP/1.1 401 Unauthorized");
$_SESSION['login_message'] = 'Incorrect username or password.';
}

7
portal/login_microsoft.php
View File

@ -99,16 +99,17 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
$upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$upn' LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$upn' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
$row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'azure') {
if ($row['user_auth_method'] == 'azure') {
$_SESSION['client_logged_in'] = true;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['login_method'] = "azure";
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
header("Location: index.php");

28
portal/login_reset.php
View File

@ -65,17 +65,18 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$email = sanitizeInput($_POST['email']);
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' AND contact_archived_at IS NULL LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, user_email, contact_client_id, user_id FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_auth_method = 'local' AND user_type = 2 AND user_status = 1 AND user_archived_at IS NULL LIMIT 1");
$row = mysqli_fetch_assoc($sql);
if ($row['contact_email'] == $email) {
if ($row['user_email'] == $email) {
$id = intval($row['contact_id']);
$user_id = intval($row['user_id']);
$name = sanitizeInput($row['contact_name']);
$client = intval($row['contact_client_id']);
$token = randomString(156);
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = '$token' WHERE user_id = $user_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");
// Send reset email
@ -118,18 +119,19 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$client = intval($_POST['client']);
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' AND contact_archived_at IS NULL LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = intval($contact_row['contact_id']);
$name = sanitizeInput($contact_row['contact_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_password_reset_token = '$token' AND contact_client_id = $client AND user_auth_method = 'local' AND user_type = 2 AND user_status = 1 AND user_archived_at IS NULL LIMIT 1");
$user_row = mysqli_fetch_array($sql);
$contact_id = intval($user_row['contact_id']);
$user_id = intval($user_row['user_id']);
$name = sanitizeInput($user_row['contact_name']);
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
if (sha1($user_row['user_password_reset_token']) == sha1($token)) {
// Set password, invalidate token, logging
$password = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");
mysqli_query($mysqli, "UPDATE users SET user_password = '$password', user_password_reset_token = NULL WHERE user_id = $user_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact User', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, log_user_id = $user_id");
// Send confirmation email
$subject = "Password reset confirmation for $company_name Client Portal";
@ -217,11 +219,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$email = sanitizeInput($_GET['email']);
$client = intval($_GET['client']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
$user_row = mysqli_fetch_array($sql);
// Sanity check
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>
if (sha1($user_row['user_password_reset_token']) == sha1($token)) { ?>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">

124
post/user/contact.php
View File

@ -10,15 +10,24 @@ if (isset($_POST['add_contact'])) {
require_once 'post/user/contact_model.php';
// Set password
if (!empty($_POST['contact_password'])) {
$password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
} else {
// Set a random password
$password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
// Create User Account
$user_id = 0;
if ($name && $email && $auth_method) {
// Set password
if (!empty($_POST['contact_password'])) {
$password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
} else {
// Set a random password
$password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
}
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password_hash', user_auth_method = '$auth_method', user_type = 2");
$user_id = mysqli_insert_id($mysqli);
}
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_auth_method = '$auth_method', contact_password_hash = '$password_hash', contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id");
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id, contact_user_id = $user_id, contact_client_id = $client_id");
$contact_id = mysqli_insert_id($mysqli);
@ -74,16 +83,17 @@ if (isset($_POST['edit_contact'])) {
$contact_id = intval($_POST['contact_id']);
$send_email = intval($_POST['send_email']);
// Get Exisiting Contact Photo
$sql = mysqli_query($mysqli,"SELECT contact_photo FROM contacts WHERE contact_id = $contact_id");
// Get Exisiting Contact Photo and contact_user_id
$sql = mysqli_query($mysqli,"SELECT contact_photo, contact_user_id FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['contact_photo']);
$contact_user_id = intval($row['contact_user_id']);
if (!file_exists("uploads/clients/$client_id")) {
mkdir("uploads/clients/$client_id");
}
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_auth_method = '$auth_method', contact_department = '$department', contact_location_id = $location_id WHERE contact_id = $contact_id");
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id WHERE contact_id = $contact_id");
// Upload Photo
if ($_FILES['file']['tmp_name']) {
@ -119,55 +129,61 @@ if (isset($_POST['edit_contact'])) {
mysqli_query($mysqli,"UPDATE contacts SET contact_primary = 1, contact_important = 1 WHERE contact_id = $contact_id");
}
// Set password
if (!empty($_POST['contact_password'])) {
$password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = $contact_id AND contact_client_id = $client_id");
}
if ($contact_user_id > 0) {
// Send contact a welcome e-mail, if specified
if ($send_email && !empty($auth_method) && !empty($config_smtp_host)) {
mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email', user_auth_method = '$auth_method' WHERE user_id = $contact_user_id");
// Sanitize Config vars from get_settings.php
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_base_url = sanitizeInput($config_base_url);
// Get Company Phone Number
$sql = mysqli_query($mysqli,"SELECT company_name, company_phone FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
// Authentication info (azure, reset password, or tech-provided temporary password)
if ($auth_method == 'azure') {
$password_info = "Login with your Microsoft (Azure AD) account.";
} elseif (empty($_POST['contact_password'])) {
$password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
} else {
$password_info = mysqli_real_escape_string($mysqli, $_POST['contact_password'] . " -- Please change on first login");
// Set password
if ($_POST['contact_password']) {
$password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE users SET user_password = '$password_hash' WHERE user_id = $contact_user_id");
}
$subject = "Your new $company_name portal account";
$body = "Hello $name,<br><br>$company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
// Send contact a welcome e-mail, if specified
if ($send_email && $auth_method && $config_smtp_host) {
// Queue Mail
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $email,
'recipient_name' => $name,
'subject' => $subject,
'body' => $body,
]
];
addToMailQueue($mysqli, $data);
// Get Email ID for reference
$email_id = mysqli_insert_id($mysqli);
// Sanitize Config vars from get_settings.php
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_base_url = sanitizeInput($config_base_url);
// Get Company Phone Number
$sql = mysqli_query($mysqli,"SELECT company_name, company_phone FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
// Authentication info (azure, reset password, or tech-provided temporary password)
if ($auth_method == 'azure') {
$password_info = "Login with your Microsoft (Azure AD) account.";
} elseif (empty($_POST['contact_password'])) {
$password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
} else {
$password_info = mysqli_real_escape_string($mysqli, $_POST['contact_password'] . " -- Please change on first login");
}
$subject = "Your new $company_name portal account";
$body = "Hello $name,<br><br>$company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
// Queue Mail
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $email,
'recipient_name' => $name,
'subject' => $subject,
'body' => $body,
]
];
addToMailQueue($mysqli, $data);
// Get Email ID for reference
$email_id = mysqli_insert_id($mysqli);
}
}