From f2dedbf8e8e9ba925eafb718a220be186bff5c65 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Tue, 22 Oct 2024 23:53:14 -0400
Subject: [PATCH] Cmplete Migrate Contact Users to Users

---
 check_login.php            |  35 ++---------
 client_contact_details.php |   3 +-
 client_contacts.php        |   6 +-
 database_updates.php       |  38 +++++++++++-
 database_version.php       |   2 +-
 db.sql                     |   9 ++-
 portal/check_login.php     |   1 +
 portal/login.php           |  11 ++--
 portal/login_microsoft.php |   7 ++-
 portal/login_reset.php     |  28 +++++----
 post/user/contact.php      | 124 +++++++++++++++++++++----------------
 11 files changed, 148 insertions(+), 116 deletions(-)

diff --git a/check_login.php b/check_login.php
index 982c2f47..c2162dbb 100644
--- a/check_login.php
+++ b/check_login.php
@@ -38,35 +38,12 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
 
 $session_user_id = intval($_SESSION['user_id']);
 
-//REMOVE After everyone has updated
-$column_check_query = "
-    SELECT COUNT(*)
-    FROM INFORMATION_SCHEMA.COLUMNS 
-    WHERE TABLE_NAME = 'users' 
-      AND COLUMN_NAME = 'user_type'
-";
-
-$result = mysqli_query($mysqli, $column_check_query);
-$column_exists = mysqli_fetch_row($result)[0] > 0;
-
-if ($column_exists) {
-    $sql = mysqli_query(
-        $mysqli,
-        "SELECT * FROM users
-        LEFT JOIN user_settings ON users.user_id = user_settings.user_id
-        LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
-        WHERE user_type = 1 
-        AND users.user_id = $session_user_id"
-    );
-} else {
-    $sql = mysqli_query(
-        $mysqli,
-        "SELECT * FROM users
-        LEFT JOIN user_settings ON users.user_id = user_settings.user_id
-        LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
-        WHERE users.user_id = $session_user_id"
-    );
-}
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT * FROM users
+    LEFT JOIN user_settings ON users.user_id = user_settings.user_id
+    LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
+    WHERE users.user_id = $session_user_id");
 
 $row = mysqli_fetch_array($sql);
 $session_name = sanitizeInput($row['user_name']);
diff --git a/client_contact_details.php b/client_contact_details.php
index 70b1861c..82acfa8e 100644
--- a/client_contact_details.php
+++ b/client_contact_details.php
@@ -8,6 +8,7 @@ if (isset($_GET['contact_id'])) {
 
     $sql = mysqli_query($mysqli, "SELECT * FROM contacts 
         LEFT JOIN locations ON location_id = contact_location_id
+        LEFT JOIN users ON user_id = contact_user_id
         WHERE contact_id = $contact_id
     ");
 
@@ -30,7 +31,7 @@ if (isset($_GET['contact_id'])) {
     $contact_created_at = nullable_htmlentities($row['contact_created_at']);
     $contact_location_id = intval($row['contact_location_id']);
     $location_name = nullable_htmlentities($row['location_name']);
-    $auth_method = nullable_htmlentities($row['contact_auth_method']);
+    $auth_method = nullable_htmlentities($row['user_auth_method']);
     $contact_client_id = intval($row['contact_client_id']);
 
     // Check to see if Contact belongs to client
diff --git a/client_contacts.php b/client_contacts.php
index 4e8e5f7f..57741d43 100644
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -35,8 +35,9 @@ if (isset($_GET['location']) & !empty($_GET['location'])) {
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);
 
-$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS contacts.*, locations.*, GROUP_CONCAT(tags.tag_name) FROM contacts
+$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS contacts.*, locations.*, users.*, GROUP_CONCAT(tags.tag_name) FROM contacts
     LEFT JOIN locations ON location_id = contact_location_id
+    LEFT JOIN users ON user_id = contact_user_id
     LEFT JOIN contact_tags ON contact_tags.contact_id = contacts.contact_id
     LEFT JOIN tags ON tags.tag_id = contact_tags.tag_id
     WHERE contact_$archive_query
@@ -290,7 +291,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                             } else {
                                 $location_name_display = $location_name;
                             }
-                            $auth_method = nullable_htmlentities($row['contact_auth_method']);
+                            $auth_method = nullable_htmlentities($row['user_auth_method']);
+                            $contact_user_id = intval($row['contact_user_id']);
 
                             // Related Assets Query
                             $sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_id DESC");
diff --git a/database_updates.php b/database_updates.php
index 99c8a1ed..2467dab9 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -2252,10 +2252,42 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.6'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '1.5.6') {
-    //     // Insert queries here required to update to DB version 1.5.7
+    if (CURRENT_DATABASE_VERSION == '1.5.6') {
+        mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_auth_method` VARCHAR(200) NOT NULL DEFAULT 'local' AFTER `user_password`");
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.7'");
+    }
+
+    if (CURRENT_DATABASE_VERSION == '1.5.7') {
+        // Create Users for contacts that have logins enabled and that are not archived
+        $contacts_sql = mysqli_query($mysqli, "SELECT * FROM `contacts` WHERE contact_archived_at IS NULL AND (contact_auth_method = 'local' OR contact_auth_method = 'azure')");
+        while($row = mysqli_fetch_array($contacts_sql)) {
+            $contact_id = intval($row['contact_id']);
+            $contact_name = mysqli_real_escape_string($mysqli, $row['contact_name']);
+            $contact_email = mysqli_real_escape_string($mysqli, $row['contact_email']);
+            $contact_password_hash = mysqli_real_escape_string($mysqli, $row['contact_password_hash']);
+            $contact_auth_method = mysqli_real_escape_string($mysqli, $row['contact_auth_method']);
+
+            mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$contact_password_hash', user_auth_method = '$contact_auth_method', user_type = 2");
+
+            $user_id = mysqli_insert_id($mysqli);
+
+            mysqli_query($mysqli, "UPDATE `contacts` SET `contact_user_id` = $user_id WHERE contact_id = $contact_id");
+        }
+
+        // Drop Login Related fields from contacts tables as everyone who has a login has been moved over
+        mysqli_query($mysqli, "ALTER TABLE `contacts` DROP `contact_auth_method`, DROP `contact_password_hash`, DROP `contact_password_reset_token`, DROP `contact_token_expire`");
+
+        // Add Password Reset Tokens to users tables
+        mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_password_reset_token` VARCHAR(200) NULL DEFAULT NULL AFTER `user_token`");
+        mysqli_query($mysqli, "ALTER TABLE `users` ADD `user_password_reset_token_expire` DATETIME NULL DEFAULT NULL AFTER `user_password_reset_token`");
+
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.8'");
+    }
+
+    // if (CURRENT_DATABASE_VERSION == '1.5.8') {
+    //     // Insert queries here required to update to DB version 1.5.9
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.7'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.9'");
     // }
 
 } else {
diff --git a/database_version.php b/database_version.php
index d8066879..d467c5d5 100644
--- a/database_version.php
+++ b/database_version.php
@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "1.5.6");
+DEFINE("LATEST_DATABASE_VERSION", "1.5.8");
diff --git a/db.sql b/db.sql
index c91de864..2c8ebd0c 100644
--- a/db.sql
+++ b/db.sql
@@ -406,10 +406,6 @@ CREATE TABLE `contacts` (
   `contact_photo` varchar(200) DEFAULT NULL,
   `contact_pin` varchar(255) DEFAULT NULL,
   `contact_notes` text DEFAULT NULL,
-  `contact_auth_method` varchar(200) DEFAULT NULL,
-  `contact_password_hash` varchar(200) DEFAULT NULL,
-  `contact_password_reset_token` varchar(200) DEFAULT NULL,
-  `contact_token_expire` datetime DEFAULT NULL,
   `contact_primary` tinyint(1) NOT NULL DEFAULT 0,
   `contact_important` tinyint(1) NOT NULL DEFAULT 0,
   `contact_billing` tinyint(1) DEFAULT 0,
@@ -2016,9 +2012,12 @@ CREATE TABLE `users` (
   `user_name` varchar(200) NOT NULL,
   `user_email` varchar(200) NOT NULL,
   `user_password` varchar(200) NOT NULL,
+  `user_auth_method` varchar(200) NOT NULL DEFAULT 'local',
   `user_type` tinyint(1) NOT NULL DEFAULT 1,
   `user_status` tinyint(1) NOT NULL DEFAULT 1,
   `user_token` varchar(200) DEFAULT NULL,
+  `user_password_reset_token` varchar(200) DEFAULT NULL,
+  `user_password_reset_token_expire` datetime DEFAULT NULL,
   `user_avatar` varchar(200) DEFAULT NULL,
   `user_specific_encryption_ciphertext` varchar(200) DEFAULT NULL,
   `user_php_session` varchar(255) DEFAULT NULL,
@@ -2113,4 +2112,4 @@ CREATE TABLE `vendors` (
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2024-10-22 16:33:28
+-- Dump completed on 2024-10-22 23:52:12
diff --git a/portal/check_login.php b/portal/check_login.php
index 898f4e2f..a3745149 100644
--- a/portal/check_login.php
+++ b/portal/check_login.php
@@ -31,6 +31,7 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
 // Get info from session
 $session_client_id = intval($_SESSION['client_id']);
 $session_contact_id = intval($_SESSION['contact_id']);
+$session_contact_user_id = intval($_SESSION['contact_user_id']);
 
 
 // Get company info from database
diff --git a/portal/login.php b/portal/login.php
index b798f713..a7380c03 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -53,22 +53,23 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
         header("HTTP/1.1 401 Unauthorized");
         $_SESSION['login_message'] = 'Invalid e-mail';
     } else {
-        $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_archived_at IS NULL LIMIT 1");
+        $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
         $row = mysqli_fetch_array($sql);
-        if ($row['contact_auth_method'] == 'local') {
-            if (password_verify($password, $row['contact_password_hash'])) {
+        if ($row['user_auth_method'] == 'local') {
+            if (password_verify($password, $row['user_password'])) {
 
                 $_SESSION['client_logged_in'] = true;
                 $_SESSION['client_id'] = intval($row['contact_client_id']);
+                $_SESSION['user_id'] = intval($row['user_id']);
                 $_SESSION['contact_id'] = intval($row['contact_id']);
                 $_SESSION['login_method'] = "local";
 
                 header("Location: index.php");
 
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
 
             } else {
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent'");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email (incorrect password for contact ID $row[contact_id])', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
                 header("HTTP/1.1 401 Unauthorized");
                 $_SESSION['login_message'] = 'Incorrect username or password.';
             }
diff --git a/portal/login_microsoft.php b/portal/login_microsoft.php
index 75a72740..c64b6b38 100644
--- a/portal/login_microsoft.php
+++ b/portal/login_microsoft.php
@@ -99,16 +99,17 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
 
             $upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
 
-            $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$upn' LIMIT 1");
+            $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$upn' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
             $row = mysqli_fetch_array($sql);
-            if ($row['contact_auth_method'] == 'azure') {
+            if ($row['user_auth_method'] == 'azure') {
 
                 $_SESSION['client_logged_in'] = true;
                 $_SESSION['client_id'] = $row['contact_client_id'];
+                $_SESSION['user_id'] = $row['user_id'];
                 $_SESSION['contact_id'] = $row['contact_id'];
                 $_SESSION['login_method'] = "azure";
 
-                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id]");
+                mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $upn successfully logged in via Azure', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $row[contact_client_id], log_user_id = $row[user_id]");
 
                 header("Location: index.php");
 
diff --git a/portal/login_reset.php b/portal/login_reset.php
index 76e70fd6..513826d2 100644
--- a/portal/login_reset.php
+++ b/portal/login_reset.php
@@ -65,17 +65,18 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 
         $email = sanitizeInput($_POST['email']);
 
-        $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' AND contact_archived_at IS NULL LIMIT 1");
+        $sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, user_email, contact_client_id, user_id FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_auth_method = 'local' AND user_type = 2 AND user_status = 1 AND user_archived_at IS NULL LIMIT 1");
         $row = mysqli_fetch_assoc($sql);
 
-        if ($row['contact_email'] == $email) {
+        if ($row['user_email'] == $email) {
             $id = intval($row['contact_id']);
+            $user_id = intval($row['user_id']);
             $name = sanitizeInput($row['contact_name']);
             $client = intval($row['contact_client_id']);
 
             $token = randomString(156);
             $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
-            mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
+            mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = '$token' WHERE user_id = $user_id LIMIT 1");
             mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");
 
             // Send reset email
@@ -118,18 +119,19 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
         $client = intval($_POST['client']);
 
         // Query user
-        $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' AND contact_archived_at IS NULL LIMIT 1");
-        $contact_row = mysqli_fetch_array($sql);
-        $contact_id = intval($contact_row['contact_id']);
-        $name = sanitizeInput($contact_row['contact_name']);
+        $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_password_reset_token = '$token' AND contact_client_id = $client AND user_auth_method = 'local' AND user_type = 2 AND user_status = 1 AND user_archived_at IS NULL LIMIT 1");
+        $user_row = mysqli_fetch_array($sql);
+        $contact_id = intval($user_row['contact_id']);
+        $user_id = intval($user_row['user_id']);
+        $name = sanitizeInput($user_row['contact_name']);
 
         // Ensure the token is correct
-        if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
+        if (sha1($user_row['user_password_reset_token']) == sha1($token)) {
 
             // Set password, invalidate token, logging
             $password = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
-            mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");
+            mysqli_query($mysqli, "UPDATE users SET user_password = '$password', user_password_reset_token = NULL WHERE user_id = $user_id LIMIT 1");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact User', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client, log_user_id = $user_id");
 
             // Send confirmation email
             $subject = "Password reset confirmation for $company_name Client Portal";
@@ -217,11 +219,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
                     $email = sanitizeInput($_GET['email']);
                     $client = intval($_GET['client']);
 
-                    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
-                    $contact_row = mysqli_fetch_array($sql);
+                    $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_password_reset_token = '$token' AND contact_client_id = $client LIMIT 1");
+                    $user_row = mysqli_fetch_array($sql);
 
                     // Sanity check
-                    if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) { ?>
+                    if (sha1($user_row['user_password_reset_token']) == sha1($token)) { ?>
 
                         <div class="input-group mb-3">
                             <input type="password" class="form-control" placeholder="New Password" name="new_password" required minlength="8">
diff --git a/post/user/contact.php b/post/user/contact.php
index 44b1a41d..0ac7ccb1 100644
--- a/post/user/contact.php
+++ b/post/user/contact.php
@@ -10,15 +10,24 @@ if (isset($_POST['add_contact'])) {
 
     require_once 'post/user/contact_model.php';
 
-    // Set password
-    if (!empty($_POST['contact_password'])) {
-        $password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
-    } else {
-        // Set a random password
-        $password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
+    // Create User Account
+    $user_id = 0;
+    if ($name && $email && $auth_method) {
+
+        // Set password
+        if (!empty($_POST['contact_password'])) {
+            $password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
+        } else {
+            // Set a random password
+            $password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
+        }
+
+        mysqli_query($mysqli, "INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password_hash', user_auth_method = '$auth_method', user_type = 2");
+
+        $user_id = mysqli_insert_id($mysqli);
     }
 
-    mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_auth_method = '$auth_method', contact_password_hash = '$password_hash', contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id");
+    mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id, contact_user_id = $user_id, contact_client_id = $client_id");
 
     $contact_id = mysqli_insert_id($mysqli);
 
@@ -74,16 +83,17 @@ if (isset($_POST['edit_contact'])) {
     $contact_id = intval($_POST['contact_id']);
     $send_email = intval($_POST['send_email']);
 
-    // Get Exisiting Contact Photo
-    $sql = mysqli_query($mysqli,"SELECT contact_photo FROM contacts WHERE contact_id = $contact_id");
+    // Get Exisiting Contact Photo and contact_user_id
+    $sql = mysqli_query($mysqli,"SELECT contact_photo, contact_user_id FROM contacts WHERE contact_id = $contact_id");
     $row = mysqli_fetch_array($sql);
     $existing_file_name = sanitizeInput($row['contact_photo']);
+    $contact_user_id = intval($row['contact_user_id']);
 
     if (!file_exists("uploads/clients/$client_id")) {
         mkdir("uploads/clients/$client_id");
     }
 
-    mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_auth_method = '$auth_method', contact_department = '$department', contact_location_id = $location_id WHERE contact_id = $contact_id");
+    mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id WHERE contact_id = $contact_id");
 
     // Upload Photo
     if ($_FILES['file']['tmp_name']) {
@@ -119,55 +129,61 @@ if (isset($_POST['edit_contact'])) {
         mysqli_query($mysqli,"UPDATE contacts SET contact_primary = 1, contact_important = 1 WHERE contact_id = $contact_id");
     }
 
-    // Set password
-    if (!empty($_POST['contact_password'])) {
-        $password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
-        mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = $contact_id AND contact_client_id = $client_id");
-    }
+    if ($contact_user_id > 0) {
 
-    // Send contact a welcome e-mail, if specified
-    if ($send_email && !empty($auth_method) && !empty($config_smtp_host)) {
+        mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email', user_auth_method = '$auth_method' WHERE user_id = $contact_user_id");
 
-        // Sanitize Config vars from get_settings.php
-        $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
-        $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
-        $config_mail_from_email = sanitizeInput($config_mail_from_email);
-        $config_mail_from_name = sanitizeInput($config_mail_from_name);
-        $config_base_url = sanitizeInput($config_base_url);
-
-        // Get Company Phone Number
-        $sql = mysqli_query($mysqli,"SELECT company_name, company_phone FROM companies WHERE company_id = 1");
-        $row = mysqli_fetch_array($sql);
-        $company_name = sanitizeInput($row['company_name']);
-        $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
-
-        // Authentication info (azure, reset password, or tech-provided temporary password)
-
-        if ($auth_method == 'azure') {
-            $password_info = "Login with your Microsoft (Azure AD) account.";
-        } elseif (empty($_POST['contact_password'])) {
-            $password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
-        } else {
-            $password_info = mysqli_real_escape_string($mysqli, $_POST['contact_password'] . " -- Please change on first login");
+        // Set password
+        if ($_POST['contact_password']) {
+            $password_hash = password_hash(trim($_POST['contact_password']), PASSWORD_DEFAULT);
+            mysqli_query($mysqli, "UPDATE users SET user_password = '$password_hash' WHERE user_id = $contact_user_id");
         }
 
-        $subject = "Your new $company_name portal account";
-        $body = "Hello $name,<br><br>$company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
+        // Send contact a welcome e-mail, if specified
+        if ($send_email && $auth_method && $config_smtp_host) {
 
-        // Queue Mail
-        $data = [
-            [
-                'from' => $config_mail_from_email,
-                'from_name' => $config_mail_from_name,
-                'recipient' => $email,
-                'recipient_name' => $name,
-                'subject' => $subject,
-                'body' => $body,
-            ]
-        ];
-        addToMailQueue($mysqli, $data);
-        // Get Email ID for reference
-        $email_id = mysqli_insert_id($mysqli);
+            // Sanitize Config vars from get_settings.php
+            $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+            $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+            $config_mail_from_email = sanitizeInput($config_mail_from_email);
+            $config_mail_from_name = sanitizeInput($config_mail_from_name);
+            $config_base_url = sanitizeInput($config_base_url);
+
+            // Get Company Phone Number
+            $sql = mysqli_query($mysqli,"SELECT company_name, company_phone FROM companies WHERE company_id = 1");
+            $row = mysqli_fetch_array($sql);
+            $company_name = sanitizeInput($row['company_name']);
+            $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
+
+            // Authentication info (azure, reset password, or tech-provided temporary password)
+
+            if ($auth_method == 'azure') {
+                $password_info = "Login with your Microsoft (Azure AD) account.";
+            } elseif (empty($_POST['contact_password'])) {
+                $password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
+            } else {
+                $password_info = mysqli_real_escape_string($mysqli, $_POST['contact_password'] . " -- Please change on first login");
+            }
+
+            $subject = "Your new $company_name portal account";
+            $body = "Hello $name,<br><br>$company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
+
+            // Queue Mail
+            $data = [
+                [
+                    'from' => $config_mail_from_email,
+                    'from_name' => $config_mail_from_name,
+                    'recipient' => $email,
+                    'recipient_name' => $name,
+                    'subject' => $subject,
+                    'body' => $body,
+                ]
+            ];
+            addToMailQueue($mysqli, $data);
+            // Get Email ID for reference
+            $email_id = mysqli_insert_id($mysqli);
+
+        }
 
     }