ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #566 from wrongecho/notifs

Browse Source 
Email notification related changes
This commit is contained in:
Johnny
2023-01-21 13:29:59 -05:00
committed by GitHub
parent 7f3ec8ccda 690aea6ab2
commit 7f2a9e04d5
11 changed files with 1107 additions and 947 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -88,7 +88,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https://
1. Install a LAMP stack (Linux, Apache, MariaDB, PHP)
```sh
sudo apt install git apache2 php libapache2-mod-php php-intl php-mysqli php-curl mariadb-server
sudo apt install git apache2 php libapache2-mod-php php-intl php-imap php-mysqli php-curl mariadb-server
```
2. Clone the repo
```sh
check_login.php
+1 -1
View File
@@ -16,7 +16,7 @@ if(!isset($config_enable_setup) || $config_enable_setup == 1){
exit;
}
if(!$_SESSION['logged']){
if(!isset($_SESSION['logged']) || !$_SESSION['logged']){
header("Location: login.php");
die;
}
cron.php
+40
View File
@@ -32,6 +32,8 @@ while($row = mysqli_fetch_array($sql_companies)){
// Tickets
$config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email'];
// Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
@@ -151,10 +153,48 @@ while($row = mysqli_fetch_array($sql_companies)){
// Raise the ticket
mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = $created_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, company_id = $company_id");
$id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'System created scheduled $frequency ticket - $subject', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id, log_user_id = $created_id");
// E-mail client
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get contact/ticket/company details
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN companies ON tickets.company_id = companies.company_id
WHERE ticket_id = $id AND tickets.company_id = $company_id");
$row = mysqli_fetch_array($sql);
$contact_name = $row['contact_name'];
$contact_email = $row['contact_email'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_subject = $row['ticket_subject'];
$company_phone = formatPhoneNumber($row['company_phone']);
// Verify contact email is valid
if(filter_var($contact_email, FILTER_VALIDATE_EMAIL)){
$subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject (scheduled)";
$body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$ticket_subject\" has been automatically created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
$contact_email, $contact_name,
$subject, $body);
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email', notification_timestamp = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $company_id");
}
}
}
// Set the next run date
if($frequency == "weekly"){
// Note: We seemingly have to initialize a new datetime for each loop to avoid stacking the dates
cron_ticket_email_parser.php
+2
View File
@@ -172,6 +172,7 @@ if ($emails) {
// E-mail client notification that ticket has been created
if ($config_ticket_client_general_notifications == 1) {
$email_subject = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject";
$email_body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.<br><br>Ticket: $config_ticket_prefix$ticket_number<br>Subject: $subject<br>Status: Open<br>https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
@@ -186,6 +187,7 @@ if ($emails) {
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail', company_id = $session_company_id");
}
}
} else {
database_updates.php
+10 -3
View File
@@ -453,11 +453,18 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.9'");
}
//if(CURRENT_DATABASE_VERSION == '0.2.9'){
// Insert queries here required to update to DB version 0.3.0
if(CURRENT_DATABASE_VERSION == '0.2.9'){
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_ticket_client_general_notifications` INT(1) NOT NULL DEFAULT '1' AFTER `config_ticket_email_parse`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.0'");
}
//if(CURRENT_DATABASE_VERSION == '0.3.0'){
// Insert queries here required to update to DB version 0.3.1
// Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.0'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.1'");
//}
database_version.php
+1 -1
View File
@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "0.2.9");
DEFINE("LATEST_DATABASE_VERSION", "0.3.0");
db.sql
+1
View File
@@ -1066,6 +1066,7 @@ CREATE TABLE `settings` (
`config_ticket_from_name` varchar(200) DEFAULT NULL,
`config_ticket_from_email` varchar(200) DEFAULT NULL,
`config_ticket_email_parse` int(1) NOT NULL DEFAULT 0,
`config_ticket_client_general_notifications` int(1) NOT NULL DEFAULT 0,
`config_enable_cron` tinyint(1) DEFAULT NULL,
`config_recurring_auto_send_invoice` tinyint(1) DEFAULT NULL,
`config_enable_alert_domain_expire` tinyint(1) DEFAULT NULL,
get_settings.php
+1
View File
@@ -58,6 +58,7 @@ $config_ticket_next_number = $row['config_ticket_next_number'];
$config_ticket_from_name = $row['config_ticket_from_name'];
$config_ticket_from_email = $row['config_ticket_from_email'];
$config_ticket_email_parse = $row['config_ticket_email_parse'];
$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications'];
// Alerts
$config_enable_cron = $row['config_enable_cron'];
login.php
+102 -53
View File
@@ -5,13 +5,41 @@ if(!file_exists('config.php')){
exit;
}
include("config.php");
include("functions.php");
require_once("config.php");
require_once("functions.php");
require_once("rfc6238.php");
// IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// Block brute force password attacks - check recent failed login attempts for this IP
// Block access if more than 15 failed login attempts have happened in the last 10 minutes
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)"));
$failed_login_count = $row['failed_login_count'];
if ($failed_login_count >= 15) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Blocked', log_description = '$ip was blocked access to login due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Inform user & quit processing page
exit("<h2>$config_app_name</h2>Your IP address has been blocked due to repeated failed login attempts. Please try again later. <br><br>This action has been logged.");
}
// Query Settings for "default" company (as companies are being removed shortly)
$sql_settings = mysqli_query($mysqli,"SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
// Mail
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = $row['config_smtp_port'];
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
$config_mail_from_email = $row['config_mail_from_email'];
$config_mail_from_name = $row['config_mail_from_name'];
// HTTP-Only cookies
ini_set("session.cookie_httponly", True);
@@ -26,45 +54,67 @@ if (isset($_POST['login'])) {
// Sessions should start after the user has POSTed data
session_start();
// Check recent failed login attempts for this IP (more than 10 failed logins in 5 mins)
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$failed_login_count = $row['failed_login_count'];
// Login brute force check
if ($failed_login_count >= 10) {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company)
if($failed_login_count == 10){
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'");
}
// Inform user
$response = '<div class=\'alert alert-danger\'>IP Lockout - Please try again later.<button class=\'close\' data-dismiss=\'alert\'>&times;</button></div>';
} else {
// Passed login brute force check
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password'];
$current_code = 0; // Default value
if (isset($_POST['current_code'])) {
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
}
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_status = 1"));
// Check password
if ($row && password_verify($password, $row['user_password'])) {
// User variables
$token = $row['user_token'];
// User password correct (partial login)
// Set temporary user variables
$user_name = strip_tags(mysqli_real_escape_string($mysqli, $row['user_name']));
$user_id = $row['user_id'];
$user_email = $row['user_email'];
$token = $row['user_token'];
// Checking for user 2FA
if (empty($token) || TokenAuth6238::verify($token, $current_code)) {
// FULL LOGIN SUCCESS - 2FA not configured or was successful
// Check this login isn't suspicious
$sql_ip_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ip_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_ip = '$ip' AND log_user_id = '$user_id'"));
$ip_previous_logins = $sql_ip_prev_logins['ip_previous_logins'];
$sql_ua_prev_logins = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS ua_previous_logins FROM logs WHERE log_type = 'Login' AND log_action = 'Success' AND log_user_agent = '$user_agent' AND log_user_id = '$user_id'"));
$ua_prev_logins = $sql_ua_prev_logins['ua_previous_logins'];
// Notify if both the user agent and IP are different
if (!empty($config_smtp_host) && $ip_previous_logins == 0 && $ua_prev_logins == 0) {
$subject = "$config_app_name new login for $user_name";
$body = "Hi $user_name, <br><br>A recent successful login to your $config_app_name account was considered a little unusual. If this was you, you can safely ignore this email!<br><br>IP Address: $ip<br> User Agent: $user_agent <br><br>If you did not perform this login, your credentials may be compromised. <br><br>Thanks, <br>ITFlow";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$user_email, $user_name,
$subject, $body);
}
// Determine whether 2FA was used (for logs)
$extended_log = ''; // Default value
if ($current_code !== 0 ) {
$extended_log = 'with 2FA';
}
// Logging successful login
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in $extended_log', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
// Session info
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_role'] = $row['user_role'];
$_SESSION['csrf_token'] = bin2hex(random_bytes(78));
$_SESSION['logged'] = TRUE;
// Setup encryption session key
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
@@ -84,12 +134,6 @@ if (isset($_POST['login'])) {
}
}
if (empty($token)) {
// Full Login successful
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
// Show start page/dashboard depending on role
if ($row['user_role'] == 2) {
header("Location: dashboard_technical.php");
@@ -97,11 +141,15 @@ if (isset($_POST['login'])) {
header("Location: dashboard_financial.php");
}
} else {
// Prompt for MFA
$token_field = "<div class='input-group mb-3'>
<input type='text' class='form-control' placeholder='Token' name='current_code' autofocus>
} else {
// MFA is configured and needs to be confirmed, or was unsuccessful
// HTML code for the token input field
$token_field = "
<div class='input-group mb-3'>
<input type='text' class='form-control' placeholder='2FA Token' name='current_code' required autofocus>
<div class='input-group-append'>
<div class='input-group-text'>
<span class='fas fa-key'></span>
@@ -109,42 +157,43 @@ if (isset($_POST['login'])) {
</div>
</div>";
require_once("rfc6238.php");
// Log/notify if MFA was unsuccessful
if ($current_code !== 0) {
if (TokenAuth6238::verify($token, $current_code)) {
// Full login (with MFA) successful
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$user_name successfully logged in using 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
// Show start page/dashboard depending on role
if ($row['user_role'] == 2) {
header("Location: dashboard_technical.php");
} else {
header("Location: dashboard_financial.php");
}
} else {
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$user_name failed 2FA', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
// Email the tech to advise their credentials may be compromised
if (!empty($config_smtp_host)) {
$subject = "Important: $config_app_name failed 2FA login attempt for $user_name";
$body = "Hi $user_name, <br><br>A recent login to your $config_app_name account was unsuccessful due to an incorrect 2FA code. If you did not attempt this login, your credentials may be compromised. <br><br>Thanks, <br>ITFlow";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$user_email, $user_name,
$subject, $body);
}
// HTML feedback for incorrect 2FA code
$response = "
<div class='alert alert-primary'>
<div class='alert alert-warning'>
Please Enter 2FA Key!
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
</div>";
}
}
} else {
// Password incorrect or user doesn't exist - show generic error
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$response = "
<div class='alert alert-danger'>
Incorrect username or password.
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
}
</div>";
}
}
post.php
+68 -13
View File
@@ -156,7 +156,9 @@ if(isset($_POST['edit_user'])){
$role = intval($_POST['role']);
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
$extended_log_description = '';
if(!empty($_POST['2fa'])) {
$two_fa = $_POST['2fa'];
}
if(!file_exists("uploads/users/$user_id/")) {
mkdir("uploads/users/$user_id");
@@ -285,6 +287,32 @@ if(isset($_POST['edit_profile'])){
$logout = FALSE;
$extended_log_description = '';
// Email notification when password or email is changed
$user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $user_id"));
$user_old_email = $user_old_email_sql['user_email'];
if (!empty($config_smtp_host) && (!empty($new_password) || $user_old_email !== $email)) {
// Determine exactly what changed
if ($user_old_email !== $email && !empty($new_password)) {
$details = "Your e-mail address and password were changed. New email: $email.";
}
elseif ($user_old_email !== $email) {
$details = "Your email address was changed. New email: $email.";
}
elseif (!empty($new_password)) {
$details = "Your password was changed.";
}
$subject = "$config_app_name account update confirmation for $name";
$body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$user_old_email, $name,
$subject, $body);
}
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
@@ -333,8 +361,6 @@ if(isset($_POST['edit_profile'])){
}
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
if(!empty($new_password)){
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
@@ -361,6 +387,8 @@ if(isset($_POST['edit_profile'])){
$extended_log_description .= ", extension access disabled";
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name modified their preferences$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
@@ -952,9 +980,9 @@ if(isset($_POST['edit_ticket_settings'])){
$config_ticket_from_email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_email'])));
$config_ticket_from_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_name'])));
$config_ticket_email_parse = intval($_POST['config_ticket_email_parse']);
$config_ticket_client_general_notifications = intval($_POST['config_ticket_client_general_notifications']);
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name', config_ticket_email_parse = '$config_ticket_email_parse' WHERE company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name', config_ticket_email_parse = '$config_ticket_email_parse', config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = 'Ticket settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
@@ -1108,6 +1136,17 @@ if(isset($_POST['disable_2fa'])){
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name disabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
// Email notification
if (!empty($config_smtp_host)) {
$subject = "$config_app_name account update confirmation for $session_name";
$body = "Hi $session_name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>2FA was disabled.</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_mail_from_email, $config_mail_from_name,
$session_email, $session_name,
$subject, $body);
}
$_SESSION['alert_message'] = "Two-factor authentication disabled";
header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -5918,10 +5957,10 @@ if(isset($_POST['add_ticket'])){
$id = mysqli_insert_id($mysqli);
// E-mail client
if (!empty($config_smtp_host)) {
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get contact/ticket details
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, company_phone FROM tickets
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN companies ON tickets.company_id = companies.company_id
@@ -5932,13 +5971,14 @@ if(isset($_POST['add_ticket'])){
$contact_email = $row['contact_email'];
$ticket_prefix = $row['ticket_prefix'];
$ticket_number = $row['ticket_number'];
$ticket_subject = $row['ticket_subject'];
$company_phone = formatPhoneNumber($row['company_phone']);
// Verify contact email is valid
if(filter_var($contact_email, FILTER_VALIDATE_EMAIL)){
$subject = "Ticket created - [$ticket_prefix$ticket_number] - $subject";
$body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$subject\" has been created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
$subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$ticket_subject\" has been created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
@@ -6096,10 +6136,11 @@ if(isset($_POST['assign_ticket'])){
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = '$assigned_to' AND user_settings.user_role > 1");
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = '$assigned_to' AND user_settings.user_role > 1");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_name = $agent_details['user_name'];
$ticket_reply = "Ticket re-assigned to $agent_details[user_name].";
$agent_email = $agent_details['user_email'];
$ticket_reply = "Ticket re-assigned to $agent_name.";
if(!$agent_name){
$_SESSION['alert_type'] = "error";
@@ -6110,8 +6151,10 @@ if(isset($_POST['assign_ticket'])){
}
// Get & verify ticket details
$ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_subject FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
$ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
$ticket_details = mysqli_fetch_array($ticket_details_sql);
$ticket_prefix = $ticket_details['ticket_prefix'];
$ticket_number = $ticket_details['ticket_number'];
$ticket_subject = $ticket_details['ticket_subject'];
if(!$ticket_subject){
@@ -6127,7 +6170,19 @@ if(isset($_POST['assign_ticket'])){
mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id") or die(mysqli_error($mysqli));
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Modify', log_description = '$ticket_subject reassigned to $agent_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Modify', log_description = '$ticket_subject ($ticket_id) - $ticket_reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
// Email notification
if (intval($session_user_id) !== $assigned_to) {
$subject = "$config_app_name ticket $ticket_prefix$ticket_number assigned to you";
$body = "Hi $agent_name, <br><br>A ticket has been assigned to you!<br><br>ID: $ticket_prefix$ticket_number<br> Subject: $ticket_subject <br><br>Thanks, <br>$session_name<br>ITFlow";
$mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
$config_ticket_from_email, $config_ticket_from_name,
$agent_email, $agent_name,
$subject, $body);
}
$_SESSION['alert_message'] = "Ticket re-assigned";
@@ -6345,7 +6400,7 @@ if(isset($_GET['close_ticket'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
// Client notification email
if (!empty($config_smtp_host)) {
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get details
$ticket_sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets
settings_ticket.php
+5
View File
@@ -53,6 +53,11 @@
<label class="custom-control-label" for="customSwitch1">Email-to-ticket parsing (Beta) <small>(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
</div>
<div class="custom-control custom-switch mb-2">
<input type="checkbox" class="custom-control-input" name="config_ticket_client_general_notifications" <?php if($config_ticket_client_general_notifications == 1){ echo "checked"; } ?> value="1" id="customSwitch2">
<label class="custom-control-label" for="customSwitch2">Send clients general notification emails <small>(Should clients receive automatic emails when tickets are raised/closed?)</small></label>
</div>
<hr>
<button type="submit" name="edit_ticket_settings" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>