ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Portal code style tidy

Browse Source
This commit is contained in:
Marcus Hill
2023-01-01 16:05:48 +00:00
parent ff741c223e
commit dd00f48e5b
12 changed files with 558 additions and 558 deletions
Download Patch File Download Diff File Expand all files Collapse all files
portal/check_login.php
+6 -6
View File
@@ -5,27 +5,27 @@
* Checks if the client is logged in or not
*/
if(!isset($_SESSION)){
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
if(!$_SESSION['client_logged_in']){
if (!$_SESSION['client_logged_in']) {
header("Location: login.php");
die;
}
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$session_ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli, get_os()));
// Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Get info from session
$session_client_id = $_SESSION['client_id'];
portal/inc_portal.php
+7 -7
View File
@@ -4,19 +4,19 @@
* Includes for all pages (except login)
*/
include('../config.php');
include('../functions.php');
include('check_login.php');
include('portal_functions.php');
require_once('../config.php');
require_once('../functions.php');
require_once('check_login.php');
require_once('portal_functions.php');
if(!isset($_SESSION)){
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
session_start();
}
include("portal_header.php");
require_once("portal_header.php");
portal/index.php
+9 -9
View File
@@ -41,13 +41,13 @@ $total_tickets = $row['total_tickets'];
?>
<table>
<table>
<tr>
<th class="text-center">
<?php if(!empty($session_contact_photo)){ ?>
<?php if (!empty($session_contact_photo)) { ?>
<img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle">
<?php }else{ ?>
<?php } else { ?>
<span class="fa-stack fa-2x rounded-left">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
@@ -66,11 +66,11 @@ $total_tickets = $row['total_tickets'];
</div>
</th>
</tr>
</table>
</table>
<br>
<br>
<div class="row">
<div class="row">
<div class="col-10">
<div class="card">
@@ -86,7 +86,7 @@ $total_tickets = $row['total_tickets'];
<tbody>
<?php
while($ticket = mysqli_fetch_array($contact_tickets)){
while ($ticket = mysqli_fetch_array($contact_tickets)) {
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
@@ -126,6 +126,6 @@ $total_tickets = $row['total_tickets'];
</a>
</div>
</div>
</div>
<?php include("portal_footer.php"); ?>
<?php require_once("portal_footer.php"); ?>
portal/login.php
+14 -14
View File
@@ -9,10 +9,10 @@ require_once('../config.php');
require_once('../functions.php');
require_once ('../get_settings.php');
if(!isset($_SESSION)){
if (!isset($_SESSION)) {
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
if($config_https_only){
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True);
}
@@ -20,9 +20,9 @@ if(!isset($_SESSION)){
}
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$sql_settings = mysqli_query($mysqli,"SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id'];
@@ -30,19 +30,19 @@ $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE c
$company_results = mysqli_fetch_array($company_sql);
$company_name = $company_results['company_name'];
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['login_message'] = 'Invalid e-mail';
}
else{
else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$row = mysqli_fetch_array($sql);
if($row['contact_auth_method'] == 'local'){
if(password_verify($password, $row['contact_password_hash'])){
if ($row['contact_auth_method'] == 'local') {
if (password_verify($password, $row['contact_password_hash'])) {
$_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id'];
@@ -55,13 +55,13 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
}
else{
else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
}
else{
else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.';
}
@@ -97,7 +97,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
<div class="card-body login-card-body">
<p class="login-box-msg text-danger">
<?php
if(!empty($_SESSION['login_message'])){
if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
@@ -131,7 +131,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
</form>
<?php
if(!empty($client_id)){ ?>
if (!empty($client_id)) { ?>
<hr>
<div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
@@ -158,7 +158,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
<!-- Prevents resubmit on refresh or back -->
<script>
if(window.history.replaceState){
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
portal/login_microsoft.php
+5 -5
View File
@@ -31,7 +31,7 @@ $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/
// Initial Login Request, via Microsoft
// Returns a authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET"){
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$params = array (
'client_id' => $client_id,
@@ -47,7 +47,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET"){
// Login was successful, Microsoft has returned us a authorization code via POST
// Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()){
if (isset($_POST['code']) && $_POST['state'] == session_id()) {
$params = array (
'client_id' =>$client_id,
@@ -70,7 +70,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// Check if we have an access token
// If we do, send a request to Microsoft Graph API to get user info
if (isset($access_token_response['access_token'])){
if (isset($access_token_response['access_token'])) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'],
@@ -81,7 +81,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
$msgraph_response = json_decode(curl_exec($ch), 1);
if (isset($msgraph_response['error'])){
if (isset($msgraph_response['error'])) {
// Something went wrong verifying the token/using the Graph API - quit
echo "Error with MS Graph API. Details:";
var_dump($msgraph_response['error']);
@@ -119,5 +119,5 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// If the user is just sat on the page, redirect them to login to try again
if (empty($_GET)) {
echo "<script> setTimeout(function(){ window.location = \"login.php\"; },1000);</script>";
echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
}
portal/login_reset.php
+6 -6
View File
@@ -25,7 +25,7 @@ if (!isset($_SESSION)) {
}
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
$company_results = mysqli_fetch_array($company_sql);
@@ -68,8 +68,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Error handling
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
//End Mail IF
@@ -119,8 +119,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Error handling
if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
}
// Redirect to login page
@@ -261,7 +261,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!-- Prevents resubmit on refresh or back -->
<script>
if(window.history.replaceState){
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
portal/portal_functions.php
+4 -4
View File
@@ -7,17 +7,17 @@
/*
* Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action
*/
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state){
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state) {
// Access the global variables
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
// Setup
if($expected_ticket_state == "Closed"){
if ($expected_ticket_state == "Closed") {
// Closed tickets
$ticket_state_snippet = "ticket_status = 'Closed'";
}
else{
else {
// Open (working/hold) tickets
$ticket_state_snippet = "ticket_status != 'Closed'";
}
@@ -27,7 +27,7 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
$row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id'];
if(intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
// Client is ticket owner, or primary contact
return TRUE;
}
portal/portal_header.php
+14 -14
View File
@@ -8,22 +8,22 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
<!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head>
<!-- Navbar -->
@@ -37,10 +37,10 @@
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item <?php if(basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>">
<li class="nav-item <?php if (basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>">
<a class="nav-link" href="index.php">Home</a>
</li>
<?php if($session_contact_id == $session_client_primary_contact_id) { ?>
<?php if ($session_contact_id == $session_client_primary_contact_id) { ?>
<li class="nav-item">
<a class="nav-link" href="ticket_view_all.php">All Tickets</a>
</li>
portal/profile.php
+4 -4
View File
@@ -12,12 +12,12 @@ require('inc_portal.php');
<p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p>
<p>Client: <?php echo $session_client_name ?></p>
<p>Client Primary Contact: <?php if($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
<!-- // Show option to change password if auth provider is local -->
<?php if($_SESSION['login_method'] == 'local'): ?>
<!-- // Show option to change password if auth provider is local -->
<?php if ($_SESSION['login_method'] == 'local'): ?>
<hr>
<div class="col-md-6">
<h4>Password</h4>
@@ -38,4 +38,4 @@ require('inc_portal.php');
<?php endif ?>
<?php
include('portal_footer.php');
require_once('portal_footer.php');
portal/ticket.php
+1 -1
View File
@@ -133,7 +133,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
<div class="media-body">
<?php echo $ticket_reply_by_display; ?>
<br>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "(edited: $ticket_reply_updated_at)"; } ?></small>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if (!empty($ticket_reply_updated_at)) { echo "(edited: $ticket_reply_updated_at)"; } ?></small>
</div>
</div>
</h3>
portal/ticket_add.php
+4 -4
View File
@@ -7,9 +7,9 @@
require('inc_portal.php');
?>
<h2>Raise a new ticket</h2>
<h2>Raise a new ticket</h2>
<div class="col-8">
<div class="col-8">
<form action="portal_post.php" method="post">
<div class="form-group">
@@ -44,7 +44,7 @@ require('inc_portal.php');
<button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form>
</div>
</div>
<?php
include('portal_footer.php');
require_once('portal_footer.php');
portal/ticket_view_all.php
+6 -6
View File
@@ -6,7 +6,7 @@
require('inc_portal.php');
if($session_contact_id !== $session_client_primary_contact_id){
if ($session_contact_id !== $session_client_primary_contact_id) {
header("Location: portal_post.php?logout");
exit();
}
@@ -36,9 +36,9 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<form method="get">
<label>Ticket Status</label>
<select class="form-control" name="status" onchange="this.form.submit()">
<option value="%" <?php if($status == "%"){echo "selected";}?> >Any</option>
<option value="Open" <?php if($status == "Open"){echo "selected";}?> >Open</option>
<option value="Closed" <?php if($status == "Closed"){echo "selected";}?> >Closed</option>
<option value="%" <?php if ($status == "%") {echo "selected";}?> >Any</option>
<option value="Open" <?php if ($status == "Open") {echo "selected";}?> >Open</option>
<option value="Closed" <?php if ($status == "Closed") {echo "selected";}?> >Closed</option>
</select>
</form>
</div>
@@ -55,7 +55,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<tbody>
<?php
while($ticket = mysqli_fetch_array($all_tickets)){
while ($ticket = mysqli_fetch_array($all_tickets)) {
echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
@@ -69,4 +69,4 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
</div>
<?php
include('portal_footer.php');
require_once('portal_footer.php');