Merge pull request #465 from wrongecho/misc

Misc changes

client_overview.php

@@ -239,7 +239,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
 
             ?>
             <tr>
-              <td><a href="ticket.php?ticket_id=<?php echo $ticket_id?>"><?php echo "$ticket_prefix$ticket_number"; ?></a>/td>
+              <td><a href="ticket.php?ticket_id=<?php echo $ticket_id?>"><?php echo "$ticket_prefix$ticket_number"; ?></a></td>
               <td><?php echo $ticket_subject; ?></td>
               <td class="text-danger"><?php echo $ticket_created_at; ?></td>
             </tr>

functions.php

@@ -186,42 +186,6 @@ function truncate($text, $chars) {
   return $text;
 }
 
-function get_otp($secret_seed) {
-  //TOTP seed (String representation)
-  $otp = '';
-  //number of seconds of otp period
-  $time_window = 30;
-
-  //time formating to epoch
-  $exact_time = microtime(true);
-  $rounded_time = floor($exact_time/$time_window);
-
-  //binary represetation of time without padding
-  $packed_time = pack("N", $rounded_time);
-
-  //binary representation of time with padding
-  $padded_packed_time = str_pad($packed_time,8, chr(0), STR_PAD_LEFT);
-
-  //binary representation of seed
-  $packed_secret_seed = pack("H*", $secret_seed);
-
-  //HMAC SHA1 hash (time + seed)
-  $hash = hash_hmac ('sha1', $padded_packed_time, $packed_secret_seed, true);
-
-  $offset = ord($hash[19]) & 0xf;
-  $otp = (
-      ((ord($hash[$offset+0]) & 0x7f) << 24 ) |
-      ((ord($hash[$offset+1]) & 0xff) << 16 ) |
-      ((ord($hash[$offset+2]) & 0xff) << 8 ) |
-      (ord($hash[$offset+3]) & 0xff)
-    ) % pow(10, 6);
-
-  //adding pad to otp, in order to assure a "6" digits
-  $otp = str_pad($otp, 6, "0", STR_PAD_LEFT);
-
-  return $otp;
-}
-
 function formatPhoneNumber($phoneNumber) {
   $phoneNumber = preg_replace('/[^0-9]/','',$phoneNumber);
 

post.php

@@ -120,10 +120,44 @@ if(isset($_POST['add_user'])){
     //Create Company Access Permissions
     mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $default_company");
 
+    // Send user e-mail, if specified
+    // Send e-mail to client if public update & email is setup
+    if(isset($_POST['send_email']) && !empty($config_smtp_host)){
+
+        $mail = new PHPMailer(true);
+
+        try{
+          //Mail Server Settings
+          $mail->SMTPDebug = 2;                                       // Enable verbose debug output
+          $mail->isSMTP();                                            // Set mailer to use SMTP
+          $mail->Host       = $config_smtp_host;                      // Specify main and backup SMTP servers
+          $mail->SMTPAuth   = true;                                   // Enable SMTP authentication
+          $mail->Username   = $config_smtp_username;                  // SMTP username
+          $mail->Password   = $config_smtp_password;                  // SMTP password
+          $mail->SMTPSecure = $config_smtp_encryption;                                  // Enable TLS encryption, `ssl` also accepted
+          $mail->Port       = $config_smtp_port;                      // TCP port to connect to
+
+          //Recipients
+          $mail->setFrom($config_ticket_from_email, $config_ticket_from_name);
+          $mail->addAddress("$email", "$name");       // Add a recipient
+
+          // Content
+          $mail->isHTML(true);                                        // Set email format to HTML
+
+          $mail->Subject = "Your new $session_company_name ITFlow account";
+          $mail->Body    = "Hello, $name<br><br>An ITFlow account has been setup for you. Please change your password upon login. <br><br>Username: $email <br>Password: $_POST[password]<br>Login URL: $config_base_url<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email";
+          $mail->send();
+        }
+        catch(Exception $e){
+          echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
+        }
+    }
+    //End Mail IF Try-Catch
+
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Create', log_description = '$session_name created user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, company_id = $session_company_id");
 
-    $_SESSION['alert_message'] = "User <strong>$user_name</strong> created";
+    $_SESSION['alert_message'] = "User <strong>$name</strong> created";
     
     header("Location: users.php");
 
@@ -6327,7 +6361,7 @@ if(isset($_POST['add_ticket_reply'])){
 
     validateTechRole();
 
-  // HTML Purifier
+    // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
     $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
@@ -6612,7 +6646,10 @@ if(isset($_POST['add_invoice_from_ticket'])){
 
     mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created from Ticket $ticket_prefix$ticket_number', history_invoice_id = $invoice_id, company_id = $session_company_id");
 
-    //Logging
+    // Add internal note to ticket
+    mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Created invoice $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id");
+
+    // Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Invoice', log_action = 'Create', log_description = '$config_invoice_prefix$invoice_number created from Ticket $ticket_prefix$ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Invoice created from ticket";

share_modal.php

@@ -27,6 +27,9 @@
                     document.getElementById("share_link_header").hidden = false;
                     document.getElementById("share_link").hidden = false;
                     document.getElementById("share_link").value = response;
+
+                    // Copy link to clipboard
+                    navigator.clipboard.writeText(response);
                 }
             );
         }

user_add_modal.php

@@ -37,10 +37,13 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
               </div>
-              <input type="password" class="form-control" data-toggle="password" name="password" placeholder="Enter a Password" autocomplete="new-password" required>
+              <input type="password" class="form-control" data-toggle="password" name="password" id="password" placeholder="Enter a Password" autocomplete="new-password" required>
               <div class="input-group-append">
                 <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
               </div>
+              <div class="input-group-append">
+                <span class="btn btn-default"><i class="fa fa-fw fa-question" onclick="generatePassword()"></i></span>
+              </div>
             </div>
           </div>
 
@@ -88,6 +91,11 @@
             <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
           </div>
 
+          <div class="form-check">
+            <input type="checkbox" class="form-check-input" name="send_email" value="" checked/>
+            <label class="form-check-label">Send user e-mail with login details?</label>
+          </div>
+
         </div>
         <div class="modal-footer bg-white">
           <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>

users.php

@@ -142,6 +142,11 @@
     <?php include("pagination.php"); ?>
   </div>
 </div>
+<script>
+    function generatePassword(){
+        document.getElementById("password").value = "<?php echo keygen() ?>"
+    }
+</script>
 
 <?php