Contact small edits

- Adjust behaviour when selecting "Send user e-mail with login details?" (show reset link OR prompt user to change password if tech set one) - Email wording change (remove ITFlow reference and replace with MSP name) - Show contact PIN in the portal - Bump password min length to 8 (and enforce on tech side) - Bugfix undefined send_email value
itflow-org · Oct 7, 2023 · 2633820 · 2633820
1 parent 0c0d89c
commit 2633820
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/client_contact_edit_modal.php b/client_contact_edit_modal.php
@@ -13,6 +13,7 @@
                 <input type="hidden" name="contact_important" value="0">
                 <input type="hidden" name="contact_billing" value="0">
                 <input type="hidden" name="contact_technical" value="0">
+                <input type="hidden" name="send_email" value="0">
                 <!-- End prevent undefined errors -->
                 <input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>">
                 <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
@@ -198,7 +199,7 @@
                                         <div class="input-group-prepend">
                                             <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
                                         </div>
-                                        <input type="password" class="form-control" data-toggle="password" name="contact_password" placeholder="Leave blank for no change" autocomplete="new-password">
+                                        <input type="password" class="form-control" data-toggle="password" name="contact_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
                                         <div class="input-group-append">
                                             <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
                                         </div>
@@ -207,7 +208,7 @@
                             </div>
 
                             <div class="form-check">
-                                <input type="checkbox" class="form-check-input" name="send_email" value=""/>
+                                <input type="checkbox" class="form-check-input" name="send_email" value="1"/>
                                 <label class="form-check-label">Send user e-mail with login details?</label>
                             </div>
 
@@ -252,4 +253,4 @@
             </form>
         </div>
     </div>
-</div>
+</div>
diff --git a/portal/check_login.php b/portal/check_login.php
@@ -50,6 +50,7 @@
 $session_contact_title = sanitizeInput($contact['contact_title']);
 $session_contact_email = sanitizeInput($contact['contact_email']);
 $session_contact_photo = sanitizeInput($contact['contact_photo']);
+$session_contact_pin = sanitizeInput($contact['contact_pin']);
 $session_contact_primary = intval($contact['contact_primary']);
 
 $session_contact_is_technical_contact = false;

diff --git a/portal/profile.php b/portal/profile.php
@@ -13,6 +13,7 @@
 
     <p>Name: <?php echo $session_contact_name ?></p>
     <p>Email: <?php echo $session_contact_email ?></p>
+    <p>PIN: <?php echo $session_contact_pin ?></p>
     <p>Client: <?php echo $session_client_name ?></p>
     <br>
     <p>Client Primary Contact: <?php if ($session_contact_primary == 1) {echo "Yes"; } else {echo "No";} ?></p>
@@ -35,7 +36,7 @@
                     <div class="input-group-prepend">
                         <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
                     </div>
-                    <input type="password" class="form-control" minlength="6" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
+                    <input type="password" class="form-control" minlength="8" required data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password">
                 </div>
             </div>
             <button type="submit" name="edit_profile" class="btn btn-primary text-bold mt-3"><i class="fas fa-check mr-2"></i>Save password</button>

diff --git a/post/contact.php b/post/contact.php
@@ -17,7 +17,7 @@
         // Set a random password
         $password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
     }
-    
+
     if (!file_exists("uploads/clients/$client_id")) {
         mkdir("uploads/clients/$client_id");
     }
@@ -68,6 +68,7 @@
     require_once('post/contact_model.php');
 
     $contact_id = intval($_POST['contact_id']);
+    $send_email = intval($_POST['send_email']);
 
     // Get Exisiting Contact Photo
     $sql = mysqli_query($mysqli,"SELECT contact_photo FROM contacts WHERE contact_id = $contact_id");
@@ -93,7 +94,7 @@
     }
 
     // Send contact a welcome e-mail, if specified
-    if (isset($_POST['send_email']) && !empty($auth_method) && !empty($config_smtp_host)) {
+    if ($send_email && !empty($auth_method) && !empty($config_smtp_host)) {
 
         // Un-sanitizied used in body of email
         $contact_name = $_POST['name'];
@@ -102,14 +103,18 @@
         $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email);
         $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name);
 
+        // Authentication info (azure, reset password, or tech-provided temporary password)
+
         if ($auth_method == 'azure') {
             $password_info = "Login with your Microsoft (Azure AD) account.";
+        } elseif (empty($_POST['contact_password'])) {
+            $password_info = "Request a password reset at https://$config_base_url/portal/login_reset.php";
         } else {
-            $password_info = $_POST['contact_password'];
+            $password_info = $_POST['contact_password'] . " -- Please change on first login";
         }
 
-        $subject = sanitizeInput("Your new $session_company_name ITFlow account");
-        $body = mysqli_real_escape_string($mysqli, "Hello, $contact_name<br><br>An ITFlow account has been set up for you. <br><br>Username: $email <br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email");
+        $subject = sanitizeInput("Your new $session_company_name support portal account");
+        $body = mysqli_real_escape_string($mysqli, "Hello, $contact_name<br><br>$session_company_name has created a support portal account for you. <br><br>Username: $email<br>Password: $password_info<br><br>Login URL: https://$config_base_url/portal/<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email");
 
         // Queue Mail
         mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$email', email_recipient_name = '$name', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject', email_content = '$body'");