Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Portal contacts #1112

Merged
merged 1 commit into from
Dec 6, 2024
Merged

Portal contacts #1112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions portal/contact_edit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,12 @@

$contact_id = intval($_GET['id']);

$sql_contact = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_primary, contact_technical, contact_billing, contact_auth_method FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $session_client_id AND contacts.contact_archived_at IS NULL LIMIT 1");
$sql_contact = mysqli_query(
$mysqli, "SELECT contact_id, contact_name, contact_email, contact_primary, contact_technical, contact_billing, user_auth_method
FROM contacts
LEFT JOIN users ON user_id = contact_user_id
WHERE contact_id = $contact_id AND contact_client_id = $session_client_id AND contacts.contact_archived_at IS NULL LIMIT 1"
);

$row = mysqli_fetch_array($sql_contact);

Expand All @@ -32,7 +37,7 @@
$contact_primary = intval($row['contact_primary']);
$contact_technical = intval($row['contact_technical']);
$contact_billing = intval($row['contact_billing']);
$contact_auth_method = nullable_htmlentities($row['contact_auth_method']);
$contact_auth_method = nullable_htmlentities($row['user_auth_method']);
} else {
header("Location: portal_post.php?logout");
exit();
Expand Down
77 changes: 62 additions & 15 deletions portal/portal_post.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,43 +324,90 @@
header('Location: index.php');
}

if (isset($_POST['edit_contact'])) {
$contact_id = intval($_POST['contact_id']);
if (isset($_POST['add_contact'])) {
$contact_name = sanitizeInput($_POST['contact_name']);
$contact_email = sanitizeInput($_POST['contact_email']);
$contact_technical = intval($_POST['contact_technical']);
$contact_billing = intval($_POST['contact_billing']);
$contact_auth_method = sanitizeInput($_POST['contact_auth_method']);

mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical WHERE contact_id = $contact_id AND contact_client_id = $session_client_id AND contact_archived_at IS NULL AND contact_primary = 0");
// Check the email isn't already in use
$sql = mysqli_query($mysqli, "SELECT user_id FROM users WHERE user_email = '$contact_email'");
if ($sql && mysqli_num_rows($sql) > 0) {
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Cannot add contact as that email address is already in use";
header('Location: contact_add.php');
exit();
}

// Create user account with rand password for the contact
$contact_user_id = 0;
if ($contact_name && $contact_email && $contact_auth_method) {

$password_hash = password_hash(randomString(), PASSWORD_DEFAULT);

mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$password_hash', user_auth_method = '$contact_auth_method', user_type = 2");

$contact_user_id = mysqli_insert_id($mysqli);
}

// Create contact record
mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical, contact_client_id = $session_client_id, contact_user_id = $contact_user_id");
$contact_id = mysqli_insert_id($mysqli);

// Logging
logAction("Contact", "Edit", "Client contact $session_contact_name edited contact $contact_name in the client portal", $session_client_id, $contact_id);
logAction("Contact", "Create", "Client contact $session_contact_name created contact $contact_name in the client portal", $session_client_id, $contact_id);

$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> updated";

header('Location: contacts.php');
customAction('contact_create', $contact_id);

customAction('contact_update', $contact_id);
$_SESSION['alert_message'] = "Contact $contact_name created";

header('Location: contacts.php');
}

if (isset($_POST['add_contact'])) {
if (isset($_POST['edit_contact'])) {
$contact_id = intval($_POST['contact_id']);
$contact_name = sanitizeInput($_POST['contact_name']);
$contact_email = sanitizeInput($_POST['contact_email']);
$contact_technical = intval($_POST['contact_technical']);
$contact_billing = intval($_POST['contact_billing']);
$contact_auth_method = sanitizeInput($_POST['contact_auth_method']);

mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical, contact_client_id = $session_client_id");
// Get the existing contact_user_id - we look it up ourselves so the user can't just overwrite random users
$sql = mysqli_query($mysqli,"SELECT contact_user_id FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $session_client_id");
$row = mysqli_fetch_array($sql);
$contact_user_id = intval($row['contact_user_id']);

// Check the email isn't already in use
$sql = mysqli_query($mysqli, "SELECT user_id FROM users WHERE user_email = '$contact_email' AND user_id != $contact_user_id");
if ($sql && mysqli_num_rows($sql) > 0) {
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "Cannot update contact as that email address is already in use";
header('Location: contact_edit.php?id=' . $contact_id);
exit();
}

$contact_id = mysqli_insert_id($mysqli);
// Update Existing User
if ($contact_user_id > 0) {
mysqli_query($mysqli, "UPDATE users SET user_name = '$contact_name', user_email = '$contact_email', user_auth_method = '$contact_auth_method' WHERE user_id = $contact_user_id");

// Logging
logAction("Contact", "Create", "Client contact $session_contact_name created contact $contact_name in the client portal", $session_client_id, $contact_id);
// Else, create New User
} elseif ($contact_user_id == 0 && $contact_name && $contact_email && $contact_auth_method) {
$password_hash = password_hash(randomString(), PASSWORD_DEFAULT);
mysqli_query($mysqli, "INSERT INTO users SET user_name = '$contact_name', user_email = '$contact_email', user_password = '$password_hash', user_auth_method = '$contact_auth_method', user_type = 2");

customAction('contact_create', $contact_id);
$contact_user_id = mysqli_insert_id($mysqli);
}

$_SESSION['alert_message'] = "Contact <strong>$contact_name</strong> created";
// Update contact
mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$contact_name', contact_email = '$contact_email', contact_billing = $contact_billing, contact_technical = $contact_technical, contact_user_id = $contact_user_id WHERE contact_id = $contact_id AND contact_client_id = $session_client_id AND contact_archived_at IS NULL AND contact_primary = 0");

// Logging
logAction("Contact", "Edit", "Client contact $session_contact_name edited contact $contact_name in the client portal", $session_client_id, $contact_id);

$_SESSION['alert_message'] = "Contact $contact_name updated";

header('Location: contacts.php');

customAction('contact_update', $contact_id);
}
Loading