Email notification related changes

README.md

@@ -88,7 +88,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https://
 
 1. Install a LAMP stack (Linux, Apache, MariaDB, PHP)
    ```sh
-   sudo apt install git apache2 php libapache2-mod-php php-intl php-mysqli php-curl mariadb-server
+   sudo apt install git apache2 php libapache2-mod-php php-intl php-imap php-mysqli php-curl mariadb-server
    ```  
 2. Clone the repo
    ```sh

check_login.php

@@ -16,7 +16,7 @@
   exit;
 }
 
-if(!$_SESSION['logged']){
+if(!isset($_SESSION['logged']) || !$_SESSION['logged']){
   header("Location: login.php");
   die;
 }

database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "0.2.9");
+DEFINE("LATEST_DATABASE_VERSION", "0.3.0");

db.sql

@@ -1066,6 +1066,7 @@ CREATE TABLE `settings` (
   `config_ticket_from_name` varchar(200) DEFAULT NULL,
   `config_ticket_from_email` varchar(200) DEFAULT NULL,
   `config_ticket_email_parse` int(1) NOT NULL DEFAULT 0,
+  `config_ticket_client_general_notifications` int(1) NOT NULL DEFAULT 0,
   `config_enable_cron` tinyint(1) DEFAULT NULL,
   `config_recurring_auto_send_invoice` tinyint(1) DEFAULT NULL,
   `config_enable_alert_domain_expire` tinyint(1) DEFAULT NULL,

get_settings.php

@@ -58,6 +58,7 @@
 $config_ticket_from_name = $row['config_ticket_from_name'];
 $config_ticket_from_email = $row['config_ticket_from_email'];
 $config_ticket_email_parse = $row['config_ticket_email_parse'];
+$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications'];
 
 // Alerts
 $config_enable_cron = $row['config_enable_cron'];

post.php

@@ -156,7 +156,9 @@
     $role = intval($_POST['role']);
     $existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
     $extended_log_description = '';
-    $two_fa = $_POST['2fa'];
+    if(!empty($_POST['2fa'])) {
+        $two_fa = $_POST['2fa'];
+    }
 
     if(!file_exists("uploads/users/$user_id/")) {
         mkdir("uploads/users/$user_id");
@@ -285,6 +287,32 @@
     $logout = FALSE;
     $extended_log_description = '';
 
+    // Email notification when password or email is changed
+    $user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $user_id"));
+    $user_old_email = $user_old_email_sql['user_email'];
+
+    if (!empty($config_smtp_host) && (!empty($new_password) || $user_old_email !== $email)) {
+
+        // Determine exactly what changed
+        if ($user_old_email !== $email && !empty($new_password)) {
+            $details = "Your e-mail address and password were changed. New email: $email.";
+        }
+        elseif ($user_old_email !== $email) {
+            $details = "Your email address was changed. New email: $email.";
+        }
+        elseif (!empty($new_password)) {
+            $details = "Your password was changed.";
+        }
+
+        $subject = "$config_app_name account update confirmation for $name";
+        $body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
+
+        $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+            $config_mail_from_email, $config_mail_from_name,
+            $user_old_email, $name,
+            $subject, $body);
+    }
+
     //Check to see if a file is attached
     if($_FILES['file']['tmp_name'] != ''){
 
@@ -332,8 +360,6 @@
             $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
         }
     }
-
-    mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
 
     if(!empty($new_password)){
         $new_password = password_hash($new_password, PASSWORD_DEFAULT);
@@ -361,6 +387,8 @@
         $extended_log_description .= ", extension access disabled";
     }
 
+    mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
+
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name modified their preferences$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, company_id = $session_company_id");
 
@@ -952,9 +980,9 @@
     $config_ticket_from_email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_email'])));
     $config_ticket_from_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_name'])));
     $config_ticket_email_parse = intval($_POST['config_ticket_email_parse']);
+    $config_ticket_client_general_notifications = intval($_POST['config_ticket_client_general_notifications']);
 
-
-  mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name', config_ticket_email_parse = '$config_ticket_email_parse' WHERE company_id = $session_company_id");
+    mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name', config_ticket_email_parse = '$config_ticket_email_parse', config_ticket_client_general_notifications = $config_ticket_client_general_notifications WHERE company_id = $session_company_id");
 
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = 'Ticket settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, company_id = $session_company_id");
@@ -1108,6 +1136,17 @@
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name disabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, company_id = $session_company_id");
 
+    // Email notification
+    if (!empty($config_smtp_host)) {
+        $subject = "$config_app_name account update confirmation for $session_name";
+        $body = "Hi $session_name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>2FA was disabled.</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
+
+        $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+            $config_mail_from_email, $config_mail_from_name,
+            $session_email, $session_name,
+            $subject, $body);
+    }
+
     $_SESSION['alert_message'] = "Two-factor authentication disabled";
 
     header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -5918,10 +5957,10 @@
     $id = mysqli_insert_id($mysqli);
 
     // E-mail client
-    if (!empty($config_smtp_host)) {
+    if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
 
         // Get contact/ticket details
-        $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, company_phone FROM tickets 
+        $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets 
               LEFT JOIN clients ON ticket_client_id = client_id 
               LEFT JOIN contacts ON ticket_contact_id = contact_id
               LEFT JOIN companies ON tickets.company_id = companies.company_id
@@ -5932,13 +5971,14 @@
         $contact_email = $row['contact_email'];
         $ticket_prefix = $row['ticket_prefix'];
         $ticket_number = $row['ticket_number'];
+        $ticket_subject = $row['ticket_subject'];
         $company_phone = formatPhoneNumber($row['company_phone']);
 
         // Verify contact email is valid
         if(filter_var($contact_email, FILTER_VALIDATE_EMAIL)){
 
-            $subject = "Ticket created - [$ticket_prefix$ticket_number] - $subject";
-            $body    = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$subject\" has been created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
+            $subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject";
+            $body    = "<i style='color: #808080'>#--itflow--#</i><br><br>Hello, $contact_name<br><br>A ticket regarding \"$ticket_subject\" has been created for you.<br><br>--------------------------------<br>$details--------------------------------<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: Open<br>Portal: https://$config_base_url/portal/ticket.php?id=$id<br><br>~<br>$session_company_name<br>Support Department<br>$config_ticket_from_email<br>$company_phone";
 
             $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
                 $config_ticket_from_email, $config_ticket_from_name,
@@ -6096,10 +6136,11 @@
 
     } else {
       // Get & verify assigned agent details
-      $agent_details_sql = mysqli_query($mysqli, "SELECT user_name FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = '$assigned_to' AND user_settings.user_role > 1");
+      $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = '$assigned_to' AND user_settings.user_role > 1");
       $agent_details = mysqli_fetch_array($agent_details_sql);
       $agent_name = $agent_details['user_name'];
-      $ticket_reply = "Ticket re-assigned to $agent_details[user_name].";
+      $agent_email = $agent_details['user_email'];
+      $ticket_reply = "Ticket re-assigned to $agent_name.";
 
       if(!$agent_name){
         $_SESSION['alert_type'] = "error";
@@ -6110,8 +6151,10 @@
     }
 
     // Get & verify ticket details
-    $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_subject FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
+    $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
     $ticket_details = mysqli_fetch_array($ticket_details_sql);
+    $ticket_prefix = $ticket_details['ticket_prefix'];
+    $ticket_number = $ticket_details['ticket_number'];
     $ticket_subject = $ticket_details['ticket_subject'];
 
     if(!$ticket_subject){
@@ -6127,7 +6170,19 @@
     mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id, company_id = $session_company_id") or die(mysqli_error($mysqli));
 
     // Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Modify', log_description = '$ticket_subject reassigned to $agent_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  company_id = $session_company_id, log_user_id = $session_user_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Modify', log_description = '$ticket_subject ($ticket_id) - $ticket_reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  company_id = $session_company_id, log_user_id = $session_user_id");
+
+    // Email notification
+    if (intval($session_user_id) !== $assigned_to) {
+        $subject = "$config_app_name ticket $ticket_prefix$ticket_number assigned to you";
+        $body = "Hi $agent_name, <br><br>A ticket has been assigned to you!<br><br>ID: $ticket_prefix$ticket_number<br> Subject: $ticket_subject <br><br>Thanks, <br>$session_name<br>ITFlow";
+
+        $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port,
+            $config_ticket_from_email, $config_ticket_from_name,
+            $agent_email, $agent_name,
+            $subject, $body);
+    }
+
 
     $_SESSION['alert_message'] = "Ticket re-assigned";
 
@@ -6345,7 +6400,7 @@
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
 
     // Client notification email
-    if (!empty($config_smtp_host)) {
+    if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
 
       // Get details
       $ticket_sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, company_phone FROM tickets 

settings_ticket.php

@@ -1,64 +1,69 @@
 <?php include("inc_all_settings.php"); ?>
 
-<div class="card card-dark">
-  <div class="card-header py-3">
-    <h3 class="card-title"><i class="fa fa-fw fa-life-ring"></i> Ticket Settings</h3>
-  </div>
-  <div class="card-body">
-    <form action="post.php" method="post" autocomplete="off">
-
-      <div class="form-group">
-        <label>Ticket Prefix</label>
-        <div class="input-group">
-          <div class="input-group-prepend">
-            <span class="input-group-text"><i class="fa fa-fw fa-life-ring"></i></span>
-          </div>
-          <input type="text" class="form-control" name="config_ticket_prefix" placeholder="Ticket Prefix" value="<?php echo htmlentities($config_ticket_prefix); ?>">
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fa fa-fw fa-life-ring"></i> Ticket Settings</h3>
         </div>
-      </div>
+        <div class="card-body">
+            <form action="post.php" method="post" autocomplete="off">
 
-      <div class="form-group">
-        <label>Next Number</label>
-        <div class="input-group">
-          <div class="input-group-prepend">
-            <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
-          </div>
-          <input type="number" min="0" class="form-control" name="config_ticket_next_number" placeholder="Next Ticket Number" value="<?php echo htmlentities($config_ticket_next_number); ?>" required>
-        </div>
-      </div>
+                <div class="form-group">
+                    <label>Ticket Prefix</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-life-ring"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_ticket_prefix" placeholder="Ticket Prefix" value="<?php echo htmlentities($config_ticket_prefix); ?>">
+                    </div>
+                </div>
 
-      <div class="form-group">
-        <label>From Email</label>
-        <div class="input-group">
-          <div class="input-group-prepend">
-            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
-          </div>
-          <input type="email" class="form-control" name="config_ticket_from_email" placeholder="From Email" value="<?php echo htmlentities($config_ticket_from_email); ?>">
-        </div>
-      </div>
+                <div class="form-group">
+                    <label>Next Number</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
+                        </div>
+                        <input type="number" min="0" class="form-control" name="config_ticket_next_number" placeholder="Next Ticket Number" value="<?php echo htmlentities($config_ticket_next_number); ?>" required>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>From Email</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                        </div>
+                        <input type="email" class="form-control" name="config_ticket_from_email" placeholder="From Email" value="<?php echo htmlentities($config_ticket_from_email); ?>">
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <label>From Name</label>
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
+                        </div>
+                        <input type="text" class="form-control" name="config_ticket_from_name" placeholder="Name" value="<?php echo htmlentities($config_ticket_from_name); ?>">
+                    </div>
+                </div>
 
-      <div class="form-group">
-        <label>From Name</label>
-        <div class="input-group">
-          <div class="input-group-prepend">
-            <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
-          </div>
-          <input type="text" class="form-control" name="config_ticket_from_name" placeholder="Name" value="<?php echo htmlentities($config_ticket_from_name); ?>">
-        </div>
-      </div>
 
+                <div class="custom-control custom-switch mb-2">
+                    <input type="checkbox" class="custom-control-input" name="config_ticket_email_parse" <?php if($config_ticket_email_parse == 1){ echo "checked"; } ?> value="1" id="customSwitch1">
+                    <label class="custom-control-label" for="customSwitch1">Email-to-ticket parsing (Beta) <small>(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
+                </div>
 
-      <div class="custom-control custom-switch mb-2">
-        <input type="checkbox" class="custom-control-input" name="config_ticket_email_parse" <?php if($config_ticket_email_parse == 1){ echo "checked"; } ?> value="1" id="customSwitch1">
-        <label class="custom-control-label" for="customSwitch1">Email-to-ticket parsing (Beta) <small>(cron_ticket_email_parser.php must also be added to cron and run every few mins)</small></label>
-      </div>
-    
-      <hr>
-      
-      <button type="submit" name="edit_ticket_settings" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>        
-    
-    </form>
-  </div>
-</div>
+                <div class="custom-control custom-switch mb-2">
+                    <input type="checkbox" class="custom-control-input" name="config_ticket_client_general_notifications" <?php if($config_ticket_client_general_notifications == 1){ echo "checked"; } ?> value="1" id="customSwitch2">
+                    <label class="custom-control-label" for="customSwitch2">Send clients general notification emails <small>(Should clients receive automatic emails when tickets are raised/closed?)</small></label>
+                </div>
+
+                <hr>
+
+                <button type="submit" name="edit_ticket_settings" class="btn btn-primary text-bold"><i class="fa fa-check"></i> Save</button>
+
+            </form>
+        </div>
+    </div>
 
 <?php include("footer.php");