- Finish updating URLs from /portal to /client

- Add a basic Stripe management page to admin settings to remove cards/reset Stripe customer IDs

Author: wrongecho

admin_settings_online_payment.php

@@ -12,9 +12,6 @@
             <form action="post.php" method="post" autocomplete="off">
                 <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
 
-                <div class="alert alert-secondary">Currently, we only integrate with Stripe. Please see <a href="https://forum.itflow.org/d/439-payment-integrations-megathread" target="_blank">this forum post</a>.</div>
-                <br>
-
                 <div class="form-group">
                     <div class="custom-control custom-switch">
                         <input type="checkbox" class="custom-control-input" name="config_stripe_enable" <?php if ($config_stripe_enable == 1) { echo "checked"; } ?> value="1" id="enableStripeSwitch">
@@ -140,6 +137,8 @@
 
                 </div>
 
+                <div class="alert alert-secondary">Currently, we only integrate with Stripe. Please see <a href="https://forum.itflow.org/d/439-payment-integrations-megathread" target="_blank">this forum post</a>.</div>
+
         </div>
 
         <hr>

admin_settings_online_payment_clients.php

@@ -18,6 +18,7 @@
                     <th>Client</th>
                     <th>Stripe Customer ID</th>
                     <th>Stripe Payment ID</th>
+                    <th>Action</th>
                 </tr>
                 </thead>
                 <tbody>
@@ -35,6 +36,25 @@
                         <td><?php echo "$client_name ($client_id)" ?></td>
                         <td><?php echo $stripe_id; ?></td>
                         <td><?php echo $stripe_pm ?></td>
+                        <td>
+                            <div class="dropdown dropleft text-center">
+                                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                    <i class="fas fa-ellipsis-h"></i>
+                                </button>
+                                <div class="dropdown-menu">
+                                    <?php if (!empty($stripe_pm)) { ?>
+                                        <a class="dropdown-item text-danger confirm-link" href="post.php?stripe_remove_pm&client_id=<?php echo $client_id ?>&pm=<?php echo $stripe_pm ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                            <i class="fas fa-fw fa-credit-card mr-2"></i>Delete payment method
+                                        </a>
+                                    <?php } else { ?>
+                                        <a data-toggle="tooltip" data-placement="left" title="May result in duplicate customer records in Stripe" class="dropdown-item text-danger confirm-link" href="post.php?stripe_reset_customer&client_id=<?php echo $client_id ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Reset Stripe
+                                        </a>
+                                    <?php } ?>
+                                </div>
+                            </div>
+                        </td>
+
                     </tr>
 
                 <?php } ?>

client/autopay.php

@@ -88,7 +88,7 @@
             // Manage the saved card
             else { ?>
 
-                <b>Manage saved card details</b>
+                <b>Manage saved payment methods</b>
 
                 <?php
 
@@ -120,7 +120,7 @@
 
                 <hr>
                 <b>Actions</b><br>
-                - <a href="post.php?stripe_remove_card&pm=<?php echo $stripe_pm; ?>">Remove saved card</a>
+                - <a href="post.php?stripe_remove_pm&pm=<?php echo $stripe_pm; ?>">Remove saved payment method</a>
 
             <?php } ?>
 

client/login_microsoft.php

@@ -29,7 +29,7 @@
 $client_id = $settings['config_azure_client_id'];
 $client_secret = $settings['config_azure_client_secret'];
 
-$redirect_uri = "https://$config_base_url/portal/login_microsoft.php";
+$redirect_uri = "https://$config_base_url/client/login_microsoft.php";
 
 # https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
 $auth_code_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize";

client/post.php

@@ -633,15 +633,15 @@
     }
 
     // Logging
-    logAction("Stripe", "Update", "$session_contact_name added saved card ($card_info) for future automatic payments (PM: $payment_method)", $session_client_id, $session_client_id);
+    logAction("Stripe", "Update", "$session_contact_name saved payment method ($card_info) for future automatic payments (PM: $payment_method)", $session_client_id, $session_client_id);
 
     // Redirect
-    $_SESSION['alert_message'] = "Card saved - thank you";
+    $_SESSION['alert_message'] = "Payment method saved - thank you";
     header('Location: autopay.php');
 
 }
 
-if (isset($_GET['stripe_remove_card'])) {
+if (isset($_GET['stripe_remove_pm'])) {
 
     if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
         header("Location: post.php?logout");
@@ -678,8 +678,8 @@
     mysqli_query($mysqli, "UPDATE client_stripe SET stripe_pm = NULL WHERE client_id = $session_client_id LIMIT 1");
 
     // Logging & Redirect
-    logAction("Stripe", "Update", "$session_contact_name deleted saved card (PM: $payment_method)", $session_client_id, $session_client_id);
+    logAction("Stripe", "Update", "$session_contact_name deleted saved Stripe payment method (PM: $payment_method)", $session_client_id, $session_client_id);
 
-    $_SESSION['alert_message'] = "Card removed";
+    $_SESSION['alert_message'] = "Payment method removed";
     header('Location: autopay.php');
 }

guest/index.php

@@ -1,3 +1,3 @@
 <?php 
 // Redirect to the portal
-header("Location: ../portal/");
+header("Location: ../client/");

includes/admin_side_nav.php

@@ -146,7 +146,7 @@
                 </li>
 
                 <!-- SETTINGS Section -->
-                <li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_settings_company.php', 'admin_settings_localization.php', 'admin_settings_theme.php', 'admin_settings_security.php', 'admin_settings_mail.php', 'admin_settings_notification.php', 'admin_settings_default.php', 'admin_settings_invoice.php', 'admin_settings_quote.php', 'admin_settings_online_payment.php', 'admin_settings_project.php', 'admin_settings_ticket.php', 'admin_settings_ai.php', 'admin_settings_integration.php', 'admin_settings_telemetry.php', 'admin_settings_module.php']) ? 'menu-open' : ''); ?>">
+                <li class="nav-item has-treeview mt-2 <?php echo (in_array(basename($_SERVER['PHP_SELF']), ['admin_settings_company.php', 'admin_settings_localization.php', 'admin_settings_theme.php', 'admin_settings_security.php', 'admin_settings_mail.php', 'admin_settings_notification.php', 'admin_settings_default.php', 'admin_settings_invoice.php', 'admin_settings_quote.php', 'admin_settings_online_payment.php', 'admin_settings_online_payment_clients.php', 'admin_settings_project.php', 'admin_settings_ticket.php', 'admin_settings_ai.php', 'admin_settings_integration.php', 'admin_settings_telemetry.php', 'admin_settings_module.php']) ? 'menu-open' : ''); ?>">
                     <a href="#" class="nav-link">
                         <p>
                             SETTINGS
@@ -214,6 +214,12 @@
                                 <p>Online Payment</p>
                             </a>
                         </li>
+                        <li class="nav-item">
+                            <a href="admin_settings_online_payment_clients.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_online_payment_clients.php' ? 'active' : ''); ?>">
+                                <i class="nav-icon far fa-credit-card"></i>
+                                <p>Payment/Stripe Clients</p>
+                            </a>
+                        </li>
                         <li class="nav-item">
                             <a href="admin_settings_project.php" class="nav-link <?php echo (basename($_SERVER['PHP_SELF']) == 'admin_settings_project.php' ? 'active' : ''); ?>">
                                 <i class="nav-icon fas fa-project-diagram"></i>

js/autopay_setup_stripe.js

@@ -6,7 +6,7 @@ initialize();
 // Fetch Checkout Session and retrieve the client secret
 async function initialize() {
     const fetchClientSecret = async () => {
-        const response = await fetch("/portal/portal_post.php?create_stripe_checkout", {
+        const response = await fetch("/client/post.php?create_stripe_checkout", {
             method: "POST",
         });
         const { clientSecret } = await response.json();

post/admin/admin_settings_online_payment_clients.php

@@ -0,0 +1,54 @@
+<?php
+
+defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
+
+if (isset($_GET['stripe_remove_pm'])) {
+    validateCSRFToken($_GET['csrf_token']);
+
+    if (!$config_stripe_enable) {
+        $_SESSION['alert_message'] = "Stripe not enabled";
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+        exit();
+    }
+
+    $client_id = intval($_GET['client_id']);
+    $payment_method = sanitizeInput($_GET['pm']);
+
+    try {
+        // Initialize stripe
+        require_once 'vendor/stripe-php-10.5.0/init.php';
+        $stripe = new \Stripe\StripeClient($config_stripe_secret);
+
+        // Detach PM
+        $stripe->paymentMethods->detach($payment_method, []);
+
+    } catch (Exception $e) {
+        $error = $e->getMessage();
+        error_log("Stripe payment error - encountered exception when removing payment method info for $payment_method: $error");
+        logApp("Stripe", "error", "Exception removing payment method for $payment_method: $error");
+    }
+
+    // Remove payment method from ITFlow
+    mysqli_query($mysqli, "UPDATE client_stripe SET stripe_pm = NULL WHERE client_id = $client_id LIMIT 1");
+
+    // Logging & Redirect
+    logAction("Stripe", "Update", "$session_name deleted saved Stripe payment method (PM: $payment_method)", $client_id);
+    $_SESSION['alert_message'] = "Payment method removed";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['stripe_reset_customer'])) {
+    validateCSRFToken($_GET['csrf_token']);
+
+    $client_id = intval($_GET['client_id']);
+
+    // Delete the customer id and payment method id stored in ITFlow, allowing the client to set these up again
+    mysqli_query($mysqli, "DELETE FROM client_stripe WHERE client_id = $client_id");
+
+    // Logging
+    logAction("Stripe", "Delete", "$session_name reset Stripe settings for client", $client_id);
+
+    $_SESSION['alert_message'] = "Reset client Stripe settings";
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}

post/user/ticket.php

@@ -1757,7 +1757,6 @@
 
         // EMAIL
         $subject = "Ticket closed - [$ticket_prefix$ticket_number] - $ticket_subject | (do not reply)";
-            //$body = "Hello $contact_name,<br><br>Your ticket regarding \"$ticket_subject\" has been closed. <br><br> We hope the request/issue was resolved to your satisfaction. If you need further assistance, please raise a new ticket using the below details. Please do not reply to this email. <br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Portal: https://$config_base_url/portal/ticket.php?id=$ticket_id<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
         $body = "Hello $contact_name,<br><br>Your ticket regarding \"$ticket_subject\" has been closed. <br><br> We hope the request/issue was resolved to your satisfaction, please provide your feedback <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$url_key\'>here</a>. <br>If you need further assistance, please raise a new ticket using the below details. Please do not reply to this email. <br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Portal: https://$config_base_url/client/ticket.php?id=$ticket_id<br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
 
         // Check email valid