AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-25 06:45:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix credential vars in Services

Browse Source
This commit is contained in:
johnnyq
2025-03-12 22:04:55 -04:00
parent c1c54780cb
commit 15aed891f4
3 changed files with 38 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
ajax/ajax_service_details.php
View File

@@ -28,23 +28,23 @@ if ($service_importance == "High") {
$service_importance_display = "-"; $service_importance_display = "-";
} }
// Associated Assets (and their logins/networks/locations) // Associated Assets (and their credentials/networks/locations)
$sql_assets = mysqli_query( $sql_assets = mysqli_query(
$mysqli, $mysqli,
"SELECT * FROM service_assets "SELECT * FROM service_assets
LEFT JOIN assets ON service_assets.asset_id = assets.asset_id LEFT JOIN assets ON service_assets.asset_id = assets.asset_id
LEFT JOIN asset_interfaces ON interface_asset_id = assets.asset_id AND interface_primary = 1 LEFT JOIN asset_interfaces ON interface_asset_id = assets.asset_id AND interface_primary = 1
LEFT JOIN logins ON service_assets.asset_id = logins.login_asset_id LEFT JOIN credentials ON service_assets.asset_id = credentials.credential_asset_id
LEFT JOIN networks ON interface_network_id = networks.network_id LEFT JOIN networks ON interface_network_id = networks.network_id
LEFT JOIN locations ON assets.asset_location_id = locations.location_id LEFT JOIN locations ON assets.asset_location_id = locations.location_id
WHERE service_id = $service_id" WHERE service_id = $service_id"
); );
// Associated logins // Associated credentials
$sql_logins = mysqli_query( $sql_credentials = mysqli_query(
$mysqli, $mysqli,
"SELECT * FROM service_logins "SELECT * FROM service_credentials
LEFT JOIN logins ON service_logins.login_id = logins.login_id LEFT JOIN credentials ON service_credentials.credential_id = credentials.credential_id
WHERE service_id = $service_id" WHERE service_id = $service_id"
); );
@@ -318,27 +318,27 @@ ob_start();
} }
?> ?>
<!-- Logins --> <!-- Credentials -->
<?php <?php
if (mysqli_num_rows($sql_assets) > 0 || mysqli_num_rows($sql_logins) > 0) { ?> if (mysqli_num_rows($sql_assets) > 0 || mysqli_num_rows($sql_credentials) > 0) { ?>
<h5><i class="fas fa-fw fa-key mr-2"></i>Logins</h5> <h5><i class="fas fa-fw fa-key mr-2"></i>Credentials</h5>
<ul> <ul>
<?php <?php
// Reset the $sql_assets/logins pointer to the start // Reset the $sql_assets/credentials pointer to the start
mysqli_data_seek($sql_assets, 0); mysqli_data_seek($sql_assets, 0);
mysqli_data_seek($sql_logins, 0); mysqli_data_seek($sql_credentials, 0);
// Showing logins linked to assets // Showing credentials linked to assets
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['login_name'])) { if (!empty($row['login_name'])) {
echo "<li><a href=\"credentials.php?client_id=$client_id&q=$row[login_name]\">$row[login_name]</a></li>"; echo "<li><a href=\"credentials.php?client_id=$client_id&q=$row[credential_name]\">$row[credential_name]</a></li>";
} }
} }
// Showing explicitly linked logins // Showing explicitly linked credentials
while ($row = mysqli_fetch_array($sql_logins)) { while ($row = mysqli_fetch_array($sql_credentials)) {
if (!empty($row['login_name'])) { if (!empty($row['credential_name'])) {
echo "<li><a href=\"credentials.php?client_id=$client_id&q=$row[login_name]\">$row[login_name]</a></li>"; echo "<li><a href=\"credentials.php?client_id=$client_id&q=$row[credential_name]\">$row[credential_name]</a></li>";
} }
} }
?> ?>
@@ -349,27 +349,27 @@ ob_start();
<!-- URLs --> <!-- URLs -->
<?php <?php
if ($sql_logins || $sql_assets) { ?> if ($sql_credentials || $sql_assets) { ?>
<h5><i class="fas fa-fw fa-link mr-2"></i>URLs</h5> <h5><i class="fas fa-fw fa-link mr-2"></i>URLs</h5>
<ul> <ul>
<?php <?php
// Reset the $sql_logins pointer to the start // Reset the $sql_credentials pointer to the start
mysqli_data_seek($sql_logins, 0); mysqli_data_seek($sql_credentials, 0);
// Showing URLs linked to logins // Showing URLs linked to credentials
while ($row = mysqli_fetch_array($sql_logins)) { while ($row = mysqli_fetch_array($sql_credentials)) {
if (!empty($row['login_uri'])) { if (!empty($row['credential_uri'])) {
echo "<li><a href=\"https://$row[login_uri]\">$row[login_uri]</a></li>"; echo "<li><a href=\"https://$row[credential_uri]\">$row[credential_uri]</a></li>";
} }
} }
// Reset the $sql_assets pointer to the start // Reset the $sql_assets pointer to the start
mysqli_data_seek($sql_assets, 0); mysqli_data_seek($sql_assets, 0);
// Show URLs linked to assets, that also have logins // Show URLs linked to assets, that also have credentials
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['login_uri'])) { if (!empty($row['credential_uri'])) {
echo "<li><a href=\"https://$row[login_uri]\">$row[login_uri]</a></li>"; echo "<li><a href=\"https://$row[credential_uri]\">$row[credential_uri]</a></li>";
} }
} }
?> ?>

12
modals/service_add_modal.php
View File

@@ -190,14 +190,14 @@
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="logins">Select related logins</label> <label for="logins">Select related Credentials</label>
<select class="form-control select2" id="logins" name="logins[]" multiple> <select class="form-control select2" id="credentials" name="credentials[]" multiple>
<?php <?php
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_archived_at IS NULL AND login_client_id = $client_id"); $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_archived_at IS NULL AND credential_client_id = $client_id");
while ($row = mysqli_fetch_array($sql)) { while ($row = mysqli_fetch_array($sql)) {
$login_id = intval($row['login_id']); $credential_id = intval($row['credential_id']);
$login_name = nullable_htmlentities($row['login_name']); $credential_name = nullable_htmlentities($row['credential_name']);
echo "<option value=\"$login_id\">$login_name</option>"; echo "<option value=\"$credential_id\">$credential_name</option>";
} }
?> ?>
</select> </select>

10
post/user/asset.php
View File

@@ -43,15 +43,15 @@ if (isset($_POST['add_asset'])) {
if (!empty($_POST['username'])) { if (!empty($_POST['username'])) {
$username = trim(mysqli_real_escape_string($mysqli, encryptLoginEntry($_POST['username']))); $username = trim(mysqli_real_escape_string($mysqli, encryptCredentialEntry($_POST['username'])));
$password = trim(mysqli_real_escape_string($mysqli, encryptLoginEntry($_POST['password']))); $password = trim(mysqli_real_escape_string($mysqli, encryptCredentialEntry($_POST['password'])));
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_username = '$username', login_password = '$password', login_asset_id = $asset_id, login_client_id = $client_id"); mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_username = '$username', credential_password = '$password', credential_asset_id = $asset_id, credential_client_id = $client_id");
$login_id = mysqli_insert_id($mysqli); $credential_id = mysqli_insert_id($mysqli);
//Logging //Logging
logAction("Credential", "Create", "$session_name created login credential for asset $asset_name", $client_id, $login_id); logAction("Credential", "Create", "$session_name created login credential for asset $asset_name", $client_id, $credential_id);
$alert_extended = " along with login credentials"; $alert_extended = " along with login credentials";