AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '0.1.8.4' of https://github.com/twetech/itflow into 0.1.8.4

This commit is contained in:
o-psi 2024-02-22 17:49:11 +00:00
parent 3947c3a329 d2c33c28a0
commit 1d4271de36
5 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
client_assets.php
View File

@ -311,6 +311,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<span class="input-group-text"><i class="fa fa-user"></i></span>
</div>
<input type="text" class="form-control" value="<?php echo $login_username; ?>" readonly>
<div class="input-group-append">
<button class="btn btn-default clipboardjs" type="button" data-clipboard-text="<?php echo $login_username; ?>"><i class="fa fa-fw fa-copy"></i></button>
</div>
</div>
</div>
<div class="form-group">
@ -318,11 +321,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-lock"></i></span>
</div>
<input type="password" name="fakePassword" style="display:none"> <!-- Prevents Password Managers from asking -->
<input type="password" class="form-control" data-toggle="password" value="<?php echo $login_password; ?>" readonly autocomplete="off">
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
<input type="text" class="form-control" value="<?php echo $login_password; ?>" readonly autocomplete="off">
<div class="input-group-append">
<button class="btn btn-default clipboardjs" type="button" data-clipboard-text="<?php echo $login_password; ?>"><i class="fa fa-fw fa-copy"></i></button>
</div>

13
database_updates.php
View File

@ -1607,10 +1607,17 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.6'");
}
// if (CURRENT_DATABASE_VERSION == '1.0.6') {
// // Insert queries here required to update to DB version 1.0.7
if (CURRENT_DATABASE_VERSION == '1.0.6') {
// Insert queries here required to update to DB version 1.0.7
mysqli_query($mysqli, "CREATE TABLE `remember_tokens` (`remember_token_id` int(11) NOT NULL AUTO_INCREMENT,`remember_token_token` varchar(255) NOT NULL,`remember_token_user_id` int(11) NOT NULL,`remember_token_created_at` datetime NOT NULL DEFAULT current_timestamp()");
// Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
}
// if (CURRENT_DATABASE_VERSION == '1.0.7') {
// // Insert queries here required to update to DB version 1.0.8
// // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
// }
} else {

2
database_version.php
View File

@ -5,5 +5,5 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "1.0.6");
DEFINE("LATEST_DATABASE_VERSION", "1.0.7");

16
db.sql
View File

@ -1041,6 +1041,22 @@ CREATE TABLE `recurring_expenses` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table remember_tokens
--
DROP TABLE IF EXISTS `remember_tokens`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `remember_tokens` (
`remember_token_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`remember_token_user_id` int(10) unsigned NOT NULL,
`remember_token_token` varchar(100) NOT NULL,
`remember_token_created_at` timestamp NOT NULL DEFAULT current_timestamp(),
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
--
-- Table structure for table `revenues`
--

17
login.php
View File

@ -111,14 +111,21 @@ if (isset($_POST['login'])) {
$user_email = sanitizeInput($row['user_email']);
$token = sanitizeInput($row['user_token']);
$force_mfa = intval($row['user_config_force_mfa']);
$remember_token = $row['user_config_remember_me_token'];
if($force_mfa == 1 && $token == NULL) {
$config_start_page = "user_security.php";
}
// Get remember tokens less than 2 days old
$remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL 2 DAY)");
$bypass_2fa = false;
if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) {
$bypass_2fa = true;
if (isset($_COOKIE['rememberme'])) {
while ($row = mysqli_fetch_assoc($remember_tokens)) {
if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) {
$bypass_2fa = true;
break;
}
}
} elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
$bypass_2fa = true;
}
@ -126,8 +133,8 @@ if (isset($_POST['login'])) {
if ($bypass_2fa) {
if (isset($_POST['remember_me'])) {
$newRememberToken = bin2hex(random_bytes(64));
setcookie('rememberme', $newRememberToken, time() + 86400*14, "/", null, true, true);
$updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id";
setcookie('rememberme', $newRememberToken, time() + 86400*2, "/", null, true, true);
$updateTokenQuery = "INSERT INTO remember_tokens (remember_token_user_id, remember_token_token) VALUES ($user_id, '$newRememberToken')";
mysqli_query($mysqli, $updateTokenQuery);
}