AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #699 from wrongecho/login-enhancements 

Login page enhancements
This commit is contained in:
Johnny 2023-06-19 16:29:54 -04:00 committed by GitHub
parent 8a33a45d20 7f5e63e518
commit 2c7f6b1127
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 30 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/login_prevent_resubmit.js Normal file
View File

@ -0,0 +1,3 @@
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}

18
login.php
View File

@ -1,6 +1,6 @@
<?php
header("X-Frame-Options: DENY");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
if (!file_exists('config.php')) {
header("Location: setup.php");
@ -66,7 +66,7 @@ if ($config_login_key_required) {
ini_set("session.cookie_httponly", true);
// Tell client to only send cookie(s) over HTTPS
if ($config_https_only) {
if ($config_https_only || !isset($config_https_only)) {
ini_set("session.cookie_secure", true);
}
@ -227,6 +227,8 @@ if (isset($_POST['login'])) {
// Password incorrect or user doesn't exist - show generic error
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent'");
$response = "
@ -309,21 +311,17 @@ if (isset($_POST['login'])) {
<!-- jQuery -->
<script src="plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 -->
<script src="plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App -->
<script src="dist/js/adminlte.min.js"></script>
<script src="plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<!-- <script src="plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script> -->
<!-- Prevents resubmit on refresh or back -->
<script>
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
<script src="js/login_prevent_resubmit.js"></script>
</body>
</html>

4
portal/document.php
View File

@ -4,7 +4,7 @@
* Docs for PTC / technical contacts
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php");
@ -57,7 +57,7 @@ $document_content = $purifier->purify($row['document_content']);
</div>
<br>
<div class="card">
<div class="card-body">
<h3><?php echo $document_name; ?></h3>

2
portal/documents.php
View File

@ -4,7 +4,7 @@
* Docs for PTC / technical contacts
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php");

2
portal/index.php
View File

@ -4,7 +4,7 @@
* Landing / Home page for the client portal
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php");

2
portal/invoices.php
View File

@ -4,7 +4,7 @@
* Invoices for PTC
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php");

14
portal/login.php
View File

@ -4,9 +4,7 @@
* Landing / Home page for the client portal
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("X-Frame-Options: DENY");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
$session_company_id = 1;
require_once('../config.php');
@ -162,19 +160,15 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
<!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 -->
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App -->
<script src="../dist/js/adminlte.min.js"></script>
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<!-- Prevents resubmit on refresh or back -->
<script>
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
<script src="../js/login_prevent_resubmit.js"></script>
</body>
</html>

0
portal/login_create.php
View File

12
portal/login_reset.php
View File

@ -4,6 +4,8 @@
* Password reset page
*/
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
$session_company_id = 1;
require_once('../config.php');
require_once('../functions.php');
@ -274,19 +276,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 -->
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App -->
<script src="../dist/js/adminlte.min.js"></script>
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<!-- Prevents resubmit on refresh or back -->
<script>
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
<script src="../js/login_prevent_resubmit.js"></script>
</body>
</html>

4
portal/portal_header.php
View File

@ -12,7 +12,7 @@ header("X-Frame-Options: DENY"); // Legacy
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo nullable_htmlentities($company_name); ?> | Client Portal</title>
<title><?php echo nullable_htmlentities($session_company_name); ?> | Client Portal</title>
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
@ -32,7 +32,7 @@ header("X-Frame-Options: DENY"); // Legacy
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="index.php"><?php echo nullable_htmlentities($company_name); ?></a>
<a class="navbar-brand" href="index.php"><?php echo nullable_htmlentities($session_company_name); ?></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>

2
portal/profile.php
View File

@ -4,7 +4,7 @@
* User profile
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once('inc_portal.php');
?>

2
portal/quotes.php
View File

@ -4,7 +4,7 @@
* Quotes for PTC / billing contacts
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php");

2
portal/tickets.php
View File

@ -4,7 +4,7 @@
* Landing / Home page for the client portal
*/
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php");