mirror of https://github.com/itflow-org/itflow
Merge pull request #578 from wrongecho/login-field-encrypt
Add encryption for usernames stored in the logins area.
This commit is contained in:
Johnny
GitHub
commit
41068d356b
|
|
@ -240,7 +240,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
}
|
||||
|
||||
$login_id = $row['login_id'];
|
||||
$login_username = htmlentities($row['login_username']);
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
|
||||
|
||||
// Related tickets
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ if (!empty($_GET['sb'])) {
|
|||
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logins
|
||||
WHERE login_client_id = $client_id
|
||||
AND (login_name LIKE '%$q%' OR login_username LIKE '%$q%' OR login_uri LIKE '%$q%')
|
||||
WHERE login_client_id = $client_id
|
||||
AND (login_name LIKE '%$q%' OR login_uri LIKE '%$q%')
|
||||
ORDER BY $sb $o LIMIT $record_from, $record_to");
|
||||
|
||||
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
||||
|
|
@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
|||
}else{
|
||||
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
|
||||
}
|
||||
$login_username = htmlentities($row['login_username']);
|
||||
$login_username = htmlentities(decryptLoginEntry($row['login_username']));
|
||||
if (empty($login_username)) {
|
||||
$login_username_display = "-";
|
||||
}else{
|
||||
|
|
@ -169,4 +169,4 @@ include("client_login_import_modal.php");
|
|||
|
||||
?>
|
||||
|
||||
<?php include("footer.php"); ?>
|
||||
<?php include("footer.php"); ?>
|
||||
|
|
|
|||
|
|
@ -466,9 +466,9 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
|
|||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.1'");
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (CURRENT_DATABASE_VERSION == '0.3.1') {
|
||||
|
||||
|
||||
// Assets
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `assets` SET `asset_login_id` = 0 WHERE `asset_login_id` IS NULL");
|
||||
|
|
@ -702,10 +702,10 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
|
|||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_enable_alert_domain_expire` = 1 WHERE `config_enable_alert_domain_expire` IS NULL");
|
||||
mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_enable_alert_domain_expire` `config_enable_alert_domain_expire` TINYINT(1) NOT NULL DEFAULT 1");
|
||||
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_send_invoice_reminders` = 1 WHERE `config_send_invoice_reminders` IS NULL");
|
||||
mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_send_invoice_reminders` `config_send_invoice_reminders` TINYINT(1) NOT NULL DEFAULT 1");
|
||||
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_stripe_enable` = 0 WHERE `config_stripe_enable` IS NULL");
|
||||
mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_stripe_enable` `config_stripe_enable` TINYINT(1) NOT NULL DEFAULT 0");
|
||||
|
||||
|
|
@ -770,18 +770,34 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
|
|||
|
||||
if(CURRENT_DATABASE_VERSION == '0.3.3'){
|
||||
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_telemetry` TINYINT(1) DEFAULT 0 AFTER `config_theme`");
|
||||
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.4'");
|
||||
}
|
||||
|
||||
//if(CURRENT_DATABASE_VERSION == '0.3.4'){
|
||||
if(CURRENT_DATABASE_VERSION == '0.3.4'){
|
||||
// Insert queries here required to update to DB version 0.3.5
|
||||
|
||||
//Get & upgrade user login encryption
|
||||
$sql_logins = mysqli_query($mysqli, "SELECT login_id, login_username FROM logins WHERE login_username IS NOT NULL");
|
||||
foreach ($sql_logins as $row) {
|
||||
$login_id = $row['login_id'];
|
||||
$login_username = $row['login_username'];
|
||||
$login_encrypted_username = encryptLoginEntry($row['login_username']);
|
||||
mysqli_query($mysqli, "UPDATE logins SET login_username = '$login_encrypted_username' WHERE login_id = '$login_id'");
|
||||
}
|
||||
|
||||
// Then, update the database to the next sequential version
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
|
||||
}
|
||||
|
||||
//if(CURRENT_DATABASE_VERSION == '0.3.5'){
|
||||
// Insert queries here required to update to DB version 0.3.6
|
||||
|
||||
// Then, update the database to the next sequential version
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.6'");
|
||||
//}
|
||||
|
||||
|
||||
} else {
|
||||
// Up-to-date
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@
|
|||
* It is used in conjunction with database_updates.php
|
||||
*/
|
||||
|
||||
DEFINE("LATEST_DATABASE_VERSION", "0.3.4");
|
||||
DEFINE("LATEST_DATABASE_VERSION", "0.3.5");
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ if (isset($_GET['query'])) {
|
|||
$sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
|
||||
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
|
||||
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5");
|
||||
$sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE (login_name LIKE '%$query%' OR login_username LIKE '%$query%') AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
|
||||
$sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
|
||||
|
||||
$q = htmlentities($_GET['query']);
|
||||
?>
|
||||
|
|
@ -358,4 +358,4 @@ if (isset($_GET['query'])) {
|
|||
|
||||
<?php } ?>
|
||||
|
||||
<?php include("footer.php");
|
||||
<?php include("footer.php");
|
||||
|
|
|
|||
11
post.php
11
post.php
|
|
@ -5553,7 +5553,7 @@ if(isset($_POST['add_login'])){
|
|||
$client_id = intval($_POST['client_id']);
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
$uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
|
||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
|
||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['username']))));
|
||||
$password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['password'])));
|
||||
$otp_secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['otp_secret'])));
|
||||
$note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
|
||||
|
|
@ -5580,7 +5580,7 @@ if(isset($_POST['edit_login'])){
|
|||
$login_id = intval($_POST['login_id']);
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
$uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
|
||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
|
||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['username']))));
|
||||
$password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['password'])));
|
||||
$otp_secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['otp_secret'])));
|
||||
$note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
|
||||
|
|
@ -5643,8 +5643,9 @@ if(isset($_GET['export_client_logins_csv'])){
|
|||
|
||||
//output each row of the data, format line as csv and write to file pointer
|
||||
while($row = $sql->fetch_assoc()){
|
||||
$login_username = decryptLoginEntry($row['login_username']);
|
||||
$login_password = decryptLoginEntry($row['login_password']);
|
||||
$lineData = array($row['login_name'], $row['login_username'], $login_password, $row['login_uri']);
|
||||
$lineData = array($row['login_name'], $login_username, $login_password, $row['login_uri']);
|
||||
fputcsv($f, $lineData, $delimiter);
|
||||
}
|
||||
|
||||
|
|
@ -5707,7 +5708,7 @@ if(isset($_POST["import_client_logins_csv"])){
|
|||
}
|
||||
}
|
||||
if(isset($column[1])){
|
||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[1])));
|
||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli, encryptLoginEntry($column[1]))));
|
||||
}
|
||||
if(isset($column[2])){
|
||||
$password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($column[2])));
|
||||
|
|
@ -8201,7 +8202,7 @@ if(isset($_GET['export_client_pdf'])){
|
|||
<?php
|
||||
while($row = mysqli_fetch_array($sql_logins)){
|
||||
$login_name = $row['login_name'];
|
||||
$login_username = $row['login_username'];
|
||||
$login_username = decryptLoginEntry($row['login_username']);
|
||||
$login_password = decryptLoginEntry($row['login_password']);
|
||||
$login_uri = $row['login_uri'];
|
||||
$login_note = $row['login_note'];
|
||||
|
|
|
|||
Loading…
Reference in New Issue