diff --git a/client_assets.php b/client_assets.php
index 7ba2d85b..7efb34bf 100644
--- a/client_assets.php
+++ b/client_assets.php
@@ -240,7 +240,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
}
$login_id = $row['login_id'];
- $login_username = htmlentities($row['login_username']);
+ $login_username = htmlentities(decryptLoginEntry($row['login_username']));
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
// Related tickets
diff --git a/client_logins.php b/client_logins.php
index 08e51124..4100c413 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -12,8 +12,8 @@ if (!empty($_GET['sb'])) {
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logins
- WHERE login_client_id = $client_id
- AND (login_name LIKE '%$q%' OR login_username LIKE '%$q%' OR login_uri LIKE '%$q%')
+ WHERE login_client_id = $client_id
+ AND (login_name LIKE '%$q%' OR login_uri LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}else{
$login_uri_display = "$login_uri";
}
- $login_username = htmlentities($row['login_username']);
+ $login_username = htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) {
$login_username_display = "-";
}else{
@@ -169,4 +169,4 @@ include("client_login_import_modal.php");
?>
-
\ No newline at end of file
+
diff --git a/database_updates.php b/database_updates.php
index 29ff09b3..051f5f45 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -466,9 +466,9 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.1'");
}
-
+
if (CURRENT_DATABASE_VERSION == '0.3.1') {
-
+
// Assets
mysqli_query($mysqli, "UPDATE `assets` SET `asset_login_id` = 0 WHERE `asset_login_id` IS NULL");
@@ -702,10 +702,10 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
mysqli_query($mysqli, "UPDATE `settings` SET `config_enable_alert_domain_expire` = 1 WHERE `config_enable_alert_domain_expire` IS NULL");
mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_enable_alert_domain_expire` `config_enable_alert_domain_expire` TINYINT(1) NOT NULL DEFAULT 1");
-
+
mysqli_query($mysqli, "UPDATE `settings` SET `config_send_invoice_reminders` = 1 WHERE `config_send_invoice_reminders` IS NULL");
mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_send_invoice_reminders` `config_send_invoice_reminders` TINYINT(1) NOT NULL DEFAULT 1");
-
+
mysqli_query($mysqli, "UPDATE `settings` SET `config_stripe_enable` = 0 WHERE `config_stripe_enable` IS NULL");
mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_stripe_enable` `config_stripe_enable` TINYINT(1) NOT NULL DEFAULT 0");
@@ -770,18 +770,34 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
if(CURRENT_DATABASE_VERSION == '0.3.3'){
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_telemetry` TINYINT(1) DEFAULT 0 AFTER `config_theme`");
-
+
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.4'");
}
- //if(CURRENT_DATABASE_VERSION == '0.3.4'){
+ if(CURRENT_DATABASE_VERSION == '0.3.4'){
// Insert queries here required to update to DB version 0.3.5
+ //Get & upgrade user login encryption
+ $sql_logins = mysqli_query($mysqli, "SELECT login_id, login_username FROM logins WHERE login_username IS NOT NULL");
+ foreach ($sql_logins as $row) {
+ $login_id = $row['login_id'];
+ $login_username = $row['login_username'];
+ $login_encrypted_username = encryptLoginEntry($row['login_username']);
+ mysqli_query($mysqli, "UPDATE logins SET login_username = '$login_encrypted_username' WHERE login_id = '$login_id'");
+ }
+
// Then, update the database to the next sequential version
- // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
+ mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
+ }
+
+ //if(CURRENT_DATABASE_VERSION == '0.3.5'){
+ // Insert queries here required to update to DB version 0.3.6
+
+ // Then, update the database to the next sequential version
+ // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.6'");
//}
} else {
// Up-to-date
-}
\ No newline at end of file
+}
diff --git a/database_version.php b/database_version.php
index 8f7c311e..cf73b8f0 100644
--- a/database_version.php
+++ b/database_version.php
@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
-DEFINE("LATEST_DATABASE_VERSION", "0.3.4");
\ No newline at end of file
+DEFINE("LATEST_DATABASE_VERSION", "0.3.5");
diff --git a/global_search.php b/global_search.php
index 519238e3..d84762b0 100644
--- a/global_search.php
+++ b/global_search.php
@@ -19,7 +19,7 @@ if (isset($_GET['query'])) {
$sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
$sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5");
- $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE (login_name LIKE '%$query%' OR login_username LIKE '%$query%') AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
+ $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
$q = htmlentities($_GET['query']);
?>
@@ -358,4 +358,4 @@ if (isset($_GET['query'])) {
-fetch_assoc()){
+ $login_username = decryptLoginEntry($row['login_username']);
$login_password = decryptLoginEntry($row['login_password']);
- $lineData = array($row['login_name'], $row['login_username'], $login_password, $row['login_uri']);
+ $lineData = array($row['login_name'], $login_username, $login_password, $row['login_uri']);
fputcsv($f, $lineData, $delimiter);
}
@@ -5707,7 +5708,7 @@ if(isset($_POST["import_client_logins_csv"])){
}
}
if(isset($column[1])){
- $username = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[1])));
+ $username = trim(strip_tags(mysqli_real_escape_string($mysqli, encryptLoginEntry($column[1]))));
}
if(isset($column[2])){
$password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($column[2])));
@@ -8201,7 +8202,7 @@ if(isset($_GET['export_client_pdf'])){