This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs.

functions.php

@@ -283,9 +283,9 @@ function formatPhoneNumber($phoneNumber) {
 }
 
 //SESSION FINGERPRINT
-$session_ip = get_ip();
-$session_os = get_os();
-$session_browser = get_web_browser();
-$session_device = get_device();
+$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
+$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
+$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
+$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
 
 ?>

login.php

@@ -11,10 +11,10 @@ if(!file_exists('config.php')){
 
 <?php 
 
-$ip = get_ip();
-$os = get_os();
-$browser = get_web_browser();
-$device = get_device();
+$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
+$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
+$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
+$device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
 
 ?>
 
@@ -24,17 +24,18 @@ session_start();
 
 if(isset($_POST['login'])){
   
-  $username = mysqli_real_escape_string($mysqli,$_POST['username']);
-  $plain_password = $_POST['password'];
-  $password = md5($_POST['password']);
-  $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
+  $username = strip_tags(mysqli_real_escape_string($mysqli,$_POST['username']));
+  $password = $_POST['password'];
+  $current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
   if(!empty($current_code)){
-    $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
+    $current_code = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_code']));
   }
-  $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$username' AND user_password = '$password'");
-  
-  if(mysqli_num_rows($sql) == 1){
-    $row = mysqli_fetch_array($sql);
+  $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$username'");
+  $row = mysqli_fetch_array($sql);
+
+  if(password_verify($password, $row['user_password'])){
+
+
     $token = $row['user_token'];
     $_SESSION['user_id'] = $row['user_id'];
     $_SESSION['user_name'] = $row['user_name'];
@@ -74,9 +75,9 @@ if(isset($_POST['login'])){
         ";
       }     
     }
-  
+
   }else{
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$user_name failed to log in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$username failed to log in', log_ip = '$ip', log_user_agent = '$os - $browser - $device', log_created_at = NOW()");
 
     $response = "
       <div class='alert alert-danger'>
@@ -125,7 +126,7 @@ if(isset($_POST['login'])){
             </div>
           </div>
           <div class="input-group mb-3">
-            <input type="password" class="form-control" placeholder="Password" name="password" value="<?php if(!empty($token_field)){ echo $plain_password; } ?>" required>
+            <input type="password" class="form-control" placeholder="Password" name="password" value="<?php if(!empty($token_field)){ echo $password; } ?>" required>
             <div class="input-group-append">
               <div class="input-group-text">
                 <span class="fas fa-lock"></span>

logs.php

@@ -154,8 +154,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             $log_id = $row['log_id'];
             $log_type = $row['log_type'];
             $log_action = $row['log_action'];
-            $log_description = $row['log_description'];
-            $log_ip = $row['log_ip'];
+            $log_description = htmlentities($row['log_description']);
+            $log_ip = htmlentities($row['log_ip']);
             $log_user_agent = $row['log_user_agent'];
             $log_created_at = $row['log_created_at'];
             $user_id = $row['user_id'];

post.php

@@ -34,7 +34,7 @@ if(isset($_POST['add_user'])){
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
-    $password = md5($_POST['password']);
+    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
     $company = intval($_POST['company']);
     $level = intval($_POST['level']);
 
@@ -163,7 +163,7 @@ if(isset($_POST['edit_user'])){
     mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_updated_at = NOW() WHERE user_id = $user_id");
 
     if(!empty($new_password)){
-        $new_password = md5($new_password);
+        $new_password = password_hash($new_password, PASSWORD_DEFAULT);
         mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
     }
 
@@ -235,7 +235,7 @@ if(isset($_POST['edit_profile'])){
     mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_updated_at = NOW() WHERE user_id = $user_id");
 
     if(!empty($new_password)){
-        $new_password = md5($new_password);
+        $new_password = password_hash($new_password, PASSWORD_DEFAULT);
         mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password' WHERE user_id = $user_id");
     }
 
@@ -252,7 +252,7 @@ if(isset($_POST['edit_user_companies'])){
 
     $user_id = intval($_POST['user_id']);
     $companies = mysqli_real_escape_string($mysqli,$_POST['companies']);
-    
+
     //Turn the Array into a string with , seperation
     $companies_imploded = implode(",",$companies);
 

setup.php

@@ -391,7 +391,7 @@ if(isset($_POST['add_user'])){
 
   $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
   $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
-  $password = md5($_POST['password']);
+  $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
 
   mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_created_at = NOW()");