From b31f1b4c49755b693d091b9efd5f87f2a09c25c8 Mon Sep 17 00:00:00 2001 From: o-psi Date: Wed, 21 Feb 2024 11:16:40 -0600 Subject: [PATCH 1/6] add ticket description to AI Query --- js/ai_reword.js | 3 ++- post/ai.php | 2 +- ticket.php | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/js/ai_reword.js b/js/ai_reword.js index 515869a8..f2ae4902 100644 --- a/js/ai_reword.js +++ b/js/ai_reword.js @@ -1,5 +1,6 @@ document.getElementById('rewordButton').addEventListener('click', function() { var textInput = document.getElementById('textInput'); + var ticketDescription = document.getElementById('ticketDescription'); var rewordButton = document.getElementById('rewordButton'); var undoButton = document.getElementById('undoButton'); var previousText = textInput.value; // Store the current text @@ -13,7 +14,7 @@ document.getElementById('rewordButton').addEventListener('click', function() { headers: { 'Content-Type': 'application/json', }, - body: JSON.stringify({ text: textInput.value }), + body: JSON.stringify({ text: textInput.value, description: ticketDescription.value }), }) .then(response => response.json()) .then(data => { diff --git a/post/ai.php b/post/ai.php index 4ab0f301..fc6446f2 100644 --- a/post/ai.php +++ b/post/ai.php @@ -13,7 +13,7 @@ if (isset($_GET['ai_reword'])) { $input = json_decode($inputJSON, TRUE); // Convert JSON into array. // Prefix the input text with "reword: " - $prefixedText = "reword: " . $input['text']; + $prefixedText = "You are a technician at a help desk, training another technician. This is a response to the following issue " . $input['description'] . " Help me reword this for clarity and proffesionalism: " . $input['text']; // Preparing the data for the OpenAI Chat API request. $data = [ diff --git a/ticket.php b/ticket.php index 15c33ad9..9c57cb40 100644 --- a/ticket.php +++ b/ticket.php @@ -285,7 +285,7 @@ if (isset($_GET['ticket_id'])) {

-
+
Date: Wed, 21 Feb 2024 18:13:10 +0000 Subject: [PATCH 2/6] Update AI prompting --- js/ai_reword.js | 6 +++++- post/ai.php | 8 ++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/js/ai_reword.js b/js/ai_reword.js index f2ae4902..7c080fe4 100644 --- a/js/ai_reword.js +++ b/js/ai_reword.js @@ -14,7 +14,11 @@ document.getElementById('rewordButton').addEventListener('click', function() { headers: { 'Content-Type': 'application/json', }, - body: JSON.stringify({ text: textInput.value, description: ticketDescription.value }), + // Body with the text to reword and the ticket description + body: JSON.stringify({ + text: textInput.value, + ticketDescription: ticketDescription.innerText.valueOf(), + }), }) .then(response => response.json()) .then(data => { diff --git a/post/ai.php b/post/ai.php index fc6446f2..e2ca4160 100644 --- a/post/ai.php +++ b/post/ai.php @@ -12,14 +12,16 @@ if (isset($_GET['ai_reword'])) { $inputJSON = file_get_contents('php://input'); $input = json_decode($inputJSON, TRUE); // Convert JSON into array. + $promptText = "You are an experienced technician at a help desk, training a new technician. The system will tell them to reach out again if they need help, so dont mention that. Help me rewrite the following response for clarity and professionalism, but dont make it too wordy; Be sure to mention the issue in the response so the client feels heard:"; // Prefix the input text with "reword: " - $prefixedText = "You are a technician at a help desk, training another technician. This is a response to the following issue " . $input['description'] . " Help me reword this for clarity and proffesionalism: " . $input['text']; + $userText = $input['text']; // Preparing the data for the OpenAI Chat API request. $data = [ "model" => "$config_ai_model", // Specify the model "messages" => [ - ["role" => "user", "content" => $prefixedText] + ["role" => "system", "content" => $promptText], + ["role" => "user", "content" => $userText], ], "temperature" => 0.7 ]; @@ -45,6 +47,8 @@ if (isset($_GET['ai_reword'])) { // Check if the response contains the expected data and return it. if (isset($responseData['choices'][0]['message']['content'])) { + // Remove any square brackets and their contents from the response. + $responseData['choices'][0]['message']['content'] = preg_replace('/\[.*?\]/', '', $responseData['choices'][0]['message']['content']); echo json_encode(['rewordedText' => trim($responseData['choices'][0]['message']['content'])]); } else { // Handle errors or unexpected response structure. From c2cf0bb448fc0ce3afb283a523ad2ee48236207e Mon Sep 17 00:00:00 2001 From: o-psi Date: Thu, 22 Feb 2024 17:45:09 +0000 Subject: [PATCH 3/6] Change remember me tokens to a many:many table to allow for multiple devices to be remembered. --- database_updates.php | 13 ++++++++++--- database_version.php | 2 +- db.sql | 16 ++++++++++++++++ login.php | 15 +++++++++++---- 4 files changed, 38 insertions(+), 8 deletions(-) diff --git a/database_updates.php b/database_updates.php index 987f600d..7559f1cf 100644 --- a/database_updates.php +++ b/database_updates.php @@ -1607,10 +1607,17 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.6'"); } - // if (CURRENT_DATABASE_VERSION == '1.0.6') { - // // Insert queries here required to update to DB version 1.0.7 + if (CURRENT_DATABASE_VERSION == '1.0.6') { + // Insert queries here required to update to DB version 1.0.7 + mysqli_query($mysqli, "CREATE TABLE `remember_tokens` (`remember_token_id` int(11) NOT NULL AUTO_INCREMENT,`remember_token_token` varchar(255) NOT NULL,`remember_token_user_id` int(11) NOT NULL,`remember_token_created_at` datetime NOT NULL DEFAULT current_timestamp()"); + // Then, update the database to the next sequential version + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'"); + } + + // if (CURRENT_DATABASE_VERSION == '1.0.7') { + // // Insert queries here required to update to DB version 1.0.8 // // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'"); + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'"); // } } else { diff --git a/database_version.php b/database_version.php index 9d80a0a0..c1dcafe2 100644 --- a/database_version.php +++ b/database_version.php @@ -5,5 +5,5 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "1.0.6"); +DEFINE("LATEST_DATABASE_VERSION", "1.0.7"); diff --git a/db.sql b/db.sql index 01a0ecfe..4c8aa20a 100644 --- a/db.sql +++ b/db.sql @@ -1041,6 +1041,22 @@ CREATE TABLE `recurring_expenses` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Table structure for table remember_tokens +-- + +DROP TABLE IF EXISTS `remember_tokens`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `remember_tokens` ( + `remember_token_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `remember_token_user_id` int(10) unsigned NOT NULL, + `remember_token_token` varchar(100) NOT NULL, + `remember_token_created_at` timestamp NOT NULL DEFAULT current_timestamp(), + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + + -- -- Table structure for table `revenues` -- diff --git a/login.php b/login.php index 3e28487d..ef697665 100644 --- a/login.php +++ b/login.php @@ -111,14 +111,21 @@ if (isset($_POST['login'])) { $user_email = sanitizeInput($row['user_email']); $token = sanitizeInput($row['user_token']); $force_mfa = intval($row['user_config_force_mfa']); - $remember_token = $row['user_config_remember_me_token']; if($force_mfa == 1 && $token == NULL) { $config_start_page = "user_security.php"; } + // Get remember tokens less than 2 days old + $remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL 2 DAY)"); + $bypass_2fa = false; - if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) { - $bypass_2fa = true; + if (isset($_COOKIE['rememberme'])) { + while ($row = mysqli_fetch_assoc($remember_tokens)) { + if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) { + $bypass_2fa = true; + break; + } + } } elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) { $bypass_2fa = true; } @@ -127,7 +134,7 @@ if (isset($_POST['login'])) { if (isset($_POST['remember_me'])) { $newRememberToken = bin2hex(random_bytes(64)); setcookie('rememberme', $newRememberToken, time() + 86400*2, "/", null, true, true); - $updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id"; + $updateTokenQuery = "INSERT INTO remember_tokens (remember_token_user_id, remember_token_token) VALUES ($user_id, '$newRememberToken')"; mysqli_query($mysqli, $updateTokenQuery); } From 28ab569dfcf6686685097536e0c0cbaf51cb864c Mon Sep 17 00:00:00 2001 From: o-psi Date: Thu, 22 Feb 2024 17:48:53 +0000 Subject: [PATCH 4/6] Update Prompt --- post/ai.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post/ai.php b/post/ai.php index e2ca4160..5e5244d2 100644 --- a/post/ai.php +++ b/post/ai.php @@ -12,7 +12,7 @@ if (isset($_GET['ai_reword'])) { $inputJSON = file_get_contents('php://input'); $input = json_decode($inputJSON, TRUE); // Convert JSON into array. - $promptText = "You are an experienced technician at a help desk, training a new technician. The system will tell them to reach out again if they need help, so dont mention that. Help me rewrite the following response for clarity and professionalism, but dont make it too wordy; Be sure to mention the issue in the response so the client feels heard:"; + $promptText = "You are an experienced technician at a help desk, training a new technician. You are helping rewrite response for clarity and professionalism, but dont make it too wordy."; // Prefix the input text with "reword: " $userText = $input['text']; From 3947c3a32907c3e48102467abb336bdbd7747ba9 Mon Sep 17 00:00:00 2001 From: o-psi Date: Thu, 22 Feb 2024 17:49:08 +0000 Subject: [PATCH 5/6] Remove comment --- post/ai.php | 1 - 1 file changed, 1 deletion(-) diff --git a/post/ai.php b/post/ai.php index 5e5244d2..4810cde8 100644 --- a/post/ai.php +++ b/post/ai.php @@ -13,7 +13,6 @@ if (isset($_GET['ai_reword'])) { $input = json_decode($inputJSON, TRUE); // Convert JSON into array. $promptText = "You are an experienced technician at a help desk, training a new technician. You are helping rewrite response for clarity and professionalism, but dont make it too wordy."; - // Prefix the input text with "reword: " $userText = $input['text']; // Preparing the data for the OpenAI Chat API request. From 5d620d041aa3641c0254ddd3d0077fd930448b24 Mon Sep 17 00:00:00 2001 From: o-psi Date: Thu, 22 Feb 2024 12:15:15 -0600 Subject: [PATCH 6/6] Fix user role and other definitions --- login.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/login.php b/login.php index ef697665..68aa116c 100644 --- a/login.php +++ b/login.php @@ -111,6 +111,9 @@ if (isset($_POST['login'])) { $user_email = sanitizeInput($row['user_email']); $token = sanitizeInput($row['user_token']); $force_mfa = intval($row['user_config_force_mfa']); + $user_role = intval($row['user_role']); + $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; + $user_extension_key = $row['user_extension_key']; if($force_mfa == 1 && $token == NULL) { $config_start_page = "user_security.php"; } @@ -178,21 +181,20 @@ if (isset($_POST['login'])) { // Session info $_SESSION['user_id'] = $user_id; $_SESSION['user_name'] = $user_name; - $_SESSION['user_role'] = intval($row['user_role']); + $_SESSION['user_role'] = $user_role; $_SESSION['csrf_token'] = randomString(156); $_SESSION['logged'] = true; // Setup encryption session key - if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) { - $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; + if (is_null($user_encryption_ciphertext) && $user_role > 1) { $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); generateUserSessionKey($site_encryption_master_key); // Setup extension - if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) { + if (is_null($user_extension_key)) { // Extension cookie // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. - setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); + setcookie("user_extension_key", "$user_extension_key", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); // Set PHP session in DB, so we can access the session encryption data (above) $user_php_session = session_id();