mirror of https://github.com/itflow-org/itflow
Make Remmeber Me Token Configurable and default to 3
This commit is contained in:
johnnyq
parent
e1f1122b3e
commit
4824ae8ef8
5
cron.php
5
cron.php
|
|
@ -65,6 +65,9 @@ $config_telemetry = intval($row['config_telemetry']);
|
|||
$config_enable_alert_domain_expire = intval($row['config_enable_alert_domain_expire']);
|
||||
$config_send_invoice_reminders = intval($row['config_send_invoice_reminders']);
|
||||
|
||||
// Remmeber Token Expire
|
||||
$config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
|
||||
|
||||
// Set Currency Format
|
||||
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
|
||||
|
||||
|
|
@ -119,7 +122,7 @@ mysqli_query($mysqli, "DELETE FROM notifications WHERE notification_dismissed_at
|
|||
mysqli_query($mysqli, "DELETE FROM email_queue WHERE email_queued_at < CURDATE() - INTERVAL 90 DAY");
|
||||
|
||||
// Clean-up old remember me tokens (2 or more days old)
|
||||
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_created_at < CURDATE() - INTERVAL 2 DAY");
|
||||
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_created_at < CURDATE() - INTERVAL $config_login_remember_me_expire DAY");
|
||||
|
||||
//Logging
|
||||
//mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Cron', log_action = 'Task', log_description = 'Cron cleaned up old data'");
|
||||
|
|
|
|||
|
|
@ -1806,10 +1806,16 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
|
|||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.1.9'");
|
||||
}
|
||||
|
||||
// if (CURRENT_DATABASE_VERSION == '1.1.9') {
|
||||
// // Insert queries here required to update to DB version 1.2.0
|
||||
if (CURRENT_DATABASE_VERSION == '1.1.9') {
|
||||
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_login_remember_me_expire` INT(11) NOT NULL DEFAULT 3 AFTER `config_login_key_secret`");
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.2.0'");
|
||||
}
|
||||
|
||||
// if (CURRENT_DATABASE_VERSION == '1.2.0') {
|
||||
// // Insert queries here required to update to DB version 1.2.1
|
||||
// // Then, update the database to the next sequential version
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.2.0");
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.2.1");
|
||||
// }
|
||||
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@
|
|||
* It is used in conjunction with database_updates.php
|
||||
*/
|
||||
|
||||
DEFINE("LATEST_DATABASE_VERSION", "1.1.9");
|
||||
DEFINE("LATEST_DATABASE_VERSION", "1.2.0");
|
||||
|
|
|
|||
3
db.sql
3
db.sql
|
|
@ -1346,6 +1346,7 @@ CREATE TABLE `settings` (
|
|||
`config_login_message` text DEFAULT NULL,
|
||||
`config_login_key_required` tinyint(1) NOT NULL DEFAULT 0,
|
||||
`config_login_key_secret` varchar(255) DEFAULT NULL,
|
||||
`config_login_remember_me_expire` int(11) NOT NULL DEFAULT 3,
|
||||
`config_module_enable_ticketing` tinyint(1) NOT NULL DEFAULT 1,
|
||||
`config_theme` varchar(200) DEFAULT 'blue',
|
||||
`config_telemetry` tinyint(1) DEFAULT 0,
|
||||
|
|
@ -1881,4 +1882,4 @@ CREATE TABLE `vendors` (
|
|||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
||||
|
||||
-- Dump completed on 2024-04-01 16:24:03
|
||||
-- Dump completed on 2024-04-04 19:52:07
|
||||
|
|
|
|||
|
|
@ -107,6 +107,7 @@ $config_client_portal_enable = intval($row['config_client_portal_enable']);
|
|||
$config_login_message = $row['config_login_message'];
|
||||
$config_login_key_required = $row['config_login_key_required'];
|
||||
$config_login_key_secret = $row['config_login_key_secret'];
|
||||
$config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
|
||||
|
||||
// Locale
|
||||
$config_currency_format = "US_en";
|
||||
|
|
|
|||
|
|
@ -66,6 +66,8 @@ $config_client_portal_enable = intval($row['config_client_portal_enable']);
|
|||
$config_login_key_required = $row['config_login_key_required'];
|
||||
$config_login_key_secret = $row['config_login_key_secret'];
|
||||
|
||||
$config_login_remember_me_days_expire = intval($row['config_login_remember_me_days_expire']);
|
||||
|
||||
// Login key verification
|
||||
// If no/incorrect 'key' is supplied, send to client portal instead
|
||||
if ($config_login_key_required) {
|
||||
|
|
@ -129,8 +131,8 @@ if (isset($_POST['login'])) {
|
|||
|
||||
// Validate MFA via a remember-me cookie
|
||||
if (isset($_COOKIE['rememberme'])) {
|
||||
// Get remember tokens less than 2 days old
|
||||
$remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL 2 DAY)");
|
||||
// Get remember tokens less than $config_login_remember_me_days_expire days old
|
||||
$remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL $config_login_remember_me_expire DAY)");
|
||||
while ($row = mysqli_fetch_assoc($remember_tokens)) {
|
||||
if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) {
|
||||
$mfa_is_complete = true;
|
||||
|
|
|
|||
|
|
@ -503,8 +503,9 @@ if (isset($_POST['edit_security_settings'])) {
|
|||
$config_login_message = sanitizeInput($_POST['config_login_message']);
|
||||
$config_login_key_required = intval($_POST['config_login_key_required']);
|
||||
$config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']);
|
||||
$config_login_remember_me_expire = intval($_POST['config_login_remember_me_expire']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret' WHERE company_id = 1");
|
||||
mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire WHERE company_id = 1");
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
|
||||
|
|
|
|||
|
|
@ -33,6 +33,16 @@ require_once "inc_all_settings.php";
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label>Remember Me Expire <small class="text-secondary">(The amount of days before a device remember me token will expire)</small></label>
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
|
||||
</div>
|
||||
<input type="number" class="form-control" name="config_login_remember_me_expire" placeholder="Enter Days to Expire" value="<?php echo intval($config_login_remember_me_expire); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<hr>
|
||||
|
||||
<button type="submit" name="edit_security_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
|
||||
|
|
|
|||
Loading…
Reference in New Issue