AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-03 04:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make Remmeber Me Token Configurable and default to 3

Browse Source
This commit is contained in:
johnnyq
2024-04-04 19:52:44 -04:00
parent e1f1122b3e
commit 4824ae8ef8
8 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cron.php
View File

@@ -65,6 +65,9 @@ $config_telemetry = intval($row['config_telemetry']);
$config_enable_alert_domain_expire = intval($row['config_enable_alert_domain_expire']); $config_enable_alert_domain_expire = intval($row['config_enable_alert_domain_expire']);
$config_send_invoice_reminders = intval($row['config_send_invoice_reminders']); $config_send_invoice_reminders = intval($row['config_send_invoice_reminders']);
// Remmeber Token Expire
$config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
// Set Currency Format // Set Currency Format
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
@@ -119,7 +122,7 @@ mysqli_query($mysqli, "DELETE FROM notifications WHERE notification_dismissed_at
mysqli_query($mysqli, "DELETE FROM email_queue WHERE email_queued_at < CURDATE() - INTERVAL 90 DAY"); mysqli_query($mysqli, "DELETE FROM email_queue WHERE email_queued_at < CURDATE() - INTERVAL 90 DAY");
// Clean-up old remember me tokens (2 or more days old) // Clean-up old remember me tokens (2 or more days old)
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_created_at < CURDATE() - INTERVAL 2 DAY"); mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_created_at < CURDATE() - INTERVAL $config_login_remember_me_expire DAY");
//Logging //Logging
//mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Cron', log_action = 'Task', log_description = 'Cron cleaned up old data'"); //mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Cron', log_action = 'Task', log_description = 'Cron cleaned up old data'");

12
database_updates.php
View File

@@ -1806,10 +1806,16 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.1.9'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.1.9'");
} }
// if (CURRENT_DATABASE_VERSION == '1.1.9') { if (CURRENT_DATABASE_VERSION == '1.1.9') {
// // Insert queries here required to update to DB version 1.2.0 mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_login_remember_me_expire` INT(11) NOT NULL DEFAULT 3 AFTER `config_login_key_secret`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.2.0'");
}
// if (CURRENT_DATABASE_VERSION == '1.2.0') {
// // Insert queries here required to update to DB version 1.2.1
// // Then, update the database to the next sequential version // // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.2.0"); // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.2.1");
// } // }
} else { } else {

2
database_version.php
View File

@@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php * It is used in conjunction with database_updates.php
*/ */
DEFINE("LATEST_DATABASE_VERSION", "1.1.9"); DEFINE("LATEST_DATABASE_VERSION", "1.2.0");

3
db.sql
View File

@@ -1346,6 +1346,7 @@ CREATE TABLE `settings` (
`config_login_message` text DEFAULT NULL, `config_login_message` text DEFAULT NULL,
`config_login_key_required` tinyint(1) NOT NULL DEFAULT 0, `config_login_key_required` tinyint(1) NOT NULL DEFAULT 0,
`config_login_key_secret` varchar(255) DEFAULT NULL, `config_login_key_secret` varchar(255) DEFAULT NULL,
`config_login_remember_me_expire` int(11) NOT NULL DEFAULT 3,
`config_module_enable_ticketing` tinyint(1) NOT NULL DEFAULT 1, `config_module_enable_ticketing` tinyint(1) NOT NULL DEFAULT 1,
`config_theme` varchar(200) DEFAULT 'blue', `config_theme` varchar(200) DEFAULT 'blue',
`config_telemetry` tinyint(1) DEFAULT 0, `config_telemetry` tinyint(1) DEFAULT 0,
@@ -1881,4 +1882,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2024-04-01 16:24:03 -- Dump completed on 2024-04-04 19:52:07

1
get_settings.php
View File

@@ -107,6 +107,7 @@ $config_client_portal_enable = intval($row['config_client_portal_enable']);
$config_login_message = $row['config_login_message']; $config_login_message = $row['config_login_message'];
$config_login_key_required = $row['config_login_key_required']; $config_login_key_required = $row['config_login_key_required'];
$config_login_key_secret = $row['config_login_key_secret']; $config_login_key_secret = $row['config_login_key_secret'];
$config_login_remember_me_expire = intval($row['config_login_remember_me_expire']);
// Locale // Locale
$config_currency_format = "US_en"; $config_currency_format = "US_en";

6
login.php
View File

@@ -66,6 +66,8 @@ $config_client_portal_enable = intval($row['config_client_portal_enable']);
$config_login_key_required = $row['config_login_key_required']; $config_login_key_required = $row['config_login_key_required'];
$config_login_key_secret = $row['config_login_key_secret']; $config_login_key_secret = $row['config_login_key_secret'];
$config_login_remember_me_days_expire = intval($row['config_login_remember_me_days_expire']);
// Login key verification // Login key verification
// If no/incorrect 'key' is supplied, send to client portal instead // If no/incorrect 'key' is supplied, send to client portal instead
if ($config_login_key_required) { if ($config_login_key_required) {
@@ -129,8 +131,8 @@ if (isset($_POST['login'])) {
// Validate MFA via a remember-me cookie // Validate MFA via a remember-me cookie
if (isset($_COOKIE['rememberme'])) { if (isset($_COOKIE['rememberme'])) {
// Get remember tokens less than 2 days old // Get remember tokens less than $config_login_remember_me_days_expire days old
$remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL 2 DAY)"); $remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL $config_login_remember_me_expire DAY)");
while ($row = mysqli_fetch_assoc($remember_tokens)) { while ($row = mysqli_fetch_assoc($remember_tokens)) {
if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) { if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) {
$mfa_is_complete = true; $mfa_is_complete = true;

3
post/setting.php
View File

@@ -503,8 +503,9 @@ if (isset($_POST['edit_security_settings'])) {
$config_login_message = sanitizeInput($_POST['config_login_message']); $config_login_message = sanitizeInput($_POST['config_login_message']);
$config_login_key_required = intval($_POST['config_login_key_required']); $config_login_key_required = intval($_POST['config_login_key_required']);
$config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']); $config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']);
$config_login_remember_me_expire = intval($_POST['config_login_remember_me_expire']);
mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret' WHERE company_id = 1"); mysqli_query($mysqli,"UPDATE settings SET config_login_message = '$config_login_message', config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret', config_login_remember_me_expire = $config_login_remember_me_expire WHERE company_id = 1");
// Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");

10
settings_security.php
View File

@@ -33,6 +33,16 @@ require_once "inc_all_settings.php";
</div> </div>
</div> </div>
<div class="form-group">
<label>Remember Me Expire <small class="text-secondary">(The amount of days before a device remember me token will expire)</small></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-clock"></i></span>
</div>
<input type="number" class="form-control" name="config_login_remember_me_expire" placeholder="Enter Days to Expire" value="<?php echo intval($config_login_remember_me_expire); ?>">
</div>
</div>
<hr> <hr>
<button type="submit" name="edit_security_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button> <button type="submit" name="edit_security_settings" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>