diff --git a/database_updates.php b/database_updates.php index f58e1d3f..9b26d3c7 100644 --- a/database_updates.php +++ b/database_updates.php @@ -1054,11 +1054,17 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.5.5'"); } - //if (CURRENT_DATABASE_VERSION == '0.5.5') { - //Insert queries here required to update to DB version 0.5.6 + if (CURRENT_DATABASE_VERSION == '0.5.5') { + mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_login_key_required` TINYINT(1) NOT NULL DEFAULT '0' AFTER `config_module_enable_accounting`, ADD `config_login_key_secret` VARCHAR(255) NULL DEFAULT NULL AFTER `config_login_key_required`; "); - // Then, update the database to the next sequential version - //mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.5.6'"); + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.5.6'"); + } + + //if (CURRENT_DATABASE_VERSION == '0.5.6') { + //Insert queries here required to update to DB version 0.5.7 + + // Then, update the database to the next sequential version + //mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.5.7'"); //} } else { diff --git a/database_version.php b/database_version.php index f52c69c3..ce273efe 100644 --- a/database_version.php +++ b/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "0.5.5"); +DEFINE("LATEST_DATABASE_VERSION", "0.5.6"); diff --git a/db.sql b/db.sql index c9896506..712a22ee 100644 --- a/db.sql +++ b/db.sql @@ -1138,6 +1138,8 @@ CREATE TABLE `settings` ( `config_theme` varchar(200) DEFAULT 'blue', `config_telemetry` tinyint(1) DEFAULT 0, `config_timezone` varchar(200) NOT NULL DEFAULT 'America/New_York', + `config_login_key_required` tinyint(1) NOT NULL DEFAULT 0, + `config_login_key_secret` varchar(255) DEFAULT NULL, PRIMARY KEY (`company_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; diff --git a/get_settings.php b/get_settings.php index dbd4a38e..e7a993e2 100644 --- a/get_settings.php +++ b/get_settings.php @@ -83,6 +83,10 @@ $config_module_enable_itdoc = intval($row['config_module_enable_itdoc']); $config_module_enable_ticketing = intval($row['config_module_enable_ticketing']); $config_module_enable_accounting = intval($row['config_module_enable_accounting']); +// Login key +$config_login_key_required = $row['config_login_key_required']; +$config_login_key_secret = $row['config_login_key_secret']; + // Currency $config_currency_format = "US_en"; diff --git a/login.php b/login.php index 6e4c735a..bdba08b6 100644 --- a/login.php +++ b/login.php @@ -29,7 +29,7 @@ if ($failed_login_count >= 15) { exit("

$config_app_name

Your IP address has been blocked due to repeated failed login attempts. Please try again later.

This action has been logged."); } -// Query Settings for "default" company (as companies are being removed shortly) +// Query Settings for company $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings LEFT JOIN companies ON settings.company_id = companies.company_id WHERE settings.company_id = 1"); $row = mysqli_fetch_array($sql_settings); @@ -46,6 +46,19 @@ $config_smtp_password = $row['config_smtp_password']; $config_mail_from_email = $row['config_mail_from_email']; $config_mail_from_name = $row['config_mail_from_name']; +//// Login key (if setup) +//$config_login_key_required = $row['config_login_key_required']; +//$config_login_key_secret = $row['config_login_key_secret']; +// +//// Login key verification +//// If no/incorrect 'key' is supplied, send to client portal instead +//if ($config_login_key_required) { +// if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) { +// header("Location: portal"); +// exit(); +// } +//} + // HTTP-Only cookies ini_set("session.cookie_httponly", true); @@ -255,6 +268,8 @@ if (isset($_POST['login'])) {

+ +
> >
diff --git a/post.php b/post.php index e0c1fe79..02ae6837 100644 --- a/post.php +++ b/post.php @@ -839,6 +839,22 @@ if(isset($_POST['edit_module_settings'])){ } +if(isset($_POST['edit_security_settings'])){ + validateAdminRole(); + + $config_login_key_required = intval($_POST['config_login_key_required']); + $config_login_key_secret = sanitizeInput($_POST['config_login_key_secret']); + + mysqli_query($mysqli,"UPDATE settings SET config_login_key_required = '$config_login_key_required', config_login_key_secret = '$config_login_key_secret' WHERE company_id = 1"); + + // Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Settings', log_action = 'Modify', log_description = '$session_name modified login key settings', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); + + $_SESSION['alert_message'] = "Login key settings updated"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + if(isset($_POST['edit_telemetry_settings'])){ validateAdminRole(); @@ -9280,7 +9296,7 @@ if(isset($_GET['logout'])){ session_unset(); session_destroy(); - header('Location: login.php'); + header('Location: login.php?key=' . $config_login_key_secret); } ?> diff --git a/settings_security.php b/settings_security.php new file mode 100644 index 00000000..d53968d9 --- /dev/null +++ b/settings_security.php @@ -0,0 +1,38 @@ + + +
+
+

Security

+
+
+ + +
+
+ value="1" id="customSwitch1"> + +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ + + + +
+
+ + + + + + + + + +
  • TAGS & CATEGORIES