Add encryption for usernames stored in the logins ("passwords") area.

client_assets.php

@@ -240,7 +240,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         }
 
                         $login_id = $row['login_id'];
-                        $login_username = htmlentities($row['login_username']);
+                        $login_username = htmlentities(decryptLoginEntry($row['login_username']));
                         $login_password = htmlentities(decryptLoginEntry($row['login_password']));
 
                         // Related tickets

client_logins.php

@@ -12,8 +12,8 @@ if (!empty($_GET['sb'])) {
 $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
 
 $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logins 
-  WHERE login_client_id = $client_id 
-  AND (login_name LIKE '%$q%' OR login_username LIKE '%$q%' OR login_uri LIKE '%$q%') 
+  WHERE login_client_id = $client_id
+  AND (login_name LIKE '%$q%' OR login_uri LIKE '%$q%')
   ORDER BY $sb $o LIMIT $record_from, $record_to");
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             }else{
               $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
             }
-            $login_username = htmlentities($row['login_username']);
+            $login_username = htmlentities(decryptLoginEntry($row['login_username']));
             if (empty($login_username)) {
               $login_username_display = "-";
             }else{
@@ -169,4 +169,4 @@ include("client_login_import_modal.php");
 
 ?>
 
-<?php include("footer.php"); ?>
+<?php include("footer.php"); ?>

database_updates.php

@@ -466,9 +466,9 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.1'");
     }
 
-    
+
     if (CURRENT_DATABASE_VERSION == '0.3.1') {
-        
+
         // Assets
 
         mysqli_query($mysqli, "UPDATE `assets` SET `asset_login_id` = 0 WHERE `asset_login_id` IS NULL");
@@ -702,10 +702,10 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
 
         mysqli_query($mysqli, "UPDATE `settings` SET `config_enable_alert_domain_expire` = 1 WHERE `config_enable_alert_domain_expire` IS NULL");
         mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_enable_alert_domain_expire` `config_enable_alert_domain_expire` TINYINT(1) NOT NULL DEFAULT 1");
-        
+
         mysqli_query($mysqli, "UPDATE `settings` SET `config_send_invoice_reminders` = 1 WHERE `config_send_invoice_reminders` IS NULL");
         mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_send_invoice_reminders` `config_send_invoice_reminders` TINYINT(1) NOT NULL DEFAULT 1");
-        
+
         mysqli_query($mysqli, "UPDATE `settings` SET `config_stripe_enable` = 0 WHERE `config_stripe_enable` IS NULL");
         mysqli_query($mysqli, "ALTER TABLE `settings` CHANGE `config_stripe_enable` `config_stripe_enable` TINYINT(1) NOT NULL DEFAULT 0");
 
@@ -770,18 +770,34 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
 
     if(CURRENT_DATABASE_VERSION == '0.3.3'){
         mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_telemetry` TINYINT(1) DEFAULT 0 AFTER `config_theme`");
-        
+
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.4'");
     }
 
-    //if(CURRENT_DATABASE_VERSION == '0.3.4'){
+    if(CURRENT_DATABASE_VERSION == '0.3.4'){
     // Insert queries here required to update to DB version 0.3.5
 
+        //Get & upgrade user login encryption
+        $sql_logins = mysqli_query($mysqli, "SELECT login_id, login_username FROM logins WHERE login_username IS NOT NULL");
+        foreach ($sql_logins as $row) {
+            $login_id = $row['login_id'];
+            $login_username = $row['login_username'];
+            $login_encrypted_username = encryptLoginEntry($row['login_username']);
+            mysqli_query($mysqli, "UPDATE logins SET login_username = '$login_encrypted_username' WHERE login_id = '$login_id'");
+        }
+
     // Then, update the database to the next sequential version
-    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
+    }
+
+    //if(CURRENT_DATABASE_VERSION == '0.3.5'){
+    // Insert queries here required to update to DB version 0.3.6
+
+    // Then, update the database to the next sequential version
+    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.6'");
     //}
 
 
 } else {
     // Up-to-date
-}
+}

database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "0.3.4");
+DEFINE("LATEST_DATABASE_VERSION", "0.3.5");

global_search.php

@@ -19,7 +19,7 @@ if (isset($_GET['query'])) {
     $sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
     $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
     $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5");
-    $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE (login_name LIKE '%$query%' OR login_username LIKE '%$query%') AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
+    $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
 
     $q = htmlentities($_GET['query']);
     ?>
@@ -358,4 +358,4 @@ if (isset($_GET['query'])) {
 
 <?php } ?>
 
-<?php include("footer.php");
+<?php include("footer.php");