Add encryption for usernames stored in the logins ("passwords") area.

client_assets.php

@@ -240,7 +240,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         }
 
                         $login_id = $row['login_id'];
-                        $login_username = htmlentities($row['login_username']);
+                        $login_username = htmlentities(decryptLoginEntry($row['login_username']));
                         $login_password = htmlentities(decryptLoginEntry($row['login_password']));
 
                         // Related tickets

client_logins.php

@@ -13,7 +13,7 @@ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o
 
 $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM logins 
   WHERE login_client_id = $client_id
-  AND (login_name LIKE '%$q%' OR login_username LIKE '%$q%' OR login_uri LIKE '%$q%') 
+  AND (login_name LIKE '%$q%' OR login_uri LIKE '%$q%')
   ORDER BY $sb $o LIMIT $record_from, $record_to");
 
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@@ -75,7 +75,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             }else{
               $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
             }
-            $login_username = htmlentities($row['login_username']);
+            $login_username = htmlentities(decryptLoginEntry($row['login_username']));
             if (empty($login_username)) {
               $login_username_display = "-";
             }else{

database_updates.php

@@ -774,11 +774,27 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.4'");
     }
 
-    //if(CURRENT_DATABASE_VERSION == '0.3.4'){
+    if(CURRENT_DATABASE_VERSION == '0.3.4'){
     // Insert queries here required to update to DB version 0.3.5
 
+        //Get & upgrade user login encryption
+        $sql_logins = mysqli_query($mysqli, "SELECT login_id, login_username FROM logins WHERE login_username IS NOT NULL");
+        foreach ($sql_logins as $row) {
+            $login_id = $row['login_id'];
+            $login_username = $row['login_username'];
+            $login_encrypted_username = encryptLoginEntry($row['login_username']);
+            mysqli_query($mysqli, "UPDATE logins SET login_username = '$login_encrypted_username' WHERE login_id = '$login_id'");
+        }
+
     // Then, update the database to the next sequential version
-    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.5'");
+    }
+
+    //if(CURRENT_DATABASE_VERSION == '0.3.5'){
+    // Insert queries here required to update to DB version 0.3.6
+
+    // Then, update the database to the next sequential version
+    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.6'");
     //}
 
 

database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "0.3.4");
+DEFINE("LATEST_DATABASE_VERSION", "0.3.5");

global_search.php

@@ -19,7 +19,7 @@ if (isset($_GET['query'])) {
     $sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5");
     $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5");
     $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$ticket_num_query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5");
-    $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE (login_name LIKE '%$query%' OR login_username LIKE '%$query%') AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
+    $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5");
 
     $q = htmlentities($_GET['query']);
     ?>

post.php

@@ -5555,7 +5555,7 @@ if(isset($_POST['add_login'])){
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
-    $username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
+    $username = trim(strip_tags(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['username']))));
     $password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['password'])));
     $otp_secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['otp_secret'])));
     $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@@ -5582,7 +5582,7 @@ if(isset($_POST['edit_login'])){
     $login_id = intval($_POST['login_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
-    $username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
+    $username = trim(strip_tags(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['username']))));
     $password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($_POST['password'])));
     $otp_secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['otp_secret'])));
     $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@@ -5645,8 +5645,9 @@ if(isset($_GET['export_client_logins_csv'])){
 
         //output each row of the data, format line as csv and write to file pointer
         while($row = $sql->fetch_assoc()){
+            $login_username = decryptLoginEntry($row['login_username']);
             $login_password = decryptLoginEntry($row['login_password']);
-            $lineData = array($row['login_name'], $row['login_username'], $login_password, $row['login_uri']);
+            $lineData = array($row['login_name'], $login_username, $login_password, $row['login_uri']);
             fputcsv($f, $lineData, $delimiter);
         }
 
@@ -5709,7 +5710,7 @@ if(isset($_POST["import_client_logins_csv"])){
                 }
             }
             if(isset($column[1])){
-                $username = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[1])));
+                $username = trim(strip_tags(mysqli_real_escape_string($mysqli, encryptLoginEntry($column[1]))));
             }
             if(isset($column[2])){
                 $password = trim(mysqli_real_escape_string($mysqli,encryptLoginEntry($column[2])));
@@ -8203,7 +8204,7 @@ if(isset($_GET['export_client_pdf'])){
                         <?php
                         while($row = mysqli_fetch_array($sql_logins)){
                             $login_name = $row['login_name'];
-                            $login_username = $row['login_username'];
+                            $login_username = decryptLoginEntry($row['login_username']);
                             $login_password = decryptLoginEntry($row['login_password']);
                             $login_uri = $row['login_uri'];
                             $login_note = $row['login_note'];