mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 10:54:52 +00:00
Misc tidying code spacing & formatting in accordance with SonarCloud/PSR
This commit is contained in:
Marcus Hill
@@ -18,17 +18,16 @@
|
||||
|
||||
// Headers to allow extensions access (CORS)
|
||||
$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
|
||||
//$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82"; // Firefox rejected the extension. They are still using manifest v2 so will just focus on Chrome/Edge with v3 for now until Mozilla catches up
|
||||
|
||||
if (isset($_SERVER['HTTP_ORIGIN'])) {
|
||||
if($_SERVER['HTTP_ORIGIN'] == $chrome_id){
|
||||
if ($_SERVER['HTTP_ORIGIN'] == $chrome_id) {
|
||||
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
}
|
||||
}
|
||||
|
||||
include("config.php");
|
||||
include("functions.php");
|
||||
include_once("config.php");
|
||||
include_once("functions.php");
|
||||
|
||||
// IP & User Agent for logging
|
||||
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
|
||||
@@ -41,13 +40,13 @@ DEFINE("WORDING_BAD_EXT_COOKIE_KEY", "ITFlow - You are not logged into ITFlow, d
|
||||
|
||||
// Check user is logged in & has extension access
|
||||
// We're not using the PHP session as we don't want to potentially expose the session cookie with SameSite None
|
||||
if(!isset($_COOKIE['user_extension_key'])){
|
||||
if (!isset($_COOKIE['user_extension_key'])) {
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
|
||||
echo(json_encode($data));
|
||||
echo json_encode($data);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
// Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -56,13 +55,13 @@ if(!isset($_COOKIE['user_extension_key'])){
|
||||
$user_extension_key = $_COOKIE['user_extension_key'];
|
||||
|
||||
// Check the key isn't empty, less than 17 characters or the word "disabled".
|
||||
if(empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled"){
|
||||
if (empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled") {
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
|
||||
echo(json_encode($data));
|
||||
echo json_encode($data);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
// Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -74,25 +73,25 @@ $auth_user = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings
|
||||
$row = mysqli_fetch_array($auth_user);
|
||||
|
||||
// Check SQL query state
|
||||
if(mysqli_num_rows($auth_user) < 1 || !$auth_user){
|
||||
if (mysqli_num_rows($auth_user) < 1 || !$auth_user) {
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
|
||||
echo(json_encode($data));
|
||||
echo json_encode($data);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
|
||||
exit();
|
||||
}
|
||||
|
||||
// Sanity check
|
||||
if(hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])){
|
||||
if (hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])) {
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
|
||||
echo(json_encode($data));
|
||||
echo json_encode($data);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -110,28 +109,28 @@ $session_company_id = $row['user_default_company'];
|
||||
$session_user_role = $row['user_role'];
|
||||
|
||||
// Check user access level is correct (not an accountant)
|
||||
if($session_user_role < 1){
|
||||
if ($session_user_role < 1) {
|
||||
$data['found'] = "FALSE";
|
||||
$data['message'] = WORDING_ROLECHECK_FAILED;
|
||||
echo(json_encode($data));
|
||||
echo json_encode($data);
|
||||
|
||||
//Logging
|
||||
$user_name = mysqli_real_escape_string($mysqli, $session_name);
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
|
||||
|
||||
exit();
|
||||
}
|
||||
|
||||
// Lets go!
|
||||
|
||||
if(isset($_GET['host'])){
|
||||
if (isset($_GET['host'])) {
|
||||
|
||||
if(!empty($_GET['host'])){
|
||||
$url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
|
||||
if (!empty($_GET['host'])) {
|
||||
$url = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['host'])));
|
||||
|
||||
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
|
||||
|
||||
if(mysqli_num_rows($sql_logins) > 0){
|
||||
if (mysqli_num_rows($sql_logins) > 0) {
|
||||
$row = mysqli_fetch_array($sql_logins);
|
||||
$data['found'] = "TRUE";
|
||||
$data['username'] = htmlentities($row['login_username']);
|
||||
|
||||
Reference in New Issue
Block a user