AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-16 10:44:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

add some redirect to login.php, fix ticket post

Browse Source
This commit is contained in:
johnnyq
2025-08-04 18:16:13 -04:00
parent 6b39c1a280
commit 7e55808a05
2 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
login.php
View File

@@ -4,8 +4,7 @@
header("Content-Security-Policy: default-src 'self'"); header("Content-Security-Policy: default-src 'self'");
if (!file_exists('config.php')) { if (!file_exists('config.php')) {
header("Location: setup"); redirect("setup");
exit;
} }
require_once "config.php"; require_once "config.php";
@@ -31,11 +30,11 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Block brute force password attacks - check recent failed login attempts for this IP // Block brute force password attacks - check recent failed login attempts for this IP
// Block access if more than 15 failed login attempts have happened in the last 10 minutes // Block access if more than 15 failed login attempts have happened in the last 10 minutes
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$session_ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS failed_login_count FROM logs WHERE log_ip = '$session_ip' AND log_type = 'Login' AND log_action = 'Failed' AND log_created_at > (NOW() - INTERVAL 10 MINUTE)"));
$failed_login_count = intval($row['failed_login_count']); $failed_login_count = intval($row['failed_login_count']);
if ($failed_login_count >= 15) { if ($failed_login_count >= 15) {
// Logging
logAction("Login", "Blocked", "$session_ip was blocked access to login due to IP lockout"); logAction("Login", "Blocked", "$session_ip was blocked access to login due to IP lockout");
// Inform user & quit processing page // Inform user & quit processing page
@@ -75,8 +74,7 @@ $config_login_remember_me_expire = intval($row['config_login_remember_me_expire'
// If no/incorrect 'key' is supplied, send to client portal instead // If no/incorrect 'key' is supplied, send to client portal instead
if ($config_login_key_required) { if ($config_login_key_required) {
if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) { if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) {
header("Location: client"); redirect("client");
exit();
} }
} }
@@ -188,7 +186,6 @@ if (isset($_POST['login'])) {
addToMailQueue($data); addToMailQueue($data);
} }
// Logging
logAction("Login", "Success", "$user_name successfully logged in $extended_log", 0, $user_id); logAction("Login", "Success", "$user_name successfully logged in $extended_log", 0, $user_id);
// Session info // Session info
@@ -219,9 +216,9 @@ if (isset($_POST['login'])) {
} }
if (isset($_GET['last_visited'])) { if (isset($_GET['last_visited'])) {
header("Location: ".$_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) ); redirect($_SERVER["REQUEST_SCHEME"] . "://" . $config_base_url . base64_decode($_GET['last_visited']) );
} else { } else {
header("Location: $config_start_page"); redirect("user/$config_start_page");
} }
} else { } else {
@@ -276,7 +273,6 @@ if (isset($_POST['login'])) {
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
// Logging
logAction("Login", "Failed", "Failed login attempt using $email"); logAction("Login", "Failed", "Failed login attempt using $email");
$response = " $response = "

2
user/post/ticket.php
View File

@@ -1188,7 +1188,7 @@ if (isset($_POST['bulk_resolve_tickets'])) {
flash_alert("Resolved <strong>$ticket_count</strong> Tickets"); flash_alert("Resolved <strong>$ticket_count</strong> Tickets");
if ($skipped_count > 0) { if ($skipped_count > 0) {
flash_alert("Resolved <strong>$ticket_count</strong> Tickets <strong>$skipped_count</strong> ticket(s) could not be resolved because they have open tasks.", 'info'; flash_alert("Resolved <strong>$ticket_count</strong> Tickets <strong>$skipped_count</strong> ticket(s) could not be resolved because they have open tasks.", 'info');
} }
redirect(); redirect();