AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #450 from wrongecho/misc 

Assorted changes/commits
This commit is contained in:
Johnny 2022-04-25 11:29:39 -04:00 committed by GitHub
parent fee69c51a3 81363e09a3
commit 82f74a7a49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 1189 additions and 1123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ajax.php
View File

@ -9,6 +9,7 @@
include("config.php");
include("functions.php");
include("check_login.php");
require_once("rfc6238.php");
/*
* Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
@ -304,4 +305,14 @@ if(isset($_GET['scheduled_ticket_get_json_details'])){
echo json_encode($response);
}
/*
* Dynamic TOTP for client login page
* When provided with a TOTP secret, returns a 6-digit code
*/
if(isset($_GET['get_totp_token'])){
$otp = TokenAuth6238::getTokenCode($_GET['totp_secret']);
echo json_encode($otp);
}

16
client_asset_copy_modal.php
View File

@ -43,7 +43,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name the asset" value="<?php echo $asset_name; ?>" <?php if(!empty($asset_meshcentral_id)){echo "disabled";} ?> required>
<input type="text" class="form-control" name="name" placeholder="Name the asset" value="<?php echo $asset_name; ?>" required>
</div>
</div>
@ -101,7 +101,7 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fab fa-fw fa-windows"></i></span>
</div>
<input type="text" class="form-control" name="os" placeholder="ex Windows 10 Pro" <?php if(!empty($asset_meshcentral_id)){echo "disabled";} ?> value="<?php echo $asset_os; ?>">
<input type="text" class="form-control" name="os" placeholder="ex Windows 10 Pro" value="<?php echo $asset_os; ?>">
</div>
</div>
<?php } ?>
@ -206,16 +206,6 @@
</div>
</div>
<div class="form-group">
<label>MeshCentral Node ID</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-sync"></i></span>
</div>
<input type="text" class="form-control" name="mesh_id" value="<?php echo $asset_meshcentral_id; ?>" placeholder="MeshCentral ID">
</div>
</div>
</div>
<div class="tab-pane fade" id="pillsPurchaseCopy<?php echo $asset_id; ?>">
@ -305,7 +295,7 @@
<div class="tab-pane fade" id="pillsNotesCopy<?php echo $asset_id; ?>">
<div class="form-group">
<textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes" <?php if(!empty($asset_meshcentral_id)){echo "disabled";} ?>><?php echo $asset_notes; ?></textarea>
<textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes"><?php echo $asset_notes; ?></textarea>
</div>
</div>

7
client_login_add_modal.php
View File

@ -55,10 +55,13 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="password" placeholder="Password" required autocomplete="new-password">
<input type="password" class="form-control" data-toggle="password" id="password" name="password" placeholder="Password" required autocomplete="new-password">
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
<div class="input-group-append">
<span class="btn btn-default"><i class="fa fa-fw fa-question" onclick="generatePassword()"></i></span>
</div>
</div>
</div>
@ -204,4 +207,4 @@
</form>
</div>
</div>
</div>
</div>

167
client_logins.php
View File

@ -1,7 +1,5 @@
<?php
require_once("rfc6238.php");
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
@ -20,41 +18,41 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key"></i> Logins</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal"><i class="fas fa-fw fa-plus"></i> New Login</button>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key"></i> Logins</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal"><i class="fas fa-fw fa-plus"></i> New Login</button>
</div>
</div>
</div>
<div class="card-body">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
<div class="row">
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
<div class="card-body">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
<div class="row">
<div class="col-md-4">
<div class="input-group mb-3 mb-md-0">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
<div class="input-group-append">
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
</div>
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_<?php echo strip_tags($_GET['tab']); ?>_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="#" class="btn btn-default"><i class="fa fa-fw fa-upload"></i> Import</a>
<div class="col-md-8">
<div class="float-right">
<a href="post.php?export_client_<?php echo strip_tags($_GET['tab']); ?>_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="#" class="btn btn-default"><i class="fa fa-fw fa-upload"></i> Import</a>
</div>
</div>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_uri&o=<?php echo $disp; ?>">URL/Host</a></th>
@ -63,10 +61,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th>OTP</th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
@ -84,62 +82,83 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}
$login_password = htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = $row['login_otp_secret'];
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if(empty($login_otp_secret)){
$otp_display = "-";
}else{
$otp = TokenAuth6238::getTokenCode($login_otp_secret,$rangein30s = 3);
$otp_display = "<i class='far fa-clock text-secondary'></i> $otp<button class='btn btn-sm clipboardjs' data-clipboard-text='$otp'><i class='far fa-copy text-secondary'></i></button>";
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
}
$login_note = $row['login_note'];
$login_contact_id = $row['login_contact_id'];
$login_vendor_id = $row['login_vendor_id'];
$login_asset_id = $row['login_asset_id'];
$login_software_id = $row['login_software_id'];
?>
<tr>
<td>
<i class="fa fa-fw fa-key text-secondary"></i>
<a class="text-dark" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
<?php echo $login_name; ?>
</a>
</td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $login_username_display; ?></td>
<td>
<a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
</td>
<td><?php echo $otp_display; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<?php } ?>
?>
<tr>
<td>
<i class="fa fa-fw fa-key text-secondary"></i>
<a class="text-dark" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
<?php echo $login_name; ?>
</a>
</td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $login_username_display; ?></td>
<td>
<a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
</td>
<td><?php echo $otp_display; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</div>
</td>
</tr>
</td>
</tr>
<?php
include("client_login_edit_modal.php");
<?php
include("client_login_edit_modal.php");
}
?>
</tbody>
</table>
</tbody>
</table>
</div>
<?php include("pagination.php"); ?>
</div>
<?php include("pagination.php"); ?>
</div>
</div>
<script>
function showOTP(id, secret){
//Send a GET request to ajax.php as ajax.php?get_totp_token=true&totp_secret=SECRET
jQuery.get(
"ajax.php",
{get_totp_token: 'true', totp_secret: secret},
function(data){
//If we get a response from post.php, parse it as JSON
const token = JSON.parse(data);
document.getElementById("otp_" + id).innerText = token
}
);
}
function generatePassword(){
document.getElementById("password").value = "<?php echo keygen() ?>"
}
</script>
<?php
include("client_login_add_modal.php");

6
client_overview.php
View File

@ -15,6 +15,7 @@ $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_client_id =
// Get Domains Expiring
$sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains
WHERE domain_client_id = $client_id
AND domain_expire != '0000-00-00'
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND company_id = $session_company_id ORDER BY domain_expire DESC"
);
@ -22,6 +23,7 @@ $sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains
// Get Asset Warranties Expiring
$sql_asset_warranties_expiring = mysqli_query($mysqli,"SELECT * FROM assets
WHERE asset_client_id = $client_id
AND asset_warranty_expire != '0000-00-00'
AND asset_warranty_expire < CURRENT_DATE + INTERVAL 90 DAY
AND company_id = $session_company_id ORDER BY asset_warranty_expire DESC"
);
@ -29,8 +31,8 @@ $sql_asset_warranties_expiring = mysqli_query($mysqli,"SELECT * FROM assets
// Get Stale Tickets
$sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
WHERE ticket_client_id = $client_id
AND ticket_created_at < CURRENT_DATE + INTERVAL 14 DAY
AND ticket_status = 'Open'
AND ticket_created_at < CURRENT_DATE - INTERVAL 14 DAY
AND ticket_status != 'Closed'
AND company_id = $session_company_id ORDER BY ticket_created_at DESC"
);

452
client_service_add_modal.php
View File

@ -1,238 +1,246 @@
<div class="modal" id="addServiceModal" tabindex="-1">
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i> New Service</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i> New Service</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-overview">Overview</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets">Assets</a>
</li>
</ul>
<hr>
<div class="tab-content">
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
<div class="tab-pane fade show active" id="pills-overview">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" required autofocus>
</div>
</div>
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" autofocus>
</div>
</div>
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" autofocus>
</div>
</div>
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"></textarea>
</div>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<div class="tab-pane fade" id="pills-general">
<div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
echo "<option value=\"$contact_id\">$contact_name</option>";
}
?>
</select>
</div>
<div class="modal-body bg-white">
<div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
?>
</select>
</div>
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-overview">Overview</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets">Assets</a>
</li>
</ul>
<div class="form-group">
<label for="documents">Documents</label>
<p></p>
<select class="form-select" id="documents" name="documents[]" multiple="multiple">
<option value="">- Documents -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$document_id = $row['document_id'];
$document_name = $row['document_name'];
echo "<option value=\"$document_id\">$document_name</option>";
}
?>
</select>
</div>
<hr>
<!-- TODO: Services related to other services -->
<div class="tab-content">
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
<div class="tab-pane fade show active" id="pills-overview">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" required autofocus>
</div>
</div>
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" autofocus>
</div>
</div>
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" autofocus>
</div>
</div>
<!-- TODO: We need a way of adding multiple (optional) URLs? Ideas? -->
<!-- <div class="form-group">
<label>URL</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-link"></i></span>
</div>
<input type="text" class="form-control" name="url" placeholder="URL" autofocus>
</div>
</div> -->
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"></textarea>
</div>
</div>
<div class="tab-pane fade" id="pills-general">
<div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
echo "<option value=\"$contact_id\">$contact_name</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="documents">Documents</label>
<p></p>
<select class="form-select" id="documents" name="documents[]" multiple="multiple">
<option value="">- Documents -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$document_id = $row['document_id'];
$document_name = $row['document_name'];
echo "<option value=\"$document_id\">$document_name</option>";
}
?>
</select>
</div>
<!-- TODO: Services related to other services -->
</div>
</div>
<div class="tab-pane fade" id="pills-assets">
<div class="form-group">
<label for="assets">Assets</label>
<p></p>
<select class="form-select" id="assets" name="assets[]" multiple="multiple">
<option value="">- Assets -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
echo "<option value=\"$asset_id\">$asset_name</option>";
}
?>
</select>
</div>
<div class="tab-pane fade" id="pills-assets">
<div class="form-group">
<label for="logins">Logins</label>
<p class="text-muted">Logins associated to related assets will show as related automatically</p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
echo "<option value=\"$login_id\">$login_name</option>";
}
?>
</select>
</div>
<div class="row">
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
echo "<option value=\"$domain_id\">$domain_name</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$cert_id = $row['certificate_id'];
$cert_name = $row['certificate_name'];
$cert_domain = $row['certificate_domain'];
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
}
?>
</select>
</div>
</div>
</div>
<div class="col">
<div class="form-group">
<label for="assets">Assets</label>
<p></p>
<select class="form-select" id="assets" name="assets[]" multiple="multiple">
<option value="">- Assets -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
echo "<option value=\"$asset_id\">$asset_name</option>";
}
?>
</select>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_service" class="btn btn-primary">Save</button>
<div class="col">
<div class="form-group">
<label for="logins">Logins</label>
<p></p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
echo "<option value=\"$login_id\">$login_name</option>";
}
?>
</select>
</div>
</div>
</form>
</div>
<div class="row">
<div class="col">
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
echo "<option value=\"$domain_id\">$domain_name</option>";
}
?>
</select>
</div>
</div>
<div class="col">
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$cert_id = $row['certificate_id'];
$cert_name = $row['certificate_name'];
$cert_domain = $row['certificate_domain'];
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
}
?>
</select>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_service" class="btn btn-primary">Save</button>
</div>
</form>
</div>
</div>
</div>

545
client_service_edit_modal.php
View File

@ -1,290 +1,307 @@
<div class="modal" id="editServiceModal<?php echo $service_id ?>" tabindex="-1">
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i><?php echo "Edit $service_name"; ?> </h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i><?php echo "Edit $service_name"; ?> </h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<input type="hidden" name="service_id" value="<?php echo $service_id ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-overview<?php echo $service_id ?>">Overview</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general<?php echo $service_id ?>">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets<?php echo $service_id ?>">Assets</a>
</li>
</ul>
<hr>
<div class="tab-content">
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
<div class="tab-pane fade show active" id="pills-overview<?php echo $service_id ?>">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" value="<?php echo $service_name ?>" required autofocus>
</div>
</div>
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" value="<?php echo $service_description ?>" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" value="<?php echo $service_category ?>" autofocus>
</div>
</div>
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option <?php if($service_importance == 'Low'){ echo "selected"; } ?> >Low</option>
<option <?php if($service_importance == 'Medium'){ echo "selected"; } ?> >Medium</option>
<option <?php if($service_importance == 'High'){ echo "selected"; } ?> >High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" value="<?php echo $service_backup ?>" autofocus>
</div>
</div>
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"><?php echo $service_notes ?></textarea>
</div>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<input type="hidden" name="service_id" value="<?php echo $service_id ?>">
<div class="tab-pane fade" id="pills-general<?php echo $service_id ?>">
<div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
// Get just the currently selected contact IDs
$selected_ids = array_column(mysqli_fetch_all($sql_contacts,MYSQLI_ASSOC), "contact_id");
<div class="modal-body bg-white">
// Get all contacts
// NOTE: These are called $sql_all and $row_all for a reason - anything overwriting $sql or $row will break the current while loop we are in from client_services.php
$sql_all = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-overview<?php echo $service_id ?>">Overview</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general<?php echo $service_id ?>">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets<?php echo $service_id ?>">Assets</a>
</li>
</ul>
while($row_all = mysqli_fetch_array($sql_all)){
$contact_id = $row_all['contact_id'];
$contact_name = $row_all['contact_name'];
<hr>
if(in_array($contact_id, $selected_ids)){
echo "<option value=\"$contact_id\" selected>$contact_name</option>";
}
else{
echo "<option value=\"$contact_id\">$contact_name</option>";
}
}
?>
</select>
</div>
<div class="tab-content">
<div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_vendors,MYSQLI_ASSOC), "vendor_id");
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$vendor_id = $row_all['vendor_id'];
$vendor_name = $row_all['vendor_name'];
<div class="tab-pane fade show active" id="pills-overview<?php echo $service_id ?>">
if(in_array($vendor_id, $selected_ids)){
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
}
else{
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" value="<?php echo $service_name ?>" required autofocus>
</div>
</div>
<div class="form-group">
<label for="documents">Documents</label>
<p></p>
<select class="form-select" id="documents" name="documents[]" multiple="multiple">
<option value="">- Documents -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_docs,MYSQLI_ASSOC), "document_id");
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" value="<?php echo $service_description ?>" required autofocus>
</div>
</div>
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$document_id = $row_all['document_id'];
$document_name = $row_all['document_name'];
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" value="<?php echo $service_category ?>" autofocus>
</div>
</div>
if(in_array($document_id, $selected_ids)){
echo "<option value=\"$document_id\" selected>$document_name</option>";
}
else{
echo "<option value=\"$document_id\">$document_name</option>";
}
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option <?php if($service_importance == 'Low'){ echo "selected"; } ?> >Low</option>
<option <?php if($service_importance == 'Medium'){ echo "selected"; } ?> >Medium</option>
<option <?php if($service_importance == 'High'){ echo "selected"; } ?> >High</option>
</select>
</div>
</div>
}
?>
</select>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" value="<?php echo $service_backup ?>" autofocus>
</div>
</div>
<!-- TODO: Services related to other services -->
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"><?php echo $service_notes ?></textarea>
</div>
</div>
<div class="tab-pane fade" id="pills-general<?php echo $service_id ?>">
<div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
// Get just the currently selected contact IDs
$selected_ids = array_column(mysqli_fetch_all($sql_contacts,MYSQLI_ASSOC), "contact_id");
// Get all contacts
// NOTE: These are called $sql_all and $row_all for a reason - anything overwriting $sql or $row will break the current while loop we are in from client_services.php
$sql_all = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$contact_id = $row_all['contact_id'];
$contact_name = $row_all['contact_name'];
if(in_array($contact_id, $selected_ids)){
echo "<option value=\"$contact_id\" selected>$contact_name</option>";
}
else{
echo "<option value=\"$contact_id\">$contact_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_vendors,MYSQLI_ASSOC), "vendor_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$vendor_id = $row_all['vendor_id'];
$vendor_name = $row_all['vendor_name'];
if(in_array($vendor_id, $selected_ids)){
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
}
else{
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="documents">Documents</label>
<p></p>
<select class="form-select" id="documents" name="documents[]" multiple="multiple">
<option value="">- Documents -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_docs,MYSQLI_ASSOC), "document_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$document_id = $row_all['document_id'];
$document_name = $row_all['document_name'];
if(in_array($document_id, $selected_ids)){
echo "<option value=\"$document_id\" selected>$document_name</option>";
}
else{
echo "<option value=\"$document_id\">$document_name</option>";
}
}
?>
</select>
</div>
<!-- TODO: Services related to other services -->
</div>
</div>
<div class="tab-pane fade" id="pills-assets<?php echo $service_id ?>">
<div class="form-group">
<label for="assets">Assets</label>
<p></p>
<select class="form-select" id="assets" name="assets[]" multiple="multiple">
<option value="">- Assets -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_assets,MYSQLI_ASSOC), "asset_id");
<div class="tab-pane fade" id="pills-assets<?php echo $service_id ?>">
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$asset_id = $row_all['asset_id'];
$asset_name = $row_all['asset_name'];
<div class="row">
if(in_array($asset_id, $selected_ids)){
echo "<option value=\"$asset_id\" selected>$asset_name</option>";
}
else{
echo "<option value=\"$asset_id\">$asset_name</option>";
}
}
?>
</select>
</div>
<div class="col">
<div class="form-group">
<label for="assets">Assets</label>
<p></p>
<select class="form-select" id="assets" name="assets[]" multiple="multiple">
<option value="">- Assets -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_assets,MYSQLI_ASSOC), "asset_id");
<div class="form-group">
<label for="logins">Logins</label>
<p class="text-muted">Logins associated to related assets will show as related automatically</p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_logins,MYSQLI_ASSOC), "login_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$asset_id = $row_all['asset_id'];
$asset_name = $row_all['asset_name'];
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$login_id = $row_all['login_id'];
$login_name = $row_all['login_name'];
if(in_array($login_id, $selected_ids)){
echo "<option value=\"$login_id\" selected>$login_name</option>";
}
else{
echo "<option value=\"$login_id\">$login_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_domains,MYSQLI_ASSOC), "domain_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$domain_id = $row_all['domain_id'];
$domain_name = $row_all['domain_name'];
if(in_array($domain_id, $selected_ids)){
echo "<option value=\"$domain_id\" selected>$domain_name</option>";
}
else{
echo "<option value=\"$domain_id\">$domain_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_certificates,MYSQLI_ASSOC), "certificate_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$cert_id = $row_all['certificate_id'];
$cert_name = $row_all['certificate_name'];
if(in_array($cert_id, $selected_ids)){
echo "<option value=\"$cert_id\" selected>$cert_name</option>";
}
else{
echo "<option value=\"$cert_id\">$cert_name</option>";
}
}
?>
</select>
</div>
</div>
</div>
if(in_array($asset_id, $selected_ids)){
echo "<option value=\"$asset_id\" selected>$asset_name</option>";
}
else{
echo "<option value=\"$asset_id\">$asset_name</option>";
}
}
?>
</select>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_service" class="btn btn-primary">Save</button>
<div class="col">
<div class="form-group">
<label for="logins">Logins</label>
<p></p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_logins,MYSQLI_ASSOC), "login_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$login_id = $row_all['login_id'];
$login_name = $row_all['login_name'];
if(in_array($login_id, $selected_ids)){
echo "<option value=\"$login_id\" selected>$login_name</option>";
}
else{
echo "<option value=\"$login_id\">$login_name</option>";
}
}
?>
</select>
</div>
</div>
</form>
</div>
<div class="row">
<div class="col">
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_domains,MYSQLI_ASSOC), "domain_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$domain_id = $row_all['domain_id'];
$domain_name = $row_all['domain_name'];
if(in_array($domain_id, $selected_ids)){
echo "<option value=\"$domain_id\" selected>$domain_name</option>";
}
else{
echo "<option value=\"$domain_id\">$domain_name</option>";
}
}
?>
</select>
</div>
</div>
<div class="col">
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_certificates,MYSQLI_ASSOC), "certificate_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$cert_id = $row_all['certificate_id'];
$cert_name = $row_all['certificate_name'];
if(in_array($cert_id, $selected_ids)){
echo "<option value=\"$cert_id\" selected>$cert_name</option>";
}
else{
echo "<option value=\"$cert_id\">$cert_name</option>";
}
}
?>
</select>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_service" class="btn btn-primary">Save</button>
</div>
</form>
</div>
</div>
</div>

227
client_services.php
View File

@ -1,102 +1,116 @@
<?php
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "service_name";
}
// Current tab
$tab = htmlentities($_GET['tab']);
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
// Overview SQL query
$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM services WHERE service_client_id = '$client_id' AND (service_name LIKE '%$q%' OR service_description LIKE '%$q%')");
$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM services
WHERE service_client_id = '$client_id'
AND (service_name LIKE '%$q%' OR service_description LIKE '%$q%' OR service_category LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-stream"></i> Services</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-fw fa-plus"></i> New Service</button>
</div>
<h3 class="card-title mt-2"><i class="fa fa-fw fa-stream"></i> Services</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-fw fa-plus"></i> New Service</button>
</div>
</div>
<div class="card-body">
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo $tab; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($tab); ?>">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo $tab; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($tab); ?>">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-dark">Name</a></th>
<th><a class="text-dark">Category</a></th>
<th><a class="text-dark">Updated</a></th>
<th><a class="text-dark">Importance</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$service_id = $row['service_id'];
$service_name = $row['service_name'];
$service_description = $row['service_description'];
$service_category = $row['service_category'];
$service_importance = $row['service_importance'];
$service_backup = $row['service_backup'];
$service_notes = $row['service_notes'];
$service_updated_at = $row['service_updated_at'];
$service_review_due = $row['service_review_due'];
// Service Importance
if($service_importance == "High"){
$service_importance_display = "<span class='p-2 badge badge-danger'>$service_importance</span>";
}elseif($service_importance == "Medium"){
$service_importance_display = "<span class='p-2 badge badge-warning'>$service_importance</span>";
}elseif($service_importance == "Low"){
$service_importance_display = "<span class='p-2 badge badge-info'>$service_importance</span>";
}else{
$service_importance_display = "-";
}
?>
<tr>
<!-- Name/Category/Updated/Importance from DB -->
<td><a href="#" data-toggle="modal" data-target="#viewServiceModal<?php echo $service_id; ?>"> <?php echo $service_name ?></a></td>
<td><a> <?php echo $service_category ?></a></td>
<td><a> <?php echo $service_updated_at ?></a></td>
<td><a> <?php echo $service_importance ?></a></td>
<!-- Action -->
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</div>
</form>
<hr>
</td>
</tr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-dark">Name</a></th>
<th><a class="text-dark">Category</a></th>
<th><a class="text-dark">Updated</a></th>
<th><a class="text-dark">Importance</a></th>
<?php
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$service_id = $row['service_id'];
$service_name = $row['service_name'];
$service_description = $row['service_description'];
$service_category = $row['service_category'];
$service_importance = $row['service_importance'];
$service_backup = $row['service_backup'];
$service_notes = $row['service_notes'];
$service_updated_at = $row['service_updated_at'];
$service_review_due = $row['service_review_due'];
// Service Importance
if($service_importance == "High"){
$service_importance_display = "<span class='p-2 badge badge-danger'>$service_importance</span>";
}elseif($service_importance == "Medium"){
$service_importance_display = "<span class='p-2 badge badge-warning'>$service_importance</span>";
}elseif($service_importance == "Low"){
$service_importance_display = "<span class='p-2 badge badge-info'>$service_importance</span>";
}else{
$service_importance_display = "-";
}
?>
<tr>
<!-- Name/Category/Updated/Importance from DB -->
<td><a href="#" data-toggle="modal" data-target="#viewServiceModal<?php echo $service_id; ?>"> <?php echo $service_name ?></a></td>
<td><a> <?php echo $service_category ?></a></td>
<td><a> <?php echo $service_updated_at ?></a></td>
<td><a> <?php echo $service_importance ?></a></td>
<!-- Action -->
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>
</tr>
<?php
// Associated Assets (and their logins/networks/locations)
$sql_assets = mysqli_query($mysqli, "SELECT * FROM service_assets
// Associated Assets (and their logins/networks/locations)
$sql_assets = mysqli_query($mysqli, "SELECT * FROM service_assets
LEFT JOIN assets
ON service_assets.asset_id = assets.asset_id
LEFT JOIN logins
@ -107,55 +121,58 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
ON assets.asset_location_id = locations.location_id
WHERE service_id = '$service_id'");
// Associated logins
$sql_logins = mysqli_query($mysqli, "SELECT * FROM service_logins
// Associated logins
$sql_logins = mysqli_query($mysqli, "SELECT * FROM service_logins
LEFT JOIN logins
ON service_logins.login_id = logins.login_id
WHERE service_id = '$service_id'");
// Associated Domains
$sql_domains = mysqli_query($mysqli, "SELECT * FROM service_domains
// Associated Domains
$sql_domains = mysqli_query($mysqli, "SELECT * FROM service_domains
LEFT JOIN domains
ON service_domains.domain_id = domains.domain_id
WHERE service_id = '$service_id'");
// Associated Certificates
$sql_certificates = mysqli_query($mysqli, "SELECT * FROM service_certificates
// Associated Certificates
$sql_certificates = mysqli_query($mysqli, "SELECT * FROM service_certificates
LEFT JOIN certificates
ON service_certificates.certificate_id = certificates.certificate_id
WHERE service_id = '$service_id'");
// Associated URLs ---- REMOVED for now
//$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls
//WHERE service_id = '$service_id'");
// Associated URLs ---- REMOVED for now
//$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls
//WHERE service_id = '$service_id'");
// Associated Vendors
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM service_vendors
// Associated Vendors
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM service_vendors
LEFT JOIN vendors
ON service_vendors.vendor_id = vendors.vendor_id
WHERE service_id = '$service_id'");
// Associated Contacts
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM service_contacts
// Associated Contacts
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM service_contacts
LEFT JOIN contacts
ON service_contacts.contact_id = contacts.contact_id
WHERE service_id = '$service_id'");
// Associated Documents
$sql_docs = mysqli_query($mysqli, "SELECT * FROM service_documents
// Associated Documents
$sql_docs = mysqli_query($mysqli, "SELECT * FROM service_documents
LEFT JOIN documents
ON service_documents.document_id = documents.document_id
WHERE service_id = '$service_id'");
include("client_service_edit_modal.php");
include("client_service_view_modal.php");
include("client_service_edit_modal.php");
include("client_service_view_modal.php");
}
?>
}
?>
</tbody>
</table>
</div>
</tbody>
</table>
</div>
<?php
include ('pagination.php');
?>
</div>
</div>
</div>
<?php include("client_service_add_modal.php"); ?>

8
functions.php
View File

@ -333,15 +333,11 @@ function generateUserSessionKey($site_encryption_master_key){
$_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext;
$_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv;
//Give the user "their" key as a cookie
//By default, this should be HTTPS but we can change to HTTP for development via the config.php file (note that the extension won't work without HTTPS)
// Give the user "their" key as a cookie
include('config.php');
if($config_https_only){
//setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true", ['samesite' => 'None']);
setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']);
}
else{
} else{
setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/");
$_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies.";
}

77
get_credential.php
View File

@ -1,11 +1,27 @@
<?php
/*
* ITFlow browser extension
*
* Fills login forms, matching on the site URL:
* After installation and configuration of the extension, users can simply click the key to fill the form on the page
* If the URL of the page matches a configured login URL in ITFlow, the username and password is filled.
*
* Technical details:-
* First, review how ITFlow handles password encryption: https://itflow.org/docs.php?doc=logins
* Users must enable the extension via their profile/settings.
* An extension key is generated and stored in the users table, and provided to the user as a cookie every time they log in. Additionally, their PHP Session ID is also stored in the users table.
* The extension passes this cookie on all requests it makes (to this page). We use the cookie/key to identify/verify the user.
* We can then access the users PHP session data. This, alongside the user_encryption_session_key cookie they provide, allows login passwords to be decrypted.
*
*/
// Headers to allow extensions access (CORS)
$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82";
//$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82"; // Firefox rejected the extension. They are still using manifest v2 so will just focus on Chrome/Edge with v3 for now until Mozilla catches up
if (isset($_SERVER['HTTP_ORIGIN'])) {
if($_SERVER['HTTP_ORIGIN'] == $chrome_id || $_SERVER['HTTP_ORIGIN'] == $firefox_id){
if($_SERVER['HTTP_ORIGIN'] == $chrome_id){
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
}
@ -14,21 +30,24 @@ if (isset($_SERVER['HTTP_ORIGIN'])) {
include("config.php");
include("functions.php");
//SESSION FINGERPRINT
// IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$user_agent = "$os - $browser";
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// Define wording for the user
DEFINE("WORDING_ROLECHECK_FAILED", "ITFlow - You are not permitted to use this application!");
DEFINE("WORDING_BAD_EXT_COOKIE_KEY", "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.");
// Check user is logged in & has extension access
// We're not using the PHP session as we don't want to potentially expose the session cookie with SameSite None
if(!isset($_COOKIE['user_extension_key'])){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data));
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit();
}
@ -39,11 +58,11 @@ $user_extension_key = $_COOKIE['user_extension_key'];
// Check the key isn't empty, less than 17 characters or the word "disabled".
if(empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled"){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data));
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit();
}
@ -57,11 +76,11 @@ $row = mysqli_fetch_array($auth_user);
// Check SQL query state
if(mysqli_num_rows($auth_user) < 1 || !$auth_user){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data));
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit();
}
@ -69,51 +88,36 @@ if(mysqli_num_rows($auth_user) < 1 || !$auth_user){
// Sanity check
if(hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - Validation failed.";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data));
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit();
}
// Success - validated user cookie
// Get the current session from the database so we can decrypt passwords
// Get the current session from the database, so we can decrypt passwords
session_id($row['user_php_session']);
session_start();
$session_user_id = $row['user_id'];
$session_name = $row['user_name'];
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role'];
if($session_user_role == 6){
$session_user_role_display = "Global Administrator";
}elseif($session_user_role == 5){
$session_user_role_display = "Administrator";
}elseif($session_user_role == 4){
$session_user_role_display = "Technician";
}elseif($session_user_role == 3){
$session_user_role_display = "IT Contractor";
}elseif($session_user_role == 2){
$session_user_role_display = "Client";
}else{
$session_user_role_display = "Accountant";
}
// Check user access level is correct
if($session_user_role < 4){
// Check user access level is correct (not an accountant)
if($session_user_role < 1){
$data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not authorised to use this application.";
$data['message'] = WORDING_ROLECHECK_FAILED;
echo(json_encode($data));
//Logging
$user_name = mysqli_real_escape_string($mysqli, $session_name);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
exit();
}
@ -131,18 +135,17 @@ if(isset($_GET['host'])){
$row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']);
$data['password'] = decryptLoginEntry($row['login_password']);
$data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie
echo json_encode($data);
// Logging
$login_name = mysqli_real_escape_string($mysqli, $row['login_name']);
$login_user = mysqli_real_escape_string($mysqli, $row['login_username']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
}
}
}
//TODO: Future work:-
// - Check user has permission to this client
// - Showing multiple logins for a single URL

39
login.php
View File

@ -8,14 +8,11 @@ if(!file_exists('config.php')){
include("config.php");
include("functions.php");
// SESSION FINGERPRINT
// IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
// User agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// HTTP Only cookies
// HTTP-Only cookies
ini_set("session.cookie_httponly", True);
// Tell client to only send cookie(s) over HTTPS
@ -23,6 +20,7 @@ if($config_https_only){
ini_set("session.cookie_secure", True);
}
// Handle POST login request
if(isset($_POST['login'])){
// Sessions should start after the user has POSTed data
@ -37,11 +35,11 @@ if(isset($_POST['login'])){
if($failed_login_count >= 10){
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company)
if($failed_login_count == 10){
mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Lockout', alert_message = '$ip was locked out for repeated failed login attempts.', alert_date = NOW(), company_id = '1'");
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'");
}
// Inform user
@ -55,8 +53,8 @@ if(isset($_POST['login'])){
if(isset($_POST['current_code'])){
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
}
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email' AND user_archived_at IS NULL");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL"));
if (password_verify($password, $row['user_password'])) {
$token = $row['user_token'];
@ -66,27 +64,26 @@ if(isset($_POST['login'])){
$user_id = $row['user_id'];
// Setup encryption session key
if (isset($row['user_specific_encryption_ciphertext'])) {
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
$user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
$site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
generateUserSessionKey($site_encryption_master_key);
}
// Setup extension
if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
// Extension cookie
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
// Set PHP session in DB so we can access the session encryption data (above)
$user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
// Setup extension
if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
// Extension cookie
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
// Set PHP session in DB so we can access the session encryption data (above)
$user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
}
}
if (empty($token)) {
$_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
header("Location: dashboard_financial.php");
} else {

566
post.php
View File

File diff suppressed because it is too large Load Diff

19
rfc6238.php
View File

@ -24,18 +24,17 @@
}
return false;
}
public static function getTokenCode($secretkey,$rangein30s = 3) {
$result = "";
public static function getTokenCode($secretkey) {
$result = "";
$key = base32static::decode($secretkey);
$unixtimestamp = time()/30;
for($i=-($rangein30s); $i<=$rangein30s; $i++) {
$checktime = (int)($unixtimestamp+$i);
$thiskey = self::oath_hotp($key, $checktime);
$result = $result." # ".self::oath_truncate($thiskey,6);
}
return $result;
$checktime = (int)($unixtimestamp);
$thiskey = self::oath_hotp($key, $checktime);
$result = $result . self::oath_truncate($thiskey,6);
$result = "000000" . $result;
return substr($result, -6);
}
public static function getTokenCodeDebug($secretkey,$rangein30s = 3) {
$result = "";

170
settings-user.php
View File

@ -26,10 +26,10 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<center class="mb-3 p-4">
<?php if(empty($session_avatar)){ ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i>
<i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php }else{ ?>
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-fluid">
<?php } ?>
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-fluid">
<?php } ?>
<h4 class="text-secondary mt-2"><?php echo $session_user_role_display; ?></h4>
</center>
@ -73,17 +73,21 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
</div>
<div class="form-group">
<?php if($session_user_role > 1){ ?>
<div class="form-group">
<div class="form-check">
<input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if(isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
<label class="form-check-label" for="extension">Extension access enabled?</label>
<p>Note: You must log out and back in again for these changes take effect.</p>
<input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if(isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
<label class="form-check-label" for="extension">Extension access enabled?</label>
<p>Note: You must log out and back in again for these changes take effect.</p>
</div>
</div>
</div>
<?php } ?>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button>
</form>
<hr>
@ -91,54 +95,54 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<h3>2-Factor Authentication</h3>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<?php if(empty($session_token)){ ?>
<p>You have not setup 2FA, click on enable to setup 2FA.</p>
<button type="submit" name="enable_2fa" class="btn btn-primary mt-3"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
<?php }else{ ?>
<p>You have setup 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger mt-3"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
<?php } ?>
<?php } ?>
<center>
<?php
require_once('rfc6238.php');
<center>
<?php
//Generate a base32 Key
$secretkey = key32gen();
if(!empty($session_token)){
require_once('rfc6238.php');
//Generate QR Code based off the generated key
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl($session_name,' ',$session_token,$_SERVER['SERVER_NAME']));
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
//Generate a base32 Key
$secretkey = key32gen();
<?php if(!empty($session_token)){ ?>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
if(!empty($session_token)){
//Generate QR Code based off the generated key
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl($session_name,' ',$session_token,$_SERVER['SERVER_NAME']));
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
<?php if(!empty($session_token)){ ?>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
</div>
</div>
</div>
<input type="text" class="form-control" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
</div>
</div>
</div>
</form>
<?php } ?>
</form>
<?php } ?>
</div>
</div>
</div>
@ -151,22 +155,22 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<table class="table">
<tbody>
<?php
while($row = mysqli_fetch_array($sql_recent_logins)){
$log_id = $row['log_id'];
$log_ip = $row['log_ip'];
$log_user_agent = $row['log_user_agent'];
$log_created_at = $row['log_created_at'];
while($row = mysqli_fetch_array($sql_recent_logins)){
$log_id = $row['log_id'];
$log_ip = $row['log_ip'];
$log_user_agent = $row['log_user_agent'];
$log_created_at = $row['log_created_at'];
?>
<tr>
<td><i class="fa fa-fw fa-sign-in-alt text-secondary"></i> <?php echo "$log_ip - $log_user_agent"; ?></td>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
</tr>
<tr>
<td><i class="fa fa-fw fa-sign-in-alt text-secondary"></i> <?php echo "$log_ip - $log_user_agent"; ?></td>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
</tr>
<?php
}
?>
}
?>
</tbody>
</table>
<div class="card-footer">
@ -183,34 +187,34 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<table class="table">
<tbody>
<?php
while($row = mysqli_fetch_array($sql_recent_logs)){
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_description = $row['log_description'];
$log_created_at = $row['log_created_at'];
if($log_action == 'Create'){
$log_icon = "plus text-success";
}elseif($log_action == 'Modify'){
$log_icon = "edit text-info";
}elseif($log_action == 'Delete'){
$log_icon = "trash-alt text-danger";
}else{
$log_icon = "pencil";
}
while($row = mysqli_fetch_array($sql_recent_logs)){
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_description = $row['log_description'];
$log_created_at = $row['log_created_at'];
?>
<tr>
<td><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></td>
<td><?php echo $log_description; ?></td>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
</tr>
<?php
if($log_action == 'Create'){
$log_icon = "plus text-success";
}elseif($log_action == 'Modify'){
$log_icon = "edit text-info";
}elseif($log_action == 'Delete'){
$log_icon = "trash-alt text-danger";
}else{
$log_icon = "pencil";
}
?>
<tr>
<td><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></td>
<td><?php echo $log_description; ?></td>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="card-footer">

2
ticket_add_modal.php
View File

@ -70,7 +70,7 @@
<option value="0">Not Assigned</option>
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_companies WHERE users.user_id = user_companies.user_id AND user_companies.company_id = $session_company_id ORDER BY user_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_companies WHERE users.user_id = user_companies.user_id AND user_archived_at IS NULL AND user_companies.company_id = $session_company_id ORDER BY user_name ASC");
while($row = mysqli_fetch_array($sql)){
$user_id = $row['user_id'];
$user_name = $row['user_name'];