AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DB Structure update, Hide Passwords under client logins until eyeball is clicked to reveal password, prevent the looking over your shoulder type attack, Added Install Date to Assets, reworked client assets listing to include Operating System and Install Date

This commit is contained in:
johnnyq 2021-12-08 22:15:20 -05:00
parent b9fc4ea2bc
commit 85cdc42d0f
8 changed files with 74 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
add_asset_modal.php
View File

@ -229,6 +229,16 @@
</div>
</div>
<div class="form-group">
<label>Install Date</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="install_date">
</div>
</div>
<div class="form-group">
<label>Purchase Date</label>
<div class="input-group">

17
client_assets.php
View File

@ -87,8 +87,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_type&o=<?php echo $disp; ?>">Type</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_make&o=<?php echo $disp; ?>">Make/Model</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_ip&o=<?php echo $disp; ?>">Primary IP</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_serial&o=<?php echo $disp; ?>">Serial Number</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_os&o=<?php echo $disp; ?>">Operating System</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_install_date&o=<?php echo $disp; ?>">Install Date</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_name&o=<?php echo $disp; ?>">Contact</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=location_name&o=<?php echo $disp; ?>">Location</a></th>
<th class="text-center">Action</th>
@ -110,6 +111,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$asset_serial_display = $asset_serial;
}
$asset_os = $row['asset_os'];
if(empty($asset_os)){
$asset_os_display = "-";
}else{
$asset_os_display = $asset_os;
}
$asset_ip = $row['asset_ip'];
if(empty($asset_ip)){
$asset_ip_display = "-";
@ -119,6 +125,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$asset_mac = $row['asset_mac'];
$asset_purchase_date = $row['asset_purchase_date'];
$asset_warranty_expire = $row['asset_warranty_expire'];
$asset_install_date = $row['asset_install_date'];
if(empty($asset_install_date)){
$asset_install_date_display = "-";
}else{
$asset_install_date_display = $asset_install_date;
}
$asset_notes = $row['asset_notes'];
$asset_created_at = $row['asset_created_at'];
$asset_vendor_id = $row['asset_vendor_id'];
@ -216,8 +228,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</th>
<td><?php echo $asset_type; ?></td>
<td><?php echo "$asset_make $asset_model"; ?></td>
<td><?php echo $asset_ip_display; ?></td>
<td><?php echo $asset_serial_display; ?></td>
<td><?php echo $asset_os_display; ?></td>
<td><?php echo $asset_install_date_display; ?></td>
<td><?php echo $contact_name; ?></td>
<td><?php echo $location_name; ?></td>
<td>

3
client_logins.php
View File

@ -135,7 +135,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $login_username_display; ?></td>
<td><?php echo $login_password; ?><button class="btn btn-sm"><i class="far fa-eye text-secondary"></i></button><button class="btn btn-sm" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
<td>
<a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
</td>
<td><?php echo $otp_display; ?></td>
<td>

3
db.sql
View File

@ -73,6 +73,7 @@ CREATE TABLE `assets` (
`asset_mac` varchar(17) DEFAULT NULL,
`asset_purchase_date` date DEFAULT NULL,
`asset_warranty_expire` date DEFAULT NULL,
`asset_install_date` date DEFAULT NULL,
`asset_reciept` varchar(200) DEFAULT NULL,
`asset_notes` text DEFAULT NULL,
`asset_created_at` datetime NOT NULL,
@ -1099,4 +1100,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2021-11-19 20:43:27
-- Dump completed on 2021-12-08 22:12:04

10
edit_asset_modal.php
View File

@ -228,6 +228,16 @@
</div>
</div>
<div class="form-group">
<label>Install Date</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
</div>
<input type="date" class="form-control" name="install_date" value="<?php echo $asset_install_date; ?>">
</div>
</div>
<div class="form-group">
<label>Purchase Date</label>
<div class="input-group">

7
js/app.js
View File

@ -72,4 +72,9 @@ clipboard.on('success', function(e) {
clipboard.on('error', function(e) {
setTooltip(e.trigger, 'Failed!');
hideTooltip(e.trigger);
});
});
// Enable Popovers
$(function () {
$('[data-toggle="popover"]').popover()
})

12
post.php
View File

@ -4009,9 +4009,13 @@ if(isset($_POST['add_asset'])){
if(empty($warranty_expire)){
$warranty_expire = "0000-00-00";
}
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
if(empty($install_date)){
$install_date = "0000-00-00";
}
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = $session_company_id");
if(!empty($_POST['username'])) {
$asset_id = mysqli_insert_id($mysqli);
@ -4056,11 +4060,15 @@ if(isset($_POST['edit_asset'])){
if(empty($warranty_expire)){
$warranty_expire = "0000-00-00";
}
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
if(empty($install_date)){
$install_date = "0000-00-00";
}
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
$password = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['password'])));
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND company_id = $session_company_id");
//If login exists then update the login
if($login_id > 0){

33
settings-user.php
View File

@ -29,7 +29,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php }else{ ?>
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle img-fluid">
<?php } ?>
<?php } ?>
<h4 class="text-secondary mt-2"><?php echo $session_permission_level_display; ?></h4>
</center>
@ -72,11 +72,20 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<label>Avatar</label>
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
</div>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button>
</form>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<?php if(empty($session_token)){ ?>
<button type="submit" name="enable_2fa" class="btn btn-primary mt-3 float-right"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
<?php }else{ ?>
<button type="submit" name="disable_2fa" class="btn btn-danger mt-3 float-right"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
<?php } ?>
<center>
<?php
require_once('rfc6238.php');
@ -85,38 +94,34 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
$secretkey = key32gen();
if(!empty($session_token)){
//Generate QR Code based off the generated key
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('','',$session_token,$config_company_name));
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl($session_name,' ',$session_token,$_SERVER['SERVER_NAME']));
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
<hr>
<?php if(empty($session_token)){ ?>
<button type="submit" name="enable_2fa" class="btn btn-primary"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
<?php }else{ ?>
<button type="submit" name="disable_2fa" class="btn btn-danger"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
<?php } ?>
</form>
<?php if(!empty($session_token)){ ?>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<div class="form-group">
<label>Verify 2FA is Working</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="code" placeholder="Enter Code" required>
<input type="text" class="form-control" name="code" placeholder="Verify Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
</div>
</div>
</div>
<hr>
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
</form>
<?php } ?>
</div>