mirror of
https://github.com/itflow-org/itflow
synced 2026-03-01 11:24:52 +00:00
DB Structure update, Hide Passwords under client logins until eyeball is clicked to reveal password, prevent the looking over your shoulder type attack, Added Install Date to Assets, reworked client assets listing to include Operating System and Install Date
This commit is contained in:
johnnyq
@@ -229,6 +229,16 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label>Install Date</label>
|
||||||
|
<div class="input-group">
|
||||||
|
<div class="input-group-prepend">
|
||||||
|
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
|
||||||
|
</div>
|
||||||
|
<input type="date" class="form-control" name="install_date">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label>Purchase Date</label>
|
<label>Purchase Date</label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
|
|||||||
@@ -87,8 +87,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
|||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_name&o=<?php echo $disp; ?>">Name</a></th>
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_name&o=<?php echo $disp; ?>">Name</a></th>
|
||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_type&o=<?php echo $disp; ?>">Type</a></th>
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_type&o=<?php echo $disp; ?>">Type</a></th>
|
||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_make&o=<?php echo $disp; ?>">Make/Model</a></th>
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_make&o=<?php echo $disp; ?>">Make/Model</a></th>
|
||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_ip&o=<?php echo $disp; ?>">Primary IP</a></th>
|
|
||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_serial&o=<?php echo $disp; ?>">Serial Number</a></th>
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_serial&o=<?php echo $disp; ?>">Serial Number</a></th>
|
||||||
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_os&o=<?php echo $disp; ?>">Operating System</a></th>
|
||||||
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=asset_install_date&o=<?php echo $disp; ?>">Install Date</a></th>
|
||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_name&o=<?php echo $disp; ?>">Contact</a></th>
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=contact_name&o=<?php echo $disp; ?>">Contact</a></th>
|
||||||
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=location_name&o=<?php echo $disp; ?>">Location</a></th>
|
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=location_name&o=<?php echo $disp; ?>">Location</a></th>
|
||||||
<th class="text-center">Action</th>
|
<th class="text-center">Action</th>
|
||||||
@@ -110,6 +111,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
|||||||
$asset_serial_display = $asset_serial;
|
$asset_serial_display = $asset_serial;
|
||||||
}
|
}
|
||||||
$asset_os = $row['asset_os'];
|
$asset_os = $row['asset_os'];
|
||||||
|
if(empty($asset_os)){
|
||||||
|
$asset_os_display = "-";
|
||||||
|
}else{
|
||||||
|
$asset_os_display = $asset_os;
|
||||||
|
}
|
||||||
$asset_ip = $row['asset_ip'];
|
$asset_ip = $row['asset_ip'];
|
||||||
if(empty($asset_ip)){
|
if(empty($asset_ip)){
|
||||||
$asset_ip_display = "-";
|
$asset_ip_display = "-";
|
||||||
@@ -119,6 +125,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
|||||||
$asset_mac = $row['asset_mac'];
|
$asset_mac = $row['asset_mac'];
|
||||||
$asset_purchase_date = $row['asset_purchase_date'];
|
$asset_purchase_date = $row['asset_purchase_date'];
|
||||||
$asset_warranty_expire = $row['asset_warranty_expire'];
|
$asset_warranty_expire = $row['asset_warranty_expire'];
|
||||||
|
$asset_install_date = $row['asset_install_date'];
|
||||||
|
if(empty($asset_install_date)){
|
||||||
|
$asset_install_date_display = "-";
|
||||||
|
}else{
|
||||||
|
$asset_install_date_display = $asset_install_date;
|
||||||
|
}
|
||||||
$asset_notes = $row['asset_notes'];
|
$asset_notes = $row['asset_notes'];
|
||||||
$asset_created_at = $row['asset_created_at'];
|
$asset_created_at = $row['asset_created_at'];
|
||||||
$asset_vendor_id = $row['asset_vendor_id'];
|
$asset_vendor_id = $row['asset_vendor_id'];
|
||||||
@@ -216,8 +228,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
|||||||
</th>
|
</th>
|
||||||
<td><?php echo $asset_type; ?></td>
|
<td><?php echo $asset_type; ?></td>
|
||||||
<td><?php echo "$asset_make $asset_model"; ?></td>
|
<td><?php echo "$asset_make $asset_model"; ?></td>
|
||||||
<td><?php echo $asset_ip_display; ?></td>
|
|
||||||
<td><?php echo $asset_serial_display; ?></td>
|
<td><?php echo $asset_serial_display; ?></td>
|
||||||
|
<td><?php echo $asset_os_display; ?></td>
|
||||||
|
<td><?php echo $asset_install_date_display; ?></td>
|
||||||
<td><?php echo $contact_name; ?></td>
|
<td><?php echo $contact_name; ?></td>
|
||||||
<td><?php echo $location_name; ?></td>
|
<td><?php echo $location_name; ?></td>
|
||||||
<td>
|
<td>
|
||||||
|
|||||||
@@ -135,7 +135,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
|||||||
</td>
|
</td>
|
||||||
<td><?php echo $login_uri_display; ?></td>
|
<td><?php echo $login_uri_display; ?></td>
|
||||||
<td><?php echo $login_username_display; ?></td>
|
<td><?php echo $login_username_display; ?></td>
|
||||||
<td><?php echo $login_password; ?><button class="btn btn-sm"><i class="far fa-eye text-secondary"></i></button><button class="btn btn-sm" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
|
<td>
|
||||||
|
<a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
|
||||||
</td>
|
</td>
|
||||||
<td><?php echo $otp_display; ?></td>
|
<td><?php echo $otp_display; ?></td>
|
||||||
<td>
|
<td>
|
||||||
|
|||||||
3
db.sql
3
db.sql
@@ -73,6 +73,7 @@ CREATE TABLE `assets` (
|
|||||||
`asset_mac` varchar(17) DEFAULT NULL,
|
`asset_mac` varchar(17) DEFAULT NULL,
|
||||||
`asset_purchase_date` date DEFAULT NULL,
|
`asset_purchase_date` date DEFAULT NULL,
|
||||||
`asset_warranty_expire` date DEFAULT NULL,
|
`asset_warranty_expire` date DEFAULT NULL,
|
||||||
|
`asset_install_date` date DEFAULT NULL,
|
||||||
`asset_reciept` varchar(200) DEFAULT NULL,
|
`asset_reciept` varchar(200) DEFAULT NULL,
|
||||||
`asset_notes` text DEFAULT NULL,
|
`asset_notes` text DEFAULT NULL,
|
||||||
`asset_created_at` datetime NOT NULL,
|
`asset_created_at` datetime NOT NULL,
|
||||||
@@ -1099,4 +1100,4 @@ CREATE TABLE `vendors` (
|
|||||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||||
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
||||||
|
|
||||||
-- Dump completed on 2021-11-19 20:43:27
|
-- Dump completed on 2021-12-08 22:12:04
|
||||||
|
|||||||
@@ -228,6 +228,16 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label>Install Date</label>
|
||||||
|
<div class="input-group">
|
||||||
|
<div class="input-group-prepend">
|
||||||
|
<span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
|
||||||
|
</div>
|
||||||
|
<input type="date" class="form-control" name="install_date" value="<?php echo $asset_install_date; ?>">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label>Purchase Date</label>
|
<label>Purchase Date</label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
|
|||||||
@@ -73,3 +73,8 @@ clipboard.on('error', function(e) {
|
|||||||
setTooltip(e.trigger, 'Failed!');
|
setTooltip(e.trigger, 'Failed!');
|
||||||
hideTooltip(e.trigger);
|
hideTooltip(e.trigger);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Enable Popovers
|
||||||
|
$(function () {
|
||||||
|
$('[data-toggle="popover"]').popover()
|
||||||
|
})
|
||||||
|
|||||||
12
post.php
12
post.php
@@ -4009,9 +4009,13 @@ if(isset($_POST['add_asset'])){
|
|||||||
if(empty($warranty_expire)){
|
if(empty($warranty_expire)){
|
||||||
$warranty_expire = "0000-00-00";
|
$warranty_expire = "0000-00-00";
|
||||||
}
|
}
|
||||||
|
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
|
||||||
|
if(empty($install_date)){
|
||||||
|
$install_date = "0000-00-00";
|
||||||
|
}
|
||||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
||||||
|
|
||||||
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = $session_company_id");
|
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = $session_company_id");
|
||||||
|
|
||||||
if(!empty($_POST['username'])) {
|
if(!empty($_POST['username'])) {
|
||||||
$asset_id = mysqli_insert_id($mysqli);
|
$asset_id = mysqli_insert_id($mysqli);
|
||||||
@@ -4056,11 +4060,15 @@ if(isset($_POST['edit_asset'])){
|
|||||||
if(empty($warranty_expire)){
|
if(empty($warranty_expire)){
|
||||||
$warranty_expire = "0000-00-00";
|
$warranty_expire = "0000-00-00";
|
||||||
}
|
}
|
||||||
|
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
|
||||||
|
if(empty($install_date)){
|
||||||
|
$install_date = "0000-00-00";
|
||||||
|
}
|
||||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
||||||
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
|
$username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
|
||||||
$password = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['password'])));
|
$password = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['password'])));
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND company_id = $session_company_id");
|
||||||
|
|
||||||
//If login exists then update the login
|
//If login exists then update the login
|
||||||
if($login_id > 0){
|
if($login_id > 0){
|
||||||
|
|||||||
@@ -74,9 +74,18 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
|
|||||||
</div>
|
</div>
|
||||||
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button>
|
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button>
|
||||||
|
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<form class="p-3" action="post.php" method="post" autocomplete="off">
|
<form class="p-3" action="post.php" method="post" autocomplete="off">
|
||||||
|
|
||||||
|
<?php if(empty($session_token)){ ?>
|
||||||
|
<button type="submit" name="enable_2fa" class="btn btn-primary mt-3 float-right"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
|
||||||
|
<?php }else{ ?>
|
||||||
|
<button type="submit" name="disable_2fa" class="btn btn-danger mt-3 float-right"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
|
||||||
|
<?php } ?>
|
||||||
|
|
||||||
|
<center>
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require_once('rfc6238.php');
|
require_once('rfc6238.php');
|
||||||
@@ -85,38 +94,34 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
|
|||||||
$secretkey = key32gen();
|
$secretkey = key32gen();
|
||||||
|
|
||||||
if(!empty($session_token)){
|
if(!empty($session_token)){
|
||||||
|
|
||||||
//Generate QR Code based off the generated key
|
//Generate QR Code based off the generated key
|
||||||
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('','',$session_token,$config_company_name));
|
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl($session_name,' ',$session_token,$_SERVER['SERVER_NAME']));
|
||||||
|
|
||||||
echo "<p class='text-secondary'>$session_token</p>";
|
echo "<p class='text-secondary'>$session_token</p>";
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
</center>
|
||||||
|
|
||||||
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
|
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
|
||||||
<hr>
|
|
||||||
|
|
||||||
<?php if(empty($session_token)){ ?>
|
|
||||||
<button type="submit" name="enable_2fa" class="btn btn-primary"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
|
|
||||||
<?php }else{ ?>
|
|
||||||
<button type="submit" name="disable_2fa" class="btn btn-danger"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<?php if(!empty($session_token)){ ?>
|
<?php if(!empty($session_token)){ ?>
|
||||||
<form class="p-3" action="post.php" method="post" autocomplete="off">
|
<form class="p-3" action="post.php" method="post" autocomplete="off">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label>Verify 2FA is Working</label>
|
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<div class="input-group-prepend">
|
<div class="input-group-prepend">
|
||||||
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
|
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
|
||||||
</div>
|
</div>
|
||||||
<input type="text" class="form-control" name="code" placeholder="Enter Code" required>
|
<input type="text" class="form-control" name="code" placeholder="Verify Code" required>
|
||||||
|
<div class="input-group-append">
|
||||||
|
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<hr>
|
|
||||||
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
|
|
||||||
</form>
|
</form>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Reference in New Issue
Block a user