AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Misc small changes/fixes

This commit is contained in:
Marcus Hill 2022-03-27 22:26:22 +01:00
parent aafb6a677f
commit 9040fdf847
12 changed files with 25 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/v1/validate_api_key.php
View File

@ -24,6 +24,9 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_A
// Setup return array
$return_arr = array();
// Unauthorised wording
DEFINE("WORDING_UNAUTHORIZED", "HTTP/1.1 401 Unauthorized");
/*
* API Notes:
*
@ -48,7 +51,7 @@ if($_SERVER['REQUEST_METHOD'] !== "GET" AND $_SERVER['REQUEST_METHOD'] !== "POST
// Check API key is provided
if(!isset($_GET['api_key']) AND !isset($_POST['api_key'])){
header("HTTP/1.1 401 Unauthorized");
header(WORDING_UNAUTHORIZED);
exit();
}
@ -69,13 +72,13 @@ if(isset($api_key)){
// Failed
if(mysqli_num_rows($sql) !== 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";
header("HTTP/1.1 401 Unauthorized");
header(WORDING_UNAUTHORIZED);
echo json_encode($return_arr);
exit();
}

4
campaign.php
View File

@ -18,13 +18,11 @@ if(isset($_GET['campaign_id'])){
//Set Badge color based off of campaign status
if($campaign_status == "Sent"){
$campaign_badge_color = "warning text-white";
$campaign_badge_color = "success";
}elseif($campaign_status == "Queued"){
$campaign_badge_color = "info";
}elseif($campaign_status == "Sending"){
$campaign_badge_color = "primary";
}elseif($campaign_status == "Sent"){
$campaign_badge_color = "success";
}else{
$campaign_badge_color = "secondary";
}

6
campaign_track.php
View File

@ -29,10 +29,8 @@ if(isset($_GET['message_id'])){
$sql = mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_id = $message_id AND message_hash = '$message_hash'");
if(mysqli_num_rows($sql) == 1){
// Server variables
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$referer = $_SERVER['HTTP_REFERER'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
mysqli_query($mysqli,"UPDATE campaign_messages SET message_ip = '$ip', message_referer = '$referer', message_user_agent = '$user_agent', message_opened_at = NOW() WHERE message_id = $message_id");
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip())));
mysqli_query($mysqli,"UPDATE campaign_messages SET message_ip = '$ip', message_opened_at = NOW() WHERE message_id = $message_id");
}
}

9
check_login.php
View File

@ -11,7 +11,7 @@
}
//Check to see if setup is enabled
if(!isset($config_enable_setup) or $config_enable_setup == 1){
if(!isset($config_enable_setup) || $config_enable_setup == 1){
header("Location: setup.php");
exit;
}
@ -24,11 +24,8 @@
// SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
//$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
//$session_user_agent = "$session_os - $session_browser";
// Get user agent
// User agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$session_user_id = $_SESSION['user_id'];

2
client.php
View File

@ -235,7 +235,7 @@ $location_phone = formatPhoneNumber($location_phone);
}
?>
</div>
<?php if($session_user_role == 1 OR $session_user_role == 3){ ?>
<?php if($session_user_role == 1 || $session_user_role == 3){ ?>
<div class="col-md-3 border-left">
<h4 class="text-secondary">Billing</h4>
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6>

4
client_asset_add_modal.php
View File

@ -96,7 +96,7 @@
</div>
<?php } ?>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'other'){ ?>
<?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'other'){ ?>
<div class="form-group">
<label>Operating System</label>
<div class="input-group">
@ -136,7 +136,7 @@
</div>
</div>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'servers' AND $_GET['type'] !== 'other'){ ?>
<?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'servers' && $_GET['type'] !== 'other'){ ?>
<div class="form-group">
<label>Assigned To</label>
<div class="input-group">

4
client_asset_copy_modal.php
View File

@ -94,7 +94,7 @@
</div>
<?php } ?>
<?php if($asset_type !== 'Phone' AND $asset_type !== 'Mobile Phone' AND $asset_type !== 'Tablet' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Camera' AND $asset_type !== 'TV' AND $asset_type !== 'Other'){ ?>
<?php if($asset_type !== 'Phone' && $asset_type !== 'Mobile Phone' && $asset_type !== 'Tablet' && $asset_type !== 'Access Point' && $asset_type !== 'Printer' && $asset_type !== 'Camera' && $asset_type !== 'TV' && $asset_type !== 'Other'){ ?>
<div class="form-group">
<label>Operating System</label>
<div class="input-group">
@ -134,7 +134,7 @@
</div>
</div>
<?php if($asset_type !== 'Firewall/Router' AND $asset_type !== 'Switch' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Server' AND $asset_type !== 'Virtual Machine'){ ?>
<?php if($asset_type !== 'Firewall/Router' && $asset_type !== 'Switch' && $asset_type !== 'Access Point' && $asset_type !== 'Printer' && $asset_type !== 'Server' && $asset_type !== 'Virtual Machine'){ ?>
<div class="form-group">
<label>Assigned To</label>
<div class="input-group">

2
client_overview.php
View File

@ -74,8 +74,6 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
$contact_extension = $row['contact_extension'];
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email'];
//$client_id = $row['client_id'];
//$client_name = $row['client_name'];
$department_name = $row['department_name'];
?>

1
cron.php
View File

@ -75,7 +75,6 @@ while($row = mysqli_fetch_array($sql_companies)){
while ($row = mysqli_fetch_row($result)) {
$sqlScript .= "INSERT INTO $table VALUES(";
for ($j = 0; $j < $columnCount; $j ++) {
$row[$j] = $row[$j];
if (isset($row[$j])) {
$sqlScript .= '"' . $row[$j] . '"';

6
invoices.php
View File

@ -107,7 +107,7 @@
}
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){
@ -224,7 +224,7 @@
<div class="card-body">
<form class="mb-4" autocomplete="off">
<input type="hidden" name="status" value="<?php if(isset($_GET['status'])){ echo $_GET['status']; } ?>">
<input type="hidden" name="status" value="<?php if(isset($_GET['status'])){ echo strip_tags($_GET['status']); } ?>">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
@ -316,7 +316,7 @@
$now = time();
if(($invoice_status == "Sent" or $invoice_status == "Partial" or $invoice_status == "Viewed") and strtotime($invoice_due) + 86400 < $now ){
if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ){
$overdue_color = "text-danger font-weight-bold";
}else{
$overdue_color = "";

7
post.php
View File

@ -1135,7 +1135,6 @@ if(isset($_GET['download_database'])){
while ($row = mysqli_fetch_row($result)) {
$sqlScript .= "INSERT INTO $table VALUES(";
for ($j = 0; $j < $columnCount; $j ++) {
$row[$j] = $row[$j];
if (isset($row[$j])) {
$sqlScript .= '"' . $row[$j] . '"';
@ -1391,7 +1390,7 @@ if(isset($_POST['edit_client'])){
//Add new tags
foreach($_POST['tags'] as $tag){
intval($tag);
$tag = intval($tag);
mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
}
@ -1938,7 +1937,7 @@ if(isset($_POST['edit_campaign'])){
//Create Recipient List based off tags selected
if(isset($_POST['tags'])){
foreach($_POST['tags'] as $tag){
intval($tag);
$tag = intval($tag);
$sql = mysqli_query($mysqli,"SELECT * FROM clients
LEFT JOIN contacts ON contacts.contact_id = clients.primary_contact
@ -6744,7 +6743,7 @@ if(isset($_POST['add_file'])){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_FILES['file']['name'])));
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));

4
side_nav.php
View File

@ -48,7 +48,7 @@
<form class="form-inline mb-2" action="global_search.php">
<div class="input-group">
<input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo $_GET['query']; } ?>">
<input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo strip_tags($_GET['query']); } ?>">
<div class="input-group-append">
<button class="btn btn-sidebar" type="submit">
<i class="fas fa-search"></i>
@ -127,7 +127,7 @@
</a>
</li>
<li class="nav-item">
<a href="recurring_invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php" OR basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php") { echo "active"; } ?>">
<a href="recurring_invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-sync-alt"></i>
<p>Recurring</p>
</a>