AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Misc small changes/fixes

Browse Source
This commit is contained in:
Marcus Hill
2022-03-27 22:26:22 +01:00
parent aafb6a677f
commit 9040fdf847
12 changed files with 25 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
api/v1/validate_api_key.php
View File

@@ -24,6 +24,9 @@ $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_A
// Setup return array // Setup return array
$return_arr = array(); $return_arr = array();
// Unauthorised wording
DEFINE("WORDING_UNAUTHORIZED", "HTTP/1.1 401 Unauthorized");
/* /*
* API Notes: * API Notes:
* *
@@ -48,7 +51,7 @@ if($_SERVER['REQUEST_METHOD'] !== "GET" AND $_SERVER['REQUEST_METHOD'] !== "POST
// Check API key is provided // Check API key is provided
if(!isset($_GET['api_key']) AND !isset($_POST['api_key'])){ if(!isset($_GET['api_key']) AND !isset($_POST['api_key'])){
header("HTTP/1.1 401 Unauthorized"); header(WORDING_UNAUTHORIZED);
exit(); exit();
} }
@@ -69,13 +72,13 @@ if(isset($api_key)){
// Failed // Failed
if(mysqli_num_rows($sql) !== 1){ if(mysqli_num_rows($sql) !== 1){
// Invalid Key // Invalid Key
header("HTTP/1.1 401 Unauthorized"); header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired."; $return_arr['message'] = "API Key authentication failure or expired.";
header("HTTP/1.1 401 Unauthorized"); header(WORDING_UNAUTHORIZED);
echo json_encode($return_arr); echo json_encode($return_arr);
exit(); exit();
} }

4
campaign.php
View File

@@ -18,13 +18,11 @@ if(isset($_GET['campaign_id'])){
//Set Badge color based off of campaign status //Set Badge color based off of campaign status
if($campaign_status == "Sent"){ if($campaign_status == "Sent"){
$campaign_badge_color = "warning text-white"; $campaign_badge_color = "success";
}elseif($campaign_status == "Queued"){ }elseif($campaign_status == "Queued"){
$campaign_badge_color = "info"; $campaign_badge_color = "info";
}elseif($campaign_status == "Sending"){ }elseif($campaign_status == "Sending"){
$campaign_badge_color = "primary"; $campaign_badge_color = "primary";
}elseif($campaign_status == "Sent"){
$campaign_badge_color = "success";
}else{ }else{
$campaign_badge_color = "secondary"; $campaign_badge_color = "secondary";
} }

6
campaign_track.php
View File

@@ -29,10 +29,8 @@ if(isset($_GET['message_id'])){
$sql = mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_id = $message_id AND message_hash = '$message_hash'"); $sql = mysqli_query($mysqli,"SELECT message_id FROM campaign_messages WHERE message_id = $message_id AND message_hash = '$message_hash'");
if(mysqli_num_rows($sql) == 1){ if(mysqli_num_rows($sql) == 1){
// Server variables // Server variables
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip())));
$referer = $_SERVER['HTTP_REFERER']; mysqli_query($mysqli,"UPDATE campaign_messages SET message_ip = '$ip', message_opened_at = NOW() WHERE message_id = $message_id");
$user_agent = $_SERVER['HTTP_USER_AGENT'];
mysqli_query($mysqli,"UPDATE campaign_messages SET message_ip = '$ip', message_referer = '$referer', message_user_agent = '$user_agent', message_opened_at = NOW() WHERE message_id = $message_id");
} }
} }

9
check_login.php
View File

@@ -11,7 +11,7 @@
} }
//Check to see if setup is enabled //Check to see if setup is enabled
if(!isset($config_enable_setup) or $config_enable_setup == 1){ if(!isset($config_enable_setup) || $config_enable_setup == 1){
header("Location: setup.php"); header("Location: setup.php");
exit; exit;
} }
@@ -24,11 +24,8 @@
// SESSION FINGERPRINT // SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os())); $session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
//$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device())); // User agent
//$session_user_agent = "$session_os - $session_browser";
// Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$session_user_id = $_SESSION['user_id']; $session_user_id = $_SESSION['user_id'];

2
client.php
View File

@@ -235,7 +235,7 @@ $location_phone = formatPhoneNumber($location_phone);
} }
?> ?>
</div> </div>
<?php if($session_user_role == 1 OR $session_user_role == 3){ ?> <?php if($session_user_role == 1 || $session_user_role == 3){ ?>
<div class="col-md-3 border-left"> <div class="col-md-3 border-left">
<h4 class="text-secondary">Billing</h4> <h4 class="text-secondary">Billing</h4>
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6> <h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6>

4
client_asset_add_modal.php
View File

@@ -96,7 +96,7 @@
</div> </div>
<?php } ?> <?php } ?>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'other'){ ?> <?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'other'){ ?>
<div class="form-group"> <div class="form-group">
<label>Operating System</label> <label>Operating System</label>
<div class="input-group"> <div class="input-group">
@@ -136,7 +136,7 @@
</div> </div>
</div> </div>
<?php if($_GET['type'] !== 'network' AND $_GET['type'] !== 'servers' AND $_GET['type'] !== 'other'){ ?> <?php if($_GET['type'] !== 'network' && $_GET['type'] !== 'servers' && $_GET['type'] !== 'other'){ ?>
<div class="form-group"> <div class="form-group">
<label>Assigned To</label> <label>Assigned To</label>
<div class="input-group"> <div class="input-group">

4
client_asset_copy_modal.php
View File

@@ -94,7 +94,7 @@
</div> </div>
<?php } ?> <?php } ?>
<?php if($asset_type !== 'Phone' AND $asset_type !== 'Mobile Phone' AND $asset_type !== 'Tablet' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Camera' AND $asset_type !== 'TV' AND $asset_type !== 'Other'){ ?> <?php if($asset_type !== 'Phone' && $asset_type !== 'Mobile Phone' && $asset_type !== 'Tablet' && $asset_type !== 'Access Point' && $asset_type !== 'Printer' && $asset_type !== 'Camera' && $asset_type !== 'TV' && $asset_type !== 'Other'){ ?>
<div class="form-group"> <div class="form-group">
<label>Operating System</label> <label>Operating System</label>
<div class="input-group"> <div class="input-group">
@@ -134,7 +134,7 @@
</div> </div>
</div> </div>
<?php if($asset_type !== 'Firewall/Router' AND $asset_type !== 'Switch' AND $asset_type !== 'Access Point' AND $asset_type !== 'Printer' AND $asset_type !== 'Server' AND $asset_type !== 'Virtual Machine'){ ?> <?php if($asset_type !== 'Firewall/Router' && $asset_type !== 'Switch' && $asset_type !== 'Access Point' && $asset_type !== 'Printer' && $asset_type !== 'Server' && $asset_type !== 'Virtual Machine'){ ?>
<div class="form-group"> <div class="form-group">
<label>Assigned To</label> <label>Assigned To</label>
<div class="input-group"> <div class="input-group">

2
client_overview.php
View File

@@ -74,8 +74,6 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
$contact_extension = $row['contact_extension']; $contact_extension = $row['contact_extension'];
$contact_mobile = formatPhoneNumber($row['contact_mobile']); $contact_mobile = formatPhoneNumber($row['contact_mobile']);
$contact_email = $row['contact_email']; $contact_email = $row['contact_email'];
//$client_id = $row['client_id'];
//$client_name = $row['client_name'];
$department_name = $row['department_name']; $department_name = $row['department_name'];
?> ?>

1
cron.php
View File

@@ -75,7 +75,6 @@ while($row = mysqli_fetch_array($sql_companies)){
while ($row = mysqli_fetch_row($result)) { while ($row = mysqli_fetch_row($result)) {
$sqlScript .= "INSERT INTO $table VALUES("; $sqlScript .= "INSERT INTO $table VALUES(";
for ($j = 0; $j < $columnCount; $j ++) { for ($j = 0; $j < $columnCount; $j ++) {
$row[$j] = $row[$j];
if (isset($row[$j])) { if (isset($row[$j])) {
$sqlScript .= '"' . $row[$j] . '"'; $sqlScript .= '"' . $row[$j] . '"';

6
invoices.php
View File

@@ -107,7 +107,7 @@
} }
//Date Filter //Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){ if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']); $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']); $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){ }elseif($_GET['canned_date'] == "today"){
@@ -224,7 +224,7 @@
<div class="card-body"> <div class="card-body">
<form class="mb-4" autocomplete="off"> <form class="mb-4" autocomplete="off">
<input type="hidden" name="status" value="<?php if(isset($_GET['status'])){ echo $_GET['status']; } ?>"> <input type="hidden" name="status" value="<?php if(isset($_GET['status'])){ echo strip_tags($_GET['status']); } ?>">
<div class="row"> <div class="row">
<div class="col-sm-4"> <div class="col-sm-4">
<div class="input-group"> <div class="input-group">
@@ -316,7 +316,7 @@
$now = time(); $now = time();
if(($invoice_status == "Sent" or $invoice_status == "Partial" or $invoice_status == "Viewed") and strtotime($invoice_due) + 86400 < $now ){ if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ){
$overdue_color = "text-danger font-weight-bold"; $overdue_color = "text-danger font-weight-bold";
}else{ }else{
$overdue_color = ""; $overdue_color = "";

7
post.php
View File

@@ -1135,7 +1135,6 @@ if(isset($_GET['download_database'])){
while ($row = mysqli_fetch_row($result)) { while ($row = mysqli_fetch_row($result)) {
$sqlScript .= "INSERT INTO $table VALUES("; $sqlScript .= "INSERT INTO $table VALUES(";
for ($j = 0; $j < $columnCount; $j ++) { for ($j = 0; $j < $columnCount; $j ++) {
$row[$j] = $row[$j];
if (isset($row[$j])) { if (isset($row[$j])) {
$sqlScript .= '"' . $row[$j] . '"'; $sqlScript .= '"' . $row[$j] . '"';
@@ -1391,7 +1390,7 @@ if(isset($_POST['edit_client'])){
//Add new tags //Add new tags
foreach($_POST['tags'] as $tag){ foreach($_POST['tags'] as $tag){
intval($tag); $tag = intval($tag);
mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag"); mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
} }
@@ -1938,7 +1937,7 @@ if(isset($_POST['edit_campaign'])){
//Create Recipient List based off tags selected //Create Recipient List based off tags selected
if(isset($_POST['tags'])){ if(isset($_POST['tags'])){
foreach($_POST['tags'] as $tag){ foreach($_POST['tags'] as $tag){
intval($tag); $tag = intval($tag);
$sql = mysqli_query($mysqli,"SELECT * FROM clients $sql = mysqli_query($mysqli,"SELECT * FROM clients
LEFT JOIN contacts ON contacts.contact_id = clients.primary_contact LEFT JOIN contacts ON contacts.contact_id = clients.primary_contact
@@ -6744,7 +6743,7 @@ if(isset($_POST['add_file'])){
// get details of the uploaded file // get details of the uploaded file
$file_error = 0; $file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name']; $file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_FILES['file']['name'])));
$file_size = $_FILES['file']['size']; $file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type']; $file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name']))); $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));

4
side_nav.php
View File

@@ -48,7 +48,7 @@
<form class="form-inline mb-2" action="global_search.php"> <form class="form-inline mb-2" action="global_search.php">
<div class="input-group"> <div class="input-group">
<input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo $_GET['query']; } ?>"> <input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo strip_tags($_GET['query']); } ?>">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-sidebar" type="submit"> <button class="btn btn-sidebar" type="submit">
<i class="fas fa-search"></i> <i class="fas fa-search"></i>
@@ -127,7 +127,7 @@
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="recurring_invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php" OR basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php") { echo "active"; } ?>"> <a href="recurring_invoices.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "recurring_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-sync-alt"></i> <i class="nav-icon fas fa-sync-alt"></i>
<p>Recurring</p> <p>Recurring</p>
</a> </a>