AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moved user items to user directory

This commit is contained in:
johnnyq 2025-07-28 17:57:06 -04:00
parent 0494bfc1cf
commit 95950700d8
407 changed files with 701 additions and 670 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/includes/side_nav.php
View File

@ -1,6 +1,6 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
<a class="brand-link pb-1 mt-1" href="../">
<a class="brand-link pb-1 mt-1" href="../user">
<p class="h6">
<i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
<span class="brand-text">

0
modals/admin_ai_model_add_modal.php → admin/modals/admin_ai_model_add_modal.php
View File

0
modals/admin_ai_provider_add_modal.php → admin/modals/admin_ai_provider_add_modal.php
View File

0
modals/admin_api_key_add_modal.php → admin/modals/admin_api_key_add_modal.php
View File

0
modals/admin_category_add_modal.php → admin/modals/admin_category_add_modal.php
View File

0
modals/admin_custom_link_add_modal.php → admin/modals/admin_custom_link_add_modal.php
View File

0
modals/admin_document_template_add_modal.php → admin/modals/admin_document_template_add_modal.php
View File

0
modals/admin_payment_method_add_modal.php → admin/modals/admin_payment_method_add_modal.php
View File

0
modals/admin_payment_provider_add_modal.php → admin/modals/admin_payment_provider_add_modal.php
View File

0
modals/admin_project_template_add_modal.php → admin/modals/admin_project_template_add_modal.php
View File

0
modals/admin_project_template_edit_modal.php → admin/modals/admin_project_template_edit_modal.php
View File

0
modals/admin_project_template_ticket_template_add_modal.php → admin/modals/admin_project_template_ticket_template_add_modal.php
View File

0
modals/admin_role_add_modal.php → admin/modals/admin_role_add_modal.php
View File

0
modals/admin_software_template_add_modal.php → admin/modals/admin_software_template_add_modal.php
View File

0
modals/admin_tag_add_modal.php → admin/modals/admin_tag_add_modal.php
View File

0
modals/admin_tax_add_modal.php → admin/modals/admin_tax_add_modal.php
View File

0
modals/admin_ticket_status_add_modal.php → admin/modals/admin_ticket_status_add_modal.php
View File

0
modals/admin_ticket_template_add_modal.php → admin/modals/admin_ticket_template_add_modal.php
View File

0
modals/admin_ticket_template_edit_modal.php → admin/modals/admin_ticket_template_edit_modal.php
View File

0
modals/admin_user_add_modal.php → admin/modals/admin_user_add_modal.php
View File

0
modals/admin_user_all_reset_password_modal.php → admin/modals/admin_user_all_reset_password_modal.php
View File

0
modals/admin_user_archive_modal.php → admin/modals/admin_user_archive_modal.php
View File

0
modals/admin_user_export_modal.php → admin/modals/admin_user_export_modal.php
View File

0
modals/admin_user_invite_modal.php → admin/modals/admin_user_invite_modal.php
View File

0
modals/admin_vendor_template_add_modal.php → admin/modals/admin_vendor_template_add_modal.php
View File

9
admin/post.php
View File

@ -31,3 +31,12 @@ if (isset($session_is_admin) && $session_is_admin) {
include_once "post/$module.php";
}
// Logout is the same for user and admin
require_once "../post/logout.php";
// TODO: Find a home for these
require_once "../post/ai.php";
require_once "../post/misc.php";

151
admin_role.php
View File

@ -1,151 +0,0 @@
<?php
// Default Column Sortby Filter
$sort = "role_is_admin";
$order = "DESC";
require_once "includes/inc_all_admin.php";
$sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM user_roles
WHERE (role_name LIKE '%$q%' OR role_description LIKE '%$q%')
AND role_archived_at IS NULL
ORDER BY $sort $order LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<div class="alert alert-info text-center"><strong>Roles are still in development. Permissions may not be fully enforced.</strong></div>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fas fa-fw fa-user-shield mr-2"></i>Roles</h3>
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addRoleModal">
<i class="fas fa-fw fa-user-plus mr-2"></i>New Role
</button>
</div>
</div>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<div class="row">
<div class="col-md-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Roles">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
</div>
</form>
<hr>
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?> text-nowrap">
<tr>
<th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
</a>
</th>
<th>Members</th>
<th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_is_admin&order=<?php echo $disp; ?>">
Admin <?php if ($sort == 'role_is_admin') { echo $order_icon; } ?>
</a>
</th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql)) {
$role_id = intval($row['role_id']);
$role_name = nullable_htmlentities($row['role_name']);
$role_description = nullable_htmlentities($row['role_description']);
$role_admin = intval($row['role_is_admin']);
$role_archived_at = nullable_htmlentities($row['role_archived_at']);
// Count number of users that have each role
$sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
$role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
$sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
// Initialize an empty array to hold user names
$user_names = [];
// Fetch each row and store the user_name in the array
while($row = mysqli_fetch_assoc($sql_users)) {
$user_names[] = nullable_htmlentities($row['user_name']);
}
// Convert the array of user names to a comma-separated string
$user_names_string = implode(",", $user_names);
if (empty($user_names_string)) {
$user_names_string = "-";
}
?>
<tr>
<td>
<a class="text-dark text-bold" href="#" data-toggle="modal" data-target="#editRoleModal<?php echo $role_id; ?>">
<?php echo $role_name; ?>
</a>
<div class="text-secondary"><?php echo $role_description; ?></div>
</td>
<td><?php echo $user_names_string; ?></td>
<td><?php echo $role_admin ? 'Yes' : 'No' ; ?></td>
<td>
<?php if ($role_id !== 3) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_role_edit.php"
data-ajax-id="<?php echo $role_id; ?>"
>
<i class="fas fa-fw fa-user-edit mr-2"></i>Edit
</a>
<?php if (empty($role_archived_at) && $role_user_count == 0) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_role=<?php echo $role_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>
</div>
</div>
<?php } ?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
<?php require_once "includes/filter_footer.php";
?>
</div>
</div>
<?php
require_once "modals/admin_role_add_modal.php";
require_once "includes/footer.php";

239
admin_user.php
View File

@ -1,239 +0,0 @@
<?php
// Default Column Sortby Filter
$sort = "user_name";
$order = "ASC";
require_once "includes/inc_all_admin.php";
$sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS * FROM users
LEFT JOIN user_roles ON user_role_id = role_id
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
WHERE (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
AND user_type = 1
AND user_archived_at IS NULL
ORDER BY $sort $order LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fas fa-fw fa-users mr-2"></i>Users</h3>
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addUserModal">
<i class="fas fa-fw fa-user-plus mr-2"></i>New User
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<!--<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#userInviteModal"><i class="fas fa-paper-plane mr-2"></i>Invite User</a>-->
<?php if ($num_rows[0] > 1) { ?>
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#exportUserModal"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#resetAllUserPassModal"><i class="fas fa-skull-crossbones mr-2"></i>IR</a>
<?php } ?>
</div>
</div>
</div>
</div>
<div class="card-body">
<form class="mb-4" autocomplete="off">
<div class="row">
<div class="col-md-4">
<div class="input-group">
<input type="search" class="form-control" name="q" value="<?php if (isset($q)) {echo stripslashes(nullable_htmlentities($q));} ?>" placeholder="Search Users">
<div class="input-group-append">
<button class="btn btn-primary"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
<div class="col-md-8">
</div>
</div>
</form>
<hr>
<div class="table-responsive-sm">
<table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
<tr>
<th class="text-center">
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_name&order=<?php echo $disp; ?>">
Name <?php if ($sort == 'user_name') { echo $order_icon; } ?>
</a>
</th>
<th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_email&order=<?php echo $disp; ?>">
Email <?php if ($sort == 'user_email') { echo $order_icon; } ?>
</a>
</th>
<th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
</a>
</th>
<th>
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_status&order=<?php echo $disp; ?>">
Status <?php if ($sort == 'user_status') { echo $order_icon; } ?>
</a>
</th>
<th class="text-center">MFA</th>
<th>
Last Login
</th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql)) {
$user_id = intval($row['user_id']);
$user_name = nullable_htmlentities($row['user_name']);
$user_email = nullable_htmlentities($row['user_email']);
$user_status = intval($row['user_status']);
if ($user_status == 2) {
$user_status_display = "<span class='text-info'>Invited</span>";
} elseif ($user_status == 1) {
$user_status_display = "<span class='text-success'>Active</span>";
} else{
$user_status_display = "<span class='text-danger'>Disabled</span>";
}
$user_avatar = nullable_htmlentities($row['user_avatar']);
$user_token = nullable_htmlentities($row['user_token']);
if(empty($user_token)) {
$mfa_status_display = "<i class='fas fa-fw fa-unlock text-danger'></i>";
} else {
$mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>";
}
$user_config_force_mfa = intval($row['user_config_force_mfa']);
$user_role = intval($row['user_role_id']);
$user_role_display = nullable_htmlentities($row['role_name']);
$user_initials = nullable_htmlentities(initials($user_name));
$sql_last_login = mysqli_query(
$mysqli,
"SELECT * FROM logs
WHERE log_user_id = $user_id AND log_type = 'Login'
ORDER BY log_id DESC LIMIT 1"
);
if (mysqli_num_rows($sql_last_login) == 0) {
$last_login = "<span class='text-bold'>Never logged in</span>";
} else {
$row = mysqli_fetch_array($sql_last_login);
$log_created_at = nullable_htmlentities($row['log_created_at']);
$log_ip = nullable_htmlentities($row['log_ip']);
$log_user_agent = nullable_htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent);
$last_login = "$log_created_at<small class='text-secondary'><div class='mt-1'>$log_user_os</div><div class='mt-1'>$log_user_browser</div><div class='mt-1'><i class='fa fa-fw fa-globe'></i> $log_ip</div></small>";
}
// Get User Client Access Permissions
$user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id");
$client_access_array = [];
while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
$client_access_array[] = intval($row['client_id']);
}
$sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $user_id");
$remember_token_count = mysqli_num_rows($sql_remember_tokens);
?>
<tr>
<td class="text-center">
<a class="text-dark" href="#"
<?php if ($user_id !== $session_user_id) { // Prevent modifying self ?>
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_user_edit.php"
data-ajax-id="<?php echo $user_id; ?>"
<?php } ?>
>
<?php if (!empty($user_avatar)) { ?>
<img class="img-size-50 img-circle" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
<?php } else { ?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
</span>
<br>
<?php } ?>
<div class="text-secondary"><?php echo $user_name; ?></div>
</a>
</td>
<td><a href="mailto:<?php echo $user_email; ?>"><?php echo $user_email; ?></a></td>
<td><?php echo $user_role_display; ?></td>
<td><?php echo $user_status_display; ?></td>
<td class="text-center"><?php echo $mfa_status_display; ?></td>
<td><?php echo $last_login; ?></td>
<td>
<?php if ($user_id !== $session_user_id) { // Prevent modifying self ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_user_edit.php"
data-ajax-id="<?php echo $user_id; ?>"
>
<i class="fas fa-fw fa-user-edit mr-2"></i>Edit
</a>
<?php if ($remember_token_count > 0) { ?>
<a class="dropdown-item" href="post.php?revoke_remember_me=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-ban mr-2"></i>Revoke <?php echo $remember_token_count; ?> Remember Tokens
</a>
<?php } ?>
<?php if ($user_status == 0) { ?>
<a class="dropdown-item text-success" href="post.php?activate_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-user-check mr-2"></i>Activate
</a>
<?php }elseif ($user_status == 1) { ?>
<a class="dropdown-item text-danger" href="post.php?disable_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-user-slash mr-2"></i>Disable
</a>
<?php } ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#archiveUserModal<?php echo $user_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
</div>
</div>
<?php } ?>
</td>
</tr>
<?php
require "modals/admin_user_archive_modal.php";
}
?>
</tbody>
</table>
</div>
<?php require_once "includes/filter_footer.php";
?>
</div>
</div>
<script>
function generatePassword() {
document.getElementById("password").value = "<?php echo randomString() ?>"
}
</script>
<?php
require_once "modals/admin_user_add_modal.php";
require_once "modals/admin_user_invite_modal.php";
require_once "modals/admin_user_export_modal.php";
require_once "modals/admin_user_all_reset_password_modal.php";
require_once "includes/footer.php";

40
custom/post.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/*
* ITFlow - Custom GET/POST request handler
*/
require_once "../config.php";
require_once "../functions.php";
require_once "../includes/check_login.php";
// Define a variable that we can use to only allow running post files via inclusion (prevents people/bots poking them)
define('FROM_POST_HANDLER', true);
// Determine which files we should load
// Parse URL & get the path
$path = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
// Get the base name (the page name)
$module = explode(".", basename($path))[0];
// Strip off any _details bits
$module = str_ireplace('_details', '', $module);
// Dynamically load admin-related module POST logic
if (str_contains($module, 'custom')) {
// Dynamically load any custom POST logic
include_once "post/$module.php";
}
// Logout is the same for user and admin
require_once "../post/logout.php";
// TODO: Find a home for these
require_once "../post/ai.php";
require_once "../post/misc.php";

13
custom/post/readme.php Normal file
View File

@ -0,0 +1,13 @@
<?php
/*
- Custom Pages -
If you wish to add custom pages to ITFlow, add them to the xcustom folder in the root directory with the prefix "xcustom_"
e.g. If your page was called my_page_one, name it "xcustom/xcustom_my_page_one.php"
Note: If required, you can use the Custom Links module to have the page show on the user sidebar.
To process POST data via your custom pages, create a file in this directory (post/xcustom) named after your page (e.g. xcustom_my_page_one.php).
The relevant file will be automatically loaded upon a POST request based on the referer - your form just needs to target the standard root/post.php.
*/

0
xcustom/readme.php → custom/readme.php
View File

18
custom/test.php Normal file
View File

@ -0,0 +1,18 @@
<?php
require_once "../includes/inc_xcustom.php";
?>
<!-- Breadcrumbs-->
<ol class="breadcrumb">
<li class="breadcrumb-item">
<a href="index.html">Dashboard</a>
</li>
<li class="breadcrumb-item active">Blank Page</li>
</ol>
<!-- Page Content -->
<h1>Blank Page</h1>
<hr>
<p>This is a great starting point for new custom pages.</p>
<?php require_once "../includes/footer.php";

36
includes/footer.php
View File

@ -1,5 +1,5 @@
<?php
require_once "inc_confirm_modal.php";
require_once "../includes/inc_confirm_modal.php";
?>
<?php
@ -19,27 +19,27 @@ if (str_contains(basename($_SERVER["PHP_SELF"]), "admin_")) { ?>
<!-- REQUIRED SCRIPTS -->
<!-- Bootstrap 4 -->
<script src="plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Custom js-->
<script src="plugins/moment/moment.min.js"></script>
<script src="plugins/chart.js/Chart.min.js"></script>
<script src="plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
<script src='plugins/daterangepicker/daterangepicker.js'></script>
<script src='plugins/select2/js/select2.min.js'></script>
<script src='plugins/inputmask/jquery.inputmask.min.js'></script>
<script src="plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
<script src="plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<script src="plugins/clipboardjs/clipboard.min.js"></script>
<script src="js/keepalive.js"></script>
<script src="plugins/DataTables/datatables.min.js"></script>
<script src="plugins/intl-tel-input/js/intlTelInput.min.js"></script>
<script src="../plugins/moment/moment.min.js"></script>
<script src="../plugins/chart.js/Chart.min.js"></script>
<script src="../plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
<script src='../plugins/daterangepicker/daterangepicker.js'></script>
<script src='../plugins/select2/js/select2.min.js'></script>
<script src='../plugins/inputmask/jquery.inputmask.min.js'></script>
<script src="../plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<script src="../plugins/clipboardjs/clipboard.min.js"></script>
<script src="../js/keepalive.js"></script>
<script src="../plugins/DataTables/datatables.min.js"></script>
<script src="../plugins/intl-tel-input/js/intlTelInput.min.js"></script>
<!-- AdminLTE App -->
<script src="plugins/adminlte/js/adminlte.min.js"></script>
<script src="js/app.js"></script>
<script src="js/ajax_modal.js"></script>
<script src="js/confirm_modal.js"></script>
<script src="../plugins/adminlte/js/adminlte.min.js"></script>
<script src="../js/app.js"></script>
<script src="../js/ajax_modal.js"></script>
<script src="../js/confirm_modal.js"></script>
</body>
</html>

28
includes/header.php
View File

@ -22,28 +22,28 @@ header("X-Frame-Options: DENY");
Favicon
If Fav Icon exists else use the default one
-->
<?php if(file_exists('uploads/favicon.ico')) { ?>
<link rel="icon" type="image/x-icon" href="/uploads/favicon.ico">
<?php if(file_exists('../uploads/favicon.ico')) { ?>
<link rel="icon" type="image/x-icon" href="..//uploads/favicon.ico">
<?php } ?>
<!-- Font Awesome Icons -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Custom Style Sheet -->
<link href="plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
<link href="plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
<link href="plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
<link href='plugins/daterangepicker/daterangepicker.css' rel='stylesheet' />
<link href="plugins/toastr/toastr.min.css" rel="stylesheet">
<link href="plugins/DataTables/datatables.min.css" rel="stylesheet">
<link href="plugins/intl-tel-input/css/intlTelInput.min.css" rel="stylesheet">
<link href="../plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
<link href="../plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
<link href="../plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
<link href='../plugins/daterangepicker/daterangepicker.css' rel='stylesheet' />
<link href="../plugins/toastr/toastr.min.css" rel="stylesheet">
<link href="../plugins/DataTables/datatables.min.css" rel="stylesheet">
<link href="../plugins/intl-tel-input/css/intlTelInput.min.css" rel="stylesheet">
<!-- CSS to allow regular button to show as block button in mobile response view using the class btn-responsive -->
<link href="css/itflow_custom.css" rel="stylesheet">
<link href="../css/itflow_custom.css" rel="stylesheet">
<!-- Theme style -->
<link rel="stylesheet" href="plugins/adminlte/css/adminlte.min.css">
<link rel="stylesheet" href="../plugins/adminlte/css/adminlte.min.css">
<!-- jQuery -->
<script src="plugins/jquery/jquery.min.js"></script>
<script src="plugins/toastr/toastr.min.js"></script>
<script src="../plugins/jquery/jquery.min.js"></script>
<script src="../plugins/toastr/toastr.min.js"></script>
</head>
<body class="

8
includes/top_nav.php
View File

@ -66,7 +66,7 @@
<li class="nav-item">
<a class="nav-link" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_notifications.php"
data-ajax-url="../ajax/ajax_notifications.php"
>
<i class="fas fa-bell"></i>
<?php if ($num_notifications) { ?>
@ -82,7 +82,7 @@
<?php if (empty($session_avatar)) { ?>
<i class="fas fa-user-circle mr-1"></i>
<?php }else{ ?>
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>"
<img src="<?php echo "../uploads/users/$session_user_id/$session_avatar"; ?>"
class="user-image img-circle">
<?php } ?>
<span
@ -95,7 +95,7 @@
<i class="fas fa-user-circle fa-6x"></i>
<?php }else{ ?>
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
<img src="<?php echo "../uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
<?php } ?>
<p>
<?php echo stripslashes(nullable_htmlentities($session_name)); ?>
@ -105,7 +105,7 @@
<!-- Menu Footer-->
<li class="user-footer">
<?php if ($session_is_admin) { ?>
<a href="admin" class="btn btn-default btn-block btn-flat mb-2"><i class="fas fa-user-shield mr-2"></i>Administration</a>
<a href="../admin" class="btn btn-default btn-block btn-flat mb-2"><i class="fas fa-user-shield mr-2"></i>Administration</a>
<?php } ?>
<a href="user_details.php" class="btn btn-default btn-flat"><i class="fas fa-user-cog mr-2"></i>Account</a>
<a href="post.php?logout" class="btn btn-default btn-flat float-right"><i class="fas fa-sign-out-alt mr-2"></i>Logout</a>

30
index.php
View File

@ -1,30 +1,14 @@
<?php
if (file_exists("config.php")) {
require_once "includes/inc_all.php";
?>
<!-- Breadcrumbs-->
<ol class="breadcrumb">
<li class="breadcrumb-item">
<a href="index.php">Dashboard</a>
</li>
<li class="breadcrumb-item active">Blank Page</li>
</ol>
<!-- Page Content -->
<h1>Blank Page</h1>
<hr>
<?php
if (isset($config_start_page)) { ?>
<meta http-equiv="refresh" content="0;url=<?php echo $config_start_page; ?>">
<?php }
require_once "includes/footer.php";
//require_once "includes/check_login.php";
if (isset($config_start_page)) {
header("Location: /user/$config_start_page");
} else {
header("Location: setup.php");
header("Location: /user");
}
} else {
header("Location: /setup");
}
?>

2
login.php
View File

@ -4,7 +4,7 @@
header("Content-Security-Policy: default-src 'self'");
if (!file_exists('config.php')) {
header("Location: setup.php");
header("Location: setup");
exit;
}

59
post.php
View File

@ -1,59 +0,0 @@
<?php
/*
* ITFlow - Main GET/POST request handler
*/
require_once "config.php";
require_once "functions.php";
require_once "includes/check_login.php";
// Define a variable that we can use to only allow running post files via inclusion (prevents people/bots poking them)
define('FROM_POST_HANDLER', true);
// Determine which files we should load
// Parse URL & get the path
$path = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
// Get the base name (the page name)
$module = explode(".", basename($path))[0];
// Strip off any _details bits
$module = str_ireplace('_details', '', $module);
// Dynamically load admin-related module POST logic
if (str_contains($module, 'admin') && isset($session_is_admin) && $session_is_admin) {
// As (almost) every admin setting is only changed from 1 page, we can dynamically load the relevant logic inside this single admin check IF statement
// To add a new admin POST request handler, add a file named after the admin page
// e.g. changes made on the page http://itflow/admin_ticket_statues.php will load the page post/admin/admin_ticket_statues.php to handle the changes
include_once "post/admin/$module.php";
} elseif (str_contains($module, 'xcustom')) {
// Dynamically load any custom POST logic
include_once "post/xcustom/$module.php";
} else {
// Load all module POST logic
// Loads everything in post/user/
// Eventually, it would be nice to only specifically load what we need like we do for admins
foreach (glob("post/user/*.php") as $user_module) {
if (!preg_match('/_model\.php$/', basename($user_module))) {
require_once $user_module;
}
}
}
// Logout is the same for user and admin
require_once "post/logout.php";
// TODO: Find a home for these
require_once "post/ai.php";
require_once "post/misc.php";

4
post/logout.php
View File

@ -24,9 +24,9 @@ if (isset($_GET['logout'])) {
session_destroy();
if ($config_login_key_required == 1) {
header('Location: login.php?key=' . $config_login_key_secret);
header('Location: ../login.php?key=' . $config_login_key_secret);
} else {
header('Location: login.php');
header('Location: ../login.php');
}
}

53
reports/includes/footer.php
View File

@ -1,53 +0,0 @@
<?php
require_once "../includes/inc_confirm_modal.php";
?>
<?php
if (str_contains(basename($_SERVER["PHP_SELF"]), "admin_")) { ?>
<p class="text-right font-weight-light">ITFlow <?php echo APP_VERSION ?> &nbsp; · &nbsp; <a target="_blank" href="https://docs.itflow.org">Docs</a> &nbsp; · &nbsp; <a target="_blank" href="https://forum.itflow.org">Forum</a> &nbsp; · &nbsp; <a target="_blank" href="https://services.itflow.org">Services</a></p>
<br>
<?php } ?>
</div><!-- /.container-fluid -->
</div> <!-- /.content -->
</div> <!-- /.content-wrapper -->
</div> <!-- ./wrapper -->
<!-- Set the browser window title to the clients name -->
<script>document.title = <?php echo json_encode("$tab_title - $page_title"); ?>;</script>
<!-- REQUIRED SCRIPTS -->
<!-- Bootstrap 4 -->
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Custom js-->
<script src="../plugins/moment/moment.min.js"></script>
<script src="../plugins/chart.js/Chart.min.js"></script>
<script src="../plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
<script src='../plugins/daterangepicker/daterangepicker.js'></script>
<script src='../plugins/select2/js/select2.min.js'></script>
<script src='../plugins/inputmask/jquery.inputmask.min.js'></script>
<script src="../plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<script src="../plugins/clipboardjs/clipboard.min.js"></script>
<script src="../js/keepalive.js"></script>
<script src="../plugins/DataTables/datatables.min.js"></script>
<script src="../plugins/intl-tel-input/js/intlTelInput.min.js"></script>
<!-- AdminLTE App -->
<script src="../plugins/adminlte/js/adminlte.min.js"></script>
<script src="../js/app.js"></script>
<script src="../js/ajax_modal.js"></script>
<script src="../js/confirm_modal.js"></script>
</body>
</html>
<?php
// Calculate Execution time Uncomment for test
//$time_end = microtime(true);
//$execution_time = ($time_end - $time_start);
//echo '<h2>Total Execution Time: '.number_format((float) $execution_time, 10) .' seconds</h2>';

0
db.sql → setup/db.sql
View File

0
setup.php → setup/index.php
View File

4
accounts.php → user/accounts.php
View File

@ -124,11 +124,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</tbody>
</table>
</div>
<?php require_once "includes/filter_footer.php"; ?>
<?php require_once "../includes/filter_footer.php"; ?>
</div>
</div>
<?php
require_once "modals/account_add_modal.php";
require_once "includes/footer.php";
require_once "../includes/footer.php";

0
ajax/ajax_account_edit.php → user/ajax/ajax_account_edit.php
View File

0
ajax/ajax_admin_mail_queue_message_view.php → user/ajax/ajax_admin_mail_queue_message_view.php
View File

0
ajax/ajax_ai_model_edit.php → user/ajax/ajax_ai_model_edit.php
View File

0
ajax/ajax_ai_provider_edit.php → user/ajax/ajax_ai_provider_edit.php
View File

0
ajax/ajax_asset_copy.php → user/ajax/ajax_asset_copy.php
View File

0
ajax/ajax_asset_details.php → user/ajax/ajax_asset_details.php
View File

0
ajax/ajax_asset_edit.php → user/ajax/ajax_asset_edit.php
View File

0
ajax/ajax_asset_interface_edit.php → user/ajax/ajax_asset_interface_edit.php
View File

0
ajax/ajax_asset_link_credential.php → user/ajax/ajax_asset_link_credential.php
View File

0
ajax/ajax_asset_link_document.php → user/ajax/ajax_asset_link_document.php
View File

0
ajax/ajax_asset_link_file.php → user/ajax/ajax_asset_link_file.php
View File

0
ajax/ajax_asset_link_service.php → user/ajax/ajax_asset_link_service.php
View File

0
ajax/ajax_asset_link_software.php → user/ajax/ajax_asset_link_software.php
View File

0
ajax/ajax_calendar_edit.php → user/ajax/ajax_calendar_edit.php
View File

0
ajax/ajax_calendar_event_edit.php → user/ajax/ajax_calendar_event_edit.php
View File

0
ajax/ajax_category_add.php → user/ajax/ajax_category_add.php
View File

0
ajax/ajax_category_edit.php → user/ajax/ajax_category_edit.php
View File

0
ajax/ajax_certificate_edit.php → user/ajax/ajax_certificate_edit.php
View File

0
ajax/ajax_contact_details.php → user/ajax/ajax_contact_details.php
View File

0
ajax/ajax_contact_edit.php → user/ajax/ajax_contact_edit.php
View File

0
ajax/ajax_contact_link_asset.php → user/ajax/ajax_contact_link_asset.php
View File

0
ajax/ajax_contact_link_credential.php → user/ajax/ajax_contact_link_credential.php
View File

0
ajax/ajax_contact_link_document.php → user/ajax/ajax_contact_link_document.php
View File

0
ajax/ajax_contact_link_file.php → user/ajax/ajax_contact_link_file.php
View File

0
ajax/ajax_contact_link_service.php → user/ajax/ajax_contact_link_service.php
View File

0
ajax/ajax_contact_link_software.php → user/ajax/ajax_contact_link_software.php
View File

0
ajax/ajax_contact_note_create.php → user/ajax/ajax_contact_note_create.php
View File

0
ajax/ajax_credential_edit.php → user/ajax/ajax_credential_edit.php
View File

0
ajax/ajax_credential_view.php → user/ajax/ajax_credential_view.php
View File

0
ajax/ajax_custom_link_edit.php → user/ajax/ajax_custom_link_edit.php
View File

0
ajax/ajax_custom_ticket_status_edit.php → user/ajax/ajax_custom_ticket_status_edit.php
View File

0
ajax/ajax_document_edit.php → user/ajax/ajax_document_edit.php
View File

0
ajax/ajax_document_move.php → user/ajax/ajax_document_move.php
View File

0
ajax/ajax_document_rename.php → user/ajax/ajax_document_rename.php
View File

0
ajax/ajax_document_template_edit.php → user/ajax/ajax_document_template_edit.php
View File

0
ajax/ajax_document_version_view.php → user/ajax/ajax_document_version_view.php
View File

0
ajax/ajax_document_view.php → user/ajax/ajax_document_view.php
View File

0
ajax/ajax_domain_edit.php → user/ajax/ajax_domain_edit.php
View File

0
ajax/ajax_expense_copy.php → user/ajax/ajax_expense_copy.php
View File

0
ajax/ajax_expense_edit.php → user/ajax/ajax_expense_edit.php
View File

0
ajax/ajax_expense_refund.php → user/ajax/ajax_expense_refund.php
View File

0
ajax/ajax_file_move.php → user/ajax/ajax_file_move.php
View File

0
ajax/ajax_file_rename.php → user/ajax/ajax_file_rename.php
View File

0
ajax/ajax_folder_rename.php → user/ajax/ajax_folder_rename.php
View File

0
ajax/ajax_invoice_apply_credit.php → user/ajax/ajax_invoice_apply_credit.php
View File

0
ajax/ajax_invoice_copy.php → user/ajax/ajax_invoice_copy.php
View File

0
ajax/ajax_invoice_edit.php → user/ajax/ajax_invoice_edit.php
View File

0
ajax/ajax_invoice_pay.php → user/ajax/ajax_invoice_pay.php
View File

0
ajax/ajax_item_edit.php → user/ajax/ajax_item_edit.php
View File

0
ajax/ajax_location_edit.php → user/ajax/ajax_location_edit.php
View File

0
ajax/ajax_network_edit.php → user/ajax/ajax_network_edit.php
View File

0
ajax/ajax_notifications.php → user/ajax/ajax_notifications.php
View File

0
ajax/ajax_payment_method_edit.php → user/ajax/ajax_payment_method_edit.php
View File

0
ajax/ajax_payment_provider_edit.php → user/ajax/ajax_payment_provider_edit.php
View File

0
ajax/ajax_product_edit.php → user/ajax/ajax_product_edit.php
View File

0
ajax/ajax_project_edit.php → user/ajax/ajax_project_edit.php
View File

0
ajax/ajax_quote_copy.php → user/ajax/ajax_quote_copy.php
View File

Some files were not shown because too many files have changed in this diff Show More