AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-21 04:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:johnnyq/itflow

Browse Source
This commit is contained in:
johnnyq
2022-04-01 15:59:26 -04:00
parent 6866addeee 28688cc670
commit 991e2bd4d4
12 changed files with 130 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,32 @@
---
name: Bug report
about: Something not working quite right? Create a report to help us improve!
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**Can you reproduce this on the demo at demo.itflow.org**
Yes/No/NA
**Are you on the latest available version of ITFlow, with an up-to-date database structure?**
Yes/No
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen, if not obvious.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Additional context**
Add any other context about the problem here.

12
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@@ -0,0 +1,12 @@
---
name: Feature request
about: Please discuss new features on the Forum @ https://forum.itflow.org/t/features
title: ''
labels: Support
assignees: ''
---
Please discuss feature requests on the forum @ https://forum.itflow.org/t/features - Thanks :)
New feature requests here will be closed.

18
.github/ISSUE_TEMPLATE/support.md vendored Normal file
View File

@@ -0,0 +1,18 @@
---
name: Support
about: Please visit the Forum or Discord for support
title: ''
labels: Support
assignees: ''
---
Please visit the Forum or Discord for support
Forum - https://forum.itflow.org/
Discord - https://discord.gg/ZjCcBzTUDr
--
To discuss a security issue, please see: https://i.imgur.com/P03o0Sy.png

2
README.md
View File

@@ -24,7 +24,7 @@
Username: <b>demo@demo</b> | Password: <b>demo</b> Username: <b>demo@demo</b> | Password: <b>demo</b>
<br /> <br />
<br /> <br />
<a href="https://github.com/itflow-org/itflow">Docs</a> <a href="https://itflow.org/docs.php">Docs</a>
· ·
<a href="https://forum.itflow.org/">Forum</a> <a href="https://forum.itflow.org/">Forum</a>
· ·

27
SECURITY.md Normal file
View File

@@ -0,0 +1,27 @@
# Security Policy
## In Beta
ITFlow is currently in early beta and is a work in progress.
We currently advise against storing confidential data in ITFlow for this reason.
That said, in order to eventually be useful, ITFlow **must** be secure and take security seriously.
We attempt to follow best security practices where possible, including [automated code scanning](https://sonarcloud.io/component_measures?id=itflow-org_itflow&metric=security_rating&view=list).
## Supported Versions
ITFlow is in Beta.
| Version | Supported |
| ------- | ------------------ |
| Beta | :white_check_mark: |
## Reporting a Vulnerability
**Please do not report security vulnerabilities through public GitHub issues.**
If you have discovered a security issue, please report it to us in as much detail as possible so we can fix it.
You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail.
Security contact:
![image](https://user-images.githubusercontent.com/32306651/160704188-763e6763-429e-41b9-9007-6a09bcfdba2b.png)

2
portal/index.php
View File

@@ -89,7 +89,7 @@ $total_tickets = $row['total_tickets'];
<?php <?php
while($ticket = mysqli_fetch_array($contact_tickets)){ while($ticket = mysqli_fetch_array($contact_tickets)){
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_number]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[ticket_status]</td>"; echo "<td>$ticket[ticket_status]</td>";
echo "</tr>"; echo "</tr>";

30
portal/ticket.php
View File

@@ -23,35 +23,17 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
<nav class="navbar navbar-dark bg-dark"> <nav class="navbar navbar-dark bg-dark">
<i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand" href="#">Ticket number # <?php echo $ticket['ticket_prefix'], $ticket['ticket_number'] ?></a> <i class="fas fa-fw fa-ticket-alt text-secondary"></i> <a class="navbar-brand">Ticket <?php echo $ticket['ticket_prefix'], $ticket['ticket_number'] ?></a>
<span class="navbar-text"> <span class="navbar-text">
<?php <?php
if($ticket_status !== "Closed"){ if($ticket_status !== "Closed"){ ?>
?> <button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button>
<?php } ?>
<button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button>
<?php
}
?>
</span> </span>
</nav> </nav>
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h3 class="card-title"><b>Subject:</b> <?php echo $ticket['ticket_subject'] ?></h3> <h3 class="card-title"><b>Subject:</b> <?php echo $ticket['ticket_subject'] ?></h3>
@@ -67,9 +49,6 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
</div> </div>
<!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback --> <!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
<?php if($ticket['ticket_status'] !== "Closed") { ?> <?php if($ticket['ticket_status'] !== "Closed") { ?>
@@ -170,7 +149,6 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
?> ?>
<?php <?php
} }
else{ else{

2
portal/ticket_view_all.php
View File

@@ -46,6 +46,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<table class="table"> <table class="table">
<thead> <thead>
<tr> <tr>
<th scope="col">#</th>
<th scope="col">Subject</th> <th scope="col">Subject</th>
<th scope="col">Contact</th> <th scope="col">Contact</th>
<th scope="col">Status</th> <th scope="col">Status</th>
@@ -56,6 +57,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<?php <?php
while($ticket = mysqli_fetch_array($all_tickets)){ while($ticket = mysqli_fetch_array($all_tickets)){
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
echo "<td>$ticket[contact_name]</td>"; echo "<td>$ticket[contact_name]</td>";
echo "<td>$ticket[ticket_status]</td>"; echo "<td>$ticket[ticket_status]</td>";

6
post.php
View File

@@ -148,6 +148,7 @@ if(isset($_POST['edit_user'])){
$role = intval($_POST['role']); $role = intval($_POST['role']);
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']))); $existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
$extended_log_description = ''; $extended_log_description = '';
$two_fa = $_POST['2fa'];
if(!file_exists("uploads/users/$user_id/")) { if(!file_exists("uploads/users/$user_id/")) {
mkdir("uploads/users/$user_id"); mkdir("uploads/users/$user_id");
@@ -211,6 +212,11 @@ if(isset($_POST['edit_user'])){
$extended_log_description .= ", password changed"; $extended_log_description .= ", password changed";
} }
if(!empty($two_fa) && $two_fa == 'disable'){
mysqli_query($mysqli, "UPDATE users SET user_token = '' WHERE user_id = '$user_id'");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name disabled 2FA for $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
}
//Update User Settings //Update User Settings
mysqli_query($mysqli,"UPDATE user_settings SET user_role = $role, user_default_company = $default_company WHERE user_id = $user_id"); mysqli_query($mysqli,"UPDATE user_settings SET user_role = $role, user_default_company = $default_company WHERE user_id = $user_id");

12
settings-user.php
View File

@@ -86,12 +86,18 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
</form> </form>
<hr>
<h3>2-Factor Authentication</h3>
<form class="p-3" action="post.php" method="post" autocomplete="off"> <form class="p-3" action="post.php" method="post" autocomplete="off">
<?php if(empty($session_token)){ ?> <?php if(empty($session_token)){ ?>
<button type="submit" name="enable_2fa" class="btn btn-primary mt-3 float-right"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button> <p>You have not setup 2FA, click on enable to setup 2FA.</p>
<button type="submit" name="enable_2fa" class="btn btn-primary mt-3"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
<?php }else{ ?> <?php }else{ ?>
<button type="submit" name="disable_2fa" class="btn btn-danger mt-3 float-right"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button> <p>You have setup 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger mt-3"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
<?php } ?> <?php } ?>
<center> <center>
@@ -124,7 +130,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div> </div>
<input type="text" class="form-control" name="code" placeholder="Verify Code" required> <input type="text" class="form-control" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append"> <div class="input-group-append">
<button type="submit" name="verify" class="btn btn-primary">Verify</button> <button type="submit" name="verify" class="btn btn-primary">Verify</button>
</div> </div>

17
user_edit_modal.php
View File

@@ -100,6 +100,23 @@
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file"> <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
</div> </div>
<?php if(!empty($user_token)) { ?>
<div class="form-group">
<label>2FA</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-id-card"></i></span>
</div>
<select class="form-control" name="2fa">
<option value="">Keep enabled</option>
<option value="disable">Disable</option>
</select>
</div>
</div>
<?php } ?>
</div> </div>
<div class="modal-footer bg-white"> <div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>

1
users.php
View File

@@ -85,6 +85,7 @@
$user_name = $row['user_name']; $user_name = $row['user_name'];
$user_email = $row['user_email']; $user_email = $row['user_email'];
$user_avatar = $row['user_avatar']; $user_avatar = $row['user_avatar'];
$user_token = $row['user_token'];
$user_default_company = $row['user_default_company']; $user_default_company = $row['user_default_company'];
$user_role = $row['user_role']; $user_role = $row['user_role'];
if($user_role == 3){ if($user_role == 3){