AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-21 04:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Small code cleanups

Browse Source
This commit is contained in:
Marcus Hill
2022-04-14 07:54:40 +01:00
parent 57afcc0423
commit a3ca268fcf
4 changed files with 26 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/v1/validate_api_key.php
View File

@@ -43,14 +43,14 @@ DEFINE("WORDING_UNAUTHORIZED", "HTTP/1.1 401 Unauthorized");
*/ */
// Decline methods other than GET/POST // Decline methods other than GET/POST
if($_SERVER['REQUEST_METHOD'] !== "GET" AND $_SERVER['REQUEST_METHOD'] !== "POST"){ if($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed"); header("HTTP/1.1 405 Method Not Allowed");
var_dump($_SERVER['REQUEST_METHOD']); var_dump($_SERVER['REQUEST_METHOD']);
exit(); exit();
} }
// Check API key is provided // Check API key is provided
if(!isset($_GET['api_key']) AND !isset($_POST['api_key'])){ if(!isset($_GET['api_key']) && !isset($_POST['api_key'])){
header(WORDING_UNAUTHORIZED); header(WORDING_UNAUTHORIZED);
exit(); exit();
} }

2
assets.php
View File

@@ -147,7 +147,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$device_icon = "print"; $device_icon = "print";
}elseif($asset_type == 'Camera'){ }elseif($asset_type == 'Camera'){
$device_icon = "video"; $device_icon = "video";
}elseif($asset_type == 'Switch' or $asset_type == 'Firewall/Router'){ }elseif($asset_type == 'Switch' || $asset_type == 'Firewall/Router'){
$device_icon = "network-wired"; $device_icon = "network-wired";
}elseif($asset_type == 'Access Point'){ }elseif($asset_type == 'Access Point'){
$device_icon = "wifi"; $device_icon = "wifi";

4
campaigns.php
View File

@@ -43,7 +43,7 @@
} }
//Date Filter //Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){ if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']); $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']); $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){ }elseif($_GET['canned_date'] == "today"){
@@ -229,7 +229,7 @@
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#campaignTestModal<?php echo $campaign_id; ?>">Test</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#campaignTestModal<?php echo $campaign_id; ?>">Test</a>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<?php if($campaign_status == 'Draft' OR $campaign_status == 'Queued'){ ?> <?php if($campaign_status == 'Draft' || $campaign_status == 'Queued'){ ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#campaignEditModal<?php echo $campaign_id; ?>">Edit</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#campaignEditModal<?php echo $campaign_id; ?>">Edit</a>
<?php } ?> <?php } ?>
<a class="dropdown-item" href="post.php?copy_campaign=<?php echo $campaign_id; ?>">Copy</a> <a class="dropdown-item" href="post.php?copy_campaign=<?php echo $campaign_id; ?>">Copy</a>

20
functions.php
View File

@@ -272,9 +272,9 @@ function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
} }
/* /*
For additional users / password changes * For additional users / password changes
New Users: Requires the admin setting up their account have the their own Specific/Session key configured * New Users: Requires the admin setting up their account have a Specific/Session key configured
Password Changes: Will use the current info in the session. * Password Changes: Will use the current info in the session.
*/ */
function encryptUserSpecificKey($user_password){ function encryptUserSpecificKey($user_password){
$iv = keygen(); $iv = keygen();
@@ -317,7 +317,7 @@ function decryptUserSpecificKey($user_encryption_ciphertext, $user_password){
} }
/* /*
Generates what is probably best described as an session key (ephemeral-ish) Generates what is probably best described as a session key (ephemeral-ish)
- Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential - Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential
- Ciphertext/IV is stored on the server in the users session, encryption key is controlled/provided by the user as a cookie - Ciphertext/IV is stored on the server in the users session, encryption key is controlled/provided by the user as a cookie
- Only the user can decrypt their session ciphertext to get the master key - Only the user can decrypt their session ciphertext to get the master key
@@ -388,18 +388,6 @@ function encryptLoginEntry($login_password_cleartext){
return $login_password_ciphertext; return $login_password_ciphertext;
} }
//For migrating/upgrading to the new encryption scheme
//Have to supply the master key as the cookie might not be set properly (generally requires a refresh)
function encryptUpgradeLoginEntry($login_password_cleartext, $site_encryption_master_key){
$iv = keygen();
//Encrypt the website/asset login using the master key
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
$login_password_ciphertext = $iv . $ciphertext;
return $login_password_ciphertext;
}
// Get domain expiration date // Get domain expiration date
function getDomainExpirationDate($name){ function getDomainExpirationDate($name){
$ch = curl_init(); $ch = curl_init();