mirror of https://github.com/itflow-org/itflow
Fix randomString() to generate cryptographically secure URL-safe tokens, reduced url keys to 32 Characters for performance and easy copy and paste and compatibility while still mainitaining ubreakable cryptographic keys
This commit is contained in:
johnnyq
parent
32f996d034
commit
a79ce23ae5
|
|
@ -49,7 +49,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
|
|||
$merge_into_ticket_number = intval(preg_replace('/[^0-9]/', '', $_GET['merge_into_ticket_number']));
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_number, ticket_prefix, ticket_subject, ticket_priority, ticket_status, ticket_status_name, client_name, contact_name FROM tickets
|
||||
LEFT JOIN clients ON ticket_client_id = client_id
|
||||
LEFT JOIN clients ON ticket_client_id = client_id
|
||||
LEFT JOIN contacts ON ticket_contact_id = contact_id
|
||||
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
|
||||
WHERE ticket_number = $merge_into_ticket_number");
|
||||
|
|
@ -86,7 +86,7 @@ if (isset($_POST['contact_set_notes'])) {
|
|||
$notes = sanitizeInput($_POST['notes']);
|
||||
|
||||
// Get Contact Details and Client ID for Logging
|
||||
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id
|
||||
$sql = mysqli_query($mysqli,"SELECT contact_name, contact_client_id
|
||||
FROM contacts WHERE contact_id = $contact_id"
|
||||
);
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
|
@ -108,7 +108,7 @@ if (isset($_POST['asset_set_notes'])) {
|
|||
$notes = sanitizeInput($_POST['notes']);
|
||||
|
||||
// Get Asset Details and Client ID for Logging
|
||||
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id
|
||||
$sql = mysqli_query($mysqli,"SELECT asset_name, asset_client_id
|
||||
FROM assets WHERE asset_id = $asset_id"
|
||||
);
|
||||
$row = mysqli_fetch_array($sql);
|
||||
|
|
@ -195,7 +195,7 @@ if (isset($_GET['share_generate_link'])) {
|
|||
$item_expires_friendly = "1 month";
|
||||
}
|
||||
|
||||
$item_key = randomString(156);
|
||||
$item_key = randomString(32);
|
||||
|
||||
if ($item_type == "Document") {
|
||||
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_id AND document_client_id = $client_id LIMIT 1"));
|
||||
|
|
@ -496,8 +496,8 @@ if (isset($_POST['update_kanban_ticket'])) {
|
|||
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
|
||||
|
||||
// Get details
|
||||
$ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets
|
||||
LEFT JOIN clients ON ticket_client_id = client_id
|
||||
$ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets
|
||||
LEFT JOIN clients ON ticket_client_id = client_id
|
||||
LEFT JOIN contacts ON ticket_contact_id = contact_id
|
||||
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
|
||||
WHERE ticket_id = $ticket_id
|
||||
|
|
@ -905,7 +905,7 @@ if (isset($_GET['ai_ticket_summary'])) {
|
|||
}
|
||||
|
||||
$prompt = "
|
||||
Summarize the following IT support ticket and its responses in a concise, clear, and professional manner.
|
||||
Summarize the following IT support ticket and its responses in a concise, clear, and professional manner.
|
||||
The summary should include:
|
||||
|
||||
1. Main Issue: What was the problem reported by the user?
|
||||
|
|
|
|||
|
|
@ -1,72 +0,0 @@
|
|||
<?php require_once "includes/inc_all.php"; ?>
|
||||
|
||||
<!-- Breadcrumbs-->
|
||||
<ol class="breadcrumb">
|
||||
<li class="breadcrumb-item">
|
||||
<a href="index.html">Dashboard</a>
|
||||
</li>
|
||||
<li class="breadcrumb-item active">Blank Page</li>
|
||||
</ol>
|
||||
|
||||
<!-- Page Content -->
|
||||
<h1>Blank Page</h1>
|
||||
<hr>
|
||||
<p>This is a great starting point for new custom pages.</p>
|
||||
<h1><?php echo $session_user_role; ?></h1>
|
||||
<?php validateAdminRole(); ?>
|
||||
|
||||
<?php
|
||||
|
||||
$start_date = date('Y') . "-10-10";
|
||||
|
||||
echo "<H1>$start_date</H1>";
|
||||
|
||||
echo "<H2>User Agent</H2>";
|
||||
echo getUserAgent();
|
||||
|
||||
|
||||
?>
|
||||
<br>
|
||||
|
||||
<input type="tel" name="phone" id="phone">
|
||||
|
||||
<div class="form-group">
|
||||
<label>Minimal</label>
|
||||
<select class="form-control select2 select2-hidden-accessible" style="width: 100%;" data-select2-id="1" tabindex="-1" aria-hidden="true">
|
||||
<option selected="selected" data-select2-id="3">Alabama</option>
|
||||
<option data-select2-id="35">Alaska</option>
|
||||
<option data-select2-id="36">California</option>
|
||||
<option data-select2-id="37">Delaware</option>
|
||||
<option data-select2-id="38">Tennessee</option>
|
||||
<option data-select2-id="39">Texas</option>
|
||||
<option data-select2-id="40">Washington</option>
|
||||
</select><span class="select2 select2-container select2-container--default select2-container--below" dir="ltr" data-select2-id="2" style="width: 100%;"><span class="selection"><span class="select2-selection select2-selection--single" role="combobox" aria-haspopup="true" aria-expanded="false" tabindex="0" aria-disabled="false" aria-labelledby="select2-nbex-container"><span class="select2-selection__rendered" id="select2-nbex-container" role="textbox" aria-readonly="true" title="Alabama">Alabama</span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span></span></span><span class="dropdown-wrapper" aria-hidden="true"></span></span>
|
||||
</div>
|
||||
|
||||
<dl>
|
||||
<dt>Requester</dt>
|
||||
<dd>Sam Adams</dd>
|
||||
|
||||
<dt>Created</dt>
|
||||
<dd><time datetime="2024-04-11T17:52:30+00:00" title="2024-04-11 13:52" data-datetime="calendar">Today at 13:52</time></dd>
|
||||
|
||||
<dt>Last activity</dt>
|
||||
<dd><time datetime="2024-04-11T18:08:55+00:00" title="2024-04-11 14:08" data-datetime="calendar">Today at 14:08</time></dd>
|
||||
</dl>
|
||||
|
||||
<?php echo randomString(100); ?>
|
||||
<br>
|
||||
<textarea class="tinymceTest"></textarea>
|
||||
|
||||
<textarea class="tinymce"></textarea>
|
||||
|
||||
<textarea class="tinymceTicket"></textarea>
|
||||
<?php
|
||||
// show the current Date and Time
|
||||
$date_time = date('Y-m-d H:i:s');
|
||||
echo "Current Date and Time: <strong>$date_time</strong>";
|
||||
?>
|
||||
|
||||
<script>toastr.success('Have Fun Wozz!!')</script>
|
||||
|
||||
<?php require_once "../includes/footer.php";
|
||||
|
|
@ -794,7 +794,7 @@ if (isset($_POST['bulk_add_client_ticket'])) {
|
|||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ if (isset($_POST['add_invoice'])) {
|
|||
$invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_discount_amount = '$invoice_discount', invoice_amount = '$invoice_amount', invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
|
||||
|
|
@ -112,7 +112,7 @@ if (isset($_POST['add_invoice_copy'])) {
|
|||
$new_invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$invoice_scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_discount_amount = $invoice_discount_amount, invoice_amount = $invoice_amount, invoice_currency_code = '$invoice_currency_code', invoice_note = '$invoice_note', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ if (isset($_POST['add_quote'])) {
|
|||
$quote_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$quote_url_key = randomString(156);
|
||||
$quote_url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO quotes SET quote_prefix = '$config_quote_prefix', quote_number = $quote_number, quote_scope = '$scope', quote_date = '$date', quote_expire = '$expire', quote_currency_code = '$session_company_currency', quote_category_id = $category, quote_status = 'Draft', quote_url_key = '$quote_url_key', quote_client_id = $client_id");
|
||||
|
||||
|
|
@ -78,7 +78,7 @@ if (isset($_POST['add_quote_copy'])) {
|
|||
$category_id = intval($row['quote_category_id']);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$quote_url_key = randomString(156);
|
||||
$quote_url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO quotes SET quote_prefix = '$config_quote_prefix', quote_number = $quote_number, quote_scope = '$quote_scope', quote_date = '$date', quote_expire = '$expire', quote_category_id = $category_id, quote_status = 'Draft', quote_discount_amount = $quote_discount_amount, quote_amount = $quote_amount, quote_currency_code = '$quote_currency_code', quote_note = '$quote_note', quote_url_key = '$quote_url_key', quote_client_id = $client_id");
|
||||
|
||||
|
|
@ -147,7 +147,7 @@ if (isset($_POST['add_quote_to_invoice'])) {
|
|||
$invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$quote_scope', invoice_date = '$date', invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_discount_amount = $quote_discount_amount, invoice_amount = $quote_amount, invoice_currency_code = '$quote_currency_code', invoice_note = '$quote_note', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
|
||||
|
|
|
|||
|
|
@ -310,7 +310,7 @@ if (isset($_GET['force_recurring'])) {
|
|||
$new_invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$recurring_invoice_scope', invoice_date = CURDATE(), invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_discount_amount = $recurring_invoice_discount_amount, invoice_amount = $recurring_invoice_amount, invoice_currency_code = '$recurring_invoice_currency_code', invoice_note = '$recurring_invoice_note', invoice_category_id = $category_id, invoice_status = 'Sent', invoice_url_key = '$url_key', invoice_recurring_invoice_id = $recurring_invoice_id, invoice_client_id = $client_id");
|
||||
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ if (isset($_POST['bulk_force_recurring_tickets'])) {
|
|||
$client_id = intval($row['recurring_ticket_client_id']);
|
||||
$asset_id = intval($row['recurring_ticket_asset_id']);
|
||||
$category = intval($row['recurring_ticket_category']);
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
$ticket_status = 1; // Default
|
||||
if ($assigned_id > 0) {
|
||||
|
|
@ -228,7 +228,7 @@ if (isset($_GET['force_recurring_ticket'])) {
|
|||
$client_id = intval($row['recurring_ticket_client_id']);
|
||||
$asset_id = intval($row['recurring_ticket_asset_id']);
|
||||
$category = intval($row['recurring_ticket_category']);
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
$ticket_status = 1; // Default
|
||||
if ($assigned_id > 0) {
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ if (isset($_POST['add_ticket'])) {
|
|||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id");
|
||||
|
||||
|
|
@ -1521,7 +1521,7 @@ if (isset($_POST['bulk_add_asset_ticket'])) {
|
|||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
|
||||
|
||||
|
|
@ -2167,7 +2167,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
|
|||
$invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id");
|
||||
$invoice_id = mysqli_insert_id($mysqli);
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ if (isset($_POST['edit_your_user_details'])) {
|
|||
}
|
||||
|
||||
if (isset($_GET['clear_your_user_avatar'])) {
|
||||
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
|
||||
|
|
@ -96,7 +96,7 @@ if (isset($_GET['clear_your_user_avatar'])) {
|
|||
logAction("User Account", "Edit", "$session_name cleared their avatar");
|
||||
|
||||
flash_alert("Avatar cleared", 'error');
|
||||
|
||||
|
||||
redirect();
|
||||
|
||||
}
|
||||
|
|
@ -167,7 +167,7 @@ if (isset($_POST['edit_your_user_preferences'])) {
|
|||
// Enable extension access, only if it isn't already setup (user doesn't have cookie)
|
||||
if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
|
||||
if (!isset($_COOKIE['user_extension_key'])) {
|
||||
$extension_key = randomString(156);
|
||||
$extension_key = randomString(32);
|
||||
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $session_user_id");
|
||||
|
||||
$extended_log_description .= "enabled browser extension access";
|
||||
|
|
@ -196,7 +196,7 @@ if (isset($_POST['enable_mfa'])) {
|
|||
require_once "../../plugins/totp/totp.php";
|
||||
|
||||
// Grab the code from the user
|
||||
$verify_code = trim($_POST['verify_code']);
|
||||
$verify_code = trim($_POST['verify_code']);
|
||||
// Ensure it's numeric
|
||||
if (!ctype_digit($verify_code)) {
|
||||
$verify_code = '';
|
||||
|
|
@ -227,9 +227,9 @@ if (isset($_POST['enable_mfa'])) {
|
|||
if ($previousPage === 'mfa_enforcement.php') {
|
||||
// Redirect back to mfa_enforcement.php
|
||||
redirect("../$config_start_page");
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
} else {
|
||||
// FAILURE
|
||||
|
|
@ -245,7 +245,7 @@ if (isset($_POST['enable_mfa'])) {
|
|||
// Redirect back to mfa_enforcement.php
|
||||
redirect();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
redirect("user_security.php");
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ if (!empty($subject)) {
|
|||
$ticket_number = mysqli_insert_id($mysqli);
|
||||
|
||||
// Insert ticket
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
$insert_sql = mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'API', ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 1, ticket_billable = $billable, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_created_by = 0, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_asset_id = $asset, ticket_url_key = '$url_key', ticket_client_id = $client_id");
|
||||
|
||||
// Check insert & get insert ID
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
|||
$name = sanitizeInput($row['contact_name']);
|
||||
$client = intval($row['contact_client_id']);
|
||||
|
||||
$token = randomString(156);
|
||||
$token = randomString(32);
|
||||
$url = "https://$config_base_url/client/login_reset.php?email=$email&token=$token&client=$client";
|
||||
mysqli_query($mysqli, "UPDATE users SET user_password_reset_token = '$token' WHERE user_id = $user_id LIMIT 1");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ if (isset($_POST['add_ticket'])) {
|
|||
$config_ticket_new_ticket_notification_email = filter_var($config_ticket_new_ticket_notification_email, FILTER_VALIDATE_EMAIL);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
// Ensure priority is low/med/high (as can be user defined)
|
||||
if ($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High") {
|
||||
|
|
|
|||
|
|
@ -615,7 +615,7 @@ while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
|
|||
$new_invoice_number = mysqli_insert_id($mysqli);
|
||||
|
||||
//Generate a unique URL key for clients to access
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$recurring_invoice_scope', invoice_date = CURDATE(), invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_discount_amount = $recurring_invoice_discount_amount, invoice_amount = $recurring_invoice_amount, invoice_currency_code = '$recurring_invoice_currency_code', invoice_note = '$recurring_invoice_note', invoice_category_id = $category_id, invoice_status = 'Sent', invoice_url_key = '$url_key', invoice_recurring_invoice_id = $recurring_invoice_id, invoice_client_id = $client_id");
|
||||
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date
|
|||
$contact_email_esc = mysqli_real_escape_string($mysqli, $contact_email);
|
||||
$client_id = intval($client_id);
|
||||
|
||||
$url_key = randomString(156);
|
||||
$url_key = randomString(32);
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_source = 'Email', ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id");
|
||||
$id = mysqli_insert_id($mysqli);
|
||||
|
|
|
|||
|
|
@ -4,20 +4,13 @@
|
|||
DEFINE("WORDING_ROLECHECK_FAILED", "You are not permitted to do that!");
|
||||
|
||||
// Function to generate both crypto & URL safe random strings
|
||||
function randomString($length = 16) {
|
||||
// Generate some cryptographically safe random bytes
|
||||
// Generate a little more than requested as we'll lose some later converting
|
||||
$random_bytes = random_bytes($length + 5);
|
||||
|
||||
// Convert the bytes to something somewhat human-readable
|
||||
$random_base_64 = base64_encode($random_bytes);
|
||||
|
||||
// Replace the nasty characters that come with base64
|
||||
$bad_chars = array("/", "+", "=");
|
||||
$random_string = str_replace($bad_chars, random_int(0, 9), $random_base_64);
|
||||
|
||||
// Truncate the string to the requested $length and return
|
||||
return substr($random_string, 0, $length);
|
||||
function randomString(int $length = 16): string {
|
||||
$bytes = random_bytes((int) ceil($length * 3 / 4));
|
||||
return substr(
|
||||
rtrim(strtr(base64_encode($bytes), '+/', '-_'), '='),
|
||||
0,
|
||||
$length
|
||||
);
|
||||
}
|
||||
|
||||
// Older keygen function - only used for TOTP currently
|
||||
|
|
|
|||
|
|
@ -346,7 +346,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['login']) || isset($_
|
|||
|
||||
// Session info
|
||||
$_SESSION['user_id'] = $user_id;
|
||||
$_SESSION['csrf_token'] = randomString(156);
|
||||
$_SESSION['csrf_token'] = randomString(32);
|
||||
$_SESSION['logged'] = true;
|
||||
|
||||
// Forcing MFA
|
||||
|
|
|
|||
Loading…
Reference in New Issue