+
+
+
">
+
+
-
-
-
+
+
+
+
+
+
+ | Date |
+ |
+
+
+ | Due |
+ |
+
+
+
-
-
-
- | Date |
- |
-
-
- | Due |
- |
-
-
-
-
-
-
-
-
-
-
-
-
- | Product |
- Description |
- Qty |
- Price |
- Tax |
- Total |
-
-
-
-
+
+
+
+
+
+
- |
- |
- |
- |
- |
- |
+ Product |
+ Description |
+ Qty |
+ Price |
+ Tax |
+ Total |
+
+
+
+ $total_tax = 0;
+ $sub_total = 0;
-
-
+ while ($row = mysqli_fetch_array($sql_invoice_items)) {
+ $item_id = $row['item_id'];
+ $item_name = htmlentities($row['item_name']);
+ $item_description = htmlentities($row['item_description']);
+ $item_quantity = floatval($row['item_quantity']);
+ $item_price = floatval($row['item_price']);
+ $item_tax = floatval($row['item_tax']);
+ $item_total = floatval($row['item_total']);
+ $total_tax = $item_tax + $total_tax;
+ $sub_total = $item_price * $item_quantity + $sub_total;
+
+ ?>
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+
-
-
-
-
-
-
-
+
-
-
-
-
- | Subtotal |
- |
-
- 0) { ?>
-
- | Tax |
- |
-
- 0) { ?>
+
+
+
+
- Paid |
- |
+ Subtotal |
+ |
-
-
- | Balance |
- |
-
-
-
+ 0) { ?>
+
+ | Tax |
+ |
+
+
+ 0) { ?>
+
+ Paid |
+ |
+
+
+
+ | Balance |
+ |
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
+
+
+
1) { ?>
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
$difference = time() - strtotime($invoice_due);
- $days = floor($difference / (60*60*24) );
+ $days = floor($difference / (60*60*24));
?>
@@ -800,7 +800,7 @@ if (mysqli_num_rows($sql) > 1) { ?>
$invoice_url_key = htmlentities($row['invoice_url_key']);
$invoice_tally_total = $invoice_amount + $invoice_tally_total;
$difference = strtotime($invoice_due) - time();
- $days = floor($difference / (60*60*24) );
+ $days = floor($difference / (60*60*24));
?>
@@ -885,7 +885,7 @@ if (mysqli_num_rows($sql) > 1) { ?>
if (strtotime($payment_date) > strtotime($invoice_due)) {
$payment_note = "Late";
$difference = strtotime($payment_date) - strtotime($invoice_due);
- $days = floor($difference / (60*60*24) ) . " Days";
+ $days = floor($difference / (60*60*24)) . " Days";
} else {
$payment_note = "";
$days = "";
diff --git a/guest_view_item.php b/guest_view_item.php
index 9f45565c..efd24195 100644
--- a/guest_view_item.php
+++ b/guest_view_item.php
@@ -1,7 +1,7 @@
diff --git a/invoices.php b/invoices.php
index c74f5859..f145d92c 100644
--- a/invoices.php
+++ b/invoices.php
@@ -293,7 +293,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$now = time();
- if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ) {
+ if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now) {
$overdue_color = "text-danger font-weight-bold";
} else {
$overdue_color = "";
diff --git a/login.php b/login.php
index 36bb00cc..164801a2 100644
--- a/login.php
+++ b/login.php
@@ -47,11 +47,11 @@ $config_mail_from_email = $row['config_mail_from_email'];
$config_mail_from_name = $row['config_mail_from_name'];
// HTTP-Only cookies
-ini_set("session.cookie_httponly", True);
+ini_set("session.cookie_httponly", true);
// Tell client to only send cookie(s) over HTTPS
if ($config_https_only) {
- ini_set("session.cookie_secure", True);
+ ini_set("session.cookie_secure", true);
}
// Handle POST login request
@@ -108,7 +108,7 @@ if (isset($_POST['login'])) {
// Determine whether 2FA was used (for logs)
$extended_log = ''; // Default value
- if ($current_code !== 0 ) {
+ if ($current_code !== 0) {
$extended_log = 'with 2FA';
}
@@ -120,7 +120,7 @@ if (isset($_POST['login'])) {
$_SESSION['user_name'] = $user_name;
$_SESSION['user_role'] = $row['user_role'];
$_SESSION['csrf_token'] = randomString(156);
- $_SESSION['logged'] = TRUE;
+ $_SESSION['logged'] = true;
// Setup encryption session key
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
diff --git a/pagination.php b/pagination.php
index dc20f7d8..0349e89f 100644
--- a/pagination.php
+++ b/pagination.php
@@ -11,89 +11,89 @@ $total_found_rows = $num_rows[0];
$total_pages = ceil($total_found_rows / $_SESSION['records_per_page']);
if ($total_found_rows > 10) {
- $i=0;
+ $i=0;
-?>
+ ?>
-
+
-
-
-
-
-
-
+
+ while ($i < $total_pages) {
+ $i++;
+ if (($i == 1) || (($p <= 3) && ($i <= 6)) || (($i > $total_pages - 6) && ($p > $total_pages - 3)) || (is_int($i / $pages_split)) || (($p > 3) && ($i >= $p - 2) && ($i <= $p + 3)) || ($i == $total_pages)) {
+ if ($p == $i) {
+ $page_class = "active";
+ } else {
+ $page_class = "";
+ }
+ echo "
$i";
+ }
+ }
- $total_pages) {
+ echo "
Next";
+ }
+
+ ?>
+
+
+
+
+
+
No Results
";
+ echo "
No Results
";
}
?>
diff --git a/portal/inc_portal.php b/portal/inc_portal.php
index 36f5f3ee..8b77da7e 100644
--- a/portal/inc_portal.php
+++ b/portal/inc_portal.php
@@ -11,10 +11,10 @@ require_once('portal_functions.php');
if (!isset($_SESSION)) {
// HTTP Only cookies
- ini_set("session.cookie_httponly", True);
+ ini_set("session.cookie_httponly", true);
if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS
- ini_set("session.cookie_secure", True);
+ ini_set("session.cookie_secure", true);
}
session_start();
}
diff --git a/portal/invoices.php b/portal/invoices.php
index 8ca7bbf6..d509662f 100644
--- a/portal/invoices.php
+++ b/portal/invoices.php
@@ -18,9 +18,7 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
" alt="..." height="50" width="50" class="img-circle img-responsive">
-
-
@@ -73,7 +71,7 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
}
$now = time();
- if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now ) {
+ if (($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) + 86400 < $now) {
$overdue_color = "text-danger font-weight-bold";
} else {
$overdue_color = "";
@@ -107,9 +105,8 @@ $invoices_sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_clie
-
+
+
diff --git a/portal/login.php b/portal/login.php
index 0dce1e80..cac9aba4 100644
--- a/portal/login.php
+++ b/portal/login.php
@@ -46,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
if ($row['contact_auth_method'] == 'local') {
if (password_verify($password, $row['contact_password_hash'])) {
- $_SESSION['client_logged_in'] = TRUE;
+ $_SESSION['client_logged_in'] = true;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
diff --git a/portal/login_microsoft.php b/portal/login_microsoft.php
index 629a8529..894f777d 100644
--- a/portal/login_microsoft.php
+++ b/portal/login_microsoft.php
@@ -95,7 +95,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
$row = mysqli_fetch_array($sql);
if ($row['contact_auth_method'] == 'azure') {
- $_SESSION['client_logged_in'] = TRUE;
+ $_SESSION['client_logged_in'] = true;
$_SESSION['client_id'] = $row['contact_client_id'];
$_SESSION['contact_id'] = $row['contact_id'];
$_SESSION['company_id'] = $row['company_id'];
diff --git a/post.php b/post.php
index 37a4c11b..485eaf13 100644
--- a/post.php
+++ b/post.php
@@ -284,7 +284,7 @@ if(isset($_POST['edit_profile'])){
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$new_password = trim($_POST['new_password']);
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
- $logout = FALSE;
+ $logout = false;
$extended_log_description = '';
// Email notification when password or email is changed
@@ -367,7 +367,7 @@ if(isset($_POST['edit_profile'])){
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
$extended_log_description .= ", password changed";
- $logout = TRUE;
+ $logout = true;
}
// Enable extension access, only if it isn't already setup (user doesn't have cookie)
@@ -377,7 +377,7 @@ if(isset($_POST['edit_profile'])){
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $user_id");
$extended_log_description .= ", extension access enabled";
- $logout = TRUE;
+ $logout = true;
}
}
@@ -4788,19 +4788,19 @@ if(isset($_POST["import_client_contacts_csv"])){
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
- $error = FALSE;
+ $error = false;
//Check file is CSV
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file extension";
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
}
@@ -4808,7 +4808,7 @@ if(isset($_POST["import_client_contacts_csv"])){
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 8) {
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad column count.";
}
@@ -4818,7 +4818,7 @@ if(isset($_POST["import_client_contacts_csv"])){
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
- while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
+ while(($column = fgetcsv($file, 1000, ",")) !== false){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -5209,19 +5209,19 @@ if(isset($_POST["import_client_locations_csv"])){
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
- $error = FALSE;
+ $error = false;
//Check file is CSV
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file extension";
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
}
@@ -5229,7 +5229,7 @@ if(isset($_POST["import_client_locations_csv"])){
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 7) {
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad column count.";
}
@@ -5239,7 +5239,7 @@ if(isset($_POST["import_client_locations_csv"])){
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
- while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
+ while(($column = fgetcsv($file, 1000, ",")) !== false){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -5519,19 +5519,19 @@ if(isset($_POST["import_client_assets_csv"])){
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
- $error = FALSE;
+ $error = false;
//Check file is CSV
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file extension";
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
}
@@ -5539,7 +5539,7 @@ if(isset($_POST["import_client_assets_csv"])){
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 8) {
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad column count.";
}
@@ -5549,7 +5549,7 @@ if(isset($_POST["import_client_assets_csv"])){
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
- while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
+ while(($column = fgetcsv($file, 1000, ",")) !== false){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
@@ -6163,19 +6163,19 @@ if(isset($_POST["import_client_logins_csv"])){
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
- $error = FALSE;
+ $error = false;
//Check file is CSV
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file extension";
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
}
@@ -6183,7 +6183,7 @@ if(isset($_POST["import_client_logins_csv"])){
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 4) {
- $error = TRUE;
+ $error = true;
$_SESSION['alert_message'] = "Bad column count.";
}
@@ -6193,7 +6193,7 @@ if(isset($_POST["import_client_logins_csv"])){
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
- while(($column = fgetcsv($file, 1000, ",")) !== FALSE){
+ while(($column = fgetcsv($file, 1000, ",")) !== false){
$duplicate_detect = 0;
if(isset($column[0])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
diff --git a/rfc6238.php b/rfc6238.php
index 0468bde3..c95554db 100644
--- a/rfc6238.php
+++ b/rfc6238.php
@@ -1,170 +1,151 @@
SecretKey: $secretkey
";
+ $result = "";
+ print "
SecretKey: $secretkey
";
- $key = base32static::decode($secretkey);
- print "Key(base 32 decode): $key
";
+ $key = base32static::decode($secretkey);
+ print "Key(base 32 decode): $key
";
- $unixtimestamp = time()/30;
- print "UnixTimeStamp (time()/30): $unixtimestamp
";
- for($i=-($rangein30s); $i<=$rangein30s; $i++) {
- $checktime = (int)($unixtimestamp+$i);
- print "Calculating oath_hotp from (int)(unixtimestamp +- 30sec offset): $checktime basing on secret key
";
+ $unixtimestamp = time()/30;
+ print "UnixTimeStamp (time()/30): $unixtimestamp
";
+ for($i=-($rangein30s); $i<=$rangein30s; $i++) {
+ $checktime = (int)($unixtimestamp+$i);
+ print "Calculating oath_hotp from (int)(unixtimestamp +- 30sec offset): $checktime basing on secret key
";
- $thiskey = self::oath_hotp($key, $checktime, true);
- print "======================================================
";
- print "CheckTime: $checktime oath_hotp:".$thiskey."
";
- $result = $result." # ".self::oath_truncate($thiskey,6,true);
- }
+ $thiskey = self::oath_hotp($key, $checktime, true);
+ print "======================================================
";
+ print "CheckTime: $checktime oath_hotp:".$thiskey."
";
+ $result = $result." # ".self::oath_truncate($thiskey,6,true);
+ }
- return $result;
+ return $result;
}
public static function getBarCodeUrl($username, $domain, $secretkey, $issuer) {
- $url = "http://chart.apis.google.com/chart";
- $url = $url."?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/";
- $url = $url.$username . "@" . $domain . "%3Fsecret%3D" . $secretkey . '%26issuer%3D' . rawurlencode($issuer);
+ $url = "http://chart.apis.google.com/chart";
+ $url = $url."?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/";
+ $url = $url.$username . "@" . $domain . "%3Fsecret%3D" . $secretkey . '%26issuer%3D' . rawurlencode($issuer);
- return $url;
- }
- public static function generateRandomClue($length = 16) {
- $b32 = "234567QWERTYUIOPASDFGHJKLZXCVBNM";
- $s = "";
- for ($i = 0; $i < $length; $i++)
- $s .= $b32[rand(0,31)];
- return $s;
+ return $url;
}
- private static function hotp_tobytestream($key) {
- $result = array();
- $last = strlen($key);
- for ($i = 0; $i < $last; $i = $i + 2) {
- $x = $key[$i] + $key[$i + 1];
- $x = strtoupper($x);
- $x = hexdec($x);
- $result = $result.chr($x);
- }
+ private static function oath_hotp ($key, $counter, $debug=false) {
+ $result = "";
+ $orgcounter = $counter;
+ $cur_counter = array(0,0,0,0,0,0,0,0);
- return $result;
- }
- private static function oath_hotp ($key, $counter, $debug=false) {
- $result = "";
- $orgcounter = $counter;
- $cur_counter = array(0,0,0,0,0,0,0,0);
+ if ($debug) {
+ print "Packing counter $counter (".dechex($counter).")into binary string - pay attention to hex representation of key and binary representation
";
+ }
- if ($debug) {
- print "Packing counter $counter (".dechex($counter).")into binary string - pay attention to hex representation of key and binary representation
";
- }
+ for($i=7;$i>=0;$i--) { // C for unsigned char, * for repeating to the end of the input data
+ $cur_counter[$i] = pack ('C*', $counter);
- for($i=7;$i>=0;$i--) { // C for unsigned char, * for repeating to the end of the input data
- $cur_counter[$i] = pack ('C*', $counter);
+ if ($debug) {
+ print $cur_counter[$i]."(".dechex(ord($cur_counter[$i])).")"." from $counter
";
+ }
+
+ $counter = $counter >> 8;
+ }
+
+ if ($debug) {
+ foreach ($cur_counter as $char) {
+ print ord($char) . " ";
+ }
+
+ print "
";
+ }
+
+ $binary = implode($cur_counter);
+ // Pad to 8 characters
+ str_pad($binary, 8, chr(0), STR_PAD_LEFT);
if ($debug) {
- print $cur_counter[$i]."(".dechex(ord($cur_counter[$i])).")"." from $counter
";
+ print "Prior to HMAC calculation pad with zero on the left until 8 characters.
";
+ print "Calculate sha1 HMAC(Hash-based Message Authentication Code https://en.wikipedia.org/wiki/HMAC).
";
+ print "hash_hmac ('sha1', $binary, $key)
";
+ }
+ $result = hash_hmac ('sha1', $binary, $key);
+
+ if ($debug) {
+ print "Result: $result
";
+ }
+ return $result;
+ }
+ private static function oath_truncate($hash, $length = 6, $debug=false) {
+ $result="";
+
+ // Convert to dec
+ if ($debug) {
+ print "converting hex hash into characters
";
}
- $counter = $counter >> 8;
- }
+ $hashcharacters = str_split($hash,2);
- if ($debug) {
- foreach ($cur_counter as $char) {
- print ord($char) . " ";
+ if ($debug) {
+ print_r($hashcharacters);
+ print "
and convert to decimals:
";
+ }
+ for ($j=0; $j";
- }
+ if ($debug) {
+ print_r($hmac_result);
+ }
+ // http://php.net/manual/ru/function.hash-hmac.php
+ // adopted from brent at thebrent dot net 21-May-2009 08:17 comment
+ $offset = $hmac_result[19] & 0xf;
- $binary = implode($cur_counter);
- // Pad to 8 characters
- str_pad($binary, 8, chr(0), STR_PAD_LEFT);
+ if ($debug) {
+ print "Calculating offset as 19th element of hmac:".$hmac_result[19]."
";
+ print "offset:".$offset;
+ }
- if ($debug) {
- print "Prior to HMAC calculation pad with zero on the left until 8 characters.
";
- print "Calculate sha1 HMAC(Hash-based Message Authentication Code https://en.wikipedia.org/wiki/HMAC).
";
- print "hash_hmac ('sha1', $binary, $key)
";
- }
- $result = hash_hmac ('sha1', $binary, $key);
+ $result = (
+ (($hmac_result[$offset+0] & 0x7f) << 24) |
+ (($hmac_result[$offset+1] & 0xff) << 16) |
+ (($hmac_result[$offset+2] & 0xff) << 8) |
+ ($hmac_result[$offset+3] & 0xff)
+ ) % pow(10,$length);
+ return $result;
+ }
- if ($debug) {
- print "Result: $result
";
- }
- return $result;
- }
- private static function oath_truncate($hash, $length = 6, $debug=false) {
- $result="";
-
- // Convert to dec
- if ($debug) {
- print "converting hex hash into characters
";
- }
-
- $hashcharacters = str_split($hash,2);
-
- if ($debug) {
- print_r($hashcharacters);
- print "
and convert to decimals:
";
- }
- for ($j=0; $j";
- print "offset:".$offset;
- }
-
- $result = (
- (($hmac_result[$offset+0] & 0x7f) << 24 ) |
- (($hmac_result[$offset+1] & 0xff) << 16 ) |
- (($hmac_result[$offset+2] & 0xff) << 8 ) |
- ($hmac_result[$offset+3] & 0xff)
- ) % pow(10,$length);
- return $result;
- }
-
- }
+}
diff --git a/ticket.php b/ticket.php
index ec7749a2..5008d57c 100644
--- a/ticket.php
+++ b/ticket.php
@@ -1,4 +1,5 @@
-
0 ) { ?>
+ if ($ticket_asset_count > 0) { ?>
@@ -617,17 +618,15 @@ if (isset($_GET['ticket_id'])) {
-
-