AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generate longer more secure Keys for shareable URLs using best practice

This commit is contained in:
johnnyq 2022-12-29 16:50:57 -05:00
parent a255441bc3
commit d6d908f0b8
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ajax.php
View File

@ -219,7 +219,7 @@ if(isset($_GET['share_generate_link'])){
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
$item_view_limit = intval($_GET['views']);
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = keygen();
$item_key = bin2hex(random_bytes(78));
if($item_type == "Document"){
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));

2
cron.php
View File

@ -285,7 +285,7 @@ while($row = mysqli_fetch_array($sql_companies)){
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = $company_id");
//Generate a unique URL key for clients to access
$url_key = keygen();
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $new_invoice_number, invoice_scope = '$recurring_scope', invoice_date = CURDATE(), invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_amount = '$recurring_amount', invoice_currency_code = '$recurring_currency_code', invoice_note = '$recurring_note', invoice_category_id = $category_id, invoice_status = 'Sent', invoice_url_key = '$url_key', invoice_created_at = NOW(), invoice_client_id = $client_id, company_id = $company_id");

14
post.php
View File

@ -2544,7 +2544,7 @@ if(isset($_POST['add_invoice'])){
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = $session_company_id");
//Generate a unique URL key for clients to access
$url_key = keygen();
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client, company_id = $session_company_id");
$invoice_id = mysqli_insert_id($mysqli);
@ -2602,7 +2602,7 @@ if(isset($_POST['add_invoice_copy'])){
$category_id = $row['invoice_category_id'];
//Generate a unique URL key for clients to access
$url_key = keygen();
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$invoice_scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_amount = '$invoice_amount', invoice_currency_code = '$invoice_currency_code', invoice_note = '$invoice_note', invoice_url_key = '$url_key', invoice_client_id = $client_id, company_id = $session_company_id") or die(mysql_error());
@ -2698,7 +2698,7 @@ if(isset($_POST['add_quote'])){
mysqli_query($mysqli,"UPDATE settings SET config_quote_next_number = $new_config_quote_next_number WHERE company_id = $session_company_id");
//Generate a unique URL key for clients to access
$quote_url_key = keygen();
$quote_url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO quotes SET quote_prefix = '$config_quote_prefix', quote_number = $quote_number, quote_scope = '$scope', quote_date = '$date', quote_currency_code = '$session_company_currency', quote_category_id = $category, quote_status = 'Draft', quote_url_key = '$quote_url_key', quote_client_id = $client, company_id = $session_company_id");
@ -2735,7 +2735,7 @@ if(isset($_POST['add_quote_copy'])){
$category_id = $row['quote_category_id'];
//Generate a unique URL key for clients to access
$quote_url_key = keygen();
$quote_url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO quotes SET quote_prefix = '$config_quote_prefix', quote_number = $quote_number, quote_scope = '$quote_scope', quote_date = '$date', quote_category_id = $category_id, quote_status = 'Draft', quote_amount = '$quote_amount', quote_currency_code = '$quote_currency_code', quote_note = '$quote_note', quote_url_key = '$quote_url_key', quote_client_id = $client_id, company_id = $session_company_id");
@ -2788,7 +2788,7 @@ if(isset($_POST['add_quote_to_invoice'])){
$category_id = $row['quote_category_id'];
//Generate a unique URL key for clients to access
$url_key = keygen();
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$quote_scope', invoice_date = '$date', invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_category_id = $category_id, invoice_status = 'Draft', invoice_amount = '$quote_amount', invoice_currency_code = '$quote_currency_code', invoice_note = '$quote_note', invoice_url_key = '$url_key', invoice_client_id = $client_id, company_id = $session_company_id");
@ -6221,7 +6221,7 @@ if(isset($_POST['add_invoice_from_ticket'])){
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = $session_company_id");
//Generate a unique URL key for clients to access
$url_key = keygen();
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id, company_id = $session_company_id");
$invoice_id = mysqli_insert_id($mysqli);
@ -6834,7 +6834,7 @@ if(isset($_GET['force_recurring'])){
mysqli_query($mysqli,"UPDATE settings SET config_invoice_next_number = $new_config_invoice_next_number WHERE company_id = $session_company_id");
//Generate a unique URL key for clients to access
$url_key = keygen();
$url_key = bin2hex(random_bytes(78));
mysqli_query($mysqli,"INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = '$new_invoice_number', invoice_scope = '$recurring_scope', invoice_date = CURDATE(), invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), invoice_amount = '$recurring_amount', invoice_currency_code = '$recurring_currency_code', invoice_note = '$recurring_note', invoice_category_id = $category_id, invoice_status = 'Sent', invoice_url_key = '$url_key', invoice_client_id = $client_id, company_id = $session_company_id");