AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correct typos

Browse Source
This commit is contained in:
Marcus Hill
2023-01-21 17:22:27 +00:00
parent 2c3ebb3bbb
commit d73b3cb960
13 changed files with 118 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@@ -20,7 +20,7 @@ ITFlow is in Beta.
**Please do not report security vulnerabilities through public GitHub issues.** **Please do not report security vulnerabilities through public GitHub issues.**
If you have discovered a security issue, please report it to us in as much detail as possible so we can fix it. If you have discovered a security issue, please report it to us in as much detail as possible, so we can fix it.
You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail. You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail.
Security contact: Security contact:

2
check_login.php
View File

@@ -71,7 +71,7 @@ $session_company_currency = $row['company_currency'];
include("get_settings.php"); include("get_settings.php");
//Detects if using an apple device and uses apple maps instead of google //Detects if using an Apple device and uses Apple Maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod"); $iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone"); $iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad"); $iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");

2
client_delete_modal.php
View File

@@ -16,7 +16,7 @@
<div class="mb-4" style="text-align: center;"> <div class="mb-4" style="text-align: center;">
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i> <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
<h2>Are you sure?</h2> <h2>Are you sure?</h2>
<h6 class="mb-4 text-secondary">Do you really want to <b>delete <?php echo $client_name; ?></b> and all associated data including financial data, logs, shared links etc? This process cannot be undone.</h6> <h6 class="mb-4 text-secondary">Do you really want to <b>delete <?php echo $client_name; ?></b> and all associated data including financial data, logs, shared links etc.? This process cannot be undone.</h6>
<div class="form-group"> <div class="form-group">
<input type="hidden" id="clientName<?php echo $client_id ?>" value="<?php echo $client_name; ?>"> <input type="hidden" id="clientName<?php echo $client_id ?>" value="<?php echo $client_name; ?>">
<input class="form-control" type="text" id="clientNameProvided<?php echo $client_id ?>" onkeyup="validateClientNameDelete(<?php echo $client_id ?>)" placeholder="Please enter: '<?php echo $client_name; ?>'"> <input class="form-control" type="text" id="clientNameProvided<?php echo $client_id ?>" onkeyup="validateClientNameDelete(<?php echo $client_id ?>)" placeholder="Please enter: '<?php echo $client_name; ?>'">

6
cron.php
View File

@@ -254,7 +254,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
} }
//Send Recurring Invoices that match todays date and are active //Send Recurring Invoices that match today's date and are active
//Loop through all recurring that match today's date and is active //Loop through all recurring that match today's date and is active
$sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id"); $sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id");
@@ -296,8 +296,8 @@ while ($row = mysqli_fetch_array($sql_companies)) {
while ($row = mysqli_fetch_array($sql_invoice_items)) { while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_id = $row['item_id']; $item_id = $row['item_id'];
$item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape incase of , $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape in case of ,
$item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape incase of , $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape in case of ,
$item_quantity = $row['item_quantity']; $item_quantity = $row['item_quantity'];
$item_price = $row['item_price']; $item_price = $row['item_price'];
$item_subtotal = $row['item_subtotal']; $item_subtotal = $row['item_subtotal'];

2
dashboard_financial.php
View File

@@ -39,7 +39,7 @@ $largest_income_month = 0;
$sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id"); $sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_payments_to_invoices); $row = mysqli_fetch_array($sql_total_payments_to_invoices);
$total_payments_to_invoices = $row['total_payments_to_invoices']; $total_payments_to_invoices = $row['total_payments_to_invoices'];
//Do not grab transfer payment as these have an category_id of 0 //Do not grab transfer payment as these have a category_id of 0
$sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id"); $sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_revenues); $row = mysqli_fetch_array($sql_total_revenues);
$total_revenues = $row['total_revenues']; $total_revenues = $row['total_revenues'];

2
database_updates.php
View File

@@ -243,7 +243,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
if (CURRENT_DATABASE_VERSION == '0.1.1') { if (CURRENT_DATABASE_VERSION == '0.1.1') {
// Insert queries here required to update to DB version 0.1.2 // Insert queries here required to update to DB version 0.1.2
// Create Many to Many Relationship tables for Assets, Contacts, Software and Vendors // Create Many-to-Many Relationship tables for Assets, Contacts, Software and Vendors
mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))"); mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))");
mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))"); mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))");

6
functions.php
View File

@@ -160,7 +160,7 @@ function get_device() {
} }
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) { if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
$mobile_browser++; $mobile_browser++;
//Check for tablets on opera mini alternative headers //Check for tablets on Opera Mini alternative headers
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:'')); $stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) { if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
$tablet_browser++; $tablet_browser++;
@@ -290,7 +290,7 @@ function decryptUserSpecificKey($user_encryption_ciphertext, $user_password) {
/* /*
Generates what is probably best described as a session key (ephemeral-ish) Generates what is probably best described as a session key (ephemeral-ish)
- Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential - Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential
- Ciphertext/IV is stored on the server in the users session, encryption key is controlled/provided by the user as a cookie - Ciphertext/IV is stored on the server in the users' session, encryption key is controlled/provided by the user as a cookie
- Only the user can decrypt their session ciphertext to get the master key - Only the user can decrypt their session ciphertext to get the master key
- Encryption key never hits the disk in cleartext - Encryption key never hits the disk in cleartext
*/ */
@@ -541,7 +541,7 @@ function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_
} }
catch(Exception $e) { catch(Exception $e) {
// If we couldn't send the message return the error so we can log it // If we couldn't send the message return the error, so we can log it
return "Message not sent. Mailer Error: {$mail->ErrorInfo}"; return "Message not sent. Mailer Error: {$mail->ErrorInfo}";
} }
} }

2
login.php
View File

@@ -78,7 +78,7 @@ if (isset($_POST['login'])) {
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
// Set PHP session in DB so we can access the session encryption data (above) // Set PHP session in DB, so we can access the session encryption data (above)
$user_php_session = session_id(); $user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'"); mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
} }

6
portal/login_microsoft.php
View File

@@ -30,7 +30,7 @@ $auth_code_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/au
$token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"; $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/token";
// Initial Login Request, via Microsoft // Initial Login Request, via Microsoft
// Returns a authorization code if login was successful // Returns an authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET") { if ($_SERVER['REQUEST_METHOD'] == "GET") {
$params = array ( $params = array (
@@ -45,7 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
} }
// Login was successful, Microsoft has returned us a authorization code via POST // Login was successful, Microsoft has returned us an authorization code via POST
// Request an access token using authorization code (& client secret) (server side) // Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()) { if (isset($_POST['code']) && $_POST['state'] == session_id()) {
@@ -117,7 +117,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
} }
// If the user is just sat on the page, redirect them to login to try again // If the user is just sat on the page, redirect them to log in to try again
if (empty($_GET)) { if (empty($_GET)) {
echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>"; echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
} }

2
rfc6238.php
View File

@@ -118,7 +118,7 @@
if ($debug) { if ($debug) {
print "Prior to HMAC calculation pad with zero on the left until 8 characters.<br/>"; print "Prior to HMAC calculation pad with zero on the left until 8 characters.<br/>";
print "Calculate sha1 HMAC(Hash-based Message Authentication Code http://en.wikipedia.org/wiki/HMAC).<br/>"; print "Calculate sha1 HMAC(Hash-based Message Authentication Code https://en.wikipedia.org/wiki/HMAC).<br/>";
print "hash_hmac ('sha1', $binary, $key)<br/>"; print "hash_hmac ('sha1', $binary, $key)<br/>";
} }
$result = hash_hmac ('sha1', $binary, $key); $result = hash_hmac ('sha1', $binary, $key);

2
setup.php
View File

@@ -769,7 +769,7 @@ $locales_array = [
if (isset($_POST['add_database'])) { if (isset($_POST['add_database'])) {
// Check if database has been setup already. If it has, direct user to edit directly instead. // Check if database has been set up already. If it has, direct user to edit directly instead.
if (file_exists('config.php')) { if (file_exists('config.php')) {
$_SESSION['alert_message'] = "Database already configured. Any further changes should be made by editing the config.php file."; $_SESSION['alert_message'] = "Database already configured. Any further changes should be made by editing the config.php file.";
header("Location: setup.php?user"); header("Location: setup.php?user");

2
user_archive_modal.php
View File

@@ -6,7 +6,7 @@
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i> <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
<h2>Are you sure?</h2> <h2>Are you sure?</h2>
<h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6> <h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6>
<h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to login or use ITFlow, but all associated content will remain accessible.</h6> <h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to log in or use ITFlow, but all associated content will remain accessible.</h6>
<button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
<a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Yes, archive!</a> <a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Yes, archive!</a>
</div> </div>

2
user_profile.php
View File

@@ -98,7 +98,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<?php if (empty($session_token)) { ?> <?php if (empty($session_token)) { ?>
<button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button> <button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
<?php }else{ ?> <?php }else{ ?>
<p>You have setup 2FA. Your QR code is below.</p> <p>You have set up 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button> <button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
<?php } ?> <?php } ?>