AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correct typos

Browse Source
This commit is contained in:
Marcus Hill
2023-01-21 17:22:27 +00:00
parent 2c3ebb3bbb
commit d73b3cb960
13 changed files with 118 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@@ -20,7 +20,7 @@ ITFlow is in Beta.
**Please do not report security vulnerabilities through public GitHub issues.** **Please do not report security vulnerabilities through public GitHub issues.**
If you have discovered a security issue, please report it to us in as much detail as possible so we can fix it. If you have discovered a security issue, please report it to us in as much detail as possible, so we can fix it.
You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail. You should expect to receive an initial acknowledgement within 72 hours. If you do not, please get in touch discretely via GitHub issues/Forum/Discord to ensure we received your e-mail.
Security contact: Security contact:

4
check_login.php
View File

@@ -71,7 +71,7 @@ $session_company_currency = $row['company_currency'];
include("get_settings.php"); include("get_settings.php");
//Detects if using an apple device and uses apple maps instead of google //Detects if using an Apple device and uses Apple Maps instead of google
$iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod"); $iPod = stripos($_SERVER['HTTP_USER_AGENT'],"iPod");
$iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone"); $iPhone = stripos($_SERVER['HTTP_USER_AGENT'],"iPhone");
$iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad"); $iPad = stripos($_SERVER['HTTP_USER_AGENT'],"iPad");
@@ -89,4 +89,4 @@ $num_notifications = $row['num'];
//Set Currency Format //Set Currency Format
$currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY); $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRENCY);
?> ?>

2
client_delete_modal.php
View File

@@ -16,7 +16,7 @@
<div class="mb-4" style="text-align: center;"> <div class="mb-4" style="text-align: center;">
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i> <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
<h2>Are you sure?</h2> <h2>Are you sure?</h2>
<h6 class="mb-4 text-secondary">Do you really want to <b>delete <?php echo $client_name; ?></b> and all associated data including financial data, logs, shared links etc? This process cannot be undone.</h6> <h6 class="mb-4 text-secondary">Do you really want to <b>delete <?php echo $client_name; ?></b> and all associated data including financial data, logs, shared links etc.? This process cannot be undone.</h6>
<div class="form-group"> <div class="form-group">
<input type="hidden" id="clientName<?php echo $client_id ?>" value="<?php echo $client_name; ?>"> <input type="hidden" id="clientName<?php echo $client_id ?>" value="<?php echo $client_name; ?>">
<input class="form-control" type="text" id="clientNameProvided<?php echo $client_id ?>" onkeyup="validateClientNameDelete(<?php echo $client_id ?>)" placeholder="Please enter: '<?php echo $client_name; ?>'"> <input class="form-control" type="text" id="clientNameProvided<?php echo $client_id ?>" onkeyup="validateClientNameDelete(<?php echo $client_id ?>)" placeholder="Please enter: '<?php echo $client_name; ?>'">

8
cron.php
View File

@@ -254,7 +254,7 @@ while ($row = mysqli_fetch_array($sql_companies)) {
} }
//Send Recurring Invoices that match todays date and are active //Send Recurring Invoices that match today's date and are active
//Loop through all recurring that match today's date and is active //Loop through all recurring that match today's date and is active
$sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id"); $sql_recurring = mysqli_query($mysqli,"SELECT * FROM recurring LEFT JOIN clients ON client_id = recurring_client_id WHERE recurring_next_date = CURDATE() AND recurring_status = 1 AND recurring.company_id = $company_id");
@@ -296,8 +296,8 @@ while ($row = mysqli_fetch_array($sql_companies)) {
while ($row = mysqli_fetch_array($sql_invoice_items)) { while ($row = mysqli_fetch_array($sql_invoice_items)) {
$item_id = $row['item_id']; $item_id = $row['item_id'];
$item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape incase of , $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape in case of ,
$item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape incase of , $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape in case of ,
$item_quantity = $row['item_quantity']; $item_quantity = $row['item_quantity'];
$item_price = $row['item_price']; $item_price = $row['item_price'];
$item_subtotal = $row['item_subtotal']; $item_subtotal = $row['item_subtotal'];
@@ -368,4 +368,4 @@ while ($row = mysqli_fetch_array($sql_companies)) {
} //End Company Loop through } //End Company Loop through
?> ?>

82
dashboard_financial.php
View File

@@ -39,7 +39,7 @@ $largest_income_month = 0;
$sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id"); $sql_total_payments_to_invoices = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments_to_invoices FROM payments WHERE YEAR(payment_date) = $year AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_payments_to_invoices); $row = mysqli_fetch_array($sql_total_payments_to_invoices);
$total_payments_to_invoices = $row['total_payments_to_invoices']; $total_payments_to_invoices = $row['total_payments_to_invoices'];
//Do not grab transfer payment as these have an category_id of 0 //Do not grab transfer payment as these have a category_id of 0
$sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id"); $sql_total_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE YEAR(revenue_date) = $year AND revenue_category_id > 0 AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_total_revenues); $row = mysqli_fetch_array($sql_total_revenues);
$total_revenues = $row['total_revenues']; $total_revenues = $row['total_revenues'];
@@ -65,7 +65,7 @@ $sql_invoice_totals_all_years = mysqli_query($mysqli,"SELECT SUM(invoice_amount)
$row = mysqli_fetch_array($sql_invoice_totals_all_years); $row = mysqli_fetch_array($sql_invoice_totals_all_years);
$invoice_totals_all_years = $row['invoice_totals_all_years']; $invoice_totals_all_years = $row['invoice_totals_all_years'];
$receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years; $receivables = $invoice_totals_all_years - $total_payments_to_invoices_all_years;
$profit = $total_income - $total_expenses; $profit = $total_income - $total_expenses;
@@ -112,8 +112,8 @@ $vendors_added = $row['vendors_added'];
<form class="mb-3"> <form class="mb-3">
<select onchange="this.form.submit()" class="form-control" name="year"> <select onchange="this.form.submit()" class="form-control" name="year">
<?php <?php
while ($row = mysqli_fetch_array($sql_years_select)) { while ($row = mysqli_fetch_array($sql_years_select)) {
$year_select = $row['all_years']; $year_select = $row['all_years'];
if (empty($year_select)) { if (empty($year_select)) {
@@ -121,7 +121,7 @@ $vendors_added = $row['vendors_added'];
} }
?> ?>
<option <?php if ($year == $year_select) { echo "selected"; } ?> > <?php echo $year_select; ?></option> <option <?php if ($year == $year_select) { echo "selected"; } ?> > <?php echo $year_select; ?></option>
<?php <?php
} }
?> ?>
@@ -272,7 +272,7 @@ $vendors_added = $row['vendors_added'];
<button type="button" class="btn btn-tool" data-card-widget="remove"> <button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i> <i class="fas fa-times"></i>
</button> </button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
<canvas id="incomeByCategoryPieChart" width="100%" height="60"></canvas> <canvas id="incomeByCategoryPieChart" width="100%" height="60"></canvas>
@@ -338,19 +338,19 @@ $vendors_added = $row['vendors_added'];
$sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id"); $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
$row = mysqli_fetch_array($sql_payments); $row = mysqli_fetch_array($sql_payments);
$total_payments = $row['total_payments']; $total_payments = $row['total_payments'];
$sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id"); $sql_revenues = mysqli_query($mysqli,"SELECT SUM(revenue_amount) AS total_revenues FROM revenues WHERE revenue_account_id = $account_id");
$row = mysqli_fetch_array($sql_revenues); $row = mysqli_fetch_array($sql_revenues);
$total_revenues = $row['total_revenues']; $total_revenues = $row['total_revenues'];
$sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id"); $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS total_expenses FROM expenses WHERE expense_account_id = $account_id");
$row = mysqli_fetch_array($sql_expenses); $row = mysqli_fetch_array($sql_expenses);
$total_expenses = $row['total_expenses']; $total_expenses = $row['total_expenses'];
$balance = $opening_balance + $total_payments + $total_revenues - $total_expenses; $balance = $opening_balance + $total_payments + $total_revenues - $total_expenses;
if ($balance == '') { if ($balance == '') {
$balance = '0.00'; $balance = '0.00';
} }
?> ?>
<td class="text-right"><?php echo numfmt_format_currency($currency_format, $balance, "$session_company_currency"); ?></td> <td class="text-right"><?php echo numfmt_format_currency($currency_format, $balance, "$session_company_currency"); ?></td>
@@ -504,17 +504,17 @@ var myLineChart = new Chart(ctx, {
$revenues_for_month = $row['revenue_amount_for_month']; $revenues_for_month = $row['revenue_amount_for_month'];
$income_for_month = $payments_for_month + $revenues_for_month; $income_for_month = $payments_for_month + $revenues_for_month;
if ($income_for_month > 0 && $income_for_month > $largest_income_month) { if ($income_for_month > 0 && $income_for_month > $largest_income_month) {
$largest_income_month = $income_for_month; $largest_income_month = $income_for_month;
} }
?> ?>
<?php echo "$income_for_month,"; ?> <?php echo "$income_for_month,"; ?>
<?php <?php
} }
?> ?>
@@ -543,17 +543,17 @@ var myLineChart = new Chart(ctx, {
$revenues_for_month = $row['revenue_amount_for_month']; $revenues_for_month = $row['revenue_amount_for_month'];
$income_for_month = $payments_for_month + $revenues_for_month; $income_for_month = $payments_for_month + $revenues_for_month;
if ($income_for_month > 0 && $income_for_month > $largest_income_month) { if ($income_for_month > 0 && $income_for_month > $largest_income_month) {
$largest_income_month = $income_for_month; $largest_income_month = $income_for_month;
} }
?> ?>
<?php echo "$income_for_month,"; ?> <?php echo "$income_for_month,"; ?>
<?php <?php
} }
?> ?>
@@ -583,18 +583,18 @@ var myLineChart = new Chart(ctx, {
if ($invoice_for_month > 0 && $invoice_for_month > $largest_invoice_month) { if ($invoice_for_month > 0 && $invoice_for_month > $largest_invoice_month) {
$largest_invoice_month = $invoice_for_month; $largest_invoice_month = $invoice_for_month;
} }
?> ?>
<?php echo "$invoice_for_month,"; ?> <?php echo "$invoice_for_month,"; ?>
<?php <?php
} }
?> ?>
], ],
}, },
{ {
label: "Expense", label: "Expense",
lineTension: 0.3, lineTension: 0.3,
@@ -608,24 +608,24 @@ var myLineChart = new Chart(ctx, {
pointBorderWidth: 2, pointBorderWidth: 2,
data: [ data: [
<?php <?php
$largest_expense_month = 0; $largest_expense_month = 0;
for($month = 1; $month<=12; $month++) { for($month = 1; $month<=12; $month++) {
$sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0 AND expenses.company_id = $session_company_id"); $sql_expenses = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS expense_amount_for_month FROM expenses WHERE YEAR(expense_date) = $year AND MONTH(expense_date) = $month AND expense_vendor_id > 0 AND expenses.company_id = $session_company_id");
$row = mysqli_fetch_array($sql_expenses); $row = mysqli_fetch_array($sql_expenses);
$expenses_for_month = $row['expense_amount_for_month']; $expenses_for_month = $row['expense_amount_for_month'];
if ($expenses_for_month > 0 && $expenses_for_month > $largest_expense_month) { if ($expenses_for_month > 0 && $expenses_for_month > $largest_expense_month) {
$largest_expense_month = $expenses_for_month; $largest_expense_month = $expenses_for_month;
} }
?> ?>
<?php echo "$expenses_for_month,"; ?> <?php echo "$expenses_for_month,"; ?>
<?php <?php
} }
?> ?>
@@ -692,17 +692,17 @@ var myLineChart = new Chart(ctx, {
$row = mysqli_fetch_array($sql_trips); $row = mysqli_fetch_array($sql_trips);
$trip_miles_for_month = $row['trip_miles_for_month']; $trip_miles_for_month = $row['trip_miles_for_month'];
$largest_trip_miles_month = 0; $largest_trip_miles_month = 0;
if ($trip_miles_for_month > 0 && $trip_miles_for_month > $largest_trip_miles_month) { if ($trip_miles_for_month > 0 && $trip_miles_for_month > $largest_trip_miles_month) {
$largest_trip_miles_month = $trip_miles_for_month; $largest_trip_miles_month = $trip_miles_for_month;
} }
?> ?>
<?php echo "$trip_miles_for_month,"; ?> <?php echo "$trip_miles_for_month,"; ?>
<?php <?php
} }
?> ?>
@@ -756,7 +756,7 @@ var myPieChart = new Chart(ctx, {
$category_name = json_encode($row['category_name']); $category_name = json_encode($row['category_name']);
echo "$category_name,"; echo "$category_name,";
} }
?> ?>
], ],
@@ -772,7 +772,7 @@ var myPieChart = new Chart(ctx, {
$income_amount_for_year = $row['income_amount_for_year']; $income_amount_for_year = $row['income_amount_for_year'];
echo "$income_amount_for_year,"; echo "$income_amount_for_year,";
} }
?> ?>
], ],
@@ -783,7 +783,7 @@ var myPieChart = new Chart(ctx, {
$category_color = json_encode($row['category_color']); $category_color = json_encode($row['category_color']);
echo "$category_color,"; echo "$category_color,";
} }
?> ?>
], ],
@@ -813,7 +813,7 @@ var myPieChart = new Chart(ctx, {
$category_name = json_encode($row['category_name']); $category_name = json_encode($row['category_name']);
echo "$category_name,"; echo "$category_name,";
} }
?> ?>
], ],
@@ -829,7 +829,7 @@ var myPieChart = new Chart(ctx, {
$expense_amount_for_year = $row['expense_amount_for_year']; $expense_amount_for_year = $row['expense_amount_for_year'];
echo "$expense_amount_for_year,"; echo "$expense_amount_for_year,";
} }
?> ?>
], ],
@@ -840,7 +840,7 @@ var myPieChart = new Chart(ctx, {
$category_color = json_encode($row['category_color']); $category_color = json_encode($row['category_color']);
echo "$category_color,"; echo "$category_color,";
} }
?> ?>
], ],
@@ -866,7 +866,7 @@ var myPieChart = new Chart(ctx, {
$vendor_name = json_encode($row['vendor_name']); $vendor_name = json_encode($row['vendor_name']);
echo "$vendor_name,"; echo "$vendor_name,";
} }
?> ?>
], ],
@@ -882,7 +882,7 @@ var myPieChart = new Chart(ctx, {
$expense_amount_for_year = $row['expense_amount_for_year']; $expense_amount_for_year = $row['expense_amount_for_year'];
echo "$expense_amount_for_year,"; echo "$expense_amount_for_year,";
} }
?> ?>
], ],
@@ -893,7 +893,7 @@ var myPieChart = new Chart(ctx, {
$category_color = json_encode($row['category_color']); $category_color = json_encode($row['category_color']);
echo "$category_color,"; echo "$category_color,";
} }
?> ?>
], ],

18
database_updates.php
View File

@@ -243,7 +243,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
if (CURRENT_DATABASE_VERSION == '0.1.1') { if (CURRENT_DATABASE_VERSION == '0.1.1') {
// Insert queries here required to update to DB version 0.1.2 // Insert queries here required to update to DB version 0.1.2
// Create Many to Many Relationship tables for Assets, Contacts, Software and Vendors // Create Many-to-Many Relationship tables for Assets, Contacts, Software and Vendors
mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))"); mysqli_query($mysqli, "CREATE TABLE `asset_documents` (`asset_id` int(11) NOT NULL,`document_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`document_id`))");
mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))"); mysqli_query($mysqli, "CREATE TABLE `asset_logins` (`asset_id` int(11) NOT NULL,`login_id` int(11) NOT NULL, PRIMARY KEY (`asset_id`,`login_id`))");
@@ -393,7 +393,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
} }
if (CURRENT_DATABASE_VERSION == '0.2.3') { if (CURRENT_DATABASE_VERSION == '0.2.3') {
//Create New interfaces Table //Create New interfaces Table
mysqli_query($mysqli, "CREATE TABLE `interfaces` (`interface_id` int(11) AUTO_INCREMENT PRIMARY KEY, mysqli_query($mysqli, "CREATE TABLE `interfaces` (`interface_id` int(11) AUTO_INCREMENT PRIMARY KEY,
`interface_number` int(11) NULL DEFAULT NULL, `interface_number` int(11) NULL DEFAULT NULL,
@@ -410,7 +410,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
)"); )");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.4'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.4'");
} }
if (CURRENT_DATABASE_VERSION == '0.2.4') { if (CURRENT_DATABASE_VERSION == '0.2.4') {
@@ -427,7 +427,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
if (CURRENT_DATABASE_VERSION == '0.2.6') { if (CURRENT_DATABASE_VERSION == '0.2.6') {
// Insert queries here required to update to DB version 0.2.7 // Insert queries here required to update to DB version 0.2.7
mysqli_query($mysqli, "ALTER TABLE `contacts` ADD `contact_token_expire` DATETIME NULL DEFAULT NULL AFTER `contact_password_reset_token`"); mysqli_query($mysqli, "ALTER TABLE `contacts` ADD `contact_token_expire` DATETIME NULL DEFAULT NULL AFTER `contact_password_reset_token`");
// Update config.php var with new version var for use with docker // Update config.php var with new version var for use with docker
file_put_contents("config.php", "\$repo_branch = 'master';" . PHP_EOL, FILE_APPEND); file_put_contents("config.php", "\$repo_branch = 'master';" . PHP_EOL, FILE_APPEND);
@@ -437,19 +437,19 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
} }
if (CURRENT_DATABASE_VERSION == '0.2.7') { if (CURRENT_DATABASE_VERSION == '0.2.7') {
mysqli_query($mysqli, "ALTER TABLE `vendors` ADD `vendor_template` TINYINT(1) DEFAULT 0 AFTER `vendor_notes`"); mysqli_query($mysqli, "ALTER TABLE `vendors` ADD `vendor_template` TINYINT(1) DEFAULT 0 AFTER `vendor_notes`");
mysqli_query($mysqli, "ALTER TABLE `software` ADD `software_template` TINYINT(1) DEFAULT 0 AFTER `software_notes`"); mysqli_query($mysqli, "ALTER TABLE `software` ADD `software_template` TINYINT(1) DEFAULT 0 AFTER `software_notes`");
mysqli_query($mysqli, "ALTER TABLE `vendors` DROP `vendor_template_id`"); mysqli_query($mysqli, "ALTER TABLE `vendors` DROP `vendor_template_id`");
mysqli_query($mysqli, "DROP TABLE vendor_templates"); mysqli_query($mysqli, "DROP TABLE vendor_templates");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.8'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.8'");
} }
if (CURRENT_DATABASE_VERSION == '0.2.8') { if (CURRENT_DATABASE_VERSION == '0.2.8') {
mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_theme` VARCHAR(200) DEFAULT 'blue' AFTER `config_module_enable_ticketing`"); mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_theme` VARCHAR(200) DEFAULT 'blue' AFTER `config_module_enable_ticketing`");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.9'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.2.9'");
} }
@@ -463,4 +463,4 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
}else{ }else{
// Up-to-date // Up-to-date
} }

14
functions.php
View File

@@ -68,14 +68,14 @@ function get_user_agent() {
} }
function get_ip() { function get_ip() {
if (defined("CONST_GET_IP_METHOD")) { if (defined("CONST_GET_IP_METHOD")) {
if (CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") { if (CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") {
$ip = getenv('HTTP_X_FORWARDED_FOR'); $ip = getenv('HTTP_X_FORWARDED_FOR');
} }
else{ else{
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR']; $ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
} }
} }
@@ -160,7 +160,7 @@ function get_device() {
} }
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) { if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
$mobile_browser++; $mobile_browser++;
//Check for tablets on opera mini alternative headers //Check for tablets on Opera Mini alternative headers
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:'')); $stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) { if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
$tablet_browser++; $tablet_browser++;
@@ -290,7 +290,7 @@ function decryptUserSpecificKey($user_encryption_ciphertext, $user_password) {
/* /*
Generates what is probably best described as a session key (ephemeral-ish) Generates what is probably best described as a session key (ephemeral-ish)
- Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential - Allows us to store the master key on the server whilst the user is using the application, without prompting to type their password everytime they want to decrypt a credential
- Ciphertext/IV is stored on the server in the users session, encryption key is controlled/provided by the user as a cookie - Ciphertext/IV is stored on the server in the users' session, encryption key is controlled/provided by the user as a cookie
- Only the user can decrypt their session ciphertext to get the master key - Only the user can decrypt their session ciphertext to get the master key
- Encryption key never hits the disk in cleartext - Encryption key never hits the disk in cleartext
*/ */
@@ -446,7 +446,7 @@ function getSSL($name) {
function strto_AZaz09($string) { function strto_AZaz09($string) {
$string = ucwords(strtolower($string)); $string = ucwords(strtolower($string));
// Replace spaces with _ // Replace spaces with _
//$string = str_replace(' ', '_', $string); //$string = str_replace(' ', '_', $string);
@@ -541,7 +541,7 @@ function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_
} }
catch(Exception $e) { catch(Exception $e) {
// If we couldn't send the message return the error so we can log it // If we couldn't send the message return the error, so we can log it
return "Message not sent. Mailer Error: {$mail->ErrorInfo}"; return "Message not sent. Mailer Error: {$mail->ErrorInfo}";
} }
} }

4
login.php
View File

@@ -78,7 +78,7 @@ if (isset($_POST['login'])) {
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
// Set PHP session in DB so we can access the session encryption data (above) // Set PHP session in DB, so we can access the session encryption data (above)
$user_php_session = session_id(); $user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'"); mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
} }
@@ -229,4 +229,4 @@ if (isset($_POST['login'])) {
</script> </script>
</body> </body>
</html> </html>

8
portal/login_microsoft.php
View File

@@ -30,7 +30,7 @@ $auth_code_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/au
$token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"; $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/token";
// Initial Login Request, via Microsoft // Initial Login Request, via Microsoft
// Returns a authorization code if login was successful // Returns an authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET") { if ($_SERVER['REQUEST_METHOD'] == "GET") {
$params = array ( $params = array (
@@ -45,7 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
} }
// Login was successful, Microsoft has returned us a authorization code via POST // Login was successful, Microsoft has returned us an authorization code via POST
// Request an access token using authorization code (& client secret) (server side) // Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()) { if (isset($_POST['code']) && $_POST['state'] == session_id()) {
@@ -117,7 +117,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
} }
// If the user is just sat on the page, redirect them to login to try again // If the user is just sat on the page, redirect them to log in to try again
if (empty($_GET)) { if (empty($_GET)) {
echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>"; echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
} }

82
rfc6238.php
View File

@@ -1,26 +1,26 @@
<?php <?php
// http://www.faqs.org/rfcs/rfc6238.html // http://www.faqs.org/rfcs/rfc6238.html
require_once(dirname(__FILE__).'/base32static.php'); require_once(dirname(__FILE__).'/base32static.php');
class TokenAuth6238 { class TokenAuth6238 {
/** /**
* verify * verify
* *
* @param string $secretkey Secret clue (base 32). * @param string $secretkey Secret clue (base 32).
* @return bool True if success, false if failure * @return bool True if success, false if failure
*/ */
public static function verify($secretkey, $code, $rangein30s = 3) { public static function verify($secretkey, $code, $rangein30s = 3) {
$key = base32static::decode($secretkey); $key = base32static::decode($secretkey);
$unixtimestamp = time()/30; $unixtimestamp = time()/30;
for($i=-($rangein30s); $i<=$rangein30s; $i++) { for($i=-($rangein30s); $i<=$rangein30s; $i++) {
$checktime = (int)($unixtimestamp+$i); $checktime = (int)($unixtimestamp+$i);
$thiskey = self::oath_hotp($key, $checktime); $thiskey = self::oath_hotp($key, $checktime);
if ((int)$code == self::oath_truncate($thiskey,6)) { if ((int)$code == self::oath_truncate($thiskey,6)) {
return true; return true;
} }
} }
return false; return false;
} }
@@ -39,30 +39,30 @@
public static function getTokenCodeDebug($secretkey,$rangein30s = 3) { public static function getTokenCodeDebug($secretkey,$rangein30s = 3) {
$result = ""; $result = "";
print "<br/>SecretKey: $secretkey <br/>"; print "<br/>SecretKey: $secretkey <br/>";
$key = base32static::decode($secretkey); $key = base32static::decode($secretkey);
print "Key(base 32 decode): $key <br/>"; print "Key(base 32 decode): $key <br/>";
$unixtimestamp = time()/30; $unixtimestamp = time()/30;
print "UnixTimeStamp (time()/30): $unixtimestamp <br/>"; print "UnixTimeStamp (time()/30): $unixtimestamp <br/>";
for($i=-($rangein30s); $i<=$rangein30s; $i++) { for($i=-($rangein30s); $i<=$rangein30s; $i++) {
$checktime = (int)($unixtimestamp+$i); $checktime = (int)($unixtimestamp+$i);
print "Calculating oath_hotp from (int)(unixtimestamp +- 30sec offset): $checktime basing on secret key<br/>"; print "Calculating oath_hotp from (int)(unixtimestamp +- 30sec offset): $checktime basing on secret key<br/>";
$thiskey = self::oath_hotp($key, $checktime, true); $thiskey = self::oath_hotp($key, $checktime, true);
print "======================================================<br/>"; print "======================================================<br/>";
print "CheckTime: $checktime oath_hotp:".$thiskey."<br/>"; print "CheckTime: $checktime oath_hotp:".$thiskey."<br/>";
$result = $result." # ".self::oath_truncate($thiskey,6,true); $result = $result." # ".self::oath_truncate($thiskey,6,true);
} }
return $result; return $result;
} }
public static function getBarCodeUrl($username, $domain, $secretkey, $issuer) { public static function getBarCodeUrl($username, $domain, $secretkey, $issuer) {
$url = "http://chart.apis.google.com/chart"; $url = "http://chart.apis.google.com/chart";
$url = $url."?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/"; $url = $url."?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/";
$url = $url.$username . "@" . $domain . "%3Fsecret%3D" . $secretkey . '%26issuer%3D' . rawurlencode($issuer); $url = $url.$username . "@" . $domain . "%3Fsecret%3D" . $secretkey . '%26issuer%3D' . rawurlencode($issuer);
return $url; return $url;
} }
public static function generateRandomClue($length = 16) { public static function generateRandomClue($length = 16) {
@@ -72,7 +72,7 @@
$s .= $b32[rand(0,31)]; $s .= $b32[rand(0,31)];
return $s; return $s;
} }
private static function hotp_tobytestream($key) { private static function hotp_tobytestream($key) {
$result = array(); $result = array();
$last = strlen($key); $last = strlen($key);
@@ -82,82 +82,82 @@
$x = hexdec($x); $x = hexdec($x);
$result = $result.chr($x); $result = $result.chr($x);
} }
return $result; return $result;
} }
private static function oath_hotp ($key, $counter, $debug=false) { private static function oath_hotp ($key, $counter, $debug=false) {
$result = ""; $result = "";
$orgcounter = $counter; $orgcounter = $counter;
$cur_counter = array(0,0,0,0,0,0,0,0); $cur_counter = array(0,0,0,0,0,0,0,0);
if ($debug) { if ($debug) {
print "Packing counter $counter (".dechex($counter).")into binary string - pay attention to hex representation of key and binary representation<br/>"; print "Packing counter $counter (".dechex($counter).")into binary string - pay attention to hex representation of key and binary representation<br/>";
} }
for($i=7;$i>=0;$i--) { // C for unsigned char, * for repeating to the end of the input data for($i=7;$i>=0;$i--) { // C for unsigned char, * for repeating to the end of the input data
$cur_counter[$i] = pack ('C*', $counter); $cur_counter[$i] = pack ('C*', $counter);
if ($debug) { if ($debug) {
print $cur_counter[$i]."(".dechex(ord($cur_counter[$i])).")"." from $counter <br/>"; print $cur_counter[$i]."(".dechex(ord($cur_counter[$i])).")"." from $counter <br/>";
} }
$counter = $counter >> 8; $counter = $counter >> 8;
} }
if ($debug) { if ($debug) {
foreach ($cur_counter as $char) { foreach ($cur_counter as $char) {
print ord($char) . " "; print ord($char) . " ";
} }
print "<br/>"; print "<br/>";
} }
$binary = implode($cur_counter); $binary = implode($cur_counter);
// Pad to 8 characters // Pad to 8 characters
str_pad($binary, 8, chr(0), STR_PAD_LEFT); str_pad($binary, 8, chr(0), STR_PAD_LEFT);
if ($debug) { if ($debug) {
print "Prior to HMAC calculation pad with zero on the left until 8 characters.<br/>"; print "Prior to HMAC calculation pad with zero on the left until 8 characters.<br/>";
print "Calculate sha1 HMAC(Hash-based Message Authentication Code http://en.wikipedia.org/wiki/HMAC).<br/>"; print "Calculate sha1 HMAC(Hash-based Message Authentication Code https://en.wikipedia.org/wiki/HMAC).<br/>";
print "hash_hmac ('sha1', $binary, $key)<br/>"; print "hash_hmac ('sha1', $binary, $key)<br/>";
} }
$result = hash_hmac ('sha1', $binary, $key); $result = hash_hmac ('sha1', $binary, $key);
if ($debug) { if ($debug) {
print "Result: $result <br/>"; print "Result: $result <br/>";
} }
return $result; return $result;
} }
private static function oath_truncate($hash, $length = 6, $debug=false) { private static function oath_truncate($hash, $length = 6, $debug=false) {
$result=""; $result="";
// Convert to dec // Convert to dec
if ($debug) { if ($debug) {
print "converting hex hash into characters<br/>"; print "converting hex hash into characters<br/>";
} }
$hashcharacters = str_split($hash,2); $hashcharacters = str_split($hash,2);
if ($debug) { if ($debug) {
print_r($hashcharacters); print_r($hashcharacters);
print "<br/>and convert to decimals:<br/>"; print "<br/>and convert to decimals:<br/>";
} }
for ($j=0; $j<count($hashcharacters); $j++) { for ($j=0; $j<count($hashcharacters); $j++) {
$hmac_result[]=hexdec($hashcharacters[$j]); $hmac_result[]=hexdec($hashcharacters[$j]);
} }
if ($debug) { if ($debug) {
print_r($hmac_result); print_r($hmac_result);
} }
// http://php.net/manual/ru/function.hash-hmac.php // http://php.net/manual/ru/function.hash-hmac.php
// adopted from brent at thebrent dot net 21-May-2009 08:17 comment // adopted from brent at thebrent dot net 21-May-2009 08:17 comment
$offset = $hmac_result[19] & 0xf; $offset = $hmac_result[19] & 0xf;
if ($debug) { if ($debug) {
print "Calculating offset as 19th element of hmac:".$hmac_result[19]."<br/>"; print "Calculating offset as 19th element of hmac:".$hmac_result[19]."<br/>";
print "offset:".$offset; print "offset:".$offset;
} }
$result = ( $result = (
(($hmac_result[$offset+0] & 0x7f) << 24 ) | (($hmac_result[$offset+0] & 0x7f) << 24 ) |
(($hmac_result[$offset+1] & 0xff) << 16 ) | (($hmac_result[$offset+1] & 0xff) << 16 ) |
@@ -166,5 +166,5 @@
) % pow(10,$length); ) % pow(10,$length);
return $result; return $result;
} }
} }

2
setup.php
View File

@@ -769,7 +769,7 @@ $locales_array = [
if (isset($_POST['add_database'])) { if (isset($_POST['add_database'])) {
// Check if database has been setup already. If it has, direct user to edit directly instead. // Check if database has been set up already. If it has, direct user to edit directly instead.
if (file_exists('config.php')) { if (file_exists('config.php')) {
$_SESSION['alert_message'] = "Database already configured. Any further changes should be made by editing the config.php file."; $_SESSION['alert_message'] = "Database already configured. Any further changes should be made by editing the config.php file.";
header("Location: setup.php?user"); header("Location: setup.php?user");

4
user_archive_modal.php
View File

@@ -6,11 +6,11 @@
<i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i> <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
<h2>Are you sure?</h2> <h2>Are you sure?</h2>
<h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6> <h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6>
<h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to login or use ITFlow, but all associated content will remain accessible.</h6> <h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to log in or use ITFlow, but all associated content will remain accessible.</h6>
<button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
<a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Yes, archive!</a> <a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Yes, archive!</a>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>

6
user_profile.php
View File

@@ -98,7 +98,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<?php if (empty($session_token)) { ?> <?php if (empty($session_token)) { ?>
<button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button> <button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
<?php }else{ ?> <?php }else{ ?>
<p>You have setup 2FA. Your QR code is below.</p> <p>You have set up 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button> <button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
<?php } ?> <?php } ?>
@@ -167,7 +167,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<tr> <tr>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td> <td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
<td><?php echo "<strong>$log_user_os</strong><br>$log_user_browser<br><i class='fa fa-fw fa-globe text-secondary'></i> $log_ip"; ?></td> <td><?php echo "<strong>$log_user_os</strong><br>$log_user_browser<br><i class='fa fa-fw fa-globe text-secondary'></i> $log_ip"; ?></td>
</tr> </tr>
<?php <?php
} }
@@ -216,7 +216,7 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<br> <br>
<span class="text-secondary"><?php echo $log_description; ?></span> <span class="text-secondary"><?php echo $log_description; ?></span>
</td> </td>
</tr> </tr>
<?php <?php
} }