AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:itflow-org/itflow into develop

This commit is contained in:
johnnyq 2025-01-30 11:38:51 -05:00
parent b3c7b00e61 badda09245
commit dd94e594a1
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@ -5,16 +5,16 @@ This file documents all notable changes made to ITFlow.
## [25.01.01]
### Added / Changed
- Completely redesigned the Multi-Factor Authentication (MFA) Setup and Enforcement Flow UI/UX for a more intuitive user experience.
- Added a "Member" column in the roles listing for improved visibility.
- Redesigned the Multi-Factor Authentication (MFA) Setup and Enforcement Flow UI/UX for a more intuitive user experience.
- Added a "Member" column in the user roles listing for improved visibility.
- General UI/UX improvements, along with minor performance optimizations and cleanups.
### Fixed
- Fixed an issue where Stripe was not appearing as a payment option in the "Add Recurring Payment" modal.
- Fixed an issue where Stripe was not appearing as a recurring payment option.
- Corrected inaccurate Quarter 2 Expense results in the Profit & Loss Report.
- Resolved the issue where OTP was not displaying correctly on hover in the Contact or Asset Details sections.
- Resolved TOTP code not displaying correctly on hover in the Contact or Asset Details sections.
- Archived contacts no longer appear in the Bulk Mail section.
- Fixed an issue where the Ticket Assign Modal was showing both Itflow and client users.
- Fixed an issue where the Ticket Assign Modal was showing both ITFlow and client users.
- Fixed issue with login key redirecting to legacy client portal page.
## [25.01]

9
post/user/profile.php
View File

@ -261,13 +261,20 @@ if (isset($_POST['enable_mfa'])) {
if (isset($_GET['disable_mfa'])){
if ($session_user_config_force_mfa) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Multi-Factor authentication cannot be disabled for your account";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
// Delete any existing MFA tokens - these browsers should be re-validated
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_mail_from_name = sanitizeInput($config_mail_from_name);