Fixed broken TOTP 2FA

2021-12-04 17:59:40 -05:00 · 2021-12-04 17:59:40 -05:00 · e36739297d
parent d0c0ca0a2c
commit e36739297d
2 changed files with 66 additions and 2 deletions
--- a/calendar_events.php
+++ b/calendar_events.php
@ -82,6 +82,68 @@ while($row = mysqli_fetch_array($sql)){
            echo "{ id: '$event_id', title: '$event_title', start: '$event_start', end: '$event_end', color: '$calendar_color'},";
          }
          ?>
+          
+          <?php
+          //Invoices Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE client_id = invoice_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['invoice_id'];
+            $event_title = $row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope'];
+            $event_start = $row['invoice_date'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'blue'},";
+          }
+          ?>
+
+          <?php
+          //Quotes Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, quotes WHERE client_id = quote_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['quote_id'];
+            $event_title = $row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope'];
+            $event_start = $row['quote_date'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'purple'},";
+          }
+          ?>
+
+          <?php
+          //Tickets Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, tickets WHERE client_id = ticket_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['ticket_id'];
+            $event_title = $row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject'];
+            $event_start = $row['ticket_created_at'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'orange'},";
+          }
+          ?>
+
+          <?php
+          //Vendors Added Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, vendors WHERE client_id = vendor_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['vendor_id'];
+            $event_title = $row['vendor_name'];
+            $event_start = $row['vendor_created_at'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'brown'},";
+          }
+          ?>
+
+          <?php
+          //Clients Added
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['client_id'];
+            $event_title = $row['client_name'];
+            $event_start = $row['client_created_at'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'green'},";
+          }
+          ?>
+
+
        ],
        eventClick: function(editEvent) {
          $('#editEventModal'+editEvent.event.id).modal();
--- a/login.php
+++ b/login.php
@ -27,14 +27,15 @@ if(isset($_POST['login'])){
  $username = mysqli_real_escape_string($mysqli,$_POST['username']);
  $plain_password = $_POST['password'];
  $password = md5($_POST['password']);
-  if(!empty($token)){
+  $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
+  if(!empty($current_code)){
    $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
  }
  $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$username' AND user_password = '$password'");
  
  if(mysqli_num_rows($sql) == 1){
    $row = mysqli_fetch_array($sql);
-    $token = $row['token'];
+    $token = $row['user_token'];
    $_SESSION['user_id'] = $row['user_id'];
    $_SESSION['user_name'] = $row['user_name'];
    $user_name = $row['user_name'];
@ -61,6 +62,7 @@ if(isset($_POST['login'])){
        $_SESSION['logged'] = TRUE;
        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
        //header("Location: $config_start_page");
+        echo "<script>alert(Fail); </script>";
        header("Location: dashboard.php");
      }else{
        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");