From e36739297d8bb8fecdb5070a902c2c5849d87aeb Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sat, 4 Dec 2021 17:59:40 -0500
Subject: [PATCH] Fixed broken TOTP 2FA

---
 calendar_events.php | 62 +++++++++++++++++++++++++++++++++++++++++++++
 login.php           |  6 +++--
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/calendar_events.php b/calendar_events.php
index 6250dc98..c0808f9b 100644
--- a/calendar_events.php
+++ b/calendar_events.php
@@ -82,6 +82,68 @@ while($row = mysqli_fetch_array($sql)){
             echo "{ id: '$event_id', title: '$event_title', start: '$event_start', end: '$event_end', color: '$calendar_color'},";
           }
           ?>
+          
+          <?php
+          //Invoices Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, invoices WHERE client_id = invoice_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['invoice_id'];
+            $event_title = $row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope'];
+            $event_start = $row['invoice_date'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'blue'},";
+          }
+          ?>
+
+          <?php
+          //Quotes Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, quotes WHERE client_id = quote_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['quote_id'];
+            $event_title = $row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope'];
+            $event_start = $row['quote_date'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'purple'},";
+          }
+          ?>
+
+          <?php
+          //Tickets Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, tickets WHERE client_id = ticket_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['ticket_id'];
+            $event_title = $row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject'];
+            $event_start = $row['ticket_created_at'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'orange'},";
+          }
+          ?>
+
+          <?php
+          //Vendors Added Created
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients, vendors WHERE client_id = vendor_client_id AND clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['vendor_id'];
+            $event_title = $row['vendor_name'];
+            $event_start = $row['vendor_created_at'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'brown'},";
+          }
+          ?>
+
+          <?php
+          //Clients Added
+          $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE clients.company_id = $session_company_id");
+          while($row = mysqli_fetch_array($sql)){
+            $event_id = $row['client_id'];
+            $event_title = $row['client_name'];
+            $event_start = $row['client_created_at'];
+            
+            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'green'},";
+          }
+          ?>
+
+
         ],
         eventClick: function(editEvent) {
           $('#editEventModal'+editEvent.event.id).modal();
diff --git a/login.php b/login.php
index 1d4cf867..6974021b 100644
--- a/login.php
+++ b/login.php
@@ -27,14 +27,15 @@ if(isset($_POST['login'])){
   $username = mysqli_real_escape_string($mysqli,$_POST['username']);
   $plain_password = $_POST['password'];
   $password = md5($_POST['password']);
-  if(!empty($token)){
+  $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
+  if(!empty($current_code)){
     $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
   }
   $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_email = '$username' AND user_password = '$password'");
   
   if(mysqli_num_rows($sql) == 1){
     $row = mysqli_fetch_array($sql);
-    $token = $row['token'];
+    $token = $row['user_token'];
     $_SESSION['user_id'] = $row['user_id'];
     $_SESSION['user_name'] = $row['user_name'];
     $user_name = $row['user_name'];
@@ -61,6 +62,7 @@ if(isset($_POST['login'])){
         $_SESSION['logged'] = TRUE;
         mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login 2FA', log_action = 'Success', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");
         //header("Location: $config_start_page");
+        echo "<script>alert(Fail); </script>";
         header("Location: dashboard.php");
       }else{
         mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), log_user_id = $user_id");