diff --git a/CHANGELOG.md b/CHANGELOG.md index dcddde35..b64080bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ This file documents all notable changes made to ITFlow. +## [25.01.01] + +### Added / Changed +- Redesigned the Multi-Factor Authentication (MFA) Setup and Enforcement Flow UI/UX for a more intuitive user experience. +- Added a "Member" column in the user roles listing for improved visibility. +- General UI/UX improvements, along with minor performance optimizations and cleanups. + +### Fixed +- Fixed an issue where Stripe was not appearing as a recurring payment option. +- Corrected inaccurate Quarter 2 Expense results in the Profit & Loss Report. +- Resolved TOTP code not displaying correctly on hover in the Contact or Asset Details sections. +- Archived contacts no longer appear in the Bulk Mail section. +- Fixed an issue where the Ticket Assign Modal was showing both ITFlow and client users. +- Fixed issue with login key redirecting to legacy client portal page. + ## [25.01] ### Added / Changed diff --git a/admin_bulk_mail.php b/admin_bulk_mail.php index 8ede4dd8..0d68f27f 100644 --- a/admin_bulk_mail.php +++ b/admin_bulk_mail.php @@ -4,7 +4,8 @@ require_once "includes/inc_all_admin.php"; $sql = mysqli_query($mysqli, "SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id - WHERE contact_archived_at IS NULL + WHERE client_archived_at IS NULL + AND contact_archived_at IS NULL AND contact_email != '' AND (contact_primary = 1 OR contact_important = 1 OR @@ -22,7 +23,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts

Bulk Mail

diff --git a/admin_mail_queue.php b/admin_mail_queue.php index c662ebe7..841695fc 100644 --- a/admin_mail_queue.php +++ b/admin_mail_queue.php @@ -102,11 +102,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - - - ID - - Queued @@ -137,7 +132,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); Attempts - Action + Action @@ -175,14 +170,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - $email_from_name"?> $email_recipient_name"?> - + diff --git a/admin_role.php b/admin_role.php index db315d07..d59c2c4e 100644 --- a/admin_role.php +++ b/admin_role.php @@ -21,7 +21,7 @@ $sql = mysqli_query( $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); ?> -
Roles are still in development. Permissions may not be fully enforced.
+
Roles are still in development. Permissions may not be fully enforced.
@@ -54,22 +54,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - Name - - - - - Description + Role + Members Admin - - User count - Action @@ -87,16 +80,32 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); $role_user_count = mysqli_fetch_row($sql_role_user_count)[0]; + $sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL"); + // Initialize an empty array to hold user names + $user_names = []; + + // Fetch each row and store the user_name in the array + while($row = mysqli_fetch_assoc($sql_users)) { + $user_names[] = nullable_htmlentities($row['user_name']); + } + + // Convert the array of user names to a comma-separated string + $user_names_string = implode(",", $user_names) ; + + if (empty($user_names_string)) { + $user_names_string = "-"; + } + ?> - -
+ + +
- + -
diff --git a/admin_settings_company.php b/admin_settings_company.php index 6d4466d6..68fd853e 100644 --- a/admin_settings_company.php +++ b/admin_settings_company.php @@ -33,7 +33,7 @@ $company_initials = nullable_htmlentities(initials($company_name));
- + "> Remove Logo
diff --git a/admin_settings_notification.php b/admin_settings_notification.php index 8a23f630..1abc0982 100644 --- a/admin_settings_notification.php +++ b/admin_settings_notification.php @@ -19,19 +19,6 @@ require_once "includes/inc_all_admin.php";
-
- -
-
- -
- -
- Regenerate -
-
-
- diff --git a/check_login.php b/check_login.php index bd9570df..36cd2b34 100644 --- a/check_login.php +++ b/check_login.php @@ -54,7 +54,7 @@ $row = mysqli_fetch_array($sql); $session_name = sanitizeInput($row['user_name']); $session_email = $row['user_email']; $session_avatar = $row['user_avatar']; -$session_token = $row['user_token']; +$session_token = $row['user_token']; // MFA Token $session_user_role = intval($row['user_role']); $session_user_role_display = sanitizeInput($row['user_role_name']); if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) { @@ -128,8 +128,3 @@ $session_mobile = isMobile(); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('notification_id') AS num FROM notifications WHERE (notification_user_id = $session_user_id OR notification_user_id = 0) AND notification_dismissed_at IS NULL")); $num_notifications = $row['num']; - -// FORCE MFA Setup -//if ($session_user_config_force_mfa == 1 && $session_token == NULL) { -// header("Location: force_mfa.php"); -//} diff --git a/client_asset_details.php b/client_asset_details.php index 40252074..df8334f3 100644 --- a/client_asset_details.php +++ b/client_asset_details.php @@ -485,7 +485,7 @@ if (isset($_GET['asset_id'])) { if (empty($login_otp_secret)) { $otp_display = "-"; } else { - $otp_display = " Hover.."; + $otp_display = " Hover.."; } $login_note = nullable_htmlentities($row['login_note']); $login_important = intval($row['login_important']); @@ -926,6 +926,8 @@ if (isset($_GET['asset_id'])) { + +Hover.."; + $otp_display = " Hover.."; } $login_note = nullable_htmlentities($row['login_note']); $login_important = intval($row['login_important']); @@ -1129,6 +1129,8 @@ if (isset($_GET['contact_id'])) { + + 0) { $sql_resolved_tickets_to_close = mysqli_query( $mysqli, - "SELECT * FROM tickets + "SELECT * FROM tickets WHERE ticket_status = 4 AND ticket_updated_at < NOW() - INTERVAL $config_ticket_autoclose_hours HOUR" ); @@ -522,7 +544,7 @@ if ($config_send_invoice_reminders == 1) { $sql_recurring = mysqli_query($mysqli, "SELECT * FROM recurring LEFT JOIN recurring_payments ON recurring_id = recurring_payment_recurring_invoice_id LEFT JOIN clients ON client_id = recurring_client_id - WHERE recurring_next_date = CURDATE() + WHERE recurring_next_date = CURDATE() AND recurring_status = 1 "); @@ -594,27 +616,28 @@ while ($row = mysqli_fetch_array($sql_recurring)) { mysqli_query($mysqli, "UPDATE recurring SET recurring_last_sent = CURDATE(), recurring_next_date = DATE_ADD(CURDATE(), INTERVAL 1 $recurring_frequency) WHERE recurring_id = $recurring_id"); - if ($config_recurring_auto_send_invoice == 1 && $recurring_invoice_email_notify == 1) { - $sql = mysqli_query( - $mysqli, - "SELECT * FROM invoices + // Get details of the newly generated invoice + $sql = mysqli_query( + $mysqli, + "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1 WHERE invoice_id = $new_invoice_id" - ); + ); + $row = mysqli_fetch_array($sql); + $invoice_prefix = sanitizeInput($row['invoice_prefix']); + $invoice_number = intval($row['invoice_number']); + $invoice_scope = sanitizeInput($row['invoice_scope']); + $invoice_date = sanitizeInput($row['invoice_date']); + $invoice_due = sanitizeInput($row['invoice_due']); + $invoice_amount = floatval($row['invoice_amount']); + $invoice_url_key = sanitizeInput($row['invoice_url_key']); + $client_id = intval($row['client_id']); + $client_name = sanitizeInput($row['client_name']); + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); - $row = mysqli_fetch_array($sql); - $invoice_prefix = sanitizeInput($row['invoice_prefix']); - $invoice_number = intval($row['invoice_number']); - $invoice_scope = sanitizeInput($row['invoice_scope']); - $invoice_date = sanitizeInput($row['invoice_date']); - $invoice_due = sanitizeInput($row['invoice_due']); - $invoice_amount = floatval($row['invoice_amount']); - $invoice_url_key = sanitizeInput($row['invoice_url_key']); - $client_id = intval($row['client_id']); - $client_name = sanitizeInput($row['client_name']); - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); + if ($config_recurring_auto_send_invoice == 1 && $recurring_invoice_email_notify == 1) { $subject = "Invoice $invoice_prefix$invoice_number"; $body = "Hello $contact_name,

An invoice regarding \"$invoice_scope\" has been generated. Please view the details below.

Invoice: $invoice_prefix$invoice_number
Issue Date: $invoice_date
Total: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_currency_code) . "
Due Date: $invoice_due


To view your invoice, please click here.


--
$company_name - Billing
$config_invoice_from_email
$company_phone"; @@ -673,19 +696,151 @@ while ($row = mysqli_fetch_array($sql_recurring)) { // Create Payment from Auto Payment if ($recurring_payment_recurring_invoice_id) { - mysqli_query($mysqli,"INSERT INTO payments SET payment_date = CURDATE(), payment_amount = $recurring_amount, payment_currency_code = '$recurring_payment_currency_code', payment_account_id = $recurring_payment_account_id, payment_method = '$recurring_payment_method', payment_reference = 'Paid via AutoPay', payment_invoice_id = $new_invoice_id"); - // Get Payment ID for reference - $payment_id = mysqli_insert_id($mysqli); + if ($recurring_payment_method == "Stripe") { + // Stripe payment - // Update Invoice Status - mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $new_invoice_id"); + // Get Stripe info for client + $stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM client_stripe WHERE client_id = $client_id LIMIT 1")); + $stripe_id = sanitizeInput($stripe_client_details['stripe_id']); + $stripe_pm = sanitizeInput($stripe_client_details['stripe_pm']); - //Add Payment to History - mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added via Auto Pay', history_invoice_id = $new_invoice_id"); + if ($config_stripe_enable && $stripe_id && $stripe_pm) { + + // Initialize + require_once __DIR__ . '/plugins/stripe-php/init.php'; + $stripe = new \Stripe\StripeClient($config_stripe_secret); + + $balance_to_pay = round($invoice_amount, 2); + $pi_description = "ITFlow: $client_name payment of $recurring_payment_currency_code $balance_to_pay for $invoice_prefix$invoice_number"; + + // Create a payment intent + try { + $payment_intent = $stripe->paymentIntents->create([ + 'amount' => intval($balance_to_pay * 100), // Times by 100 as Stripe expects values in cents + 'currency' => $recurring_payment_currency_code, + 'customer' => $stripe_id, + 'payment_method' => $stripe_pm, + 'off_session' => true, + 'confirm' => true, + 'description' => $pi_description, + 'metadata' => [ + 'itflow_client_id' => $client_id, + 'itflow_client_name' => $client_name, + 'itflow_invoice_number' => $invoice_prefix . $invoice_number, + 'itflow_invoice_id' => $new_invoice_id, + ] + ]); + + // Get details from PI + $pi_id = sanitizeInput($payment_intent->id); + $pi_date = date('Y-m-d', $payment_intent->created); + $pi_amount_paid = floatval(($payment_intent->amount_received / 100)); + $pi_currency = strtoupper(sanitizeInput($payment_intent->currency)); + $pi_livemode = $payment_intent->livemode; + + } catch (Exception $e) { + $error = $e->getMessage(); + error_log("Stripe payment error - encountered exception during payment intent for invoice ID $new_invoice_id / $invoice_prefix$invoice_number: $error"); + logApp("Stripe", "error", "Exception during PI for invoice ID $new_invoice_id: $error"); + echo $error; + } + + if ($payment_intent->status == "succeeded" && intval($balance_to_pay) == intval($pi_amount_paid)) { + + // Update Invoice Status + mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $new_invoice_id"); + + // Add Payment to History + mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $recurring_payment_account_id, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $new_invoice_id"); + mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Online Payment added (autopay)', history_invoice_id = $new_invoice_id"); + + // Email receipt + if (!empty($config_smtp_host)) { + $subject = "Payment Received - Invoice $invoice_prefix$invoice_number"; + $body = "Hello $contact_name,

We have received online payment for the amount of " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_payment_currency_code) . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.

Amount Paid: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_payment_currency_code) . "

Thank you for your business!


--
$company_name - Billing Department
$config_invoice_from_email
$company_phone"; + + // Queue Mail + $data = [ + [ + 'from' => $config_invoice_from_email, + 'from_name' => $config_invoice_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body, + ] + ]; + + // Email the internal notification address too + if (!empty($config_invoice_paid_notification_email)) { + $subject = "Payment Received - $client_name - Invoice $invoice_prefix$invoice_number"; + $body = "Hello,

This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-

--------

Hello $contact_name,

We have received online payment for the amount of " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_payment_currency_code) . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.

Amount Paid: " . numfmt_format_currency($currency_format, $invoice_amount, $recurring_payment_currency_code) . "

Thank you for your business!


--
$company_name - Billing Department
$config_invoice_from_email
$company_phone"; + + $data[] = [ + 'from' => $config_invoice_from_email, + 'from_name' => $config_invoice_from_name, + 'recipient' => $config_invoice_paid_notification_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body, + ]; + } + + $mail = addToMailQueue($data); + + // Email Logging + $email_id = mysqli_insert_id($mysqli); + mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Sent', history_description = 'Payment Receipt sent to mail queue ID: $email_id!', history_invoice_id = $new_invoice_id"); + logAction("Invoice", "Payment", "Payment receipt for invoice $invoice_prefix$invoice_number queued to $contact_email Email ID: $email_id", $client_id, $new_invoice_id); + } + + // Log info + $extended_log_desc = ''; + if (!$pi_livemode) { + $extended_log_desc = '(DEV MODE)'; + } + + // Create Stripe payment gateway fee as an expense (if configured) + if ($config_stripe_expense_vendor > 0 && $config_stripe_expense_category > 0) { + $gateway_fee = round($invoice_amount * $config_stripe_percentage_fee + $config_stripe_flat_fee, 2); + mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$pi_date', expense_amount = $gateway_fee, expense_currency_code = '$company_currency', expense_account_id = $config_stripe_account, expense_vendor_id = $config_stripe_expense_vendor, expense_client_id = $client_id, expense_category_id = $config_stripe_expense_category, expense_description = 'Stripe Transaction for Invoice $invoice_prefix$invoice_number In the Amount of $balance_to_pay', expense_reference = 'Stripe - $pi_id $extended_log_desc'"); + } + + // Notify/log + appNotify("Invoice Paid", "Invoice $invoice_prefix$invoice_number automatically paid", "invoice.php?invoice_id=$new_invoice_id", $client_id); + logAction("Invoice", "Payment", "Auto Stripe payment amount of " . numfmt_format_currency($currency_format, $recurring_amount, $recurring_payment_currency_code) . " added to invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc", $client_id, $new_invoice_id); + customAction('invoice_pay', $new_invoice_id); + + } else { + mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Payment failed', history_description = 'Stripe autopay failed due to payment error', history_invoice_id = $new_invoice_id"); + logAction("Invoice", "Payment", "Failed auto Payment amount of invoice $invoice_prefix$invoice_number due to Stripe payment error", $client_id, $new_invoice_id); + } + + } else { + logAction("Invoice", "Payment", "Failed auto Payment amount of invoice $invoice_prefix$invoice_number due to Stripe configuration error", $client_id, $new_invoice_id); + } + + } else { + // Else: Cash/Bank payment + + //TODO: Should we send a receipt for auto bank payments, even when nobody actually confirms receipt? + + mysqli_query($mysqli,"INSERT INTO payments SET payment_date = CURDATE(), payment_amount = $recurring_amount, payment_currency_code = '$recurring_payment_currency_code', payment_account_id = $recurring_payment_account_id, payment_method = '$recurring_payment_method', payment_reference = 'Paid via AutoPay', payment_invoice_id = $new_invoice_id"); + + // Get Payment ID for reference + $payment_id = mysqli_insert_id($mysqli); + + // Update Invoice Status + mysqli_query($mysqli,"UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $new_invoice_id"); + + //Add Payment to History + mysqli_query($mysqli,"INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added via Auto Pay', history_invoice_id = $new_invoice_id"); + + // Logging + logAction("Invoice", "Payment", "Auto Payment amount of " . numfmt_format_currency($currency_format, $recurring_amount, $recurring_payment_currency_code) . " added to invoice $invoice_prefix$invoice_number", $client_id, $new_invoice_id); + } - // Logging - logAction("Invoice", "Payment", "Auto Payment amount of " . numfmt_format_currency($currency_format, $recurring_amount, $recurring_payment_currency_code) . " added to invoice $invoice_prefix$invoice_number", $client_id, $new_invoice_id); } //End Auto Payment } //End Recurring Invoices Loop @@ -1011,4 +1166,4 @@ appNotify("Cron", "Cron ran OK, but paths need updating - cron scripts are now i // Logging logApp("Cron", "info", "Cron executed successfully"); -logApp("Cron", "warning", "Cron ran using an old script path"); \ No newline at end of file +logApp("Cron", "warning", "Cron ran using an old script path"); diff --git a/cron_certificate_refresher.php b/cron_certificate_refresher.php index e7ffb1c4..67f3575a 100644 --- a/cron_certificate_refresher.php +++ b/cron_certificate_refresher.php @@ -1,10 +1,17 @@ $old_value) { + $new_value = $new_domain_info[$column]; + if ($old_value != $new_value && !in_array($column, $ignored_columns)) { + $column = sanitizeInput($column); + $old_value = sanitizeInput($old_value); + $new_value = sanitizeInput($new_value); + mysqli_query($mysqli,"INSERT INTO domain_history SET domain_history_column = '$column', domain_history_old_value = '$old_value', domain_history_new_value = '$new_value', domain_history_domain_id = $domain_id"); + } + } + } diff --git a/cron_mail_queue.php b/cron_mail_queue.php index c3642094..19337e6f 100644 --- a/cron_mail_queue.php +++ b/cron_mail_queue.php @@ -1,10 +1,16 @@ Ticketing > Email-to-ticket parsing. See https://docs.itflow.org/ticket_email_parse -- Quitting.."); } -$argv = $_SERVER['argv']; - -// Check Cron Key -if ($argv[1] !== $config_cron_key) { - exit("Cron Key invalid -- Quitting.."); -} - // Get system temp directory $temp_dir = sys_get_temp_dir(); @@ -88,7 +86,7 @@ $allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf', 'txt', ' // Function to raise a new ticket for a given contact and email them confirmation (if configured) function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) { - global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $allowed_extensions; + global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions; $ticket_number_sql = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1")); $ticket_number = intval($ticket_number_sql['config_ticket_next_number']); @@ -111,7 +109,7 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date //Generate a unique URL key for clients to access $url_key = randomString(156); - mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id"); + mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id"); $id = mysqli_insert_id($mysqli); // Logging @@ -155,7 +153,7 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date $data = []; if ($config_ticket_client_general_notifications == 1) { $subject_email = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

Ticket: $config_ticket_prefix$ticket_number
Subject: $subject
Status: New
https://$config_base_url/client/ticket.php?id=$id

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

Ticket: $config_ticket_prefix$ticket_number
Subject: $subject
Status: New
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; $data[] = [ 'from' => $config_ticket_from_email, 'from_name' => $config_ticket_from_name, @@ -556,5 +554,3 @@ if (file_exists($lock_file_path)) { } echo "Processed Emails into tickets: $processed_count\n"; echo "Unprocessed Emails: $unprocessed_count\n"; - -?> diff --git a/database_updates.php b/database_updates.php index 0cabb96d..8ee3abf5 100644 --- a/database_updates.php +++ b/database_updates.php @@ -2462,10 +2462,17 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.7.9'"); } - // if (CURRENT_DATABASE_VERSION == '1.7.9') { - // // Insert queries here required to update to DB version 1.8.0 + if (CURRENT_DATABASE_VERSION == '1.7.9') { + + mysqli_query($mysqli, "ALTER TABLE `settings` DROP `config_cron_key`"); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.0'"); + } + + // if (CURRENT_DATABASE_VERSION == '1.8.0') { + // // Insert queries here required to update to DB version 1.8.1 // // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.0'"); + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.1'"); // } } else { diff --git a/db.sql b/db.sql index 48aaa273..31f409e0 100644 --- a/db.sql +++ b/db.sql @@ -1705,7 +1705,6 @@ CREATE TABLE `settings` ( `config_ticket_new_ticket_notification_email` varchar(200) DEFAULT NULL, `config_ticket_default_billable` tinyint(1) NOT NULL DEFAULT 0, `config_enable_cron` tinyint(1) NOT NULL DEFAULT 0, - `config_cron_key` varchar(255) DEFAULT NULL, `config_recurring_auto_send_invoice` tinyint(1) NOT NULL DEFAULT 1, `config_enable_alert_domain_expire` tinyint(1) NOT NULL DEFAULT 1, `config_send_invoice_reminders` tinyint(1) NOT NULL DEFAULT 1, @@ -2343,4 +2342,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2025-01-18 13:03:55 +-- Dump completed on 2025-01-25 21:47:06 diff --git a/force_mfa.php b/force_mfa.php deleted file mode 100644 index 7a258457..00000000 --- a/force_mfa.php +++ /dev/null @@ -1,74 +0,0 @@ - - -
-
-

2FA Setup

-
-
- -
- - - - - -

You have set up 2FA. Your QR code is below.

- - - -
- "; - - echo "

$session_token

"; - } - - ?> -
- - - - - - -
-
-
-
- -
- -
- -
-
-
- - - -
-
- - + + diff --git a/includes/top_nav.php b/includes/top_nav.php index 560ed438..1cc8cf17 100644 --- a/includes/top_nav.php +++ b/includes/top_nav.php @@ -137,7 +137,7 @@
  • - + " class="user-image img-circle"> diff --git a/login.php b/login.php index e26599a8..c42b01eb 100644 --- a/login.php +++ b/login.php @@ -75,7 +75,7 @@ $config_login_remember_me_expire = intval($row['config_login_remember_me_expire' // If no/incorrect 'key' is supplied, send to client portal instead if ($config_login_key_required) { if (!isset($_GET['key']) || $_GET['key'] !== $config_login_key_secret) { - header("Location: portal"); + header("Location: client"); exit(); } } @@ -145,7 +145,7 @@ if (isset($_POST['login'])) { // Validate MFA code if (!empty($current_code) && TokenAuth6238::verify($token, $current_code)) { $mfa_is_complete = true; - $extended_log = 'with 2FA'; + $extended_log = 'with MFA'; } if ($mfa_is_complete) { @@ -201,8 +201,7 @@ if (isset($_POST['login'])) { // Forcing MFA if ($force_mfa == 1 && $token == NULL) { - $secretMFA = key32gen(); - $config_start_page = "post.php?enable_2fa_force&token=$secretMFA&csrf_token=$_SESSION[csrf_token]"; + $config_start_page = "mfa_enforcement.php"; } // Setup encryption session key @@ -325,7 +324,7 @@ if (isset($_POST['login'])) { <?=nullable_htmlentities($company_name)?> logo"> - ITFlow + ITFlow diff --git a/mfa_enforcement.php b/mfa_enforcement.php new file mode 100644 index 00000000..74c0a40c --- /dev/null +++ b/mfa_enforcement.php @@ -0,0 +1,159 @@ + + + + + + + + + + + MFA Enforcement | <?php echo $session_company_name; ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/modals/recurring_payment_add_modal.php b/modals/recurring_payment_add_modal.php index f7126329..7366c390 100644 --- a/modals/recurring_payment_add_modal.php +++ b/modals/recurring_payment_add_modal.php @@ -48,6 +48,9 @@ +
    + +
    + +

    Secret: + +

    +
    + +
    +
    +
    + +
    + +
    +
    + +
    +
    + + +
    + + + + diff --git a/post/admin/admin_settings_notification.php b/post/admin/admin_settings_notification.php index 429a0328..cf025793 100644 --- a/post/admin/admin_settings_notification.php +++ b/post/admin/admin_settings_notification.php @@ -7,7 +7,6 @@ if (isset($_POST['edit_notification_settings'])) { validateCSRFToken($_POST['csrf_token']); $config_enable_cron = intval($_POST['config_enable_cron'] ?? 0); - $config_cron_key = sanitizeInput($_POST['config_cron_key']); $config_enable_alert_domain_expire = intval($_POST['config_enable_alert_domain_expire'] ?? 0); $config_send_invoice_reminders = intval($_POST['config_send_invoice_reminders'] ?? 0); $config_recurring_auto_send_invoice = intval($_POST['config_recurring_auto_send_invoice'] ?? 0); @@ -23,18 +22,3 @@ if (isset($_POST['edit_notification_settings'])) { header("Location: " . $_SERVER["HTTP_REFERER"]); } - -if (isset($_GET['generate_cron_key'])) { - - $key = randomString(32); - - mysqli_query($mysqli,"UPDATE settings SET config_cron_key = '$key' WHERE company_id = 1"); - - // Logging - logAction("Settings", "Edit", "$session_name regenerated the cron key"); - - $_SESSION['alert_message'] = "Cron key regenerated"; - - header("Location: " . $_SERVER["HTTP_REFERER"]); - -} diff --git a/post/user/invoice.php b/post/user/invoice.php index 0da9a3c0..1b8fc774 100644 --- a/post/user/invoice.php +++ b/post/user/invoice.php @@ -1430,9 +1430,6 @@ if (isset($_GET['delete_recurring_payment'])) { $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Auto Payment Removed for Recurring Invoice $recurring_prefix$recurring_number"; - if ($config_stripe_enable) { - $_SESSION['alert_message'] = "Auto Payment Removed - Stripe Auto payments must be manually removed in Stripe"; - } header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/post/user/profile.php b/post/user/profile.php index 0ff38f49..94138779 100644 --- a/post/user/profile.php +++ b/post/user/profile.php @@ -190,63 +190,92 @@ if (isset($_POST['edit_your_user_preferences'])) { header("Location: " . $_SERVER["HTTP_REFERER"]); } +if (isset($_POST['enable_mfa'])) { -if (isset($_POST['verify'])) { + validateCSRFToken($_POST['csrf_token']); require_once "plugins/totp/totp.php"; - $currentcode = intval($_POST['code']); //code to validate, for example received from device - - if (TokenAuth6238::verify($session_token, $currentcode)) { - $_SESSION['alert_message'] = "VALID!"; - }else{ - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "IN-VALID!"; + // Grab the code from the user + $verify_code = trim($_POST['verify_code']); + // Ensure it's numeric + if (!ctype_digit($verify_code)) { + $verify_code = ''; } - header("Location: " . $_SERVER["HTTP_REFERER"]); + // Grab the secret from the session + $token = $_SESSION['mfa_token'] ?? ''; -} + // Verify + if (TokenAuth6238::verify($token, $verify_code)) { -if (isset($_POST['enable_2fa']) || isset($_GET['enable_2fa_force'])) { + // SUCCESS + mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id"); - // CSRF Check - if ($_SERVER['REQUEST_METHOD'] === 'POST') { - validateCSRFToken($_POST['csrf_token']); + // Delete any existing MFA tokens - these browsers should be re-validated + mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id"); + + // Logging + logAction("User Account", "Edit", "$session_name enabled MFA on their account"); + + $_SESSION['alert_message'] = "Multi-Factor authentication enabled"; + + // Clear the mfa_token from the session to avoid re-use. + unset($_SESSION['mfa_token']); + + // Check if the previous page is mfa_enforcement.php + if (isset($_SERVER['HTTP_REFERER'])) { + $previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH)); + if ($previousPage === 'mfa_enforcement.php') { + // Redirect back to mfa_enforcement.php + header("Location: $config_start_page"); + exit; + } + } - $extended_log_description = ""; - $token = sanitizeInput($_POST['token']); } else { - // If this is a GET request then we forced MFA as part of login - validateCSRFToken($_GET['csrf_token']); + // FAILURE + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Verification code invalid, please try again."; - $extended_log_description = "(forced)"; - $token = sanitizeInput($_GET['token']); + // Set a flag to automatically open the MFA modal again + $_SESSION['show_mfa_modal'] = true; + + // Check if the previous page is mfa_enforcement.php + if (isset($_SERVER['HTTP_REFERER'])) { + $previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH)); + if ($previousPage === 'mfa_enforcement.php') { + // Redirect back to mfa_enforcement.php + header("Location: " . $_SERVER['HTTP_REFERER']); + exit; + } + } } - mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id"); - - // Delete any existing 2FA tokens - these browsers should be re-validated - mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id"); - - // Logging - logAction("User Account", "Edit", "$session_name enabled MFA on their account $extended_log_description"); - - $_SESSION['alert_message'] = "Two-factor authentication enabled $extended_log_description"; - header("Location: user_security.php"); + exit; } -if (isset($_POST['disable_2fa'])){ +if (isset($_GET['disable_mfa'])){ + + if ($session_user_config_force_mfa) { + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Multi-Factor authentication cannot be disabled for your account"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } // CSRF Check - validateCSRFToken($_POST['csrf_token']); + validateCSRFToken($_GET['csrf_token']); mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id"); + // Delete any existing MFA tokens - these browsers should be re-validated + mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id"); + // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php $config_mail_from_name = sanitizeInput($config_mail_from_name); $config_mail_from_email = sanitizeInput($config_mail_from_email); @@ -274,7 +303,7 @@ if (isset($_POST['disable_2fa'])){ logAction("User Account", "Edit", "$session_name disabled MFA on their account"); $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = "Two-factor authentication disabled"; + $_SESSION['alert_message'] = "Multi-Factor authentication disabled"; header("Location: " . $_SERVER["HTTP_REFERER"]); diff --git a/recurring_invoice.php b/recurring_invoice.php index dffb08fe..49b14aea 100644 --- a/recurring_invoice.php +++ b/recurring_invoice.php @@ -62,8 +62,9 @@ if (isset($_GET['recurring_id'])) { } $recurring_payment_id = intval($row['recurring_payment_id']); $recurring_payment_recurring_invoice_id = intval($row['recurring_payment_recurring_invoice_id']); + $recurring_payment_method = nullable_htmlentities($row['recurring_payment_method']); - // Override Tab Title // No Sanitizing needed as this var will opnly be used in the tab title + // Override Tab Title // No Sanitizing needed as this var will only be used in the tab title $tab_title = $row['client_name']; $page_title = "{$row['recurring_prefix']}{$row['recurring_number']}"; @@ -131,7 +132,7 @@ if (isset($_GET['recurring_id'])) {     - Disable AutoPay + Disable AutoPay () diff --git a/report_profit_loss.php b/report_profit_loss.php index 74c46c8b..95532d90 100644 --- a/report_profit_loss.php +++ b/report_profit_loss.php @@ -377,7 +377,7 @@ $sql_categories_expense = mysqli_query($mysqli, "SELECT * FROM categories WHERE ?> -
    • + 'Database host', - 'username' => 'Database username', - 'password' => 'Database password', - 'database' => 'Database name', - 'base-url' => 'Base URL (without protocol, e.g. example.com/itflow)', - 'locale' => 'Locale (e.g. en_US)', - 'timezone' => 'Timezone (e.g. UTC)', - 'currency' => 'Currency code (e.g. USD)', - 'company-name' => 'Company name', - 'country' => 'Company country (e.g. United States)', - 'user-name' => 'Admin user full name', - 'user-email' => 'Admin user email', - 'user-password'=> 'Admin user password (min 8 chars)' -]; - -// Additional optional arguments -// address, city, state, zip, phone, company-email, website -// These are optional and don't need error checks if missing. -$optional_args = [ - 'address' => 'Company address (optional)', - 'city' => 'Company city (optional)', - 'state' => 'Company state (optional)', - 'zip' => 'Company postal code (optional)', - 'phone' => 'Company phone (optional)', - 'company-email' => 'Company email (optional)', - 'website' => 'Company website (optional)' -]; - -// Parse command line options -$shortopts = ""; -$longopts = [ - "help", - "host:", - "username:", - "password:", - "database:", - "base-url:", - "locale:", - "timezone:", - "currency:", - "company-name:", - "country:", - "address::", - "city::", - "state::", - "zip::", - "phone::", - "company-email::", - "website::", - "user-name:", - "user-email:", - "user-password:", - "non-interactive" -]; - -$options = getopt($shortopts, $longopts); - -// If --help is set, print usage and exit -if (isset($options['help'])) { - echo "ITFlow CLI Setup Script\n\n"; - echo "Usage:\n"; - echo " php setup_cli.php [options]\n\n"; - echo "Options:\n"; - foreach ($required_args as $arg => $desc) { - echo " --$arg\t$desc (required)\n"; - } - foreach ($optional_args as $arg => $desc) { - echo " --$arg\t$desc\n"; - } - echo " --non-interactive\tRun in non-interactive mode (fail if required args missing)\n"; - echo " --help\t\tShow this help message\n\n"; - echo "If running interactively (without --non-interactive), any missing required arguments will be prompted.\n"; - echo "If running non-interactively, all required arguments must be provided.\n\n"; - exit(0); -} - -if (file_exists("config.php")) { - include "config.php"; -} - -include "functions.php"; -include "includes/database_version.php"; - -if (!isset($config_enable_setup)) { - $config_enable_setup = 1; -} - -if ($config_enable_setup == 0) { - echo "Setup is disabled. Please delete or modify config.php if you need to re-run the setup.\n"; - exit; -} - -$errorLog = ini_get('error_log') ?: "/var/log/apache2/error.log"; - -$timezones = DateTimeZone::listIdentifiers(); - -function prompt($message) { - echo $message . ": "; - return trim(fgets(STDIN)); -} - -$non_interactive = isset($options['non-interactive']); - -function getOptionOrPrompt($key, $promptMessage, $required = false, $default = '', $optionsGlobal = []) { - global $options, $non_interactive; - if (isset($options[$key])) { - return $options[$key]; - } else { - if ($non_interactive && $required) { - die("Missing required argument: --$key\n"); - } - $val = prompt($promptMessage . (strlen($default) ? " [$default]" : '')); - if (empty($val) && !empty($default)) { - $val = $default; - } - if ($required && empty($val)) { - die("Error: $promptMessage is required.\n"); - } - return $val; - } -} - -// Start setup -echo "Welcome to the ITFlow CLI Setup.\n"; - -// If config exists, abort -if (file_exists('config.php')) { - echo "Database is already configured in config.php.\n"; - echo "To re-run the setup, remove config.php and run this script again.\n"; - exit; -} - -// If non-interactive is set, ensure all required arguments are present -if ($non_interactive) { - foreach (array_keys($required_args) as $arg) { - if (!isset($options[$arg])) { - die("Missing required argument: --$arg\n"); - } - } -} - -// Database Setup -echo "\n=== Database Setup ===\n"; -$database = getOptionOrPrompt('database', "Enter the database name", true); -$host = getOptionOrPrompt('host', "Enter the database host", true, 'localhost'); -if (empty($host)) $host = "localhost"; -$username = getOptionOrPrompt('username', "Enter the database username", true); -$password = getOptionOrPrompt('password', "Enter the database password", true); - -// Base URL -$base_url = getOptionOrPrompt('base-url', "Enter the base URL (e.g. example.com/itflow)", true); -$base_url = rtrim($base_url, '/'); - -// Locale, Timezone, Currency -echo "\n=== Localization ===\n"; -$locale = getOptionOrPrompt('locale', "Enter the locale (e.g. en_US)", true); -$timezone = getOptionOrPrompt('timezone', "Enter the timezone (e.g. UTC or America/New_York)", true); -$currency_code = getOptionOrPrompt('currency', "Enter the currency code (e.g. USD)", true); - -// Company Details -echo "\n=== Company Details ===\n"; -$company_name = getOptionOrPrompt('company-name', "Company Name", true); -$country = getOptionOrPrompt('country', "Country (e.g. United States)", true); -$address = getOptionOrPrompt('address', "Address (optional)", false); -$city = getOptionOrPrompt('city', "City (optional)", false); -$state = getOptionOrPrompt('state', "State/Province (optional)", false); -$zip = getOptionOrPrompt('zip', "Postal Code (optional)", false); -$phone = getOptionOrPrompt('phone', "Phone (optional)", false); -$phone = preg_replace("/[^0-9]/", '', $phone); -$company_email = getOptionOrPrompt('company-email', "Company Email (optional)", false); -$website = getOptionOrPrompt('website', "Website (optional)", false); - -// User Setup -echo "\n=== Create First User ===\n"; -$user_name = getOptionOrPrompt('user-name', "Full Name", true); -$user_email = getOptionOrPrompt('user-email', "Email Address", true); -while (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) { - echo "Invalid email.\n"; - if ($non_interactive) { - die("Invalid email address: $user_email\n"); - } - $user_email = prompt("Email Address"); -} -$user_password_plain = getOptionOrPrompt('user-password', "Password (at least 8 chars)", true); -if (strlen($user_password_plain) < 8) { - if ($non_interactive) { - die("Password must be at least 8 characters.\n"); - } - while (strlen($user_password_plain) < 8) { - echo "Password too short. Try again.\n"; - $user_password_plain = prompt("Password"); - } -} - -if (!preg_match('/^[a-zA-Z0-9.\-\/]+$/', $host)) { - die("Invalid host format.\n"); -} - -// Test Database -$conn = @mysqli_connect($host, $username, $password, $database); -if (!$conn) { - die("Database connection failed - " . mysqli_connect_error() . "\n"); -} - -$installation_id = randomString(32); - -$new_config = " "$installation_id", - 'company_name' => "$company_name_db", - 'website' => "$website_db", - 'city' => "$city_db", - 'state' => "$state_db", - 'country' => "$country_db", - 'currency' => "$currency_db", - 'comments' => "$comments", - 'collection_method' => 1 - ]); - - $opts = ['http' => - [ - 'method' => 'POST', - 'header' => 'Content-type: application/x-www-form-urlencoded', - 'content' => $postdata - ] - ]; - - $context = stream_context_create($opts); - $result = @file_get_contents('https://telemetry.itflow.org', false, $context); - echo "Telemetry response: $result\n"; - } -} - -// finalize config -$myfile = fopen("config.php", "a"); -$txt = "\$config_enable_setup = 0;\n\n"; -fwrite($myfile, $txt); -fclose($myfile); - -echo "\nSetup complete!\n"; -echo "You can now log in with the user you created at: https://$base_url/login.php\n"; - -exit(0); diff --git a/tickets.php b/tickets.php index 43e93ebc..b1d4f494 100644 --- a/tickets.php +++ b/tickets.php @@ -280,7 +280,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']); @@ -418,7 +418,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']); if (empty($contact_name)) { $contact_display = "-"; } else { - $contact_display = "$contact_name
    $contact_email"; + $contact_display = "$contact_name"; } // Get who last updated the ticket - to be shown in the last Response column diff --git a/update_cli.php b/update_cli.php deleted file mode 100644 index c8a19f70..00000000 --- a/update_cli.php +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/env php -&1", $output, $return_var); - exec("git reset --hard origin/master 2>&1", $output2, $return_var2); - echo implode("\n", $output) . "\n" . implode("\n", $output2) . "\n"; - } else { - // Perform a standard update (git pull) - exec("git pull 2>&1", $output, $return_var); - - // Check if the repository is already up to date - if (strpos(implode("\n", $output), 'Already up to date.') === false) { - echo implode("\n", $output) . "\n"; - echo "Update successful\n"; - } else { - // If already up-to-date, don't show the update success message - echo implode("\n", $output) . "\n"; - } - } -} - -// If "update_db" is requested -if (isset($options['update_db'])) { - require_once('includes/database_version.php'); - - $latest_db_version = LATEST_DATABASE_VERSION; - - // Fetch the current version from the database - $result = mysqli_query($mysqli, "SELECT config_current_database_version FROM settings LIMIT 1"); - $row = mysqli_fetch_assoc($result); - DEFINE("CURRENT_DATABASE_VERSION", $row['config_current_database_version']); - $old_db_version = $row['config_current_database_version']; - - // Now include the update logic - require_once('database_updates.php'); - - // After database_updates.php has done its job, fetch the updated current DB version again - $result = mysqli_query($mysqli, "SELECT config_current_database_version FROM settings LIMIT 1"); - $row = mysqli_fetch_assoc($result); - $new_db_version = $row['config_current_database_version']; - - if ($old_db_version !== $latest_db_version) { - echo "Database updated from version $old_db_version to $new_db_version.\n"; - echo "The latest database version is $latest_db_version.\n"; - } else { - echo "Database is already at the latest version ($latest_db_version). No updates were applied.\n"; - } -} diff --git a/user_details.php b/user_details.php index 496c8834..5483da47 100644 --- a/user_details.php +++ b/user_details.php @@ -14,7 +14,7 @@ require_once "includes/inc_all_user.php";
    - + "> Remove Avatar
    @@ -24,7 +24,7 @@ require_once "includes/inc_all_user.php";
    -
    +
    @@ -56,7 +56,7 @@ require_once "includes/inc_all_user.php";
    - +
    diff --git a/user_security.php b/user_security.php index 7c26d3c6..b32ae7bf 100644 --- a/user_security.php +++ b/user_security.php @@ -31,65 +31,20 @@ $remember_token_count = mysqli_num_rows($sql_remember_tokens); - - - -
    -
    -

    Mult-Factor Authentication

    -
    -
    -
    - +
    - + + + + -

    You have set up 2FA. Your QR code is below.

    - + Disable Multi-Factor Authentication +
    -
    - "; - - echo "

    $session_token

    "; - - } - - ?> -
    - - - - - - -
    -
    -
    -
    - -
    - -
    - -
    -
    -
    - - -
    @@ -121,4 +76,25 @@ $remember_token_count = mysqli_num_rows($sql_remember_tokens); {$_SESSION['alert_message']}"; + // Clear it so it doesn't persist on refresh + unset($_SESSION['alert_type']); + unset($_SESSION['alert_message']); +} + +// If the user just failed a TOTP verification, auto-open the modal: +if (!empty($_SESSION['show_mfa_modal'])) { + echo " + "; + unset($_SESSION['show_mfa_modal']); +} + require_once "includes/footer.php";
    - Subject / Tasks + Subject - Client / Contact + Client / Contact