Started updating href paths to absolute paths instead of relative paths as itflow should be installed in document root anyway and not a sub-directory

admin/includes/inc_all_admin.php

@@ -2,7 +2,6 @@
 
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 require_once "../includes/page_title.php";
 if (!isset($session_is_admin) || !$session_is_admin) {

agent/custom/includes/custom_side_nav.php

@@ -0,0 +1,45 @@
+<!-- Main Sidebar Container -->
+<aside class="main-sidebar sidebar-dark-primary d-print-none">
+
+    <a class="pb-1 mt-1 brand-link" href="../<?php echo $config_start_page ?>">
+        <p class="h5"><i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
+            <span class="brand-text ">Back | <strong>Custom</strong>
+        </p>
+    </a>
+
+    <!-- Sidebar -->
+    <div class="sidebar">
+
+        <!-- Sidebar Menu -->
+        <nav>
+
+            <ul class="nav nav-pills nav-sidebar flex-column mt-2" data-widget="treeview" data-accordion="false">
+
+                <li class="nav-header">CUSTOM HEADER</li>
+         
+                <li class="nav-item">
+                    <a href="index.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "index.php") { echo "active"; } ?>">
+                        <i class="far fa-circle nav-icon"></i>
+                        <p>custom</p>
+                    </a>
+                </li>
+        
+            </ul>
+
+        </nav>
+        <!-- /.sidebar-menu -->
+
+        <div class="sidebar-custom mb-3">
+
+        </div>
+
+    </div>
+    <!-- /.sidebar -->
+</aside>
+
+
+
+
+
+
+

agent/custom/includes/inc_all_custom.php

@@ -0,0 +1,13 @@
+<?php
+
+require_once "../../config.php";
+require_once "../../functions.php";
+require_once "../../includes/check_login.php";
+require_once "../../includes/page_title.php";
+require_once "../../includes/header.php";
+require_once "../../includes/top_nav.php";
+require_once "includes/custom_side_nav.php";
+require_once "../../includes/inc_wrapper.php";
+require_once "../../includes/inc_alert_feedback.php";
+require_once "../../includes/filter_header.php";
+

agent/custom/index.php

@@ -1,4 +1,4 @@
-<?php require_once "includes/inc_all.php"; ?>
+<?php require_once "includes/inc_all_custom.php"; ?>
 
     <!-- Breadcrumbs-->
     <ol class="breadcrumb">
@@ -69,4 +69,4 @@ echo "Current Date and Time: <strong>$date_time</strong>";
 
 <script>toastr.success('Have Fun Wozz!!')</script>
 
-<?php require_once "../includes/footer.php";
+<?php require_once "../../includes/footer.php";

agent/custom/post.php

@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * ITFlow - User GET/POST request handler
+ */
+
+require_once "../../config.php";
+require_once "../../functions.php";
+require_once "../../includes/check_login.php";
+
+// Define a variable that we can use to only allow running post files via inclusion (prevents people/bots poking them)
+define('FROM_POST_HANDLER', true);
+
+
+// Determine which files we should load
+
+// Parse URL & get the path
+$path = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
+
+// Get the base name (the page name)
+$module = explode(".", basename($path))[0];
+
+// Strip off any _details bits
+$module = str_ireplace('_details', '', $module);
+
+// Dynamically load admin-related module POST logic
+
+// Load all module POST logic
+//  Loads everything in post/user/
+//  Eventually, it would be nice to only specifically load what we need like we do for admins
+
+foreach (glob("post/*.php") as $user_module) {
+    if (!preg_match('/_model\.php$/', basename($user_module))) {
+        require_once $user_module;
+    }
+}
+
+
+// Logout is the same for user and admin
+require_once "../../post/logout.php";
+
+// TODO: Find a home for these
+
+require_once "../../post/ai.php";
+require_once "../../post/misc.php";
+

agent/custom/readme.php

@@ -1,9 +0,0 @@
-<?php
-
-/*
-
-- Custom Pages -
-
-    If you wish to add custom pages to ITFlow, add them to this directory"
-
-*/

agent/includes/inc_all.php

@@ -2,7 +2,6 @@
 // Configuration & core
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 
 // Page setup

agent/includes/inc_all_client.php

@@ -2,7 +2,6 @@
 
 require_once "../config.php";
 require_once "../functions.php";
-require_once "../includes/router.php";
 require_once "../includes/check_login.php";
 require_once "../includes/page_title.php";
 

agent/reports/includes/inc_all_reports.php

@@ -2,7 +2,6 @@
 
 require_once "../../config.php";
 require_once "../../functions.php";
-require_once "../../includes/router.php";
 require_once "../../includes/check_login.php";
 require_once "../../includes/page_title.php";
 // Reporting Perms

agent/reports/includes/reports_side_nav.php

@@ -1,7 +1,7 @@
 <!-- Main Sidebar Container -->
 <aside class="main-sidebar sidebar-dark-primary d-print-none">
 
-    <a class="pb-1 mt-1 brand-link" href="../../agent/<?php echo $config_start_page ?>">
+    <a class="pb-1 mt-1 brand-link" href="../<?php echo $config_start_page ?>">
         <p class="h5"><i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
             <span class="brand-text ">Back | <strong>Reports</strong>
         </p>

agent/user/includes/inc_all_user.php

@@ -2,7 +2,6 @@
 
 require_once "../../config.php";
 require_once "../../functions.php";
-require_once "../../includes/router.php";
 require_once "../../includes/check_login.php";
 require_once "../../includes/page_title.php";
 require_once "../../includes/header.php";

includes/auth_check.php

@@ -3,9 +3,9 @@
 // Check user is logged in with a valid session
 if (!isset($_SESSION['logged']) || !$_SESSION['logged']) {
     if ($_SERVER["REQUEST_URI"] == "/") {
-        header("Location: ../login.php");
+        header("Location: /login.php");
     } else {
-        header("Location: ../login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
+        header("Location: /login.php?last_visited=" . base64_encode($_SERVER["REQUEST_URI"]) );
     }
     exit;
 }

includes/footer.php

@@ -19,27 +19,27 @@ if (basename(dirname($_SERVER['REQUEST_URI'])) === 'admin') { ?>
 <!-- REQUIRED SCRIPTS -->
 
 <!-- Bootstrap 4 -->
-<script src="../../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
+<script src="/plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
 
 <!-- Custom js-->
-<script src="../../plugins/moment/moment.min.js"></script>
-<script src="../../plugins/chart.js/chart.umd.min.js"></script>
-<script src="../../plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
-<script src="../../plugins/daterangepicker/daterangepicker.js"></script>
-<script src="../../plugins/select2/js/select2.min.js"></script>
-<script src="../../plugins/inputmask/jquery.inputmask.min.js"></script>
-<script src="../../plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
-<script src="../../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
-<script src="../../plugins/clipboardjs/clipboard.min.js"></script>
-<script src="../../js/keepalive.js"></script>
-<script src="../../plugins/DataTables/datatables.min.js"></script>
-<script src="../../plugins/intl-tel-input/js/intlTelInput.min.js"></script>
+<script src="/plugins/moment/moment.min.js"></script>
+<script src="/plugins/chart.js/chart.umd.min.js"></script>
+<script src="/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js"></script>
+<script src="/plugins/daterangepicker/daterangepicker.js"></script>
+<script src="/plugins/select2/js/select2.min.js"></script>
+<script src="/plugins/inputmask/jquery.inputmask.min.js"></script>
+<script src="/plugins/tinymce/tinymce.min.js" referrerpolicy="origin"></script>
+<script src="/plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
+<script src="/plugins/clipboardjs/clipboard.min.js"></script>
+<script src="/js/keepalive.js"></script>
+<script src="/plugins/DataTables/datatables.min.js"></script>
+<script src="/plugins/intl-tel-input/js/intlTelInput.min.js"></script>
 
 <!-- AdminLTE App -->
-<script src="../../plugins/adminlte/js/adminlte.min.js"></script>
-<script src="../../js/app.js"></script>
-<script src="../../js/ajax_modal.js"></script>
-<script src="../../js/confirm_modal.js"></script>
+<script src="/plugins/adminlte/js/adminlte.min.js"></script>
+<script src="/js/app.js"></script>
+<script src="/js/ajax_modal.js"></script>
+<script src="/js/confirm_modal.js"></script>
 
 </body>
 </html>

includes/header.php

@@ -19,27 +19,27 @@ header("X-Frame-Options: DENY");
     <title><?= $session_company_name; ?></title>
 
     <!-- Favicon -->
-    <?php if(file_exists('../uploads/favicon.ico')): ?>
-        <link rel="icon" type="image/x-icon" href="../../uploads/favicon.ico">
+    <?php if(file_exists(__DIR__ . '../uploads/favicon.ico')): ?>
+        <link rel="icon" type="image/x-icon" href="/uploads/favicon.ico">
     <?php endif; ?>
 
     <!-- Font Awesome -->
-    <link rel="stylesheet" href="../../plugins/fontawesome-free/css/all.min.css">
+    <link rel="stylesheet" href="/plugins/fontawesome-free/css/all.min.css">
 
     <!-- Custom Styles -->
-    <link href="../../plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
-    <link href="../../plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
-    <link href="../../plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
-    <link href="../../plugins/daterangepicker/daterangepicker.css" rel="stylesheet">
-    <link href="../../plugins/toastr/toastr.min.css" rel="stylesheet">
-    <link href="../../plugins/DataTables/datatables.min.css" rel="stylesheet">
-    <link href="../../plugins/intl-tel-input/css/intlTelInput.min.css" rel="stylesheet">
-    <link href="../../css/itflow_custom.css" rel="stylesheet">
-    <link rel="stylesheet" href="../../plugins/adminlte/css/adminlte.min.css">
+    <link href="/plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
+    <link href="/plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
+    <link href="/plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
+    <link href="/plugins/daterangepicker/daterangepicker.css" rel="stylesheet">
+    <link href="/plugins/toastr/toastr.min.css" rel="stylesheet">
+    <link href="/plugins/DataTables/datatables.min.css" rel="stylesheet">
+    <link href="/plugins/intl-tel-input/css/intlTelInput.min.css" rel="stylesheet">
+    <link href="/css/itflow_custom.css" rel="stylesheet">
+    <link rel="stylesheet" href="/plugins/adminlte/css/adminlte.min.css">
 
     <!-- Scripts -->
-    <script src="../../plugins/jquery/jquery.min.js"></script>
-    <script src="../../plugins/toastr/toastr.min.js"></script>
+    <script src="/plugins/jquery/jquery.min.js"></script>
+    <script src="/plugins/toastr/toastr.min.js"></script>
 </head>
 <body class="
     hold-transition sidebar-mini layout-fixed layout-navbar-fixed 

includes/inc_debug.php

@@ -1,5 +0,0 @@
-<?php
-
-ini_set('display_errors', 1);
-ini_set('display_startup_errors', 1);
-error_reporting(E_ALL);

includes/load_user_session.php

@@ -29,8 +29,7 @@ $user_config_theme_dark = intval($row['user_config_theme_dark']);
 if ($session_user_type !== 1) {
     session_unset();
     session_destroy();
-    header("Location: ../login.php");
-    exit;
+    redirect("/client/login.php");
 }
 
 // Load user client permissions

includes/modal_footer.php

@@ -1,5 +1,5 @@
-<script src="../../../js/app.js"></script>
-<script src="../../../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
+<script src="/js/app.js"></script>
+<script src="/plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
 
 <?php
     $content = ob_get_clean();

includes/page_title.php

@@ -5,18 +5,7 @@
 // Get the current page name without the .php extension
 $page_title = basename($_SERVER['PHP_SELF'], '.php');
 
-// Remove 'client_' from the page name
-$page_title = str_replace('client_', '', $page_title);
-
-// Remove 'report_' from the page name
-$page_title = str_replace('report_', '', $page_title);
-
-// Remove 'admin_' from the page name
-$page_title = str_replace('admin_', '', $page_title);
-
-// Remove 'admin_' from the page name
-$page_title = str_replace('settings_', '', $page_title);
-
+// Lets make the Page title look pretty
 // Replace any underscores with spaces
 $page_title = str_replace('_', ' ', $page_title);
 

includes/redirect_if_setup_enabled.php

@@ -1,6 +1,5 @@
 <?php
 
 if (!isset($config_enable_setup) || $config_enable_setup == 1) {
-    header("Location: /setup");
-    exit;
+    redirect("/setup");
 }

includes/router.php

@@ -1,8 +0,0 @@
-<?php
-
-// URI Router
-// Currently unused, but the idea is to dynamically prepend ../../ to asset paths (like includes, libraries, etc.)
-// based on the current directory depth. This allows us to support deeply nested folder structures.
-
-$depth = min(substr_count(trim($_SERVER['REQUEST_URI'], '/'), '/'), 3);
-$path_prefix = str_repeat('../', $depth);

includes/top_nav.php

@@ -12,7 +12,7 @@
     <ul class="navbar-nav ml-auto">
 
         <!-- SEARCH FORM -->
-        <form class="form-inline" action="../../agent/global_search.php">
+        <form class="form-inline" action="/agent/global_search.php">
             <div class="input-group input-group-sm">
                 <input class="form-control form-control-navbar" type="search" placeholder="Search everywhere" name="query"
                     value="<?php if (isset($_GET['query'])) { echo nullable_htmlentities($_GET['query']); } ?>">
@@ -64,7 +64,7 @@
         ?>
 
         <li class="nav-item">
-            <a class="nav-link ajax-modal" href="#" data-modal-url="../../modals/notifications.php">
+            <a class="nav-link ajax-modal" href="#" data-modal-url="/modals/notifications.php">
                 <i class="fas fa-bell"></i>
                 <?php if ($num_notifications) { ?>
                 <span class="badge badge-light badge-pill navbar-badge position-absolute" style="top: 1px; right: 3px;">
@@ -79,7 +79,7 @@
                 <?php if (empty($session_avatar)) { ?>
                 <i class="fas fa-user-circle mr-1"></i>
                 <?php }else{ ?>
-                <img src="<?php echo "../../uploads/users/$session_user_id/$session_avatar"; ?>"
+                <img src="<?php echo "/uploads/users/$session_user_id/$session_avatar"; ?>"
                     class="user-image img-circle">
                 <?php } ?>
                 <span
@@ -92,7 +92,7 @@
                     <i class="fas fa-user-circle fa-6x"></i>
                     <?php }else{ ?>
 
-                    <img src="<?php echo "../../uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
+                    <img src="<?php echo "/uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
                     <?php } ?>
                     <p>
                         <?php echo stripslashes(nullable_htmlentities($session_name)); ?>
@@ -102,10 +102,10 @@
                 <!-- Menu Footer-->
                 <li class="user-footer">
                     <?php if ($session_is_admin) { ?>
-                        <a href="../../admin" class="btn btn-default btn-block btn-flat mb-2"><i class="fas fa-user-shield mr-2"></i>Administration</a>
+                        <a href="/admin" class="btn btn-default btn-block btn-flat mb-2"><i class="fas fa-user-shield mr-2"></i>Administration</a>
                     <?php } ?>
-                    <a href="../../agent/user/user_details.php" class="btn btn-default btn-flat"><i class="fas fa-user-cog mr-2"></i>Account</a>
-                    <a href="post.php?logout" class="btn btn-default btn-flat float-right"><i class="fas fa-sign-out-alt mr-2"></i>Logout</a>
+                    <a href="/agent/user/user_details.php" class="btn btn-default btn-flat"><i class="fas fa-user-cog mr-2"></i>Account</a>
+                    <a href="/agent/post.php?logout" class="btn btn-default btn-flat float-right"><i class="fas fa-sign-out-alt mr-2"></i>Logout</a>
                 </li>
             </ul>
         </li>

login.php

@@ -4,7 +4,7 @@
 header("Content-Security-Policy: default-src 'self'");
 
 if (!file_exists('config.php')) {
-    redirect("setup");
+    header("Location: /setup"); //must use header instead of redirect as functions isnt included yet.
 }
 
 require_once "config.php";

modals/notifications.php

@@ -81,16 +81,16 @@ ob_start();
 <div class="modal-footer">
     <?php if ($num_notifications) { ?>
     
-    <a href="post.php?dismiss_all_notifications&csrf_token=<?php echo $_SESSION[
+    <a href="/agent/post.php?dismiss_all_notifications&csrf_token=<?php echo $_SESSION[
         "csrf_token"
     ]; ?>" class="btn btn-primary">
         <span class="text-white text-bold"><i class="fas fa-check mr-2"></i>Dismiss all</span>
     </a>
-    <a href="../../agent/notifications.php" class="btn btn-secondary">
+    <a href="/agent/notifications.php" class="btn btn-secondary">
         <span class="text-white">See all Notifications</span>
     </a>
     <?php } else { ?>
-    <a href="../../agent/notifications.php?dismissed" class="btn btn-dark">
+    <a href="/agent/notifications.php?dismissed" class="btn btn-dark">
         <span class="text-white text-bold">See Dismissed Notifications</span>
     </a>
     <?php } ?>