AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Completely renamed everything login to credential including tables added cascading deletion to the multi to multi tables

This commit is contained in:
johnnyq 2025-03-12 21:28:50 -04:00
parent c0db914213
commit e93704bbdb
32 changed files with 890 additions and 788 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
ajax.php
View File

@ -165,7 +165,7 @@ if (isset($_GET['ticket_query_views'])) {
}
/*
* Generates public/guest links for sharing logins/docs
* Generates public/guest links for sharing credentials/docs
*/
if (isset($_GET['share_generate_link'])) {
enforceUserPermission('module_support', 2);
@ -207,23 +207,23 @@ if (isset($_GET['share_generate_link'])) {
$item_name = sanitizeInput($row['file_name']);
}
if ($item_type == "Login") {
$login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = $item_id AND login_client_id = $client_id LIMIT 1");
$row = mysqli_fetch_array($login);
if ($item_type == "Credential") {
$credential = mysqli_query($mysqli, "SELECT credential_name, credential_username, credential_password FROM credentials WHERE credential_id = $item_id AND credential_client_id = $client_id LIMIT 1");
$row = mysqli_fetch_array($credential);
$item_name = sanitizeInput($row['login_name']);
$item_name = sanitizeInput($row['credential_name']);
// Decrypt & re-encrypt username/password for sharing
$login_encryption_key = randomString();
$credential_encryption_key = randomString();
$login_username_cleartext = decryptLoginEntry($row['login_username']);
$credential_username_cleartext = decryptCredentialEntry($row['credential_username']);
$iv = randomString();
$username_ciphertext = openssl_encrypt($login_username_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
$username_ciphertext = openssl_encrypt($credential_username_cleartext, 'aes-128-cbc', $credential_encryption_key, 0, $iv);
$item_encrypted_username = $iv . $username_ciphertext;
$login_password_cleartext = decryptLoginEntry($row['login_password']);
$credential_password_cleartext = decryptCredentialEntry($row['credential_password']);
$iv = randomString();
$password_ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
$password_ciphertext = openssl_encrypt($credential_password_cleartext, 'aes-128-cbc', $credential_encryption_key, 0, $iv);
$item_encrypted_credential = $iv . $password_ciphertext;
}
@ -232,8 +232,8 @@ if (isset($_GET['share_generate_link'])) {
$share_id = $mysqli->insert_id;
// Return URL
if ($item_type == "Login") {
$url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
if ($item_type == "Credential") {
$url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key&ek=$credential_encryption_key";
}
else {
$url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key";
@ -333,24 +333,24 @@ if (isset($_GET['get_client_contacts'])) {
if (isset($_GET['get_totp_token_via_id'])) {
enforceUserPermission('module_credential');
$login_id = intval($_GET['login_id']);
$credential_id = intval($_GET['credential_id']);
$sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT login_name, login_otp_secret, login_client_id FROM logins WHERE login_id = $login_id"));
$name = sanitizeInput($sql['login_name']);
$totp_secret = $sql['login_otp_secret'];
$client_id = intval($sql['login_client_id']);
$sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT credential_name, credential_otp_secret, credential_client_id FROM credentials WHERE credential_id = $credential_id"));
$name = sanitizeInput($sql['credential_name']);
$totp_secret = $sql['credential_otp_secret'];
$client_id = intval($sql['credential_client_id']);
$otp = TokenAuth6238::getTokenCode(strtoupper($totp_secret));
echo json_encode($otp);
// Logging
// Only log the TOTP view if the user hasn't already viewed this specific login entry recently, this prevents logs filling if a user hovers across an entry a few times
$check_recent_totp_view_logged_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS recent_totp_view FROM logs WHERE log_type = 'Login' AND log_action = 'View TOTP' AND log_user_id = $session_user_id AND log_entity_id = $login_id AND log_client_id = $client_id AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$check_recent_totp_view_logged_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS recent_totp_view FROM logs WHERE log_type = 'Credential' AND log_action = 'View TOTP' AND log_user_id = $session_user_id AND log_entity_id = $credential_id AND log_client_id = $client_id AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
$recent_totp_view_logged_count = intval($check_recent_totp_view_logged_sql['recent_totp_view']);
if ($recent_totp_view_logged_count == 0) {
// Logging
logAction("Credential", "View TOTP", "$session_name viewed credential TOTP code for $name", $client_id, $login_id);
logAction("Credential", "View TOTP", "$session_name viewed credential TOTP code for $name", $client_id, $credential_id);
}
}

121
ajax/ajax_asset_details.php
View File

@ -111,24 +111,24 @@ $interface_count = mysqli_num_rows($sql_related_interfaces);
// Related Credentials Query
$sql_related_credentials = mysqli_query($mysqli, "
SELECT
logins.login_id AS login_id,
logins.login_name,
logins.login_description,
logins.login_uri,
logins.login_username,
logins.login_password,
logins.login_otp_secret,
logins.login_note,
logins.login_important,
logins.login_contact_id,
logins.login_asset_id
FROM logins
LEFT JOIN login_tags ON login_tags.login_id = logins.login_id
LEFT JOIN tags ON tags.tag_id = login_tags.tag_id
WHERE login_asset_id = $asset_id
AND login_archived_at IS NULL
GROUP BY logins.login_id
ORDER BY login_name DESC
credentials.credential_id AS credential_id,
credentials.credential_name,
credentials.credential_description,
credentials.credential_uri,
credentials.credential_username,
credentials.credential_password,
credentials.credential_otp_secret,
credentials.credential_note,
credentials.credential_important,
credentials.credential_contact_id,
credentials.credential_asset_id
FROM credentials
LEFT JOIN credential_tags ON credential_tags.credential_id = credentials.credential_id
LEFT JOIN tags ON tags.tag_id = credential_tags.tag_id
WHERE credential_asset_id = $asset_id
AND credential_archived_at IS NULL
GROUP BY credentials.credential_id
ORDER BY credential_name DESC
");
$credential_count = mysqli_num_rows($sql_related_credentials);
@ -452,68 +452,68 @@ ob_start();
<?php
while ($row = mysqli_fetch_array($sql_related_credentials)) {
$login_id = intval($row['login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) {
$login_uri_display = "-";
$credential_id = intval($row['credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
if (empty($credential_uri)) {
$credential_uri_display = "-";
} else {
$login_uri_display = "$login_uri";
$credential_uri_display = "$credential_uri";
}
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) {
$login_username_display = "-";
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
if (empty($credential_username)) {
$credential_username_display = "-";
} else {
$login_username_display = "$login_username";
$credential_username_display = "$credential_username";
}
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"';
if (empty($credential_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTPViaCredentialID($credential_id)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_note = nullable_htmlentities($row['login_note']);
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$login_asset_id = intval($row['login_asset_id']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_important = intval($row['credential_important']);
$credential_contact_id = intval($row['credential_contact_id']);
$credential_asset_id = intval($row['credential_asset_id']);
// Tags
$login_tag_name_display_array = array();
$login_tag_id_array = array();
$sql_login_tags = mysqli_query($mysqli, "SELECT * FROM login_tags LEFT JOIN tags ON login_tags.tag_id = tags.tag_id WHERE login_id = $login_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_login_tags)) {
$credential_tag_name_display_array = array();
$credential_tag_id_array = array();
$sql_credential_tags = mysqli_query($mysqli, "SELECT * FROM credential_tags LEFT JOIN tags ON credential_tags.tag_id = tags.tag_id WHERE credential_id = $credential_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_credential_tags)) {
$login_tag_id = intval($row['tag_id']);
$login_tag_name = nullable_htmlentities($row['tag_name']);
$login_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($login_tag_color)) {
$login_tag_color = "dark";
$credential_tag_id = intval($row['tag_id']);
$credential_tag_name = nullable_htmlentities($row['tag_name']);
$credential_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($credential_tag_color)) {
$credential_tag_color = "dark";
}
$login_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($login_tag_icon)) {
$login_tag_icon = "tag";
$credential_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($credential_tag_icon)) {
$credential_tag_icon = "tag";
}
$login_tag_id_array[] = $login_tag_id;
$login_tag_name_display_array[] = "<a href='client_logins.php?client_id=$client_id&tags[]=$login_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $login_tag_color;'><i class='fa fa-fw fa-$login_tag_icon mr-2'></i>$login_tag_name</span></a>";
$credential_tag_id_array[] = $credential_tag_id;
$credential_tag_name_display_array[] = "<a href='credentials.php?client_id=$client_id&tags[]=$credential_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $credential_tag_color;'><i class='fa fa-fw fa-$credential_tag_icon mr-2'></i>$credential_tag_name</span></a>";
}
$login_tags_display = implode('', $login_tag_name_display_array);
$credential_tags_display = implode('', $credential_tag_name_display_array);
?>
<tr>
<td>
<i class="fa fa-fw fa-key text-secondary"></i>
<?php echo $login_name; ?>
<?php echo $credential_name; ?>
</td>
<td><?php echo $login_username_display; ?></td>
<td><?php echo $credential_username_display; ?></td>
<td>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $credential_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button>
</td>
<td><?php echo $otp_display; ?></td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $credential_uri_display; ?></td>
</tr>
<?php
@ -526,7 +526,7 @@ ob_start();
</table>
</div>
</div>
<!-- Include script to get TOTP code via the login ID -->
<!-- Include script to get TOTP code via the credentials ID -->
<script src="js/credential_show_otp_via_id.js"></script>
<?php } ?>
@ -685,11 +685,6 @@ ob_start();
$seat_count = 0;
// Get Login
$login_id = intval($row['login_id']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
// Asset Licenses
$asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id");
$asset_licenses_array = array();

110
ajax/ajax_contact_details.php
View File

@ -51,21 +51,21 @@ $software_count = mysqli_num_rows($sql_linked_software);
$linked_software = array();
// Related Logins Query 1 to 1 relationship
$sql_related_logins = mysqli_query($mysqli, "
// Related Credentials Query 1 to 1 relationship
$sql_related_credentials = mysqli_query($mysqli, "
SELECT
logins.login_id AS logins_login_id, -- Alias for logins.login_id
logins.*, -- All other columns from logins
login_tags.*, -- All columns from login_tags
credentials.credential_id AS credentials_credential_id, -- Alias for credentials.credential_id
credentials.*, -- All other columns from credentials
credential_tags.*, -- All columns from credential_tags
tags.* -- All columns from tags
FROM logins
LEFT JOIN login_tags ON login_tags.login_id = logins.login_id
LEFT JOIN tags ON tags.tag_id = login_tags.tag_id
WHERE login_contact_id = $contact_id
GROUP BY logins.login_id
ORDER BY login_name DESC
FROM credentials
LEFT JOIN credential_tags ON credential_tags.credential_id = credentials.credential_id
LEFT JOIN tags ON tags.tag_id = credential_tags.tag_id
WHERE credential_contact_id = $contact_id
GROUP BY credentials.credential_id
ORDER BY credential_name DESC
");
$credential_count = mysqli_num_rows($sql_related_logins);
$credential_count = mysqli_num_rows($sql_related_credentials);
// Related Tickets Query - 1 to 1 relationship
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets
@ -418,68 +418,68 @@ ob_start();
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_related_logins)) {
$login_id = intval($row['logins_login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) {
$login_uri_display = "-";
while ($row = mysqli_fetch_array($sql_related_credentials)) {
$credential_id = intval($row['logins_credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
if (empty($credential_uri)) {
$credential_uri_display = "-";
} else {
$login_uri_display = "$login_uri";
$credential_uri_display = "$credential_uri";
}
$login_uri_2 = nullable_htmlentities($row['login_uri_2']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) {
$login_username_display = "-";
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
if (empty($credential_username)) {
$credential_username_display = "-";
} else {
$login_username_display = "$login_username";
$credential_username_display = "$credential_username";
}
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"';
if (empty($credential_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTPViaCredentialID($credential_id)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_note = nullable_htmlentities($row['login_note']);
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$login_asset_id = intval($row['login_asset_id']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_important = intval($row['credential_important']);
$credential_contact_id = intval($row['credential_contact_id']);
$credential_asset_id = intval($row['credential_asset_id']);
// Tags
$login_tag_name_display_array = array();
$login_tag_id_array = array();
$sql_login_tags = mysqli_query($mysqli, "SELECT * FROM login_tags LEFT JOIN tags ON login_tags.tag_id = tags.tag_id WHERE login_id = $login_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_login_tags)) {
$credential_tag_name_display_array = array();
$credential_tag_id_array = array();
$sql_credential_tags = mysqli_query($mysqli, "SELECT * FROM credential_tags LEFT JOIN tags ON credential_tags.tag_id = tags.tag_id WHERE credential_id = $credential_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_credential_tags)) {
$login_tag_id = intval($row['tag_id']);
$login_tag_name = nullable_htmlentities($row['tag_name']);
$login_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($login_tag_color)) {
$login_tag_color = "dark";
$credential_tag_id = intval($row['tag_id']);
$credential_tag_name = nullable_htmlentities($row['tag_name']);
$credential_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($credential_tag_color)) {
$credential_tag_color = "dark";
}
$login_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($login_tag_icon)) {
$login_tag_icon = "tag";
$credential_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($credential_tag_icon)) {
$credential_tag_icon = "tag";
}
$login_tag_id_array[] = $login_tag_id;
$login_tag_name_display_array[] = "<a href='client_logins.php?client_id=$client_id&tags[]=$login_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $login_tag_color;'><i class='fa fa-fw fa-$login_tag_icon mr-2'></i>$login_tag_name</span></a>";
$credential_tag_id_array[] = $credential_tag_id;
$credential_tag_name_display_array[] = "<a href='credentials.php?client_id=$client_id&tags[]=$credential_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $credential_tag_color;'><i class='fa fa-fw fa-$credential_tag_icon mr-2'></i>$credential_tag_name</span></a>";
}
$login_tags_display = implode('', $login_tag_name_display_array);
$credential_tags_display = implode('', $credential_tag_name_display_array);
?>
<tr>
<td><i class="fa fa-fw fa-key text-secondary mr-2"></i><?php echo $login_name; ?></td>
<td><?php echo $login_description; ?></td>
<td><?php echo $login_username_display; ?></td>
<td><i class="fa fa-fw fa-key text-secondary mr-2"></i><?php echo $credential_name; ?></td>
<td><?php echo $credential_description; ?></td>
<td><?php echo $credential_username_display; ?></td>
<td>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $credential_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button>
</td>
<td><?php echo $otp_display; ?></td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $credential_uri_display; ?></td>
</tr>
<?php
@ -492,7 +492,7 @@ ob_start();
</table>
</div>
</div>
<!-- Include script to get TOTP code via the login ID -->
<!-- Include script to get TOTP code via the credential ID -->
<script src="js/credential_show_otp_via_id.js"></script>
<?php } ?>

99
ajax/ajax_credential_edit.php
View File

@ -2,33 +2,32 @@
require_once '../includes/ajax_header.php';
$login_id = intval($_GET['id']);
$credential_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $login_id LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['login_client_id']);
$login_id = intval($row['login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
$login_uri_2 = nullable_htmlentities($row['login_uri_2']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_note = nullable_htmlentities($row['login_note']);
$login_created_at = nullable_htmlentities($row['login_created_at']);
$login_archived_at = nullable_htmlentities($row['login_archived_at']);
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$login_asset_id = intval($row['login_asset_id']);
$client_id = intval($row['credential_client_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_created_at = nullable_htmlentities($row['credential_created_at']);
$credential_archived_at = nullable_htmlentities($row['credential_archived_at']);
$credential_important = intval($row['credential_important']);
$credential_contact_id = intval($row['credential_contact_id']);
$credential_asset_id = intval($row['credential_asset_id']);
// Tags
$login_tag_id_array = array();
$sql_login_tags = mysqli_query($mysqli, "SELECT tag_id FROM login_tags WHERE login_id = $login_id");
while ($row = mysqli_fetch_array($sql_login_tags)) {
$login_tag_id = intval($row['tag_id']);
$login_tag_id_array[] = $login_tag_id;
$credential_tag_id_array = array();
$sql_credential_tags = mysqli_query($mysqli, "SELECT tag_id FROM credential_tags WHERE credential_id = $credential_id");
while ($row = mysqli_fetch_array($sql_credential_tags)) {
$credential_tag_id = intval($row['tag_id']);
$credential_tag_id_array[] = $credential_tag_id;
}
// Generate the HTML form content using output buffering.
@ -36,26 +35,26 @@ ob_start();
?>
<div class="modal-header">
<h5 class="modal-title"><i class='fas fa-fw fa-key mr-2'></i>Editing credential: <strong><?php echo $login_name; ?></strong></h5>
<h5 class="modal-title"><i class='fas fa-fw fa-key mr-2'></i>Editing credential: <strong><?php echo $credential_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="login_id" value="<?php echo $login_id; ?>">
<input type="hidden" name="credential_id" value="<?php echo $credential_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-login-details<?php echo $login_id; ?>">Details</a>
<a class="nav-link active" data-toggle="pill" href="#pills-credential-details<?php echo $credential_id; ?>">Details</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-login-relation<?php echo $login_id; ?>">Relation</a>
<a class="nav-link" data-toggle="pill" href="#pills-credential-relation<?php echo $credential_id; ?>">Relation</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-login-notes<?php echo $login_id; ?>">Notes</a>
<a class="nav-link" data-toggle="pill" href="#pills-credential-notes<?php echo $credential_id; ?>">Notes</a>
</li>
</ul>
@ -63,7 +62,7 @@ ob_start();
<div class="tab-content" <?php if (lookupUserPermission('module_credential') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-login-details<?php echo $login_id; ?>">
<div class="tab-pane fade show active" id="pills-credential-details<?php echo $credential_id; ?>">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong> / <span class="text-secondary">Important?</span></label>
@ -71,10 +70,10 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Login" maxlength="200" value="<?php echo $login_name; ?>" required>
<input type="text" class="form-control" name="name" placeholder="Name of Credential" maxlength="200" value="<?php echo $credential_name; ?>" required>
<div class="input-group-append">
<div class="input-group-text">
<input type="checkbox" name="important" value="1" <?php if ($login_important == 1) { echo "checked"; } ?>>
<input type="checkbox" name="important" value="1" <?php if ($credential_important == 1) { echo "checked"; } ?>>
</div>
</div>
</div>
@ -86,7 +85,7 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-angle-right"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description" value="<?php echo $login_description; ?>">
<input type="text" class="form-control" name="description" placeholder="Description" value="<?php echo $credential_description; ?>">
</div>
</div>
@ -96,7 +95,7 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<input type="text" class="form-control" name="username" placeholder="Username or ID" maxlength="350" value="<?php echo $login_username; ?>">
<input type="text" class="form-control" name="username" placeholder="Username or ID" maxlength="350" value="<?php echo $credential_username; ?>">
</div>
</div>
@ -106,12 +105,12 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="password" placeholder="Password or Key" maxlength="350" value="<?php echo $login_password; ?>" required autocomplete="new-password">
<input type="password" class="form-control" data-toggle="password" name="password" placeholder="Password or Key" maxlength="350" value="<?php echo $credential_password; ?>" required autocomplete="new-password">
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
<div class="input-group-append">
<button class="btn btn-default clipboardjs" type="button" data-clipboard-text="<?php echo $login_password; ?>"><i class="fa fa-fw fa-copy"></i></button>
<button class="btn btn-default clipboardjs" type="button" data-clipboard-text="<?php echo $credential_password; ?>"><i class="fa fa-fw fa-copy"></i></button>
</div>
</div>
</div>
@ -122,7 +121,7 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="otp_secret" maxlength="200" value="<?php echo $login_otp_secret; ?>" placeholder="Insert secret key">
<input type="password" class="form-control" data-toggle="password" name="otp_secret" maxlength="200" value="<?php echo $credential_otp_secret; ?>" placeholder="Insert secret key">
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
@ -135,13 +134,13 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-link"></i></span>
</div>
<input type="text" class="form-control" name="uri" placeholder="ex. http://192.168.1.1" maxlength="500" value="<?php echo $login_uri; ?>">
<input type="text" class="form-control" name="uri" placeholder="ex. http://192.168.1.1" maxlength="500" value="<?php echo $credential_uri; ?>">
<div class="input-group-append">
<a href="<?php echo $login_uri; ?>" class="input-group-text"><i class="fa fa-fw fa-link"></i></a>
<a href="<?php echo $credential_uri; ?>" class="input-group-text"><i class="fa fa-fw fa-link"></i></a>
</div>
<div class="input-group-append">
<button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $login_uri; ?>"><i class="fa fa-fw fa-copy"></i></button>
<button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $credential_uri; ?>"><i class="fa fa-fw fa-copy"></i></button>
</div>
</div>
</div>
@ -152,19 +151,19 @@ ob_start();
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-link"></i></span>
</div>
<input type="text" class="form-control" name="uri_2" placeholder="ex. https://server.company.com:5001" maxlength="500" value="<?php echo $login_uri_2; ?>">
<input type="text" class="form-control" name="uri_2" placeholder="ex. https://server.company.com:5001" maxlength="500" value="<?php echo $credential_uri_2; ?>">
<div class="input-group-append">
<a href="<?php echo $login_uri_2; ?>" class="input-group-text"><i class="fa fa-fw fa-link"></i></a>
<a href="<?php echo $credential_uri_2; ?>" class="input-group-text"><i class="fa fa-fw fa-link"></i></a>
</div>
<div class="input-group-append">
<button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $login_uri_2; ?>"><i class="fa fa-fw fa-copy"></i></button>
<button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $credential_uri_2; ?>"><i class="fa fa-fw fa-copy"></i></button>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="pills-login-relation<?php echo $login_id; ?>">
<div class="tab-pane fade" id="pills-credential-relation<?php echo $credential_id; ?>">
<div class="form-group">
<label>Contact</label>
@ -173,7 +172,7 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<select class="form-control select2" name="contact">
<option value="">- Contact -</option>
<option value="">- Select Contact -</option>
<?php
$sql_contacts = mysqli_query($mysqli, "SELECT contact_id, contact_name FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
@ -181,7 +180,7 @@ ob_start();
$contact_id_select = intval($row['contact_id']);
$contact_name_select = nullable_htmlentities($row['contact_name']);
?>
<option <?php if ($login_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
<option <?php if ($credential_contact_id == $contact_id_select) { echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
<?php } ?>
</select>
</div>
@ -194,7 +193,7 @@ ob_start();
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div>
<select class="form-control select2" name="asset">
<option value="0">- None -</option>
<option value="0">- Select Asset -</option>
<?php
$sql_assets = mysqli_query($mysqli, "SELECT asset_id, asset_name, location_name FROM assets LEFT JOIN locations on asset_location_id = location_id WHERE asset_client_id = $client_id AND asset_archived_at IS NULL ORDER BY asset_name ASC");
@ -209,7 +208,7 @@ ob_start();
}
?>
<option <?php if ($login_asset_id == $asset_id_select) { echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_select_display_string; ?></option>
<option <?php if ($credential_asset_id == $asset_id_select) { echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_select_display_string; ?></option>
<?php } ?>
</select>
@ -218,10 +217,10 @@ ob_start();
</div>
<div class="tab-pane fade" id="pills-login-notes<?php echo $login_id; ?>">
<div class="tab-pane fade" id="pills-credential-notes<?php echo $credential_id; ?>">
<div class="form-group">
<textarea class="form-control" rows="12" placeholder="Enter some notes" name="note"><?php echo $login_note; ?></textarea>
<textarea class="form-control" rows="12" placeholder="Enter some notes" name="note"><?php echo $credential_note; ?></textarea>
</div>
<div class="form-group">
@ -238,7 +237,7 @@ ob_start();
$tag_id_select = intval($row['tag_id']);
$tag_name_select = nullable_htmlentities($row['tag_name']);
?>
<option value="<?php echo $tag_id_select; ?>" <?php if (in_array($tag_id_select, $login_tag_id_array)) { echo "selected"; } ?>><?php echo $tag_name_select; ?></option>
<option value="<?php echo $tag_id_select; ?>" <?php if (in_array($tag_id_select, $credential_tag_id_array)) { echo "selected"; } ?>><?php echo $tag_name_select; ?></option>
<?php } ?>
</select>
@ -259,7 +258,7 @@ ob_start();
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="edit_login" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="submit" name="edit_credential" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>

28
ajax/ajax_credential_view.php
View File

@ -2,26 +2,26 @@
require_once '../includes/ajax_header.php';
$login_id = intval($_GET['id']);
$credential_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $login_id LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
$row = mysqli_fetch_array($sql);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
$login_uri_2 = nullable_htmlentities($row['login_uri_2']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptLoginEntry($row['credential_username']));
$credential_password = nullable_htmlentities(decryptLoginEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"';
if (empty($credential_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTPViaCredentialID($credential_id)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_note = nullable_htmlentities($row['login_note']);
$login_created_at = nullable_htmlentities($row['login_created_at']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_created_at = nullable_htmlentities($row['credential_created_at']);
// Generate the HTML form content using output buffering.
ob_start();

30
ajax/ajax_service_edit.php
View File

@ -18,23 +18,23 @@ $service_updated_at = nullable_htmlentities($row['service_updated_at']);
$service_review_due = nullable_htmlentities($row['service_review_due']);
$client_id = intval($row['service_client_id']);
// Associated Assets (and their logins/networks/locations)
// Associated Assets (and their credentials/networks/locations)
$sql_assets = mysqli_query(
$mysqli,
"SELECT * FROM service_assets
LEFT JOIN assets ON service_assets.asset_id = assets.asset_id
LEFT JOIN asset_interfaces ON interface_asset_id = assets.asset_id AND interface_primary = 1
LEFT JOIN logins ON service_assets.asset_id = logins.login_asset_id
LEFT JOIN credentials ON service_assets.asset_id = credentials.credential_asset_id
LEFT JOIN networks ON interface_network_id = networks.network_id
LEFT JOIN locations ON assets.asset_location_id = locations.location_id
WHERE service_id = $service_id"
);
// Associated logins
$sql_logins = mysqli_query(
// Associated credentials
$sql_credentials = mysqli_query(
$mysqli,
"SELECT * FROM service_logins
LEFT JOIN logins ON service_logins.login_id = logins.login_id
"SELECT * FROM service_credentials
LEFT JOIN credentials ON service_credentials.credential_id = credentials.credential_id
WHERE service_id = $service_id"
);
@ -280,21 +280,21 @@ ob_start();
</div>
<div class="form-group">
<label for="logins">Logins</label>
<select multiple class="form-control select2" name="logins[]">
<label for="credentials">Credentials</label>
<select multiple class="form-control select2" name="credentials[]">
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_logins, MYSQLI_ASSOC), "login_id");
$selected_ids = array_column(mysqli_fetch_all($sql_credentials, MYSQLI_ASSOC), "credential_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_archived_at > '$service_created_at' OR login_archived_at IS NULL) AND login_client_id = $client_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM credentials WHERE (credential_archived_at > '$service_created_at' OR credential_archived_at IS NULL) AND credential_client_id = $client_id");
while ($row_all = mysqli_fetch_array($sql_all)) {
$login_id = intval($row_all['login_id']);
$login_name = nullable_htmlentities($row_all['login_name']);
$credential_id = intval($row_all['credential_id']);
$credential_name = nullable_htmlentities($row_all['credential_name']);
if (in_array($login_id, $selected_ids)) {
echo "<option value=\"$login_id\" selected>$login_name</option>";
if (in_array($credential_id, $selected_ids)) {
echo "<option value=\"$credential_id\" selected>$credential_name</option>";
}
else{
echo "<option value=\"$login_id\">$login_name</option>";
echo "<option value=\"$credential_id\">$credential_name</option>";
}
}
?>

143
asset_details.php
View File

@ -184,29 +184,29 @@ if (isset($_GET['asset_id'])) {
$document_count = mysqli_num_rows($sql_related_documents);
// Related Logins Query
$sql_related_logins = mysqli_query($mysqli, "
// Related Credentials Query
$sql_related_credentials = mysqli_query($mysqli, "
SELECT
logins.login_id AS login_id,
logins.login_name,
logins.login_description,
logins.login_uri,
logins.login_username,
logins.login_password,
logins.login_otp_secret,
logins.login_note,
logins.login_important,
logins.login_contact_id,
logins.login_asset_id
FROM logins
LEFT JOIN login_tags ON login_tags.login_id = logins.login_id
LEFT JOIN tags ON tags.tag_id = login_tags.tag_id
WHERE login_asset_id = $asset_id
AND login_archived_at IS NULL
GROUP BY logins.login_id
ORDER BY login_name DESC
credentials.credential_id AS credential_id,
credentials.credential_name,
credentials.credential_description,
credentials.credential_uri,
credentials.credential_username,
credentials.credential_password,
credentials.credential_otp_secret,
credentials.credential_note,
credentials.credential_important,
credentials.credential_contact_id,
credentials.credential_asset_id
FROM credentials
LEFT JOIN credential_tags ON credential_tags.credential_id = credentials.credential_id
LEFT JOIN tags ON tags.tag_id = credential_tags.tag_id
WHERE credential_asset_id = $asset_id
AND credential_archived_at IS NULL
GROUP BY credentials.credential_id
ORDER BY credential_name DESC
");
$login_count = mysqli_num_rows($sql_related_logins);
$credential_count = mysqli_num_rows($sql_related_credentials);
// Related Software Query
$sql_related_software = mysqli_query(
@ -523,7 +523,7 @@ if (isset($_GET['asset_id'])) {
</div>
</div>
<div class="card card-dark <?php if ($login_count == 0) { echo "d-none"; } ?>">
<div class="card card-dark <?php if ($credential_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
</div>
@ -544,56 +544,56 @@ if (isset($_GET['asset_id'])) {
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_related_logins)) {
$login_id = intval($row['login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) {
$login_uri_display = "-";
while ($row = mysqli_fetch_array($sql_related_credentials)) {
$credential_id = intval($row['credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
if (empty($credential_uri)) {
$credential_uri_display = "-";
} else {
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
$credential_uri_display = "$credential_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$credential_uri'><i class='far fa-copy text-secondary'></i></button><a href='$credential_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
}
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) {
$login_username_display = "-";
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
if (empty($credential_username)) {
$credential_username_display = "-";
} else {
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
$credential_username_display = "$credential_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$credential_username'><i class='far fa-copy text-secondary'></i></button>";
}
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"';
if (empty($credential_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTPViaCredentialID($credential_id)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_note = nullable_htmlentities($row['login_note']);
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$login_asset_id = intval($row['login_asset_id']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_important = intval($row['credential_important']);
$credential_contact_id = intval($row['credential_contact_id']);
$credential_asset_id = intval($row['credential_asset_id']);
// Tags
$login_tag_name_display_array = array();
$login_tag_id_array = array();
$sql_login_tags = mysqli_query($mysqli, "SELECT * FROM login_tags LEFT JOIN tags ON login_tags.tag_id = tags.tag_id WHERE login_id = $login_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_login_tags)) {
$credential_tag_name_display_array = array();
$credential_tag_id_array = array();
$sql_credential_tags = mysqli_query($mysqli, "SELECT * FROM credential_tags LEFT JOIN tags ON credential_tags.tag_id = tags.tag_id WHERE credential_id = $credential_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_credential_tags)) {
$login_tag_id = intval($row['tag_id']);
$login_tag_name = nullable_htmlentities($row['tag_name']);
$login_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($login_tag_color)) {
$login_tag_color = "dark";
$credential_tag_id = intval($row['tag_id']);
$credential_tag_name = nullable_htmlentities($row['tag_name']);
$credential_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($credential_tag_color)) {
$credential_tag_color = "dark";
}
$login_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($login_tag_icon)) {
$login_tag_icon = "tag";
$credential_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($credential_tag_icon)) {
$credential_tag_icon = "tag";
}
$login_tag_id_array[] = $login_tag_id;
$login_tag_name_display_array[] = "<a href='client_logins.php?client_id=$client_id&tags[]=$login_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $login_tag_color;'><i class='fa fa-fw fa-$login_tag_icon mr-2'></i>$login_tag_name</span></a>";
$credential_tag_id_array[] = $credential_tag_id;
$credential_tag_name_display_array[] = "<a href='credentials.php?client_id=$client_id&tags[]=$credential_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $credential_tag_color;'><i class='fa fa-fw fa-$credential_tag_icon mr-2'></i>$credential_tag_name</span></a>";
}
$login_tags_display = implode('', $login_tag_name_display_array);
$credential_tags_display = implode('', $credential_tag_name_display_array);
?>
<tr>
@ -602,18 +602,18 @@ if (isset($_GET['asset_id'])) {
<a class="text-dark" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_credential_edit.php"
data-ajax-id="<?php echo $login_id; ?>"
data-ajax-id="<?php echo $credential_id; ?>"
>
<?php echo $login_name; ?>
<?php echo $credential_name; ?>
</a>
</td>
<td><?php echo $login_description; ?></td>
<td><?php echo $login_username_display; ?></td>
<td><?php echo $credential_description; ?></td>
<td><?php echo $credential_username_display; ?></td>
<td>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $credential_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $credential_password; ?>"><i class="far fa-copy text-secondary"></i></button>
</td>
<td><?php echo $otp_display; ?></td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $credential_uri_display; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
@ -623,20 +623,20 @@ if (isset($_GET['asset_id'])) {
<a class="dropdown-item" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_credential_edit.php"
data-ajax-id="<?php echo $login_id; ?>"
data-ajax-id="<?php echo $credential_id; ?>"
>
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Credential', $credential_id"; ?>)">
<i class="fas fa-fw fa-share-alt mr-2"></i>Share
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="post.php?unlink_credential_from_asset&asset_id=<?php echo $asset_id; ?>&login_id=<?php echo $login_id; ?>">
<a class="dropdown-item" href="post.php?unlink_credential_from_asset&asset_id=<?php echo $asset_id; ?>&credential_id=<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-unlink mr-2"></i>Unlink
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_login=<?php echo $login_id; ?>">
<a class="dropdown-item text-danger text-bold" href="post.php?delete_credential=<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
@ -691,11 +691,6 @@ if (isset($_GET['asset_id'])) {
$seat_count = 0;
// Get Login
$login_id = intval($row['login_id']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
// Asset Licenses
$asset_licenses_sql = mysqli_query($mysqli, "SELECT asset_id FROM software_assets WHERE software_id = $software_id");
$asset_licenses_array = array();
@ -1174,7 +1169,7 @@ if (isset($_GET['asset_id'])) {
});
</script>
<!-- Include script to get TOTP code via the login ID -->
<!-- Include script to get TOTP code via the credential ID -->
<script src="js/credential_show_otp_via_id.js"></script>
<?php

4
assets.php
View File

@ -524,8 +524,8 @@ if (mysqli_num_rows($os_sql) > 0) {
$location_name_display = $location_name;
}
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_asset_id = $asset_id");
$login_count = mysqli_num_rows($sql_logins);
$sql_credentials = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_asset_id = $asset_id");
$credential_count = mysqli_num_rows($sql_credentials);
?>
<tr>

16
client_overview.php
View File

@ -32,12 +32,12 @@ $sql_recent_tickets = mysqli_query(
LIMIT 5"
);
$sql_recent_logins = mysqli_query(
$sql_recent_credentials = mysqli_query(
$mysqli,
"SELECT * FROM logins
WHERE login_client_id = $client_id
AND login_archived_at IS NULL
ORDER BY login_updated_at ASC
"SELECT * FROM credentials
WHERE credential_client_id = $client_id
AND credential_archived_at IS NULL
ORDER BY credential_updated_at ASC
LIMIT 5"
);
@ -286,10 +286,10 @@ $sql_asset_retired = mysqli_query(
$item_expire_at = nullable_htmlentities($row['item_expire_at']);
$item_expire_at_human = timeAgo($row['item_expire_at']);
if ($item_type == 'Login') {
$share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id");
if ($item_type == 'Credential') {
$share_item_sql = mysqli_query($mysqli, "SELECT credential_name FROM credentials WHERE credential_id = $item_related_id AND credential_client_id = $client_id");
$share_item = mysqli_fetch_array($share_item_sql);
$item_name = nullable_htmlentities($share_item['login_name']);
$item_name = nullable_htmlentities($share_item['credential_name']);
$item_icon = "fas fa-key";
} elseif ($item_type == 'Document') {
$share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = $item_related_id AND document_client_id = $client_id");

122
contact_details.php
View File

@ -69,21 +69,21 @@ if (isset($_GET['contact_id'])) {
$linked_software = array();
// Related Logins Query 1 to 1 relationship
$sql_related_logins = mysqli_query($mysqli, "
// Related Credentials Query 1 to 1 relationship
$sql_related_credentials = mysqli_query($mysqli, "
SELECT
logins.login_id AS logins_login_id, -- Alias for logins.login_id
logins.*, -- All other columns from logins
login_tags.*, -- All columns from login_tags
credentials.credential_id AS credentials_credential_id, -- Alias for credentials.credential_id
credentials.*, -- All other columns from credentials
credential_tags.*, -- All columns from credential_tags
tags.* -- All columns from tags
FROM logins
LEFT JOIN login_tags ON login_tags.login_id = logins.login_id
LEFT JOIN tags ON tags.tag_id = login_tags.tag_id
WHERE login_contact_id = $contact_id
GROUP BY logins.login_id
ORDER BY login_name DESC
FROM credentials
LEFT JOIN credential_tags ON credential_tags.credential_id = credentials.credential_id
LEFT JOIN tags ON tags.tag_id = credential_tags.tag_id
WHERE credential_contact_id = $contact_id
GROUP BY credentials.credential_id
ORDER BY credential_name DESC
");
$login_count = mysqli_num_rows($sql_related_logins);
$credential_count = mysqli_num_rows($sql_related_credentials);
// Related Tickets Query - 1 to 1 relationship
$sql_related_tickets = mysqli_query($mysqli, "SELECT * FROM tickets
@ -446,7 +446,7 @@ if (isset($_GET['contact_id'])) {
</div>
</div>
<div class="card card-dark <?php if ($login_count == 0) { echo "d-none"; } ?>">
<div class="card card-dark <?php if ($credential_count == 0) { echo "d-none"; } ?>">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
</div>
@ -467,57 +467,57 @@ if (isset($_GET['contact_id'])) {
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_related_logins)) {
$login_id = intval($row['logins_login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) {
$login_uri_display = "-";
while ($row = mysqli_fetch_array($sql_related_credentials)) {
$credential_id = intval($row['credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
if (empty($credential_uri)) {
$credential_uri_display = "-";
} else {
$login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
$credential_uri_display = "$credential_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$credential_uri'><i class='far fa-copy text-secondary'></i></button><a href='$credential_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
}
$login_uri_2 = nullable_htmlentities($row['login_uri_2']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) {
$login_username_display = "-";
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
if (empty($credential_username)) {
$credential_username_display = "-";
} else {
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
$credential_username_display = "$credential_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$credential_username'><i class='far fa-copy text-secondary'></i></button>";
}
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"';
if (empty($credential_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTPViaCredentialID($credential_id)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_note = nullable_htmlentities($row['login_note']);
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$login_asset_id = intval($row['login_asset_id']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_important = intval($row['credential_important']);
$credential_contact_id = intval($row['credential_contact_id']);
$credential_asset_id = intval($row['credential_asset_id']);
// Tags
$login_tag_name_display_array = array();
$login_tag_id_array = array();
$sql_login_tags = mysqli_query($mysqli, "SELECT * FROM login_tags LEFT JOIN tags ON login_tags.tag_id = tags.tag_id WHERE login_id = $login_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_login_tags)) {
$credential_tag_name_display_array = array();
$credential_tag_id_array = array();
$sql_credential_tags = mysqli_query($mysqli, "SELECT * FROM credential_tags LEFT JOIN tags ON credential_tags.tag_id = tags.tag_id WHERE credential_id = $credential_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_credential_tags)) {
$login_tag_id = intval($row['tag_id']);
$login_tag_name = nullable_htmlentities($row['tag_name']);
$login_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($login_tag_color)) {
$login_tag_color = "dark";
$credential_tag_id = intval($row['tag_id']);
$credential_tag_name = nullable_htmlentities($row['tag_name']);
$credential_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($credential_tag_color)) {
$credential_tag_color = "dark";
}
$login_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($login_tag_icon)) {
$login_tag_icon = "tag";
$credential_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($credential_tag_icon)) {
$credential_tag_icon = "tag";
}
$login_tag_id_array[] = $login_tag_id;
$login_tag_name_display_array[] = "<a href='client_logins.php?client_id=$client_id&tags[]=$login_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $login_tag_color;'><i class='fa fa-fw fa-$login_tag_icon mr-2'></i>$login_tag_name</span></a>";
$credential_tag_id_array[] = $credential_tag_id;
$credential_tag_name_display_array[] = "<a href='credentials.php?client_id=$client_id&tags[]=$credential_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $credential_tag_color;'><i class='fa fa-fw fa-$credential_tag_icon mr-2'></i>$credential_tag_name</span></a>";
}
$login_tags_display = implode('', $login_tag_name_display_array);
$credential_tags_display = implode('', $credential_tag_name_display_array);
?>
<tr>
@ -526,18 +526,18 @@ if (isset($_GET['contact_id'])) {
<a class="text-dark" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_credential_edit.php"
data-ajax-id="<?php echo $login_id; ?>"
data-ajax-id="<?php echo $credential_id; ?>"
>
<?php echo $login_name; ?>
<?php echo $credential_name; ?>
</a>
</td>
<td><?php echo $login_description; ?></td>
<td><?php echo $login_username_display; ?></td>
<td><?php echo $credential_description; ?></td>
<td><?php echo $credential_username_display; ?></td>
<td>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $credential_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $credential_password; ?>"><i class="far fa-copy text-secondary"></i></button>
</td>
<td><?php echo $otp_display; ?></td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $credential_uri_display; ?></td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
@ -547,21 +547,21 @@ if (isset($_GET['contact_id'])) {
<a class="dropdown-item" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_credential_edit.php"
data-ajax-id="<?php echo $login_id; ?>">
data-ajax-id="<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Credential', $credential_id"; ?>)">
<i class="fas fa-fw fa-share-alt mr-2"></i>Share
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item"
href="post.php?unlink_credential_from_contact&contact_id=<?php echo $contact_id; ?>&login_id=<?php echo $login_id; ?>"
href="post.php?unlink_credential_from_contact&contact_id=<?php echo $contact_id; ?>&credential_id=<?php echo $credential_id; ?>"
class="btn btn-secondary btn-sm" title="Unlink">
<i class="fas fa-fw fa-unlink mr-2"></i>Unlink
</a>
<?php if ($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_login=<?php echo $login_id; ?>">
<a class="dropdown-item text-danger text-bold" href="post.php?delete_credential=<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
@ -1162,7 +1162,7 @@ if (isset($_GET['contact_id'])) {
});
</script>
<!-- Include script to get TOTP code via the login ID -->
<!-- Include script to get TOTP code via the Credential ID -->
<script src="js/credential_show_otp_via_id.js"></script>
<?php

14
contacts.php
View File

@ -366,13 +366,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$asset_count_display = '';
}
// Related Logins Query
$sql_related_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_contact_id = $contact_id ORDER BY login_id DESC");
$login_count = mysqli_num_rows($sql_related_logins);
if ($login_count) {
$login_count_display = "<span class='mr-2 badge badge-pill badge-secondary p-2' title='$login_count Credentials'><i class='fas fa-fw fa-key mr-2'></i>$login_count</span>";
// Related Credentials Query
$sql_related_credentials = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_contact_id = $contact_id ORDER BY credential_id DESC");
$credential_count = mysqli_num_rows($sql_related_credentials);
if ($credential_count) {
$credential_count_display = "<span class='mr-2 badge badge-pill badge-secondary p-2' title='$credential_count Credentials'><i class='fas fa-fw fa-key mr-2'></i>$credential_count</span>";
} else {
$login_count_display = '';
$credential_count_display = '';
}
// Related Software Query
@ -468,7 +468,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<td><?php echo $contact_info_display; ?></td>
<td><?php echo $location_name_display; ?></td>
<td>
<?php echo "$asset_count_display$login_count_display$software_count_display$ticket_count_display$document_count_display"; ?>
<?php echo "$asset_count_display$credential_count_display$software_count_display$ticket_count_display$document_count_display"; ?>
</td>
<?php if (!$client_url) { ?>
<td><a href="contacts.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a></td>

198
credentials.php
View File

@ -1,21 +1,21 @@
<?php
// Default Column Sortby Filter
$sort = "login_name";
$sort = "credential_name";
$order = "ASC";
// If client_id is in URI then show client Side Bar and client header
if (isset($_GET['client_id'])) {
require_once "includes/inc_all_client.php";
$client_query = "AND login_client_id = $client_id";
$client_query = "AND credential_client_id = $client_id";
$client_url = "client_id=$client_id&";
// Log when users load the Credentials/Logins page
// Log when users load the Credentials page
logAction("Credential", "View", "$session_name viewed the Credentials page for client", $client_id);
} else {
require_once "includes/inc_client_overview_all.php";
$client_query = '';
$client_url = '';
// Log when users load the Credentials/Logins page
// Log when users load the Credentials page
logAction("Credential", "View", "$session_name viewed the All Credentials page");
}
@ -41,7 +41,7 @@ if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
if (!$client_url) {
// Client Filter
if (isset($_GET['client']) & !empty($_GET['client'])) {
$client_query = 'AND (login_client_id = ' . intval($_GET['client']) . ')';
$client_query = 'AND (credential_client_id = ' . intval($_GET['client']) . ')';
$client = intval($_GET['client']);
} else {
// Default - any
@ -53,7 +53,7 @@ if (!$client_url) {
// Location Filter
if ($client_url && isset($_GET['location']) && !empty($_GET['location'])) {
$location_query = 'AND (a.asset_location_id = ' . intval($_GET['location']) . ')';
$location_query_innerjoin = 'INNER JOIN assets a on a.asset_id = l.login_asset_id ';
$location_query_innerjoin = 'INNER JOIN assets a on a.asset_id = c.credential_asset_id ';
$location_filter = intval($_GET['location']);
} else {
// Default - any
@ -64,22 +64,22 @@ if ($client_url && isset($_GET['location']) && !empty($_GET['location'])) {
$sql = mysqli_query(
$mysqli,
"SELECT SQL_CALC_FOUND_ROWS l.login_id AS l_login_id, l.*, login_tags.*, tags.*, clients.*, contacts.*, assets.*
FROM logins l
LEFT JOIN login_tags ON login_tags.login_id = l.login_id
LEFT JOIN tags ON tags.tag_id = login_tags.tag_id
LEFT JOIN clients ON client_id = login_client_id
LEFT JOIN contacts ON contact_id = login_contact_id
LEFT JOIN assets ON asset_id = login_asset_id
"SELECT SQL_CALC_FOUND_ROWS c.credential_id AS c_credential_id, c.*, credential_tags.*, tags.*, clients.*, contacts.*, assets.*
FROM credentials c
LEFT JOIN credential_tags ON credential_tags.credential_id = c.credential_id
LEFT JOIN tags ON tags.tag_id = credential_tags.tag_id
LEFT JOIN clients ON client_id = credential_client_id
LEFT JOIN contacts ON contact_id = credential_contact_id
LEFT JOIN assets ON asset_id = credential_asset_id
$location_query_innerjoin
WHERE l.login_$archive_query
WHERE c.credential_$archive_query
$tag_query
AND (l.login_name LIKE '%$q%' OR l.login_description LIKE '%$q%' OR l.login_uri LIKE '%$q%' OR tag_name LIKE '%$q%' OR client_name LIKE '%$q%')
AND (c.credential_name LIKE '%$q%' OR c.credential_description LIKE '%$q%' OR c.credential_uri LIKE '%$q%' OR tag_name LIKE '%$q%' OR client_name LIKE '%$q%')
$location_query
$access_permission_query
$client_query
GROUP BY l.login_id
ORDER BY l.login_important DESC, $sort $order LIMIT $record_from, $record_to"
GROUP BY c.credential_id
ORDER BY c.credential_important DESC, $sort $order LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
@ -92,17 +92,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-tools">
<?php if (lookupUserPermission("module_credential") >= 2) { ?>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal" <?php if (!isset($_COOKIE['user_encryption_session_key'])) { echo "disabled"; } ?>>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCredentialModal" <?php if (!isset($_COOKIE['user_encryption_session_key'])) { echo "disabled"; } ?>>
<i class="fas fa-plus mr-2"></i>New Credential
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#importLoginModal">
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#importCredentialModal">
<i class="fa fa-fw fa-upload mr-2"></i>Import
</a>
<?php if ($num_rows[0] > 0) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#exportLoginModal">
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#exportCredentialModal">
<i class="fa fa-fw fa-download mr-2"></i>Export
</a>
<?php } ?>
@ -207,12 +207,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<?php if ($archived) { ?>
<button class="dropdown-item text-info"
type="submit" form="bulkActions" name="bulk_unarchive_logins">
type="submit" form="bulkActions" name="bulk_unarchive_credentials">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
</button>
<div class="dropdown-divider"></div>
<button class="dropdown-item text-danger text-bold"
type="submit" form="bulkActions" name="bulk_delete_logins">
type="submit" form="bulkActions" name="bulk_delete_credentials">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</button>
<?php } else { ?>
@ -221,7 +221,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</a>
<div class="dropdown-divider"></div>
<button class="dropdown-item text-danger confirm-link"
type="submit" form="bulkActions" name="bulk_archive_logins">
type="submit" form="bulkActions" name="bulk_archive_credentials">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</button>
<?php } ?>
@ -246,16 +246,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
</td>
<th>
<a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_name&order=<?php echo $disp; ?>">
Name <?php if ($sort == 'login_name') { echo $order_icon; } ?>
<a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=credential_name&order=<?php echo $disp; ?>">
Name <?php if ($sort == 'credential_name') { echo $order_icon; } ?>
</a>
</th>
<th>Username / ID</th>
<th>Password / Key</th>
<th>OTP</th>
<th>
<a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_uri&order=<?php echo $disp; ?>">
URI <?php if ($sort == 'login_uri') { echo $order_icon; } ?>
<a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=credential_uri&order=<?php echo $disp; ?>">
URI <?php if ($sort == 'credential_uri') { echo $order_icon; } ?>
</a>
</th>
<th></th>
@ -275,80 +275,80 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
while ($row = mysqli_fetch_array($sql)) {
$client_id = intval($row['client_id']);
$client_name = nullable_htmlentities($row['client_name']);
$login_id = intval($row['l_login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_uri = nullable_htmlentities($row['login_uri']);
if (empty($login_uri)) {
$login_uri_display = "-";
$credential_id = intval($row['c_credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']);
if (empty($credential_uri)) {
$credential_uri_display = "-";
} else {
$login_uri_display = truncate($login_uri,40) . "<button class='btn btn-sm clipboardjs' type='button' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button>";
$credential_uri_display = truncate($credential_uri,40) . "<button class='btn btn-sm clipboardjs' type='button' data-clipboard-text='$credential_uri'><i class='far fa-copy text-secondary'></i></button>";
}
$login_uri_2 = nullable_htmlentities($row['login_uri_2']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
if (empty($login_username)) {
$login_username_display = "-";
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
if (empty($credential_username)) {
$credential_username_display = "-";
} else {
$login_username_display = "$login_username<button class='btn btn-sm clipboardjs' type='button' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
$credential_username_display = "$credential_username<button class='btn btn-sm clipboardjs' type='button' data-clipboard-text='$credential_username'><i class='far fa-copy text-secondary'></i></button>";
}
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
$credential_id_with_secret = '"' . $row['credential_id'] . '","' . $row['credential_otp_secret'] . '"';
if (empty($credential_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTPViaCredentialID($credential_id)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_note = nullable_htmlentities($row['login_note']);
$login_created_at = nullable_htmlentities($row['login_created_at']);
$login_archived_at = nullable_htmlentities($row['login_archived_at']);
$login_important = intval($row['login_important']);
$login_contact_id = intval($row['login_contact_id']);
$credential_note = nullable_htmlentities($row['credential_note']);
$credential_created_at = nullable_htmlentities($row['credential_created_at']);
$credential_archived_at = nullable_htmlentities($row['credential_archived_at']);
$credential_important = intval($row['credential_important']);
$credential_contact_id = intval($row['credential_contact_id']);
$contact_name = nullable_htmlentities($row['contact_name']);
$login_asset_id = intval($row['login_asset_id']);
$credential_asset_id = intval($row['credential_asset_id']);
$asset_name = nullable_htmlentities($row['asset_name']);
// Tags
$login_tag_name_display_array = array();
$login_tag_id_array = array();
$sql_login_tags = mysqli_query($mysqli, "SELECT * FROM login_tags LEFT JOIN tags ON login_tags.tag_id = tags.tag_id WHERE login_id = $login_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_login_tags)) {
$credential_tag_name_display_array = array();
$credential_tag_id_array = array();
$sql_credential_tags = mysqli_query($mysqli, "SELECT * FROM credential_tags LEFT JOIN tags ON credential_tags.tag_id = tags.tag_id WHERE credential_id = $credential_id ORDER BY tag_name ASC");
while ($row = mysqli_fetch_array($sql_credential_tags)) {
$login_tag_id = intval($row['tag_id']);
$login_tag_name = nullable_htmlentities($row['tag_name']);
$login_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($login_tag_color)) {
$login_tag_color = "dark";
$credential_tag_id = intval($row['tag_id']);
$credential_tag_name = nullable_htmlentities($row['tag_name']);
$credential_tag_color = nullable_htmlentities($row['tag_color']);
if (empty($credential_tag_color)) {
$credential_tag_color = "dark";
}
$login_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($login_tag_icon)) {
$login_tag_icon = "tag";
$credential_tag_icon = nullable_htmlentities($row['tag_icon']);
if (empty($credential_tag_icon)) {
$credential_tag_icon = "tag";
}
$login_tag_id_array[] = $login_tag_id;
$login_tag_name_display_array[] = "<a href='credentials.php?$client_url tags[]=$login_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $login_tag_color;'><i class='fa fa-fw fa-$login_tag_icon mr-2'></i>$login_tag_name</span></a>";
$credential_tag_id_array[] = $credential_tag_id;
$credential_tag_name_display_array[] = "<a href='credentials.php?$client_url tags[]=$credential_tag_id'><span class='badge text-light p-1 mr-1' style='background-color: $credential_tag_color;'><i class='fa fa-fw fa-$credential_tag_icon mr-2'></i>$credential_tag_name</span></a>";
}
$login_tags_display = implode('', $login_tag_name_display_array);
$credential_tags_display = implode('', $credential_tag_name_display_array);
if ($login_contact_id) {
$login_contact_display = "<a href='#' class='mr-2 badge badge-pill badge-dark p-2' title='$contact_name'
if ($credential_contact_id) {
$credential_contact_display = "<a href='#' class='mr-2 badge badge-pill badge-dark p-2' title='$contact_name'
data-toggle='ajax-modal'
data-modal-size='lg'
data-ajax-url='ajax/ajax_contact_details.php'
data-ajax-id='$login_contact_id'>
data-ajax-id='$credential_contact_id'>
<i class='fas fa-fw fa-user'></i></a>";
} else {
$login_contact_display = '';
$credential_contact_display = '';
}
if ($login_asset_id) {
$login_asset_display = "<a href='#' class='mr-2 badge badge-pill badge-secondary p-2' title='$asset_name' data-toggle='ajax-modal'
if ($credential_asset_id) {
$credential_asset_display = "<a href='#' class='mr-2 badge badge-pill badge-secondary p-2' title='$asset_name' data-toggle='ajax-modal'
data-modal-size='lg'
data-ajax-url='ajax/ajax_asset_details.php'
data-ajax-id='$login_asset_id'>
data-ajax-id='$credential_asset_id'>
<i class='fas fa-fw fa-desktop'></i></a>";
} else {
$login_asset_display = '';
$credential_asset_display = '';
}
// Check if shared
@ -359,8 +359,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
AND item_active = 1
AND item_views != item_view_limit
AND item_expire_at > NOW()
AND item_type = 'Login'
AND item_related_id = $login_id
AND item_type = 'Credential'
AND item_related_id = $credential_id
LIMIT 1"
);
if (mysqli_num_rows($sql_shared) > 0) {
@ -381,41 +381,41 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<tr class="<?php if (!empty($login_important)) { echo "text-bold"; } ?>">
<tr class="<?php if (!empty($credential_important)) { echo "text-bold"; } ?>">
<td class="pr-0">
<div class="form-check">
<input class="form-check-input bulk-select" type="checkbox" name="login_ids[]" value="<?php echo $login_id ?>">
<input class="form-check-input bulk-select" type="checkbox" name="credential_ids[]" value="<?php echo $credential_id ?>">
</div>
</td>
<td>
<a class="text-dark" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_credential_edit.php"
data-ajax-id="<?php echo $login_id; ?>"
data-ajax-id="<?php echo $credential_id; ?>"
>
<div class="media">
<i class="fa fa-fw fa-2x fa-key mr-3"></i>
<div class="media-body">
<div><?php echo $login_name; ?></div>
<div><small class="text-secondary"><?php echo $login_description; ?></small></div>
<div><?php echo $credential_name; ?></div>
<div><small class="text-secondary"><?php echo $credential_description; ?></small></div>
<?php
if (!empty($login_tags_display)) { ?>
if (!empty($credential_tags_display)) { ?>
<div class="mt-1">
<?php echo $login_tags_display; ?>
<?php echo $credential_tags_display; ?>
</div>
<?php } ?>
</div>
</div>
</a>
</td>
<td><?php echo $login_username_display; ?></td>
<td><?php echo $credential_username_display; ?></td>
<td>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button><button class="btn btn-sm clipboardjs" type="button" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button>
<button class="btn p-0" type="button" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $credential_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></button><button class="btn btn-sm clipboardjs" type="button" data-clipboard-text="<?php echo $credential_password; ?>"><i class="far fa-copy text-secondary"></i></button>
</td>
<td><?php echo $otp_display; ?></td>
<td><?php echo $login_uri_display; ?></td>
<td><?php echo $credential_uri_display; ?></td>
<td>
<?php echo "$login_contact_display$login_asset_display"; ?>
<?php echo "$credential_contact_display$credential_asset_display"; ?>
<?php if (mysqli_num_rows($sql_shared) > 0) { ?>
<div class="media" title="Expires <?php echo $item_expire_at_human; ?>">
<i class="fas fa-link mr-2 mt-1"></i>
@ -431,21 +431,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php } ?>
<td class="text-center">
<div class="btn-group">
<?php if ( !empty($login_uri) || !empty($login_uri_2) ) { ?>
<?php if ( !empty($credential_uri) || !empty($credential_uri_2) ) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-default btn-sm" type="button" data-toggle="dropdown">
<i class="fa fa-fw fa-external-link-alt"></i>
</button>
<div class="dropdown-menu">
<?php if ($login_uri) { ?>
<a href="<?php echo $login_uri; ?>" alt="<?php echo $login_uri; ?>" target="_blank" class="dropdown-item" >
<i class="fa fa-fw fa-external-link-alt"></i> <?php echo truncate($login_uri,40); ?>
<?php if ($credential_uri) { ?>
<a href="<?php echo $credential_uri; ?>" alt="<?php echo $credential_uri; ?>" target="_blank" class="dropdown-item" >
<i class="fa fa-fw fa-external-link-alt"></i> <?php echo truncate($credential_uri,40); ?>
</a>
<?php } ?>
<?php if ($login_uri_2) { ?>
<?php if ($credential_uri_2) { ?>
<div class="dropdown-divider"></div>
<a href="<?php echo $login_uri_2; ?>" target="_blank" class="dropdown-item" >
<i class="fa fa-fw fa-external-link-alt"></i> <?php echo truncate($login_uri_2,40); ?>
<a href="<?php echo $credential_uri_2; ?>" target="_blank" class="dropdown-item" >
<i class="fa fa-fw fa-external-link-alt"></i> <?php echo truncate($credential_uri_2,40); ?>
</a>
<?php } ?>
</div>
@ -459,29 +459,29 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="dropdown-item" href="#"
data-toggle="ajax-modal"
data-ajax-url="ajax/ajax_credential_edit.php"
data-ajax-id="<?php echo $login_id; ?>"
data-ajax-id="<?php echo $credential_id; ?>"
>
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Credential', $credential_id"; ?>)">
<i class="fas fa-fw fa-share mr-2"></i>Share
</a>
<?php if (lookupUserPermission("module_credential") >= 2) { ?>
<?php if ($login_archived_at) { ?>
<?php if ($credential_archived_at) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_login=<?php echo $login_id; ?>">
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_credential=<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
</a>
<?php if (lookupUserPermission("module_credential") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_login=<?php echo $login_id; ?>">
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_credential=<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
<?php } ?>
</a>
<?php } else { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_login=<?php echo $login_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_credential=<?php echo $credential_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>

85
database_updates.php
View File

@ -2583,10 +2583,89 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.9.9'");
}
// if (CURRENT_DATABASE_VERSION == '1.9.9') {
// // Insert queries here required to update to DB version 2.0.0
if (CURRENT_DATABASE_VERSION == '1.9.9') {
mysqli_query($mysqli, "RENAME TABLE `logins` TO `credentials`");
mysqli_query($mysqli, "
ALTER TABLE `credentials`
CHANGE COLUMN `login_id` `credential_id` INT(11) NOT NULL AUTO_INCREMENT,
CHANGE COLUMN `login_name` `credential_name` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
CHANGE COLUMN `login_description` `credential_description` VARCHAR(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_category` `credential_category` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_uri` `credential_uri` VARCHAR(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_uri_2` `credential_uri_2` VARCHAR(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_username` `credential_username` VARCHAR(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_password` `credential_password` VARBINARY(200) NULL DEFAULT NULL,
CHANGE COLUMN `login_otp_secret` `credential_otp_secret` VARCHAR(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_note` `credential_note` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
CHANGE COLUMN `login_important` `credential_important` TINYINT(1) NOT NULL DEFAULT '0',
CHANGE COLUMN `login_created_at` `credential_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP(),
CHANGE COLUMN `login_updated_at` `credential_updated_at` DATETIME NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP(),
CHANGE COLUMN `login_archived_at` `credential_archived_at` DATETIME NULL DEFAULT NULL,
CHANGE COLUMN `login_accessed_at` `credential_accessed_at` DATETIME NULL DEFAULT NULL,
CHANGE COLUMN `login_password_changed_at` `credential_password_changed_at` DATETIME NULL DEFAULT CURRENT_TIMESTAMP(),
CHANGE COLUMN `login_folder_id` `credential_folder_id` INT(11) NOT NULL DEFAULT '0',
CHANGE COLUMN `login_contact_id` `credential_contact_id` INT(11) NOT NULL DEFAULT '0',
CHANGE COLUMN `login_asset_id` `credential_asset_id` INT(11) NOT NULL DEFAULT '0',
CHANGE COLUMN `login_client_id` `credential_client_id` INT(11) NOT NULL DEFAULT '0'
");
mysqli_query($mysqli, "RENAME TABLE `contact_logins` TO `contact_credentials`");
mysqli_query($mysqli, "
ALTER TABLE `contact_credentials`
CHANGE COLUMN `login_id` `credential_id` INT(11) NOT NULL,
ADD FOREIGN KEY (`contact_id`) REFERENCES `contacts`(`contact_id`) ON DELETE CASCADE,
ADD FOREIGN KEY (`credential_id`) REFERENCES `credentials`(`credential_id`) ON DELETE CASCADE
");
mysqli_query($mysqli, "RENAME TABLE `service_logins` TO `service_credentials`");
mysqli_query($mysqli, "
ALTER TABLE `service_credentials`
CHANGE COLUMN `login_id` `credential_id` INT(11) NOT NULL,
ADD FOREIGN KEY (`service_id`) REFERENCES `services`(`service_id`) ON DELETE CASCADE,
ADD FOREIGN KEY (`credential_id`) REFERENCES `credentials`(`credential_id`) ON DELETE CASCADE
");
mysqli_query($mysqli, "RENAME TABLE `software_logins` TO `software_credentials`");
mysqli_query($mysqli, "
ALTER TABLE `software_credentials`
CHANGE COLUMN `login_id` `credential_id` INT(11) NOT NULL,
ADD FOREIGN KEY (`software_id`) REFERENCES `software`(`software_id`) ON DELETE CASCADE,
ADD FOREIGN KEY (`credential_id`) REFERENCES `credentials`(`credential_id`) ON DELETE CASCADE
");
mysqli_query($mysqli, "RENAME TABLE `vendor_logins` TO `vendor_credentials`");
mysqli_query($mysqli, "
ALTER TABLE `vendor_credentials`
CHANGE COLUMN `login_id` `credential_id` INT(11) NOT NULL,
ADD FOREIGN KEY (`vendor_id`) REFERENCES `vendors`(`vendor_id`) ON DELETE CASCADE,
ADD FOREIGN KEY (`credential_id`) REFERENCES `credentials`(`credential_id`) ON DELETE CASCADE
");
mysqli_query($mysqli, "RENAME TABLE `login_tags` TO `credential_tags`");
mysqli_query($mysqli, "
ALTER TABLE `credential_tags`
CHANGE COLUMN `login_id` `credential_id` INT(11) NOT NULL,
ADD FOREIGN KEY (`tag_id`) REFERENCES `tags`(`tag_id`) ON DELETE CASCADE,
ADD FOREIGN KEY (`credential_id`) REFERENCES `credentials`(`credential_id`) ON DELETE CASCADE
");
mysqli_query($mysqli,
"CREATE TABLE `asset_credentials` (
`credential_id` INT(11) NOT NULL,
`asset_id` INT(11) NOT NULL,
PRIMARY KEY (`credential_id`,`asset_id`),
FOREIGN KEY (`credential_id`) REFERENCES `credentials`(`credential_id`) ON DELETE CASCADE,
FOREIGN KEY (`asset_id`) REFERENCES `assets`(`asset_id`) ON DELETE CASCADE
)"
);
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.0.0'");
}
// if (CURRENT_DATABASE_VERSION == '2.0.0') {
// // Insert queries here required to update to DB version 2.0.1
// // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.0.0'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.0.1'");
// }
} else {

238
db.sql
View File

@ -73,6 +73,23 @@ CREATE TABLE `app_logs` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `asset_credentials`
--
DROP TABLE IF EXISTS `asset_credentials`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `asset_credentials` (
`credential_id` int(11) NOT NULL,
`asset_id` int(11) NOT NULL,
PRIMARY KEY (`credential_id`,`asset_id`),
KEY `asset_id` (`asset_id`),
CONSTRAINT `asset_credentials_ibfk_1` FOREIGN KEY (`credential_id`) REFERENCES `credentials` (`credential_id`) ON DELETE CASCADE,
CONSTRAINT `asset_credentials_ibfk_2` FOREIGN KEY (`asset_id`) REFERENCES `assets` (`asset_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `asset_custom`
--
@ -483,6 +500,23 @@ CREATE TABLE `contact_assets` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `contact_credentials`
--
DROP TABLE IF EXISTS `contact_credentials`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `contact_credentials` (
`contact_id` int(11) NOT NULL,
`credential_id` int(11) NOT NULL,
PRIMARY KEY (`contact_id`,`credential_id`),
KEY `credential_id` (`credential_id`),
CONSTRAINT `contact_credentials_ibfk_1` FOREIGN KEY (`contact_id`) REFERENCES `contacts` (`contact_id`) ON DELETE CASCADE,
CONSTRAINT `contact_credentials_ibfk_2` FOREIGN KEY (`credential_id`) REFERENCES `credentials` (`credential_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `contact_documents`
--
@ -511,20 +545,6 @@ CREATE TABLE `contact_files` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `contact_logins`
--
DROP TABLE IF EXISTS `contact_logins`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `contact_logins` (
`contact_id` int(11) NOT NULL,
`login_id` int(11) NOT NULL,
PRIMARY KEY (`contact_id`,`login_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `contact_notes`
--
@ -594,6 +614,55 @@ CREATE TABLE `contacts` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `credential_tags`
--
DROP TABLE IF EXISTS `credential_tags`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `credential_tags` (
`credential_id` int(11) NOT NULL,
`tag_id` int(11) NOT NULL,
PRIMARY KEY (`credential_id`,`tag_id`),
KEY `tag_id` (`tag_id`),
CONSTRAINT `credential_tags_ibfk_1` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`tag_id`) ON DELETE CASCADE,
CONSTRAINT `credential_tags_ibfk_2` FOREIGN KEY (`credential_id`) REFERENCES `credentials` (`credential_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `credentials`
--
DROP TABLE IF EXISTS `credentials`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `credentials` (
`credential_id` int(11) NOT NULL AUTO_INCREMENT,
`credential_name` varchar(200) NOT NULL,
`credential_description` varchar(500) DEFAULT NULL,
`credential_category` varchar(200) DEFAULT NULL,
`credential_uri` varchar(500) DEFAULT NULL,
`credential_uri_2` varchar(500) DEFAULT NULL,
`credential_username` varchar(500) DEFAULT NULL,
`credential_password` varbinary(200) DEFAULT NULL,
`credential_otp_secret` varchar(200) DEFAULT NULL,
`credential_note` text DEFAULT NULL,
`credential_important` tinyint(1) NOT NULL DEFAULT 0,
`credential_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`credential_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`credential_archived_at` datetime DEFAULT NULL,
`credential_accessed_at` datetime DEFAULT NULL,
`credential_password_changed_at` datetime DEFAULT current_timestamp(),
`credential_folder_id` int(11) NOT NULL DEFAULT 0,
`credential_contact_id` int(11) NOT NULL DEFAULT 0,
`credential_asset_id` int(11) NOT NULL DEFAULT 0,
`credential_client_id` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`credential_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `custom_fields`
--
@ -1013,52 +1082,6 @@ CREATE TABLE `locations` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `login_tags`
--
DROP TABLE IF EXISTS `login_tags`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `login_tags` (
`login_id` int(11) NOT NULL,
`tag_id` int(11) NOT NULL,
PRIMARY KEY (`login_id`,`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `logins`
--
DROP TABLE IF EXISTS `logins`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `logins` (
`login_id` int(11) NOT NULL AUTO_INCREMENT,
`login_name` varchar(200) NOT NULL,
`login_description` varchar(500) DEFAULT NULL,
`login_category` varchar(200) DEFAULT NULL,
`login_uri` varchar(500) DEFAULT NULL,
`login_uri_2` varchar(500) DEFAULT NULL,
`login_username` varchar(500) DEFAULT NULL,
`login_password` varbinary(200) DEFAULT NULL,
`login_otp_secret` varchar(200) DEFAULT NULL,
`login_note` text DEFAULT NULL,
`login_important` tinyint(1) NOT NULL DEFAULT 0,
`login_created_at` datetime NOT NULL DEFAULT current_timestamp(),
`login_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
`login_archived_at` datetime DEFAULT NULL,
`login_accessed_at` datetime DEFAULT NULL,
`login_password_changed_at` datetime DEFAULT current_timestamp(),
`login_folder_id` int(11) NOT NULL DEFAULT 0,
`login_contact_id` int(11) NOT NULL DEFAULT 0,
`login_asset_id` int(11) NOT NULL DEFAULT 0,
`login_client_id` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`login_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `logs`
--
@ -1619,6 +1642,23 @@ CREATE TABLE `service_contacts` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `service_credentials`
--
DROP TABLE IF EXISTS `service_credentials`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `service_credentials` (
`service_id` int(11) NOT NULL,
`credential_id` int(11) NOT NULL,
KEY `service_id` (`service_id`),
KEY `credential_id` (`credential_id`),
CONSTRAINT `service_credentials_ibfk_1` FOREIGN KEY (`service_id`) REFERENCES `services` (`service_id`) ON DELETE CASCADE,
CONSTRAINT `service_credentials_ibfk_2` FOREIGN KEY (`credential_id`) REFERENCES `credentials` (`credential_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `service_documents`
--
@ -1645,19 +1685,6 @@ CREATE TABLE `service_domains` (
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `service_logins`
--
DROP TABLE IF EXISTS `service_logins`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `service_logins` (
`service_id` int(11) NOT NULL,
`login_id` int(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `service_vendors`
--
@ -1884,6 +1911,23 @@ CREATE TABLE `software_contacts` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `software_credentials`
--
DROP TABLE IF EXISTS `software_credentials`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `software_credentials` (
`software_id` int(11) NOT NULL,
`credential_id` int(11) NOT NULL,
PRIMARY KEY (`software_id`,`credential_id`),
KEY `credential_id` (`credential_id`),
CONSTRAINT `software_credentials_ibfk_1` FOREIGN KEY (`software_id`) REFERENCES `software` (`software_id`) ON DELETE CASCADE,
CONSTRAINT `software_credentials_ibfk_2` FOREIGN KEY (`credential_id`) REFERENCES `credentials` (`credential_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `software_documents`
--
@ -1912,20 +1956,6 @@ CREATE TABLE `software_files` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `software_logins`
--
DROP TABLE IF EXISTS `software_logins`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `software_logins` (
`software_id` int(11) NOT NULL,
`login_id` int(11) NOT NULL,
PRIMARY KEY (`software_id`,`login_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `tags`
--
@ -2187,6 +2217,7 @@ CREATE TABLE `tickets` (
`ticket_asset_id` int(11) NOT NULL DEFAULT 0,
`ticket_invoice_id` int(11) NOT NULL DEFAULT 0,
`ticket_project_id` int(11) NOT NULL DEFAULT 0,
`ticket_recurring_ticket_id` int(11) DEFAULT 0,
`ticket_order` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`ticket_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
@ -2334,6 +2365,23 @@ CREATE TABLE `users` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `vendor_credentials`
--
DROP TABLE IF EXISTS `vendor_credentials`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `vendor_credentials` (
`vendor_id` int(11) NOT NULL,
`credential_id` int(11) NOT NULL,
PRIMARY KEY (`vendor_id`,`credential_id`),
KEY `credential_id` (`credential_id`),
CONSTRAINT `vendor_credentials_ibfk_1` FOREIGN KEY (`vendor_id`) REFERENCES `vendors` (`vendor_id`) ON DELETE CASCADE,
CONSTRAINT `vendor_credentials_ibfk_2` FOREIGN KEY (`credential_id`) REFERENCES `credentials` (`credential_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `vendor_documents`
--
@ -2362,20 +2410,6 @@ CREATE TABLE `vendor_files` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `vendor_logins`
--
DROP TABLE IF EXISTS `vendor_logins`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `vendor_logins` (
`vendor_id` int(11) NOT NULL,
`login_id` int(11) NOT NULL,
PRIMARY KEY (`vendor_id`,`login_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `vendors`
--
@ -2417,4 +2451,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2025-03-12 13:56:16
-- Dump completed on 2025-03-12 21:27:39

36
functions.php
View File

@ -334,13 +334,13 @@ function generateUserSessionKey($site_encryption_master_key)
}
}
// Decrypts an encrypted password (website/asset login), returns it as a string
function decryptLoginEntry($login_password_ciphertext)
// Decrypts an encrypted password (website/asset credentials), returns it as a string
function decryptCredentialEntry($credential_password_ciphertext)
{
// Split the login into IV and Ciphertext
$login_iv = substr($login_password_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_password_ciphertext, 16);
// Split the credential into IV and Ciphertext
$credential_iv = substr($credential_password_ciphertext, 0, 16);
$credential_ciphertext = $salt = substr($credential_password_ciphertext, 16);
// Get the user session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
@ -350,12 +350,12 @@ function decryptLoginEntry($login_password_ciphertext)
// Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
// Decrypt the login password using the master key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
// Decrypt the credential password using the master key
return openssl_decrypt($credential_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $credential_iv);
}
// Encrypts a website/asset login password
function encryptLoginEntry($login_password_cleartext)
// Encrypts a website/asset credential password
function encryptCredentialEntry($credential_password_cleartext)
{
$iv = randomString();
@ -367,26 +367,26 @@ function encryptLoginEntry($login_password_cleartext)
//Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
//Encrypt the website/asset login using the master key
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
//Encrypt the website/asset credential using the master key
$ciphertext = openssl_encrypt($credential_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
return $iv . $ciphertext;
}
function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
function apiDecryptCredentialEntry($credential_ciphertext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
{
// Split the login entry (username/password) into IV and Ciphertext
$login_iv = substr($login_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_ciphertext, 16);
// Split the Credential entry (username/password) into IV and Ciphertext
$credential_iv = substr($credential_ciphertext, 0, 16);
$credential_ciphertext = $salt = substr($credential_ciphertext, 16);
// Decrypt the api hash to get the master key
$site_encryption_master_key = decryptUserSpecificKey($api_key_decrypt_hash, $api_key_decrypt_password);
// Decrypt the login password using the master key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
// Decrypt the credential password using the master key
return openssl_decrypt($credential_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $credential_iv);
}
function apiEncryptLoginEntry(#[\SensitiveParameter]$credential_cleartext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
function apiEncryptCredentialEntry(#[\SensitiveParameter]$credential_cleartext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
{
$iv = randomString();

36
global_search.php
View File

@ -99,13 +99,13 @@ if (isset($_GET['query'])) {
ORDER BY recurring_ticket_id DESC LIMIT 5"
);
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins
LEFT JOIN contacts ON login_contact_id = contact_id
LEFT JOIN clients ON login_client_id = client_id
WHERE login_archived_at IS NULL
AND (login_name LIKE '%$query%' OR login_description LIKE '%$query%')
$sql_credentials = mysqli_query($mysqli, "SELECT * FROM credentials
LEFT JOIN contacts ON credential_contact_id = contact_id
LEFT JOIN clients ON credential_client_id = client_id
WHERE credential_archived_at IS NULL
AND (credential_name LIKE '%$query%' OR credential_description LIKE '%$query%')
$access_permission_query
ORDER BY login_id DESC LIMIT 5"
ORDER BY credential_id DESC LIMIT 5"
);
$sql_invoices = mysqli_query($mysqli, "SELECT * FROM invoices
@ -571,9 +571,9 @@ if (isset($_GET['query'])) {
<?php } ?>
<?php if (mysqli_num_rows($sql_logins) > 0) { ?>
<?php if (mysqli_num_rows($sql_credentials) > 0) { ?>
<!-- Logins -->
<!-- Credentials -->
<div class="col-sm-6">
<div class="card card-dark mb-3">
<div class="card-header">
@ -593,21 +593,21 @@ if (isset($_GET['query'])) {
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_logins)) {
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_client_id = intval($row['login_client_id']);
$login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
$login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
while ($row = mysqli_fetch_array($sql_credentials)) {
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_client_id = intval($row['credential_client_id']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$client_id = intval($row['client_id']);
$client_name = nullable_htmlentities($row['client_name']);
?>
<tr>
<td><a href="credentials.php?client_id=<?php echo $login_client_id ?>&q=<?php echo $q ?>"><?php echo $login_name; ?></a></td>
<td><?php echo $login_description; ?></td>
<td><?php echo $login_username; ?></td>
<td><a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button>
<td><a href="credentials.php?client_id=<?php echo $credential_client_id ?>&q=<?php echo $q ?>"><?php echo $credential_name; ?></a></td>
<td><?php echo $credential_description; ?></td>
<td><?php echo $credential_username; ?></td>
<td><a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $credential_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $credential_password; ?>"><i class="far fa-copy text-secondary"></i></button>
</td>
<td><a href="credentials.php?client_id=<?php echo $client_id; ?>"><?php echo $client_name; ?></a></td>
</tr>

42
guest/guest_view_item.php
View File

@ -163,61 +163,61 @@ if ($item_type == "Document") {
echo "<a href='guest_download_file.php?id=$item_id&key=$item_key'>Download $file_name</a>";
} elseif ($item_type == "Login") {
} elseif ($item_type == "Credential") {
$encryption_key = $_GET['ek'];
$login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id LIMIT 1");
$login_row = mysqli_fetch_array($login_sql);
if (mysqli_num_rows($login_sql) !== 1 || !$login_row) {
$credential_sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $item_related_id AND credential_client_id = $client_id LIMIT 1");
$credential_row = mysqli_fetch_array($credential_sql);
if (mysqli_num_rows($credential_sql) !== 1 || !$credential_row) {
echo "<div class='alert alert-danger'>Error retrieving login.</div>";
include "guest_footer.php";
exit();
}
$login_id = intval($login_row['login_id']);
$login_name = nullable_htmlentities($login_row['login_name']);
$login_uri = nullable_htmlentities($login_row['login_uri']);
$credential_id = intval($credential_row['credential_id']);
$credential_name = nullable_htmlentities($credential_row['credential_name']);
$credential_uri = nullable_htmlentities($credential_row['credential_uri']);
$username_iv = substr($row['item_encrypted_username'], 0, 16);
$username_ciphertext = substr($row['item_encrypted_username'], 16);
$login_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
$credential_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
$password_iv = substr($row['item_encrypted_credential'], 0, 16);
$password_ciphertext = substr($row['item_encrypted_credential'], 16);
$login_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
$credential_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
$login_otp = nullable_htmlentities($login_row['login_otp_secret']);
$credential_otp = nullable_htmlentities($credential_row['credential_otp_secret']);
$login_otp_secret = nullable_htmlentities($login_row['login_otp_secret']);
$login_id_with_secret = '"' . $login_row['login_id'] . '","' . $login_row['login_otp_secret'] . '"';
$credential_otp_secret = nullable_htmlentities($credential_row['credential_otp_secret']);
$credential_id_with_secret = '"' . $credential_row['credential_id'] . '","' . $credential_row['credential_otp_secret'] . '"';
if (empty($login_otp_secret)) {
$otp_display = "-";
} else {
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<span onmouseenter='showOTP($credential_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
}
$login_notes = nullable_htmlentities($login_row['login_note']);
$credential_notes = nullable_htmlentities($credential_row['credential_note']);
?>
<h5><?php echo $login_name; ?></h5>
<h5><?php echo $credential_name; ?></h5>
<table class="table col-md-3">
<tr>
<th>URL</th>
<td><?php echo $login_uri; ?></td>
<td><?php echo $credential_uri; ?></td>
</tr>
<tr>
<th>Username</th>
<td><?php echo $login_username ?></td>
<td><?php echo $credential_username ?></td>
</tr>
<tr>
<th>Password</th>
<td><?php echo $login_password ?></td>
<td><?php echo $credential_password ?></td>
</tr>
<?php if(!empty($login_otp_secret)){ ?>
<?php if(!empty($credential_otp_secret)){ ?>
<tr>
<th>2FA (TOTP)</th>
<td><?php echo $otp_display ?></td>
@ -250,12 +250,12 @@ if ($item_type == "Document") {
<?php
// Update login view count
// Update credential view count
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging
$name = sanitizeInput($login_row['login_name']);
$name = sanitizeInput($credential_row['credential_name']);
logAction("Share", "View", "Viewed shared $item_type $name via link", $client_id);
}

4
includes/client_side_nav.php
View File

@ -147,8 +147,8 @@
<p>
Credentials
<?php
if ($num_logins > 0) { ?>
<span class="right badge text-light"><?php echo $num_logins; ?></span>
if ($num_credentials > 0) { ?>
<span class="right badge text-light"><?php echo $num_credentials; ?></span>
<?php } ?>
</p>
</a>

2
includes/database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "1.9.9");
DEFINE("LATEST_DATABASE_VERSION", "2.0.0");

4
includes/inc_all_client.php
View File

@ -154,8 +154,8 @@ if (isset($_GET['client_id'])) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('vendor_id') AS num FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id AND vendor_template = 0"));
$num_vendors = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('login_id') AS num FROM logins WHERE login_archived_at IS NULL AND login_client_id = $client_id"));
$num_logins = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('credential_id') AS num FROM credentials WHERE credential_archived_at IS NULL AND credential_client_id = $client_id"));
$num_credentials = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('network_id') AS num FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id"));
$num_networks = $row['num'];

8
js/credential_show_otp_via_id.js
View File

@ -1,15 +1,15 @@
function showOTPViaLoginID(login_id) {
// Send a GET request to ajax.php as ajax.php?get_totp_token_via_id=true&login_id=ID
function showOTPViaCredentialID(credential_id) {
// Send a GET request to ajax.php as ajax.php?get_totp_token_via_id=true&credential_id=ID
jQuery.get(
"ajax.php", {
get_totp_token_via_id: 'true',
login_id: login_id
credential_id: credential_id
},
function(data) {
//If we get a response from post.php, parse it as JSON
const token = JSON.parse(data);
document.getElementById("otp_" + login_id).innerText = token
document.getElementById("otp_" + credential_id).innerText = token
}
);

22
modals/asset_link_credential_modal.php
View File

@ -16,23 +16,23 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<select class="form-control select2" name="login_id">
<select class="form-control select2" name="credential_id">
<option value="">- Select a Credential -</option>
<?php
$sql_logins_select = mysqli_query($mysqli, "SELECT login_id, login_name FROM logins
WHERE login_client_id = $client_id
AND login_asset_id != $contact_id
AND login_asset_id = 0
AND login_archived_at IS NULL
ORDER BY login_name ASC"
$sql_credentials_select = mysqli_query($mysqli, "SELECT credential_id, credential_name FROM credentials
WHERE credential_client_id = $client_id
AND credential_asset_id != $contact_id
AND credential_asset_id = 0
AND credential_archived_at IS NULL
ORDER BY credential_name ASC"
);
while ($row = mysqli_fetch_array($sql_logins_select)) {
$login_id = intval($row['login_id']);
$login_name = nullable_htmlentities($row['login_name']);
while ($row = mysqli_fetch_array($sql_credentials_select)) {
$credential_id = intval($row['credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
?>
<option value="<?php echo $login_id ?>"><?php echo $login_name; ?></option>
<option value="<?php echo $credential_id ?>"><?php echo $credential_name; ?></option>
<?php
}
?>

22
modals/contact_link_credential_modal.php
View File

@ -16,23 +16,23 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-desktop"></i></span>
</div>
<select class="form-control select2" name="login_id">
<select class="form-control select2" name="credential_id">
<option value="">- Select a Credential -</option>
<?php
$sql_logins_select = mysqli_query($mysqli, "SELECT login_id, login_name FROM logins
WHERE login_client_id = $client_id
AND login_contact_id != $contact_id
AND login_contact_id = 0
AND login_archived_at IS NULL
ORDER BY login_name ASC"
$sql_credentials_select = mysqli_query($mysqli, "SELECT credential_id, credential_name FROM credentials
WHERE credential_client_id = $client_id
AND credential_contact_id != $contact_id
AND credential_contact_id = 0
AND credential_archived_at IS NULL
ORDER BY credential_name ASC"
);
while ($row = mysqli_fetch_array($sql_logins_select)) {
$login_id = intval($row['login_id']);
$login_name = nullable_htmlentities($row['login_name']);
while ($row = mysqli_fetch_array($sql_credentials_select)) {
$credential_id = intval($row['credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
?>
<option value="<?php echo $login_id ?>"><?php echo $login_name; ?></option>
<option value="<?php echo $credential_id ?>"><?php echo $credential_name; ?></option>
<?php
}
?>

4
modals/credential_add_modal.php
View File

@ -1,4 +1,4 @@
<div class="modal" id="addLoginModal" tabindex="-1">
<div class="modal" id="addCredentialModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
@ -245,7 +245,7 @@
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="add_login" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="submit" name="add_credential" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Create</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>

2
modals/credential_bulk_assign_tags_modal.php
View File

@ -49,7 +49,7 @@
</div>
<div class="modal-footer bg-white">
<button type="submit" name="bulk_assign_login_tags" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Assign</button>
<button type="submit" name="bulk_assign_credential_tags" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Assign</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</div>

2
modals/credential_export_modal.php
View File

@ -1,4 +1,4 @@
<div class="modal" id="exportLoginModal" tabindex="-1">
<div class="modal" id="exportCredentialModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">

4
modals/credential_import_modal.php
View File

@ -1,8 +1,8 @@
<div class="modal" id="importLoginModal" tabindex="-1">
<div class="modal" id="importCredentialModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-key"></i> Import Credentials</h5>
<h5 class="modal-title"><i class="fas fa-fw fa-key mr-2"></i>Import Credentials</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>

6
post/admin/admin_update.php
View File

@ -116,8 +116,8 @@ if (isset($_GET['update'])) {
$software_template_count = $row['num'];
// Password Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('login_id') AS num FROM logins"));
$password_count = $row['num'];
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('credential_id') AS num FROM credentials"));
$credential_count = $row['num'];
// Network Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('network_id') AS num FROM networks"));
@ -227,7 +227,7 @@ if (isset($_GET['update'])) {
'asset_count' => $asset_count,
'software_count' => $software_count,
'software_template_count' => $software_template_count,
'password_count' => $password_count,
'credential_count' => $credential_count,
'network_count' => $network_count,
'certificate_count' => $certificate_count,
'domain_count' => $domain_count,

202
post/user/credential.php
View File

@ -1,31 +1,31 @@
<?php
/*
* ITFlow - GET/POST request handler for client credentials (formerly logins)
* ITFlow - GET/POST request handler for client credentials
*/
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_login'])) {
if (isset($_POST['add_credential'])) {
enforceUserPermission('module_credential', 2);
require_once 'post/user/credential_model.php';
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_asset_id = $asset_id, login_client_id = $client_id");
mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_asset_id = $asset_id, credential_client_id = $client_id");
$login_id = mysqli_insert_id($mysqli);
$credential_id = mysqli_insert_id($mysqli);
// Add Tags
if (isset($_POST['tags'])) {
foreach($_POST['tags'] as $tag) {
$tag = intval($tag);
mysqli_query($mysqli, "INSERT INTO login_tags SET login_id = $login_id, tag_id = $tag");
mysqli_query($mysqli, "INSERT INTO credential_tags SET credential_id = $credential_id, tag_id = $tag");
}
}
// Logging
logAction("Credential", "Create", "$session_name created credential $name", $client_id, $login_id);
logAction("Credential", "Create", "$session_name created credential $name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Credential <strong>$name</strong> created";
@ -33,146 +33,146 @@ if (isset($_POST['add_login'])) {
}
if (isset($_POST['edit_login'])) {
if (isset($_POST['edit_credential'])) {
enforceUserPermission('module_credential', 2);
require_once 'post/user/credential_model.php';
$login_id = intval($_POST['login_id']);
$credential_id = intval($_POST['credential_id']);
// Determine if the password has actually changed (salt is rotated on all updates, so have to dencrypt both and compare)
$current_password = decryptLoginEntry(mysqli_fetch_row(mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = $login_id"))[0]); // Get current login password
$new_password = decryptLoginEntry($password); // Get the new password being set (already encrypted by the login model)
$current_password = decryptCredentialEntry(mysqli_fetch_row(mysqli_query($mysqli, "SELECT credential_password FROM credentials WHERE credential_id = $credential_id"))[0]); // Get current credential password
$new_password = decryptCredentialEntry($password); // Get the new password being set (already encrypted by the credential model)
if ($current_password !== $new_password) {
// The password has been changed - update the DB to track
mysqli_query($mysqli, "UPDATE logins SET login_password_changed_at = NOW() WHERE login_id = $login_id");
mysqli_query($mysqli, "UPDATE credentials SET credential_password_changed_at = NOW() WHERE credential_id = $credential_id");
}
// Update the login entry with the new details
mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_asset_id = $asset_id WHERE login_id = $login_id");
// Update the credential entry with the new details
mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_asset_id = $asset_id WHERE credential_id = $credential_id");
// Tags
// Delete existing tags
mysqli_query($mysqli, "DELETE FROM login_tags WHERE login_id = $login_id");
mysqli_query($mysqli, "DELETE FROM credential_tags WHERE credential_id = $credential_id");
// Add new tags
if(isset($_POST['tags'])) {
foreach($_POST['tags'] as $tag) {
$tag = intval($tag);
mysqli_query($mysqli, "INSERT INTO login_tags SET login_id = $login_id, tag_id = $tag");
mysqli_query($mysqli, "INSERT INTO credential_tags SET credential_id = $credential_id, tag_id = $tag");
}
}
// Logging
logAction("Credential", "Edit", "$session_name edited credential $name", $client_id, $login_id);
logAction("Credential", "Edit", "$session_name edited credential $name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Login <strong>$name</strong> edited";
$_SESSION['alert_message'] = "Credential <strong>$name</strong> edited";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['archive_login'])){
if(isset($_GET['archive_credential'])){
enforceUserPermission('module_credential', 2);
$login_id = intval($_GET['archive_login']);
$credential_id = intval($_GET['archive_credential']);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
mysqli_query($mysqli,"UPDATE logins SET login_archived_at = NOW() WHERE login_id = $login_id");
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
//logging
logAction("Credential", "Archive", "$session_name archived credential $login_name", $client_id, $login_id);
logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Credential <strong>$login_name</strong> archived";
$_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> archived";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['unarchive_login'])){
if(isset($_GET['unarchive_credential'])){
enforceUserPermission('module_credential', 2);
$login_id = intval($_GET['unarchive_login']);
$credential_id = intval($_GET['unarchive_credential']);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
mysqli_query($mysqli,"UPDATE logins SET login_archived_at = NULL WHERE login_id = $login_id");
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
//Logging
logAction("Credential", "Unarchive", "$session_name unarchived credential $login_name", $client_id, $login_id);
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Credential <strong>$login_name</strong> restored";
$_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> restored";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_login'])) {
if (isset($_GET['delete_credential'])) {
enforceUserPermission('module_credential', 3);
$login_id = intval($_GET['delete_login']);
$credential_id = intval($_GET['delete_credential']);
// Get Login Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
// Get Credential Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
mysqli_query($mysqli,"DELETE FROM logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM credentials WHERE credential_id = $credential_id");
// Remove Relations
mysqli_query($mysqli,"DELETE FROM contact_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM service_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM software_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM vendor_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM contact_credentials WHERE credential_id = $credential_id");
mysqli_query($mysqli,"DELETE FROM service_credentials WHERE credential_id = $credential_id");
mysqli_query($mysqli,"DELETE FROM software_credentials WHERE credential_id = $credential_id");
mysqli_query($mysqli,"DELETE FROM vendor_credentials WHERE credential_id = $credential_id");
// Logging
logAction("Credential", "Delete", "$session_name deleted credential $login_name", $client_id);
logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Credential <strong>$login_name</strong> deleted";
$_SESSION['alert_message'] = "Credential <strong>$credential_name</strong> deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['bulk_assign_login_tags'])) {
if (isset($_POST['bulk_assign_credential_tags'])) {
enforceUserPermission('module_credential', 2);
// Assign tags to Selected Credentials
if (isset($_POST['login_ids'])) {
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
$count = count($_POST['login_ids']);
$count = count($_POST['credential_ids']);
foreach($_POST['login_ids'] as $login_id) {
$login_id = intval($login_id);
foreach($_POST['credential_ids'] as $credential_id) {
$credential_id = intval($credential_id);
// Get Contact Details for Logging
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
if($_POST['bulk_remove_tags']) {
// Delete tags if chosed to do so
mysqli_query($mysqli, "DELETE FROM login_tags WHERE login_id = $login_id");
mysqli_query($mysqli, "DELETE FROM credential_tags WHERE credential_id = $credential_id");
}
// Add new tags
@ -180,15 +180,15 @@ if (isset($_POST['bulk_assign_login_tags'])) {
foreach($_POST['bulk_tags'] as $tag) {
$tag = intval($tag);
$sql = mysqli_query($mysqli,"SELECT * FROM login_tags WHERE login_id = $login_id AND tag_id = $tag");
$sql = mysqli_query($mysqli,"SELECT * FROM credential_tags WHERE credential_id = $credential_id AND tag_id = $tag");
if (mysqli_num_rows($sql) == 0) {
mysqli_query($mysqli, "INSERT INTO login_tags SET login_id = $login_id, tag_id = $tag");
mysqli_query($mysqli, "INSERT INTO credential_tags SET credential_id = $credential_id, tag_id = $tag");
}
}
}
// Logging
logAction("Credential", "Edit", "$session_name added tags to $login_name", $client_id, $login_id);
logAction("Credential", "Edit", "$session_name added tags to $credential_name", $client_id, $credential_id);
$_SESSION['alert_message'] = "Assigned tags for <strong>$count</strong> credentials";
@ -202,31 +202,31 @@ if (isset($_POST['bulk_assign_login_tags'])) {
}
if (isset($_POST['bulk_archive_logins'])) {
if (isset($_POST['bulk_archive_credentials'])) {
enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
if (isset($_POST['login_ids'])) {
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
$count = count($_POST['login_ids']);
$count = count($_POST['credential_ids']);
// Cycle through array and archive each record
foreach ($_POST['login_ids'] as $login_id) {
foreach ($_POST['credential_ids'] as $credential_id) {
$login_id = intval($login_id);
$credential_id = intval($credential_id);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
mysqli_query($mysqli,"UPDATE logins SET login_archived_at = NOW() WHERE login_id = $login_id");
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NOW() WHERE credential_id = $credential_id");
// Individual Contact logging
logAction("Credential", "Archive", "$session_name archived credential $login_name", $client_id, $login_id);
logAction("Credential", "Archive", "$session_name archived credential $credential_name", $client_id, $credential_id);
}
// Bulk Logging
@ -240,32 +240,32 @@ if (isset($_POST['bulk_archive_logins'])) {
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['bulk_unarchive_logins'])) {
if (isset($_POST['bulk_unarchive_credentials'])) {
enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
if (isset($_POST['login_ids'])) {
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
$count = count($_POST['login_ids']);
$count = count($_POST['credential_ids']);
// Cycle through array and unarchive
foreach ($_POST['login_ids'] as $login_id) {
foreach ($_POST['credential_ids'] as $credential_id) {
$login_id = intval($login_id);
$credential_id = intval($credential_id);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
mysqli_query($mysqli,"UPDATE logins SET login_archived_at = NULL WHERE login_id = $login_id");
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
// Individual logging
logAction("Credential", "Unarchive", "$session_name unarchived credential $login_name", $client_id, $login_id);
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id);
}
@ -279,38 +279,38 @@ if (isset($_POST['bulk_unarchive_logins'])) {
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['bulk_delete_logins'])) {
if (isset($_POST['bulk_delete_credentials'])) {
enforceUserPermission('module_credential', 3);
validateCSRFToken($_POST['csrf_token']);
if (isset($_POST['login_ids'])) {
if (isset($_POST['credential_ids'])) {
// Get Selected Credential Count
$count = count($_POST['login_ids']);
$count = count($_POST['credential_ids']);
// Cycle through array and delete each record
foreach ($_POST['login_ids'] as $login_id) {
foreach ($_POST['credential_ids'] as $credential_id) {
$login_id = intval($login_id);
$credential_id = intval($credential_id);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
mysqli_query($mysqli, "DELETE FROM logins WHERE login_id = $login_id AND login_client_id = $client_id");
mysqli_query($mysqli, "DELETE FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id");
// Remove Relations
mysqli_query($mysqli,"DELETE FROM contact_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM service_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM software_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM vendor_logins WHERE login_id = $login_id");
mysqli_query($mysqli,"DELETE FROM contact_credentials WHERE credential_id = $credential_id");
mysqli_query($mysqli,"DELETE FROM service_credentials WHERE credential_id = $credential_id");
mysqli_query($mysqli,"DELETE FROM software_credentials WHERE credential_id = $credential_id");
mysqli_query($mysqli,"DELETE FROM vendor_credentials WHERE credential_id = $credential_id");
// Logging
logAction("Credential", "Delete", "$session_name deleted credential $login_name", $client_id);
logAction("Credential", "Delete", "$session_name deleted credential $credential_name", $client_id);
}
@ -331,13 +331,13 @@ if (isset($_POST['export_credentials_csv'])) {
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "AND login_client_id = $client_id";
$client_query = "AND credential_client_id = $client_id";
} else {
$client_query = '';
}
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM logins LEFT JOIN clients ON client_id = login_client_id WHERE login_archived_at IS NULL $client_query ORDER BY login_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM credentials LEFT JOIN clients ON client_id = credential_client_id WHERE credential_archived_at IS NULL $client_query ORDER BY credential_name ASC");
$row = mysqli_fetch_array($sql);
$num_rows = mysqli_num_rows($sql);
@ -355,9 +355,9 @@ if (isset($_POST['export_credentials_csv'])) {
//output each row of the data, format line as csv and write to file pointer
while($row = mysqli_fetch_assoc($sql)){
$login_username = decryptLoginEntry($row['login_username']);
$login_password = decryptLoginEntry($row['login_password']);
$lineData = array($row['login_name'], $row['login_description'], $login_username, $login_password, $row['login_uri']);
$credential_username = decryptCredentialEntry($row['credential_username']);
$credential_password = decryptCredentialEntry($row['credential_password']);
$lineData = array($row['credential_name'], $row['credential_description'], $credential_username, $credential_password, $row['credential_uri']);
fputcsv($f, $lineData, $delimiter);
}
@ -427,7 +427,7 @@ if (isset($_POST["import_credentials_csv"])) {
$duplicate_detect = 0;
if (isset($column[0])) {
$name = sanitizeInput($column[0]);
if (mysqli_num_rows(mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name = '$name' AND login_client_id = $client_id")) > 0){
if (mysqli_num_rows(mysqli_query($mysqli,"SELECT * FROM credentials WHERE credential_name = '$name' AND credential_client_id = $client_id")) > 0){
$duplicate_detect = 1;
}
}
@ -435,10 +435,10 @@ if (isset($_POST["import_credentials_csv"])) {
$description = sanitizeInput($column[1]);
}
if (isset($column[2])) {
$username = sanitizeInput(encryptLoginEntry($column[2]));
$username = sanitizeInput(encryptCredentialEntry($column[2]));
}
if (isset($column[3])) {
$password = sanitizeInput(encryptLoginEntry($column[3]));
$password = sanitizeInput(encryptCredentialEntry($column[3]));
}
if (isset($column[4])) {
$uri = sanitizeInput($column[4]);
@ -447,7 +447,7 @@ if (isset($_POST["import_credentials_csv"])) {
// Check if duplicate was detected
if ($duplicate_detect == 0){
//Add
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_username = '$username', login_password = '$password', login_client_id = $client_id");
mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_username = '$username', credential_password = '$password', credential_client_id = $client_id");
$row_count = $row_count + 1;
}else{
$duplicate_count = $duplicate_count + 1;

6
post/user/credential_model.php
View File

@ -1,5 +1,5 @@
<?php
// Model of reusable variables for client credentials/logins - not to be confused with the ITFLow login process
// Model of reusable variables for client credentials - not to be confused with the ITFLow login process
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
$client_id = intval($_POST['client_id']);
@ -7,8 +7,8 @@ $name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$uri = sanitizeInput($_POST['uri']);
$uri_2 = sanitizeInput($_POST['uri_2']);
$username = encryptLoginEntry(trim($_POST['username']));
$password = encryptLoginEntry(trim($_POST['password']));
$username = encryptCredentialEntry(trim($_POST['username']));
$password = encryptCredentialEntry(trim($_POST['password']));
$otp_secret = sanitizeInput($_POST['otp_secret']);
$note = sanitizeInput($_POST['note']);
$important = intval($_POST['important'] ?? 0);

22
report_credential_rotation.php
View File

@ -12,10 +12,10 @@ if (isset($_GET['days'])) {
}
$passwords_not_rotated_sql = mysqli_query($mysqli,
"SELECT login_id, login_name, login_description, login_password_changed_at, login_client_id, client_id, client_name
FROM logins
LEFT JOIN clients ON login_client_id = client_id
WHERE DATE(login_password_changed_at) < DATE_SUB(CURDATE(), INTERVAL $days DAY)
"SELECT credential_id, credential_name, credential_description, credential_password_changed_at, credential_client_id, client_id, client_name
FROM credentials
LEFT JOIN clients ON credential_client_id = client_id
WHERE DATE(credential_password_changed_at) < DATE_SUB(CURDATE(), INTERVAL $days DAY)
ORDER BY client_name"
);
@ -46,10 +46,10 @@ $passwords_not_rotated_sql = mysqli_query($mysqli,
while ($row = mysqli_fetch_array($passwords_not_rotated_sql)) {
$login_id = intval($row['login_id']);
$login_name = nullable_htmlentities($row['login_name']);
$login_description = nullable_htmlentities($row['login_description']);
$login_password_changed = nullable_htmlentities($row['login_password_changed_at']);
$credential_id = intval($row['credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']);
$credential_password_changed = nullable_htmlentities($row['credential_password_changed_at']);
$client_id = intval($row['client_id']);
$client_name = nullable_htmlentities($row['client_name']);
@ -57,9 +57,9 @@ $passwords_not_rotated_sql = mysqli_query($mysqli,
<tr>
<td><?php echo $client_name; ?></td>
<td class="text-right"><?php echo $login_name; ?></td>
<td class="text-right"><?php echo $login_description; ?></td>
<td class="text-right"><?php echo timeAgo($login_password_changed) . " (" . $login_password_changed . ")" ?></td>
<td class="text-right"><?php echo $credential_name; ?></td>
<td class="text-right"><?php echo $credential_description; ?></td>
<td class="text-right"><?php echo timeAgo($credential_password_changed) . " (" . $credential_password_changed . ")" ?></td>
</tr>
<?php } ?>

8
scripts/cron.php
View File

@ -989,9 +989,9 @@ if ($config_telemetry > 0 || $config_telemetry == 2) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('software_id') AS num FROM software WHERE software_template = 1"));
$software_template_count = $row['num'];
// Password Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('login_id') AS num FROM logins"));
$password_count = $row['num'];
// Credential Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('credential_id') AS num FROM credentials"));
$credential_count = $row['num'];
// Network Count
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('network_id') AS num FROM networks"));
@ -1100,7 +1100,7 @@ if ($config_telemetry > 0 || $config_telemetry == 2) {
'asset_count' => $asset_count,
'software_count' => $software_count,
'software_template_count' => $software_template_count,
'password_count' => $password_count,
'credential_count' => $credential_count,
'network_count' => $network_count,
'certificate_count' => $certificate_count,
'domain_count' => $domain_count,