AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-07 22:34:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finished up santizeInput Conv and UI updates

Browse Source
This commit is contained in:
johnnyq
2023-02-23 16:09:37 -05:00
parent 2b50302cf9
commit f7552cd25a
179 changed files with 1572 additions and 1349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
portal/check_login.php
View File

@@ -21,14 +21,14 @@ if (!isset($_SESSION['client_logged_in']) || !$_SESSION['client_logged_in']) {
}
// User IP & UA
$session_ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$session_ip = sanitizeInput(getIP());
$session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Get info from session
$session_client_id = $_SESSION['client_id'];
$session_contact_id = $_SESSION['contact_id'];
$session_company_id = $_SESSION['company_id'];
$session_client_id = intval($_SESSION['client_id']);
$session_contact_id = intval($_SESSION['contact_id']);
$session_company_id = intval($_SESSION['company_id']);
// Get company info from database
@@ -46,11 +46,11 @@ $currency_format = numfmt_create($session_company_locale, NumberFormatter::CURRE
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact = mysqli_fetch_array($contact_sql);
$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_name']));
$session_contact_name = sanitizeInput($contact['contact_name']);
$session_contact_initials = initials($session_contact_name);
$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_title']));
$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli, $contact['contact_email']));
$session_contact_photo = $contact['contact_photo'];
$session_contact_title = sanitizeInput($contact['contact_title']);
$session_contact_email = sanitizeInput($contact['contact_email']);
$session_contact_photo = sanitizeInput($contact['contact_photo']);
$session_contact_is_technical_contact = false;
$session_contact_is_billing_contact = false;
@@ -64,8 +64,8 @@ if ($contact['contact_billing'] == 1) {
// Get client info
$client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$session_client_id'");
$client_sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $session_client_id");
$client = mysqli_fetch_array($client_sql);
$session_client_name = $client['client_name'];
$session_client_primary_contact_id = $client['primary_contact'];
$session_client_primary_contact_id = intval($client['primary_contact']);