AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactored Login UI to reduce clutter, minimise and increase security also 2FA Box will appear when enabled

This commit is contained in:
johnny@pittpc.com 2020-01-04 23:44:04 -05:00
parent e8b13c6058
commit f84e3c4b6b
4 changed files with 32 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -6,7 +6,7 @@
* Locations
* Vendors
* Assets
* Password Manager
* Password Manager (AES Encrypted in DB)
* Domain Names
* Applications
* Networks

10
clients.php
View File

@ -2,7 +2,7 @@
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
//$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
//Paging
if(isset($_GET['p'])){
@ -48,10 +48,14 @@ if(!empty($_GET['dtf'])){
$dtf = $_GET['dtf'];
$dtt = $_GET['dtt'];
}else{
$dtf = "0000-00-00";
$dtt = "9999-00-00";
$dtf = "1000-01-01";
$dtt = "9999-01-01";
}
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));

44
login.php
View File

@ -24,11 +24,12 @@ session_start();
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($mysqli,$_POST['email']);
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$plain_password = $_POST['password'];
$password = md5($_POST['password']);
$current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'");
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$username' AND password = '$password'");
if(mysqli_num_rows($sql) == 1){
$row = mysqli_fetch_array($sql);
@ -44,6 +45,15 @@ if(isset($_POST['login'])){
header("Location: dashboard.php");
}else{
$token_field = "<div class='input-group mb-3'>
<input type='text' class='form-control' placeholder='Token' name='current_code' autofocus>
<div class='input-group-append'>
<div class='input-group-text'>
<span class='fas fa-key'></span>
</div>
</div>
</div>";
require_once("rfc6238.php");
if(TokenAuth6238::verify($token,$current_code)){
@ -55,8 +65,8 @@ if(isset($_POST['login'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), user_id = $user_id");
$response = "
<div class='alert alert-danger'>
Invalid Code.
<div class='alert alert-primary'>
Please Enter 2FA Key!
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
@ -64,11 +74,11 @@ if(isset($_POST['login'])){
}
}else{
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$email - $ip - $os - $browser - $device', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$username - $ip - $os - $browser - $device', log_created_at = NOW()");
$response = "
<div class='alert alert-danger'>
Incorrect email or password.
Incorrect username or password.
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
@ -95,41 +105,31 @@ if(isset($_POST['login'])){
</head>
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo">
<b><?php echo $config_app_name; ?></b> Login
</div>
<!-- /.login-logo -->
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg"><?php if(isset($response)) { echo $response; } ?></p>
<form method="post">
<div class="input-group mb-3">
<input type="email" class="form-control" placeholder="Email" name="email" required autofocus>
<input type="text" class="form-control" placeholder="Username" name="username" value="<?php if(!empty($token_field)){ echo $username; }?>" required <?php if(empty($token_field)){ echo "autofocus"; } ?> >
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
<span class="fas fa-user"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="password" class="form-control" placeholder="Password" name="password" required>
<input type="password" class="form-control" placeholder="Password" name="password" value="<?php if(!empty($token_field)){ echo $plain_password; } ?>" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<div class="input-group mb-3">
<input type="text" class="form-control" placeholder="Token" name="current_code">
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-key"></span>
</div>
</div>
</div>
<?php echo $token_field; ?>
<button type="submit" class="btn btn-primary btn-block" name="login">Sign In</button>
<button type="submit" class="btn btn-dark btn-block mb-3" name="login">Sign In</button>
</form>

6
side_nav.php
View File

@ -2,10 +2,8 @@
<aside class="main-sidebar sidebar-dark-primary elevation-4 d-print-none">
<!-- Brand Logo -->
<a href="index.php" class="brand-link">
<img src="dist/img/AdminLTELogo.png" alt="AdminLTE Logo" class="brand-image img-circle elevation-3"
style="opacity: .8">
<span class="brand-text font-weight-light"><?php echo $config_app_name; ?></span>
<a href="index.php" class="brand-link text-center">
<span class="brand-text font-weight-light"><i class="fa fa-network-wired"></i> <?php echo $config_app_name; ?></span>
</a>
<!-- Sidebar -->