From f84e3c4b6bd360bc97ca209853b884840a2f1243 Mon Sep 17 00:00:00 2001 From: "johnny@pittpc.com" Date: Sat, 4 Jan 2020 23:44:04 -0500 Subject: [PATCH] Refactored Login UI to reduce clutter, minimise and increase security also 2FA Box will appear when enabled --- README.md | 2 +- clients.php | 10 +++++++--- login.php | 44 ++++++++++++++++++++++---------------------- side_nav.php | 6 ++---- 4 files changed, 32 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index bb9e5dfb..b28f7009 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ * Locations * Vendors * Assets - * Password Manager + * Password Manager (AES Encrypted in DB) * Domain Names * Applications * Networks diff --git a/clients.php b/clients.php index a4e13e5c..549a2818 100644 --- a/clients.php +++ b/clients.php @@ -2,7 +2,7 @@ //Rebuild URL -$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o))); +//$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o))); //Paging if(isset($_GET['p'])){ @@ -48,10 +48,14 @@ if(!empty($_GET['dtf'])){ $dtf = $_GET['dtf']; $dtt = $_GET['dtt']; }else{ - $dtf = "0000-00-00"; - $dtt = "9999-00-00"; + $dtf = "1000-01-01"; + $dtt = "9999-01-01"; } +//Rebuild URL + +$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o))); + $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to"); $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); diff --git a/login.php b/login.php index a62e9a04..7beb4ca9 100644 --- a/login.php +++ b/login.php @@ -24,11 +24,12 @@ session_start(); if(isset($_POST['login'])){ - $email = mysqli_real_escape_string($mysqli,$_POST['email']); + $username = mysqli_real_escape_string($mysqli,$_POST['username']); + $plain_password = $_POST['password']; $password = md5($_POST['password']); $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']); - $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'"); + $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$username' AND password = '$password'"); if(mysqli_num_rows($sql) == 1){ $row = mysqli_fetch_array($sql); @@ -44,6 +45,15 @@ if(isset($_POST['login'])){ header("Location: dashboard.php"); }else{ + $token_field = "
+ +
+
+ +
+
+
"; + require_once("rfc6238.php"); if(TokenAuth6238::verify($token,$current_code)){ @@ -55,8 +65,8 @@ if(isset($_POST['login'])){ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = '2FA Failed', log_description = '$ip - $os - $browser - $device', log_created_at = NOW(), user_id = $user_id"); $response = " -
- Invalid Code. +
+ Please Enter 2FA Key!
"; @@ -64,11 +74,11 @@ if(isset($_POST['login'])){ } }else{ - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$email - $ip - $os - $browser - $device', log_created_at = NOW()"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = '$username - $ip - $os - $browser - $device', log_created_at = NOW()"); $response = "
- Incorrect email or password. + Incorrect username or password.
"; @@ -95,41 +105,31 @@ if(isset($_POST['login'])){