AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,315 Commits 7 Branches 15 Tags 166 MiB
Commit Graph

108 Commits

Author SHA1 Message Date
johnnyq 0d6c58f1d0 Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device 2023-11-20 20:49:33 -05:00
johnnyq 3781026c79 Commented Out Remember me as it is not feature complete yet 2023-11-17 14:21:41 -05:00
johnnyq 3f2f405596 Allow Manual Input of Trip Destination or select from client locations, Added Remember me checkbox for future implementation 2023-11-06 19:37:48 -05:00
o-psi 53c11edc8c Update constructs to not have parenthesis. 2023-10-20 15:25:52 -05:00
johnnyq 1ccaa936ac Removed number type on 2FA input field replaced with text and inputmode='numeric' pattern='[0-9]*' 2023-09-22 12:43:18 -04:00
johnnyq 0bc10a30e8 Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP 2023-09-21 12:00:46 -04:00
johnnyq d31127c137 set current code to an intval since its a number only 2023-09-20 14:58:05 -04:00
johnnyq 40d34bb71d Set 2FA Field on login to a number field so it only shows the numbers on a mobile phone 2023-09-20 14:53:07 -04:00
johnnyq 5938925a35 Added an error if accessing ITFlow by HTTP:// and is set to true 2023-09-20 14:51:29 -04:00
johnnyq 747b7de143 Feature: Force MFA Part 3 - Enforce MFA by redirecting users to their user_profile to setup MFA if Force MFA is checked, next up is to lock them there until 2FA is set 2023-09-06 00:08:21 -04:00
johnnyq 1ed4eeaafc Remove extra bottom margin below error msg on client login 2023-08-20 15:43:39 -04:00
johnnyq 1d0e2ad758 Removed some of the right and left padding to allow for larger login messages 2023-08-20 15:27:43 -04:00
johnnyq 0d497163fe Feature: Login Message now complete can be set in settings > security 2023-08-18 15:35:31 -04:00
johnnyq fda0d203ed Feature: Added Start Page functionality 2023-08-16 13:23:30 -04:00
Marcus Hill a966bf0282 Adjust content security policy 2023-06-17 16:13:02 +01:00
Marcus Hill 95cd0ebdc8 Adjust CSP 2023-06-17 16:01:15 +01:00
Marcus Hill 57dab27169 Login page enhancements 
- Default to secure cookies (in case var is not defined in config.php)
- Enable content security policy
- Return HTTP 401 response code for invalid username/password combinations
 2023-06-17 15:09:01 +01:00
johnnyq 25f85486d4 Client Portal can now be enabled or disabled in settings > Modules > Enable Client Portal, it is enabled by default 2023-06-14 19:07:39 -04:00
Marcus Hill 1175cc4ade Enable login key code (see #680) 2023-06-03 21:04:43 +01:00
Marcus Hill 5d6d7e389e Add database structure for 'login key' protection concept 2023-05-13 21:49:09 +01:00
johnnyq 37fb696e63 Replace the remaining php files with nullable_htmlentites() 2023-05-11 18:27:48 -04:00
johnnyq 48fe49cf77 BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes 2023-03-11 16:16:46 -05:00
johnnyq f7552cd25a Finished up santizeInput Conv and UI updates 2023-02-23 16:09:37 -05:00
johnnyq 8a91ae0e46 More updating with new sanitize function and more logging and alerting cont 2023-02-16 22:26:38 -05:00
Marcus Hill 5bb4296f14 Adjust core files to 4 spaces 2023-02-12 14:40:10 +00:00
Marcus Hill c219324bb8 General cleanup/formatting 2023-02-09 11:42:57 +00:00
Marcus Hill b36719eb99 General cleanup/tidying 2023-02-09 11:32:40 +00:00
Marcus Hill e8c9e63a7b Add X-Frame-Options to login pages & client portal 2023-02-05 18:43:50 +00:00
Marcus Hill d2124b92f1 Hide the username and password field (via CSS) when prompting for 2FA code 2023-01-30 18:55:30 +00:00
Johnny 4fd6d752c6
Merge pull request #580 from wrongecho/function-standardise 
Convert custom function names to camelCase
 2023-01-26 18:20:33 -05:00
Marcus Hill 531bd25f27 Convert custom function names to camelCase 2023-01-26 22:03:31 +00:00
Marcus Hill 10362f86ef Convert custom function names to camelCase 2023-01-26 21:58:27 +00:00
Marcus Hill 23e3a2e8fc - Create custom function (randomString()) for generating cryptographically (and URL) safe strings. 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
 2023-01-26 21:35:06 +00:00
Marcus Hill cffde0fbbd Tidy 2023-01-25 23:07:37 +00:00
Marcus Hill 0f3b6b5d23 Add alt-text to logo 2023-01-25 23:04:45 +00:00
Marcus Hill 67e1fb7021 Show the 'default' company logo (if configured) on the client login page instead of the ITFlow/company name text 2023-01-25 23:04:45 +00:00
Marcus Hill 95aa46cd52 Show the 'default' company logo (if configured) on the agent login page instead of the ITFlow text 2023-01-25 23:04:45 +00:00
Marcus Hill efecab179b General cleanups, add HTML lang element to match header.php 2023-01-25 23:04:41 +00:00
wrongecho b19c7a6f49
Merge branch 'master' into code-tidy 2023-01-23 19:21:43 +00:00
Marcus Hill d73b3cb960 Correct typos 2023-01-21 17:22:27 +00:00
Marcus Hill 2c3ebb3bbb Tidy codestyle - spaces between parenthesis and curly braces 2023-01-21 17:09:39 +00:00
Marcus Hill 6f900269d7 Add notifications for unusual logins. A login is considered "unusual" if both the user agent and IP address used haven't appeared in the user's sign-in logs before. 2023-01-21 15:16:11 +00:00
Marcus Hill 3973a0dd00 Adjust hardcoded ITFlow to config_app_name 2023-01-21 14:27:40 +00:00
Marcus Hill 2c1f760ce0 - Move brute force login protection before the page loads 
- Increased the threshold to 15 attempts, but over 10 mins instead
 2023-01-21 13:42:54 +00:00
Marcus Hill b9b0440186 - Add email notification to agents if their 2FA code is entered incorrectly (this may be a sign of account compromise) 
- Tidy login code flow so that the "logged" session variable only has to be set in one place, rather than in two (both for 2fa and non-2fa logins)
 2023-01-21 13:25:16 +00:00
Marcus Hill b2ccb53c44 Re-add fix from chandachewe10 to prevent offset array error when entering invalid credentials 2023-01-18 21:21:58 +00:00
johnnyq c0399a2c42 Added Disable and Activate Users, fixes #539 2023-01-13 18:24:50 -05:00
Johnny b91ead19ce
Revert "removed warning" 2023-01-08 14:00:16 -05:00
chandachewe10 e0b314e5a9 removed warning 2023-01-08 00:01:52 +00:00
Marcus Hill 24f825ca08 SQL Escape tech username in session. The username is added to most log entries meaning that a simple apostrophe in the name breaks all logging for the user 2023-01-02 19:22:21 +00:00