AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,321 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

718 Commits

Author SHA1 Message Date
Marcus Hill 428dec3527 POST 'models' 
Deduplicate POST value assignment for add/edit operations in post.php with a 'model' concept.
This should also help prevent things breaking when one of the functions are updated but the other is missed.
 2023-02-11 19:06:59 +00:00
johnnyq f7314adca1 Updated more logging and alerting added ticket assignment user notifications 2023-02-10 14:45:45 -05:00
johnnyq 58fe752bd9 Added Timezone to the DB settings option will come soon also added 3 sec wait between Application Updates and DB Updates to fix issue where after update and DB has an update but does not show it 2023-02-09 14:37:02 -05:00
Marcus Hill b36719eb99 General cleanup/tidying 2023-02-09 11:32:40 +00:00
Marcus Hill 33a5a75cfb Adjust redirect after notification dismissal to be to the referer page 2023-02-08 10:44:47 +00:00
Johnny 01d786e0be
Merge pull request #609 from wrongecho/stripe 
Add Stripe Payment integration for invoices
 2023-02-07 17:19:26 -05:00
johnnyq 7860a7d7d3 More logging and Alerting additions 2023-02-07 16:58:32 -05:00
Marcus Hill f6dafb048c Stripe integration 2023-02-07 18:32:21 +00:00
Marcus Hill f1180aa9fe Add initial Stripe Payment integration for invoices 2023-02-07 18:05:52 +00:00
johnnyq c3829c06af More logging and alerting along with getting number of records exported 2023-02-06 15:55:22 -05:00
johnnyq 4d55d0dfa2 Updated logging for software 2023-02-05 15:44:07 -05:00
johnnyq 493a91d502 Fixed an issue when modifiying an asset with blank user creds would create a blank user creds, also when you clear the username on an asset it deletes the login item as well now, Updated Asset logging and alerting 2023-02-05 15:23:51 -05:00
johnnyq 21891b492f Logging and Alerting cleanups and added functionality 2023-02-05 14:34:56 -05:00
wrongecho 9cb0e8d70e
Update post.php 
Bugfix login username not being encrypted when added as part of the asset add flow
 2023-02-05 08:29:28 +00:00
wrongecho 04e4ccb9cf
Merge branch 'master' into misc-tidy-2 2023-02-05 08:17:26 +00:00
Marcus Hill f92dc108e2 Tidy 
- Move some scripts to their own js files
- Move some duplicate code blocks to functions
- General tidy & spacing cleanups (#538)
 2023-02-04 22:09:56 +00:00
Marcus Hill 7f02464b92 Portal-related updates 
- Bug fix contact password setting
- Add invoice guest view link to invoices portal page
- Billing contacts now have access to invoices on the portal
- Technical contacts now have access to all tickets
- General housekeeping/tidying
 2023-02-04 15:28:39 +00:00
johnnyq ca290120df Added config_telemetry variable to send telemetry to verify if telemetry is on or off when sent. Fixed sending telemetry on update when off these were due to an = sign when it should have been a double == Checked setup since this is the last place where it sends telemetry and it is correct. 2023-01-31 17:18:18 -05:00
johnnyq cb14efc9b0 If Send Telemetry is clicked then send data no need to check if telemetry is enabled if button is selected 2023-01-30 18:24:16 -05:00
johnnyq 1a64495765 Send Telemetry data if enabled during updates 2023-01-30 18:20:30 -05:00
johnnyq 463f90a103 Feature When editing vendor templates you can now update all vendors based off of the template 2023-01-30 17:54:50 -05:00
johnnyq 60799c050b Added Important Fields in the login modals 2023-01-30 14:32:12 -05:00
johnnyq 139328ae65 Removed Recently viewed under client overview viewed feature is not currently implemented, Primary Billing and Technical now show up under imporetant contacts under client overview tweaked some alert feed backs and logging 2023-01-30 13:21:12 -05:00
johnnyq 0acd19a5ce Added Telemetry to Cron if enabled in settings, many more telemetry data counts were added 2023-01-28 18:11:00 -05:00
johnnyq 0a1fb2227e Implement Installation ID for optional telemetry 2023-01-28 15:06:19 -05:00
Johnny 4fd6d752c6
Merge pull request #580 from wrongecho/function-standardise 
Convert custom function names to camelCase
 2023-01-26 18:20:33 -05:00
Johnny b742a71c57
Merge pull request #579 from wrongecho/crypto 
Crypto changes - replace bin2hex
 2023-01-26 16:58:31 -05:00
Marcus Hill 10362f86ef Convert custom function names to camelCase 2023-01-26 21:58:27 +00:00
johnnyq bdc71d3163 Make vendor selection work under create and edit ticket, also add vendor info card to ticket details This will be useful if you are also working with a vendor like Microsoft or Internet provider etc 2023-01-26 16:49:18 -05:00
Marcus Hill 2570bdc6af Tidy remaining files to randomString() 2023-01-26 21:46:58 +00:00
Marcus Hill 23e3a2e8fc - Create custom function (randomString()) for generating cryptographically (and URL) safe strings. 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
 2023-01-26 21:35:06 +00:00
Johnny 41068d356b
Merge pull request #578 from wrongecho/login-field-encrypt 
Add encryption for usernames stored in the logins area.
 2023-01-26 10:57:55 -05:00
Marcus Hill 5fd5663aa8 Add encryption for usernames stored in the logins ("passwords") area. 2023-01-26 15:36:13 +00:00
Marcus Hill 5edd37a46e Remove currency_code variable assignment when posting add_quote/add_recurring as it's not provided. The session company currency is actually used 2023-01-26 12:10:29 +00:00
johnnyq 16d3d4420a Feature: Contact Important Billing and Technical were addded Started migrating checkboxes and radio buttons to custom css to match the selected theme 2023-01-25 16:43:34 -05:00
johnnyq 1e1933798d Added more telemetry data including if certain options are on or off to get an idea what businesses are using 2023-01-24 21:15:57 -05:00
johnnyq f670efa16a Added comments and version to Telemetry 2023-01-24 20:24:15 -05:00
johnnyq 3dc1f11a56 Added Basic Telemetry sending 2023-01-24 20:08:37 -05:00
johnnyq a854baaf61 Added Telemetry settings option 2023-01-24 19:27:58 -05:00
johnnyq da2c98a48a Remove instances of unused db field log_entity was causing issues with adding and editing items including contacts 2023-01-24 12:59:51 -05:00
johnnyq b3f952b1f8 New Feature: You can now create Software/License Templates 2023-01-21 16:28:48 -05:00
Marcus Hill 628c6997ca Add ticket assignment email notifications when using the 'Assigned to' menu 2023-01-21 16:33:54 +00:00
Marcus Hill fb6848f508 Add configuration setting to control whether clients should get automatic ticket-related emails (ticket open/close) 2023-01-21 15:47:01 +00:00
Marcus Hill fe00c0df2b Send users a notification email if they disable 2FA 2023-01-21 14:37:50 +00:00
Marcus Hill cc6380f785 Add notification emails to agents when they change their email/password 2023-01-21 14:29:32 +00:00
Marcus Hill 6d26b07d70 Fix the ticket notification email subject to just show the ticket subject in the message body for new tickets 2023-01-21 12:30:33 +00:00
johnnyq 67a9a484af Feature: Vendor Templates! You can now create Vendor Templates and reuse them for any client 2023-01-20 19:37:48 -05:00
johnnyq c6cd1b0be7 Documents and Document Template Fixes, Fixed issue not displaying foldername in the breadcrumbs under document details. When Creating a document from template didnt redirect to the right place for editing. eliminated folder get var in document details as its unneeded 2023-01-20 14:56:27 -05:00
johnnyq 6232a8311b Feature: Introduced Color Themes - Changes navbar color and accent button color on sidenav - To change theme goto settings - theme - select a theme watch it change in real time 2023-01-19 18:00:35 -05:00
johnnyq 45564d45bc Added Document Template Listing, editing, deletion, move scheduled tickets into tickets 2023-01-18 22:00:45 -05:00
johnnyq 5492e6d3f7 DB update for vendor and software/license templates 2023-01-18 20:13:41 -05:00
johnnyq 159586329f Feature: Document Templates - You can now officially create document template and create documents from a template - WIP list/edit/delete document templates 2023-01-18 18:12:14 -05:00
johnnyq c0399a2c42 Added Disable and Activate Users, fixes #539 2023-01-13 18:24:50 -05:00
johnnyq c324fbbfff Update more UI modals to nicer look 2023-01-02 22:21:12 -05:00
Marcus Hill b70052b864 - Validate user email before sending welcome message 
- Remove old code from edit_user - we now enforce admin role properly
- Users may only edit their own profiles - enforced via session id rather than role
- Rem ticket views deletion comment - ticket views are cleaned up daily via cron
- Require CSRF Token when adding/removing 2FA and backing up master key
 2023-01-02 21:06:51 +00:00
Marcus Hill 1b96f8659e Rem comment - we set this info in the session at login and enforce roles there, and will be updating overall site role enforcement 2023-01-02 19:40:09 +00:00
Marcus Hill 9eea00bccf Change stripslashes to htmlentities 2023-01-02 19:29:00 +00:00
johnnyq 807d374b90 Merge branch 'master' of github.com:itflow-org/itflow 2022-12-31 15:54:51 -05:00
johnnyq e943faecf0 Added Important Functionality to Contacts, Cleaned up UI elements in the contacts and users modals. Added partial User and contact Invite functionality. 2022-12-31 15:54:34 -05:00
Johnny 51a7e59c16
Merge pull request #541 from wrongecho/license-export 
Add more fields to software CSV export
 2022-12-31 14:38:30 -05:00
Johnny edf071c677
Merge pull request #540 from wrongecho/portal-user-instructions 
Add option on the contact edit modal to send client a welcome email
 2022-12-31 14:38:04 -05:00
Marcus Hill 7fd2d0677c Add more fields to software CSV export 2022-12-31 18:20:31 +00:00
Marcus Hill a97ce3c59a Add option on the contact edit modal to send client a welcome email 2022-12-31 17:25:10 +00:00
Marcus Hill be3ec96ef6 Add functionality to send emails to clients when their tickets are closed. 2022-12-31 15:36:27 +00:00
johnnyq 6dab710b6b Merge branch 'master' of github.com:itflow-org/itflow 2022-12-29 18:23:35 -05:00
johnnyq 29a9d6ef8f Generate longer more secure Key for logins 2022-12-29 18:23:11 -05:00
Johnny 14a405ee6d
Merge pull request #534 from wrongecho/revert 
Revert accountant role enforcements
 2022-12-29 18:22:14 -05:00
Johnny ba7f4ab83d
Merge pull request #533 from wrongecho/deprecate-multi-company 
Add deprecated notice to companies module
 2022-12-29 18:21:47 -05:00
Marcus Hill 8906a1960f Revert "Enforce accountant or admin role to peform accounting related post requests" 
This reverts commit ea3a12bdd7.
 2022-12-29 22:30:40 +00:00
johnnyq 5d6b03141b Generate longer more secure Key for browser extension 2022-12-29 16:59:47 -05:00
johnnyq 13d2429a45 Merge branch 'master' of github.com:itflow-org/itflow 2022-12-29 16:51:40 -05:00
johnnyq d6d908f0b8 Generate longer more secure Keys for shareable URLs using best practice 2022-12-29 16:50:57 -05:00
Marcus Hill 93cb97f630 Add deprecated notice to companies module and associated functionality (#532) 2022-12-29 21:41:53 +00:00
Marcus Hill ea3a12bdd7 Enforce accountant or admin role to peform accounting related post requests 2022-12-28 20:46:24 +00:00
johnnyq 9036fe6853 Added Admin validation check on Edit user post thank you for reporting this to us @indevi0us 2022-12-20 16:13:07 -05:00
Marcus Hill 1ea081a175 Move email sending to a function for better error handling and code-deduplication 2022-12-18 14:24:47 +00:00
Johnny 7ea8f106f2
Merge pull request #520 from wrongecho/software-export 
Software - Enhance export to CSV functionality
 2022-12-17 23:22:36 -05:00
Marcus Hill a53f69ed17 Update software export: update reference to non-existent db column & add key to export 2022-12-17 23:59:26 +00:00
Marcus Hill 4f1a40f3fb Add functionality to send client a notification email when we raise a ticket for them 2022-12-17 23:27:13 +00:00
Johnny 69cf798468
Merge pull request #506 from wrongecho/ticket-invoice-hyperlink 
Add hyperlink to invoice when invoice raised from ticket
 2022-12-11 13:18:52 -05:00
Marcus Hill db0f1f2f99 Add hyperlink to invoice when invoice raised from ticket 2022-12-11 15:04:36 +00:00
Marcus Hill d3fbdfb743 Add email to ticket functionality - beta 2022-12-11 01:34:15 +00:00
Marcus Hill 7b266dc898 Allow editing time worked when editing a ticket reply 2022-12-08 20:06:11 +00:00
johnnyq cf30e02fb3 Added jpeg as an accepted file upload type in POST 2022-11-17 14:11:41 -05:00
johnnyq 4b9ba0b3c1 Updates to Vendors added additional fields such as PIN, Support Hours, SLA etc, removed Vendor Address details not really needed for vendors. Beginning works of Vendor Templates aka Global Vendors this will make it easy to update common vendors 2022-10-14 21:48:24 -04:00
johnnyq 46c2ee917e Fixed bad redirect when adding a client login 2022-10-07 18:05:28 -04:00
johnnyq 1c0061e6bc Added some better mailer error logging and removed uneeded phpmail code 2022-10-07 18:02:38 -04:00
Marcus Hill 851ca7fae5 Always set a random password for new portal users. This isn't an issue at the moment as we don't allow logins with empty passwords but better to be safe. 2022-10-01 19:32:40 +01:00
johnnyq 7d24aaf4b7 Replaced auto generated base_url var for invoice/quote emailing with the config_base_url in the config.php file 2022-09-27 14:36:35 -04:00
johnnyq 7543957176 Wording Change on Viewing Invoice email template 2022-09-26 18:53:33 -04:00
johnnyq 0ae4786325 replaced some static location redirectors on POST with Refferal URL redirect 2022-09-21 21:31:41 -04:00
Marcus Hill 1fe8a45dc6 Small edit to the way contact passwords are set - potential SQL injection issue 2022-09-18 19:14:15 +01:00
johnnyq 996c603826 Operation Cleanup Round 4 - Remove config_base_url from settings table in db. This should be in your config.php now, if this is not added this can break things 2022-09-17 18:04:26 -04:00
johnnyq 2ea41ed960 Operation Cleanup Round 3 - Remove automated SQL backups as this should be handled by system level backups which will also backup the files 2022-09-17 17:17:01 -04:00
johnnyq 6eb96df277 Operation Cleanup Round 2 - Remove Custom Links. This should really be handled by a startpage of some sort 2022-09-17 16:46:12 -04:00
johnnyq 14953fe171 Operation Cleanup Round 1 - Remove Mailing list functionality, there are many projects that can handle this 2022-09-17 16:35:11 -04:00
johnnyq 55567df92e Added xlsm, md, webp to the allowed upload list 2022-09-16 14:02:28 -04:00
johnnyq 9f9e43ee1f Fixed Force Recurring Invoice , before WHERE in query 2022-07-17 16:43:55 -04:00
Marcus Hill cf6bf88e4f Add TXT records under domain records 2022-07-07 20:17:16 +01:00
Marcus Hill 2c2aed3ee6 Bugfix client not deleting due to incorrect ticket reply column name 2022-05-29 11:13:15 +01:00
Johnny 0295757f95
Merge pull request #469 from wrongecho/ssl 
Auto-add domains/ssls for new clients
 2022-05-25 17:52:03 -04:00
Marcus Hill c02ea0ee94 Automatically add domain/certificate info during client creation, if domain is specified 2022-05-25 22:16:06 +01:00
johnnyq 93e45dc7c4 Added Client Asset Status functionality need to work on the names 2022-05-25 16:09:20 -04:00
Marcus Hill 6a463f312d - Move domain expiry/whois/DNS info to a function for better modularity. 
- Improve additional domain name validation & ensure data returned fits into database
 2022-05-24 22:03:56 +01:00
johnnyq 30db46e866 Fix Delete Vendor 2022-05-24 13:45:54 -04:00
Marcus Hill 17cd82dbf4 Send e-mail when new user (tech) is created containing login credentials 2022-05-20 17:06:35 +01:00
Marcus Hill 96b7578d21 Add internal note to ticket when invoice is created 2022-05-20 16:36:12 +01:00
johnnyq 856a600993 Fixed send invoice/quote email redirects so they go back to the page you were last on 2022-05-17 13:50:54 -04:00
johnnyq bf34a2403a Minor UI cleanups add angle rights to menus that open new nav menus margin cleanups etc 2022-05-14 19:54:16 -04:00
johnnyq 4f2cff6fac More Archiving work, added entity_id to logs for future undo of archives in logs. 2022-05-14 18:14:02 -04:00
johnnyq 25589d38ce Fix Delete and Archive alerts 2022-05-14 13:06:09 -04:00
johnnyq 334766e567 Use toastr notifications and alerts instead dedupe alert feedback code 2022-05-14 13:03:03 -04:00
johnnyq 205c4e1bec Add Location Archive Functionality, do not allow archiving if location is primary, added undo location archive, some other cleanups 2022-05-14 11:44:48 -04:00
johnnyq 4f56f2efb3 Added more Descriptive Column titles and additonal cell spacing to contact templates 2022-05-13 15:17:23 -04:00
johnnyq 79df499ad3 Added Client Logins Import 2022-05-13 14:42:46 -04:00
johnnyq 08a669e3bb Added location import capability, cleaned up some import wording, renamed clean_file_name function to just strto_AZaz09 and clean export and sample csv client names 2022-05-13 13:29:03 -04:00
johnnyq 74cf007ef3 Cleanup importing assets along with duplication fix from previous commit 2022-05-13 12:24:43 -04:00
johnnyq fdc42ef5cf Fixed issue with importing contacts when a duplicate was detected it would stop importing the rest of the rows that were not duplicates 2022-05-13 12:19:51 -04:00
johnnyq 7b0e4e7741 Fixed contacts not importing if location was left blank 2022-05-13 12:12:44 -04:00
johnnyq 8b5f8547c4 Added Contact Import Capabilities and fixed some undefined vars 2022-05-13 11:53:17 -04:00
Marcus Hill fc3b83d43a Allow for tickets to be unassigned after being assigned to an agent. 
Hide accountants from ticket assignment list on ticket.php.
 2022-05-11 20:27:18 +01:00
johnnyq 0ac9143e47 Do no show archived clients under clients, add archive client, add undo archive client 2022-05-07 20:15:13 -04:00
johnnyq c38f2378ea Updated Delete Client to delete all associated data 2022-05-07 17:37:38 -04:00
johnnyq 5044dc6084 Properly delete everything related to a company when deleting a company 2022-05-07 16:46:50 -04:00
johnnyq 463fcdbe4f Fixed adding new company 2022-05-07 15:42:17 -04:00
Marcus Hill 5cbd0fad0d Move role validation to functions.php 2022-05-07 17:25:30 +01:00
Marcus Hill b2c0994577 Add CSRF Token validation for API key create/delete 2022-05-07 16:56:55 +01:00
Marcus Hill f4537ac80a Remove remaining instances of updating *updated_at - SQL DB does this now for us automatically 2022-05-07 16:39:34 +01:00
johnnyq 42f98479e7 Fixed Issue where if server had an IP client PDF Export would not work #395 2022-05-05 10:55:04 -04:00
Johnny 5e4870df90
Merge branch 'master' into csrf 2022-05-02 11:31:42 -04:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
johnnyq 0641b0bfd4 Completely remove the last bits of departments 2022-04-29 16:50:25 -04:00
johnnyq 7b35431021 Remove Departments table and remove it from the client side nav, takes up too much space, added it as a text input on contact add/edit instead 2022-04-29 16:39:15 -04:00
johnnyq d5922b25a9 Updated Licence Type var under client export pdf 2022-04-29 12:11:57 -04:00
johnnyq ba57078810 Created Sanitize file name function to fix issues with exporting PDF Documentation with clients having ' in the name ex ben's 2022-04-29 11:54:50 -04:00
johnnyq ca5ba0c6d2 Removed , before WHERE statement Fixed Edit Client 2022-04-29 11:21:46 -04:00
johnnyq 6310ef5aae Added Rename and Delete folder capabilities to documents and some minor UI cleanup 2022-04-27 22:31:15 -04:00
johnnyq 0fb4ff17a3 Removed the last bits of Document Tagging 2022-04-27 01:03:01 -04:00
johnnyq 1b866b75cd Added Folder support to Client Documents, partially removed legacy document tagging 2022-04-27 00:53:45 -04:00
Marcus Hill 013b153078 Remove created_at DB references - these are automatic now 2022-04-24 12:24:00 +01:00
Marcus Hill a792498b5b Add IP/User agent to all logs 2022-04-24 12:13:07 +01:00
Marcus Hill 13c12dad3a Remove log_created_at now references, as this is now automatic 2022-04-24 11:52:16 +01:00
Marcus Hill 4dd5aa1ea2 Add IP address logging to document create/update/deletes 2022-04-24 10:12:59 +01:00
Marcus Hill f5f033fed4 Remove MeshCentral integration 
As per recent discussions about the API & scripts being a better way forward for all integration, removing the MeshCentral integration that was added.
 2022-04-19 22:42:38 +01:00
Marcus Hill e55622827d Add support for client-specific API keys 
Refactoring API. Added a contact update endpoint.
Small misc changes.
 2022-04-15 17:43:06 +01:00
Marcus Hill fca1627c33 Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great. 
Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent.
Refactor "You are not permitted to do that!" wording into a constant instead.
 2022-04-15 13:29:27 +01:00
Marcus Hill f707098d37 Redirect to ticket after creation 2022-04-15 12:02:13 +01:00
Marcus Hill 6aa06b4389 Add full text index & search for document contents (related to #440) 2022-04-15 11:42:50 +01:00
johnnyq fd8188095e New Feature Enable/Disable ITFlow Modules now using the automated DB updater 2022-04-14 22:59:36 -04:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00