AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,469 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

51 Commits

Author SHA1 Message Date
Marcus Hill fca1627c33 Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great. 
Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent.
Refactor "You are not permitted to do that!" wording into a constant instead.
 2022-04-15 13:29:27 +01:00
Marcus Hill 4b149edfd9 Fix client portal link 2022-03-21 21:12:57 +00:00
Marcus Hill 34d6caa016 Client portal updates 2022-03-20 16:02:58 +00:00
johnnyq a7e8f8d2d8 Fixed current_code error on login page 2022-02-13 15:19:45 -05:00
johnnyq 278b243e7c Finished File Entity Renaming process 2022-02-05 13:24:57 -05:00
johnnyq bb972e8de3 Store full user agent, we can always parse it later 2022-02-04 17:04:28 -05:00
johnnyq 270120c7fc Set login back to 10 failed attempts 2022-01-22 17:08:26 -05:00
johnnyq efd0d28556 Used MySQL count function to count number of failed login attempts 2022-01-22 17:05:15 -05:00
Johnny c47eac328d
Merge pull request #320 from wrongecho/brute-force-login 
Add basic IP login brute force protection
 2022-01-22 16:45:36 -05:00
Marcus Hill c819309fc4 Add basic IP login brute force protection 2022-01-22 19:54:39 +00:00
johnnyq a3c63b0649 Added Export Expenses Records with custom from and to Date, Fixed Advanced Search under expenses some other minor code formatting fixups 2022-01-22 14:37:45 -05:00
Marcus Hill 2b3a7171b3 Session management 2022-01-15 21:26:22 +00:00
Marcus Hill 272bf52d62 Note re https 2022-01-15 21:17:31 +00:00
Marcus Hill cee1faf082 Add extension key cookie to login. Add support for storing the php session id in DB so we can access it (without passing the session ID over a cross-domain query). 2022-01-15 20:54:56 +00:00
Marcus Hill 951b03f712 Allow for encryption scheme upgrade 2022-01-11 14:03:34 +00:00
Marcus Hill 13d83f6e3b Add session key setup 2022-01-10 21:47:12 +00:00
Marcus Hill 25b58c21c8 Add Secure flag (HTTPS only) to cookies 2022-01-09 13:56:45 +00:00
Marcus Hill 6609e5065a Set php session cookie to be httponly 2022-01-07 19:10:29 +00:00
johnnyq cf3c0a6410 Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use 2022-01-01 17:02:31 -05:00
johnnyq e978cd142e More Audit Logging work, fixed a bunch of small bugs along the way 2021-12-31 15:33:41 -05:00
johnnyq 33400894d5 Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns 2021-12-28 18:16:54 -05:00
johnnyq 25b5cb3d40 Moved Functions above check login so that check login can use some of the functions, Moved Fingerprinting to check login instead of in functions as its a more appropriate place 2021-12-22 17:24:54 -05:00
johnnyq ba584a57e0 BREAKING CHANGES - Many DB Updates - NOT POSSIBLE TO EASILY UPGRADE TO THIS - Completely reworked User Company Access Permssions, started working on Client Role so Clients can access their data and a bunch of other small fixes 2021-12-22 13:08:24 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00
johnnyq e36739297d Fixed broken TOTP 2FA 2021-12-04 17:59:40 -05:00
johnnyq e9336c1866 Fix Recent Logins Log front not updating due to VAR name 2021-08-31 13:24:33 -04:00
johnnyq f3053ffbd4 BREAKING CHANGES: Major Backend Code Changes Updated Foreign keys to prepend their table names ex invoice_client_id, switched most queries over to JOIN instead of = Combined contacts and location into client removed client email, phone etc fields, tons of small bug fixes, and other small UI changes all across the board 2021-08-27 23:14:06 -04:00
johnnyq f1828a11a9 Added Boostrap Password Reveal Library and clipboardJS library added copy to clipboard to client logins 2021-08-08 15:04:39 -04:00
johnny@pittpc.com f8166bdc81 Fixed more php errors empty vars updated more ui search headers 2021-02-04 17:42:21 -05:00
johnny@pittpc.com abf7a3b381 updated UI of the login screen, app name. changed username to email changed button from back to blue 2020-03-31 17:42:15 -04:00
johnny@pittpc.com f84e3c4b6b Refactored Login UI to reduce clutter, minimise and increase security also 2FA Box will appear when enabled 2020-01-04 23:44:04 -05:00
johnny@pittpc.com e5036253ed Migrated from sbadmin to AdminLTE CSS framework 2019-11-19 18:29:02 -05:00
johnny@pittpc.com bc61b59244 Fixed password issue causing SQL escape characters to add slashes remove mysqli_real_escape_string as its not needs, md5 produces no sql escape characters by default so it it does not need santized 2019-09-24 14:52:53 -04:00
johnny@pittpc.com 62b088e79d GUI Touchups in Invoice, Quote, clients, vendors, client. Added 2 new fields to client mobile and contact_name, added more pictyure extension in file jpeg anb JPEG and other fixesincluding a new DB dump 2019-09-14 20:40:22 -04:00
johnny@pittpc.com ca427ab763 Updated User Settings Page and added logging to most functions 2019-09-06 03:03:16 -04:00
johnny@pittpc.com d259d1b3dc Started Logs: Login attempts are now logged, created a logs list in the side nav 2019-09-06 00:16:19 -04:00
johnny@pittpc.com 2d5ac7c2e6 Security Mysql Escaped current_code POST var under login 2019-08-28 21:56:45 -04:00
johnny@pittpc.com 0e451056b4 Added get OS Browser Device and IP functions, added these functions to guest view invoice, also added invoice view alert and other minor fixes 2019-08-28 21:47:40 -04:00
root 2984f0ec6c Login and Top Nav Refinements 2019-08-16 00:28:54 -04:00
johnny@pittpc.com 5ca8d201b0 Remove some old files, updated guest urls to work with the new multi company features, and some other multi company update 2019-08-15 18:29:28 -04:00
johnny@pittpc.com bc07fe0090 Started work on multi-company feature 2019-08-14 11:05:54 -04:00
johnny@pittpc.com 0c4021fd23 reworked transfers, added revenues to add income in other ways besides just invoices, reports now uses a compact table to see all data clearly and some other minor fixes. 2019-08-11 13:42:35 -04:00
johnny@pittpc.com bf250cd1fe Fixed Login Software relation, fixed asset logins etc 2019-08-03 19:41:58 -04:00
root b65739bfc3 Updated 2FA UI 2019-06-16 23:56:40 -04:00
root e247ad4ee4 Implemented 2FA TOTP with Google Authenticator 2019-06-16 22:33:55 -04:00
root e0e723bb9f The start of client logins has begun, now can link a user with a client to allow client logins, clients can only view client.php there is more work to be done 2019-05-27 12:28:41 -04:00
root 4389c92c0e Lots of UI cleanups and update, gave a dark look for modals, bunch of icon changes etc 2019-05-13 14:53:17 -04:00
root f5377409b0 Cleaned up unused files, did some code tidying 2019-05-10 21:56:13 -04:00
root c394e927b1 Added start_page function in config, Added Contacts and Locations, seperated client nav and page routes out 2019-03-18 15:08:56 -04:00