AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,409 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

163 Commits

Author SHA1 Message Date
johnnyq 312eb4dffc Allow use of login key only for agents 2025-12-14 13:16:54 -05:00
johnnyq 1916456c84 Fix White Label not displaying on the login page 2025-12-14 13:04:53 -05:00
johnnyq 871ad2ea7e Update legacy client login links to use the new unified login method 2025-12-10 12:21:12 -05:00
johnnyq 58d6ab7342 Unify Agent and Client login, if same user exists as a client and an agent then offer a selection of client portal or agent portal 2025-12-09 13:39:16 -05:00
johnnyq 416a8d9a94 Fix to properly redirect to the setup page if config_enable_setup is not set or is 1 2025-10-06 14:19:49 -04:00
wrongecho d8803aaac2 prevent open redirects upon agent login 2025-10-06 16:32:42 +01:00
johnnyq e6bcf0e12f Started updating href paths to absolute paths instead of relative paths as itflow should be installed in document root anyway and not a sub-directory 2025-09-24 12:56:01 -04:00
johnnyq 50f790dd6c Fix MFA Enforcement 2025-09-23 20:30:25 -04:00
johnnyq edabc5c33f rename /user/ to /agent/ and update links to use agent/ instead 2025-09-23 18:04:23 -04:00
johnnyq 7e55808a05 add some redirect to login.php, fix ticket post 2025-08-04 18:16:13 -04:00
johnnyq 95950700d8 Moved user items to user directory 2025-07-28 17:57:06 -04:00
johnnyq 7150b1545a Moved files check_login.php, get_settings.php, settings_localization_array.php, inc_set_timezone.php into the includes folder, we also moved /client/check_login.php into client/includes/ 2025-03-13 17:55:31 -04:00
johnnyq 9b6ea851e7 Removed the prepended user_ from the fields in the user_roles table, moved user_role_id from user_settings directly to users table, rename table user_permissions to user_client_permissions, removed unused Sessions vars in login. This upedate will require to update using update_cli.php --db_update 2025-03-10 15:57:16 -04:00
johnnyq 22a5c90d21 Reworked MFA Enforcement page to use login page style for smoother transition 2025-01-29 11:35:14 -05:00
johnnyq 033a5d1f4f Remove comment 2025-01-28 19:25:29 -05:00
johnnyq 52ad2ba322 Reworked the MFA Enforcement 2025-01-28 18:57:04 -05:00
wrongecho 20a862f020 Fix redirect to /client if no login key is set 2025-01-28 11:24:08 +00:00
johnnyq f29d122376 Move totp.php out of functions folder into plugins then removed functions folder 2025-01-24 21:07:01 -05:00
johnnyq 8e04e10753 Combine base32static.php and rfc6238.php into 1 file called totp.php and place it into the functions folder 2025-01-24 20:26:46 -05:00
johnnyq d80d4803db Moved TOTP dependent files rfc6238.php and base32static.php to /includes folder and updated links in pages 2025-01-24 19:20:49 -05:00
johnnyq 5f76a7989b Move portal to client and rename and reorganize some client portal files 2025-01-23 17:12:11 -05:00
johnnyq 2c51289d75 Remove mysqli connection vars when passing mail data to addToMailQueue Function 2025-01-22 20:56:24 -05:00
wrongecho 54dde984ac nullable_htmlentities - prevent Passing null to parameter error 2025-01-14 15:37:24 +00:00
johnnyq 98f9083bcb Structure rework: Moved most php files that are included to /includes renamed pagination.php to filter_footer.php, updated all file to reference new filter_footer and includes 2025-01-11 14:47:32 -05:00
Marcus Hill fcfc6ff5e2 Stop using Source Sans Pro for some pages, we seem to use Sans Serif everywhere else 2024-12-27 23:02:24 +00:00
johnnyq 53c888c4b8 Add User Type to session, along with user type check 2024-11-27 11:50:45 -05:00
johnnyq 20a24b6ec6 Fix PHP error on login check if Array last_visited is set 2024-11-16 16:33:23 -05:00
johnnyq 278ba079c3 Updated cron mail queue and cron email ticket parser to use new logAction and tidy up code 2024-11-15 13:40:04 -05:00
johnnyq bc5e089e95 Updated login to use new logAction and tidy up code 2024-11-15 13:07:38 -05:00
wrongecho 334829c23e Force setup of MFA on login 2024-10-28 21:01:55 +00:00
johnnyq ee19e1b967 Check for user type of during login and set a temp if condition on check_login.php to see if user_type field exists and query user based off that result, the condition will be removed at a later date 2024-10-22 17:06:18 -04:00
wrongecho 19dc33a836 Show a 429 header when logins are blocked 2024-09-21 13:08:30 +01:00
wrongecho 4458c87463 Initial implementation of whitelabelling 2024-09-05 10:31:18 +01:00
wrongecho 3f772f5a2f Bugfix: credentials 
Fix an edge-case bug causing the user_encryption_session_key session cookie to not be set due to error output (when display PHP errors in browser is enabled). This means login credentials are still encrypted but cannot be decrypted properly by other users.
Prevent users creating new credentials if they do not have the correct cookie set.
 2024-08-19 19:56:12 +01:00
Marcus Hill 3dcd04a724 2FA 
- Set the 2FA number input field to only accept 6 characters max
- Revoke existing remember-me tokens when 2FA is re-enabled
 2024-06-09 12:57:42 +01:00
Marcus Hill cabc7e8c8b Set 2FA Remember-me cookie expiry to number of days the token should be valid for 
Currently, the token is only valid for 2 days (86400 seconds = 24 hrs, multiplied by 2). This PR adjusts the cookie expiry date to the number of days configured that tokens are cleared after. This should help ensure users are not prompted for 2FA every few days, even if they've set a longer interval.
 2024-05-17 23:26:22 +01:00
Hugo Sampaio 5280620c6d
Update login.php If standard 2024-05-04 19:25:10 -03:00
Hugo Sampaio bab66bf769 updated 
fixed domain url from config to prevent open redirect issue and encoded uri
 2024-05-03 09:34:50 -03:00
Hugo Sampaio b8c529c2ec Enable URL Recovery from logout 2024-04-27 09:30:41 -03:00
johnnyq 888552724a Set Timezone in all places and it needs to be set in and sperated it into a seperate include 2024-04-17 12:53:11 -04:00
johnnyq 064b37f87e Quick Fix 2024-04-04 19:54:33 -04:00
johnnyq 4824ae8ef8 Make Remmeber Me Token Configurable and default to 3 2024-04-04 19:52:44 -04:00
Marcus Hill d94b9ce7bb Login related tidying 
- Feature: Show users their remember-me tokens and allow them to be revoked
- Log when a user generates a remember-me token during sign in
- General refactoring and tidying up
 2024-03-30 23:19:50 +00:00
Marcus Hill 6432ee0486 BUGFIX: Login with and actually decrypt the master encryption key 2024-02-23 21:20:03 +00:00
o-psi 5d620d041a Fix user role and other definitions 2024-02-22 12:15:15 -06:00
o-psi c2cf0bb448 Change remember me tokens to a many:many table to allow for multiple devices to be remembered. 2024-02-22 17:45:09 +00:00
johnnyq 14cb4bb09a set the remember me token from 14 Days to 2 Days or 48 Hours 2024-02-19 15:00:32 -05:00
johnnyq 01b717615e Added favicon condition everywhere 2024-02-03 13:18:20 -05:00
johnnyq 9ce280d80d Fix Redirect to non-existent page after login when force MFA is enabled 2024-01-24 15:46:30 -05:00
johnnyq 92ccd7de14 Update/Fix Mail Functions in POST/contact.php and event.php - sanitize POST vars instead the whole mail subject and body which prevents having a mixed of confusing redundant escaped and unescaped vars also fixed scheduling calendar events was not working to send an email out 2024-01-20 19:08:51 -05:00