AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,030 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

65 Commits

Author SHA1 Message Date
Marcus Hill 39a3ea89c4 Move roundUpToNearestMultiple function used in multiple files to functions.php 2023-01-26 12:30:25 +00:00
Marcus Hill 10f12b17f6 Revert php mailer back to isHTML true - the default is text, despite what PHPStorm thinks! 2023-01-23 20:30:38 +00:00
wrongecho 4e2b8a86c3
Update functions.php 
Tidy spacing
 2023-01-23 19:25:00 +00:00
wrongecho b19c7a6f49
Merge branch 'master' into code-tidy 2023-01-23 19:21:43 +00:00
johnnyq 144697ccc0 Hide Full User Agent string from Logs 2023-01-21 14:26:19 -05:00
Marcus Hill a270e3a42c Remove redundant closing PHP tags 2023-01-21 17:30:51 +00:00
Marcus Hill bdffacca6b Remove unnecessary variables (return the result direct) 2023-01-21 17:29:01 +00:00
Marcus Hill 2c7a704b6b Remove redundant (default) arguments 2023-01-21 17:26:06 +00:00
Marcus Hill d73b3cb960 Correct typos 2023-01-21 17:22:27 +00:00
Marcus Hill 2c3ebb3bbb Tidy codestyle - spaces between parenthesis and curly braces 2023-01-21 17:09:39 +00:00
johnnyq 7f3ec8ccda Fixed where os and browser would return the os and browser of the currently logged in user for every row 2023-01-20 21:27:55 -05:00
johnnyq 0a570fe37c Cleaned up the UI of user profile. The user agent is now decoded to display OS and Browser under logs 2023-01-20 16:49:42 -05:00
johnnyq 29a9d6ef8f Generate longer more secure Key for logins 2022-12-29 18:23:11 -05:00
Marcus Hill 1ea081a175 Move email sending to a function for better error handling and code-deduplication 2022-12-18 14:24:47 +00:00
Marcus Hill a0233c77ec Only attempt to show initials if not empty 2022-12-11 01:32:14 +00:00
Marcus Hill 21e641d128 Change domain expiration lookup service from Heroku to ITFlow 2022-12-08 20:30:23 +00:00
jcpit 42c2d8109d
Update functions.php 
Return IP if running from behind Cloudflare.
 2022-08-04 15:02:13 +10:00
Marcus Hill cf6bf88e4f Add TXT records under domain records 2022-07-07 20:17:16 +01:00
Marcus Hill c02ea0ee94 Automatically add domain/certificate info during client creation, if domain is specified 2022-05-25 22:16:06 +01:00
Marcus Hill 6a463f312d - Move domain expiry/whois/DNS info to a function for better modularity. 
- Improve additional domain name validation & ensure data returned fits into database
 2022-05-24 22:03:56 +01:00
Marcus Hill 08245c3ef6 Remove unused function 2022-05-20 16:27:06 +01:00
johnnyq 5c1eafede8 Updated strto_AZaz0-9 function 2022-05-13 15:03:17 -04:00
johnnyq 08a669e3bb Added location import capability, cleaned up some import wording, renamed clean_file_name function to just strto_AZaz09 and clean export and sample csv client names 2022-05-13 13:29:03 -04:00
Marcus Hill 7bb68a36d9 Add user role in PHP Session to remove dependency on check_login - will require you to logout & back in to take effect after the update 2022-05-07 17:44:04 +01:00
Marcus Hill 5cbd0fad0d Move role validation to functions.php 2022-05-07 17:25:30 +01:00
Marcus Hill fd6051646c Fix merge conflict 2022-05-01 18:51:53 +01:00
Marcus Hill 705060d1df Add clean_file_name function to fix merge conflict 2022-05-01 18:46:45 +01:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
Marcus Hill 6f4a2d0385 Tidy 2022-04-24 11:50:27 +01:00
wrongecho 6091d373bc
Remove redundant jump/return 2022-04-16 12:13:18 +01:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill a3ca268fcf Small code cleanups 2022-04-14 07:54:40 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Joe Clark 9a04ff5341 Check if path exists before attempting to remove 2022-03-22 13:06:39 -07:00
Marcus Hill e09ea58bd4 Default get_ip to REMOTE_ADDR, option to set it to 2022-03-20 07:51:42 +00:00
johnnyq a9346845ab Refactored Currency Display using PHP numfmt_format_currency() function as this is best practice and will put the right currency symbol in the right place based off locale and currency type 2022-02-17 22:20:59 -05:00
Marcus Hill c8c26562f5 Adjust cookie setting to samesite none for encryption session key 2022-01-15 22:25:49 +00:00
Marcus Hill 2a4d42de09 Encryption changes 2022-01-11 20:42:46 +00:00
Marcus Hill 0382dbbfb2 Small change re https 2022-01-11 20:14:29 +00:00
Marcus Hill 2742410e4b http/https encryption cookie 2022-01-11 19:44:21 +00:00
Marcus Hill 951b03f712 Allow for encryption scheme upgrade 2022-01-11 14:03:34 +00:00
Marcus Hill bbe689fb33 Remove comments as this is complete 2022-01-11 00:40:15 +00:00
Marcus Hill aac50bdfdb More changes re encryption 2022-01-10 22:55:08 +00:00
Marcus Hill 49d895040a Add per-user password encryption using master key 2022-01-10 22:07:26 +00:00
johnnyq cf3c0a6410 Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use 2022-01-01 17:02:31 -05:00
johnnyq 33400894d5 Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns 2021-12-28 18:16:54 -05:00
johnnyq 997b07c822 Temp Removed Session User agent login vars from functions as its breaking Setup.php because of the reliance on an active mysql connection 2021-12-22 13:20:22 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq aaf65db6f3 Renamed MacOS X to just MacOS for user agent detection 2021-12-12 02:01:30 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00