AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,552 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

35 Commits

Author SHA1 Message Date
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
Marcus Hill dcd772c5f6 Only show extension options if tech/admin 2022-04-24 12:43:11 +01:00
Marcus Hill ab77051299 Add a line break / heading between main settings and 2FA to prevent mis-clicks 2022-04-01 19:36:01 +01:00
johnnyq 5f451dceef Standardize logging actions use Create instead of Created same with Modify and Delete 2022-03-26 10:12:40 -04:00
johnnyq 1829c7299e Made the php includes much more modular and simpler by lumping them all in 1 file inc_all.php instead of all over the place 2022-02-22 00:29:39 -05:00
johnnyq 29422b9d52 Added Client name to logs along with a link to the client logs page 2022-02-21 21:56:16 -05:00
johnnyq 7e475b1083 Make user images fit the parent container and remove the cricle 2022-02-05 10:53:08 -05:00
Marcus Hill 6e605a276e Logging/extension related 2022-01-15 23:39:30 +00:00
Marcus Hill c69fb5a7db Add ability to turn on extension access (cookie) 2022-01-15 23:16:17 +00:00
Marcus Hill 9c0cd254ad Fix user role display 2022-01-15 22:26:02 +00:00
johnnyq b2cef73dad Removed Old Logging function under edit vendor 2022-01-02 00:56:28 -05:00
johnnyq 0b15aeedb5 Reworked last login under user-settings and users, made view more work 2021-12-09 17:48:18 -05:00
johnnyq 16447709d8 added DB Structure changes during update 2021-12-09 11:07:54 -05:00
johnnyq 85cdc42d0f DB Structure update, Hide Passwords under client logins until eyeball is clicked to reveal password, prevent the looking over your shoulder type attack, Added Install Date to Assets, reworked client assets listing to include Operating System and Install Date 2021-12-08 22:15:20 -05:00
johnnyq b9fc4ea2bc show TOTP key in user setting if enabled, to allow adding to an totp app without QR Code like a password managed like bitwarden 2021-12-04 21:09:57 -05:00
johnnyq 53380718b1 Fixed TOTP for client logins 2021-12-04 21:00:34 -05:00
johnnyq a939588cf2 New File upload logic complete Breaking changes New db dump 2021-09-21 22:22:55 -04:00
johnnyq f3053ffbd4 BREAKING CHANGES: Major Backend Code Changes Updated Foreign keys to prepend their table names ex invoice_client_id, switched most queries over to JOIN instead of = Combined contacts and location into client removed client email, phone etc fields, tons of small bug fixes, and other small UI changes all across the board 2021-08-27 23:14:06 -04:00
johnnyq ec303de2d7 Removed uneeded Password Variable and query under user settings 2021-08-09 23:40:09 -04:00
johnnyq b8d8a51a3b Added Password Reveal to all password fields, also updated the password update logic 2021-08-09 23:34:34 -04:00
johnny@pittpc.com 9f861775f3 If no avatar is used display User icon instead 2021-03-25 12:57:39 -04:00
johnny@pittpc.com 1ad28386f8 Fixed editing user profile 2021-02-07 22:38:24 -05:00
johnny@pittpc.com dbf1a90fdb Added Permision level and more options to user profile 2021-02-02 18:34:14 -05:00
johnny@pittpc.com 1b337fe72e Fixed add user and edit as well as update user, which were not working. Added autocomplete=new-password to add/edit user and update password 2020-03-31 14:32:57 -04:00
johnny@pittpc.com 95b54d5bcf Fixed update password under user profile, added delete user functionality 2020-03-30 20:41:18 -04:00
johnny@pittpc.com bd49145bc3 Added Icons to card headers under user settings, minor change to calendar UI 2020-02-07 02:35:07 -05:00
johnny@pittpc.com 09b412ea18 Updated User Settings UI to include dark card headers and 2 column grid instead of 3 2020-02-07 02:25:13 -05:00
johnny@pittpc.com a28d1d6e57 Added Adavnced Filter to customers and expenses, removed some text-mono, ui updates to ticket details, added quick links to reports under dashboard 2019-12-04 20:58:16 -05:00
johnny@pittpc.com 3439058053 Added more values to company edit and add 2019-09-14 23:34:11 -04:00
johnny@pittpc.com 62b088e79d GUI Touchups in Invoice, Quote, clients, vendors, client. Added 2 new fields to client mobile and contact_name, added more pictyure extension in file jpeg anb JPEG and other fixesincluding a new DB dump 2019-09-14 20:40:22 -04:00
johnny@pittpc.com 5f30dbf9a9 Removed Cancelled and added Viewed to Invoice. Client Links mirror their accompanied tabs in the client portal, minor UI fixes on ticket view, client view of ticket sorted tickets DESC via ticket_id 2019-09-06 16:56:26 -04:00
johnny@pittpc.com ca427ab763 Updated User Settings Page and added logging to most functions 2019-09-06 03:03:16 -04:00
root 571223d920 moved all table listing to server side tables and set the header to dark for better contrast 2019-06-18 18:31:13 -04:00
root b65739bfc3 Updated 2FA UI 2019-06-16 23:56:40 -04:00
root e247ad4ee4 Implemented 2FA TOTP with Google Authenticator 2019-06-16 22:33:55 -04:00