itflow

mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00

Author	SHA1	Message	Date
Marcus Hill	cee1faf082	Add extension key cookie to login. Add support for storing the php session id in DB so we can access it (without passing the session ID over a cross-domain query).	2022-01-15 20:54:56 +00:00
Marcus Hill	951b03f712	Allow for encryption scheme upgrade	2022-01-11 14:03:34 +00:00
Marcus Hill	13d83f6e3b	Add session key setup	2022-01-10 21:47:12 +00:00
Marcus Hill	25b58c21c8	Add Secure flag (HTTPS only) to cookies	2022-01-09 13:56:45 +00:00
Marcus Hill	6609e5065a	Set php session cookie to be httponly	2022-01-07 19:10:29 +00:00
johnnyq	cf3c0a6410	Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use	2022-01-01 17:02:31 -05:00
johnnyq	e978cd142e	More Audit Logging work, fixed a bunch of small bugs along the way	2021-12-31 15:33:41 -05:00
johnnyq	33400894d5	Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns	2021-12-28 18:16:54 -05:00
johnnyq	25b5cb3d40	Moved Functions above check login so that check login can use some of the functions, Moved Fingerprinting to check login instead of in functions as its a more appropriate place	2021-12-22 17:24:54 -05:00
johnnyq	ba584a57e0	BREAKING CHANGES - Many DB Updates - NOT POSSIBLE TO EASILY UPGRADE TO THIS - Completely reworked User Company Access Permssions, started working on Client Role so Clients can access their data and a bunch of other small fixes	2021-12-22 13:08:24 -05:00
johnnyq	4604280efe	This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs.	2021-12-13 12:21:55 -05:00
johnnyq	f02e94d585	Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php	2021-12-09 16:12:57 -05:00
johnnyq	e36739297d	Fixed broken TOTP 2FA	2021-12-04 17:59:40 -05:00
johnnyq	e9336c1866	Fix Recent Logins Log front not updating due to VAR name	2021-08-31 13:24:33 -04:00
johnnyq	f3053ffbd4	BREAKING CHANGES: Major Backend Code Changes Updated Foreign keys to prepend their table names ex invoice_client_id, switched most queries over to JOIN instead of = Combined contacts and location into client removed client email, phone etc fields, tons of small bug fixes, and other small UI changes all across the board	2021-08-27 23:14:06 -04:00
johnnyq	f1828a11a9	Added Boostrap Password Reveal Library and clipboardJS library added copy to clipboard to client logins	2021-08-08 15:04:39 -04:00
johnny@pittpc.com	f8166bdc81	Fixed more php errors empty vars updated more ui search headers	2021-02-04 17:42:21 -05:00
johnny@pittpc.com	abf7a3b381	updated UI of the login screen, app name. changed username to email changed button from back to blue	2020-03-31 17:42:15 -04:00
johnny@pittpc.com	f84e3c4b6b	Refactored Login UI to reduce clutter, minimise and increase security also 2FA Box will appear when enabled	2020-01-04 23:44:04 -05:00
johnny@pittpc.com	e5036253ed	Migrated from sbadmin to AdminLTE CSS framework	2019-11-19 18:29:02 -05:00
johnny@pittpc.com	bc61b59244	Fixed password issue causing SQL escape characters to add slashes remove mysqli_real_escape_string as its not needs, md5 produces no sql escape characters by default so it it does not need santized	2019-09-24 14:52:53 -04:00
johnny@pittpc.com	62b088e79d	GUI Touchups in Invoice, Quote, clients, vendors, client. Added 2 new fields to client mobile and contact_name, added more pictyure extension in file jpeg anb JPEG and other fixesincluding a new DB dump	2019-09-14 20:40:22 -04:00
johnny@pittpc.com	ca427ab763	Updated User Settings Page and added logging to most functions	2019-09-06 03:03:16 -04:00
johnny@pittpc.com	d259d1b3dc	Started Logs: Login attempts are now logged, created a logs list in the side nav	2019-09-06 00:16:19 -04:00
johnny@pittpc.com	2d5ac7c2e6	Security Mysql Escaped current_code POST var under login	2019-08-28 21:56:45 -04:00
johnny@pittpc.com	0e451056b4	Added get OS Browser Device and IP functions, added these functions to guest view invoice, also added invoice view alert and other minor fixes	2019-08-28 21:47:40 -04:00
root	2984f0ec6c	Login and Top Nav Refinements	2019-08-16 00:28:54 -04:00
johnny@pittpc.com	5ca8d201b0	Remove some old files, updated guest urls to work with the new multi company features, and some other multi company update	2019-08-15 18:29:28 -04:00
johnny@pittpc.com	bc07fe0090	Started work on multi-company feature	2019-08-14 11:05:54 -04:00
johnny@pittpc.com	0c4021fd23	reworked transfers, added revenues to add income in other ways besides just invoices, reports now uses a compact table to see all data clearly and some other minor fixes.	2019-08-11 13:42:35 -04:00
johnny@pittpc.com	bf250cd1fe	Fixed Login Software relation, fixed asset logins etc	2019-08-03 19:41:58 -04:00
root	b65739bfc3	Updated 2FA UI	2019-06-16 23:56:40 -04:00
root	e247ad4ee4	Implemented 2FA TOTP with Google Authenticator	2019-06-16 22:33:55 -04:00
root	e0e723bb9f	The start of client logins has begun, now can link a user with a client to allow client logins, clients can only view client.php there is more work to be done	2019-05-27 12:28:41 -04:00
root	4389c92c0e	Lots of UI cleanups and update, gave a dark look for modals, bunch of icon changes etc	2019-05-13 14:53:17 -04:00
root	f5377409b0	Cleaned up unused files, did some code tidying	2019-05-10 21:56:13 -04:00
root	c394e927b1	Added start_page function in config, Added Contacts and Locations, seperated client nav and page routes out	2019-03-18 15:08:56 -04:00
root	d2c5544785	First commit	2019-03-13 17:40:00 +00:00

1 2 3

138 Commits