AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,400 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

234 Commits

Author SHA1 Message Date
johnnyq 84b32ec807 Added Santize for Email function 2023-02-16 16:56:45 -05:00
johnnyq 995121e532 Fixed function santizeInput to trim tags first then trim trailing white space because if you added a tag at the end it would create a space more 2023-02-16 15:08:06 -05:00
johnnyq dc80894dd9 Added inputSantize function to trim SQL escape and Strip Tags when string enter the database and to tidy up the code 2023-02-16 14:38:23 -05:00
Marcus Hill 135c4d0b5c Move upload checking to a function 2023-02-12 16:51:24 +00:00
Marcus Hill 615f317d2b General cleanup/formatting 2023-02-09 12:29:12 +00:00
Marcus Hill b36719eb99 General cleanup/tidying 2023-02-09 11:32:40 +00:00
Marcus Hill e16cd2aae2 Strip www. from domain names when performing whois lookups 2023-02-08 19:32:03 +00:00
Marcus Hill 827c9dcd65 Stripe - tidy 2023-02-07 21:43:55 +00:00
Marcus Hill b8af5a148b Stripe comments 2023-02-07 20:57:02 +00:00
Marcus Hill f3caeff3bb Set email charset to make symbols display properly 2023-02-07 18:29:19 +00:00
Marcus Hill f1180aa9fe Add initial Stripe Payment integration for invoices 2023-02-07 18:05:52 +00:00
Marcus Hill f92dc108e2 Tidy 
- Move some scripts to their own js files
- Move some duplicate code blocks to functions
- General tidy & spacing cleanups (#538)
 2023-02-04 22:09:56 +00:00
Marcus Hill e79ba696bd Add comments to role validation functions for clarity 2023-02-01 21:27:44 +00:00
johnnyq ce11899ecd Limit Initials to only 2 characters so it doesnt cause Graphic distorions when displaying in a circle 2023-01-27 20:20:22 -05:00
Johnny 4fd6d752c6
Merge pull request #580 from wrongecho/function-standardise 
Convert custom function names to camelCase
 2023-01-26 18:20:33 -05:00
Marcus Hill 531bd25f27 Convert custom function names to camelCase 2023-01-26 22:03:31 +00:00
Marcus Hill 10362f86ef Convert custom function names to camelCase 2023-01-26 21:58:27 +00:00
Marcus Hill 2570bdc6af Tidy remaining files to randomString() 2023-01-26 21:46:58 +00:00
Marcus Hill 23e3a2e8fc - Create custom function (randomString()) for generating cryptographically (and URL) safe strings. 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
 2023-01-26 21:35:06 +00:00
Marcus Hill 39a3ea89c4 Move roundUpToNearestMultiple function used in multiple files to functions.php 2023-01-26 12:30:25 +00:00
Marcus Hill 10f12b17f6 Revert php mailer back to isHTML true - the default is text, despite what PHPStorm thinks! 2023-01-23 20:30:38 +00:00
wrongecho 4e2b8a86c3
Update functions.php 
Tidy spacing
 2023-01-23 19:25:00 +00:00
wrongecho b19c7a6f49
Merge branch 'master' into code-tidy 2023-01-23 19:21:43 +00:00
johnnyq 144697ccc0 Hide Full User Agent string from Logs 2023-01-21 14:26:19 -05:00
Marcus Hill a270e3a42c Remove redundant closing PHP tags 2023-01-21 17:30:51 +00:00
Marcus Hill bdffacca6b Remove unnecessary variables (return the result direct) 2023-01-21 17:29:01 +00:00
Marcus Hill 2c7a704b6b Remove redundant (default) arguments 2023-01-21 17:26:06 +00:00
Marcus Hill d73b3cb960 Correct typos 2023-01-21 17:22:27 +00:00
Marcus Hill 2c3ebb3bbb Tidy codestyle - spaces between parenthesis and curly braces 2023-01-21 17:09:39 +00:00
johnnyq 7f3ec8ccda Fixed where os and browser would return the os and browser of the currently logged in user for every row 2023-01-20 21:27:55 -05:00
johnnyq 0a570fe37c Cleaned up the UI of user profile. The user agent is now decoded to display OS and Browser under logs 2023-01-20 16:49:42 -05:00
johnnyq 29a9d6ef8f Generate longer more secure Key for logins 2022-12-29 18:23:11 -05:00
Marcus Hill 1ea081a175 Move email sending to a function for better error handling and code-deduplication 2022-12-18 14:24:47 +00:00
Marcus Hill a0233c77ec Only attempt to show initials if not empty 2022-12-11 01:32:14 +00:00
Marcus Hill 21e641d128 Change domain expiration lookup service from Heroku to ITFlow 2022-12-08 20:30:23 +00:00
jcpit 42c2d8109d
Update functions.php 
Return IP if running from behind Cloudflare.
 2022-08-04 15:02:13 +10:00
Marcus Hill cf6bf88e4f Add TXT records under domain records 2022-07-07 20:17:16 +01:00
Marcus Hill c02ea0ee94 Automatically add domain/certificate info during client creation, if domain is specified 2022-05-25 22:16:06 +01:00
Marcus Hill 6a463f312d - Move domain expiry/whois/DNS info to a function for better modularity. 
- Improve additional domain name validation & ensure data returned fits into database
 2022-05-24 22:03:56 +01:00
Marcus Hill 08245c3ef6 Remove unused function 2022-05-20 16:27:06 +01:00
johnnyq 5c1eafede8 Updated strto_AZaz0-9 function 2022-05-13 15:03:17 -04:00
johnnyq 08a669e3bb Added location import capability, cleaned up some import wording, renamed clean_file_name function to just strto_AZaz09 and clean export and sample csv client names 2022-05-13 13:29:03 -04:00
Marcus Hill 7bb68a36d9 Add user role in PHP Session to remove dependency on check_login - will require you to logout & back in to take effect after the update 2022-05-07 17:44:04 +01:00
Marcus Hill 5cbd0fad0d Move role validation to functions.php 2022-05-07 17:25:30 +01:00
Marcus Hill fd6051646c Fix merge conflict 2022-05-01 18:51:53 +01:00
Marcus Hill 705060d1df Add clean_file_name function to fix merge conflict 2022-05-01 18:46:45 +01:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
Marcus Hill 6f4a2d0385 Tidy 2022-04-24 11:50:27 +01:00
wrongecho 6091d373bc
Remove redundant jump/return 2022-04-16 12:13:18 +01:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill a3ca268fcf Small code cleanups 2022-04-14 07:54:40 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Joe Clark 9a04ff5341 Check if path exists before attempting to remove 2022-03-22 13:06:39 -07:00
Marcus Hill e09ea58bd4 Default get_ip to REMOTE_ADDR, option to set it to 2022-03-20 07:51:42 +00:00
johnnyq a9346845ab Refactored Currency Display using PHP numfmt_format_currency() function as this is best practice and will put the right currency symbol in the right place based off locale and currency type 2022-02-17 22:20:59 -05:00
Marcus Hill c8c26562f5 Adjust cookie setting to samesite none for encryption session key 2022-01-15 22:25:49 +00:00
Marcus Hill 2a4d42de09 Encryption changes 2022-01-11 20:42:46 +00:00
Marcus Hill 0382dbbfb2 Small change re https 2022-01-11 20:14:29 +00:00
Marcus Hill 2742410e4b http/https encryption cookie 2022-01-11 19:44:21 +00:00
Marcus Hill 951b03f712 Allow for encryption scheme upgrade 2022-01-11 14:03:34 +00:00
Marcus Hill bbe689fb33 Remove comments as this is complete 2022-01-11 00:40:15 +00:00
Marcus Hill aac50bdfdb More changes re encryption 2022-01-10 22:55:08 +00:00
Marcus Hill 49d895040a Add per-user password encryption using master key 2022-01-10 22:07:26 +00:00
johnnyq cf3c0a6410 Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use 2022-01-01 17:02:31 -05:00
johnnyq 33400894d5 Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns 2021-12-28 18:16:54 -05:00
johnnyq 997b07c822 Temp Removed Session User agent login vars from functions as its breaking Setup.php because of the reliance on an active mysql connection 2021-12-22 13:20:22 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq aaf65db6f3 Renamed MacOS X to just MacOS for user agent detection 2021-12-12 02:01:30 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00
johnnyq cdae4ecfb6 Set Currency Symbols to Company's Default Currentcy Setting 2021-11-19 20:04:03 -05:00
johnnyq 3ca92cd252 Added Truncated Description to Expense listing #203 2021-11-18 17:56:02 -05:00
johnnyq 2e5e1aee52 Phone numbers are all now formatted correctly per their length 2021-09-11 22:41:50 -04:00
johnnyq e9336c1866 Fix Recent Logins Log front not updating due to VAR name 2021-08-31 13:24:33 -04:00
johnnyq cdcd22ae6f Added TOTP Key 2FA Function to client logins 2021-08-18 22:29:22 -04:00
johnnyq f409e22a60 Started adding currency symbols and starting with invoice 2021-08-18 20:41:19 -04:00
johnny@pittpc.com f8166bdc81 Fixed more php errors empty vars updated more ui search headers 2021-02-04 17:42:21 -05:00
johnny@pittpc.com 6e5a65ecb1 Added PHP Truncate Function to functions.php 2020-09-25 17:16:02 -04:00
johnny@pittpc.com 7f3cdd975f Added a no records placeholder to all tables 2019-09-01 21:49:13 -04:00
johnny@pittpc.com 0e451056b4 Added get OS Browser Device and IP functions, added these functions to guest view invoice, also added invoice view alert and other minor fixes 2019-08-28 21:47:40 -04:00
root e247ad4ee4 Implemented 2FA TOTP with Google Authenticator 2019-06-16 22:33:55 -04:00
root 709f88e1ee Added remove directory function 2019-05-27 13:49:13 -04:00
root 889a749d88 Added alert feedback boxes, little ui fixes for quote invoice and recurring added rejected instead of cancelled for quotes, and other little ui cleanups 2019-05-25 21:14:08 -04:00
root b559b58f34 Fixed add invoice, quote, recurring under client area, added alternative contact photo if one is not present using fontawesome stacked circle with contact initials inside 2019-05-18 23:27:15 -04:00
root 1f02a1d287 Quotes fully work now, including PDF, Email, Approval, Cancel, Edit, Copy, Copy to Invoice, also added quote_footer config to settings 2019-05-17 22:43:51 -04:00