AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,195 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

145 Commits

Author SHA1 Message Date
johnnyq 8e04e10753 Combine base32static.php and rfc6238.php into 1 file called totp.php and place it into the functions folder 2025-01-24 20:26:46 -05:00
johnnyq d80d4803db Moved TOTP dependent files rfc6238.php and base32static.php to /includes folder and updated links in pages 2025-01-24 19:20:49 -05:00
johnnyq 5f76a7989b Move portal to client and rename and reorganize some client portal files 2025-01-23 17:12:11 -05:00
johnnyq 2c51289d75 Remove mysqli connection vars when passing mail data to addToMailQueue Function 2025-01-22 20:56:24 -05:00
wrongecho 54dde984ac nullable_htmlentities - prevent Passing null to parameter error 2025-01-14 15:37:24 +00:00
johnnyq 98f9083bcb Structure rework: Moved most php files that are included to /includes renamed pagination.php to filter_footer.php, updated all file to reference new filter_footer and includes 2025-01-11 14:47:32 -05:00
Marcus Hill fcfc6ff5e2 Stop using Source Sans Pro for some pages, we seem to use Sans Serif everywhere else 2024-12-27 23:02:24 +00:00
johnnyq 53c888c4b8 Add User Type to session, along with user type check 2024-11-27 11:50:45 -05:00
johnnyq 20a24b6ec6 Fix PHP error on login check if Array last_visited is set 2024-11-16 16:33:23 -05:00
johnnyq 278ba079c3 Updated cron mail queue and cron email ticket parser to use new logAction and tidy up code 2024-11-15 13:40:04 -05:00
johnnyq bc5e089e95 Updated login to use new logAction and tidy up code 2024-11-15 13:07:38 -05:00
wrongecho 334829c23e Force setup of MFA on login 2024-10-28 21:01:55 +00:00
johnnyq ee19e1b967 Check for user type of during login and set a temp if condition on check_login.php to see if user_type field exists and query user based off that result, the condition will be removed at a later date 2024-10-22 17:06:18 -04:00
wrongecho 19dc33a836 Show a 429 header when logins are blocked 2024-09-21 13:08:30 +01:00
wrongecho 4458c87463 Initial implementation of whitelabelling 2024-09-05 10:31:18 +01:00
wrongecho 3f772f5a2f Bugfix: credentials 
Fix an edge-case bug causing the user_encryption_session_key session cookie to not be set due to error output (when display PHP errors in browser is enabled). This means login credentials are still encrypted but cannot be decrypted properly by other users.
Prevent users creating new credentials if they do not have the correct cookie set.
 2024-08-19 19:56:12 +01:00
Marcus Hill 3dcd04a724 2FA 
- Set the 2FA number input field to only accept 6 characters max
- Revoke existing remember-me tokens when 2FA is re-enabled
 2024-06-09 12:57:42 +01:00
Marcus Hill cabc7e8c8b Set 2FA Remember-me cookie expiry to number of days the token should be valid for 
Currently, the token is only valid for 2 days (86400 seconds = 24 hrs, multiplied by 2). This PR adjusts the cookie expiry date to the number of days configured that tokens are cleared after. This should help ensure users are not prompted for 2FA every few days, even if they've set a longer interval.
 2024-05-17 23:26:22 +01:00
Hugo Sampaio 5280620c6d
Update login.php If standard 2024-05-04 19:25:10 -03:00
Hugo Sampaio bab66bf769 updated 
fixed domain url from config to prevent open redirect issue and encoded uri
 2024-05-03 09:34:50 -03:00
Hugo Sampaio b8c529c2ec Enable URL Recovery from logout 2024-04-27 09:30:41 -03:00
johnnyq 888552724a Set Timezone in all places and it needs to be set in and sperated it into a seperate include 2024-04-17 12:53:11 -04:00
johnnyq 064b37f87e Quick Fix 2024-04-04 19:54:33 -04:00
johnnyq 4824ae8ef8 Make Remmeber Me Token Configurable and default to 3 2024-04-04 19:52:44 -04:00
Marcus Hill d94b9ce7bb Login related tidying 
- Feature: Show users their remember-me tokens and allow them to be revoked
- Log when a user generates a remember-me token during sign in
- General refactoring and tidying up
 2024-03-30 23:19:50 +00:00
Marcus Hill 6432ee0486 BUGFIX: Login with and actually decrypt the master encryption key 2024-02-23 21:20:03 +00:00
o-psi 5d620d041a Fix user role and other definitions 2024-02-22 12:15:15 -06:00
o-psi c2cf0bb448 Change remember me tokens to a many:many table to allow for multiple devices to be remembered. 2024-02-22 17:45:09 +00:00
johnnyq 14cb4bb09a set the remember me token from 14 Days to 2 Days or 48 Hours 2024-02-19 15:00:32 -05:00
johnnyq 01b717615e Added favicon condition everywhere 2024-02-03 13:18:20 -05:00
johnnyq 9ce280d80d Fix Redirect to non-existent page after login when force MFA is enabled 2024-01-24 15:46:30 -05:00
johnnyq 92ccd7de14 Update/Fix Mail Functions in POST/contact.php and event.php - sanitize POST vars instead the whole mail subject and body which prevents having a mixed of confusing redundant escaped and unescaped vars also fixed scheduling calendar events was not working to send an email out 2024-01-20 19:08:51 -05:00
johnnyq e8a53cbd6a Update new mail queue function to use the proper mail from name and mail from email 2023-12-21 01:37:21 -05:00
o-psi 98f731b4d4 Remove any "Send Single Email" declarations except in mail queue. 
All emails go through the mail queue, using the addToMailQueue() function.
 2023-12-19 23:02:05 +00:00
johnnyq 41ba04b881 Spacing Tidy 2023-11-21 17:37:30 -05:00
johnnyq 90bb9499d5 Moved Remember Me to the Enter MFA Screen Only 2023-11-21 17:36:45 -05:00
johnnyq f18bb340bf Keep the Remember Me checkbox selected upon inital submit 2023-11-20 21:18:35 -05:00
johnnyq 0d6c58f1d0 Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device 2023-11-20 20:49:33 -05:00
johnnyq 3781026c79 Commented Out Remember me as it is not feature complete yet 2023-11-17 14:21:41 -05:00
johnnyq 3f2f405596 Allow Manual Input of Trip Destination or select from client locations, Added Remember me checkbox for future implementation 2023-11-06 19:37:48 -05:00
o-psi 53c11edc8c Update constructs to not have parenthesis. 2023-10-20 15:25:52 -05:00
johnnyq 1ccaa936ac Removed number type on 2FA input field replaced with text and inputmode='numeric' pattern='[0-9]*' 2023-09-22 12:43:18 -04:00
johnnyq 0bc10a30e8 Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP 2023-09-21 12:00:46 -04:00
johnnyq d31127c137 set current code to an intval since its a number only 2023-09-20 14:58:05 -04:00
johnnyq 40d34bb71d Set 2FA Field on login to a number field so it only shows the numbers on a mobile phone 2023-09-20 14:53:07 -04:00
johnnyq 5938925a35 Added an error if accessing ITFlow by HTTP:// and is set to true 2023-09-20 14:51:29 -04:00
johnnyq 747b7de143 Feature: Force MFA Part 3 - Enforce MFA by redirecting users to their user_profile to setup MFA if Force MFA is checked, next up is to lock them there until 2FA is set 2023-09-06 00:08:21 -04:00
johnnyq 1ed4eeaafc Remove extra bottom margin below error msg on client login 2023-08-20 15:43:39 -04:00
johnnyq 1d0e2ad758 Removed some of the right and left padding to allow for larger login messages 2023-08-20 15:27:43 -04:00
johnnyq 0d497163fe Feature: Login Message now complete can be set in settings > security 2023-08-18 15:35:31 -04:00