AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,601 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

114 Commits

Author SHA1 Message Date
johnnyq 92ccd7de14 Update/Fix Mail Functions in POST/contact.php and event.php - sanitize POST vars instead the whole mail subject and body which prevents having a mixed of confusing redundant escaped and unescaped vars also fixed scheduling calendar events was not working to send an email out 2024-01-20 19:08:51 -05:00
johnnyq e8a53cbd6a Update new mail queue function to use the proper mail from name and mail from email 2023-12-21 01:37:21 -05:00
o-psi 98f731b4d4 Remove any "Send Single Email" declarations except in mail queue. 
All emails go through the mail queue, using the addToMailQueue() function.
 2023-12-19 23:02:05 +00:00
johnnyq 41ba04b881 Spacing Tidy 2023-11-21 17:37:30 -05:00
johnnyq 90bb9499d5 Moved Remember Me to the Enter MFA Screen Only 2023-11-21 17:36:45 -05:00
johnnyq f18bb340bf Keep the Remember Me checkbox selected upon inital submit 2023-11-20 21:18:35 -05:00
johnnyq 0d6c58f1d0 Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device 2023-11-20 20:49:33 -05:00
johnnyq 3781026c79 Commented Out Remember me as it is not feature complete yet 2023-11-17 14:21:41 -05:00
johnnyq 3f2f405596 Allow Manual Input of Trip Destination or select from client locations, Added Remember me checkbox for future implementation 2023-11-06 19:37:48 -05:00
o-psi 53c11edc8c Update constructs to not have parenthesis. 2023-10-20 15:25:52 -05:00
johnnyq 1ccaa936ac Removed number type on 2FA input field replaced with text and inputmode='numeric' pattern='[0-9]*' 2023-09-22 12:43:18 -04:00
johnnyq 0bc10a30e8 Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP 2023-09-21 12:00:46 -04:00
johnnyq d31127c137 set current code to an intval since its a number only 2023-09-20 14:58:05 -04:00
johnnyq 40d34bb71d Set 2FA Field on login to a number field so it only shows the numbers on a mobile phone 2023-09-20 14:53:07 -04:00
johnnyq 5938925a35 Added an error if accessing ITFlow by HTTP:// and is set to true 2023-09-20 14:51:29 -04:00
johnnyq 747b7de143 Feature: Force MFA Part 3 - Enforce MFA by redirecting users to their user_profile to setup MFA if Force MFA is checked, next up is to lock them there until 2FA is set 2023-09-06 00:08:21 -04:00
johnnyq 1ed4eeaafc Remove extra bottom margin below error msg on client login 2023-08-20 15:43:39 -04:00
johnnyq 1d0e2ad758 Removed some of the right and left padding to allow for larger login messages 2023-08-20 15:27:43 -04:00
johnnyq 0d497163fe Feature: Login Message now complete can be set in settings > security 2023-08-18 15:35:31 -04:00
johnnyq fda0d203ed Feature: Added Start Page functionality 2023-08-16 13:23:30 -04:00
Marcus Hill a966bf0282 Adjust content security policy 2023-06-17 16:13:02 +01:00
Marcus Hill 95cd0ebdc8 Adjust CSP 2023-06-17 16:01:15 +01:00
Marcus Hill 57dab27169 Login page enhancements 
- Default to secure cookies (in case var is not defined in config.php)
- Enable content security policy
- Return HTTP 401 response code for invalid username/password combinations
 2023-06-17 15:09:01 +01:00
johnnyq 25f85486d4 Client Portal can now be enabled or disabled in settings > Modules > Enable Client Portal, it is enabled by default 2023-06-14 19:07:39 -04:00
Marcus Hill 1175cc4ade Enable login key code (see #680) 2023-06-03 21:04:43 +01:00
Marcus Hill 5d6d7e389e Add database structure for 'login key' protection concept 2023-05-13 21:49:09 +01:00
johnnyq 37fb696e63 Replace the remaining php files with nullable_htmlentites() 2023-05-11 18:27:48 -04:00
johnnyq 48fe49cf77 BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes 2023-03-11 16:16:46 -05:00
johnnyq f7552cd25a Finished up santizeInput Conv and UI updates 2023-02-23 16:09:37 -05:00
johnnyq 8a91ae0e46 More updating with new sanitize function and more logging and alerting cont 2023-02-16 22:26:38 -05:00
Marcus Hill 5bb4296f14 Adjust core files to 4 spaces 2023-02-12 14:40:10 +00:00
Marcus Hill c219324bb8 General cleanup/formatting 2023-02-09 11:42:57 +00:00
Marcus Hill b36719eb99 General cleanup/tidying 2023-02-09 11:32:40 +00:00
Marcus Hill e8c9e63a7b Add X-Frame-Options to login pages & client portal 2023-02-05 18:43:50 +00:00
Marcus Hill d2124b92f1 Hide the username and password field (via CSS) when prompting for 2FA code 2023-01-30 18:55:30 +00:00
Johnny 4fd6d752c6
Merge pull request #580 from wrongecho/function-standardise 
Convert custom function names to camelCase
 2023-01-26 18:20:33 -05:00
Marcus Hill 531bd25f27 Convert custom function names to camelCase 2023-01-26 22:03:31 +00:00
Marcus Hill 10362f86ef Convert custom function names to camelCase 2023-01-26 21:58:27 +00:00
Marcus Hill 23e3a2e8fc - Create custom function (randomString()) for generating cryptographically (and URL) safe strings. 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
 2023-01-26 21:35:06 +00:00
Marcus Hill cffde0fbbd Tidy 2023-01-25 23:07:37 +00:00
Marcus Hill 0f3b6b5d23 Add alt-text to logo 2023-01-25 23:04:45 +00:00
Marcus Hill 67e1fb7021 Show the 'default' company logo (if configured) on the client login page instead of the ITFlow/company name text 2023-01-25 23:04:45 +00:00
Marcus Hill 95aa46cd52 Show the 'default' company logo (if configured) on the agent login page instead of the ITFlow text 2023-01-25 23:04:45 +00:00
Marcus Hill efecab179b General cleanups, add HTML lang element to match header.php 2023-01-25 23:04:41 +00:00
wrongecho b19c7a6f49
Merge branch 'master' into code-tidy 2023-01-23 19:21:43 +00:00
Marcus Hill d73b3cb960 Correct typos 2023-01-21 17:22:27 +00:00
Marcus Hill 2c3ebb3bbb Tidy codestyle - spaces between parenthesis and curly braces 2023-01-21 17:09:39 +00:00
Marcus Hill 6f900269d7 Add notifications for unusual logins. A login is considered "unusual" if both the user agent and IP address used haven't appeared in the user's sign-in logs before. 2023-01-21 15:16:11 +00:00
Marcus Hill 3973a0dd00 Adjust hardcoded ITFlow to config_app_name 2023-01-21 14:27:40 +00:00
Marcus Hill 2c1f760ce0 - Move brute force login protection before the page loads 
- Increased the threshold to 15 attempts, but over 10 mins instead
 2023-01-21 13:42:54 +00:00