AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,022 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

584 Commits

Author SHA1 Message Date
johnnyq 4b9ba0b3c1 Updates to Vendors added additional fields such as PIN, Support Hours, SLA etc, removed Vendor Address details not really needed for vendors. Beginning works of Vendor Templates aka Global Vendors this will make it easy to update common vendors 2022-10-14 21:48:24 -04:00
johnnyq 46c2ee917e Fixed bad redirect when adding a client login 2022-10-07 18:05:28 -04:00
johnnyq 1c0061e6bc Added some better mailer error logging and removed uneeded phpmail code 2022-10-07 18:02:38 -04:00
Marcus Hill 851ca7fae5 Always set a random password for new portal users. This isn't an issue at the moment as we don't allow logins with empty passwords but better to be safe. 2022-10-01 19:32:40 +01:00
johnnyq 7d24aaf4b7 Replaced auto generated base_url var for invoice/quote emailing with the config_base_url in the config.php file 2022-09-27 14:36:35 -04:00
johnnyq 7543957176 Wording Change on Viewing Invoice email template 2022-09-26 18:53:33 -04:00
johnnyq 0ae4786325 replaced some static location redirectors on POST with Refferal URL redirect 2022-09-21 21:31:41 -04:00
Marcus Hill 1fe8a45dc6 Small edit to the way contact passwords are set - potential SQL injection issue 2022-09-18 19:14:15 +01:00
johnnyq 996c603826 Operation Cleanup Round 4 - Remove config_base_url from settings table in db. This should be in your config.php now, if this is not added this can break things 2022-09-17 18:04:26 -04:00
johnnyq 2ea41ed960 Operation Cleanup Round 3 - Remove automated SQL backups as this should be handled by system level backups which will also backup the files 2022-09-17 17:17:01 -04:00
johnnyq 6eb96df277 Operation Cleanup Round 2 - Remove Custom Links. This should really be handled by a startpage of some sort 2022-09-17 16:46:12 -04:00
johnnyq 14953fe171 Operation Cleanup Round 1 - Remove Mailing list functionality, there are many projects that can handle this 2022-09-17 16:35:11 -04:00
johnnyq 55567df92e Added xlsm, md, webp to the allowed upload list 2022-09-16 14:02:28 -04:00
johnnyq 9f9e43ee1f Fixed Force Recurring Invoice , before WHERE in query 2022-07-17 16:43:55 -04:00
Marcus Hill cf6bf88e4f Add TXT records under domain records 2022-07-07 20:17:16 +01:00
Marcus Hill 2c2aed3ee6 Bugfix client not deleting due to incorrect ticket reply column name 2022-05-29 11:13:15 +01:00
Johnny 0295757f95
Merge pull request #469 from wrongecho/ssl 
Auto-add domains/ssls for new clients
 2022-05-25 17:52:03 -04:00
Marcus Hill c02ea0ee94 Automatically add domain/certificate info during client creation, if domain is specified 2022-05-25 22:16:06 +01:00
johnnyq 93e45dc7c4 Added Client Asset Status functionality need to work on the names 2022-05-25 16:09:20 -04:00
Marcus Hill 6a463f312d - Move domain expiry/whois/DNS info to a function for better modularity. 
- Improve additional domain name validation & ensure data returned fits into database
 2022-05-24 22:03:56 +01:00
johnnyq 30db46e866 Fix Delete Vendor 2022-05-24 13:45:54 -04:00
Marcus Hill 17cd82dbf4 Send e-mail when new user (tech) is created containing login credentials 2022-05-20 17:06:35 +01:00
Marcus Hill 96b7578d21 Add internal note to ticket when invoice is created 2022-05-20 16:36:12 +01:00
johnnyq 856a600993 Fixed send invoice/quote email redirects so they go back to the page you were last on 2022-05-17 13:50:54 -04:00
johnnyq bf34a2403a Minor UI cleanups add angle rights to menus that open new nav menus margin cleanups etc 2022-05-14 19:54:16 -04:00
johnnyq 4f2cff6fac More Archiving work, added entity_id to logs for future undo of archives in logs. 2022-05-14 18:14:02 -04:00
johnnyq 25589d38ce Fix Delete and Archive alerts 2022-05-14 13:06:09 -04:00
johnnyq 334766e567 Use toastr notifications and alerts instead dedupe alert feedback code 2022-05-14 13:03:03 -04:00
johnnyq 205c4e1bec Add Location Archive Functionality, do not allow archiving if location is primary, added undo location archive, some other cleanups 2022-05-14 11:44:48 -04:00
johnnyq 4f56f2efb3 Added more Descriptive Column titles and additonal cell spacing to contact templates 2022-05-13 15:17:23 -04:00
johnnyq 79df499ad3 Added Client Logins Import 2022-05-13 14:42:46 -04:00
johnnyq 08a669e3bb Added location import capability, cleaned up some import wording, renamed clean_file_name function to just strto_AZaz09 and clean export and sample csv client names 2022-05-13 13:29:03 -04:00
johnnyq 74cf007ef3 Cleanup importing assets along with duplication fix from previous commit 2022-05-13 12:24:43 -04:00
johnnyq fdc42ef5cf Fixed issue with importing contacts when a duplicate was detected it would stop importing the rest of the rows that were not duplicates 2022-05-13 12:19:51 -04:00
johnnyq 7b0e4e7741 Fixed contacts not importing if location was left blank 2022-05-13 12:12:44 -04:00
johnnyq 8b5f8547c4 Added Contact Import Capabilities and fixed some undefined vars 2022-05-13 11:53:17 -04:00
Marcus Hill fc3b83d43a Allow for tickets to be unassigned after being assigned to an agent. 
Hide accountants from ticket assignment list on ticket.php.
 2022-05-11 20:27:18 +01:00
johnnyq 0ac9143e47 Do no show archived clients under clients, add archive client, add undo archive client 2022-05-07 20:15:13 -04:00
johnnyq c38f2378ea Updated Delete Client to delete all associated data 2022-05-07 17:37:38 -04:00
johnnyq 5044dc6084 Properly delete everything related to a company when deleting a company 2022-05-07 16:46:50 -04:00
johnnyq 463fcdbe4f Fixed adding new company 2022-05-07 15:42:17 -04:00
Marcus Hill 5cbd0fad0d Move role validation to functions.php 2022-05-07 17:25:30 +01:00
Marcus Hill b2c0994577 Add CSRF Token validation for API key create/delete 2022-05-07 16:56:55 +01:00
Marcus Hill f4537ac80a Remove remaining instances of updating *updated_at - SQL DB does this now for us automatically 2022-05-07 16:39:34 +01:00
johnnyq 42f98479e7 Fixed Issue where if server had an IP client PDF Export would not work #395 2022-05-05 10:55:04 -04:00
Johnny 5e4870df90
Merge branch 'master' into csrf 2022-05-02 11:31:42 -04:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
johnnyq 0641b0bfd4 Completely remove the last bits of departments 2022-04-29 16:50:25 -04:00
johnnyq 7b35431021 Remove Departments table and remove it from the client side nav, takes up too much space, added it as a text input on contact add/edit instead 2022-04-29 16:39:15 -04:00
johnnyq d5922b25a9 Updated Licence Type var under client export pdf 2022-04-29 12:11:57 -04:00
johnnyq ba57078810 Created Sanitize file name function to fix issues with exporting PDF Documentation with clients having ' in the name ex ben's 2022-04-29 11:54:50 -04:00
johnnyq ca5ba0c6d2 Removed , before WHERE statement Fixed Edit Client 2022-04-29 11:21:46 -04:00
johnnyq 6310ef5aae Added Rename and Delete folder capabilities to documents and some minor UI cleanup 2022-04-27 22:31:15 -04:00
johnnyq 0fb4ff17a3 Removed the last bits of Document Tagging 2022-04-27 01:03:01 -04:00
johnnyq 1b866b75cd Added Folder support to Client Documents, partially removed legacy document tagging 2022-04-27 00:53:45 -04:00
Marcus Hill 013b153078 Remove created_at DB references - these are automatic now 2022-04-24 12:24:00 +01:00
Marcus Hill a792498b5b Add IP/User agent to all logs 2022-04-24 12:13:07 +01:00
Marcus Hill 13c12dad3a Remove log_created_at now references, as this is now automatic 2022-04-24 11:52:16 +01:00
Marcus Hill 4dd5aa1ea2 Add IP address logging to document create/update/deletes 2022-04-24 10:12:59 +01:00
Marcus Hill f5f033fed4 Remove MeshCentral integration 
As per recent discussions about the API & scripts being a better way forward for all integration, removing the MeshCentral integration that was added.
 2022-04-19 22:42:38 +01:00
Marcus Hill e55622827d Add support for client-specific API keys 
Refactoring API. Added a contact update endpoint.
Small misc changes.
 2022-04-15 17:43:06 +01:00
Marcus Hill fca1627c33 Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great. 
Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent.
Refactor "You are not permitted to do that!" wording into a constant instead.
 2022-04-15 13:29:27 +01:00
Marcus Hill f707098d37 Redirect to ticket after creation 2022-04-15 12:02:13 +01:00
Marcus Hill 6aa06b4389 Add full text index & search for document contents (related to #440) 2022-04-15 11:42:50 +01:00
johnnyq fd8188095e New Feature Enable/Disable ITFlow Modules now using the automated DB updater 2022-04-14 22:59:36 -04:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill cc4c2e6bf7 - Enforce role check when editing/deleting scheduled tickets 
- Add scheduled tickets to client view
- Add search and pagination to scheduled tickets
- Populate scheduled ticket edit modals dynamically
- Minor typos
 2022-04-10 13:42:47 +01:00
Marcus Hill 815ada9da5 Add agent name when reassigning ticket, improve logic to only allow assigning open tickets to techs/admins 2022-04-07 21:37:14 +01:00
johnnyq a0cead284f Fix Add Payment Email Currency Symbol 2022-04-05 11:56:22 -04:00
johnnyq fdf9d67910 Allow to Add Ticket to an exiting invoice item line 2022-04-02 20:50:55 -04:00
johnnyq a837af6eb4 Fixed Invoice Ticket 2022-04-02 20:13:20 -04:00
Johnny f6df0d3c72
Merge pull request #429 from wrongecho/db-version 
Add database updater
 2022-04-02 16:04:18 -04:00
johnnyq ef29a17d49 DB Structure Update - Added SMTP Encryption Type to Mail settings 2022-04-02 16:03:30 -04:00
Marcus Hill 9096b091b2 Add database updater 2022-04-02 19:39:55 +01:00
Johnny 32f3b0a005
Merge pull request #428 from wrongecho/sharing 
Item/Link Sharing enhancements
 2022-04-02 13:57:12 -04:00
Johnny f85957bd0d
Merge pull request #427 from wrongecho/dom-ssl 
Domains/SSL
 2022-04-02 11:48:39 -04:00
Marcus Hill 2c632a85d0 Create shared links page for each client, with option to deactivate links 2022-04-02 16:41:07 +01:00
Marcus Hill cab2cc923a Improve share features: default modal to 1, cleanup expired/used links 2022-04-02 15:37:17 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Marcus Hill 6a2fe3055e Auto-add SSL certificate for new domains 2022-04-02 10:16:20 +01:00
johnnyq a2936754cd Moved Mesh Central and Azure settings from general to its own tab called integrations 2022-04-01 17:20:29 -04:00
johnnyq 991e2bd4d4 Merge branch 'master' of github.com:johnnyq/itflow 2022-04-01 15:59:26 -04:00
johnnyq 6866addeee Minor Fixups 2022-04-01 15:58:18 -04:00
Marcus Hill 51a6ba6084 Allow admins to disable 2FA for users 2022-04-01 19:53:49 +01:00
johnnyq 8c98163e1c DB Structure Updated 2 new settings config_backup_enable and config_backup_path. This is to fix an issue where not specifying the full backup path would cause cron to error out and not run completely 2022-03-29 12:59:42 -04:00
Marcus Hill 0020c5708a Fix = vs == role check mistake 2022-03-28 21:48:20 +01:00
Marcus Hill 4ba313f752 Fix potential sql injection in delete_file if param add_location was also specified - post.php 2022-03-28 20:45:31 +01:00
Marcus Hill d83906508d Fix potential sql injection in add_company - post.php 2022-03-28 20:39:35 +01:00
Marcus Hill bba68f4d17 Name uploaded files with provided name, if specified 2022-03-27 23:00:45 +01:00
Marcus Hill 9040fdf847 Misc small changes/fixes 2022-03-27 22:26:22 +01:00
Johnny aafb6a677f
Merge pull request #412 from wrongecho/misc 
Misc incl SQL Injection / XSS fixes
 2022-03-27 15:05:07 -04:00
Marcus Hill 816ba87485 SQL Injection / XSS fixes 2022-03-27 20:02:16 +01:00
Marcus Hill c3fadfab3b Add role based access for API functions 2022-03-27 16:03:41 +01:00
Marcus Hill a6a7bf1f30 Restrict user (agent) create/edit/delete actions to admins only 2022-03-27 15:39:27 +01:00
Marcus Hill e6a314d233 Prevent tech/accountant from performing certain tasks as per access matrix 2022-03-27 15:32:40 +01:00
johnnyq 139bb6fd73 Set item_view to 0 when sharing a link 2022-03-26 11:10:27 -04:00
johnnyq 25f973d3a5 Additional Standardization of logging actions use Upload instead of Uploaded same with Download and Email 2022-03-26 10:27:11 -04:00
johnnyq 5f451dceef Standardize logging actions use Create instead of Created same with Modify and Delete 2022-03-26 10:12:40 -04:00
Marcus Hill e4d2d0c699 Prevent deletion of client unless user role is 3 (admin) 2022-03-24 20:52:26 +00:00
Marcus Hill fd589c53fa Delete scheduled tickets when client is deleted 2022-03-24 20:45:58 +00:00