AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,912 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

54 Commits

Author SHA1 Message Date
johnnyq 0a570fe37c Cleaned up the UI of user profile. The user agent is now decoded to display OS and Browser under logs 2023-01-20 16:49:42 -05:00
johnnyq 29a9d6ef8f Generate longer more secure Key for logins 2022-12-29 18:23:11 -05:00
Marcus Hill 1ea081a175 Move email sending to a function for better error handling and code-deduplication 2022-12-18 14:24:47 +00:00
Marcus Hill a0233c77ec Only attempt to show initials if not empty 2022-12-11 01:32:14 +00:00
Marcus Hill 21e641d128 Change domain expiration lookup service from Heroku to ITFlow 2022-12-08 20:30:23 +00:00
jcpit 42c2d8109d
Update functions.php 
Return IP if running from behind Cloudflare.
 2022-08-04 15:02:13 +10:00
Marcus Hill cf6bf88e4f Add TXT records under domain records 2022-07-07 20:17:16 +01:00
Marcus Hill c02ea0ee94 Automatically add domain/certificate info during client creation, if domain is specified 2022-05-25 22:16:06 +01:00
Marcus Hill 6a463f312d - Move domain expiry/whois/DNS info to a function for better modularity. 
- Improve additional domain name validation & ensure data returned fits into database
 2022-05-24 22:03:56 +01:00
Marcus Hill 08245c3ef6 Remove unused function 2022-05-20 16:27:06 +01:00
johnnyq 5c1eafede8 Updated strto_AZaz0-9 function 2022-05-13 15:03:17 -04:00
johnnyq 08a669e3bb Added location import capability, cleaned up some import wording, renamed clean_file_name function to just strto_AZaz09 and clean export and sample csv client names 2022-05-13 13:29:03 -04:00
Marcus Hill 7bb68a36d9 Add user role in PHP Session to remove dependency on check_login - will require you to logout & back in to take effect after the update 2022-05-07 17:44:04 +01:00
Marcus Hill 5cbd0fad0d Move role validation to functions.php 2022-05-07 17:25:30 +01:00
Marcus Hill fd6051646c Fix merge conflict 2022-05-01 18:51:53 +01:00
Marcus Hill 705060d1df Add clean_file_name function to fix merge conflict 2022-05-01 18:46:45 +01:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
Marcus Hill 6f4a2d0385 Tidy 2022-04-24 11:50:27 +01:00
wrongecho 6091d373bc
Remove redundant jump/return 2022-04-16 12:13:18 +01:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill a3ca268fcf Small code cleanups 2022-04-14 07:54:40 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Joe Clark 9a04ff5341 Check if path exists before attempting to remove 2022-03-22 13:06:39 -07:00
Marcus Hill e09ea58bd4 Default get_ip to REMOTE_ADDR, option to set it to 2022-03-20 07:51:42 +00:00
johnnyq a9346845ab Refactored Currency Display using PHP numfmt_format_currency() function as this is best practice and will put the right currency symbol in the right place based off locale and currency type 2022-02-17 22:20:59 -05:00
Marcus Hill c8c26562f5 Adjust cookie setting to samesite none for encryption session key 2022-01-15 22:25:49 +00:00
Marcus Hill 2a4d42de09 Encryption changes 2022-01-11 20:42:46 +00:00
Marcus Hill 0382dbbfb2 Small change re https 2022-01-11 20:14:29 +00:00
Marcus Hill 2742410e4b http/https encryption cookie 2022-01-11 19:44:21 +00:00
Marcus Hill 951b03f712 Allow for encryption scheme upgrade 2022-01-11 14:03:34 +00:00
Marcus Hill bbe689fb33 Remove comments as this is complete 2022-01-11 00:40:15 +00:00
Marcus Hill aac50bdfdb More changes re encryption 2022-01-10 22:55:08 +00:00
Marcus Hill 49d895040a Add per-user password encryption using master key 2022-01-10 22:07:26 +00:00
johnnyq cf3c0a6410 Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use 2022-01-01 17:02:31 -05:00
johnnyq 33400894d5 Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns 2021-12-28 18:16:54 -05:00
johnnyq 997b07c822 Temp Removed Session User agent login vars from functions as its breaking Setup.php because of the reliance on an active mysql connection 2021-12-22 13:20:22 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq aaf65db6f3 Renamed MacOS X to just MacOS for user agent detection 2021-12-12 02:01:30 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00
johnnyq cdae4ecfb6 Set Currency Symbols to Company's Default Currentcy Setting 2021-11-19 20:04:03 -05:00
johnnyq 3ca92cd252 Added Truncated Description to Expense listing #203 2021-11-18 17:56:02 -05:00
johnnyq 2e5e1aee52 Phone numbers are all now formatted correctly per their length 2021-09-11 22:41:50 -04:00
johnnyq e9336c1866 Fix Recent Logins Log front not updating due to VAR name 2021-08-31 13:24:33 -04:00
johnnyq cdcd22ae6f Added TOTP Key 2FA Function to client logins 2021-08-18 22:29:22 -04:00
johnnyq f409e22a60 Started adding currency symbols and starting with invoice 2021-08-18 20:41:19 -04:00
johnny@pittpc.com f8166bdc81 Fixed more php errors empty vars updated more ui search headers 2021-02-04 17:42:21 -05:00
johnny@pittpc.com 6e5a65ecb1 Added PHP Truncate Function to functions.php 2020-09-25 17:16:02 -04:00
johnny@pittpc.com 7f3cdd975f Added a no records placeholder to all tables 2019-09-01 21:49:13 -04:00
johnny@pittpc.com 0e451056b4 Added get OS Browser Device and IP functions, added these functions to guest view invoice, also added invoice view alert and other minor fixes 2019-08-28 21:47:40 -04:00
root e247ad4ee4 Implemented 2FA TOTP with Google Authenticator 2019-06-16 22:33:55 -04:00