AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
933 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

38 Commits

Author SHA1 Message Date
Marcus Hill cee1faf082 Add extension key cookie to login. Add support for storing the php session id in DB so we can access it (without passing the session ID over a cross-domain query). 2022-01-15 20:54:56 +00:00
Marcus Hill 951b03f712 Allow for encryption scheme upgrade 2022-01-11 14:03:34 +00:00
Marcus Hill 13d83f6e3b Add session key setup 2022-01-10 21:47:12 +00:00
Marcus Hill 25b58c21c8 Add Secure flag (HTTPS only) to cookies 2022-01-09 13:56:45 +00:00
Marcus Hill 6609e5065a Set php session cookie to be httponly 2022-01-07 19:10:29 +00:00
johnnyq cf3c0a6410 Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use 2022-01-01 17:02:31 -05:00
johnnyq e978cd142e More Audit Logging work, fixed a bunch of small bugs along the way 2021-12-31 15:33:41 -05:00
johnnyq 33400894d5 Updates and Fixings to Audit Logs, added client tag selection for mass email campaigns 2021-12-28 18:16:54 -05:00
johnnyq 25b5cb3d40 Moved Functions above check login so that check login can use some of the functions, Moved Fingerprinting to check login instead of in functions as its a more appropriate place 2021-12-22 17:24:54 -05:00
johnnyq ba584a57e0 BREAKING CHANGES - Many DB Updates - NOT POSSIBLE TO EASILY UPGRADE TO THIS - Completely reworked User Company Access Permssions, started working on Client Role so Clients can access their data and a bunch of other small fixes 2021-12-22 13:08:24 -05:00
johnnyq 4604280efe This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs. 2021-12-13 12:21:55 -05:00
johnnyq f02e94d585 Started adding IP and User agent to audit logs, log when a user logs out, Merged logout into post.php 2021-12-09 16:12:57 -05:00
johnnyq e36739297d Fixed broken TOTP 2FA 2021-12-04 17:59:40 -05:00
johnnyq e9336c1866 Fix Recent Logins Log front not updating due to VAR name 2021-08-31 13:24:33 -04:00
johnnyq f3053ffbd4 BREAKING CHANGES: Major Backend Code Changes Updated Foreign keys to prepend their table names ex invoice_client_id, switched most queries over to JOIN instead of = Combined contacts and location into client removed client email, phone etc fields, tons of small bug fixes, and other small UI changes all across the board 2021-08-27 23:14:06 -04:00
johnnyq f1828a11a9 Added Boostrap Password Reveal Library and clipboardJS library added copy to clipboard to client logins 2021-08-08 15:04:39 -04:00
johnny@pittpc.com f8166bdc81 Fixed more php errors empty vars updated more ui search headers 2021-02-04 17:42:21 -05:00
johnny@pittpc.com abf7a3b381 updated UI of the login screen, app name. changed username to email changed button from back to blue 2020-03-31 17:42:15 -04:00
johnny@pittpc.com f84e3c4b6b Refactored Login UI to reduce clutter, minimise and increase security also 2FA Box will appear when enabled 2020-01-04 23:44:04 -05:00
johnny@pittpc.com e5036253ed Migrated from sbadmin to AdminLTE CSS framework 2019-11-19 18:29:02 -05:00
johnny@pittpc.com bc61b59244 Fixed password issue causing SQL escape characters to add slashes remove mysqli_real_escape_string as its not needs, md5 produces no sql escape characters by default so it it does not need santized 2019-09-24 14:52:53 -04:00
johnny@pittpc.com 62b088e79d GUI Touchups in Invoice, Quote, clients, vendors, client. Added 2 new fields to client mobile and contact_name, added more pictyure extension in file jpeg anb JPEG and other fixesincluding a new DB dump 2019-09-14 20:40:22 -04:00
johnny@pittpc.com ca427ab763 Updated User Settings Page and added logging to most functions 2019-09-06 03:03:16 -04:00
johnny@pittpc.com d259d1b3dc Started Logs: Login attempts are now logged, created a logs list in the side nav 2019-09-06 00:16:19 -04:00
johnny@pittpc.com 2d5ac7c2e6 Security Mysql Escaped current_code POST var under login 2019-08-28 21:56:45 -04:00
johnny@pittpc.com 0e451056b4 Added get OS Browser Device and IP functions, added these functions to guest view invoice, also added invoice view alert and other minor fixes 2019-08-28 21:47:40 -04:00
root 2984f0ec6c Login and Top Nav Refinements 2019-08-16 00:28:54 -04:00
johnny@pittpc.com 5ca8d201b0 Remove some old files, updated guest urls to work with the new multi company features, and some other multi company update 2019-08-15 18:29:28 -04:00
johnny@pittpc.com bc07fe0090 Started work on multi-company feature 2019-08-14 11:05:54 -04:00
johnny@pittpc.com 0c4021fd23 reworked transfers, added revenues to add income in other ways besides just invoices, reports now uses a compact table to see all data clearly and some other minor fixes. 2019-08-11 13:42:35 -04:00
johnny@pittpc.com bf250cd1fe Fixed Login Software relation, fixed asset logins etc 2019-08-03 19:41:58 -04:00
root b65739bfc3 Updated 2FA UI 2019-06-16 23:56:40 -04:00
root e247ad4ee4 Implemented 2FA TOTP with Google Authenticator 2019-06-16 22:33:55 -04:00
root e0e723bb9f The start of client logins has begun, now can link a user with a client to allow client logins, clients can only view client.php there is more work to be done 2019-05-27 12:28:41 -04:00
root 4389c92c0e Lots of UI cleanups and update, gave a dark look for modals, bunch of icon changes etc 2019-05-13 14:53:17 -04:00
root f5377409b0 Cleaned up unused files, did some code tidying 2019-05-10 21:56:13 -04:00
root c394e927b1 Added start_page function in config, Added Contacts and Locations, seperated client nav and page routes out 2019-03-18 15:08:56 -04:00
root d2c5544785 First commit 2019-03-13 17:40:00 +00:00