AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,172 Commits 7 Branches 16 Tags
d8803aaac2c5297adeb041b2ecdd4dd22c5766e0
Commit Graph

158 Commits

Author SHA1 Message Date
johnnyq
0d6c58f1d0 Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device 2023-11-20 20:49:33 -05:00
johnnyq
3781026c79 Commented Out Remember me as it is not feature complete yet 2023-11-17 14:21:41 -05:00
johnnyq
3f2f405596 Allow Manual Input of Trip Destination or select from client locations, Added Remember me checkbox for future implementation 2023-11-06 19:37:48 -05:00
o-psi
53c11edc8c Update constructs to not have parenthesis. 2023-10-20 15:25:52 -05:00
johnnyq
1ccaa936ac Removed number type on 2FA input field replaced with text and inputmode='numeric' pattern='[0-9]*' 2023-09-22 12:43:18 -04:00
johnnyq
0bc10a30e8 Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP 2023-09-21 12:00:46 -04:00
johnnyq
d31127c137 set current code to an intval since its a number only 2023-09-20 14:58:05 -04:00
johnnyq
40d34bb71d Set 2FA Field on login to a number field so it only shows the numbers on a mobile phone 2023-09-20 14:53:07 -04:00
johnnyq
5938925a35 Added an error if accessing ITFlow by HTTP:// and is set to true 2023-09-20 14:51:29 -04:00
johnnyq
747b7de143 Feature: Force MFA Part 3 - Enforce MFA by redirecting users to their user_profile to setup MFA if Force MFA is checked, next up is to lock them there until 2FA is set 2023-09-06 00:08:21 -04:00
johnnyq
1ed4eeaafc Remove extra bottom margin below error msg on client login 2023-08-20 15:43:39 -04:00
johnnyq
1d0e2ad758 Removed some of the right and left padding to allow for larger login messages 2023-08-20 15:27:43 -04:00
johnnyq
0d497163fe Feature: Login Message now complete can be set in settings > security 2023-08-18 15:35:31 -04:00
johnnyq
fda0d203ed Feature: Added Start Page functionality 2023-08-16 13:23:30 -04:00
Marcus Hill
a966bf0282 Adjust content security policy 2023-06-17 16:13:02 +01:00
Marcus Hill
95cd0ebdc8 Adjust CSP 2023-06-17 16:01:15 +01:00
Marcus Hill
57dab27169 Login page enhancements 
- Default to secure cookies (in case var is not defined in config.php)
- Enable content security policy
- Return HTTP 401 response code for invalid username/password combinations
 2023-06-17 15:09:01 +01:00
johnnyq
25f85486d4 Client Portal can now be enabled or disabled in settings > Modules > Enable Client Portal, it is enabled by default 2023-06-14 19:07:39 -04:00
Marcus Hill
1175cc4ade Enable login key code (see #680) 2023-06-03 21:04:43 +01:00
Marcus Hill
5d6d7e389e Add database structure for 'login key' protection concept 2023-05-13 21:49:09 +01:00
johnnyq
37fb696e63 Replace the remaining php files with nullable_htmlentites() 2023-05-11 18:27:48 -04:00
johnnyq
48fe49cf77 BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes 2023-03-11 16:16:46 -05:00
johnnyq
f7552cd25a Finished up santizeInput Conv and UI updates 2023-02-23 16:09:37 -05:00
johnnyq
8a91ae0e46 More updating with new sanitize function and more logging and alerting cont 2023-02-16 22:26:38 -05:00
Marcus Hill
5bb4296f14 Adjust core files to 4 spaces 2023-02-12 14:40:10 +00:00
Marcus Hill
c219324bb8 General cleanup/formatting 2023-02-09 11:42:57 +00:00
Marcus Hill
b36719eb99 General cleanup/tidying 2023-02-09 11:32:40 +00:00
Marcus Hill
e8c9e63a7b Add X-Frame-Options to login pages & client portal 2023-02-05 18:43:50 +00:00
Marcus Hill
d2124b92f1 Hide the username and password field (via CSS) when prompting for 2FA code 2023-01-30 18:55:30 +00:00
Johnny
4fd6d752c6 Merge pull request #580 from wrongecho/function-standardise 
Convert custom function names to camelCase
 2023-01-26 18:20:33 -05:00
Marcus Hill
531bd25f27 Convert custom function names to camelCase 2023-01-26 22:03:31 +00:00
Marcus Hill
10362f86ef Convert custom function names to camelCase 2023-01-26 21:58:27 +00:00
Marcus Hill
23e3a2e8fc - Create custom function (randomString()) for generating cryptographically (and URL) safe strings. 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
 2023-01-26 21:35:06 +00:00
Marcus Hill
cffde0fbbd Tidy 2023-01-25 23:07:37 +00:00
Marcus Hill
0f3b6b5d23 Add alt-text to logo 2023-01-25 23:04:45 +00:00
Marcus Hill
67e1fb7021 Show the 'default' company logo (if configured) on the client login page instead of the ITFlow/company name text 2023-01-25 23:04:45 +00:00
Marcus Hill
95aa46cd52 Show the 'default' company logo (if configured) on the agent login page instead of the ITFlow text 2023-01-25 23:04:45 +00:00
Marcus Hill
efecab179b General cleanups, add HTML lang element to match header.php 2023-01-25 23:04:41 +00:00
wrongecho
b19c7a6f49 Merge branch 'master' into code-tidy 2023-01-23 19:21:43 +00:00
Marcus Hill
d73b3cb960 Correct typos 2023-01-21 17:22:27 +00:00
Marcus Hill
2c3ebb3bbb Tidy codestyle - spaces between parenthesis and curly braces 2023-01-21 17:09:39 +00:00
Marcus Hill
6f900269d7 Add notifications for unusual logins. A login is considered "unusual" if both the user agent and IP address used haven't appeared in the user's sign-in logs before. 2023-01-21 15:16:11 +00:00
Marcus Hill
3973a0dd00 Adjust hardcoded ITFlow to config_app_name 2023-01-21 14:27:40 +00:00
Marcus Hill
2c1f760ce0 - Move brute force login protection before the page loads 
- Increased the threshold to 15 attempts, but over 10 mins instead
 2023-01-21 13:42:54 +00:00
Marcus Hill
b9b0440186 - Add email notification to agents if their 2FA code is entered incorrectly (this may be a sign of account compromise) 
- Tidy login code flow so that the "logged" session variable only has to be set in one place, rather than in two (both for 2fa and non-2fa logins)
 2023-01-21 13:25:16 +00:00
Marcus Hill
b2ccb53c44 Re-add fix from chandachewe10 to prevent offset array error when entering invalid credentials 2023-01-18 21:21:58 +00:00
johnnyq
c0399a2c42 Added Disable and Activate Users, fixes #539 2023-01-13 18:24:50 -05:00
Johnny
b91ead19ce Revert "removed warning" 2023-01-08 14:00:16 -05:00
chandachewe10
e0b314e5a9 removed warning 2023-01-08 00:01:52 +00:00
Marcus Hill
24f825ca08 SQL Escape tech username in session. The username is added to most log entries meaning that a simple apostrophe in the name breaks all logging for the user 2023-01-02 19:22:21 +00:00