ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved Functions above check login so that check login can use some of the functions, Moved Fingerprinting to check login instead of in functions as its a more appropriate place

Browse Source
This commit is contained in:
johnnyq
2021-12-22 17:24:54 -05:00
parent 610eeca0a1
commit 25b5cb3d40
5 changed files with 34 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
check_login.php
View File

@@ -13,6 +13,12 @@
die; die;
} }
//SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
$session_user_id = $_SESSION['user_id']; $session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id"); $sql = mysqli_query($mysqli,"SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");

83
header.php
View File

@@ -1,83 +0,0 @@
<?php
include("config.php");
include("check_login.php");
include("functions.php");
?>
<!DOCTYPE html>
<!--
This is a starter template page. Use this page to start your new project from
scratch. This page gets rid of all links and provides the needed markup only.
-->
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title><?php echo $config_app_name; ?></title>
<!-- Font Awesome Icons -->
<link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro -->
<!-- <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> -->
<!-- Custom Style Sheet -->
<link href="plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" type="text/css">
<link href="plugins/select2/css/select2.min.css" rel="stylesheet" type="text/css">
<link href="plugins/select2-bootstrap4-theme/select2-bootstrap4.min.css" rel="stylesheet" type="text/css">
<link href='plugins/fullcalendar/main.min.css' rel='stylesheet' />
<link href='plugins/daterangepicker/daterangepicker.css' rel='stylesheet' />
<link href="plugins/summernote/summernote-bs4.css" rel="stylesheet">
<link href="plugins/toastr/toastr.min.css" rel="stylesheet">
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper text-sm">
<?php include("top_nav.php"); ?>
<?php
if(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "client.php"){
include("client_side_nav.php");
//}elseif(basename(parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH)) == "settings-general.php"){
//include("admin_side_nav.php");
}else{
include("side_nav.php");
}
?>
<!-- Content Wrapper. Contains page content -->
<div class="content-wrapper">
<!-- Main content -->
<div class="content mt-3">
<div class="container-fluid">
<?php
//Alert Feedback
if(!empty($_SESSION['alert_message'])){
?>
<div class="alert alert-success alert-<?php echo $_SESSION['alert_type']; ?>" id="alert">
<?php echo $_SESSION['alert_message']; ?>
<button class='close' data-dismiss='alert'>&times;</button>
</div>
<?php
unset($_SESSION['alert_type']);
unset($_SESSION['alert_message']);
}
//Set Records Per Page
if(empty($_SESSION['records_per_page'])){
$_SESSION['records_per_page'] = 10;
}
?>

1
login.php
View File

@@ -11,6 +11,7 @@ if(!file_exists('config.php')){
<?php <?php
//SESSION FINGERPRINT
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os())); $os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser())); $browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));

29
post.php
View File

@@ -1,8 +1,8 @@
<?php <?php
include("config.php"); include("config.php");
include("check_login.php");
include("functions.php"); include("functions.php");
include("check_login.php");
require("vendor/PHPMailer-6.5.1/src/PHPMailer.php"); require("vendor/PHPMailer-6.5.1/src/PHPMailer.php");
require("vendor/PHPMailer-6.5.1/src/SMTP.php"); require("vendor/PHPMailer-6.5.1/src/SMTP.php");
@@ -891,6 +891,27 @@ if(isset($_GET['update'])){
} }
if(isset($_GET['update_db'])){
//Alter SQL Structure
//Put ID Here
//mysqli_query($mysqli,"ALTER TABLE logs ADD log_ip VARCHAR(200) NULL AFTER log_description");
//mysqli_query($mysqli,"ALTER TABLE logs ADD log_user_agent VARCHAR(250) NULL AFTER log_ip");
//85cdc42d0f15e36de5cab00d7f3c799a056e85ef
//mysqli_query($mysqli,"ALTER TABLE assets ADD asset_install_date DATE NULL AFTER asset_warranty_expire");
//c88e6b851aadfbde173f7cfe7155dd1ed31adece
//mysqli_query($mysqli,"ALTER TABLE settings DROP config_enable_alert_low_balance");
//mysqli_query($mysqli,"ALTER TABLE settings DROP config_account_balance_threshold");
$_SESSION['alert_message'] = "Database Structure Update Successful!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['add_client'])){ if(isset($_POST['add_client'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -952,9 +973,9 @@ if(isset($_POST['add_client'])){
//Add Tags //Add Tags
foreach($_POST['tags'] as $tag_id){ foreach($_POST['tags'] as $tag){
intval($tag_id); intval($tag);
mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag_id"); mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
} }
$_SESSION['alert_message'] = "Client added"; $_SESSION['alert_message'] = "Client added";

3
settings-update.php
View File

@@ -27,10 +27,11 @@ $git_log = shell_exec("git log master..origin/master --pretty=format:'<tr><td>%h
<center> <center>
<h5><small class="text-secondary">Current Version</small><br><?php echo $current_version; ?></h5> <h5><small class="text-secondary">Current Version</small><br><?php echo $current_version; ?></h5>
<?php if(!empty($git_log)){ ?> <?php if(!empty($git_log)){ ?>
<a class="btn btn-primary btn-lg my-4" href="post.php?update"><i class="fa fa-fw fa-4x fa-check-square"></i><br>Update<br>NOW</a> <a class="btn btn-primary btn-lg my-4" href="post.php?update"><i class="fa fa-fw fa-4x fa-check-square"></i><br>Update<br>App</a>
<?php <?php
}else{ }else{
?> ?>
<a class="btn btn-dark btn-lg my-4" href="post.php?update_db"><i class="fa fa-fw fa-4x fa-check-square"></i><br>Update<br>Database Structure</a>
<h3 class="text-success">Congratulations you are up to date!</h3> <h3 class="text-success">Congratulations you are up to date!</h3>
<?php <?php
} }