Merge pull request #886 from twetech/0.1.8.4
Remember Me Tokens, and AI Enhancements
This commit is contained in:
Johnny
@@ -1607,10 +1607,17 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
|
|||||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.6'");
|
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.6'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// if (CURRENT_DATABASE_VERSION == '1.0.6') {
|
if (CURRENT_DATABASE_VERSION == '1.0.6') {
|
||||||
// // Insert queries here required to update to DB version 1.0.7
|
// Insert queries here required to update to DB version 1.0.7
|
||||||
|
mysqli_query($mysqli, "CREATE TABLE `remember_tokens` (`remember_token_id` int(11) NOT NULL AUTO_INCREMENT,`remember_token_token` varchar(255) NOT NULL,`remember_token_user_id` int(11) NOT NULL,`remember_token_created_at` datetime NOT NULL DEFAULT current_timestamp()");
|
||||||
|
// Then, update the database to the next sequential version
|
||||||
|
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
|
||||||
|
}
|
||||||
|
|
||||||
|
// if (CURRENT_DATABASE_VERSION == '1.0.7') {
|
||||||
|
// // Insert queries here required to update to DB version 1.0.8
|
||||||
// // Then, update the database to the next sequential version
|
// // Then, update the database to the next sequential version
|
||||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
|
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
|
||||||
// }
|
// }
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -5,5 +5,5 @@
|
|||||||
* It is used in conjunction with database_updates.php
|
* It is used in conjunction with database_updates.php
|
||||||
*/
|
*/
|
||||||
|
|
||||||
DEFINE("LATEST_DATABASE_VERSION", "1.0.6");
|
DEFINE("LATEST_DATABASE_VERSION", "1.0.7");
|
||||||
|
|
||||||
|
|||||||
16
db.sql
16
db.sql
@@ -1041,6 +1041,22 @@ CREATE TABLE `recurring_expenses` (
|
|||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
|
||||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||||
|
|
||||||
|
--
|
||||||
|
-- Table structure for table remember_tokens
|
||||||
|
--
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `remember_tokens`;
|
||||||
|
/*!40101 SET @saved_cs_client = @@character_set_client */;
|
||||||
|
/*!40101 SET character_set_client = utf8 */;
|
||||||
|
CREATE TABLE `remember_tokens` (
|
||||||
|
`remember_token_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||||
|
`remember_token_user_id` int(10) unsigned NOT NULL,
|
||||||
|
`remember_token_token` varchar(100) NOT NULL,
|
||||||
|
`remember_token_created_at` timestamp NOT NULL DEFAULT current_timestamp(),
|
||||||
|
PRIMARY KEY (`id`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
|
||||||
|
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Table structure for table `revenues`
|
-- Table structure for table `revenues`
|
||||||
--
|
--
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
document.getElementById('rewordButton').addEventListener('click', function() {
|
document.getElementById('rewordButton').addEventListener('click', function() {
|
||||||
var textInput = document.getElementById('textInput');
|
var textInput = document.getElementById('textInput');
|
||||||
|
var ticketDescription = document.getElementById('ticketDescription');
|
||||||
var rewordButton = document.getElementById('rewordButton');
|
var rewordButton = document.getElementById('rewordButton');
|
||||||
var undoButton = document.getElementById('undoButton');
|
var undoButton = document.getElementById('undoButton');
|
||||||
var previousText = textInput.value; // Store the current text
|
var previousText = textInput.value; // Store the current text
|
||||||
@@ -13,7 +14,11 @@ document.getElementById('rewordButton').addEventListener('click', function() {
|
|||||||
headers: {
|
headers: {
|
||||||
'Content-Type': 'application/json',
|
'Content-Type': 'application/json',
|
||||||
},
|
},
|
||||||
body: JSON.stringify({ text: textInput.value }),
|
// Body with the text to reword and the ticket description
|
||||||
|
body: JSON.stringify({
|
||||||
|
text: textInput.value,
|
||||||
|
ticketDescription: ticketDescription.innerText.valueOf(),
|
||||||
|
}),
|
||||||
})
|
})
|
||||||
.then(response => response.json())
|
.then(response => response.json())
|
||||||
.then(data => {
|
.then(data => {
|
||||||
|
|||||||
27
login.php
27
login.php
@@ -111,14 +111,24 @@ if (isset($_POST['login'])) {
|
|||||||
$user_email = sanitizeInput($row['user_email']);
|
$user_email = sanitizeInput($row['user_email']);
|
||||||
$token = sanitizeInput($row['user_token']);
|
$token = sanitizeInput($row['user_token']);
|
||||||
$force_mfa = intval($row['user_config_force_mfa']);
|
$force_mfa = intval($row['user_config_force_mfa']);
|
||||||
$remember_token = $row['user_config_remember_me_token'];
|
$user_role = intval($row['user_role']);
|
||||||
|
$user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
|
||||||
|
$user_extension_key = $row['user_extension_key'];
|
||||||
if($force_mfa == 1 && $token == NULL) {
|
if($force_mfa == 1 && $token == NULL) {
|
||||||
$config_start_page = "user_security.php";
|
$config_start_page = "user_security.php";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get remember tokens less than 2 days old
|
||||||
|
$remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL 2 DAY)");
|
||||||
|
|
||||||
$bypass_2fa = false;
|
$bypass_2fa = false;
|
||||||
if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) {
|
if (isset($_COOKIE['rememberme'])) {
|
||||||
$bypass_2fa = true;
|
while ($row = mysqli_fetch_assoc($remember_tokens)) {
|
||||||
|
if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) {
|
||||||
|
$bypass_2fa = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
} elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
|
} elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
|
||||||
$bypass_2fa = true;
|
$bypass_2fa = true;
|
||||||
}
|
}
|
||||||
@@ -127,7 +137,7 @@ if (isset($_POST['login'])) {
|
|||||||
if (isset($_POST['remember_me'])) {
|
if (isset($_POST['remember_me'])) {
|
||||||
$newRememberToken = bin2hex(random_bytes(64));
|
$newRememberToken = bin2hex(random_bytes(64));
|
||||||
setcookie('rememberme', $newRememberToken, time() + 86400*2, "/", null, true, true);
|
setcookie('rememberme', $newRememberToken, time() + 86400*2, "/", null, true, true);
|
||||||
$updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id";
|
$updateTokenQuery = "INSERT INTO remember_tokens (remember_token_user_id, remember_token_token) VALUES ($user_id, '$newRememberToken')";
|
||||||
mysqli_query($mysqli, $updateTokenQuery);
|
mysqli_query($mysqli, $updateTokenQuery);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -171,21 +181,20 @@ if (isset($_POST['login'])) {
|
|||||||
// Session info
|
// Session info
|
||||||
$_SESSION['user_id'] = $user_id;
|
$_SESSION['user_id'] = $user_id;
|
||||||
$_SESSION['user_name'] = $user_name;
|
$_SESSION['user_name'] = $user_name;
|
||||||
$_SESSION['user_role'] = intval($row['user_role']);
|
$_SESSION['user_role'] = $user_role;
|
||||||
$_SESSION['csrf_token'] = randomString(156);
|
$_SESSION['csrf_token'] = randomString(156);
|
||||||
$_SESSION['logged'] = true;
|
$_SESSION['logged'] = true;
|
||||||
|
|
||||||
// Setup encryption session key
|
// Setup encryption session key
|
||||||
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
|
if (is_null($user_encryption_ciphertext) && $user_role > 1) {
|
||||||
$user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
|
|
||||||
$site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
|
$site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
|
||||||
generateUserSessionKey($site_encryption_master_key);
|
generateUserSessionKey($site_encryption_master_key);
|
||||||
|
|
||||||
// Setup extension
|
// Setup extension
|
||||||
if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
|
if (is_null($user_extension_key)) {
|
||||||
// Extension cookie
|
// Extension cookie
|
||||||
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
|
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
|
||||||
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
|
setcookie("user_extension_key", "$user_extension_key", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
|
||||||
|
|
||||||
// Set PHP session in DB, so we can access the session encryption data (above)
|
// Set PHP session in DB, so we can access the session encryption data (above)
|
||||||
$user_php_session = session_id();
|
$user_php_session = session_id();
|
||||||
|
|||||||
@@ -12,14 +12,15 @@ if (isset($_GET['ai_reword'])) {
|
|||||||
$inputJSON = file_get_contents('php://input');
|
$inputJSON = file_get_contents('php://input');
|
||||||
$input = json_decode($inputJSON, TRUE); // Convert JSON into array.
|
$input = json_decode($inputJSON, TRUE); // Convert JSON into array.
|
||||||
|
|
||||||
// Prefix the input text with "reword: "
|
$promptText = "You are an experienced technician at a help desk, training a new technician. You are helping rewrite response for clarity and professionalism, but dont make it too wordy.";
|
||||||
$prefixedText = "reword: " . $input['text'];
|
$userText = $input['text'];
|
||||||
|
|
||||||
// Preparing the data for the OpenAI Chat API request.
|
// Preparing the data for the OpenAI Chat API request.
|
||||||
$data = [
|
$data = [
|
||||||
"model" => "$config_ai_model", // Specify the model
|
"model" => "$config_ai_model", // Specify the model
|
||||||
"messages" => [
|
"messages" => [
|
||||||
["role" => "user", "content" => $prefixedText]
|
["role" => "system", "content" => $promptText],
|
||||||
|
["role" => "user", "content" => $userText],
|
||||||
],
|
],
|
||||||
"temperature" => 0.7
|
"temperature" => 0.7
|
||||||
];
|
];
|
||||||
@@ -45,6 +46,8 @@ if (isset($_GET['ai_reword'])) {
|
|||||||
|
|
||||||
// Check if the response contains the expected data and return it.
|
// Check if the response contains the expected data and return it.
|
||||||
if (isset($responseData['choices'][0]['message']['content'])) {
|
if (isset($responseData['choices'][0]['message']['content'])) {
|
||||||
|
// Remove any square brackets and their contents from the response.
|
||||||
|
$responseData['choices'][0]['message']['content'] = preg_replace('/\[.*?\]/', '', $responseData['choices'][0]['message']['content']);
|
||||||
echo json_encode(['rewordedText' => trim($responseData['choices'][0]['message']['content'])]);
|
echo json_encode(['rewordedText' => trim($responseData['choices'][0]['message']['content'])]);
|
||||||
} else {
|
} else {
|
||||||
// Handle errors or unexpected response structure.
|
// Handle errors or unexpected response structure.
|
||||||
|
|||||||
@@ -285,7 +285,7 @@ if (isset($_GET['ticket_id'])) {
|
|||||||
<h3 class="card-title text-bold"><?php echo $ticket_subject; ?></h3>
|
<h3 class="card-title text-bold"><?php echo $ticket_subject; ?></h3>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="card-body prettyContent">
|
<div class="card-body prettyContent" id="ticketDetails">
|
||||||
<?php echo $ticket_details; ?>
|
<?php echo $ticket_details; ?>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|||||||
Reference in New Issue
Block a user