ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #450 from wrongecho/misc

Browse Source 
Assorted changes/commits
This commit is contained in:
Johnny
2022-04-25 11:29:39 -04:00
committed by GitHub
parent fee69c51a3 81363e09a3
commit 82f74a7a49
15 changed files with 1189 additions and 1123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ajax.php
View File

@@ -9,6 +9,7 @@
include("config.php"); include("config.php");
include("functions.php"); include("functions.php");
include("check_login.php"); include("check_login.php");
require_once("rfc6238.php");
/* /*
* Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key) * Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
@@ -304,4 +305,14 @@ if(isset($_GET['scheduled_ticket_get_json_details'])){
echo json_encode($response); echo json_encode($response);
}
/*
* Dynamic TOTP for client login page
* When provided with a TOTP secret, returns a 6-digit code
*/
if(isset($_GET['get_totp_token'])){
$otp = TokenAuth6238::getTokenCode($_GET['totp_secret']);
echo json_encode($otp);
} }

16
client_asset_copy_modal.php
View File

@@ -43,7 +43,7 @@
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
</div> </div>
<input type="text" class="form-control" name="name" placeholder="Name the asset" value="<?php echo $asset_name; ?>" <?php if(!empty($asset_meshcentral_id)){echo "disabled";} ?> required> <input type="text" class="form-control" name="name" placeholder="Name the asset" value="<?php echo $asset_name; ?>" required>
</div> </div>
</div> </div>
@@ -101,7 +101,7 @@
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fab fa-fw fa-windows"></i></span> <span class="input-group-text"><i class="fab fa-fw fa-windows"></i></span>
</div> </div>
<input type="text" class="form-control" name="os" placeholder="ex Windows 10 Pro" <?php if(!empty($asset_meshcentral_id)){echo "disabled";} ?> value="<?php echo $asset_os; ?>"> <input type="text" class="form-control" name="os" placeholder="ex Windows 10 Pro" value="<?php echo $asset_os; ?>">
</div> </div>
</div> </div>
<?php } ?> <?php } ?>
@@ -206,16 +206,6 @@
</div> </div>
</div> </div>
<div class="form-group">
<label>MeshCentral Node ID</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-sync"></i></span>
</div>
<input type="text" class="form-control" name="mesh_id" value="<?php echo $asset_meshcentral_id; ?>" placeholder="MeshCentral ID">
</div>
</div>
</div> </div>
<div class="tab-pane fade" id="pillsPurchaseCopy<?php echo $asset_id; ?>"> <div class="tab-pane fade" id="pillsPurchaseCopy<?php echo $asset_id; ?>">
@@ -305,7 +295,7 @@
<div class="tab-pane fade" id="pillsNotesCopy<?php echo $asset_id; ?>"> <div class="tab-pane fade" id="pillsNotesCopy<?php echo $asset_id; ?>">
<div class="form-group"> <div class="form-group">
<textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes" <?php if(!empty($asset_meshcentral_id)){echo "disabled";} ?>><?php echo $asset_notes; ?></textarea> <textarea class="form-control" rows="8" placeholder="Enter some notes" name="notes"><?php echo $asset_notes; ?></textarea>
</div> </div>
</div> </div>

7
client_login_add_modal.php
View File

@@ -55,10 +55,13 @@
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div> </div>
<input type="password" class="form-control" data-toggle="password" name="password" placeholder="Password" required autocomplete="new-password"> <input type="password" class="form-control" data-toggle="password" id="password" name="password" placeholder="Password" required autocomplete="new-password">
<div class="input-group-append"> <div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div> </div>
<div class="input-group-append">
<span class="btn btn-default"><i class="fa fa-fw fa-question" onclick="generatePassword()"></i></span>
</div>
</div> </div>
</div> </div>
@@ -204,4 +207,4 @@
</form> </form>
</div> </div>
</div> </div>
</div> </div>

167
client_logins.php
View File

@@ -1,7 +1,5 @@
<?php <?php
require_once("rfc6238.php");
if(!empty($_GET['sb'])){ if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']); $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{ }else{
@@ -20,41 +18,41 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?> ?>
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key"></i> Logins</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-key"></i> Logins</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal"><i class="fas fa-fw fa-plus"></i> New Login</button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal"><i class="fas fa-fw fa-plus"></i> New Login</button>
</div>
</div> </div>
</div> <div class="card-body">
<div class="card-body"> <form autocomplete="off">
<form autocomplete="off"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>"> <div class="row">
<div class="row">
<div class="col-md-4">
<div class="col-md-4"> <div class="input-group mb-3 mb-md-0">
<div class="input-group mb-3 mb-md-0"> <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>"> <div class="input-group-append">
<div class="input-group-append"> <button class="btn btn-dark"><i class="fa fa-search"></i></button>
<button class="btn btn-dark"><i class="fa fa-search"></i></button> </div>
</div> </div>
</div> </div>
</div>
<div class="col-md-8"> <div class="col-md-8">
<div class="float-right"> <div class="float-right">
<a href="post.php?export_client_<?php echo strip_tags($_GET['tab']); ?>_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a> <a href="post.php?export_client_<?php echo strip_tags($_GET['tab']); ?>_csv=<?php echo $client_id; ?>" class="btn btn-default"><i class="fa fa-fw fa-download"></i> Export</a>
<a href="#" class="btn btn-default"><i class="fa fa-fw fa-upload"></i> Import</a> <a href="#" class="btn btn-default"><i class="fa fa-fw fa-upload"></i> Import</a>
</div>
</div> </div>
</div>
</div> </div>
</form> </form>
<hr> <hr>
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-striped table-borderless table-hover"> <table class="table table-striped table-borderless table-hover">
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>"> <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr> <tr>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_name&o=<?php echo $disp; ?>">Name</a></th> <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_name&o=<?php echo $disp; ?>">Name</a></th>
<th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_uri&o=<?php echo $disp; ?>">URL/Host</a></th> <th><a class="text-secondary" href="?<?php echo $url_query_strings_sb; ?>&sb=login_uri&o=<?php echo $disp; ?>">URL/Host</a></th>
@@ -63,10 +61,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th>OTP</th> <th>OTP</th>
<th class="text-center">Action</th> <th class="text-center">Action</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<?php <?php
while($row = mysqli_fetch_array($sql)){ while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id']; $login_id = $row['login_id'];
$login_name = $row['login_name']; $login_name = $row['login_name'];
@@ -84,62 +82,83 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
} }
$login_password = htmlentities(decryptLoginEntry($row['login_password'])); $login_password = htmlentities(decryptLoginEntry($row['login_password']));
$login_otp_secret = $row['login_otp_secret']; $login_otp_secret = $row['login_otp_secret'];
$login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
if(empty($login_otp_secret)){ if(empty($login_otp_secret)){
$otp_display = "-"; $otp_display = "-";
}else{ }else{
$otp = TokenAuth6238::getTokenCode($login_otp_secret,$rangein30s = 3); $otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
$otp_display = "<i class='far fa-clock text-secondary'></i> $otp<button class='btn btn-sm clipboardjs' data-clipboard-text='$otp'><i class='far fa-copy text-secondary'></i></button>";
} }
$login_note = $row['login_note']; $login_note = $row['login_note'];
$login_contact_id = $row['login_contact_id']; $login_contact_id = $row['login_contact_id'];
$login_vendor_id = $row['login_vendor_id']; $login_vendor_id = $row['login_vendor_id'];
$login_asset_id = $row['login_asset_id']; $login_asset_id = $row['login_asset_id'];
$login_software_id = $row['login_software_id']; $login_software_id = $row['login_software_id'];
?> ?>
<tr> <tr>
<td> <td>
<i class="fa fa-fw fa-key text-secondary"></i> <i class="fa fa-fw fa-key text-secondary"></i>
<a class="text-dark" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>"> <a class="text-dark" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
<?php echo $login_name; ?> <?php echo $login_name; ?>
</a> </a>
</td> </td>
<td><?php echo $login_uri_display; ?></td> <td><?php echo $login_uri_display; ?></td>
<td><?php echo $login_username_display; ?></td> <td><?php echo $login_username_display; ?></td>
<td> <td>
<a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td> <a tabindex="0" class="btn btn-sm" data-toggle="popover" data-trigger="focus" data-placement="left" data-content="<?php echo $login_password; ?>"><i class="far fa-eye text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button></td>
</td> </td>
<td><?php echo $otp_display; ?></td> <td><?php echo $otp_display; ?></td>
<td> <td>
<div class="dropdown dropleft text-center"> <div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown"> <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i> <i class="fas fa-ellipsis-h"></i>
</button> </button>
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
<?php if($session_user_role == 3) { ?> <?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a> <a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<?php } ?> <?php } ?>
</div>
</div> </div>
</div> </td>
</td> </tr>
</tr>
<?php <?php
include("client_login_edit_modal.php"); include("client_login_edit_modal.php");
} }
?> ?>
</tbody> </tbody>
</table> </table>
</div>
<?php include("pagination.php"); ?>
</div> </div>
<?php include("pagination.php"); ?>
</div> </div>
</div>
<script>
function showOTP(id, secret){
//Send a GET request to ajax.php as ajax.php?get_totp_token=true&totp_secret=SECRET
jQuery.get(
"ajax.php",
{get_totp_token: 'true', totp_secret: secret},
function(data){
//If we get a response from post.php, parse it as JSON
const token = JSON.parse(data);
document.getElementById("otp_" + id).innerText = token
}
);
}
function generatePassword(){
document.getElementById("password").value = "<?php echo keygen() ?>"
}
</script>
<?php <?php
include("client_login_add_modal.php"); include("client_login_add_modal.php");

6
client_overview.php
View File

@@ -15,6 +15,7 @@ $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_client_id =
// Get Domains Expiring // Get Domains Expiring
$sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains $sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains
WHERE domain_client_id = $client_id WHERE domain_client_id = $client_id
AND domain_expire != '0000-00-00'
AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY AND domain_expire < CURRENT_DATE + INTERVAL 30 DAY
AND company_id = $session_company_id ORDER BY domain_expire DESC" AND company_id = $session_company_id ORDER BY domain_expire DESC"
); );
@@ -22,6 +23,7 @@ $sql_domains_expiring = mysqli_query($mysqli,"SELECT * FROM domains
// Get Asset Warranties Expiring // Get Asset Warranties Expiring
$sql_asset_warranties_expiring = mysqli_query($mysqli,"SELECT * FROM assets $sql_asset_warranties_expiring = mysqli_query($mysqli,"SELECT * FROM assets
WHERE asset_client_id = $client_id WHERE asset_client_id = $client_id
AND asset_warranty_expire != '0000-00-00'
AND asset_warranty_expire < CURRENT_DATE + INTERVAL 90 DAY AND asset_warranty_expire < CURRENT_DATE + INTERVAL 90 DAY
AND company_id = $session_company_id ORDER BY asset_warranty_expire DESC" AND company_id = $session_company_id ORDER BY asset_warranty_expire DESC"
); );
@@ -29,8 +31,8 @@ $sql_asset_warranties_expiring = mysqli_query($mysqli,"SELECT * FROM assets
// Get Stale Tickets // Get Stale Tickets
$sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
WHERE ticket_client_id = $client_id WHERE ticket_client_id = $client_id
AND ticket_created_at < CURRENT_DATE + INTERVAL 14 DAY AND ticket_created_at < CURRENT_DATE - INTERVAL 14 DAY
AND ticket_status = 'Open' AND ticket_status != 'Closed'
AND company_id = $session_company_id ORDER BY ticket_created_at DESC" AND company_id = $session_company_id ORDER BY ticket_created_at DESC"
); );

452
client_service_add_modal.php
View File

@@ -1,238 +1,246 @@
<div class="modal" id="addServiceModal" tabindex="-1"> <div class="modal" id="addServiceModal" tabindex="-1">
<div class="modal-dialog modal-md"> <div class="modal-dialog modal-md">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i> New Service</h5> <h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i> New Service</h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span> <span aria-hidden="true">&times;</span>
</button> </button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-overview">Overview</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets">Assets</a>
</li>
</ul>
<hr>
<div class="tab-content">
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
<div class="tab-pane fade show active" id="pills-overview">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" required autofocus>
</div>
</div>
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" autofocus>
</div>
</div>
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" autofocus>
</div>
</div>
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"></textarea>
</div>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <div class="tab-pane fade" id="pills-general">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>"> <div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
echo "<option value=\"$contact_id\">$contact_name</option>";
}
?>
</select>
</div>
<div class="modal-body bg-white"> <div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
?>
</select>
</div>
<ul class="nav nav-pills nav-justified mb-3"> <div class="form-group">
<li class="nav-item"> <label for="documents">Documents</label>
<a class="nav-link active" data-toggle="pill" href="#pills-overview">Overview</a> <p></p>
</li> <select class="form-select" id="documents" name="documents[]" multiple="multiple">
<li class="nav-item"> <option value="">- Documents -</option>
<a class="nav-link" data-toggle="pill" href="#pills-general">General</a> <?php
</li> $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
<li class="nav-item"> while($row = mysqli_fetch_array($sql)){
<a class="nav-link" data-toggle="pill" href="#pills-assets">Assets</a> $document_id = $row['document_id'];
</li> $document_name = $row['document_name'];
</ul> echo "<option value=\"$document_id\">$document_name</option>";
}
?>
</select>
</div>
<hr> <!-- TODO: Services related to other services -->
<div class="tab-content"> </div>
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
<div class="tab-pane fade show active" id="pills-overview">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" required autofocus>
</div>
</div>
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" autofocus>
</div>
</div>
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option>Low</option>
<option>Medium</option>
<option>High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" autofocus>
</div>
</div>
<!-- TODO: We need a way of adding multiple (optional) URLs? Ideas? -->
<!-- <div class="form-group">
<label>URL</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-link"></i></span>
</div>
<input type="text" class="form-control" name="url" placeholder="URL" autofocus>
</div>
</div> -->
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"></textarea>
</div>
</div>
<div class="tab-pane fade" id="pills-general">
<div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$contact_id = $row['contact_id'];
$contact_name = $row['contact_name'];
echo "<option value=\"$contact_id\">$contact_name</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$vendor_id = $row['vendor_id'];
$vendor_name = $row['vendor_name'];
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="documents">Documents</label>
<p></p>
<select class="form-select" id="documents" name="documents[]" multiple="multiple">
<option value="">- Documents -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$document_id = $row['document_id'];
$document_name = $row['document_name'];
echo "<option value=\"$document_id\">$document_name</option>";
}
?>
</select>
</div>
<!-- TODO: Services related to other services -->
</div>
<div class="tab-pane fade" id="pills-assets"> <div class="tab-pane fade" id="pills-assets">
<div class="form-group">
<label for="assets">Assets</label>
<p></p>
<select class="form-select" id="assets" name="assets[]" multiple="multiple">
<option value="">- Assets -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id'];
$asset_name = $row['asset_name'];
echo "<option value=\"$asset_id\">$asset_name</option>";
}
?>
</select>
</div>
<div class="form-group"> <div class="row">
<label for="logins">Logins</label>
<p class="text-muted">Logins associated to related assets will show as related automatically</p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
echo "<option value=\"$login_id\">$login_name</option>";
}
?>
</select>
</div>
<div class="form-group"> <div class="col">
<label for="domains">Domains</label> <div class="form-group">
<p></p> <label for="assets">Assets</label>
<select class="form-select" id="domains" name="domains[]" multiple="multiple"> <p></p>
<option value="">- Domains -</option> <select class="form-select" id="assets" name="assets[]" multiple="multiple">
<?php <option value="">- Assets -</option>
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'"); <?php
while($row = mysqli_fetch_array($sql)){ $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
$domain_id = $row['domain_id']; while($row = mysqli_fetch_array($sql)){
$domain_name = $row['domain_name']; $asset_id = $row['asset_id'];
echo "<option value=\"$domain_id\">$domain_name</option>"; $asset_name = $row['asset_name'];
} echo "<option value=\"$asset_id\">$asset_name</option>";
?> }
</select> ?>
</div> </select>
</div>
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$cert_id = $row['certificate_id'];
$cert_name = $row['certificate_name'];
$cert_domain = $row['certificate_domain'];
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
}
?>
</select>
</div>
</div>
</div>
</div> </div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <div class="col">
<button type="submit" name="add_service" class="btn btn-primary">Save</button> <div class="form-group">
<label for="logins">Logins</label>
<p></p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$login_id = $row['login_id'];
$login_name = $row['login_name'];
echo "<option value=\"$login_id\">$login_name</option>";
}
?>
</select>
</div>
</div> </div>
</form>
</div>
<div class="row">
<div class="col">
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id'];
$domain_name = $row['domain_name'];
echo "<option value=\"$domain_id\">$domain_name</option>";
}
?>
</select>
</div>
</div>
<div class="col">
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row = mysqli_fetch_array($sql)){
$cert_id = $row['certificate_id'];
$cert_name = $row['certificate_name'];
$cert_domain = $row['certificate_domain'];
echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
}
?>
</select>
</div>
</div>
</div>
</div>
</div>
</div> </div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="add_service" class="btn btn-primary">Save</button>
</div>
</form>
</div> </div>
</div>
</div> </div>

545
client_service_edit_modal.php
View File

@@ -1,290 +1,307 @@
<div class="modal" id="editServiceModal<?php echo $service_id ?>" tabindex="-1"> <div class="modal" id="editServiceModal<?php echo $service_id ?>" tabindex="-1">
<div class="modal-dialog modal-md"> <div class="modal-dialog modal-md">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i><?php echo "Edit $service_name"; ?> </h5> <h5 class="modal-title text-white"><i class="fa fa-fw fa-stream mr-2"></i><?php echo "Edit $service_name"; ?> </h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span> <span aria-hidden="true">&times;</span>
</button> </button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<input type="hidden" name="service_id" value="<?php echo $service_id ?>">
<div class="modal-body bg-white">
<ul class="nav nav-pills nav-justified mb-3">
<li class="nav-item">
<a class="nav-link active" data-toggle="pill" href="#pills-overview<?php echo $service_id ?>">Overview</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general<?php echo $service_id ?>">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets<?php echo $service_id ?>">Assets</a>
</li>
</ul>
<hr>
<div class="tab-content">
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now -->
<div class="tab-pane fade show active" id="pills-overview<?php echo $service_id ?>">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Name of Service" value="<?php echo $service_name ?>" required autofocus>
</div>
</div>
<div class="form-group">
<label>Description <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" value="<?php echo $service_description ?>" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php -->
<div class="form-group">
<label>Category</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span>
</div>
<input type="text" class="form-control" name="category" placeholder="Category" value="<?php echo $service_category ?>" autofocus>
</div>
</div>
<div class="form-group">
<label>Importance</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option <?php if($service_importance == 'Low'){ echo "selected"; } ?> >Low</option>
<option <?php if($service_importance == 'Medium'){ echo "selected"; } ?> >Medium</option>
<option <?php if($service_importance == 'High'){ echo "selected"; } ?> >High</option>
</select>
</div>
</div>
<div class="form-group">
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" value="<?php echo $service_backup ?>" autofocus>
</div>
</div>
<div class="form-group">
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"><?php echo $service_notes ?></textarea>
</div>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <div class="tab-pane fade" id="pills-general<?php echo $service_id ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>"> <div class="form-group">
<input type="hidden" name="service_id" value="<?php echo $service_id ?>"> <label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
// Get just the currently selected contact IDs
$selected_ids = array_column(mysqli_fetch_all($sql_contacts,MYSQLI_ASSOC), "contact_id");
<div class="modal-body bg-white"> // Get all contacts
// NOTE: These are called $sql_all and $row_all for a reason - anything overwriting $sql or $row will break the current while loop we are in from client_services.php
$sql_all = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
<ul class="nav nav-pills nav-justified mb-3"> while($row_all = mysqli_fetch_array($sql_all)){
<li class="nav-item"> $contact_id = $row_all['contact_id'];
<a class="nav-link active" data-toggle="pill" href="#pills-overview<?php echo $service_id ?>">Overview</a> $contact_name = $row_all['contact_name'];
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-general<?php echo $service_id ?>">General</a>
</li>
<li class="nav-item">
<a class="nav-link" data-toggle="pill" href="#pills-assets<?php echo $service_id ?>">Assets</a>
</li>
</ul>
<hr> if(in_array($contact_id, $selected_ids)){
echo "<option value=\"$contact_id\" selected>$contact_name</option>";
}
else{
echo "<option value=\"$contact_id\">$contact_name</option>";
}
}
?>
</select>
</div>
<div class="tab-content"> <div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_vendors,MYSQLI_ASSOC), "vendor_id");
<!-- //TODO: The multiple selects won't play nicely with the icons or just general formatting. I've just added blank <p> tags to format it better for now --> $sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$vendor_id = $row_all['vendor_id'];
$vendor_name = $row_all['vendor_name'];
<div class="tab-pane fade show active" id="pills-overview<?php echo $service_id ?>"> if(in_array($vendor_id, $selected_ids)){
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
}
else{
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
}
?>
</select>
</div>
<div class="form-group"> <div class="form-group">
<label>Name <strong class="text-danger">*</strong></label> <label for="documents">Documents</label>
<div class="input-group"> <p></p>
<div class="input-group-prepend"> <select class="form-select" id="documents" name="documents[]" multiple="multiple">
<span class="input-group-text"><i class="fa fa-fw fa-stream"></i></span> <option value="">- Documents -</option>
</div> <?php
<input type="text" class="form-control" name="name" placeholder="Name of Service" value="<?php echo $service_name ?>" required autofocus> $selected_ids = array_column(mysqli_fetch_all($sql_docs,MYSQLI_ASSOC), "document_id");
</div>
</div>
<div class="form-group"> $sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
<label>Description <strong class="text-danger">*</strong></label> while($row_all = mysqli_fetch_array($sql_all)){
<div class="input-group"> $document_id = $row_all['document_id'];
<div class="input-group-prepend"> $document_name = $row_all['document_name'];
<span class="input-group-text"><i class="fa fa-fw fa-info-circle"></i></span>
</div>
<input type="text" class="form-control" name="description" placeholder="Description of Service" value="<?php echo $service_description ?>" required autofocus>
</div>
</div>
<!-- //TODO: Integrate with company wide categories: /categories.php --> if(in_array($document_id, $selected_ids)){
<div class="form-group"> echo "<option value=\"$document_id\" selected>$document_name</option>";
<label>Category</label> }
<div class="input-group"> else{
<div class="input-group-prepend"> echo "<option value=\"$document_id\">$document_name</option>";
<span class="input-group-text"><i class="fa fa-fw fa-info"></i></span> }
</div>
<input type="text" class="form-control" name="category" placeholder="Category" value="<?php echo $service_category ?>" autofocus>
</div>
</div>
<div class="form-group"> }
<label>Importance</label> ?>
<div class="input-group"> </select>
<div class="input-group-prepend"> </div>
<span class="input-group-text"><i class="fa fa-fw fa-thermometer-half"></i></span>
</div>
<select class="form-control select2" name="importance" required>
<option <?php if($service_importance == 'Low'){ echo "selected"; } ?> >Low</option>
<option <?php if($service_importance == 'Medium'){ echo "selected"; } ?> >Medium</option>
<option <?php if($service_importance == 'High'){ echo "selected"; } ?> >High</option>
</select>
</div>
</div>
<div class="form-group"> <!-- TODO: Services related to other services -->
<label>Backup</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-hdd"></i></span>
</div>
<input type="text" class="form-control" name="backup" placeholder="Backup strategy" value="<?php echo $service_backup ?>" autofocus>
</div>
</div>
<div class="form-group"> </div>
<label>Notes</label>
<textarea class="form-control" rows="3" placeholder="Enter some notes" name="note"><?php echo $service_notes ?></textarea>
</div>
</div>
<div class="tab-pane fade" id="pills-general<?php echo $service_id ?>">
<div class="form-group">
<label for="contacts">Contacts</label>
<p></p>
<select class="form-select" id="contacts" name="contacts[]" multiple="multiple">
<option value="">- Contacts -</option>
<?php
// Get just the currently selected contact IDs
$selected_ids = array_column(mysqli_fetch_all($sql_contacts,MYSQLI_ASSOC), "contact_id");
// Get all contacts
// NOTE: These are called $sql_all and $row_all for a reason - anything overwriting $sql or $row will break the current while loop we are in from client_services.php
$sql_all = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$contact_id = $row_all['contact_id'];
$contact_name = $row_all['contact_name'];
if(in_array($contact_id, $selected_ids)){
echo "<option value=\"$contact_id\" selected>$contact_name</option>";
}
else{
echo "<option value=\"$contact_id\">$contact_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="vendors">Vendors</label>
<p></p>
<select class="form-select" id="vendors" name="vendors[]" multiple="multiple">
<option value="">- Vendors -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_vendors,MYSQLI_ASSOC), "vendor_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$vendor_id = $row_all['vendor_id'];
$vendor_name = $row_all['vendor_name'];
if(in_array($vendor_id, $selected_ids)){
echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
}
else{
echo "<option value=\"$vendor_id\">$vendor_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="documents">Documents</label>
<p></p>
<select class="form-select" id="documents" name="documents[]" multiple="multiple">
<option value="">- Documents -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_docs,MYSQLI_ASSOC), "document_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$document_id = $row_all['document_id'];
$document_name = $row_all['document_name'];
if(in_array($document_id, $selected_ids)){
echo "<option value=\"$document_id\" selected>$document_name</option>";
}
else{
echo "<option value=\"$document_id\">$document_name</option>";
}
}
?>
</select>
</div>
<!-- TODO: Services related to other services -->
</div>
<div class="tab-pane fade" id="pills-assets<?php echo $service_id ?>"> <div class="tab-pane fade" id="pills-assets<?php echo $service_id ?>">
<div class="form-group">
<label for="assets">Assets</label>
<p></p>
<select class="form-select" id="assets" name="assets[]" multiple="multiple">
<option value="">- Assets -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_assets,MYSQLI_ASSOC), "asset_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'"); <div class="row">
while($row_all = mysqli_fetch_array($sql_all)){
$asset_id = $row_all['asset_id'];
$asset_name = $row_all['asset_name'];
if(in_array($asset_id, $selected_ids)){ <div class="col">
echo "<option value=\"$asset_id\" selected>$asset_name</option>"; <div class="form-group">
} <label for="assets">Assets</label>
else{ <p></p>
echo "<option value=\"$asset_id\">$asset_name</option>"; <select class="form-select" id="assets" name="assets[]" multiple="multiple">
} <option value="">- Assets -</option>
} <?php
?> $selected_ids = array_column(mysqli_fetch_all($sql_assets,MYSQLI_ASSOC), "asset_id");
</select>
</div>
<div class="form-group"> $sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
<label for="logins">Logins</label> while($row_all = mysqli_fetch_array($sql_all)){
<p class="text-muted">Logins associated to related assets will show as related automatically</p> $asset_id = $row_all['asset_id'];
<select class="form-select" id="logins" name="logins[]" multiple="multiple"> $asset_name = $row_all['asset_name'];
<option value="">- Logins -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_logins,MYSQLI_ASSOC), "login_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'"); if(in_array($asset_id, $selected_ids)){
while($row_all = mysqli_fetch_array($sql_all)){ echo "<option value=\"$asset_id\" selected>$asset_name</option>";
$login_id = $row_all['login_id']; }
$login_name = $row_all['login_name']; else{
echo "<option value=\"$asset_id\">$asset_name</option>";
if(in_array($login_id, $selected_ids)){ }
echo "<option value=\"$login_id\" selected>$login_name</option>"; }
} ?>
else{ </select>
echo "<option value=\"$login_id\">$login_name</option>"; </div>
}
}
?>
</select>
</div>
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_domains,MYSQLI_ASSOC), "domain_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$domain_id = $row_all['domain_id'];
$domain_name = $row_all['domain_name'];
if(in_array($domain_id, $selected_ids)){
echo "<option value=\"$domain_id\" selected>$domain_name</option>";
}
else{
echo "<option value=\"$domain_id\">$domain_name</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_certificates,MYSQLI_ASSOC), "certificate_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$cert_id = $row_all['certificate_id'];
$cert_name = $row_all['certificate_name'];
if(in_array($cert_id, $selected_ids)){
echo "<option value=\"$cert_id\" selected>$cert_name</option>";
}
else{
echo "<option value=\"$cert_id\">$cert_name</option>";
}
}
?>
</select>
</div>
</div>
</div>
</div> </div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <div class="col">
<button type="submit" name="edit_service" class="btn btn-primary">Save</button> <div class="form-group">
<label for="logins">Logins</label>
<p></p>
<select class="form-select" id="logins" name="logins[]" multiple="multiple">
<option value="">- Logins -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_logins,MYSQLI_ASSOC), "login_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$login_id = $row_all['login_id'];
$login_name = $row_all['login_name'];
if(in_array($login_id, $selected_ids)){
echo "<option value=\"$login_id\" selected>$login_name</option>";
}
else{
echo "<option value=\"$login_id\">$login_name</option>";
}
}
?>
</select>
</div>
</div> </div>
</form>
</div>
<div class="row">
<div class="col">
<div class="form-group">
<label for="domains">Domains</label>
<p></p>
<select class="form-select" id="domains" name="domains[]" multiple="multiple">
<option value="">- Domains -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_domains,MYSQLI_ASSOC), "domain_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$domain_id = $row_all['domain_id'];
$domain_name = $row_all['domain_name'];
if(in_array($domain_id, $selected_ids)){
echo "<option value=\"$domain_id\" selected>$domain_name</option>";
}
else{
echo "<option value=\"$domain_id\">$domain_name</option>";
}
}
?>
</select>
</div>
</div>
<div class="col">
<div class="form-group">
<label for="certificates">Certificates</label>
<p></p>
<select class="form-select" id="certificates" name="certificates[]" multiple="multiple">
<option value="">- Certificates -</option>
<?php
$selected_ids = array_column(mysqli_fetch_all($sql_certificates,MYSQLI_ASSOC), "certificate_id");
$sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
while($row_all = mysqli_fetch_array($sql_all)){
$cert_id = $row_all['certificate_id'];
$cert_name = $row_all['certificate_name'];
if(in_array($cert_id, $selected_ids)){
echo "<option value=\"$cert_id\" selected>$cert_name</option>";
}
else{
echo "<option value=\"$cert_id\">$cert_name</option>";
}
}
?>
</select>
</div>
</div>
</div>
</div>
</div>
</div> </div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_service" class="btn btn-primary">Save</button>
</div>
</form>
</div> </div>
</div>
</div> </div>

227
client_services.php
View File

@@ -1,102 +1,116 @@
<?php <?php
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "service_name";
}
// Current tab // Current tab
$tab = htmlentities($_GET['tab']); $tab = htmlentities($_GET['tab']);
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
// Overview SQL query // Overview SQL query
$sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM services WHERE service_client_id = '$client_id' AND (service_name LIKE '%$q%' OR service_description LIKE '%$q%')"); $sql = mysqli_query($mysqli, "SELECT SQL_CALC_FOUND_ROWS * FROM services
WHERE service_client_id = '$client_id'
AND (service_name LIKE '%$q%' OR service_description LIKE '%$q%' OR service_category LIKE '%$q%')
ORDER BY $sb $o LIMIT $record_from, $record_to"
);
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
?> ?>
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-stream"></i> Services</h3> <h3 class="card-title mt-2"><i class="fa fa-fw fa-stream"></i> Services</h3>
<div class="card-tools"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-fw fa-plus"></i> New Service</button> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addServiceModal"><i class="fas fa-fw fa-plus"></i> New Service</button>
</div> </div>
</div> </div>
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo $tab; ?>"> <input type="hidden" name="tab" value="<?php echo $tab; ?>">
<div class="input-group"> <div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($tab); ?>"> <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($tab); ?>">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button> <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>
</div>
</form>
<hr>
<div class="table-responsive">
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-dark">Name</a></th>
<th><a class="text-dark">Category</a></th>
<th><a class="text-dark">Updated</a></th>
<th><a class="text-dark">Importance</a></th>
<th class="text-center">Action</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$service_id = $row['service_id'];
$service_name = $row['service_name'];
$service_description = $row['service_description'];
$service_category = $row['service_category'];
$service_importance = $row['service_importance'];
$service_backup = $row['service_backup'];
$service_notes = $row['service_notes'];
$service_updated_at = $row['service_updated_at'];
$service_review_due = $row['service_review_due'];
// Service Importance
if($service_importance == "High"){
$service_importance_display = "<span class='p-2 badge badge-danger'>$service_importance</span>";
}elseif($service_importance == "Medium"){
$service_importance_display = "<span class='p-2 badge badge-warning'>$service_importance</span>";
}elseif($service_importance == "Low"){
$service_importance_display = "<span class='p-2 badge badge-info'>$service_importance</span>";
}else{
$service_importance_display = "-";
}
?>
<tr>
<!-- Name/Category/Updated/Importance from DB -->
<td><a href="#" data-toggle="modal" data-target="#viewServiceModal<?php echo $service_id; ?>"> <?php echo $service_name ?></a></td>
<td><a> <?php echo $service_category ?></a></td>
<td><a> <?php echo $service_updated_at ?></a></td>
<td><a> <?php echo $service_importance ?></a></td>
<!-- Action -->
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<?php } ?>
</div>
</div> </div>
</div> </td>
</form> </tr>
<hr>
<div class="table-responsive"> <?php
<table class="table table-striped table-borderless table-hover">
<thead class="<?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
<tr>
<th><a class="text-dark">Name</a></th>
<th><a class="text-dark">Category</a></th>
<th><a class="text-dark">Updated</a></th>
<th><a class="text-dark">Importance</a></th>
<th class="text-center">Action</th> // Associated Assets (and their logins/networks/locations)
</tr> $sql_assets = mysqli_query($mysqli, "SELECT * FROM service_assets
</thead>
<tbody>
<?php
while($row = mysqli_fetch_array($sql)){
$service_id = $row['service_id'];
$service_name = $row['service_name'];
$service_description = $row['service_description'];
$service_category = $row['service_category'];
$service_importance = $row['service_importance'];
$service_backup = $row['service_backup'];
$service_notes = $row['service_notes'];
$service_updated_at = $row['service_updated_at'];
$service_review_due = $row['service_review_due'];
// Service Importance
if($service_importance == "High"){
$service_importance_display = "<span class='p-2 badge badge-danger'>$service_importance</span>";
}elseif($service_importance == "Medium"){
$service_importance_display = "<span class='p-2 badge badge-warning'>$service_importance</span>";
}elseif($service_importance == "Low"){
$service_importance_display = "<span class='p-2 badge badge-info'>$service_importance</span>";
}else{
$service_importance_display = "-";
}
?>
<tr>
<!-- Name/Category/Updated/Importance from DB -->
<td><a href="#" data-toggle="modal" data-target="#viewServiceModal<?php echo $service_id; ?>"> <?php echo $service_name ?></a></td>
<td><a> <?php echo $service_category ?></a></td>
<td><a> <?php echo $service_updated_at ?></a></td>
<td><a> <?php echo $service_importance ?></a></td>
<!-- Action -->
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>
</tr>
<?php
// Associated Assets (and their logins/networks/locations)
$sql_assets = mysqli_query($mysqli, "SELECT * FROM service_assets
LEFT JOIN assets LEFT JOIN assets
ON service_assets.asset_id = assets.asset_id ON service_assets.asset_id = assets.asset_id
LEFT JOIN logins LEFT JOIN logins
@@ -107,55 +121,58 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
ON assets.asset_location_id = locations.location_id ON assets.asset_location_id = locations.location_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
// Associated logins // Associated logins
$sql_logins = mysqli_query($mysqli, "SELECT * FROM service_logins $sql_logins = mysqli_query($mysqli, "SELECT * FROM service_logins
LEFT JOIN logins LEFT JOIN logins
ON service_logins.login_id = logins.login_id ON service_logins.login_id = logins.login_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
// Associated Domains // Associated Domains
$sql_domains = mysqli_query($mysqli, "SELECT * FROM service_domains $sql_domains = mysqli_query($mysqli, "SELECT * FROM service_domains
LEFT JOIN domains LEFT JOIN domains
ON service_domains.domain_id = domains.domain_id ON service_domains.domain_id = domains.domain_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
// Associated Certificates // Associated Certificates
$sql_certificates = mysqli_query($mysqli, "SELECT * FROM service_certificates $sql_certificates = mysqli_query($mysqli, "SELECT * FROM service_certificates
LEFT JOIN certificates LEFT JOIN certificates
ON service_certificates.certificate_id = certificates.certificate_id ON service_certificates.certificate_id = certificates.certificate_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
// Associated URLs ---- REMOVED for now // Associated URLs ---- REMOVED for now
//$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls //$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls
//WHERE service_id = '$service_id'"); //WHERE service_id = '$service_id'");
// Associated Vendors // Associated Vendors
$sql_vendors = mysqli_query($mysqli, "SELECT * FROM service_vendors $sql_vendors = mysqli_query($mysqli, "SELECT * FROM service_vendors
LEFT JOIN vendors LEFT JOIN vendors
ON service_vendors.vendor_id = vendors.vendor_id ON service_vendors.vendor_id = vendors.vendor_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
// Associated Contacts // Associated Contacts
$sql_contacts = mysqli_query($mysqli, "SELECT * FROM service_contacts $sql_contacts = mysqli_query($mysqli, "SELECT * FROM service_contacts
LEFT JOIN contacts LEFT JOIN contacts
ON service_contacts.contact_id = contacts.contact_id ON service_contacts.contact_id = contacts.contact_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
// Associated Documents // Associated Documents
$sql_docs = mysqli_query($mysqli, "SELECT * FROM service_documents $sql_docs = mysqli_query($mysqli, "SELECT * FROM service_documents
LEFT JOIN documents LEFT JOIN documents
ON service_documents.document_id = documents.document_id ON service_documents.document_id = documents.document_id
WHERE service_id = '$service_id'"); WHERE service_id = '$service_id'");
include("client_service_edit_modal.php"); include("client_service_edit_modal.php");
include("client_service_view_modal.php"); include("client_service_view_modal.php");
} }
?> ?>
</tbody> </tbody>
</table> </table>
</div> </div>
<?php
include ('pagination.php');
?>
</div> </div>
</div> </div>
<?php include("client_service_add_modal.php"); ?> <?php include("client_service_add_modal.php"); ?>

8
functions.php
View File

@@ -333,15 +333,11 @@ function generateUserSessionKey($site_encryption_master_key){
$_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext; $_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext;
$_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv; $_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv;
//Give the user "their" key as a cookie // Give the user "their" key as a cookie
//By default, this should be HTTPS but we can change to HTTP for development via the config.php file (note that the extension won't work without HTTPS)
include('config.php'); include('config.php');
if($config_https_only){ if($config_https_only){
//setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true", ['samesite' => 'None']);
setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']); setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']);
} else{
}
else{
setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/"); setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/");
$_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies."; $_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies.";
} }

77
get_credential.php
View File

@@ -1,11 +1,27 @@
<?php <?php
/*
* ITFlow browser extension
*
* Fills login forms, matching on the site URL:
* After installation and configuration of the extension, users can simply click the key to fill the form on the page
* If the URL of the page matches a configured login URL in ITFlow, the username and password is filled.
*
* Technical details:-
* First, review how ITFlow handles password encryption: https://itflow.org/docs.php?doc=logins
* Users must enable the extension via their profile/settings.
* An extension key is generated and stored in the users table, and provided to the user as a cookie every time they log in. Additionally, their PHP Session ID is also stored in the users table.
* The extension passes this cookie on all requests it makes (to this page). We use the cookie/key to identify/verify the user.
* We can then access the users PHP session data. This, alongside the user_encryption_session_key cookie they provide, allows login passwords to be decrypted.
*
*/
// Headers to allow extensions access (CORS) // Headers to allow extensions access (CORS)
$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc"; $chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82"; //$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82"; // Firefox rejected the extension. They are still using manifest v2 so will just focus on Chrome/Edge with v3 for now until Mozilla catches up
if (isset($_SERVER['HTTP_ORIGIN'])) { if (isset($_SERVER['HTTP_ORIGIN'])) {
if($_SERVER['HTTP_ORIGIN'] == $chrome_id || $_SERVER['HTTP_ORIGIN'] == $firefox_id){ if($_SERVER['HTTP_ORIGIN'] == $chrome_id){
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Credentials: true');
} }
@@ -14,21 +30,24 @@ if (isset($_SERVER['HTTP_ORIGIN'])) {
include("config.php"); include("config.php");
include("functions.php"); include("functions.php");
//SESSION FINGERPRINT // IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os())); $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$user_agent = "$os - $browser"; // Define wording for the user
DEFINE("WORDING_ROLECHECK_FAILED", "ITFlow - You are not permitted to use this application!");
DEFINE("WORDING_BAD_EXT_COOKIE_KEY", "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie.");
// Check user is logged in & has extension access // Check user is logged in & has extension access
// We're not using the PHP session as we don't want to potentially expose the session cookie with SameSite None // We're not using the PHP session as we don't want to potentially expose the session cookie with SameSite None
if(!isset($_COOKIE['user_extension_key'])){ if(!isset($_COOKIE['user_extension_key'])){
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie."; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo(json_encode($data));
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
@@ -39,11 +58,11 @@ $user_extension_key = $_COOKIE['user_extension_key'];
// Check the key isn't empty, less than 17 characters or the word "disabled". // Check the key isn't empty, less than 17 characters or the word "disabled".
if(empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled"){ if(empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled"){
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie."; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo(json_encode($data));
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
@@ -57,11 +76,11 @@ $row = mysqli_fetch_array($auth_user);
// Check SQL query state // Check SQL query state
if(mysqli_num_rows($auth_user) < 1 || !$auth_user){ if(mysqli_num_rows($auth_user) < 1 || !$auth_user){
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not logged into ITFlow, do not have, or did not send the correct extension key cookie."; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo(json_encode($data));
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
@@ -69,51 +88,36 @@ if(mysqli_num_rows($auth_user) < 1 || !$auth_user){
// Sanity check // Sanity check
if(hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])){ if(hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])){
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = "ITFlow - Validation failed."; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo(json_encode($data));
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
// Success - validated user cookie // Success - validated user cookie
// Get the current session from the database so we can decrypt passwords // Get the current session from the database, so we can decrypt passwords
session_id($row['user_php_session']); session_id($row['user_php_session']);
session_start(); session_start();
$session_user_id = $row['user_id']; $session_user_id = $row['user_id'];
$session_name = $row['user_name']; $session_name = $row['user_name'];
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_company_id = $row['user_default_company']; $session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role']; $session_user_role = $row['user_role'];
if($session_user_role == 6){
$session_user_role_display = "Global Administrator";
}elseif($session_user_role == 5){
$session_user_role_display = "Administrator";
}elseif($session_user_role == 4){
$session_user_role_display = "Technician";
}elseif($session_user_role == 3){
$session_user_role_display = "IT Contractor";
}elseif($session_user_role == 2){
$session_user_role_display = "Client";
}else{
$session_user_role_display = "Accountant";
}
// Check user access level is correct // Check user access level is correct (not an accountant)
if($session_user_role < 4){ if($session_user_role < 1){
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = "ITFlow - You are not authorised to use this application."; $data['message'] = WORDING_ROLECHECK_FAILED;
echo(json_encode($data)); echo(json_encode($data));
//Logging //Logging
$user_name = mysqli_real_escape_string($mysqli, $session_name); $user_name = mysqli_real_escape_string($mysqli, $session_name);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $session_user_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
exit(); exit();
} }
@@ -131,18 +135,17 @@ if(isset($_GET['host'])){
$row = mysqli_fetch_array($sql_logins); $row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE"; $data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']); $data['username'] = htmlentities($row['login_username']);
$data['password'] = decryptLoginEntry($row['login_password']); $data['password'] = decryptLoginEntry($row['login_password']); // Uses the PHP Session info and the session key cookie
echo json_encode($data); echo json_encode($data);
// Logging // Logging
$login_name = mysqli_real_escape_string($mysqli, $row['login_name']); $login_name = mysqli_real_escape_string($mysqli, $row['login_name']);
$login_user = mysqli_real_escape_string($mysqli, $row['login_username']); $login_user = mysqli_real_escape_string($mysqli, $row['login_username']);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension requested', log_description = 'Credential $login_name, username $login_user', log_ip = '$ip', log_user_agent = '$user_agent', company_id = $session_company_id, log_user_id = $session_user_id");
} }
} }
} }
//TODO: Future work:- //TODO: Future work:-
// - Check user has permission to this client
// - Showing multiple logins for a single URL // - Showing multiple logins for a single URL

39
login.php
View File

@@ -8,14 +8,11 @@ if(!file_exists('config.php')){
include("config.php"); include("config.php");
include("functions.php"); include("functions.php");
// SESSION FINGERPRINT // IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
// User agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// HTTP Only cookies // HTTP-Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
@@ -23,6 +20,7 @@ if($config_https_only){
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
// Handle POST login request
if(isset($_POST['login'])){ if(isset($_POST['login'])){
// Sessions should start after the user has POSTed data // Sessions should start after the user has POSTed data
@@ -37,11 +35,11 @@ if(isset($_POST['login'])){
if($failed_login_count >= 10){ if($failed_login_count >= 10){
// Logging // Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Failed', log_description = 'Failed login attempt due to IP lockout', log_ip = '$ip', log_user_agent = '$user_agent'");
// Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company) // Send an alert only count hits 10 to reduce flooding alerts (using 1 as "default" company)
if($failed_login_count == 10){ if($failed_login_count == 10){
mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Lockout', alert_message = '$ip was locked out for repeated failed login attempts.', alert_date = NOW(), company_id = '1'"); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Lockout', notification = '$ip was locked out for repeated failed login attempts.', notification_timestamp = NOW() company_id = '1'");
} }
// Inform user // Inform user
@@ -55,8 +53,8 @@ if(isset($_POST['login'])){
if(isset($_POST['current_code'])){ if(isset($_POST['current_code'])){
$current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code'])); $current_code = strip_tags(mysqli_real_escape_string($mysqli, $_POST['current_code']));
} }
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_email = '$email' AND user_archived_at IS NULL");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_email = '$email' AND user_archived_at IS NULL"));
if (password_verify($password, $row['user_password'])) { if (password_verify($password, $row['user_password'])) {
$token = $row['user_token']; $token = $row['user_token'];
@@ -66,27 +64,26 @@ if(isset($_POST['login'])){
$user_id = $row['user_id']; $user_id = $row['user_id'];
// Setup encryption session key // Setup encryption session key
if (isset($row['user_specific_encryption_ciphertext'])) { if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
$user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
$site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
generateUserSessionKey($site_encryption_master_key); generateUserSessionKey($site_encryption_master_key);
}
// Setup extension // Setup extension
if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) { if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
// Extension cookie // Extension cookie
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
// Set PHP session in DB so we can access the session encryption data (above)
$user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
// Set PHP session in DB so we can access the session encryption data (above)
$user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = '$user_id'");
}
} }
if (empty($token)) { if (empty($token)) {
$_SESSION['logged'] = TRUE; $_SESSION['logged'] = TRUE;
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_user_id = $user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Success', log_description = '$user_name successfully logged in', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $user_id");
header("Location: dashboard_financial.php"); header("Location: dashboard_financial.php");
} else { } else {

566
post.php
View File

File diff suppressed because it is too large Load Diff

19
rfc6238.php
View File

@@ -24,18 +24,17 @@
} }
return false; return false;
} }
public static function getTokenCode($secretkey,$rangein30s = 3) { public static function getTokenCode($secretkey) {
$result = ""; $result = "";
$key = base32static::decode($secretkey); $key = base32static::decode($secretkey);
$unixtimestamp = time()/30; $unixtimestamp = time()/30;
for($i=-($rangein30s); $i<=$rangein30s; $i++) { $checktime = (int)($unixtimestamp);
$checktime = (int)($unixtimestamp+$i); $thiskey = self::oath_hotp($key, $checktime);
$thiskey = self::oath_hotp($key, $checktime); $result = $result . self::oath_truncate($thiskey,6);
$result = $result." # ".self::oath_truncate($thiskey,6);
} $result = "000000" . $result;
return substr($result, -6);
return $result;
} }
public static function getTokenCodeDebug($secretkey,$rangein30s = 3) { public static function getTokenCodeDebug($secretkey,$rangein30s = 3) {
$result = ""; $result = "";

170
settings-user.php
View File

@@ -26,10 +26,10 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<center class="mb-3 p-4"> <center class="mb-3 p-4">
<?php if(empty($session_avatar)){ ?> <?php if(empty($session_avatar)){ ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i> <i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php }else{ ?> <?php }else{ ?>
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-fluid"> <img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-fluid">
<?php } ?> <?php } ?>
<h4 class="text-secondary mt-2"><?php echo $session_user_role_display; ?></h4> <h4 class="text-secondary mt-2"><?php echo $session_user_role_display; ?></h4>
</center> </center>
@@ -73,17 +73,21 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file"> <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
</div> </div>
<div class="form-group"> <?php if($session_user_role > 1){ ?>
<div class="form-group">
<div class="form-check"> <div class="form-check">
<input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if(isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>> <input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if(isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
<label class="form-check-label" for="extension">Extension access enabled?</label> <label class="form-check-label" for="extension">Extension access enabled?</label>
<p>Note: You must log out and back in again for these changes take effect.</p> <p>Note: You must log out and back in again for these changes take effect.</p>
</div> </div>
</div> </div>
<?php } ?>
<button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button> <button type="submit" name="edit_profile" class="btn btn-primary mt-3"><i class="fa fa-fw fa-check"></i> Save</button>
</form> </form>
<hr> <hr>
@@ -91,54 +95,54 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<h3>2-Factor Authentication</h3> <h3>2-Factor Authentication</h3>
<form class="p-3" action="post.php" method="post" autocomplete="off"> <form class="p-3" action="post.php" method="post" autocomplete="off">
<?php if(empty($session_token)){ ?> <?php if(empty($session_token)){ ?>
<p>You have not setup 2FA, click on enable to setup 2FA.</p> <p>You have not setup 2FA, click on enable to setup 2FA.</p>
<button type="submit" name="enable_2fa" class="btn btn-primary mt-3"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button> <button type="submit" name="enable_2fa" class="btn btn-primary mt-3"><i class="fa fa-fw fa-lock"></i> Enable 2FA</button>
<?php }else{ ?> <?php }else{ ?>
<p>You have setup 2FA. Your QR code is below.</p> <p>You have setup 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger mt-3"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button> <button type="submit" name="disable_2fa" class="btn btn-danger mt-3"><i class="fa fa-fw fa-unlock"></i> Disable 2FA</button>
<?php } ?> <?php } ?>
<center> <center>
<?php <?php
require_once('rfc6238.php');
//Generate a base32 Key require_once('rfc6238.php');
$secretkey = key32gen();
if(!empty($session_token)){
//Generate QR Code based off the generated key //Generate a base32 Key
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl($session_name,' ',$session_token,$_SERVER['SERVER_NAME'])); $secretkey = key32gen();
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
<?php if(!empty($session_token)){ ?> if(!empty($session_token)){
<form class="p-3" action="post.php" method="post" autocomplete="off">
<div class="form-group"> //Generate QR Code based off the generated key
<div class="input-group"> print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl($session_name,' ',$session_token,$_SERVER['SERVER_NAME']));
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span> echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
<?php if(!empty($session_token)){ ?>
<form class="p-3" action="post.php" method="post" autocomplete="off">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-primary">Verify</button>
</div>
</div>
</div> </div>
<input type="text" class="form-control" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append"> </form>
<button type="submit" name="verify" class="btn btn-primary">Verify</button> <?php } ?>
</div>
</div>
</div>
</form>
<?php } ?>
</div> </div>
</div> </div>
</div> </div>
@@ -151,22 +155,22 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<table class="table"> <table class="table">
<tbody> <tbody>
<?php <?php
while($row = mysqli_fetch_array($sql_recent_logins)){ while($row = mysqli_fetch_array($sql_recent_logins)){
$log_id = $row['log_id']; $log_id = $row['log_id'];
$log_ip = $row['log_ip']; $log_ip = $row['log_ip'];
$log_user_agent = $row['log_user_agent']; $log_user_agent = $row['log_user_agent'];
$log_created_at = $row['log_created_at']; $log_created_at = $row['log_created_at'];
?> ?>
<tr> <tr>
<td><i class="fa fa-fw fa-sign-in-alt text-secondary"></i> <?php echo "$log_ip - $log_user_agent"; ?></td> <td><i class="fa fa-fw fa-sign-in-alt text-secondary"></i> <?php echo "$log_ip - $log_user_agent"; ?></td>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td> <td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
</tr> </tr>
<?php <?php
} }
?> ?>
</tbody> </tbody>
</table> </table>
<div class="card-footer"> <div class="card-footer">
@@ -183,34 +187,34 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<table class="table"> <table class="table">
<tbody> <tbody>
<?php <?php
while($row = mysqli_fetch_array($sql_recent_logs)){
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_description = $row['log_description'];
$log_created_at = $row['log_created_at'];
if($log_action == 'Create'){ while($row = mysqli_fetch_array($sql_recent_logs)){
$log_icon = "plus text-success"; $log_id = $row['log_id'];
}elseif($log_action == 'Modify'){ $log_type = $row['log_type'];
$log_icon = "edit text-info"; $log_action = $row['log_action'];
}elseif($log_action == 'Delete'){ $log_description = $row['log_description'];
$log_icon = "trash-alt text-danger"; $log_created_at = $row['log_created_at'];
}else{
$log_icon = "pencil";
}
?> if($log_action == 'Create'){
$log_icon = "plus text-success";
<tr> }elseif($log_action == 'Modify'){
<td><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></td> $log_icon = "edit text-info";
<td><?php echo $log_description; ?></td> }elseif($log_action == 'Delete'){
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td> $log_icon = "trash-alt text-danger";
</tr> }else{
<?php $log_icon = "pencil";
} }
?> ?>
<tr>
<td><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></td>
<td><?php echo $log_description; ?></td>
<td><i class="fa fa-fw fa-clock text-secondary"></i> <?php echo $log_created_at; ?></td>
</tr>
<?php
}
?>
</tbody> </tbody>
</table> </table>
<div class="card-footer"> <div class="card-footer">

2
ticket_add_modal.php
View File

@@ -70,7 +70,7 @@
<option value="0">Not Assigned</option> <option value="0">Not Assigned</option>
<?php <?php
$sql = mysqli_query($mysqli,"SELECT * FROM users, user_companies WHERE users.user_id = user_companies.user_id AND user_companies.company_id = $session_company_id ORDER BY user_name ASC"); $sql = mysqli_query($mysqli,"SELECT * FROM users, user_companies WHERE users.user_id = user_companies.user_id AND user_archived_at IS NULL AND user_companies.company_id = $session_company_id ORDER BY user_name ASC");
while($row = mysqli_fetch_array($sql)){ while($row = mysqli_fetch_array($sql)){
$user_id = $row['user_id']; $user_id = $row['user_id'];
$user_name = $row['user_name']; $user_name = $row['user_name'];