From 415f536cd72443358d0c49a4a963e9beda6d1fb6 Mon Sep 17 00:00:00 2001 From: johnnyq Date: Wed, 18 Sep 2024 16:30:55 -0400 Subject: [PATCH 1/6] DB Structure Update: Remove Account Types, Add Account Description Field, Change is admin from INT to TINYINT for performance --- database_updates.php | 19 +++++++++++-- database_version.php | 2 +- db.sql | 65 ++++++++++++++++++-------------------------- 3 files changed, 44 insertions(+), 42 deletions(-) diff --git a/database_updates.php b/database_updates.php index 0ca193ab..f4d1759e 100644 --- a/database_updates.php +++ b/database_updates.php @@ -2209,10 +2209,23 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) { mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.0'"); } - // if (CURRENT_DATABASE_VERSION == '1.5.0') { - // // Insert queries here required to update to DB version 1.5.1 + if (CURRENT_DATABASE_VERSION == '1.5.0') { + + mysqli_query($mysqli, "DROP TABLE `account_types`"); + + mysqli_query($mysqli, "ALTER TABLE `accounts` ADD `account_description` VARCHAR(250) DEFAULT NULL AFTER `account_name`"); + + mysqli_query($mysqli, "ALTER TABLE `user_roles` MODIFY `user_role_is_admin` TINYINT(1) NOT NULL DEFAULT '0'"); + + mysqli_query($mysqli, "ALTER TABLE `shared_items` ADD `item_recipient` VARCHAR(250) DEFAULT NULL AFTER `item_note`"); + + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.1'"); + } + + // if (CURRENT_DATABASE_VERSION == '1.5.1') { + // // Insert queries here required to update to DB version 1.5.2 // // Then, update the database to the next sequential version - // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.1'"); + // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.5.2'"); // } } else { diff --git a/database_version.php b/database_version.php index f81f9fe0..0ec19e2b 100644 --- a/database_version.php +++ b/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "1.5.0"); +DEFINE("LATEST_DATABASE_VERSION", "1.5.1"); diff --git a/db.sql b/db.sql index 9d9d4b14..dc504553 100644 --- a/db.sql +++ b/db.sql @@ -15,25 +15,6 @@ /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; --- --- Table structure for table `account_types` --- - -DROP TABLE IF EXISTS `account_types`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `account_types` ( - `account_type_id` int(11) NOT NULL AUTO_INCREMENT, - `account_type_parent` int(11) NOT NULL DEFAULT 1, - `account_type_name` varchar(255) NOT NULL, - `account_type_description` text DEFAULT NULL, - `account_type_created_at` datetime NOT NULL DEFAULT current_timestamp(), - `account_type_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), - `account_type_archived_at` datetime DEFAULT NULL, - PRIMARY KEY (`account_type_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - -- -- Table structure for table `accounts` -- @@ -44,6 +25,7 @@ DROP TABLE IF EXISTS `accounts`; CREATE TABLE `accounts` ( `account_id` int(11) NOT NULL AUTO_INCREMENT, `account_name` varchar(200) NOT NULL, + `account_description` varchar(250) DEFAULT NULL, `opening_balance` decimal(15,2) NOT NULL DEFAULT 0.00, `account_currency_code` varchar(200) NOT NULL, `account_notes` text DEFAULT NULL, @@ -894,12 +876,15 @@ CREATE TABLE `logs` ( -- DROP TABLE IF EXISTS `modules`; -CREATE TABLE IF NOT EXISTS `modules` ( - `module_id` int(11) NOT NULL AUTO_INCREMENT, - `module_name` varchar(200) NOT NULL, - `module_description` varchar(200) DEFAULT NULL, - PRIMARY KEY (`module_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `modules` ( + `module_id` int(11) NOT NULL AUTO_INCREMENT, + `module_name` varchar(200) NOT NULL, + `module_description` varchar(200) DEFAULT NULL, + PRIMARY KEY (`module_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; -- -- Table structure for table `networks` @@ -1563,6 +1548,7 @@ CREATE TABLE `shared_items` ( `item_encrypted_username` varchar(255) DEFAULT NULL, `item_encrypted_credential` varchar(255) DEFAULT NULL, `item_note` varchar(255) DEFAULT NULL, + `item_recipient` varchar(250) DEFAULT NULL, `item_views` int(11) NOT NULL, `item_view_limit` int(11) DEFAULT NULL, `item_created_at` datetime NOT NULL DEFAULT current_timestamp(), @@ -1960,6 +1946,20 @@ CREATE TABLE `user_permissions` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Table structure for table `user_role_permissions` +-- + +DROP TABLE IF EXISTS `user_role_permissions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `user_role_permissions` ( + `user_role_id` int(11) NOT NULL, + `module_id` int(11) NOT NULL, + `user_role_permission_level` int(11) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + -- -- Table structure for table `user_roles` -- @@ -1971,7 +1971,7 @@ CREATE TABLE `user_roles` ( `user_role_id` int(11) NOT NULL AUTO_INCREMENT, `user_role_name` varchar(200) NOT NULL, `user_role_description` varchar(200) DEFAULT NULL, - `user_role_is_admin` int(11) NOT NULL DEFAULT 0, + `user_role_is_admin` tinyint(1) NOT NULL DEFAULT 0, `user_role_created_at` datetime NOT NULL DEFAULT current_timestamp(), `user_role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(), `user_role_archived_at` datetime DEFAULT NULL, @@ -1979,17 +1979,6 @@ CREATE TABLE `user_roles` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- --- Table structure for table `user_role_permissions` --- - -DROP TABLE IF EXISTS `user_role_permissions`; -CREATE TABLE IF NOT EXISTS `user_role_permissions` ( - `user_role_id` int(11) NOT NULL, - `module_id` int(11) NOT NULL, - `user_role_permission_level` int(11) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci; - -- -- Table structure for table `user_settings` -- @@ -2117,4 +2106,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2024-09-05 16:21:24 +-- Dump completed on 2024-09-18 16:29:56 From 5f46536a85823fc26ed37aec383339fcfb3cbd86 Mon Sep 17 00:00:00 2001 From: johnnyq Date: Wed, 18 Sep 2024 17:22:39 -0400 Subject: [PATCH 2/6] Update Secure Message with the intended recipient, also added a confidential disclosure method to the email and Secure message link, added number of views left and expire date, and other minor ui updates --- ajax.php | 5 ++++- guest_view_item.php | 29 ++++++++++++++++++++++++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/ajax.php b/ajax.php index 27fd0b9b..fb699daf 100644 --- a/ajax.php +++ b/ajax.php @@ -279,7 +279,7 @@ if (isset($_GET['share_generate_link'])) { } // Insert entry into DB - $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id"); + $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_recipient = '$item_email', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id"); $share_id = $mysqli->insert_id; // Return URL @@ -310,6 +310,9 @@ if (isset($_GET['share_generate_link'])) { } $body = "Hello,

$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".

The link will expire in $item_expires_friendly and may only be viewed $item_view_limit times, before the link is destroyed.

Click here to access your secure content

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + // Add the intended recipient disclosure + $body .= "

This email and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify the sender and delete this email. Unauthorized use, disclosure, or distribution is prohibited."; + $data = [ [ 'from' => $config_mail_from_email, diff --git a/guest_view_item.php b/guest_view_item.php index 2352dc46..b9c8efda 100644 --- a/guest_view_item.php +++ b/guest_view_item.php @@ -69,10 +69,12 @@ if ($row['item_active'] !== "1" || ($row['item_view_limit'] > 0 && $row['item_vi $item_type = nullable_htmlentities($row['item_type']); $item_related_id = intval($row['item_related_id']); $item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']); +$item_recipient = nullable_htmlentities($row['item_recipient']); $item_note = nullable_htmlentities($row['item_note']); $item_views = intval($row['item_views']); +$item_view_limit = intval($row['item_view_limit']); $item_created = nullable_htmlentities($row['item_created_at']); -$item_expire = nullable_htmlentities($row['item_expire_at']); +$item_expire = date('Y-m-d h:i A', strtotime($row['item_expire_at'])); $client_id = intval($row['item_client_id']); ?> @@ -86,8 +88,24 @@ $client_id = intval($row['item_client_id']); ?>
+
+
+
Secure Message intended for:
+
+ +
+
+ $item_view_limit"; ?> +
+
+ $item_expire"; ?> +
+
+
+
+ purify($doc_row['document_content']); - echo "

$doc_title

"; + echo "

$doc_title

"; echo $doc_content; // Update document view count @@ -176,7 +194,7 @@ if ($item_type == "Document") { ?> -

+
@@ -235,6 +253,11 @@ if ($item_type == "Document") { ?> +
+ + This message and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify us immediately with the contact info below. Unauthorized use, disclosure, or distribution is prohibited. + +
$company_phone | $company_website"; ?> From 4dd24531cbf4e181d0d31035527f728a49a16509 Mon Sep 17 00:00:00 2001 From: johnnyq Date: Wed, 18 Sep 2024 17:52:19 -0400 Subject: [PATCH 3/6] Fix Main, user account, reports and admin side nav bars to prevent text overflow when collapsed now only show back button when collapsed --- admin_side_nav.php | 9 +++++++-- client_side_nav.php | 7 +++---- reports_side_nav.php | 8 +++++--- side_nav.php | 4 ++-- user_side_nav.php | 11 ++++++++--- 5 files changed, 25 insertions(+), 14 deletions(-) diff --git a/admin_side_nav.php b/admin_side_nav.php index 5c23c52c..32c703bc 100644 --- a/admin_side_nav.php +++ b/admin_side_nav.php @@ -1,14 +1,19 @@
"> - + + + @@ -63,6 +65,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $custom_link_name = nullable_htmlentities($row['custom_link_name']); $custom_link_uri = nullable_htmlentities($row['custom_link_uri']); $custom_link_icon = nullable_htmlentities($row['custom_link_icon']); + $custom_link_new_tab = intval($row['custom_link_new_tab']); + if ($custom_link_new_tab == 1 ) { + $custom_link_new_tab_display = ""; + } else { + $custom_link_new_tab_display = ""; + } + $custom_link_order = intval($row['custom_link_order']); + if ($custom_link_order == 0 ) { + $custom_link_order_display = "-"; + } else { + $custom_link_order_display = $custom_link_order; + } + $custom_link_location = intval($row['custom_link_location']); ?> @@ -72,7 +87,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); - + + +
URL
NameURIOrderURI / New TabLocation Action