Merge tag 'v25.03' into techbar
This commit is contained in:
ThaMunsta
@@ -9,7 +9,7 @@
|
||||
require_once "../config.php";
|
||||
|
||||
// Set Timezone
|
||||
require_once "../inc_set_timezone.php";
|
||||
require_once "../includes/inc_set_timezone.php";
|
||||
require_once "../functions.php";
|
||||
require_once "../plugins/totp/totp.php";
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
require_once "../config.php";
|
||||
|
||||
// Set Timezone
|
||||
require_once "../inc_set_timezone.php";
|
||||
require_once "../includes/inc_set_timezone.php";
|
||||
|
||||
require_once "../functions.php";
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
require_once 'guest_header.php';
|
||||
require_once 'includes/guest_header.php';
|
||||
|
||||
// Define wording
|
||||
DEFINE("WORDING_PAYMENT_FAILED", "<br><h2>There was an error verifying your payment. Please contact us for more information before attempting payment again.</h2>");
|
||||
@@ -19,7 +19,7 @@ $config_stripe_flat_fee = floatval($stripe_vars['config_stripe_flat_fee']);
|
||||
// Check Stripe is configured
|
||||
if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) {
|
||||
echo "<br><h2>Stripe payments not enabled/configured</h2>";
|
||||
require_once 'guest_footer.php';
|
||||
require_once 'includes/guest_footer.php';
|
||||
error_log("Stripe payment error - disabled. Check payments are enabled, Expense account is set, Stripe publishable and secret keys are configured.");
|
||||
exit();
|
||||
}
|
||||
@@ -47,7 +47,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
|
||||
// Ensure we have a valid invoice
|
||||
if (!$sql || mysqli_num_rows($sql) !== 1) {
|
||||
echo "<br><h2>Oops, something went wrong! Please ensure you have the correct URL and have not already paid this invoice.</h2>";
|
||||
require_once 'guest_footer.php';
|
||||
require_once 'includes/guest_footer.php';
|
||||
error_log("Stripe payment error - Invoice with ID $invoice_id is unknown/not eligible to be paid.");
|
||||
exit();
|
||||
}
|
||||
@@ -357,4 +357,4 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
|
||||
}
|
||||
|
||||
|
||||
require_once 'guest_footer.php';
|
||||
require_once 'includes/guest_footer.php';
|
||||
|
||||
@@ -5,7 +5,7 @@ require_once "../functions.php";
|
||||
|
||||
session_start();
|
||||
|
||||
require_once "../inc_set_timezone.php"; // Must be included after session_start to work
|
||||
require_once "../includes/inc_set_timezone.php"; // Must be included after session_start to work
|
||||
|
||||
if (isset($_GET['accept_quote'], $_GET['url_key'])) {
|
||||
$quote_id = intval($_GET['accept_quote']);
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
<?php
|
||||
|
||||
require_once "guest_header.php";
|
||||
require_once "includes/guest_header.php";
|
||||
|
||||
if (!isset($_GET['invoice_id'], $_GET['url_key'])) {
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -25,7 +25,7 @@ $sql = mysqli_query(
|
||||
if (mysqli_num_rows($sql) !== 1) {
|
||||
// Invalid invoice/key
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -51,9 +51,11 @@ $location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_phone_country_code = nullable_htmlentities($row['contact_phone_country_code']);
|
||||
$contact_phone = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_phone_country_code));
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$contact_mobile_country_code = nullable_htmlentities($row['contact_mobile_country_code']);
|
||||
$contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_mobile'], $contact_mobile_country_code));
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
@@ -69,7 +71,8 @@ $company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_phone_country_code = nullable_htmlentities($row['company_phone_country_code']);
|
||||
$company_phone = nullable_htmlentities(formatPhoneNumber($row['company_phone'], $company_phone_country_code));
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
@@ -931,4 +934,4 @@ if ($outstanding_invoices_count > 0) { ?>
|
||||
|
||||
<?php } // End previous unpaid invoices
|
||||
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
@@ -4,7 +4,7 @@ header('Cache-Control: no-store, no-cache, must-revalidate');
|
||||
header('Cache-Control: post-check=0, pre-check=0', false);
|
||||
header('Pragma: no-cache');
|
||||
|
||||
require_once "guest_header.php";
|
||||
require_once "includes/guest_header.php";
|
||||
|
||||
|
||||
//Initialize the HTML Purifier to prevent XSS
|
||||
@@ -23,7 +23,8 @@ $company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_phone_country_code = nullable_htmlentities($row['company_phone_country_code']);
|
||||
$company_phone = nullable_htmlentities(formatPhoneNumber($row['company_phone'], $company_phone_country_code));
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
@@ -38,7 +39,7 @@ $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
|
||||
<?php
|
||||
if (!isset($_GET['id']) || !isset($_GET['key'])) {
|
||||
echo "<div class='alert alert-danger'>Incorrect URL.</div>";
|
||||
include "guest_footer.php";
|
||||
include "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -52,7 +53,7 @@ $row = mysqli_fetch_array($sql);
|
||||
// Check we got a result
|
||||
if (mysqli_num_rows($sql) !== 1 || !$row) {
|
||||
echo "<div class='alert alert-danger' >No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.</div>";
|
||||
include "guest_footer.php";
|
||||
include "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -60,7 +61,7 @@ if (mysqli_num_rows($sql) !== 1 || !$row) {
|
||||
// Check item share is active & hasn't been viewed too many times but allow 0 views as that is consider infinite views
|
||||
if ($row['item_active'] !== "1" || ($row['item_view_limit'] > 0 && $row['item_views'] >= $row['item_view_limit'])) {
|
||||
echo "<div class='alert alert-danger'>Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.</div>";
|
||||
include "guest_footer.php";
|
||||
include "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -122,7 +123,7 @@ if ($item_type == "Document") {
|
||||
|
||||
if (mysqli_num_rows($doc_sql) !== 1 || !$doc_row) {
|
||||
echo "<div class='alert alert-danger'>Error retrieving document to view.</div>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -149,7 +150,7 @@ if ($item_type == "Document") {
|
||||
|
||||
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
|
||||
echo "<div class='alert alert-danger'>Error retrieving file.</div>";
|
||||
include "guest_footer.php";
|
||||
include "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -163,61 +164,61 @@ if ($item_type == "Document") {
|
||||
echo "<a href='guest_download_file.php?id=$item_id&key=$item_key'>Download $file_name</a>";
|
||||
|
||||
|
||||
} elseif ($item_type == "Login") {
|
||||
} elseif ($item_type == "Credential") {
|
||||
$encryption_key = $_GET['ek'];
|
||||
|
||||
$login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id LIMIT 1");
|
||||
$login_row = mysqli_fetch_array($login_sql);
|
||||
if (mysqli_num_rows($login_sql) !== 1 || !$login_row) {
|
||||
$credential_sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $item_related_id AND credential_client_id = $client_id LIMIT 1");
|
||||
$credential_row = mysqli_fetch_array($credential_sql);
|
||||
if (mysqli_num_rows($credential_sql) !== 1 || !$credential_row) {
|
||||
echo "<div class='alert alert-danger'>Error retrieving login.</div>";
|
||||
include "guest_footer.php";
|
||||
include "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
|
||||
$login_id = intval($login_row['login_id']);
|
||||
$login_name = nullable_htmlentities($login_row['login_name']);
|
||||
$login_uri = nullable_htmlentities($login_row['login_uri']);
|
||||
$credential_id = intval($credential_row['credential_id']);
|
||||
$credential_name = nullable_htmlentities($credential_row['credential_name']);
|
||||
$credential_uri = nullable_htmlentities($credential_row['credential_uri']);
|
||||
|
||||
$username_iv = substr($row['item_encrypted_username'], 0, 16);
|
||||
$username_ciphertext = substr($row['item_encrypted_username'], 16);
|
||||
$login_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
|
||||
$credential_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv));
|
||||
|
||||
$password_iv = substr($row['item_encrypted_credential'], 0, 16);
|
||||
$password_ciphertext = substr($row['item_encrypted_credential'], 16);
|
||||
$login_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
|
||||
$credential_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv));
|
||||
|
||||
$login_otp = nullable_htmlentities($login_row['login_otp_secret']);
|
||||
$credential_otp = nullable_htmlentities($credential_row['credential_otp_secret']);
|
||||
|
||||
$login_otp_secret = nullable_htmlentities($login_row['login_otp_secret']);
|
||||
$login_id_with_secret = '"' . $login_row['login_id'] . '","' . $login_row['login_otp_secret'] . '"';
|
||||
if (empty($login_otp_secret)) {
|
||||
$credential_otp_secret = nullable_htmlentities($credential_row['credential_otp_secret']);
|
||||
$credential_id_with_secret = '"' . $credential_row['credential_id'] . '","' . $credential_row['credential_otp_secret'] . '"';
|
||||
if (empty($credential_otp_secret)) {
|
||||
$otp_display = "-";
|
||||
} else {
|
||||
$otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
|
||||
$otp_display = "<span onmouseenter='showOTP($credential_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$credential_id'><i>Hover..</i></span></span>";
|
||||
}
|
||||
|
||||
$login_notes = nullable_htmlentities($login_row['login_note']);
|
||||
$credential_notes = nullable_htmlentities($credential_row['credential_note']);
|
||||
|
||||
|
||||
|
||||
?>
|
||||
|
||||
<h5><?php echo $login_name; ?></h5>
|
||||
<h5><?php echo $credential_name; ?></h5>
|
||||
<table class="table col-md-3">
|
||||
<tr>
|
||||
<th>URL</th>
|
||||
<td><?php echo $login_uri; ?></td>
|
||||
<td><?php echo $credential_uri; ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th>Username</th>
|
||||
<td><?php echo $login_username ?></td>
|
||||
<td><?php echo $credential_username ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th>Password</th>
|
||||
<td><?php echo $login_password ?></td>
|
||||
<td><?php echo $credential_password ?></td>
|
||||
</tr>
|
||||
<?php if(!empty($login_otp_secret)){ ?>
|
||||
<?php if(!empty($credential_otp_secret)){ ?>
|
||||
<tr>
|
||||
<th>2FA (TOTP)</th>
|
||||
<td><?php echo $otp_display ?></td>
|
||||
@@ -250,12 +251,12 @@ if ($item_type == "Document") {
|
||||
|
||||
<?php
|
||||
|
||||
// Update login view count
|
||||
// Update credential view count
|
||||
$new_item_views = $item_views + 1;
|
||||
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
|
||||
|
||||
// Logging
|
||||
$name = sanitizeInput($login_row['login_name']);
|
||||
$name = sanitizeInput($credential_row['credential_name']);
|
||||
logAction("Share", "View", "Viewed shared $item_type $name via link", $client_id);
|
||||
|
||||
}
|
||||
@@ -273,6 +274,6 @@ if ($item_type == "Document") {
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
?>
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
<?php
|
||||
|
||||
require_once "guest_header.php";
|
||||
require_once "includes/guest_header.php";
|
||||
|
||||
|
||||
if (!isset($_GET['quote_id'], $_GET['url_key'])) {
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -27,7 +27,7 @@ $sql = mysqli_query(
|
||||
if (mysqli_num_rows($sql) !== 1) {
|
||||
// Invalid quote/key
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -52,9 +52,11 @@ $location_city = nullable_htmlentities($row['location_city']);
|
||||
$location_state = nullable_htmlentities($row['location_state']);
|
||||
$location_zip = nullable_htmlentities($row['location_zip']);
|
||||
$contact_email = nullable_htmlentities($row['contact_email']);
|
||||
$contact_phone = formatPhoneNumber($row['contact_phone']);
|
||||
$contact_phone_country_code = nullable_htmlentities($row['contact_phone_country_code']);
|
||||
$contact_phone = nullable_htmlentities(formatPhoneNumber($row['contact_phone'], $contact_phone_country_code));
|
||||
$contact_extension = nullable_htmlentities($row['contact_extension']);
|
||||
$contact_mobile = formatPhoneNumber($row['contact_mobile']);
|
||||
$contact_mobile_country_code = nullable_htmlentities($row['contact_mobile_country_code']);
|
||||
$contact_mobile = nullable_htmlentities(formatPhoneNumber($row['contact_mobile'], $contact_mobile_country_code));
|
||||
$client_website = nullable_htmlentities($row['client_website']);
|
||||
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
|
||||
$client_net_terms = intval($row['client_net_terms']);
|
||||
@@ -69,7 +71,8 @@ $company_address = nullable_htmlentities($row['company_address']);
|
||||
$company_city = nullable_htmlentities($row['company_city']);
|
||||
$company_state = nullable_htmlentities($row['company_state']);
|
||||
$company_zip = nullable_htmlentities($row['company_zip']);
|
||||
$company_phone = formatPhoneNumber($row['company_phone']);
|
||||
$company_phone_country_code = nullable_htmlentities($row['company_phone_country_code']);
|
||||
$company_phone = nullable_htmlentities(formatPhoneNumber($row['company_phone'], $company_phone_country_code));
|
||||
$company_email = nullable_htmlentities($row['company_email']);
|
||||
$company_website = nullable_htmlentities($row['company_website']);
|
||||
$company_logo = nullable_htmlentities($row['company_logo']);
|
||||
@@ -717,5 +720,5 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
|
||||
|
||||
<?php
|
||||
require_once "guest_quote_upload_file_modal.php";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
require_once "guest_header.php";
|
||||
require_once "includes/guest_header.php";
|
||||
|
||||
//Initialize the HTML Purifier to prevent XSS
|
||||
require "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
|
||||
@@ -12,13 +12,14 @@ $purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
if (!isset($_GET['ticket_id'], $_GET['url_key'])) {
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
exit();
|
||||
}
|
||||
|
||||
// Company info
|
||||
$company_sql_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT company_phone, company_website FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"));
|
||||
$company_phone = formatPhoneNumber($company_sql_row['company_phone']);
|
||||
$company_phone_country_code = nullable_htmlentities($company_sql_row['company_phone_country_code']);
|
||||
$company_phone = nullable_htmlentities(formatPhoneNumber($company_sql_row['company_phone'], $company_phone_country_code));
|
||||
$company_website = nullable_htmlentities($company_sql_row['company_website']);
|
||||
|
||||
$url_key = sanitizeInput($_GET['url_key']);
|
||||
@@ -34,7 +35,7 @@ $ticket_sql = mysqli_query($mysqli,
|
||||
if (mysqli_num_rows($ticket_sql) !== 1) {
|
||||
// Invalid invoice/key
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
exit();
|
||||
}
|
||||
@@ -208,4 +209,4 @@ if ($ticket_row) {
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once "guest_footer.php";
|
||||
require_once "includes/guest_footer.php";
|
||||
|
||||
@@ -6,7 +6,7 @@ require_once "../functions.php";
|
||||
session_start();
|
||||
|
||||
// Set Timezone
|
||||
require_once "../inc_set_timezone.php";
|
||||
require_once "../includes/inc_set_timezone.php";
|
||||
|
||||
$ip = sanitizeInput(getIP());
|
||||
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
|
||||
Reference in New Issue
Block a user