ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stage #2

Merged
ThaMunsta merged 122 commits from stage into main 2026-01-17 20:10:26 +00:00
Conversation 0 Commits 122 Files Changed 427 +14 -5
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 0bb7d24e07 - Show all commits

19
agent/post/credential.php
View File

@@ -388,7 +388,7 @@ if (isset($_POST["import_credentials_csv"])) {
//(Else)Check column count
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000, ",");
if (!$error & count($f_columns) != 5) {
if (!$error & count($f_columns) != 6) {
$error = true;
flash_alert("Bad column count.", 'error');
}
@@ -401,31 +401,40 @@ if (isset($_POST["import_credentials_csv"])) {
$duplicate_count = 0;
while(($column = fgetcsv($file, 1000, ",")) !== false){
$duplicate_detect = 0;
// Name
if (isset($column[0])) {
$name = sanitizeInput($column[0]);
if (mysqli_num_rows(mysqli_query($mysqli,"SELECT * FROM credentials WHERE credential_name = '$name' AND credential_client_id = $client_id")) > 0){
$duplicate_detect = 1;
}
}
// Desc
if (isset($column[1])) {
$description = sanitizeInput($column[1]);
}
// User
if (isset($column[2])) {
$username = sanitizeInput(encryptCredentialEntry($column[2]));
}
// Pass
if (isset($column[3])) {
$password = sanitizeInput(encryptCredentialEntry($column[3]));
}
// OTP
if (isset($column[4])) {
$uri = sanitizeInput($column[4]);
$totp = sanitizeInput($column[4]);
}
// URL
if (isset($column[4])) {
$uri = sanitizeInput($column[5]);
}
// Check if duplicate was detected
if ($duplicate_detect == 0){
//Add
mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_username = '$username', credential_password = '$password', credential_client_id = $client_id");
mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$totp', credential_client_id = $client_id");
$row_count = $row_count + 1;
}else{
} else {
$duplicate_count = $duplicate_count + 1;
}
}
@@ -453,7 +462,7 @@ if (isset($_GET['download_credentials_csv_template'])) {
$f = fopen('php://memory', 'w');
//set column headers
$fields = array('Name', 'Description', 'Username', 'Password', 'URI');
$fields = array('Name', 'Description', 'Username', 'Password', 'TOTP', 'URI');
fputcsv($f, $fields, $delimiter);
//move back to beginning of file