itflow-org
diff --git a/‎CHANGELOG.md‎
Lines changed: 10 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎admin_role.php‎
Lines changed: 15 additions & 15 deletions b/‎admin_role.php‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎admin_settings_invoice.php‎
Lines changed: 2 additions & 2 deletions b/‎admin_settings_invoice.php‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎admin_settings_theme.php‎
Lines changed: 1 addition & 1 deletion b/‎admin_settings_theme.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎admin_user.php‎
Lines changed: 40 additions & 14 deletions b/‎admin_user.php‎
Lines changed: 40 additions & 14 deletions
diff --git a/‎ajax.php‎
Lines changed: 20 additions & 20 deletions b/‎ajax.php‎
Lines changed: 20 additions & 20 deletions
@@ -2,6 +2,16 @@
 
 This file documents all notable changes made to ITFlow.
 
+## [25.02.4]
+
+### Fixed
+- Resolved issue preventing the addition or editing of licenses when no vendor was selected.
+- Fixed several undeclared variables in AJAX contact details.
+- Corrected the contact ticket count display.
+- Addressed an issue where clicking "More Details" in AJAX contact/asset details failed to include the `client_id` in the URL.
+- Fixed an issue with recurring invoices in the client URL: clicking "Inactive" or "Active" would unexpectedly navigate away from the client section.
+- Added new php function getFieldById() to return a record using just an id and sanitized as well.
+
 ## [25.02.3]
 
 ### Fixed
 
@@ -1,7 +1,7 @@
 <?php
 
 // Default Column Sortby Filter
-$sort = "user_role_is_admin";
+$sort = "role_is_admin";
 $order = "DESC";
 
 require_once "includes/inc_all_admin.php";
@@ -13,8 +13,8 @@
 $sql = mysqli_query(
     $mysqli,
     "SELECT SQL_CALC_FOUND_ROWS * FROM user_roles
-    WHERE (user_roles.user_role_name LIKE '%$q%' OR user_roles.user_role_description LIKE '%$q%')
-    AND user_roles.user_role_archived_at IS NULL
+    WHERE (role_name LIKE '%$q%' OR role_description LIKE '%$q%')
+    AND role_archived_at IS NULL
     ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
@@ -53,14 +53,14 @@
                     <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
                     <tr>
                         <th>
-                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_name&order=<?php echo $disp; ?>">
-                                Role <?php if ($sort == 'user_role_name') { echo $order_icon; } ?>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
+                                Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
                             </a>
                         </th>
                         <th>Members</th>
                         <th>
-                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_is_admin&order=<?php echo $disp; ?>">
-                                Admin <?php if ($sort == 'user_role_is_admin') { echo $order_icon; } ?>
+                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_is_admin&order=<?php echo $disp; ?>">
+                                Admin <?php if ($sort == 'role_is_admin') { echo $order_icon; } ?>
                             </a>
                         </th>
                         <th class="text-center">Action</th>
@@ -70,17 +70,17 @@
                     <?php
 
                     while ($row = mysqli_fetch_array($sql)) {
-                        $role_id = intval($row['user_role_id']);
-                        $role_name = nullable_htmlentities($row['user_role_name']);
-                        $role_description = nullable_htmlentities($row['user_role_description']);
-                        $role_admin = intval($row['user_role_is_admin']);
-                        $role_archived_at = nullable_htmlentities($row['user_role_archived_at']);
+                        $role_id = intval($row['role_id']);
+                        $role_name = nullable_htmlentities($row['role_name']);
+                        $role_description = nullable_htmlentities($row['role_description']);
+                        $role_admin = intval($row['role_is_admin']);
+                        $role_archived_at = nullable_htmlentities($row['role_archived_at']);
 
                         // Count number of users that have each role
-                        $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(user_id) FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
                         $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
 
-                        $sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        $sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE user_role_id = $role_id AND user_archived_at IS NULL");
                         // Initialize an empty array to hold user names
                         $user_names = [];
 
@@ -90,7 +90,7 @@
                         }
 
                         // Convert the array of user names to a comma-separated string
-                        $user_names_string = implode(",", $user_names) ;
+                        $user_names_string = implode(",", $user_names);
 
                         if (empty($user_names_string)) {
                             $user_names_string = "-";
 
@@ -77,7 +77,7 @@
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
                         </div>
-                        <input type="text" class="form-control" name="config_recurring_prefix" placeholder="Recurring Prefix" value="<?php echo nullable_htmlentities($config_recurring_prefix); ?>" required>
+                        <input type="text" class="form-control" name="config_recurring_invoice_prefix" placeholder="Recurring Invoice Prefix" value="<?php echo nullable_htmlentities($config_recurring_invoice_prefix); ?>" required>
                     </div>
                 </div>
 
@@ -87,7 +87,7 @@
                         <div class="input-group-prepend">
                             <span class="input-group-text"><i class="fa fa-fw fa-barcode"></i></span>
                         </div>
-                        <input type="number" min="0" class="form-control" name="config_recurring_next_number" placeholder="Next Recurring Number" value="<?php echo intval($config_recurring_next_number); ?>" required>
+                        <input type="number" min="0" class="form-control" name="config_recurring_invoice_next_number" placeholder="Next Recurring Invoice Number" value="<?php echo intval($config_recurring_invoice_next_number); ?>" required>
                     </div>
                 </div>
 
 
@@ -19,7 +19,7 @@
 
                         ?>
 
-                        <div class="col-3 text-center mb-3">
+                        <div class="col-4 text-center mb-3">
                             <div class="form-group">
                                 <div class="custom-control custom-radio">
                                     <input class="custom-control-input" type="radio" onchange="this.form.submit()" id="customRadio<?php echo $theme_color; ?>" name="edit_theme_settings" value="<?php echo $theme_color; ?>" <?php if ($config_theme == $theme_color) { echo "checked"; } ?>>
 
@@ -6,17 +6,25 @@
 
 require_once "includes/inc_all_admin.php";
 
-
-//Rebuild URL
-$url_query_strings_sort = http_build_query($get_copy);
+// User Type Filter
+if (isset($_GET['type']) && $_GET['type'] == "client") {
+    $type_filter = "client";
+    $type_query = "AND user_type = 2";
+} else {
+    $type_filter = "user";
+    $type_query = "AND user_type = 1";
+}
 
 $sql = mysqli_query(
     $mysqli,
-    "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings, user_roles
-    WHERE users.user_id = user_settings.user_id
-    AND user_settings.user_role = user_roles.user_role_id
-    AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
+    "SELECT SQL_CALC_FOUND_ROWS * FROM users
+    LEFT JOIN user_roles ON user_role_id = role_id
+    LEFT JOIN user_settings ON users.user_id = user_settings.user_id
+    LEFT JOIN contacts ON users.user_id = contact_user_id
+    LEFT JOIN clients ON contact_client_id = client_id
+    WHERE (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
     AND user_archived_at IS NULL
+    $type_query
     ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
@@ -36,6 +44,7 @@
                 <div class="dropdown-menu">
                     <!--<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#userInviteModal"><i class="fas fa-paper-plane mr-2"></i>Invite User</a>-->
                     <?php if ($num_rows[0] > 1) { ?>
+                        <a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#exportUserModal"><i class="fa fa-fw fa-download mr-2"></i>Export</a>
                         <div class="dropdown-divider"></div>
                         <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#resetAllUserPassModal"><i class="fas fa-skull-crossbones mr-2"></i>IR</a>
                     <?php } ?>
@@ -55,8 +64,11 @@
                     </div>
                 </div>
                 <div class="col-md-8">
-                    <div class="float-right">
-                        <button type="button" class="btn btn-default" data-toggle="modal" data-target="#exportUserModal"><i class="fa fa-fw fa-download mr-2"></i>Export</button>
+                    <div class="btn-toolbar float-right">
+                        <div class="btn-group mr-2">
+                            <a href="?type=user" class="btn btn-<?php if ($type_filter == "user"){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-shield mr-2"></i>User</a>
+                            <a href="?type=client" class="btn btn-<?php if ($type_filter == "client"){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user mr-2"></i>Client</a>
+                        </div>
                     </div>
                 </div>
             </div>
@@ -77,8 +89,8 @@
                         </a>
                     </th>
                     <th>
-                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role&order=<?php echo $disp; ?>">
-                            Role <?php if ($sort == 'user_role') { echo $order_icon; } ?>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=role_name&order=<?php echo $disp; ?>">
+                            Role <?php if ($sort == 'role_name') { echo $order_icon; } ?>
                         </a>
                     </th>
                     <th>
@@ -90,6 +102,13 @@
                     <th>
                         Last Login
                     </th>
+                    <?php if ($type_filter === "client") { ?>
+                    <th>
+                        <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=client_name&order=<?php echo $disp; ?>">
+                            Client <?php if ($sort == 'client_name') { echo $order_icon; } ?>
+                        </a>
+                    </th>
+                    <?php } ?>
                     <th class="text-center">Action</th>
                 </tr>
                 </thead>
@@ -116,10 +135,14 @@
                         $mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>";
                     }
                     $user_config_force_mfa = intval($row['user_config_force_mfa']);
-                    $user_role = $row['user_role'];
-                    $user_role_display = nullable_htmlentities($row['user_role_name']);
+                    $user_role = intval($row['user_role_id']);
+                    $user_role_display = nullable_htmlentities($row['role_name']);
                     $user_initials = nullable_htmlentities(initials($user_name));
 
+                    $contact_id = intval($row['contact_id']);
+                    $client_id = intval($row['client_id']);     
+                    $client_name = nullable_htmlentities($row['client_name']);
+
                     $sql_last_login = mysqli_query(
                         $mysqli,
                         "SELECT * FROM logs
@@ -139,7 +162,7 @@
                     }
 
                     // Get User Client Access Permissions
-                    $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id");
+                    $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_client_permissions WHERE user_id = $user_id");
                     $client_access_array = [];
                     while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
                         $client_access_array[] = intval($row['client_id']);
@@ -178,6 +201,9 @@
                         <td><?php echo $user_status_display; ?></td>
                         <td class="text-center"><?php echo $mfa_status_display; ?></td>
                         <td><?php echo $last_login; ?></td>
+                        <?php if ($type_filter === "client") { ?>
+                        <td><?php echo $client_name; ?></td>
+                        <?php } ?>
                         <td>
                             <?php if ($user_id !== $session_user_id) {   // Prevent modifying self ?>
                             <div class="dropdown dropleft text-center">
 
@@ -8,7 +8,7 @@
 
 require_once "config.php";
 require_once "functions.php";
-require_once "check_login.php";
+require_once "includes/check_login.php";
 require_once "plugins/totp/totp.php";
 
 /*
@@ -165,7 +165,7 @@
 }
 
 /*
- * Generates public/guest links for sharing logins/docs
+ * Generates public/guest links for sharing credentials/docs
  */
 if (isset($_GET['share_generate_link'])) {
     enforceUserPermission('module_support', 2);
@@ -207,23 +207,23 @@
         $item_name = sanitizeInput($row['file_name']);
     }
 
-    if ($item_type == "Login") {
-        $login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = $item_id AND login_client_id = $client_id LIMIT 1");
-        $row = mysqli_fetch_array($login);
+    if ($item_type == "Credential") {
+        $credential = mysqli_query($mysqli, "SELECT credential_name, credential_username, credential_password FROM credentials WHERE credential_id = $item_id AND credential_client_id = $client_id LIMIT 1");
+        $row = mysqli_fetch_array($credential);
 
-        $item_name = sanitizeInput($row['login_name']);
+        $item_name = sanitizeInput($row['credential_name']);
 
         // Decrypt & re-encrypt username/password for sharing
-        $login_encryption_key = randomString();
+        $credential_encryption_key = randomString();
 
-        $login_username_cleartext = decryptLoginEntry($row['login_username']);
+        $credential_username_cleartext = decryptCredentialEntry($row['credential_username']);
         $iv = randomString();
-        $username_ciphertext = openssl_encrypt($login_username_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
+        $username_ciphertext = openssl_encrypt($credential_username_cleartext, 'aes-128-cbc', $credential_encryption_key, 0, $iv);
         $item_encrypted_username = $iv . $username_ciphertext;
 
-        $login_password_cleartext = decryptLoginEntry($row['login_password']);
+        $credential_password_cleartext = decryptCredentialEntry($row['credential_password']);
         $iv = randomString();
-        $password_ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
+        $password_ciphertext = openssl_encrypt($credential_password_cleartext, 'aes-128-cbc', $credential_encryption_key, 0, $iv);
         $item_encrypted_credential = $iv . $password_ciphertext;
     }
 
@@ -232,8 +232,8 @@
     $share_id = $mysqli->insert_id;
 
     // Return URL
-    if ($item_type == "Login") {
-        $url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
+    if ($item_type == "Credential") {
+        $url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key&ek=$credential_encryption_key";
     }
     else {
         $url = "https://$config_base_url/guest/guest_view_item.php?id=$share_id&key=$item_key";
@@ -333,24 +333,24 @@
 if (isset($_GET['get_totp_token_via_id'])) {
     enforceUserPermission('module_credential');
 
-    $login_id = intval($_GET['login_id']);
+    $credential_id = intval($_GET['credential_id']);
 
-    $sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT login_name, login_otp_secret, login_client_id FROM logins WHERE login_id = $login_id"));
-    $name = sanitizeInput($sql['login_name']);
-    $totp_secret = $sql['login_otp_secret'];
-    $client_id = intval($sql['login_client_id']);
+    $sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT credential_name, credential_otp_secret, credential_client_id FROM credentials WHERE credential_id = $credential_id"));
+    $name = sanitizeInput($sql['credential_name']);
+    $totp_secret = $sql['credential_otp_secret'];
+    $client_id = intval($sql['credential_client_id']);
 
     $otp = TokenAuth6238::getTokenCode(strtoupper($totp_secret));
     echo json_encode($otp);
 
     // Logging
     //  Only log the TOTP view if the user hasn't already viewed this specific login entry recently, this prevents logs filling if a user hovers across an entry a few times
-    $check_recent_totp_view_logged_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS recent_totp_view FROM logs WHERE log_type = 'Login' AND log_action = 'View TOTP' AND log_user_id = $session_user_id AND log_entity_id = $login_id AND log_client_id = $client_id AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
+    $check_recent_totp_view_logged_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT(log_id) AS recent_totp_view FROM logs WHERE log_type = 'Credential' AND log_action = 'View TOTP' AND log_user_id = $session_user_id AND log_entity_id = $credential_id AND log_client_id = $client_id AND log_created_at > (NOW() - INTERVAL 5 MINUTE)"));
     $recent_totp_view_logged_count = intval($check_recent_totp_view_logged_sql['recent_totp_view']);
 
     if ($recent_totp_view_logged_count == 0) {
         // Logging
-        logAction("Credential", "View TOTP", "$session_name viewed credential TOTP code for $name", $client_id, $login_id);
+        logAction("Credential", "View TOTP", "$session_name viewed credential TOTP code for $name", $client_id, $credential_id);
 
     }
 }