Release 25.01.01

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 This file documents all notable changes made to ITFlow.
 
+## [25.01.01]
+
+### Added / Changed
+- Redesigned the Multi-Factor Authentication (MFA) Setup and Enforcement Flow UI/UX for a more intuitive user experience.
+- Added a "Member" column in the user roles listing for improved visibility.
+- General UI/UX improvements, along with minor performance optimizations and cleanups.
+
+### Fixed
+- Fixed an issue where Stripe was not appearing as a recurring payment option.
+- Corrected inaccurate Quarter 2 Expense results in the Profit & Loss Report.
+- Resolved TOTP code not displaying correctly on hover in the Contact or Asset Details sections.
+- Archived contacts no longer appear in the Bulk Mail section.
+- Fixed an issue where the Ticket Assign Modal was showing both ITFlow and client users.
+- Fixed issue with login key redirecting to legacy client portal page.
+
 ## [25.01]
 
 ### Added / Changed

admin_bulk_mail.php

@@ -4,7 +4,8 @@
 
 $sql = mysqli_query($mysqli, "SELECT * FROM contacts
     LEFT JOIN clients ON client_id = contact_client_id
-    WHERE contact_archived_at IS NULL
+    WHERE client_archived_at IS NULL
+    AND contact_archived_at IS NULL
     AND contact_email != ''
     AND (contact_primary = 1 OR
     contact_important = 1 OR
@@ -22,7 +23,7 @@
         <h3 class="card-title mt-2 mb-2"><i class="fa fa-fw fa-envelope-open mr-2"></i>Bulk Mail</h3>
         <div class="card-tools">
             <button id="bulkActionButton" hidden class="btn btn-primary" type="submit" form='bulkActions' name="send_bulk_mail_now">
-                <i class="fas fa-fw fa-paper-plane mr-2"></i>Send Now (<span id="selectedCount">0</span>)
+                <i class="fas fa-fw fa-paper-plane mr-2"></i>Send (<span id="selectedCount">0</span>)
             </button>
         </div>
     </div>

admin_mail_queue.php

@@ -102,11 +102,6 @@
                                     <input class="form-check-input" id="selectAllCheckbox" type="checkbox" onclick="checkAll(this)">
                                 </div>
                             </td>
-                            <th>
-                                <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_id&order=<?php echo $disp; ?>">
-                                    ID <?php if ($sort == 'email_id') { echo $order_icon; } ?>
-                                </a>
-                            </th>
                             <th>
                                 <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=email_queued_at&order=<?php echo $disp; ?>">
                                     Queued <?php if ($sort == 'email_queued_at') { echo $order_icon; } ?>
@@ -137,7 +132,7 @@
                                     Attempts <?php if ($sort == 'email_attempts') { echo $order_icon; } ?>
                                 </a>
                             </th>
-                            <th>Action</th>
+                            <th class="text-center">Action</th>
                         </tr>
                         </thead>
                         <tbody>
@@ -175,14 +170,13 @@
                                     </div>
                                     <?php } ?>
                                 </td>
-                                <td><?php echo $email_id; ?></td>
                                 <td><?php echo $email_queued_at; ?></td>
                                 <td><?php echo "$email_from<br><small class='text-secondary'>$email_from_name</small>"?></td>
                                 <td><?php echo "$email_recipient<br><small class='text-secondary'>$email_recipient_name</small>"?></td>
                                 <td><?php echo $email_subject; ?></td>
                                 <td><?php echo $email_status_display; ?></td>
                                 <td><?php echo $email_attempts; ?></td>
-                                <td>
+                                <td class="text-center">
                                     <a class="btn btn-sm btn-secondary" href="admin_mail_queue_message_view.php?email_id=<?php echo $email_id; ?>">
                                         <i class="fas fa-fw fa-eye"></i>
                                     </a>

admin_role.php

@@ -21,7 +21,7 @@
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
 ?>
-    <div class="alert alert-warning text-center"><strong>Roles are still in development. Permissions may not be fully enforced.</strong></div>
+    <div class="alert alert-info text-center"><strong>Roles are still in development. Permissions may not be fully enforced.</strong></div>
 
     <div class="card card-dark">
         <div class="card-header py-2">
@@ -54,22 +54,15 @@
                     <tr>
                         <th>
                             <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_name&order=<?php echo $disp; ?>">
-                                Name <?php if ($sort == 'user_role_name') { echo $order_icon; } ?>
-                            </a>
-                        </th>
-                        <th>
-                            <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_description&order=<?php echo $disp; ?>">
-                                Description <?php if ($sort == 'user_role_description') { echo $order_icon; } ?>
+                                Role <?php if ($sort == 'user_role_name') { echo $order_icon; } ?>
                             </a>
                         </th>
+                        <th>Members</th>
                         <th>
                             <a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role_is_admin&order=<?php echo $disp; ?>">
                                 Admin <?php if ($sort == 'user_role_is_admin') { echo $order_icon; } ?>
                             </a>
                         </th>
-                        <th class="text-center">
-                            User count
-                        </th>
                         <th class="text-center">Action</th>
                     </tr>
                     </thead>
@@ -87,16 +80,32 @@
                         $sql_role_user_count = mysqli_query($mysqli, "SELECT COUNT(users.user_id) FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
                         $role_user_count = mysqli_fetch_row($sql_role_user_count)[0];
 
+                        $sql_users = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings on users.user_id = user_settings.user_id WHERE user_role = $role_id AND user_archived_at IS NULL");
+                        // Initialize an empty array to hold user names
+                        $user_names = [];
+
+                        // Fetch each row and store the user_name in the array
+                        while($row = mysqli_fetch_assoc($sql_users)) {
+                            $user_names[] = nullable_htmlentities($row['user_name']);
+                        }
+
+                        // Convert the array of user names to a comma-separated string
+                        $user_names_string = implode(",", $user_names) ;
+
+                        if (empty($user_names_string)) {
+                            $user_names_string = "-";
+                        }
+
                         ?>
                         <tr>
                             <td>
-                                <a class="text-dark" href="#" data-toggle="modal" data-target="#editRoleModal<?php echo $role_id; ?>">
-                                    <div class="text-secondary"><?php echo $role_name; ?></div>
+                                <a class="text-dark text-bold" href="#" data-toggle="modal" data-target="#editRoleModal<?php echo $role_id; ?>">
+                                    <?php echo $role_name; ?>
                                 </a>
+                                <div class="text-secondary"><?php echo $role_description; ?></div>
                             </td>
-                            <td><?php echo $role_description; ?></td>
+                            <td><?php echo $user_names_string; ?></td>
                             <td><?php echo $role_admin ? 'Yes' : 'No' ; ?></td>
-                            <td class="text-center"><?php echo $role_user_count ?></td>
                             <td>
                                 <?php if ($role_id !== 3) { ?>
                                     <div class="dropdown dropleft text-center">

admin_settings_company.php

@@ -33,7 +33,7 @@
 
                     <div class="row">
                         <div class="col-md-3 text-center">
-                            <?php if(file_exists("uploads/settings/$company_logo")) { ?>
+                            <?php if($company_logo) { ?>
                             <img class="img-thumbnail" src="<?php echo "uploads/settings/$company_logo"; ?>">
                             <a href="post.php?remove_company_logo" class="btn btn-outline-danger btn-block">Remove Logo</a>
                             <hr>

admin_settings_notification.php

@@ -19,19 +19,6 @@
                     </div>
                 </div>
 
-                <div class="form-group">
-                    <label>Cron Key</label>
-                    <div class="input-group">
-                        <div class="input-group-prepend">
-                            <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
-                        </div>
-                        <input type="text" class="form-control" name="config_cron_key" placeholder="Generate a CRON Key" value="<?php echo nullable_htmlentities($config_cron_key); ?>" readonly>
-                        <div class="input-group-append">
-                            <a href="post.php?generate_cron_key" class="btn btn-secondary confirm-link"><i class="fas fa-fw fa-sync mr-2"></i>Regenerate</a>
-                        </div>
-                    </div>
-                </div>
-
                 <table class="table table-bordered">
                     <thead class="thead-dark">
                         <tr>

check_login.php

@@ -54,7 +54,7 @@
 $session_name = sanitizeInput($row['user_name']);
 $session_email = $row['user_email'];
 $session_avatar = $row['user_avatar'];
-$session_token = $row['user_token'];
+$session_token = $row['user_token']; // MFA Token
 $session_user_role = intval($row['user_role']);
 $session_user_role_display = sanitizeInput($row['user_role_name']);
 if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
@@ -128,8 +128,3 @@
 $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('notification_id') AS num FROM notifications WHERE (notification_user_id = $session_user_id OR notification_user_id = 0) AND notification_dismissed_at IS NULL"));
 $num_notifications = $row['num'];
 
-
-// FORCE MFA Setup
-//if ($session_user_config_force_mfa == 1 && $session_token == NULL) {
-//    header("Location: force_mfa.php");
-//}

client_asset_details.php

@@ -485,7 +485,7 @@
                                 if (empty($login_otp_secret)) {
                                     $otp_display = "-";
                                 } else {
-                                    $otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
+                                    $otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
                                 }
                                 $login_note = nullable_htmlentities($row['login_note']);
                                 $login_important = intval($row['login_important']);
@@ -926,6 +926,8 @@ function updateAssetNotes(asset_id) {
 </script>
 
 <script src="js/recurring_tickets_edit_modal.js"></script>
+<!-- Include script to get TOTP code via the login ID -->
+<script src="js/logins_show_otp_via_id.js"></script>
 
 <?php
 

client_contact_details.php

@@ -477,7 +477,7 @@ class="btn btn-secondary btn-sm" title="Unlink">
                                 if (empty($login_otp_secret)) {
                                     $otp_display = "-";
                                 } else {
-                                    $otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
+                                    $otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
                                 }
                                 $login_note = nullable_htmlentities($row['login_note']);
                                 $login_important = intval($row['login_important']);
@@ -1129,6 +1129,8 @@ function(data) {
     </script>
 
     <script src="js/recurring_tickets_edit_modal.js"></script>
+    <!-- Include script to get TOTP code via the login ID -->
+    <script src="js/logins_show_otp_via_id.js"></script>
 
 <?php