From df5e102ae9113876ee8a99886cc315fc4d9cbe69 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Thu, 8 Jan 2026 13:46:12 +0800 Subject: [PATCH 1/6] Added 2026 --- src/pages/IndexPage/Index.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/IndexPage/Index.tsx b/src/pages/IndexPage/Index.tsx index 01613a8..0281cb1 100644 --- a/src/pages/IndexPage/Index.tsx +++ b/src/pages/IndexPage/Index.tsx @@ -93,7 +93,7 @@ export default () => { OCBO Logo - + Davao City, Philippines @@ -143,7 +143,7 @@ export default () => { OCBO Logo - + Davao City, Philippines From edb7a471fa9c41f4619ead9820cbff40ff00f791 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Thu, 8 Jan 2026 13:46:34 +0800 Subject: [PATCH 2/6] Redesign notes for Enc v --- src/pages/LoginPage/Login.sass | 9 +++++++++ src/pages/LoginPage/Login.tsx | 12 ++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/pages/LoginPage/Login.sass b/src/pages/LoginPage/Login.sass index f91b5b5..f0c0a34 100644 --- a/src/pages/LoginPage/Login.sass +++ b/src/pages/LoginPage/Login.sass @@ -30,3 +30,12 @@ &__info padding: 0 0 0.15rem 0 + + &__note + font-weight: bold + font-size: 0.75rem + padding: 1rem 0 0.75rem 0 + + &__note-info + padding: 0 0 0.25rem 0 + font-size: 0.75rem diff --git a/src/pages/LoginPage/Login.tsx b/src/pages/LoginPage/Login.tsx index 2899ebf..db96aeb 100644 --- a/src/pages/LoginPage/Login.tsx +++ b/src/pages/LoginPage/Login.tsx @@ -248,12 +248,12 @@ export default () => {
- Note: - To ensure security and privacy, avoid sharing your password. - Your password's encryption is irreversible, which means it cannot be decrypted. - Only encrypted passwords are saved in the database. - Only you know your password. If forgotten, the account will be locked. - If this happens, contact the IT department and request that your account be reset. You will be required to register again. + Note: + To ensure security and privacy, avoid sharing your password. + Your password's encryption is irreversible, which means it cannot be decrypted. + Only encrypted passwords are saved in the database. + Only you know your password. If forgotten, the account will be locked. + If this happens, contact the IT department and request that your account be reset. You will be required to register again.
From 4a6263cb0f521eee9085cabf4fcac8bc8420170a Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Thu, 8 Jan 2026 13:46:49 +0800 Subject: [PATCH 3/6] Added ts-ignore on lazy --- src/routes.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/src/routes.tsx b/src/routes.tsx index cc82072..91bf5e0 100644 --- a/src/routes.tsx +++ b/src/routes.tsx @@ -1,5 +1,6 @@ import type { RouteDefinition } from '@solidjs/router' import Index from './pages/IndexPage/Index' +// @ts-ignore import { lazy } from 'solid-js' export const routes: RouteDefinition[] = [ From 302154506ad2ff19b801b9ed0ec543d66e081497 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Thu, 8 Jan 2026 13:46:59 +0800 Subject: [PATCH 4/6] Added CSP on backend --- backend/main.go | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/backend/main.go b/backend/main.go index 88e6164..2c86178 100644 --- a/backend/main.go +++ b/backend/main.go @@ -98,6 +98,7 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") c.Writer.Header().Set("X-Server", "OCBO Server") switch method { @@ -434,7 +435,7 @@ func connect() { "result": result, }) - case "get-headid": + case "get-headid": err = db.QueryRow("SELECT IFNULL(employeeid, '') AS result FROM employee WHERE is_head = 1").Scan(&result) if err != nil { c.AbortWithError(http.StatusBadRequest, err) @@ -460,6 +461,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") switch method { case "check-building": @@ -1370,6 +1373,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") switch method { case "check-access": @@ -1426,6 +1431,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("INSERT INTO esign (esignid, employeeid, password, signature, image) VALUES (NULL, ?, ?, ?, ?)") if err != nil { @@ -1473,6 +1480,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare(`INSERT INTO occupancydocflowtxn (occupancydocflowtxnid, occupancyreceivingid, txndate, remarks, is_tag, tagword, is_approve, employeeid, is_compliance, comments) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, 0, NULL)`) @@ -1521,6 +1530,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare(`INSERT INTO electricaldocflowtxn (electricaldocflowtxnid, electricalid, txndate, remarks, comments, is_tag, tagword, is_approve, employeeid, is_delete) VALUES (NULL, ?, ?, ?, NULL, ?, ?, ?, ?, 0)`) @@ -1564,6 +1575,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE occupancydocflowtxn SET is_approve = 1 WHERE remarks = ? AND occupancyreceivingid = (SELECT occupancyid FROM occupancy WHERE controlNo = ?)") if err != nil { @@ -1611,6 +1624,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE electricaldocflowtxn SET is_approve = 1 WHERE remarks = ? AND electricalid = (SELECT electricalid FROM electrical WHERE electricalNo = ?)") if err != nil { @@ -1657,6 +1672,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE occupancy_orderofpayment SET popstransmitted = 1, is_release = 1 WHERE occupancyid = ? AND for_approval = 1 AND is_paid = 0 AND is_approve = 1") if err != nil { @@ -1697,6 +1714,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE electrical_orderofpayment_new SET popstransmitted = 1, is_release = 1 WHERE electricalid = ? AND for_approval = 1 AND is_paid = 0 AND is_approve = 1") if err != nil { @@ -1737,6 +1756,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE electrical_orderofpayment_new SET popstransmitted = 1, is_release = 1 WHERE electricalid = ? AND for_approval = 1 AND is_paid = 0 AND is_approve = 1") if err != nil { @@ -1779,6 +1800,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("INSERT INTO esign_transactions (esign_transactionsid, esignid, referenceNo, date_signed) VALUES (NULL, ?, ?, ?)") if err != nil { @@ -1831,6 +1854,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := dbpop.Prepare(`INSERT INTO orderpaydetail (OrderPayId, OPRefId, OPSysId, OPDate, AcctRefId, AcctFullName, AcctAddress, AccountCode, AmountBasic, OPPostedBy, OPPostDate, OfficeCode, Amt_GFLGU, Amt_GFDPWH, Amt_TFBO, TranRefId) VALUES (NULL, ?, 'IIPS', ?, ?, ?, ?, ?, ?, ?, ?, 8751, ?, ?, ?, ?)`) @@ -1873,6 +1898,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE occupancy_orderofpayment SET is_approve = 1 WHERE occupancyid = ? AND for_approval = 1 AND is_paid = 0") if err != nil { @@ -1920,6 +1947,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE building_orderofpayment SET is_approve = 1 WHERE occupancyid = ? AND for_approval = 1 AND is_paid = 0") if err != nil { @@ -1967,6 +1996,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE electrical_orderofpayment_new SET is_approve = 1 WHERE electricalid = ? AND for_approval = 1 AND is_paid = 0") if err != nil { @@ -2014,6 +2045,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE employee SET employeename = ? WHERE employeeid = ?") if err != nil { @@ -2058,6 +2091,8 @@ func connect() { c.Writer.Header().Set("X-Frame-Options", "DENY") c.Writer.Header().Set("X-Download-Options", "noopen") c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") dbpost, err := db.Prepare("UPDATE esign SET password = ? WHERE employeeid = ?") if err != nil { From b15636f94a5c51d0ef9c64c3e3674b1ffa789fd5 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Thu, 8 Jan 2026 13:47:32 +0800 Subject: [PATCH 5/6] Updated dependencies on backend --- backend/go.sum | 8 -------- 1 file changed, 8 deletions(-) diff --git a/backend/go.sum b/backend/go.sum index 99d5043..eab449e 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -25,10 +25,6 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.29.0 h1:lQlF5VNJWNlRbRZNeOIkWElR+1LL/OuHcc0Kp14w1xk= -github.com/go-playground/validator/v10 v10.29.0/go.mod h1:D6QxqeMlgIPuT02L66f2ccrZ7AGgHkzKmmTMZhk/Kc4= -github.com/go-playground/validator/v10 v10.30.0 h1:5YBPNs273uzsZJD1I8uiB4Aqg9sN6sMDVX3s6LxmhWU= -github.com/go-playground/validator/v10 v10.30.0/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM= github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w= github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM= github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= @@ -61,8 +57,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8= github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII= -github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI10= -github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s= github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug= github.com/quic-go/quic-go v0.58.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -93,8 +87,6 @@ golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 44377cd0f0084473aac829b20a15ba3a586e00aa Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Thu, 8 Jan 2026 13:47:54 +0800 Subject: [PATCH 6/6] Corrected connectionstring --- backend/connections/connectionString.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/backend/connections/connectionString.go b/backend/connections/connectionString.go index e5e45eb..29cfbd7 100644 --- a/backend/connections/connectionString.go +++ b/backend/connections/connectionString.go @@ -3,10 +3,8 @@ package connections var connectionString string = "root:superuser@tcp(localhost:3306)/iips" var connectionStringPops string = "root:superuser@tcp(localhost:3306)/pops" -// var connectionStringServer string = "iips:iipsuser@tcp(192.168.7.100:3306)/iips" -var connectionStringPopsServer string = "pops:Pops2023!@tcp(192.168.76.10:3306)/pops" - var connectionStringServer string = "iips:iipsuser@tcp(192.168.7.165:3306)/iips" +var connectionStringPopsServer string = "pops:Pops2023!@tcp(192.168.76.10:3306)/pops" func GetConnectionString() string { return connectionString