admin/34394-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

beta.0001

Browse Source
This commit is contained in:
Flatlogic Bot 2025-09-28 22:00:58 +00:00
parent 0f1653e913
commit 95de2da48e
8 changed files with 38 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
add-credential.php
View File

@ -21,8 +21,8 @@ if (!isset($_GET['client_id']) || empty($_GET['client_id'])) {
$client_id = $_GET['client_id']; $client_id = $_GET['client_id'];
// Fetch client details to display // Fetch client details to display
$stmt = $pdo->prepare("SELECT name FROM clients WHERE client_id = ?"); $stmt = $pdo->prepare("SELECT name FROM clients WHERE client_id = ? AND user_id = ?");
$stmt->execute([$client_id]); $stmt->execute([$client_id, $_SESSION['user_id']]);
$client = $stmt->fetch(PDO::FETCH_ASSOC); $client = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$client) { if (!$client) {

2
audit-log.php
View File

@ -17,7 +17,7 @@ $pdo = db();
$stmt = $pdo->query( $stmt = $pdo->query(
"SELECT ae.*, u.display_name " . "SELECT ae.*, u.display_name " .
"FROM audit_events ae " . "FROM audit_events ae " .
"LEFT JOIN users u ON ae.user_id = u.id " . "LEFT JOIN users u ON ae.user_id = u.user_id " .
"ORDER BY ae.created_at DESC LIMIT 200" // Limit to recent 200 events for performance "ORDER BY ae.created_at DESC LIMIT 200" // Limit to recent 200 events for performance
); );
$events = $stmt->fetchAll(PDO::FETCH_ASSOC); $events = $stmt->fetchAll(PDO::FETCH_ASSOC);

2
dashboard.php
View File

@ -167,7 +167,7 @@ if (isset($_GET['client_id'])) {
<td><?php echo htmlspecialchars(date('Y-m-d H:i', strtotime($cred['updated_at']))); ?></td> <td><?php echo htmlspecialchars(date('Y-m-d H:i', strtotime($cred['updated_at']))); ?></td>
<td> <td>
<a href="edit-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-primary"><i class="bi bi-pencil-square"></i> Edit</a> <a href="edit-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-primary"><i class="bi bi-pencil-square"></i> Edit</a>
<a href="delete-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this credential?');"><i class="bi bi-trash"></i> Delete</a> <a href="delete-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-danger"><i class="bi bi-trash"></i> Delete</a>
</td> </td>
</tr> </tr>
<?php endforeach; ?> <?php endforeach; ?>

37
db/temp_update_clients.php
View File

@ -1,37 +0,0 @@
<?php
require_once __DIR__ . '/config.php';
$pdo = db();
// 1. Get the admin user's ID
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
$stmt->execute(['admin@flexpass.local']);
$adminUser = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$adminUser) {
echo "Admin user not found. Please seed the database first (php db/seed.php).\n";
exit(1);
}
$adminId = $adminUser['id'];
echo "Found admin user ID: {$adminId}\n";
// 2. Update existing clients
try {
$updateStmt = $pdo->prepare("UPDATE clients SET user_id = ? WHERE user_id IS NULL OR user_id = ''");
$updateStmt->execute([$adminId]);
$rowCount = $updateStmt->rowCount();
echo "Updated {$rowCount} client(s) to belong to the admin user.\n";
} catch (PDOException $e) {
// This will fail if the column doesn't exist yet, which is fine.
echo "Could not update clients (the user_id column might not exist yet): " . $e->getMessage() . "\n";
}
// 3. Modify the migration to be safer
$migrationFile = __DIR__ . '/migrations/002_add_user_id_to_clients.sql';
$migrationSQL = "ALTER TABLE `clients` ADD COLUMN `user_id` CHAR(36);"; // Add as nullable first
file_put_contents($migrationFile, $migrationSQL);
echo "Migration 002 updated to be safer.\n";
?>

2
delete-client.php
View File

@ -44,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $pdo->prepare("DELETE FROM clients WHERE client_id = ? AND user_id = ?"); $stmt = $pdo->prepare("DELETE FROM clients WHERE client_id = ? AND user_id = ?");
$stmt->execute([$clientId, $_SESSION['user_id']]); $stmt->execute([$clientId, $_SESSION['user_id']]);
log_audit_event('client_delete', $_SESSION['user_id'], "Client '{$client['name']}' (ID: {$clientId}) and all associated data deleted."); log_audit_event('client_delete', $_SESSION['user_id'], 'client', $clientId);
// Using session to pass success message // Using session to pass success message
$_SESSION['success_message'] = "Client '" . htmlspecialchars($client['name']) . "' and all associated data have been deleted."; $_SESSION['success_message'] = "Client '" . htmlspecialchars($client['name']) . "' and all associated data have been deleted.";

10
delete-credential.php
View File

@ -43,10 +43,14 @@ try {
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['confirm_delete'])) { if (isset($_POST['confirm_delete'])) {
try { try {
$stmt = $pdo->prepare("DELETE FROM credentials WHERE credential_id = ?"); $stmt = $pdo->prepare(
$stmt->execute([$credentialId]); "DELETE c FROM credentials c " .
"JOIN clients cl ON c.client_id = cl.client_id " .
"WHERE c.credential_id = ? AND cl.user_id = ?"
);
$stmt->execute([$credentialId, $_SESSION['user_id']]);
log_audit_event('credential_delete', $_SESSION['user_id'], "Credential '{$credential['name']}' (ID: {$credentialId}) deleted."); log_audit_event('credential_delete', $_SESSION['user_id'], 'credential', $credentialId);
header('Location: dashboard.php?client_id=' . $credential['client_id'] . '&status=credential_deleted'); header('Location: dashboard.php?client_id=' . $credential['client_id'] . '&status=credential_deleted');
exit; exit;

2
edit-client.php
View File

@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try { try {
$stmt = $pdo->prepare("UPDATE clients SET name = ?, status = ? WHERE client_id = ? AND user_id = ?"); $stmt = $pdo->prepare("UPDATE clients SET name = ?, status = ? WHERE client_id = ? AND user_id = ?");
$stmt->execute([$name, $status, $clientId, $_SESSION['user_id']]); $stmt->execute([$name, $status, $clientId, $_SESSION['user_id']]);
log_audit_event('client_edit', $_SESSION['user_id'], "Client '{$name}' (ID: {$clientId}) updated."); log_audit_event('client_edit', $_SESSION['user_id'], 'client', $clientId);
header('Location: dashboard.php?client_id=' . $clientId . '&status=client_updated'); header('Location: dashboard.php?client_id=' . $clientId . '&status=client_updated');
exit; exit;
} catch (PDOException $e) { } catch (PDOException $e) {

40
edit-credential.php
View File

@ -19,8 +19,12 @@ $pdo = db();
$credential_id = $_GET['credential_id']; $credential_id = $_GET['credential_id'];
// Fetch the credential // Fetch the credential
$stmt = $pdo->prepare("SELECT * FROM credentials WHERE credential_id = ?"); $stmt = $pdo->prepare(
$stmt->execute([$credential_id]); "SELECT c.* FROM credentials c " .
"JOIN clients cl ON c.client_id = cl.client_id " .
"WHERE c.credential_id = ? AND cl.user_id = ?"
);
$stmt->execute([$credential_id, $_SESSION['user_id']]);
$credential = $stmt->fetch(PDO::FETCH_ASSOC); $credential = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$credential) { if (!$credential) {
@ -43,20 +47,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (empty($name) || empty($username)) { if (empty($name) || empty($username)) {
$error = "Credential Name and Username are required."; $error = "Credential Name and Username are required.";
} else { } else {
// If password is not changed, don't update it // To securely update, we must join against the clients table to check the user_id.
if (empty($password)) { $sql = "UPDATE credentials c " .
$updateStmt = $pdo->prepare( "JOIN clients cl ON c.client_id = cl.client_id " .
"UPDATE credentials SET name = ?, username = ?, url = ?, notes = ?, updated_at = NOW() WHERE credential_id = ?" "SET c.name = ?, c.username = ?, c.url = ?, c.notes = ?, c.updated_at = NOW()";
);
$updateStmt->execute([$name, $username, $url, $notes, $credential_id]);
} else {
$updateStmt = $pdo->prepare(
"UPDATE credentials SET name = ?, username = ?, password = ?, url = ?, notes = ?, updated_at = NOW() WHERE credential_id = ?"
);
$updateStmt->execute([$name, $username, $password, $url, $notes, $credential_id]);
}
log_audit_event('credential_update', $_SESSION['user_id'], 'credential', $credential_id); $params = [$name, $username, $url, $notes];
if (!empty($password)) {
$sql .= ", c.password = ?";
$params[] = $password;
}
$sql .= " WHERE c.credential_id = ? AND cl.user_id = ?";
$params[] = $credential_id;
$params[] = $_SESSION['user_id'];
$updateStmt = $pdo->prepare($sql);
$updateStmt->execute($params);
log_audit_event('credential_edit', $_SESSION['user_id'], 'credential', $credential_id);
// Redirect back to the client detail page with a success message // Redirect back to the client detail page with a success message
header("Location: dashboard.php?client_id=$client_id&status=credential_updated"); header("Location: dashboard.php?client_id=$client_id&status=credential_updated");