admin/34394-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

beta.0001

Browse Source
This commit is contained in:
Flatlogic Bot 2025-09-28 22:00:58 +00:00
parent 0f1653e913
commit 95de2da48e
8 changed files with 38 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
add-credential.php
View File

@ -21,8 +21,8 @@ if (!isset($_GET['client_id']) || empty($_GET['client_id'])) {
$client_id = $_GET['client_id'];
// Fetch client details to display
$stmt = $pdo->prepare("SELECT name FROM clients WHERE client_id = ?");
$stmt->execute([$client_id]);
$stmt = $pdo->prepare("SELECT name FROM clients WHERE client_id = ? AND user_id = ?");
$stmt->execute([$client_id, $_SESSION['user_id']]);
$client = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$client) {

2
audit-log.php
View File

@ -17,7 +17,7 @@ $pdo = db();
$stmt = $pdo->query(
"SELECT ae.*, u.display_name " .
"FROM audit_events ae " .
"LEFT JOIN users u ON ae.user_id = u.id " .
"LEFT JOIN users u ON ae.user_id = u.user_id " .
"ORDER BY ae.created_at DESC LIMIT 200" // Limit to recent 200 events for performance
);
$events = $stmt->fetchAll(PDO::FETCH_ASSOC);

2
dashboard.php
View File

@ -167,7 +167,7 @@ if (isset($_GET['client_id'])) {
<td><?php echo htmlspecialchars(date('Y-m-d H:i', strtotime($cred['updated_at']))); ?></td>
<td>
<a href="edit-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-primary"><i class="bi bi-pencil-square"></i> Edit</a>
<a href="delete-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this credential?');"><i class="bi bi-trash"></i> Delete</a>
<a href="delete-credential.php?credential_id=<?php echo $cred['credential_id']; ?>" class="btn btn-sm btn-outline-danger"><i class="bi bi-trash"></i> Delete</a>
</td>
</tr>
<?php endforeach; ?>

37
db/temp_update_clients.php
View File

@ -1,37 +0,0 @@
<?php
require_once __DIR__ . '/config.php';
$pdo = db();
// 1. Get the admin user's ID
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
$stmt->execute(['admin@flexpass.local']);
$adminUser = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$adminUser) {
echo "Admin user not found. Please seed the database first (php db/seed.php).\n";
exit(1);
}
$adminId = $adminUser['id'];
echo "Found admin user ID: {$adminId}\n";
// 2. Update existing clients
try {
$updateStmt = $pdo->prepare("UPDATE clients SET user_id = ? WHERE user_id IS NULL OR user_id = ''");
$updateStmt->execute([$adminId]);
$rowCount = $updateStmt->rowCount();
echo "Updated {$rowCount} client(s) to belong to the admin user.\n";
} catch (PDOException $e) {
// This will fail if the column doesn't exist yet, which is fine.
echo "Could not update clients (the user_id column might not exist yet): " . $e->getMessage() . "\n";
}
// 3. Modify the migration to be safer
$migrationFile = __DIR__ . '/migrations/002_add_user_id_to_clients.sql';
$migrationSQL = "ALTER TABLE `clients` ADD COLUMN `user_id` CHAR(36);"; // Add as nullable first
file_put_contents($migrationFile, $migrationSQL);
echo "Migration 002 updated to be safer.\n";
?>

2
delete-client.php
View File

@ -44,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $pdo->prepare("DELETE FROM clients WHERE client_id = ? AND user_id = ?");
$stmt->execute([$clientId, $_SESSION['user_id']]);
log_audit_event('client_delete', $_SESSION['user_id'], "Client '{$client['name']}' (ID: {$clientId}) and all associated data deleted.");
log_audit_event('client_delete', $_SESSION['user_id'], 'client', $clientId);
// Using session to pass success message
$_SESSION['success_message'] = "Client '" . htmlspecialchars($client['name']) . "' and all associated data have been deleted.";

10
delete-credential.php
View File

@ -43,10 +43,14 @@ try {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['confirm_delete'])) {
try {
$stmt = $pdo->prepare("DELETE FROM credentials WHERE credential_id = ?");
$stmt->execute([$credentialId]);
$stmt = $pdo->prepare(
"DELETE c FROM credentials c " .
"JOIN clients cl ON c.client_id = cl.client_id " .
"WHERE c.credential_id = ? AND cl.user_id = ?"
);
$stmt->execute([$credentialId, $_SESSION['user_id']]);
log_audit_event('credential_delete', $_SESSION['user_id'], "Credential '{$credential['name']}' (ID: {$credentialId}) deleted.");
log_audit_event('credential_delete', $_SESSION['user_id'], 'credential', $credentialId);
header('Location: dashboard.php?client_id=' . $credential['client_id'] . '&status=credential_deleted');
exit;

2
edit-client.php
View File

@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
$stmt = $pdo->prepare("UPDATE clients SET name = ?, status = ? WHERE client_id = ? AND user_id = ?");
$stmt->execute([$name, $status, $clientId, $_SESSION['user_id']]);
log_audit_event('client_edit', $_SESSION['user_id'], "Client '{$name}' (ID: {$clientId}) updated.");
log_audit_event('client_edit', $_SESSION['user_id'], 'client', $clientId);
header('Location: dashboard.php?client_id=' . $clientId . '&status=client_updated');
exit;
} catch (PDOException $e) {

38
edit-credential.php
View File

@ -19,8 +19,12 @@ $pdo = db();
$credential_id = $_GET['credential_id'];
// Fetch the credential
$stmt = $pdo->prepare("SELECT * FROM credentials WHERE credential_id = ?");
$stmt->execute([$credential_id]);
$stmt = $pdo->prepare(
"SELECT c.* FROM credentials c " .
"JOIN clients cl ON c.client_id = cl.client_id " .
"WHERE c.credential_id = ? AND cl.user_id = ?"
);
$stmt->execute([$credential_id, $_SESSION['user_id']]);
$credential = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$credential) {
@ -43,20 +47,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (empty($name) || empty($username)) {
$error = "Credential Name and Username are required.";
} else {
// If password is not changed, don't update it
if (empty($password)) {
$updateStmt = $pdo->prepare(
"UPDATE credentials SET name = ?, username = ?, url = ?, notes = ?, updated_at = NOW() WHERE credential_id = ?"
);
$updateStmt->execute([$name, $username, $url, $notes, $credential_id]);
} else {
$updateStmt = $pdo->prepare(
"UPDATE credentials SET name = ?, username = ?, password = ?, url = ?, notes = ?, updated_at = NOW() WHERE credential_id = ?"
);
$updateStmt->execute([$name, $username, $password, $url, $notes, $credential_id]);
// To securely update, we must join against the clients table to check the user_id.
$sql = "UPDATE credentials c " .
"JOIN clients cl ON c.client_id = cl.client_id " .
"SET c.name = ?, c.username = ?, c.url = ?, c.notes = ?, c.updated_at = NOW()";
$params = [$name, $username, $url, $notes];
if (!empty($password)) {
$sql .= ", c.password = ?";
$params[] = $password;
}
log_audit_event('credential_update', $_SESSION['user_id'], 'credential', $credential_id);
$sql .= " WHERE c.credential_id = ? AND cl.user_id = ?";
$params[] = $credential_id;
$params[] = $_SESSION['user_id'];
$updateStmt = $pdo->prepare($sql);
$updateStmt->execute($params);
log_audit_event('credential_edit', $_SESSION['user_id'], 'credential', $credential_id);
// Redirect back to the client detail page with a success message
header("Location: dashboard.php?client_id=$client_id&status=credential_updated");