From b5c30c0773d1e652c8a6b0c1858df043b8570310 Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Thu, 25 Sep 2025 20:21:56 +0000 Subject: [PATCH] 0001 --- assets/js/main.js | 29 ------ dashboard.php | 143 +++++++++++++++++++++++++-- db/migrate.php | 33 +++++++ db/migrations/001_initial_schema.sql | 69 +++++++++++++ db/seed.php | 59 +++++++++++ index.php | 66 ++++++++++++- logout.php | 23 +++++ 7 files changed, 381 insertions(+), 41 deletions(-) create mode 100644 db/migrate.php create mode 100644 db/migrations/001_initial_schema.sql create mode 100644 db/seed.php create mode 100644 logout.php diff --git a/assets/js/main.js b/assets/js/main.js index 32005d2..e69de29 100644 --- a/assets/js/main.js +++ b/assets/js/main.js @@ -1,29 +0,0 @@ - -document.addEventListener('DOMContentLoaded', function () { - const loginForm = document.getElementById('loginForm'); - - if (loginForm) { - loginForm.addEventListener('submit', function (event) { - event.preventDefault(); - const email = document.getElementById('email').value; - const password = document.getElementById('password').value; - - // Basic client-side validation - if (!email || !password) { - alert('Please enter both email and password.'); - return; - } - - // Simple email format check - const emailRegex = /^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/; - if (!emailRegex.test(email)) { - alert('Please enter a valid email address.'); - return; - } - - // On success, simulate login - console.log('Login validation passed. Redirecting...'); - window.location.href = 'dashboard.php'; - }); - } -}); diff --git a/dashboard.php b/dashboard.php index 1bea2d5..3829e04 100644 --- a/dashboard.php +++ b/dashboard.php @@ -1,21 +1,146 @@ - prepare("SELECT * FROM clients WHERE client_id = ?"); + $stmt->execute([$_GET['client_id']]); + $viewingClient = $stmt->fetch(PDO::FETCH_ASSOC); + // TODO: Fetch credentials and notes for the client +} else { + $stmt = $pdo->query("SELECT * FROM clients ORDER BY name ASC"); + $clients = $stmt->fetchAll(PDO::FETCH_ASSOC); +} + ?> - + Dashboard - FlexPass - + + -
-

Welcome to FlexPass

-

You have successfully logged in.

- Logout + + + +
+ + +
+ Back to Client List + +
+ +
+
+

+ + +

+
+
+

Status:

+ +
+ +

Credentials

+

Credentials management coming soon.

+ + +
+ +

Notes

+

Notes timeline coming soon.

+ +
+
+ + + +
+

Clients

+ +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
Client IDNameStatusActions
+ View +
No clients found.
+
+
+ +
+ + + - + \ No newline at end of file diff --git a/db/migrate.php b/db/migrate.php new file mode 100644 index 0000000..808d590 --- /dev/null +++ b/db/migrate.php @@ -0,0 +1,33 @@ +exec($sql); + echo "Success.\n"; + } catch (PDOException $e) { + echo "Error executing migration " . basename($file) . ": " . $e->getMessage() . "\n"; + // Exit on first error + return false; + } + } + return true; +} + +if (php_sapi_name() === 'cli') { + run_migrations(); +} + +?> \ No newline at end of file diff --git a/db/migrations/001_initial_schema.sql b/db/migrations/001_initial_schema.sql new file mode 100644 index 0000000..4ca1c99 --- /dev/null +++ b/db/migrations/001_initial_schema.sql @@ -0,0 +1,69 @@ + +CREATE TABLE IF NOT EXISTS `users` ( + `id` char(36) NOT NULL DEFAULT (uuid()), + `email` varchar(255) NOT NULL, + `display_name` varchar(255) DEFAULT NULL, + `role` enum('Admin','TechTeam') NOT NULL, + `status` enum('active','disabled') NOT NULL DEFAULT 'active', + `password_enc` varchar(255) NOT NULL, + `mfa_enabled` tinyint(1) NOT NULL DEFAULT '0', + `last_login_at` datetime DEFAULT NULL, + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`id`), + UNIQUE KEY `email` (`email`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE IF NOT EXISTS `clients` ( + `client_id` varchar(4) NOT NULL, + `name` varchar(255) DEFAULT NULL, + `status` enum('active','inactive') NOT NULL DEFAULT 'active', + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`client_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE IF NOT EXISTS `credentials` ( + `id` char(36) NOT NULL DEFAULT (uuid()), + `client_id` varchar(4) NOT NULL, + `system_name` varchar(255) NOT NULL, + `username` varchar(255) NOT NULL, + `password_enc` text NOT NULL, + `additional_fields` json DEFAULT NULL, + `tags` json DEFAULT NULL, + `rotation_due_at` datetime DEFAULT NULL, + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`id`), + KEY `client_id` (`client_id`), + CONSTRAINT `credentials_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `clients` (`client_id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE IF NOT EXISTS `notes` ( + `id` char(36) NOT NULL DEFAULT (uuid()), + `client_id` varchar(4) NOT NULL, + `user_id` char(36) NOT NULL, + `text` text NOT NULL, + `pinned` tinyint(1) NOT NULL DEFAULT '0', + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`id`), + KEY `client_id` (`client_id`), + KEY `user_id` (`user_id`), + CONSTRAINT `notes_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `clients` (`client_id`) ON DELETE CASCADE, + CONSTRAINT `notes_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE IF NOT EXISTS `audit_events` ( + `id` char(36) NOT NULL DEFAULT (uuid()), + `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `actor_user_id` char(36) DEFAULT NULL, + `action` varchar(255) NOT NULL, + `entity_type` varchar(255) DEFAULT NULL, + `entity_id` varchar(255) DEFAULT NULL, + `client_id` varchar(4) DEFAULT NULL, + `metadata` json DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `actor_user_id` (`actor_user_id`), + KEY `client_id_idx` (`client_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/db/seed.php b/db/seed.php new file mode 100644 index 0000000..d9ad95e --- /dev/null +++ b/db/seed.php @@ -0,0 +1,59 @@ +prepare("SELECT id FROM users WHERE email = ?"); + $stmt->execute([$email]); + if ($stmt->fetch()) { + echo "Admin user already exists.\n"; + } else { + $stmt = $pdo->prepare("INSERT INTO users (email, password_enc, role, display_name) VALUES (?, ?, 'Admin', 'Admin User')"); + $stmt->execute([$email, $hashedPassword]); + echo "Admin user created successfully.\n"; + echo "Email: " . $email . "\n"; + echo "Password: " . $password . "\n"; + } + } catch (PDOException $e) { + echo "Error seeding database: " . $e->getMessage() . "\n"; + return false; + } + + // Seed clients + try { + $stmt = $pdo->query("SELECT count(*) FROM clients"); + if ($stmt->fetchColumn() > 0) { + echo "Clients table already seeded.\n"; + } else { + $clients = [ + ['1001', 'Stark Industries', 'active'], + ['1002', 'Wayne Enterprises', 'active'], + ['1003', 'Cyberdyne Systems', 'inactive'], + ]; + $stmt = $pdo->prepare("INSERT INTO clients (client_id, name, status) VALUES (?, ?, ?)"); + foreach ($clients as $client) { + $stmt->execute($client); + } + echo "Seeded " . count($clients) . " clients.\n"; + } + } catch (PDOException $e) { + echo "Error seeding clients: " . $e->getMessage() . "\n"; + return false; + } + + + return true; +} + +if (php_sapi_name() === 'cli') { + seed_database(); +} +?> diff --git a/index.php b/index.php index 080de27..03e5544 100644 --- a/index.php +++ b/index.php @@ -1,3 +1,57 @@ +prepare("SELECT * FROM users WHERE email = ?"); + $stmt->execute([$email]); + $user = $stmt->fetch(); + + if ($user && password_verify($password, $user['password_enc'])) { + if ($user['status'] === 'active') { + $_SESSION['user_id'] = $user['id']; + $_SESSION['user_email'] = $user['email']; + $_SESSION['user_role'] = $user['role']; + $_SESSION['user_display_name'] = $user['display_name']; + + // Regenerate session ID to prevent session fixation + session_regenerate_id(true); + + // Update last login timestamp + $updateStmt = $pdo->prepare("UPDATE users SET last_login_at = CURRENT_TIMESTAMP WHERE id = ?"); + $updateStmt->execute([$user['id']]); + + header('Location: dashboard.php'); + exit; + } else { + $error_message = 'Your account is disabled. Please contact an administrator.'; + } + } else { + $error_message = 'Invalid email or password.'; + } + } catch (PDOException $e) { + // In a real app, you would log this error. + $error_message = 'A database error occurred. Please try again later.'; + } + } +} +?> @@ -30,14 +84,20 @@

FlexPass

HIPAA-Ready Credential Vault

-
+ + + + +
- +
- +
diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..d021a83 --- /dev/null +++ b/logout.php @@ -0,0 +1,23 @@ + \ No newline at end of file