100 lines
3.5 KiB
PHP
100 lines
3.5 KiB
PHP
<?php
|
|
session_start();
|
|
require_once __DIR__ . '/db/config.php';
|
|
require_once __DIR__ . '/includes/audit.php';
|
|
|
|
// If user is not logged in, redirect to login page
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
$displayName = $_SESSION['user_display_name'] ?? 'User';
|
|
$credentialId = $_GET['credential_id'] ?? null;
|
|
$credential = null;
|
|
$error = '';
|
|
|
|
if (!$credentialId) {
|
|
header('Location: dashboard.php');
|
|
exit;
|
|
}
|
|
|
|
$pdo = db();
|
|
|
|
// Fetch credential data to display its name and ensure it belongs to the user.
|
|
try {
|
|
$stmt = $pdo->prepare(
|
|
"SELECT c.credential_id, c.name, c.client_id FROM credentials c " .
|
|
"JOIN clients cl ON c.client_id = cl.client_id " .
|
|
"WHERE c.credential_id = ? AND cl.user_id = ?"
|
|
);
|
|
$stmt->execute([$credentialId, $_SESSION['user_id']]);
|
|
$credential = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
if (!$credential) {
|
|
// If credential not found or doesn't belong to the user, redirect.
|
|
header('Location: dashboard.php');
|
|
exit;
|
|
}
|
|
} catch (PDOException $e) {
|
|
$error = "Error fetching credential data: " . $e->getMessage();
|
|
}
|
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (isset($_POST['confirm_delete'])) {
|
|
try {
|
|
$stmt = $pdo->prepare("DELETE FROM credentials WHERE credential_id = ?");
|
|
$stmt->execute([$credentialId]);
|
|
|
|
log_audit_event('credential_delete', $_SESSION['user_id'], "Credential '{$credential['name']}' (ID: {$credentialId}) deleted.");
|
|
|
|
header('Location: dashboard.php?client_id=' . $credential['client_id'] . '&status=credential_deleted');
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
$error = "Error deleting credential: " . $e->getMessage();
|
|
}
|
|
}
|
|
}
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Delete Credential - ClientManager</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
|
|
</head>
|
|
<body>
|
|
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
|
|
<div class="container-fluid">
|
|
<a class="navbar-brand" href="dashboard.php">ClientManager</a>
|
|
</div>
|
|
</nav>
|
|
|
|
<div class="container mt-4">
|
|
<h2>Delete Credential</h2>
|
|
|
|
<?php if ($error): ?>
|
|
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($credential): ?>
|
|
<div class="alert alert-warning">
|
|
<h4>Are you sure?</h4>
|
|
<p>This action will permanently delete the credential <strong><?php echo htmlspecialchars($credential['name']); ?></strong>.</p>
|
|
</div>
|
|
<form action="delete-credential.php?credential_id=<?php echo htmlspecialchars($credentialId); ?>" method="post">
|
|
<button type="submit" name="confirm_delete" class="btn btn-danger">Yes, Delete</button>
|
|
<a href="dashboard.php?client_id=<?php echo htmlspecialchars($credential['client_id']); ?>" class="btn btn-secondary">Cancel</a>
|
|
</form>
|
|
<?php else: ?>
|
|
<div class="alert alert-info">Credential not found or you do not have permission to delete it.</div>
|
|
<a href="dashboard.php" class="btn btn-primary">Back to Dashboard</a>
|
|
<?php endif; ?>
|
|
</div>
|
|
|
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
|
|
</body>
|
|
</html>
|