169 lines
6.8 KiB
PHP
169 lines
6.8 KiB
PHP
<?php
|
|
session_start();
|
|
require_once __DIR__ . '/db/config.php';
|
|
require_once __DIR__ . '/includes/audit.php';
|
|
|
|
// If user is not logged in, redirect to login page
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
// Check if credential_id is provided
|
|
if (!isset($_GET['credential_id'])) {
|
|
header('Location: dashboard.php');
|
|
exit;
|
|
}
|
|
|
|
$pdo = db();
|
|
$credential_id = $_GET['credential_id'];
|
|
|
|
// Fetch the credential
|
|
$stmt = $pdo->prepare(
|
|
"SELECT c.* FROM credentials c " .
|
|
"JOIN clients cl ON c.client_id = cl.client_id " .
|
|
"WHERE c.credential_id = ? AND cl.user_id = ?"
|
|
);
|
|
$stmt->execute([$credential_id, $_SESSION['user_id']]);
|
|
$credential = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$credential) {
|
|
// Credential not found
|
|
header('Location: dashboard.php');
|
|
exit;
|
|
}
|
|
|
|
$client_id = $credential['client_id']; // For redirecting back
|
|
|
|
// Handle form submission
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$name = trim($_POST['name']);
|
|
$username = trim($_POST['username']);
|
|
$password = $_POST['password']; // Don't trim password
|
|
$url = trim($_POST['url']);
|
|
$notes = trim($_POST['notes']);
|
|
|
|
// Basic validation
|
|
if (empty($name) || empty($username)) {
|
|
$error = "Credential Name and Username are required.";
|
|
} else {
|
|
// To securely update, we must join against the clients table to check the user_id.
|
|
$sql = "UPDATE credentials c " .
|
|
"JOIN clients cl ON c.client_id = cl.client_id " .
|
|
"SET c.name = ?, c.username = ?, c.url = ?, c.notes = ?, c.updated_at = NOW()";
|
|
|
|
$params = [$name, $username, $url, $notes];
|
|
|
|
if (!empty($password)) {
|
|
$sql .= ", c.password = ?";
|
|
$params[] = $password;
|
|
}
|
|
|
|
$sql .= " WHERE c.credential_id = ? AND cl.user_id = ?";
|
|
$params[] = $credential_id;
|
|
$params[] = $_SESSION['user_id'];
|
|
|
|
$updateStmt = $pdo->prepare($sql);
|
|
$updateStmt->execute($params);
|
|
|
|
log_audit_event('credential_edit', $_SESSION['user_id'], 'credential', $credential_id);
|
|
|
|
// Redirect back to the client detail page with a success message
|
|
header("Location: dashboard.php?client_id=$client_id&status=credential_updated");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$displayName = $_SESSION['user_display_name'] ?? 'User';
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en" data-bs-theme="light">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Edit Credential - FlexPass</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
|
|
<link rel="stylesheet" href="assets/css/custom.css">
|
|
</head>
|
|
<body>
|
|
|
|
<nav class="navbar navbar-expand-lg bg-body-tertiary">
|
|
<div class="container-fluid">
|
|
<a class="navbar-brand" href="dashboard.php">
|
|
<i class="bi bi-shield-lock"></i> FlexPass
|
|
</a>
|
|
<div class="collapse navbar-collapse">
|
|
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
|
|
<li class="nav-item">
|
|
<a class="nav-link" href="dashboard.php">Clients</a>
|
|
</li>
|
|
</ul>
|
|
<div class="d-flex">
|
|
<ul class="navbar-nav">
|
|
<li class="nav-item dropdown">
|
|
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
|
|
<i class="bi bi-person-circle"></i> <?php echo htmlspecialchars($displayName); ?>
|
|
</a>
|
|
<ul class="dropdown-menu dropdown-menu-end">
|
|
<li><a class="dropdown-item" href="logout.php">Logout</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</nav>
|
|
|
|
<div class="container mt-4">
|
|
<div class="row justify-content-center">
|
|
<div class="col-lg-8">
|
|
<div class="card">
|
|
<div class="card-header">
|
|
<h1 class="h4 mb-0">Edit Credential</h1>
|
|
</div>
|
|
<div class="card-body">
|
|
<?php if (isset($error)): ?>
|
|
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form action="edit-credential.php?credential_id=<?php echo htmlspecialchars($credential_id); ?>" method="POST">
|
|
<div class="mb-3">
|
|
<label for="name" class="form-label">Credential Name</label>
|
|
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($credential['name']); ?>" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="username" class="form-label">Username</label>
|
|
<input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($credential['username']); ?>" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="password" class="form-label">Password</label>
|
|
<input type="password" class="form-control" id="password" name="password" placeholder="Leave blank to keep current password">
|
|
<small class="form-text text-muted">Enter a new password only if you want to change it.</small>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="url" class="form-label">URL</label>
|
|
<input type="url" class="form-control" id="url" name="url" value="<?php echo htmlspecialchars($credential['url']); ?>">
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="notes" class="form-label">Notes</label>
|
|
<textarea class="form-control" id="notes" name="notes" rows="3"><?php echo htmlspecialchars($credential['notes']); ?></textarea>
|
|
</div>
|
|
|
|
<div class="d-flex justify-content-end">
|
|
<a href="dashboard.php?client_id=<?php echo htmlspecialchars($client_id); ?>" class="btn btn-secondary me-2">Cancel</a>
|
|
<button type="submit" class="btn btn-primary">Save Changes</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
|
|
<script src="assets/js/main.js"></script>
|
|
</body>
|
|
</html>
|