admin/35273-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v4

Browse Source
This commit is contained in:
Flatlogic Bot 2025-10-27 13:06:57 +00:00
parent a3fa722e5f
commit 734d16aa81
11 changed files with 342 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
analysis.php
View File

@ -104,7 +104,23 @@ if (!isset($_SESSION['user_email'])) {
<?php
try {
$pdo = db();
$stmt = $pdo->query('SELECT id, original_filename, upload_time, status, uploaded_by FROM uploaded_files ORDER BY upload_time DESC');
$sql = 'SELECT id, original_filename, upload_time, status, uploaded_by FROM uploaded_files';
if ($_SESSION['user_role'] !== 'admin') {
$sql .= ' WHERE user_id = ?';
}
$sql .= ' ORDER BY upload_time DESC';
$stmt = $pdo->prepare($sql);
if ($_SESSION['user_role'] !== 'admin') {
$stmt->execute([$_SESSION['user_id']]);
} else {
$stmt->execute();
}
$files = $stmt->fetchAll();
if (empty($files)):

2
dashboard.php
View File

@ -13,7 +13,7 @@ if (!isset($_SESSION['user_email'])) {
<div class="row">
<div class="col-12">
<div class="alert alert-success">
<strong>Welcome, <?php echo htmlspecialchars($_SESSION[''''user_email''']); ?>!</strong> You are now logged in.
<strong>Welcome, <?php echo htmlspecialchars($_SESSION['user_email']); ?>!</strong> You are now logged in.
</div>
<div class="card">
<div class="card-header">

7
db/migrations/002_create_users_table.sql Normal file
View File

@ -0,0 +1,7 @@
CREATE TABLE IF NOT EXISTS `users` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`email` VARCHAR(255) NOT NULL UNIQUE,
`password` VARCHAR(255) NOT NULL,
`role` VARCHAR(50) NOT NULL DEFAULT 'user',
`created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

3
db/migrations/003_add_user_id_to_uploaded_files.sql Normal file
View File

@ -0,0 +1,3 @@
ALTER TABLE `uploaded_files`
ADD COLUMN `user_id` INT,
ADD CONSTRAINT `fk_user_id` FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON DELETE SET NULL;

119
edit_user.php Normal file
View File

@ -0,0 +1,119 @@
<?php
require_once 'config.php';
require_once 'db/config.php';
// Admin-only access
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
header('Location: dashboard.php');
exit;
}
$pdo = db();
$feedback = [];
$userId = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if (!$userId) {
header('Location: users.php');
exit;
}
// Handle Update User
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update') {
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$role = $_POST['role'];
$password = $_POST['password']; // New password
$postedUserId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
if (!$email || !in_array($role, ['user', 'admin']) || $postedUserId != $userId) {
$feedback = ['type' => 'danger', 'message' => 'Invalid input. Please check all fields.'];
} else {
// Prevent admin from changing their own role if they are the last admin
if ($userId == $_SESSION['user_id'] && $role !== 'admin') {
$stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE role = 'admin'");
$stmt->execute();
$adminCount = $stmt->fetchColumn();
if ($adminCount <= 1) {
$feedback = ['type' => 'danger', 'message' => 'You cannot change your role as you are the only admin.'];
}
}
if (empty($feedback)) {
$sql = "UPDATE users SET email = ?, role = ?";
$params = [$email, $role];
if (!empty($password)) {
$sql .= ", password = ?";
$params[] = password_hash($password, PASSWORD_DEFAULT);
}
$sql .= " WHERE id = ?";
$params[] = $userId;
$stmt = $pdo->prepare($sql);
if ($stmt->execute($params)) {
header('Location: users.php?update=success');
exit;
} else {
$feedback = ['type' => 'danger', 'message' => 'Failed to update user.'];
}
}
}
}
// Fetch user data
$stmt = $pdo->prepare("SELECT id, email, role FROM users WHERE id = ?");
$stmt->execute([$userId]);
$user = $stmt->fetch();
if (!$user) {
header('Location: users.php');
exit;
}
include 'header.php';
?>
<div class="container py-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="text-primary">Edit User</h1>
<a href="users.php" class="btn btn-outline-secondary">Back to User List</a>
</div>
<?php if (!empty($feedback)):
?>
<div class="alert alert-<?php echo htmlspecialchars($feedback['type']); ?> alert-dismissible fade show" role="alert">
<?php echo htmlspecialchars($feedback['message']); ?>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<?php endif; ?>
<div class="card shadow-sm">
<div class="card-header bg-light">
<h5 class="mb-0">Editing User: <?php echo htmlspecialchars($user['email']); ?></h5>
</div>
<div class="card-body">
<form action="edit_user.php?id=<?php echo $user['id']; ?>" method="POST">
<input type="hidden" name="action" value="update">
<input type="hidden" name="user_id" value="<?php echo $user['id']; ?>">
<div class="mb-3">
<label for="email" class="form-label">Email</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>
</div>
<div class="mb-3">
<label for="role" class="form-label">Role</label>
<select class="form-select" id="role" name="role">
<option value="user" <?php if ($user['role'] === 'user') echo 'selected'; ?>>User</option>
<option value="admin" <?php if ($user['role'] === 'admin') echo 'selected'; ?>>Admin</option>
</select>
</div>
<div class="mb-3">
<label for="password" class="form-label">New Password</label>
<input type="password" class="form-control" id="password" name="password" placeholder="Leave blank to keep current password">
</div>
<button type="submit" class="btn btn-primary">Update User</button>
</form>
</div>
</div>
</div>
<?php include 'footer.php'; ?>

2
footer.php
View File

@ -1,6 +1,6 @@
<footer class="footer mt-auto py-3 bg-light">
<div class="container text-center">
<span class="text-muted">© <?php echo date("Y"); ?> E-PRTR+LCP Integrated Data Reporting. All rights reserved.</span>
<span class="text-muted">© <?php echo date("Y"); ?> IEPR Integrated Data Reporting. All rights reserved.</span>
</div>
</footer>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>

9
header.php
View File

@ -6,7 +6,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Integrated Environmental Management System</title>
<meta name="description" content="Built with Flatlogic Generator">
<meta name="keywords" content="E-PRTR, LCP, data reporting, environmental pollutants, emissions, Industrial Emissions Directive, IED, data model, XML submission, environmental data, EU regulations, Built with Flatlogic Generator">
<meta name="keywords" content="IEPR, data reporting, environmental pollutants, emissions, Industrial Emissions Directive, IED, data model, XML submission, environmental data, EU regulations, Built with Flatlogic Generator">
<meta property="og:title" content="Integrated Environmental Management System">
<meta property="og:description" content="Built with Flatlogic Generator">
<meta property="og:image" content="">
@ -24,7 +24,7 @@
<div class="container">
<a class="navbar-brand" href="index.php" style="font-family: 'Montserrat', sans-serif; color: #005bac;">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-shield-check d-inline-block align-text-top me-2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"></path><polyline points="9 12 11 14 15 10"></polyline></svg>
E-PRTR+LCP
IEPR
</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
@ -38,6 +38,11 @@
<li class="nav-item">
<a class="nav-link" href="dashboard.php">Dashboard</a>
</li>
<?php if (isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin'): ?>
<li class="nav-item">
<a class="nav-link" href="users.php">User Management</a>
</li>
<?php endif; ?>
<li class="nav-item">
<a class="nav-link" href="index.php?logout=1">Logout</a>
</li>

10
index.php
View File

@ -12,12 +12,20 @@ if (isset($_GET['logout'])) {
<main class="container mt-5 flex-grow-1">
<div class="p-5 mb-4 bg-white rounded-3 shadow-sm border">
<div class="container-fluid py-5">
<h1 class="display-5 fw-bold">E-PRTR+LCP Integrated Data Reporting</h1>
<h1 class="display-5 fw-bold">IEPR Integrated Data Reporting</h1>
<p class="col-md-8 fs-4">A comprehensive system for reporters, validators, and analysts to manage environmental data submissions under EU regulations.</p>
<a href="login.php" class="btn btn-primary btn-lg">Login & Get Started</a>
</div>
</div>
<div class="p-5 mb-4 bg-light rounded-3 shadow-sm border">
<div class="container-fluid py-3">
<h2 class="display-6 fw-bold">Transition to the Industrial Emissions Portal Regulation (IEPR)</h2>
<p class="col-md-12 fs-5">The European Union has updated its regulations on environmental data reporting, replacing the former European Pollutant Release and Transfer Register (E-PRTR) with the new Industrial Emissions Portal Regulation (IEPR). This new regulation aims to enhance public access to environmental information and streamline the reporting process for industrial facilities.</p>
<p class="col-md-12 fs-5">Our platform has been fully updated to align with the IEPR requirements. All data submission, validation, and analysis tools are now compliant with the new format, ensuring a seamless transition for all users.</p>
</div>
</div>
<div class="row align-items-md-stretch">
<div class="col-md-6 mb-4">
<div class="h-100 p-5 text-white rounded-3" style="background-color: #005bac;">

18
login.php
View File

@ -12,11 +12,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Please enter a valid email address.';
} else {
// In a real application, you would validate credentials against a database.
// For this demo, we'll just simulate a successful login.
$_SESSION['user_email'] = $email;
require_once 'db/config.php';
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => $email]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_email'] = $user['email'];
$_SESSION['user_role'] = $user['role'];
header('Location: dashboard.php');
exit;
} else {
$error = 'Invalid credentials.';
}
}
}
?>
@ -29,7 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<h3 class="my-4">Login</h3>
</div>
<div class="card-body p-4">
<p class="text-center text-muted mb-4">Access your E-PRTR+LCP account</p>
<p class="text-center text-muted mb-4">Access your IEPR account</p>
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>

6
upload.php
View File

@ -45,9 +45,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xmlfile'])) {
try {
$pdo = db();
$stmt = $pdo->prepare(
'INSERT INTO uploaded_files (original_filename, new_filename, uploaded_by) VALUES (?, ?, ?)'
'INSERT INTO uploaded_files (original_filename, new_filename, uploaded_by, user_id) VALUES (?, ?, ?, ?)'
);
$stmt->execute([$original_filename, $new_filename, $_SESSION['user_email']]);
$stmt->execute([$original_filename, $new_filename, $_SESSION['user_email'], $_SESSION['user_id']]);
$message = '<strong>Success!</strong> Your file "' . htmlspecialchars($original_filename) . '" has been uploaded and is pending validation.';
$message_type = 'success';
} catch (PDOException $e) {
@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xmlfile'])) {
<h2>Submit a new Report</h2>
</div>
<div class="card-body">
<p class="card-text">Please select the E-PRTR XML report file you wish to submit. The file will be validated against the required schema before being processed.</p>
<p class="card-text">Please select the IEPR XML report file you wish to submit. The file will be validated against the required schema before being processed.</p>
<?php if ($message): ?>
<div class="alert alert-<?php echo $message_type; ?>">

159
users.php Normal file
View File

@ -0,0 +1,159 @@
<?php
require_once 'config.php';
require_once 'db/config.php';
// Admin-only access
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
header('Location: dashboard.php');
exit;
}
$pdo = db();
$feedback = [];
if (isset($_GET['update']) && $_GET['update'] === 'success') {
$feedback = ['type' => 'success', 'message' => 'User updated successfully.'];
}
// Handle Create User
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'create') {
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$password = $_POST['password'];
$role = $_POST['role'];
if (!$email || empty($password) || !in_array($role, ['user', 'admin'])) {
$feedback = ['type' => 'danger', 'message' => 'Invalid input. Please check all fields.'];
} else {
// Check if user already exists
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
$stmt->execute([$email]);
if ($stmt->fetch()) {
$feedback = ['type' => 'danger', 'message' => 'User with this email already exists.'];
} else {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (email, password, role) VALUES (?, ?, ?)");
if ($stmt->execute([$email, $hashedPassword, $role])) {
$feedback = ['type' => 'success', 'message' => 'User created successfully.'];
} else {
$feedback = ['type' => 'danger', 'message' => 'Failed to create user.'];
}
}
}
}
// Handle Delete User
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'delete') {
$userId = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
// Prevent admin from deleting themselves
if ($userId && $userId != $_SESSION['user_id']) {
$stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
if ($stmt->execute([$userId])) {
$feedback = ['type' => 'success', 'message' => 'User deleted successfully.'];
} else {
$feedback = ['type' => 'danger', 'message' => 'Failed to delete user.'];
}
} else {
$feedback = ['type' => 'danger', 'message' => 'Invalid request or you cannot delete your own account.'];
}
}
$stmt = $pdo->query("SELECT id, email, role, created_at FROM users ORDER BY created_at DESC");
$users = $stmt->fetchAll();
include 'header.php';
?>
<div class="container py-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="text-primary">User Management</h1>
<a href="dashboard.php" class="btn btn-outline-secondary">Back to Dashboard</a>
</div>
<?php if (!empty($feedback)): ?>
<div class="alert alert-<?php echo htmlspecialchars($feedback['type']); ?> alert-dismissible fade show" role="alert">
<?php echo htmlspecialchars($feedback['message']); ?>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<?php endif; ?>
<!-- Create User Form -->
<div class="card shadow-sm mb-4">
<div class="card-header bg-light">
<h5 class="mb-0">Create New User</h5>
</div>
<div class="card-body">
<form action="users.php" method="POST">
<input type="hidden" name="action" value="create">
<div class="row">
<div class="col-md-4 mb-3">
<label for="email" class="form-label">Email</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<div class="col-md-3 mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="col-md-3 mb-3">
<label for="role" class="form-label">Role</label>
<select class="form-select" id="role" name="role">
<option value="user" selected>User</option>
<option value="admin">Admin</option>
</select>
</div>
<div class="col-md-2 d-flex align-items-end">
<button type="submit" class="btn btn-primary w-100">Create User</button>
</div>
</div>
</form>
</div>
</div>
<div class="card shadow-sm">
<div class="card-header bg-light">
<h5 class="mb-0">All Users</h5>
</div>
<div class="card-body">
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead class="table-light">
<tr>
<th>ID</th>
<th>Email</th>
<th>Role</th>
<th>Registered At</th>
<th class="text-end">Actions</th>
</tr>
</thead>
<tbody>
<?php if (empty($users)):
?>
<tr>
<td colspan="5" class="text-center text-muted">No users found.</td>
</tr>
<?php else: ?>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['id']); ?></td>
<td><?php echo htmlspecialchars($user['email']); ?></td>
<td><span class="badge bg-secondary"><?php echo htmlspecialchars($user['role']); ?></span></td>
<td><?php echo htmlspecialchars(date('Y-m-d H:i', strtotime($user['created_at']))); ?></td>
<td class="text-end">
<a href="edit_user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
<form action="users.php" method="POST" class="d-inline" onsubmit="return confirm('Are you sure you want to delete this user?');">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="user_id" value="<?php echo $user['id']; ?>">
<button type="submit" class="btn btn-sm btn-outline-danger" <?php if($user['id'] == $_SESSION['user_id']) echo 'disabled'; ?>>Delete</button>
</form>
</td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<?php include 'footer.php'; ?>