From f4d677bb9dd70de8f31f65b5393dea23b3349138 Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Wed, 5 Nov 2025 22:50:07 +0000 Subject: [PATCH] correzione login --- add-asset.php | 70 +++++---- db/migrations/004_create_categories_table.sql | 5 + .../005_add_category_id_to_assets.sql | 2 + index.php | 143 +++++++++++++++++- opcache_reset.php | 4 + run-migrations.php | 23 +++ 6 files changed, 213 insertions(+), 34 deletions(-) create mode 100644 db/migrations/004_create_categories_table.sql create mode 100644 db/migrations/005_add_category_id_to_assets.sql create mode 100644 opcache_reset.php create mode 100644 run-migrations.php diff --git a/add-asset.php b/add-asset.php index cdc5e1b..81ef23e 100644 --- a/add-asset.php +++ b/add-asset.php @@ -9,7 +9,7 @@ if (!can($_SESSION['user_role'], 'asset', 'create')) { } $allowed_fields_str = can($_SESSION['user_role'], 'asset', 'create'); -$allowed_fields = ($allowed_fields_str === '*') ? ['name', 'asset_tag', 'status', 'location', 'manufacturer', 'model', 'purchase_date'] : explode(',', $allowed_fields_str); +$allowed_fields = ($allowed_fields_str === '*') ? ['name', 'status', 'location', 'manufacturer', 'model', 'purchase_date'] : explode(',', $allowed_fields_str); $success_message = ''; $error_message = ''; @@ -19,28 +19,52 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $placeholders = []; $columns = []; - foreach ($allowed_fields as $field) { - if (isset($_POST[$field])) { - $data[] = $_POST[$field]; - $columns[] = $field; - $placeholders[] = '?'; + // Generate new asset tag + try { + $pdo = db(); + $stmt = $pdo->query("SELECT asset_tag FROM assets WHERE asset_tag LIKE 'ASSET-%' ORDER BY CAST(SUBSTRING(asset_tag, 7) AS UNSIGNED) DESC LIMIT 1"); + $last_asset_tag = $stmt->fetchColumn(); + + if ($last_asset_tag) { + $last_number = (int) substr($last_asset_tag, 6); + $new_number = $last_number + 1; + } else { + $new_number = 1; } + + $new_asset_tag = 'ASSET-' . str_pad($new_number, 3, '0', STR_PAD_LEFT); + + $data = [$new_asset_tag]; + $columns = ['asset_tag']; + $placeholders = '?'; + + } catch (PDOException $e) { + $error_message = 'Error generating asset tag: ' . $e->getMessage(); } - if (empty($data)) { - $error_message = 'No data submitted.'; - } else { - try { - $pdo = db(); - $sql = sprintf("INSERT INTO assets (%s) VALUES (%s)", implode(', ', $columns), implode(', ', $placeholders)); - $stmt = $pdo->prepare($sql); - $stmt->execute($data); - - header("Location: index.php?success=asset_added"); - exit; + if (empty($error_message)) { + foreach ($allowed_fields as $field) { + if (isset($_POST[$field])) { + $data[] = $_POST[$field]; + $columns[] = $field; + $placeholders[] = '?'; + } + } - } catch (PDOException $e) { - $error_message = 'Database error: ' . $e->getMessage(); + if (count($data) <= 1) { // Only asset tag is present + $error_message = 'No data submitted.'; + } else { + try { + $sql = sprintf("INSERT INTO assets (%s) VALUES (%s)", implode(', ', $columns), implode(', ', array_fill(0, count($columns), '?'))); + $stmt = $pdo->prepare($sql); + $stmt->execute($data); + + header("Location: index.php?success=asset_added"); + exit; + + } catch (PDOException $e) { + $error_message = 'Database error: ' . $e->getMessage(); + } } } } @@ -85,12 +109,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { - -
- - -
-
@@ -144,4 +162,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { feather.replace(); - \ No newline at end of file + diff --git a/db/migrations/004_create_categories_table.sql b/db/migrations/004_create_categories_table.sql new file mode 100644 index 0000000..337d45e --- /dev/null +++ b/db/migrations/004_create_categories_table.sql @@ -0,0 +1,5 @@ +CREATE TABLE IF NOT EXISTS `categories` ( + `id` INT AUTO_INCREMENT PRIMARY KEY, + `name` VARCHAR(255) NOT NULL UNIQUE, + `created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP +) ENGINE=INNODB; \ No newline at end of file diff --git a/db/migrations/005_add_category_id_to_assets.sql b/db/migrations/005_add_category_id_to_assets.sql new file mode 100644 index 0000000..1382bd5 --- /dev/null +++ b/db/migrations/005_add_category_id_to_assets.sql @@ -0,0 +1,2 @@ +ALTER TABLE `assets` ADD COLUMN `category_id` INT NULL AFTER `status`; +ALTER TABLE `assets` ADD FOREIGN KEY (`category_id`) REFERENCES `categories`(`id`) ON DELETE SET NULL; \ No newline at end of file diff --git a/index.php b/index.php index d43345b..9258757 100644 --- a/index.php +++ b/index.php @@ -7,8 +7,38 @@ require_once 'auth-helpers.php'; $allowed_fields_str = can($_SESSION['user_role'], 'asset', 'read'); $allowed_fields = $allowed_fields_str ? explode(',', $allowed_fields_str) : []; +// Function to count total assets +function count_assets($search = '', $status = '') { + $sql = "SELECT COUNT(*) FROM assets"; + $where = []; + $params = []; + + if (!empty($search)) { + $where[] = "name LIKE :search"; + $params[':search'] = "%$search%"; + } + + if (!empty($status)) { + $where[] = "status = :status"; + $params[':status'] = $status; + } + + if (!empty($where)) { + $sql .= " WHERE " . implode(' AND ', $where); + } + + try { + $pdo = db(); + $stmt = $pdo->prepare($sql); + $stmt->execute($params); + return $stmt->fetchColumn(); + } catch (PDOException $e) { + return 0; + } +} + // Function to execute query and return results -function get_assets($fields) { +function get_assets($fields, $search = '', $status = '', $limit = 10, $offset = 0, $sort_by = 'created_at', $sort_order = 'DESC') { if (empty($fields)) { return []; // No read permission } @@ -19,16 +49,70 @@ function get_assets($fields) { $select_fields = implode(', ', $fields); + $sql = "SELECT $select_fields FROM assets"; + $where = []; + $params = []; + + if (!empty($search)) { + // Assuming 'name' is a field that can be searched. + if (in_array('name', $fields)) { + $where[] = "name LIKE :search"; + $params[':search'] = "%$search%"; + } + } + + if (!empty($status)) { + if (in_array('status', $fields)) { + $where[] = "status = :status"; + $params[':status'] = $status; + } + } + + if (!empty($where)) { + $sql .= " WHERE " . implode(' AND ', $where); + } + + // Whitelist sortable columns + $sortable_columns = array_merge($fields, ['created_at']); + if (!in_array($sort_by, $sortable_columns)) { + $sort_by = 'created_at'; + } + $sort_order = strtoupper($sort_order) === 'ASC' ? 'ASC' : 'DESC'; + + $sql .= " ORDER BY $sort_by $sort_order LIMIT :limit OFFSET :offset"; + $params[':limit'] = $limit; + $params[':offset'] = $offset; + try { $pdo = db(); - $stmt = $pdo->query("SELECT $select_fields FROM assets ORDER BY created_at DESC"); + $stmt = $pdo->prepare($sql); + // Bind parameters separately to handle integer binding for LIMIT and OFFSET + foreach ($params as $key => &$val) { + if ($key === ':limit' || $key === ':offset') { + $stmt->bindParam($key, $val, PDO::PARAM_INT); + } else { + $stmt->bindParam($key, $val); + } + } + $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { return ['error' => 'Database error: ' . $e->getMessage()]; } } -$assets = get_assets($allowed_fields); +$search = $_GET['search'] ?? ''; +$status = $_GET['status'] ?? ''; +$page = isset($_GET['page']) ? (int)$_GET['page'] : 1; +$limit = 10; +$offset = ($page - 1) * $limit; +$sort_by = $_GET['sort_by'] ?? 'created_at'; +$sort_order = $_GET['sort_order'] ?? 'DESC'; + +$total_assets = count_assets($search, $status); +$total_pages = ceil($total_assets / $limit); + +$assets = get_assets($allowed_fields, $search, $status, $limit, $offset, $sort_by, $sort_order); function getStatusClass($status) { switch (strtolower($status)) { @@ -86,6 +170,23 @@ function getStatusClass($status) {
+
+
+ +
+
+ +
+
+ +
+
+
@@ -93,7 +194,7 @@ function getStatusClass($status) {

No assets found.

- +

Get started by adding your first company asset.

Add Asset @@ -103,8 +204,18 @@ function getStatusClass($status) { - - + + @@ -117,7 +228,7 @@ function getStatusClass($status) { - + @@ -125,15 +236,31 @@ function getStatusClass($status) { Edit - + + Delete +
+ + + + + + + Actions
+ +
diff --git a/opcache_reset.php b/opcache_reset.php new file mode 100644 index 0000000..ca31841 --- /dev/null +++ b/opcache_reset.php @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/run-migrations.php b/run-migrations.php new file mode 100644 index 0000000..79671b0 --- /dev/null +++ b/run-migrations.php @@ -0,0 +1,23 @@ +exec($sql); + echo "Successfully ran migration: " . basename($file) . "
"; + } catch (PDOException $e) { + echo "Error running migration: " . basename($file) . " - " . $e->getMessage() . "
"; + } +} + +// Self-destruct +unlink(__FILE__); + +echo "
All migrations have been processed. This script has been deleted.";