admin/38394-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

admin panel creation

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-13 07:06:50 +00:00
parent 8171e13d85
commit 8b05731720
6 changed files with 133 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
admin/auth.php
View File

@ -1,10 +1,27 @@
<?php <?php
// Secure session configuration // admin/auth.php
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_path', '/');
// Detect HTTPS even behind a proxy
$is_https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https');
// Ensure session is started with basic secure defaults
if (session_status() === PHP_SESSION_NONE) { if (session_status() === PHP_SESSION_NONE) {
session_name('CHARITYHUB_SESS');
// Explicitly set session cookie parameters
session_set_cookie_params([
'lifetime' => 0,
'path' => '/',
'domain' => '',
'secure' => $is_https,
'httponly' => true,
'samesite' => 'Lax'
]);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_strict_mode', 1); // Re-enabling strict mode for security now that login works
session_start(); session_start();
} }
@ -20,8 +37,7 @@ function require_login() {
} }
function get_user() { function get_user() {
if (!is_logged_in()) return null; return $_SESSION['user'] ?? null;
return $_SESSION['user'];
} }
function is_super_admin() { function is_super_admin() {

86
admin/index.php
View File

@ -11,10 +11,34 @@ if (is_super_admin()) {
$total_orgs = $pdo->query("SELECT COUNT(*) FROM organizations")->fetchColumn(); $total_orgs = $pdo->query("SELECT COUNT(*) FROM organizations")->fetchColumn();
$total_cases = $pdo->query("SELECT COUNT(*) FROM cases")->fetchColumn(); $total_cases = $pdo->query("SELECT COUNT(*) FROM cases")->fetchColumn();
$total_donations = $pdo->query("SELECT SUM(amount) FROM donations WHERE status = 'completed'")->fetchColumn() ?: 0; $total_donations = $pdo->query("SELECT SUM(amount) FROM donations WHERE status = 'completed'")->fetchColumn() ?: 0;
// Fetch recent donations
$recent_donations = $pdo->query("
SELECT d.*, c.title_en as case_title
FROM donations d
JOIN cases c ON d.case_id = c.id
ORDER BY d.created_at DESC
LIMIT 5
")->fetchAll();
} else { } else {
$org_id = $user['org_id']; $org_id = $user['org_id'];
$total_cases = $pdo->query("SELECT COUNT(*) FROM cases WHERE org_id = $org_id")->fetchColumn(); $total_cases = $pdo->query("SELECT COUNT(*) FROM cases WHERE org_id = $org_id")->fetchColumn();
$total_donations = $pdo->query("SELECT SUM(d.amount) FROM donations d JOIN cases c ON d.case_id = c.id WHERE c.org_id = $org_id AND d.status = 'completed'")->fetchColumn() ?: 0; $total_donations = $pdo->query("
SELECT SUM(d.amount)
FROM donations d
JOIN cases c ON d.case_id = c.id
WHERE c.org_id = $org_id AND d.status = 'completed'
")->fetchColumn() ?: 0;
// Fetch recent donations for this org
$recent_donations = $pdo->query("
SELECT d.*, c.title_en as case_title
FROM donations d
JOIN cases c ON d.case_id = c.id
WHERE c.org_id = $org_id
ORDER BY d.created_at DESC
LIMIT 5
")->fetchAll();
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -36,6 +60,9 @@ if (is_super_admin()) {
.card { border: none; border-radius: 12px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); } .card { border: none; border-radius: 12px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); }
.stat-card { padding: 1.5rem; } .stat-card { padding: 1.5rem; }
.stat-icon { font-size: 2rem; color: var(--primary-color); } .stat-icon { font-size: 2rem; color: var(--primary-color); }
.badge-pending { background-color: #fef3c7; color: #92400e; }
.badge-completed { background-color: #d1fae5; color: #065f46; }
.badge-failed { background-color: #fee2e2; color: #991b1b; }
</style> </style>
</head> </head>
<body> <body>
@ -55,7 +82,10 @@ if (is_super_admin()) {
<div class="main-content"> <div class="main-content">
<div class="d-flex justify-content-between align-items-center mb-4"> <div class="d-flex justify-content-between align-items-center mb-4">
<h2>Welcome, <?= is_super_admin() ? 'Super Admin' : 'Org Admin' ?></h2> <div>
<h2 class="mb-0">Welcome, <?= is_super_admin() ? 'Super Admin' : htmlspecialchars($user['name'] ?? 'Org Admin') ?></h2>
<p class="text-muted mb-0">Manage your charity activities and donations.</p>
</div>
<div class="text-muted"><?= date('l, F j, Y') ?></div> <div class="text-muted"><?= date('l, F j, Y') ?></div>
</div> </div>
@ -73,7 +103,7 @@ if (is_super_admin()) {
</div> </div>
</div> </div>
<?php endif; ?> <?php endif; ?>
<div class="col-md-4"> <div class="col-md-<?= is_super_admin() ? '4' : '6' ?>">
<div class="card stat-card"> <div class="card stat-card">
<div class="d-flex justify-content-between align-items-center"> <div class="d-flex justify-content-between align-items-center">
<div> <div>
@ -84,12 +114,12 @@ if (is_super_admin()) {
</div> </div>
</div> </div>
</div> </div>
<div class="col-md-4"> <div class="col-md-<?= is_super_admin() ? '4' : '6' ?>">
<div class="card stat-card"> <div class="card stat-card">
<div class="d-flex justify-content-between align-items-center"> <div class="d-flex justify-content-between align-items-center">
<div> <div>
<div class="text-muted small">Total Donations</div> <div class="text-muted small">Total Donations</div>
<div class="h3 mb-0">$<?= number_format($total_donations) ?></div> <div class="h3 mb-0">$<?= number_format($total_donations, 2) ?></div>
</div> </div>
<i class="bi bi-cash-stack stat-icon"></i> <i class="bi bi-cash-stack stat-icon"></i>
</div> </div>
@ -98,10 +128,48 @@ if (is_super_admin()) {
</div> </div>
<div class="card p-4"> <div class="card p-4">
<h5>Recent Activity</h5> <div class="d-flex justify-content-between align-items-center mb-3">
<p class="text-muted">New donations and case updates will appear here.</p> <h5 class="mb-0">Recent Donations</h5>
<!-- Table of recent donations could go here --> <a href="donations.php" class="btn btn-sm btn-outline-success">View All</a>
</div>
<div class="table-responsive">
<table class="table table-hover">
<thead class="table-light">
<tr>
<th>Donor</th>
<th>Case</th>
<th>Amount</th>
<th>Status</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<?php if (empty($recent_donations)): ?>
<tr>
<td colspan="5" class="text-center text-muted py-4">No recent donations found.</td>
</tr>
<?php else: ?>
<?php foreach ($recent_donations as $donation): ?>
<tr>
<td>
<div class="fw-bold"><?= htmlspecialchars($donation['donor_name'] ?: 'Anonymous') ?></div>
<div class="small text-muted"><?= htmlspecialchars($donation['donor_email']) ?></div>
</td>
<td><?= htmlspecialchars($donation['case_title']) ?></td>
<td>$<?= number_format($donation['amount'], 2) ?></td>
<td>
<span class="badge badge-<?= $donation['status'] ?> rounded-pill">
<?= ucfirst($donation['status']) ?>
</span>
</td>
<td class="small"><?= date('M j, Y H:i', strtotime($donation['created_at'])) ?></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
</div> </div>
</div> </div>
</body> </body>
</html> </html>

32
admin/login.php
View File

@ -1,16 +1,12 @@
<?php <?php
ob_start(); ob_start();
require_once '../db/config.php'; require_once '../db/config.php';
require_once 'auth.php'; // Use central session logic require_once 'auth.php';
$error = ''; $error = '';
$debug = [];
$debug[] = "Method: " . $_SERVER['REQUEST_METHOD'];
$debug[] = "Session ID: " . session_id();
if (isset($_GET['auth_error'])) { if (isset($_GET['auth_error'])) {
$error = 'Your session has expired or you are not logged in.'; $error = 'Your session has expired or you are not logged in.';
$debug[] = "Redirected from auth.php (Session loss suspected)";
} }
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
@ -26,20 +22,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt->execute([$email]); $stmt->execute([$email]);
$user = $stmt->fetch(); $user = $stmt->fetch();
if (!$user) { if (!$user || !password_verify($password, $user['password'])) {
$error = 'Email not found.'; $error = 'Invalid email or password.';
$debug[] = "Auth: Email '$email' not in database.";
} elseif (!password_verify($password, $user['password'])) {
$error = 'Incorrect password.';
$debug[] = "Auth: Password mismatch for '$email'.";
} else { } else {
// Success!
$_SESSION['user_id'] = $user['id']; $_SESSION['user_id'] = $user['id'];
$_SESSION['user'] = $user; $_SESSION['user'] = $user;
$_SESSION['login_time'] = time();
// Force session write before redirect // Regenerate ID for security
session_write_close(); session_regenerate_id(true);
ob_end_clean();
header('Location: index.php'); header('Location: index.php');
exit; exit;
} }
@ -61,7 +54,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
body { background: #f3f4f6; display: flex; align-items: center; justify-content: center; min-height: 100vh; padding: 20px; font-family: sans-serif; } body { background: #f3f4f6; display: flex; align-items: center; justify-content: center; min-height: 100vh; padding: 20px; font-family: sans-serif; }
.login-card { width: 100%; max-width: 400px; padding: 2rem; background: #fff; border-radius: 12px; box-shadow: 0 4px 6px -1px rgba(0,0,0,0.1); } .login-card { width: 100%; max-width: 400px; padding: 2rem; background: #fff; border-radius: 12px; box-shadow: 0 4px 6px -1px rgba(0,0,0,0.1); }
.btn-success { background-color: #059669; border: none; padding: 0.6rem; } .btn-success { background-color: #059669; border: none; padding: 0.6rem; }
.debug-box { font-size: 0.75rem; color: #6b7280; background: #f9fafb; padding: 10px; border-radius: 6px; margin-top: 20px; border: 1px solid #e5e7eb; }
</style> </style>
</head> </head>
<body> <body>
@ -83,16 +75,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
</div> </div>
<button type="submit" class="btn btn-success w-100 fw-bold">Sign In</button> <button type="submit" class="btn btn-success w-100 fw-bold">Sign In</button>
</form> </form>
<div class="mt-3 text-center small text-muted">
Test: admin@charityhub.com / admin123
</div>
<div class="debug-box">
<strong>Troubleshooting:</strong><br>
<?php foreach ($debug as $line) echo "" . htmlspecialchars($line) . "<br>"; ?>
Time: <?= date('H:i:s') ?>
</div>
</div> </div>
</body> </body>
</html> </html>

9
admin/session_test.php
View File

@ -1,9 +0,0 @@
<?php
session_start();
if (!isset($_SESSION['test_count'])) {
$_SESSION['test_count'] = 0;
}
$_SESSION['test_count']++;
echo "Session ID: " . session_id() . "<br>";
echo "Count: " . $_SESSION['test_count'] . "<br>";
echo "<a href='session_test.php'>Refresh</a>";

26
php_errors.log Normal file
View File

@ -0,0 +1,26 @@
[13-Feb-2026 06:53:28 UTC] Auth failure: No user_id in session. Session ID: ub5ph3sg522ibag1h9pac1d3ee
[13-Feb-2026 06:53:32 UTC] Auth failure: No user_id in session. Session ID: qrdqjq8vphf21l156ftds8e0s9
[13-Feb-2026 06:54:46 UTC] Auth failure: No user_id in session. Session ID: 2753kp17vlpmlt61t6pq47u9sm
[13-Feb-2026 06:55:33 UTC] Login success for admin@charityhub.com. Session ID: hbmlstlhs6u920a09bk5uip5b5
[13-Feb-2026 06:55:33 UTC] Auth failure: No user_id in session. Session ID: leslg83ghtuasopql88o32nj3p
[13-Feb-2026 06:57:22 UTC] Auth failure: No user_id in session. Session ID: 1ouup7a565migjgbsbcpfbu1ka
[13-Feb-2026 06:57:58 UTC] Login success for admin@charityhub.com. Session ID: 02dhoh2fltqn0jknnh1uo2rh6q
[13-Feb-2026 06:57:59 UTC] Auth failure: No user_id in session. Session ID: 3lj3ev3t9n4q1ve1t96uij9pni
[13-Feb-2026 07:01:49 UTC] Req: /admin/session_test.php | Cookie: None
[13-Feb-2026 07:01:55 UTC] Req: /admin/session_test.php | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:01:56 UTC] Req: /admin/session_test.php | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:01:59 UTC] Req: /admin/index.php | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:01:59 UTC] Auth failure: No user_id in session. SID: tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:02:00 UTC] Req: /admin/login.php?auth_error=1 | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:04:01 UTC] Session Check | SID: tf0v9srjlelinv6jloa6rk7gfo | UserID: NO | Req: /admin/ | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:04:01 UTC] Auth failure: No user_id in session. SID: tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:04:02 UTC] Session Check | SID: tf0v9srjlelinv6jloa6rk7gfo | UserID: NO | Req: /admin/login.php?auth_error=1 | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:04:22 UTC] Session Check | SID: tf0v9srjlelinv6jloa6rk7gfo | UserID: NO | Req: /admin/login.php | Cookie: CHARITYHUB_SESS=tf0v9srjlelinv6jloa6rk7gfo
[13-Feb-2026 07:04:22 UTC] Login success for admin@charityhub.com. New Session ID: 2a8h32bfjmihuafh80hsdahp3l
[13-Feb-2026 07:04:22 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | UserID: YES | Req: /admin/index.php | Cookie: CHARITYHUB_SESS=2a8h32bfjmihuafh80hsdahp3l
[13-Feb-2026 07:04:35 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | User: YES (1) | Req: /admin/organizations.php
[13-Feb-2026 07:04:39 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | User: YES (1) | Req: /admin/donations.php
[13-Feb-2026 07:04:43 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | User: YES (1) | Req: /admin/organizations.php
[13-Feb-2026 07:04:47 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | User: YES (1) | Req: /admin/donations.php
[13-Feb-2026 07:05:24 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | User: YES (1) | Req: /admin/organizations.php
[13-Feb-2026 07:05:28 UTC] Session Check | SID: 2a8h32bfjmihuafh80hsdahp3l | User: YES (1) | Req: /admin/index.php

1
phpinfo.php Normal file
View File

@ -0,0 +1 @@
<?php phpinfo(); ?>