38438-vm/system_preferences.php

<?php
/**
 * System Preferences - Manage Password Requirements and Security
 */
declare(strict_types=1);
require_once __DIR__ . '/db/config.php';

$tenant_id = 1;

// Handle Form Submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $prefs = [
        'pwd_min_length' => $_POST['pwd_min_length'] ?? '8',
        'pwd_require_upper' => isset($_POST['pwd_require_upper']) ? '1' : '0',
        'pwd_require_lower' => isset($_POST['pwd_require_lower']) ? '1' : '0',
        'pwd_require_numbers' => isset($_POST['pwd_require_numbers']) ? '1' : '0',
        'pwd_no_common_words' => isset($_POST['pwd_no_common_words']) ? '1' : '0'
    ];

    foreach ($prefs as $key => $val) {
        $stmt = db()->prepare("INSERT INTO system_preferences (tenant_id, pref_key, pref_value) VALUES (?, ?, ?) 
                                ON DUPLICATE KEY UPDATE pref_value = VALUES(pref_value)");
        $stmt->execute([$tenant_id, $key, $val]);
    }

    $stmt = db()->prepare("INSERT INTO activity_log (tenant_id, action, details) VALUES (?, ?, ?)");
    $stmt->execute([$tenant_id, 'Settings Updated', 'Updated system preferences and password requirements']);

    header("Location: system_preferences.php?success=1");
    exit;
}

// Fetch current preferences
$stmt = db()->prepare("SELECT pref_key, pref_value FROM system_preferences WHERE tenant_id = ?");
$stmt->execute([$tenant_id]);
$prefs = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);

$pageTitle = "SR&ED Manager - System Preferences";
include __DIR__ . '/includes/header.php';
?>

<div class="container-fluid py-4">
    <div class="row justify-content-center">
        <div class="col-lg-8">
            <div class="d-flex justify-content-between align-items-center mb-4">
                <h2 class="fw-bold mb-0">System Preferences</h2>
                <?php if (isset($_GET['success'])): ?>
                    <span class="badge bg-success py-2 px-3">Preferences saved successfully</span>
                <?php endif; ?>
            </div>

            <form method="POST">
                <div class="card border-0 shadow-sm mb-4">
                    <div class="card-header bg-white py-3">
                        <h5 class="mb-0 fw-bold">Password Requirements</h5>
                    </div>
                    <div class="card-body">
                        <div class="row mb-4">
                            <div class="col-md-6">
                                <label class="form-label fw-bold small">Minimum Characters</label>
                                <input type="number" name="pwd_min_length" class="form-control" value="<?= htmlspecialchars($prefs['pwd_min_length'] ?? '8') ?>" min="4" max="32">
                                <div class="form-text extra-small text-muted">Passwords shorter than this will be rejected.</div>
                            </div>
                        </div>

                        <div class="row g-3">
                            <div class="col-md-6">
                                <div class="form-check form-switch p-3 border rounded">
                                    <input class="form-check-input ms-0 me-2" type="checkbox" name="pwd_require_upper" id="reqUpper" <?= ($prefs['pwd_require_upper'] ?? '1') === '1' ? 'checked' : '' ?>>
                                    <label class="form-check-label fw-bold small" for="reqUpper">Require Uppercase Letters</label>
                                </div>
                            </div>
                            <div class="col-md-6">
                                <div class="form-check form-switch p-3 border rounded">
                                    <input class="form-check-input ms-0 me-2" type="checkbox" name="pwd_require_lower" id="reqLower" <?= ($prefs['pwd_require_lower'] ?? '1') === '1' ? 'checked' : '' ?>>
                                    <label class="form-check-label fw-bold small" for="reqLower">Require Lowercase Letters</label>
                                </div>
                            </div>
                            <div class="col-md-6">
                                <div class="form-check form-switch p-3 border rounded">
                                    <input class="form-check-input ms-0 me-2" type="checkbox" name="pwd_require_numbers" id="reqNumbers" <?= ($prefs['pwd_require_numbers'] ?? '1') === '1' ? 'checked' : '' ?>>
                                    <label class="form-check-label fw-bold small" for="reqNumbers">Require Numbers</label>
                                </div>
                            </div>
                            <div class="col-md-6">
                                <div class="form-check form-switch p-3 border rounded">
                                    <input class="form-check-input ms-0 me-2" type="checkbox" name="pwd_no_common_words" id="noCommon" <?= ($prefs['pwd_no_common_words'] ?? '1') === '1' ? 'checked' : '' ?>>
                                    <label class="form-check-label fw-bold small" for="noCommon">Don't Allow Common Words</label>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>

                <div class="card border-0 shadow-sm mb-4">
                    <div class="card-header bg-white py-3">
                        <h5 class="mb-0 fw-bold">Authentication & 2FA</h5>
                    </div>
                    <div class="card-body">
                        <p class="text-muted small mb-0">2FA settings are currently managed per-user in the Employee management section. Telephone numbers provided there will be used for SMS-based verification factors.</p>
                    </div>
                </div>

                <div class="d-flex justify-content-end gap-2">
                    <a href="settings.php" class="btn btn-light px-4">Cancel</a>
                    <button type="submit" class="btn btn-primary px-4">Save Preferences</button>
                </div>
            </form>
        </div>
    </div>
</div>

<?php include __DIR__ . '/includes/footer.php'; ?>