-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathfunctions.php
More file actions
303 lines (254 loc) · 10.6 KB
/
Copy pathfunctions.php
File metadata and controls
303 lines (254 loc) · 10.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// Start the session
session_start();
// Check if the user is logged in
if (!isset($_SESSION['user_id'])) {
// Redirect to the login page if the user is not logged in
header('Location: index.php');
exit();
}
// Get the logged-in user's user_id and role from session
$user_id = $_SESSION['user_id'];
$role = $_SESSION['role'];
// Display Success Message if exists
if (isset($_SESSION['success_message'])) {
$success_message = $_SESSION['success_message'];
unset($_SESSION['success_message']);
}
// Display Error Message if exists
if (isset($error_message)) {
echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">';
echo htmlspecialchars($error_message);
echo '<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>';
echo '</div>';
}
// Pagination settings
$limit = 10; // Default rows per page
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1; // Get the page number from the URL, default is 1
$offset = ($page - 1) * $limit; // Calculate the offset for the SQL query
// Initialize $search with a default value
$search = isset($_GET['search']) ? $_GET['search'] : '';
// SQL query to get the total number of credentials for pagination
$countSql = "SELECT COUNT(*) FROM credentials c WHERE c.user_id = :user_id";
if ($search) {
$countSql .= " AND c.name LIKE :search";
}
$countStmt = $pdo->prepare($countSql);
$countStmt->bindValue(':user_id', $user_id, PDO::PARAM_INT);
if ($search) {
$countStmt->bindValue(':search', '%' . $search . '%', PDO::PARAM_STR);
}
$countStmt->execute();
$totalCredentials = $countStmt->fetchColumn();
$totalPages = ceil($totalCredentials / $limit); // Calculate total number of pages
// Fetch credentials data for displaying with pagination and optional search
$sql = "SELECT c.*, u.first_name, u.second_name
FROM credentials c
JOIN users u ON c.user_id = u.user_id
ORDER BY name ASC";
if ($search) {
$sql .= " WHERE c.name LIKE :search"; // Add search filter
}
$sql .= " LIMIT :limit OFFSET :offset"; // Apply pagination
$stmt = $pdo->prepare($sql);
if ($search) {
$stmt->bindValue(':search', '%' . $search . '%', PDO::PARAM_STR);
}
$stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->execute();
$credentials = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Functions
// Function to calculate days since last update
function calculateDaysOld($updatedAt) {
$updatedDate = new DateTime($updatedAt);
$currentDate = new DateTime();
$interval = $updatedDate->diff($currentDate);
return $interval->days; // Returns the number of days since the last update
}
// Flag to check if any credential needs to be updated
$showUpdateCard = false;
// Loop through credentials to check if any needs updating
foreach ($credentials as $credential) {
$daysOld = calculateDaysOld($credential['updated_at']);
if ($daysOld > 90) {
$showUpdateCard = true;
break; // Exit the loop as we found at least one credential that needs updating
}
}
// Encryption and Decryption functions
function encryptPassword($password) {
$key = 'your-secret-key'; // Replace with a secure key
$cipher = 'AES-128-CBC';
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$encrypted = openssl_encrypt($password, $cipher, $key, 0, $iv);
return base64_encode($iv . $encrypted);
}
function decryptPassword($encryptedPassword) {
$key = 'your-secret-key'; // Replace with a secure key
$cipher = 'AES-128-CBC';
$encryptedPassword = base64_decode($encryptedPassword);
$ivlen = openssl_cipher_iv_length($cipher);
$iv = substr($encryptedPassword, 0, $ivlen);
$encrypted = substr($encryptedPassword, $ivlen);
return openssl_decrypt($encrypted, $cipher, $key, 0, $iv);
}
// Add credentials logic
if (isset($_POST['addCredential'])) {
$name = $_POST['credentialName'];
$username = $_POST['credentialUsername'];
$password = encryptPassword($_POST['credentialPassword']); // Encrypt the password
$otp = $_POST['credentialOTP'];
$url = $_POST['credentialURL'];
$department_id = $_POST['department_id']; // Get the selected department ID
try {
$stmt = $pdo->prepare("INSERT INTO credentials (user_id, name, username, password, otp, url, department_id, created_at)
VALUES (:user_id, :name, :username, :password, :otp, :url, :department_id, NOW())");
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':otp', $otp, PDO::PARAM_STR);
$stmt->bindParam(':url', $url, PDO::PARAM_STR);
$stmt->bindParam(':department_id', $department_id, PDO::PARAM_INT);
if ($stmt->execute()) {
// Set success message in session
$_SESSION['success_message'] = "Credentials for: $name have been added!";
}
} catch (PDOException $e) {
$error_message = "Error: " . $e->getMessage();
}
// After the credentials are added, redirect to the dashboard page
header('Location: dashboard.php');
exit();
}
// Delete credentials logic
if (isset($_POST['deleteCredential']) && isset($_POST['credential_id'])) {
$credential_id = $_POST['credential_id'];
$stmt = $pdo->prepare("SELECT user_id, name FROM credentials WHERE credential_id = :credential_id");
$stmt->bindValue(':credential_id', $credential_id, PDO::PARAM_INT);
$stmt->execute();
$credential = $stmt->fetch(PDO::FETCH_ASSOC);
if ($credential) {
if ($credential['user_id'] == $user_id || in_array($role, ['admin', 'manager'])) {
try {
$deleteStmt = $pdo->prepare("DELETE FROM credentials WHERE credential_id = :credential_id");
$deleteStmt->bindValue(':credential_id', $credential_id, PDO::PARAM_INT);
if ($deleteStmt->execute()) {
$_SESSION['success_message'] = "Credentials for {$credential['name']} have been removed.";
header('Location: dashboard.php');
exit();
}
} catch (PDOException $e) {
$error_message = "Error: " . $e->getMessage();
}
} else {
$error_message = "You are not authorized to delete these credentials.";
}
} else {
$error_message = "Credential not found.";
}
}
// Edit credentials logic
if (isset($_POST['editCredential'])) {
// Get the values from the form
$credential_id = $_POST['credential_id'];
$name = $_POST['credentialName'];
$username = $_POST['credentialUsername'];
$password = encryptPassword($_POST['credentialPassword']); // Encrypt the password
$otp = $_POST['credentialOTP'];
$url = $_POST['credentialURL'];
$department_id = $_POST['department_id']; // Get the selected department ID
// Prepare the SQL statement to update the credentials
$stmt = $pdo->prepare("UPDATE credentials SET
name = :name,
username = :username,
password = :password,
otp = :otp,
url = :url,
department_id = :department_id
WHERE credential_id = :credential_id");
// Bind the parameters
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':otp', $otp, PDO::PARAM_STR);
$stmt->bindParam(':url', $url, PDO::PARAM_STR);
$stmt->bindParam(':department_id', $department_id, PDO::PARAM_INT);
$stmt->bindParam(':credential_id', $credential_id, PDO::PARAM_INT);
// Debugging: Check if the query is executing
if ($stmt->execute()) {
$_SESSION['success_message'] = "Credentials for $name have been updated!";
echo "Update successful"; // Debugging message
} else {
echo "Update failed"; // Debugging message
}
// After successful update, redirect to refresh the page
header('Location: dashboard.php');
exit();
}
// Function to generate a random token
function generateVerificationToken() {
return bin2hex(random_bytes(16));
}
// Function to send verification email
function sendVerificationEmail($email, $userId) {
$verifyToken = generateVerificationToken();
global $pdo;
// Save the token in the users_access table
$stmt = $pdo->prepare("UPDATE users_access SET verified = 0 WHERE user_id = :user_id");
$stmt->execute([':user_id' => $userId]);
$verifyUrl = "$base_url/verify?token=$verifyToken&user_id=$userId";
$subject = "Verify Your Email";
$message = "Click the link below to verify your email:\n\n$verifyUrl";
$headers = "From: no-reply@kpassnest.com";
// Send email
if (mail($email, $subject, $message, $headers)) {
// Save token to database
$stmt = $pdo->prepare("INSERT INTO users_access (user_id, verified) VALUES (:user_id, :verified)");
$stmt->execute([':user_id' => $userId, ':verified' => 0]);
}
}
// Function to verify user
function verifyUser($token, $userId) {
global $pdo;
$stmt = $pdo->prepare("SELECT * FROM users_access WHERE user_id = :user_id");
$stmt->execute([':user_id' => $userId]);
$userAccess = $stmt->fetch(PDO::FETCH_ASSOC);
if ($userAccess) {
$stmt = $pdo->prepare("UPDATE users_access SET verified = 1 WHERE user_id = :user_id");
$stmt->execute([':user_id' => $userId]);
return true;
}
return false;
}
// Function to update user fields in the database
function updateUserFields($userId, $fields) {
global $pdo;
// Prepare an SQL update query
$setClauses = [];
foreach ($fields as $column => $value) {
// Ensure that only valid columns are updated
if (in_array($column, ['first_name', 'second_name', 'email', 'username', 'password', 'role', 'status', 'verified'])) {
$setClauses[] = "$column = :$column";
}
}
$setClause = implode(", ", $setClauses);
// Build the SQL query
$sql = "UPDATE users SET $setClause, updated_at = CURRENT_TIMESTAMP WHERE user_id = :user_id";
// Prepare the statement
$stmt = $pdo->prepare($sql);
// Bind the values for the fields
foreach ($fields as $column => $value) {
$stmt->bindValue(":$column", $value);
}
// Bind the user ID
$stmt->bindValue(':user_id', $userId, PDO::PARAM_INT);
// Execute the statement and check if it was successful
return $stmt->execute();
}
?>