Allow importing TOTP credential info

2025-10-15 10:18:44 +01:00 · 2025-10-15 10:18:44 +01:00 · 0bb7d24e07
parent b7a9f9ea38
commit 0bb7d24e07
1 changed files with 14 additions and 5 deletions
--- a/agent/post/credential.php
+++ b/agent/post/credential.php
@ -388,7 +388,7 @@ if (isset($_POST["import_credentials_csv"])) {
    //(Else)Check column count
    $f = fopen($file_name, "r");
    $f_columns = fgetcsv($f, 1000, ",");
-    if (!$error & count($f_columns) != 5) {
+    if (!$error & count($f_columns) != 6) {
        $error = true;
        flash_alert("Bad column count.", 'error');
    }
@ -401,31 +401,40 @@ if (isset($_POST["import_credentials_csv"])) {
        $duplicate_count = 0;
        while(($column = fgetcsv($file, 1000, ",")) !== false){
            $duplicate_detect = 0;
+            // Name
            if (isset($column[0])) {
                $name = sanitizeInput($column[0]);
                if (mysqli_num_rows(mysqli_query($mysqli,"SELECT * FROM credentials WHERE credential_name = '$name' AND credential_client_id = $client_id")) > 0){
                    $duplicate_detect = 1;
                }
            }
+            // Desc
            if (isset($column[1])) {
                $description = sanitizeInput($column[1]);
            }
+            // User
            if (isset($column[2])) {
                $username = sanitizeInput(encryptCredentialEntry($column[2]));
            }
+            // Pass
            if (isset($column[3])) {
                $password = sanitizeInput(encryptCredentialEntry($column[3]));
            }
+            // OTP
            if (isset($column[4])) {
-                $uri = sanitizeInput($column[4]);
+                $totp = sanitizeInput($column[4]);
+            }
+            // URL
+            if (isset($column[4])) {
+                $uri = sanitizeInput($column[5]);
            }

            // Check if duplicate was detected
            if ($duplicate_detect == 0){
                //Add
-                mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_username = '$username', credential_password = '$password', credential_client_id = $client_id");
+                mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$totp', credential_client_id = $client_id");
                $row_count = $row_count + 1;
-            }else{
+            } else {
                $duplicate_count = $duplicate_count + 1;
            }
        }
@ -453,7 +462,7 @@ if (isset($_GET['download_credentials_csv_template'])) {
    $f = fopen('php://memory', 'w');

    //set column headers
-    $fields = array('Name', 'Description', 'Username', 'Password', 'URI');
+    $fields = array('Name', 'Description', 'Username', 'Password', 'TOTP', 'URI');
    fputcsv($f, $fields, $delimiter);

    //move back to beginning of file