From 873df63c76c0eb3e093eed82b5dff5470f28dbdf Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Wed, 30 Oct 2024 14:40:02 -0400
Subject: [PATCH] FEATURE: Added Credential Tagging Support

---
 admin_tag.php               |  2 ++
 admin_tag_add_modal.php     |  1 +
 admin_tag_edit_modal.php    |  1 +
 client_login_add_modal.php  | 21 +++++++++++
 client_login_edit_modal.php | 21 +++++++++++
 client_logins.php           | 70 ++++++++++++++++++++++++++++++++++---
 post/user/credential.php    | 18 ++++++++++
 7 files changed, 130 insertions(+), 4 deletions(-)

diff --git a/admin_tag.php b/admin_tag.php
index faf50495..2ac68281 100644
--- a/admin_tag.php
+++ b/admin_tag.php
@@ -76,6 +76,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                             $tag_type_display = "Location Tag";
                         } elseif ( $tag_type == 3) {
                             $tag_type_display = "Contact Tag";
+                        } elseif ( $tag_type == 4) {
+                            $tag_type_display = "Credential Tag";
                         } else {
                             $tag_type_display = "Unknown Tag";
                         }
diff --git a/admin_tag_add_modal.php b/admin_tag_add_modal.php
index 5cd0705c..4406de2e 100644
--- a/admin_tag_add_modal.php
+++ b/admin_tag_add_modal.php
@@ -32,6 +32,7 @@
                 <option value="1">Client Tag</option>
                 <option value="2">Location Tag</option>
                 <option value="3">Contact Tag</option>
+                <option value="4">Credential Tag</option>
               </select>
             </div>
           </div>
diff --git a/admin_tag_edit_modal.php b/admin_tag_edit_modal.php
index f0fb9574..80f3df07 100644
--- a/admin_tag_edit_modal.php
+++ b/admin_tag_edit_modal.php
@@ -32,6 +32,7 @@
                 <option value="1" <?php if ($tag_type == 1) { echo "selected"; } ?>>Client Tag</option>
                 <option value="2" <?php if ($tag_type == 2) { echo "selected"; } ?>>Location Tag</option>
                 <option value="3" <?php if ($tag_type == 3) { echo "selected"; } ?>>Contact Tag</option>
+                <option value="4" <?php if ($tag_type == 4) { echo "selected"; } ?>>Credential Tag</option>
               </select>
             </div>
           </div>
diff --git a/client_login_add_modal.php b/client_login_add_modal.php
index 43e426b4..0afd75e1 100644
--- a/client_login_add_modal.php
+++ b/client_login_add_modal.php
@@ -228,6 +228,27 @@
                                 <textarea class="form-control" rows="12" placeholder="Enter some notes" name="note"></textarea>
                             </div>
 
+                            <div class="form-group">
+                                <label>Tags</label>
+                                <div class="input-group">
+                                    <div class="input-group-prepend">
+                                        <span class="input-group-text"><i class="fa fa-fw fa-tags"></i></span>
+                                    </div>
+                                    <select class="form-control select2" name="tags[]" data-placeholder="Add some tags" multiple>
+                                        <?php
+
+                                        $sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 4 ORDER BY tag_name ASC");
+                                        while ($row = mysqli_fetch_array($sql_tags_select)) {
+                                            $tag_id_select = intval($row['tag_id']);
+                                            $tag_name_select = nullable_htmlentities($row['tag_name']);
+                                            ?>
+                                            <option value="<?php echo $tag_id_select; ?>"><?php echo $tag_name_select; ?></option>
+                                        <?php } ?>
+
+                                    </select>
+                                </div>
+                            </div>
+
                         </div>
 
                     </div>
diff --git a/client_login_edit_modal.php b/client_login_edit_modal.php
index a89ac4cf..8731cb1e 100644
--- a/client_login_edit_modal.php
+++ b/client_login_edit_modal.php
@@ -233,6 +233,27 @@
                                 <textarea class="form-control" rows="12" placeholder="Enter some notes" name="note"><?php echo $login_note; ?></textarea>
                             </div>
 
+                            <div class="form-group">
+                                <label>Tags</label>
+                                <div class="input-group">
+                                    <div class="input-group-prepend">
+                                        <span class="input-group-text"><i class="fa fa-fw fa-tags"></i></span>
+                                    </div>
+                                    <select class="form-control select2" name="tags[]" data-placeholder="Add some tags" multiple>
+                                        <?php
+
+                                        $sql_tags_select = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 4 ORDER BY tag_name ASC");
+                                        while ($row = mysqli_fetch_array($sql_tags_select)) {
+                                            $tag_id_select = intval($row['tag_id']);
+                                            $tag_name_select = nullable_htmlentities($row['tag_name']);
+                                            ?>
+                                            <option value="<?php echo $tag_id_select; ?>" <?php if (in_array($tag_id_select, $login_tag_id_array)) { echo "selected"; } ?>><?php echo $tag_name_select; ?></option>
+                                        <?php } ?>
+
+                                    </select>
+                                </div>
+                            </div>
+
                         </div>
 
                     </div>
diff --git a/client_logins.php b/client_logins.php
index ae2370e7..07f953a6 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -12,6 +12,21 @@ enforceUserPermission('module_credential');
 // Log when users load the Credentials/Logins page
 mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'View', log_description = '$session_name viewed the Credentials page for client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
 
+// Tags Filter
+if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
+    // Sanitize each element of the status array
+    $sanitizedTags = array();
+    foreach ($_GET['tags'] as $tag) {
+        // Escape each status to prevent SQL injection
+        $sanitizedTags[] = "'" . intval($tag) . "'";
+    }
+
+    // Convert the sanitized tags into a comma-separated string
+    $sanitizedTagsString = implode(",", $sanitizedTags);
+    $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
+} else {
+    $tag_query = '';
+}
 
 // Location Filter
 if (isset($_GET['location']) & !empty($_GET['location'])) {
@@ -31,10 +46,13 @@ $url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
     $mysqli,
-    "SELECT SQL_CALC_FOUND_ROWS * 
+    "SELECT SQL_CALC_FOUND_ROWS l.login_id AS l_login_id, l.*, login_tags.*, tags.* 
     FROM logins l
+    LEFT JOIN login_tags ON login_tags.login_id = l.login_id
+    LEFT JOIN tags ON tags.tag_id = login_tags.tag_id
     $location_query_innerjoin
     WHERE l.login_client_id = $client_id
+    $tag_query
     AND l.login_$archive_query
     AND (l.login_name LIKE '%$q%' OR l.login_description LIKE '%$q%' OR l.login_uri LIKE '%$q%')
     $location_query
@@ -104,7 +122,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     </div>
                 </div>
 
-                <div class="col-md-6">
+                <div class="col-md-3">
+                    <div class="form-group">
+                        <select onchange="this.form.submit()" class="form-control select2" name="tags[]" data-placeholder="- Select Tags -" multiple>
+
+                            <?php $sql_tags = mysqli_query($mysqli, "SELECT * FROM tags WHERE tag_type = 4");
+                            while ($row = mysqli_fetch_array($sql_tags)) {
+                                $tag_id = intval($row['tag_id']);
+                                $tag_name = nullable_htmlentities($row['tag_name']); ?>
+
+                                <option value="<?php echo $tag_id ?>" <?php if (isset($_GET['tags']) && is_array($_GET['tags']) && in_array($tag_id, $_GET['tags'])) { echo 'selected'; } ?>> <?php echo $tag_name ?> </option>
+
+                            <?php } ?>
+                        </select>
+                    </div>
+                </div>
+
+                <div class="col-md-3">
                     <div class="btn-group float-right">
                         <a href="?client_id=<?php echo $client_id; ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
                             class="btn btn-<?php if($archived == 1){ echo "primary"; } else { echo "default"; } ?>">
@@ -172,7 +206,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         <?php
 
                         while ($row = mysqli_fetch_array($sql)) {
-                            $login_id = intval($row['login_id']);
+                            $login_id = intval($row['l_login_id']);
                             $login_name = nullable_htmlentities($row['login_name']);
                             $login_description = nullable_htmlentities($row['login_description']);
                             $login_uri = nullable_htmlentities($row['login_uri']);
@@ -205,6 +239,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                             $login_asset_id = intval($row['login_asset_id']);
                             $login_software_id = intval($row['login_software_id']);
 
+                            // Tags
+                            $login_tag_name_display_array = array();
+                            $login_tag_id_array = array();
+                            $sql_login_tags = mysqli_query($mysqli, "SELECT * FROM login_tags LEFT JOIN tags ON login_tags.tag_id = tags.tag_id WHERE login_id = $login_id ORDER BY tag_name ASC");
+                            while ($row = mysqli_fetch_array($sql_login_tags)) {
+
+                                $login_tag_id = intval($row['tag_id']);
+                                $login_tag_name = nullable_htmlentities($row['tag_name']);
+                                $login_tag_color = nullable_htmlentities($row['tag_color']);
+                                if (empty($login_tag_color)) {
+                                    $login_tag_color = "dark";
+                                }
+                                $login_tag_icon = nullable_htmlentities($row['tag_icon']);
+                                if (empty($login_tag_icon)) {
+                                    $login_tag_icon = "tag";
+                                }
+
+                                $login_tag_id_array[] = $login_tag_id;
+                                $login_tag_name_display_array[] = "<a href='client_logins.php?client_id=$client_id&q=$login_tag_name'><span class='badge text-light p-1 mr-1' style='background-color: $login_tag_color;'><i class='fa fa-fw fa-$login_tag_icon mr-2'></i>$login_tag_name</span></a>";
+                            }
+                            $login_tags_display = implode('', $login_tag_name_display_array);
+
                             // Check if shared
                             $sql_shared = mysqli_query(
                                 $mysqli,
@@ -246,8 +302,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                         <div class="media">
                                             <i class="fa fa-fw fa-2x fa-key mr-3"></i>
                                             <div class="media-body">
-                                                <div><?php echo $login_name; ?></div>
+                                                <div><?php echo $login_name; ?> -- <?php echo $login_id ?></div>
                                                 <div><small class="text-secondary"><?php echo $login_description; ?></small></div>
+                                                <?php
+                                                if (!empty($login_tags_display)) { ?>
+                                                    <div class="mt-1">
+                                                        <?php echo $login_tags_display; ?>
+                                                    </div>
+                                                <?php } ?>
                                             </div>
                                         </div>
                                     </a>
diff --git a/post/user/credential.php b/post/user/credential.php
index 6cd7c5eb..2fc0ca37 100644
--- a/post/user/credential.php
+++ b/post/user/credential.php
@@ -14,6 +14,14 @@ if (isset($_POST['add_login'])) {
 
     $login_id = mysqli_insert_id($mysqli);
 
+     // Add Tags
+    if (isset($_POST['tags'])) {
+        foreach($_POST['tags'] as $tag) {
+            $tag = intval($tag);
+            mysqli_query($mysqli, "INSERT INTO login_tags SET login_id = $login_id, tag_id = $tag");
+        }
+    }
+
     // Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'Create', log_description = '$session_name created login $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id");
 
@@ -42,6 +50,16 @@ if (isset($_POST['edit_login'])) {
     // Update the login entry with the new details
     mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id WHERE login_id = $login_id");
 
+    // Tags
+    // Delete existing tags
+    mysqli_query($mysqli, "DELETE FROM login_tags WHERE login_id = $login_id");
+
+    // Add new tags
+    foreach($_POST['tags'] as $tag) {
+        $tag = intval($tag);
+        mysqli_query($mysqli, "INSERT INTO login_tags SET login_id = $login_id, tag_id = $tag");
+    }
+
     // Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'Modify', log_description = '$session_name modified login $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id");