From b7a9f9ea386b3e1424b5b5bb62d5ff565e6e5678 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Wed, 15 Oct 2025 10:12:14 +0100
Subject: [PATCH] When exporting credential info, include the TOTP secret

---
 agent/post/credential.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/agent/post/credential.php b/agent/post/credential.php
index 392aab9d..ce41fa56 100644
--- a/agent/post/credential.php
+++ b/agent/post/credential.php
@@ -317,8 +317,6 @@ if (isset($_POST['export_credentials_csv'])) {
 
     //get records from database
     $sql = mysqli_query($mysqli,"SELECT * FROM credentials LEFT JOIN clients ON client_id = credential_client_id WHERE credential_archived_at IS NULL $client_query ORDER BY credential_name ASC");
-    $row = mysqli_fetch_array($sql);
-
     $num_rows = mysqli_num_rows($sql);
 
     if ($num_rows > 0) {
@@ -331,14 +329,14 @@ if (isset($_POST['export_credentials_csv'])) {
         $f = fopen('php://memory', 'w');
 
         //set column headers
-        $fields = array('Name', 'Description', 'Username', 'Password', 'URI');
+        $fields = array('Name', 'Description', 'Username', 'Password', 'TOTP', 'URI');
         fputcsv($f, $fields, $delimiter, $enclosure, $escape);
 
         //output each row of the data, format line as csv and write to file pointer
         while($row = mysqli_fetch_assoc($sql)){
             $credential_username = decryptCredentialEntry($row['credential_username']);
             $credential_password = decryptCredentialEntry($row['credential_password']);
-            $lineData = array($row['credential_name'], $row['credential_description'], $credential_username, $credential_password, $row['credential_uri']);
+            $lineData = array($row['credential_name'], $row['credential_description'], $credential_username, $credential_password, $row['credential_otp_secret'], $row['credential_uri']);
             fputcsv($f, $lineData, $delimiter, $enclosure, $escape);
         }