From ebaa2a084ad407848aba06611fb11dcf1fcdfbdb Mon Sep 17 00:00:00 2001
From: o-psi <andymalsb@gmail.com>
Date: Mon, 18 Dec 2023 17:34:59 +0000
Subject: [PATCH] add readable password generation

---
 client_contacts.php |  27 +++++-
 client_logins.php   | 209 +++++++++++++++++++++++++-------------------
 2 files changed, 143 insertions(+), 93 deletions(-)

diff --git a/client_contacts.php b/client_contacts.php
index 2b060187..084835e6 100644
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -241,12 +241,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                 </table>
             </div>
             <?php require_once "pagination.php";
- ?>
+?>
         </div>
     </div>
 
 <!-- JavaScript to Show/Hide Password Form Group -->
 <script>
+
+    function generatePassword(type, id) {
+        var url = '/ajax.php?get_readable_pass=true';
+
+        // Make an AJAX request to the server
+        var xhr = new XMLHttpRequest();
+        xhr.open('GET', url, true);
+
+        xhr.onreadystatechange = function () {
+            if (xhr.readyState == 4 && xhr.status == 200) {
+                var password = xhr.responseText;
+
+                // Set the password value based on the type
+                if (type == "add") {
+                    document.getElementById("password-add").value = password;
+                } else if (type == "edit") {
+                    console.log("password-edit-"+id.toString());
+                    document.getElementById("password-edit-"+id.toString()).value = password;
+                }
+            }
+        };
+        xhr.send();
+    }
+
     $(document).ready(function() {
         $('.authMethod').on('change', function() {
             var $form = $(this).closest('.authForm');
@@ -257,6 +281,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
             }
         });
         $('.authMethod').trigger('change');
+
     });
 </script>
 
diff --git a/client_logins.php b/client_logins.php
index dc1ddf21..a7030acc 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -50,7 +50,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                 <div class="col-md-4">
                     <div class="input-group mb-3 mb-md-0">
-                        <input type="search" class="form-control" name="q" value="<?php if (isset($q)) { echo stripslashes(nullable_htmlentities($q)); } ?>" placeholder="Search Logins">
+                        <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {
+                                                                                        echo stripslashes(nullable_htmlentities($q));
+                                                                                    } ?>" placeholder="Search Logins">
                         <div class="input-group-append">
                             <button class="btn btn-dark"><i class="fa fa-search"></i></button>
                         </div>
@@ -67,107 +69,110 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <hr>
         <div class="table-responsive-sm">
             <table class="table table-striped table-borderless table-hover">
-                <thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
-                <tr>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_name&order=<?php echo $disp; ?>">Name</a></th>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_description&order=<?php echo $disp; ?>">Description</a></th>
-                    <th>Username</th>
-                    <th>Password</th>
-                    <th>OTP</th>
-                    <th><a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_uri&order=<?php echo $disp; ?>">URI</a></th>
-                    <th class="text-center">Action</th>
-                </tr>
+                <thead class="text-dark <?php if ($num_rows[0] == 0) {
+                                            echo "d-none";
+                                        } ?>">
+                    <tr>
+                        <th><a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_name&order=<?php echo $disp; ?>">Name</a></th>
+                        <th><a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_description&order=<?php echo $disp; ?>">Description</a></th>
+                        <th>Username</th>
+                        <th>Password</th>
+                        <th>OTP</th>
+                        <th><a class="text-secondary" href="?<?php echo $url_query_strings_sort; ?>&sort=login_uri&order=<?php echo $disp; ?>">URI</a></th>
+                        <th class="text-center">Action</th>
+                    </tr>
                 </thead>
                 <tbody>
-                <?php
+                    <?php
 
-                while ($row = mysqli_fetch_array($sql)) {
-                    $login_id = intval($row['login_id']);
-                    $login_name = nullable_htmlentities($row['login_name']);
-                    $login_description = nullable_htmlentities($row['login_description']);
-                    if (empty($login_description)) {
-                        $login_description_display = "-";
-                    } else {
-                        $login_description_display = $login_description;
-                    }
-                    $login_uri = nullable_htmlentities($row['login_uri']);
-                    if (empty($login_uri)) {
-                        $login_uri_display = "-";
-                    } else {
-                        $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
-                    }
-                    $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
-                    if (empty($login_username)) {
-                        $login_username_display = "-";
-                    } else {
-                        $login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
-                    }
-                    $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
-                    $login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
-                    $login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
-                    if (empty($login_otp_secret)) {
-                        $otp_display = "-";
-                    } else {
-                        $otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
-                    }
-                    $login_note = nullable_htmlentities($row['login_note']);
-                    $login_important = intval($row['login_important']);
-                    $login_contact_id = intval($row['login_contact_id']);
-                    $login_vendor_id = intval($row['login_vendor_id']);
-                    $login_asset_id = intval($row['login_asset_id']);
-                    $login_software_id = intval($row['login_software_id']);
+                    while ($row = mysqli_fetch_array($sql)) {
+                        $login_id = intval($row['login_id']);
+                        $login_name = nullable_htmlentities($row['login_name']);
+                        $login_description = nullable_htmlentities($row['login_description']);
+                        if (empty($login_description)) {
+                            $login_description_display = "-";
+                        } else {
+                            $login_description_display = $login_description;
+                        }
+                        $login_uri = nullable_htmlentities($row['login_uri']);
+                        if (empty($login_uri)) {
+                            $login_uri_display = "-";
+                        } else {
+                            $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
+                        }
+                        $login_username = nullable_htmlentities(decryptLoginEntry($row['login_username']));
+                        if (empty($login_username)) {
+                            $login_username_display = "-";
+                        } else {
+                            $login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
+                        }
+                        $login_password = nullable_htmlentities(decryptLoginEntry($row['login_password']));
+                        $login_otp_secret = nullable_htmlentities($row['login_otp_secret']);
+                        $login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
+                        if (empty($login_otp_secret)) {
+                            $otp_display = "-";
+                        } else {
+                            $otp_display = "<span onmouseenter='showOTPViaLoginID($login_id)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
+                        }
+                        $login_note = nullable_htmlentities($row['login_note']);
+                        $login_important = intval($row['login_important']);
+                        $login_contact_id = intval($row['login_contact_id']);
+                        $login_vendor_id = intval($row['login_vendor_id']);
+                        $login_asset_id = intval($row['login_asset_id']);
+                        $login_software_id = intval($row['login_software_id']);
 
                     ?>
-                    <tr class="<?php if(!empty($login_important)) { echo "text-bold"; }?>">
-                        <td>
-                            <i class="fa fa-fw fa-key text-secondary"></i>
-                            <a class="text-dark" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
-                                <?php echo $login_name; ?>
-                            </a>
-                        </td>
-                        <td><?php echo $login_description_display; ?></td>
-                        <td><?php echo $login_username_display; ?></td>
-                        <td>
-                            <a tabindex="0" href="#" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button>
-                        </td>
-                        <td><?php echo $otp_display; ?></td>
-                        <td><?php echo $login_uri_display; ?></td>
-                        <td>
-                            <div class="dropdown dropleft text-center">
-                                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
-                                    <i class="fas fa-ellipsis-h"></i>
-                                </button>
-                                <div class="dropdown-menu">
-                                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
-                                        <i class="fas fa-fw fa-edit mr-2"></i>Edit
-                                    </a>
-                                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
-                                        <i class="fas fa-fw fa-share mr-2"></i>Share
-                                    </a>
-                                    <?php if ($session_user_role == 3) { ?>
-                                        <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger text-bold" href="post.php?delete_login=<?php echo $login_id; ?>">
-                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                        <tr class="<?php if (!empty($login_important)) {
+                                        echo "text-bold";
+                                    } ?>">
+                            <td>
+                                <i class="fa fa-fw fa-key text-secondary"></i>
+                                <a class="text-dark" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
+                                    <?php echo $login_name; ?>
+                                </a>
+                            </td>
+                            <td><?php echo $login_description_display; ?></td>
+                            <td><?php echo $login_username_display; ?></td>
+                            <td>
+                                <a tabindex="0" href="#" data-toggle="popover" data-trigger="focus" data-placement="top" data-content="<?php echo $login_password; ?>"><i class="fas fa-2x fa-ellipsis-h text-secondary"></i><i class="fas fa-2x fa-ellipsis-h text-secondary"></i></a><button class="btn btn-sm clipboardjs" data-clipboard-text="<?php echo $login_password; ?>"><i class="far fa-copy text-secondary"></i></button>
+                            </td>
+                            <td><?php echo $otp_display; ?></td>
+                            <td><?php echo $login_uri_display; ?></td>
+                            <td>
+                                <div class="dropdown dropleft text-center">
+                                    <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                                        <i class="fas fa-ellipsis-h"></i>
+                                    </button>
+                                    <div class="dropdown-menu">
+                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">
+                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                         </a>
-                                    <?php } ?>
+                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
+                                            <i class="fas fa-fw fa-share mr-2"></i>Share
+                                        </a>
+                                        <?php if ($session_user_role == 3) { ?>
+                                            <div class="dropdown-divider"></div>
+                                            <a class="dropdown-item text-danger text-bold" href="post.php?delete_login=<?php echo $login_id; ?>">
+                                                <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                            </a>
+                                        <?php } ?>
+                                    </div>
                                 </div>
-                            </div>
-                        </td>
-                    </tr>
+                            </td>
+                        </tr>
 
                     <?php
 
-                    require "client_login_edit_modal.php";
+                        require "client_login_edit_modal.php";
+                    }
 
-                }
-
-                ?>
+                    ?>
 
                 </tbody>
             </table>
         </div>
         <?php require_once "pagination.php";
- ?>
+        ?>
     </div>
 </div>
 
@@ -176,8 +181,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
     function showOTP(id, secret) {
         //Send a GET request to ajax.php as ajax.php?get_totp_token=true&totp_secret=SECRET
         jQuery.get(
-            "ajax.php",
-            {get_totp_token: 'true', totp_secret: secret},
+            "ajax.php", {
+                get_totp_token: 'true',
+                totp_secret: secret
+            },
             function(data) {
                 //If we get a response from post.php, parse it as JSON
                 const token = JSON.parse(data);
@@ -191,8 +198,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
     function showOTPViaLoginID(login_id) {
         // Send a GET request to ajax.php as ajax.php?get_totp_token_via_id=true&login_id=ID
         jQuery.get(
-            "ajax.php",
-            {get_totp_token_via_id: 'true', login_id: login_id},
+            "ajax.php", {
+                get_totp_token_via_id: 'true',
+                login_id: login_id
+            },
             function(data) {
                 //If we get a response from post.php, parse it as JSON
                 const token = JSON.parse(data);
@@ -204,7 +213,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
     }
 
     function generatePassword() {
-        document.getElementById("password").value = "<?php echo randomString(); ?>"
+        document.getElementById("password").value = "<?php echo generateReadablePassword(3); ?>"
+    }
+
+    function generatePassword() {
+        var url = '/ajax.php?get_readable_pass=true';
+
+        // Make an AJAX request to the server
+        var xhr = new XMLHttpRequest();
+        xhr.open('GET', url, true);
+
+        xhr.onreadystatechange = function() {
+            if (xhr.readyState == 4 && xhr.status == 200) {
+                var password = xhr.responseText;
+
+                document.getElementById("password").value = password;
+            }
+        };
+        xhr.send();
     }
 </script>
 
@@ -219,4 +245,3 @@ require_once "client_login_import_modal.php";
 require_once "client_login_export_modal.php";
 
 require_once "footer.php";
-