Client logins/passwords - Add basic password rotation report

This basic report shows you which client login entries have not had their passwords changed/rotated in the last 90 days. Password rotation is no longer encouraged for users memorising their own passwords. However, password rotation is essential for service/shared accounts commonly used by MSPs in situations where individual accounts aren't available/viable.
2026-02-28 19:04:52 +00:00 · 2023-10-02 22:24:42 +01:00
parent 7abdf53e9f
commit f49cdf3a35
2 changed files with 82 additions and 3 deletions
--- a/report_password_rotation.php
+++ b/report_password_rotation.php
@@ -0,0 +1,73 @@
+<?php
+
+require_once("inc_all_reports.php");
+validateTechRole();
+
+// TODO: Default to 90 but allow input field to change this
+if (isset($_GET['days'])) {
+    $days = intval($_GET['days']);
+} else {
+    $days = 90;
+}
+
+$passwords_not_rotated_sql = mysqli_query($mysqli,
+    "SELECT login_id, login_name, login_description, login_password_changed_at, login_client_id, client_id, client_name
+        FROM logins
+        LEFT JOIN clients ON login_client_id = client_id
+        WHERE DATE(login_password_changed_at) < DATE_SUB(CURDATE(), INTERVAL $days DAY)
+        ORDER BY client_name"
+);
+
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fas fa-fw fa-life-ring mr-2"></i>Login entry passwords not changed/rotated in the last 90 days</h3>
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print mr-2"></i>Print</button>
+            </div>
+        </div>
+        <div class="card-body">
+
+            <div class="table-responsive-sm">
+                <table class="table table-striped">
+                    <thead>
+                    <tr>
+                        <th>Client</th>
+                        <th class="text-right">Login Name</th>
+                        <th class="text-right">Login Description</th>
+                        <th class="text-right">Login Password Last Changed</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+
+                    <?php
+
+                    while ($row = mysqli_fetch_array($passwords_not_rotated_sql)) {
+
+                        $login_id = intval($row['login_id']);
+                        $login_name = nullable_htmlentities($row['login_name']);
+                        $login_description = nullable_htmlentities($row['login_description']);
+                        $login_password_changed = nullable_htmlentities($row['login_password_changed_at']);
+                        $client_id = intval($row['client_id']);
+                        $client_name = nullable_htmlentities($row['client_name']);
+
+                        ?>
+
+                        <tr>
+                            <td><?php echo $client_name; ?></td>
+                            <td class="text-right"><?php echo $login_name; ?></td>
+                            <td class="text-right"><?php echo $login_description; ?></td>
+                            <td class="text-right"><?php echo timeAgo($login_password_changed) . " (" . $login_password_changed . ")" ?></td>
+                        </tr>
+
+                    <?php } ?>
+
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+
+<?php
+require_once("footer.php");