$name created"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if(isset($_POST['edit_login'])){ validateTechRole(); require_once('post/client_logins_model.php'); $login_id = intval($_POST['login_id']); mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id WHERE login_id = $login_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Modify', log_description = '$session_name modified login $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id"); $_SESSION['alert_message'] = "Login $name updated"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if(isset($_GET['delete_login'])){ validateAdminRole(); $login_id = intval($_GET['delete_login']); // Get Login Name and Client ID for logging and alert message $sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id"); $row = mysqli_fetch_array($sql); $login_name = sanitizeInput($row['login_name']); $client_id = intval($row['login_client_id']); mysqli_query($mysqli,"DELETE FROM logins WHERE login_id = $login_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Delete', log_description = '$session_name deleted login $login_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id"); $_SESSION['alert_message'] = "Login $login_name deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if(isset($_POST['export_client_logins_csv'])){ validateAdminRole(); $client_id = intval($_POST['client_id']); //get records from database $sql = mysqli_query($mysqli,"SELECT * FROM logins LEFT JOIN clients ON client_id = login_client_id WHERE login_client_id = $client_id ORDER BY login_name ASC"); $row = mysqli_fetch_array($sql); $client_name = $row['client_name']; $num_rows = mysqli_num_rows($sql); if($num_rows > 0) { $delimiter = ","; $filename = strtoAZaz09($client_name) . "-Logins-" . date('Y-m-d') . ".csv"; //create a file pointer $f = fopen('php://memory', 'w'); //set column headers $fields = array('Name', 'Description', 'Username', 'Password', 'URL'); fputcsv($f, $fields, $delimiter); //output each row of the data, format line as csv and write to file pointer while($row = $sql->fetch_assoc()){ $login_username = decryptLoginEntry($row['login_username']); $login_password = decryptLoginEntry($row['login_password']); $lineData = array($row['login_name'], $row['login_description'], $login_username, $login_password, $row['login_uri']); fputcsv($f, $lineData, $delimiter); } //move back to beginning of file fseek($f, 0); //set headers to download file rather than displayed header('Content-Type: text/csv'); header('Content-Disposition: attachment; filename="' . $filename . '";'); //output all remaining data on a file pointer fpassthru($f); } // Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Export', log_description = '$session_name exported $num_rows login(s) to a CSV file', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); exit; } if(isset($_POST["import_client_logins_csv"])){ validateTechRole(); $client_id = intval($_POST['client_id']); $file_name = $_FILES["file"]["tmp_name"]; $error = false; //Check file is CSV $file_extension = strtolower(end(explode('.',$_FILES['file']['name']))); $allowed_file_extensions = array('csv'); if(in_array($file_extension,$allowed_file_extensions) === false){ $error = true; $_SESSION['alert_message'] = "Bad file extension"; } //Check file isn't empty elseif($_FILES["file"]["size"] < 1){ $error = true; $_SESSION['alert_message'] = "Bad file size (empty?)"; } //(Else)Check column count $f = fopen($file_name, "r"); $f_columns = fgetcsv($f, 1000, ","); if(!$error & count($f_columns) != 4) { $error = true; $_SESSION['alert_message'] = "Bad column count."; } //Else, parse the file if(!$error){ $file = fopen($file_name, "r"); fgetcsv($file, 1000, ","); // Skip first line $row_count = 0; $duplicate_count = 0; while(($column = fgetcsv($file, 1000, ",")) !== false){ $duplicate_detect = 0; if(isset($column[0])){ $name = sanitizeInput($column[0]); if(mysqli_num_rows(mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name = '$name' AND login_client_id = $client_id")) > 0){ $duplicate_detect = 1; } } if(isset($column[1])){ $description = sanitizeInput($column[1]); } if(isset($column[2])){ $username = sanitizeInput(encryptLoginEntry($column[2])); } if(isset($column[3])){ $password = sanitizeInput(encryptLoginEntry($column[3])); } if(isset($column[4])){ $url = sanitizeInput($column[4]); } // Check if duplicate was detected if($duplicate_detect == 0){ //Add mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$url', login_username = '$username', login_password = '$password', login_client_id = $client_id"); $row_count = $row_count + 1; }else{ $duplicate_count = $duplicate_count + 1; } } fclose($file); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Import', log_description = '$session_name imported $row_count login(s) via csv file. $duplicate_count duplicate(s) detected and not imported', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); $_SESSION['alert_message'] = "$row_count Login(s) imported, $duplicate_count duplicate(s) detected and not imported"; header("Location: " . $_SERVER["HTTP_REFERER"]); } //Check for any errors, if there are notify user and redirect if($error) { $_SESSION['alert_type'] = "warning"; header("Location: " . $_SERVER["HTTP_REFERER"]); } } if(isset($_GET['download_client_logins_csv_template'])){ $client_id = intval($_GET['download_client_logins_csv_template']); //get records from database $sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id"); $row = mysqli_fetch_array($sql); $client_name = $row['client_name']; $delimiter = ","; $filename = strtoAZaz09($client_name) . "-Logins-Template.csv"; //create a file pointer $f = fopen('php://memory', 'w'); //set column headers $fields = array('Name', 'Description', 'Username', 'Password', 'URL'); fputcsv($f, $fields, $delimiter); //move back to beginning of file fseek($f, 0); //set headers to download file rather than displayed header('Content-Type: text/csv'); header('Content-Disposition: attachment; filename="' . $filename . '";'); //output all remaining data on a file pointer fpassthru($f); exit; }