AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
itflow/post/login.php

231 lines
8.9 KiB
PHP
Raw Blame History

<?php
/*
* ITFlow - GET/POST request handler for client logins / passwords
*/
if(isset($_POST['add_login'])){
validateTechRole();
require_once('post/client_logins_model.php');
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id, login_client_id = $client_id");
$login_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Create', log_description = '$session_name created login $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id");
$_SESSION['alert_message'] = "Login <strong>$name</strong> created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['edit_login'])){
validateTechRole();
require_once('post/client_logins_model.php');
$login_id = intval($_POST['login_id']);
mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id WHERE login_id = $login_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Modify', log_description = '$session_name modified login $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id");
$_SESSION['alert_message'] = "Login <strong>$name</strong> updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['delete_login'])){
validateAdminRole();
$login_id = intval($_GET['delete_login']);
// Get Login Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT login_name, login_client_id FROM logins WHERE login_id = $login_id");
$row = mysqli_fetch_array($sql);
$login_name = sanitizeInput($row['login_name']);
$client_id = intval($row['login_client_id']);
mysqli_query($mysqli,"DELETE FROM logins WHERE login_id = $login_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Delete', log_description = '$session_name deleted login $login_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $login_id");
$_SESSION['alert_message'] = "Login <strong>$login_name</strong> deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['export_client_logins_csv'])){
validateAdminRole();
$client_id = intval($_POST['client_id']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM logins LEFT JOIN clients ON client_id = login_client_id WHERE login_client_id = $client_id ORDER BY login_name ASC");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
$num_rows = mysqli_num_rows($sql);
if($num_rows > 0) {
$delimiter = ",";
$filename = strtoAZaz09($client_name) . "-Logins-" . date('Y-m-d') . ".csv";
//create a file pointer
$f = fopen('php://memory', 'w');
//set column headers
$fields = array('Name', 'Description', 'Username', 'Password', 'URL');
fputcsv($f, $fields, $delimiter);
//output each row of the data, format line as csv and write to file pointer
while($row = $sql->fetch_assoc()){
$login_username = decryptLoginEntry($row['login_username']);
$login_password = decryptLoginEntry($row['login_password']);
$lineData = array($row['login_name'], $row['login_description'], $login_username, $login_password, $row['login_uri']);
fputcsv($f, $lineData, $delimiter);
}
//move back to beginning of file
fseek($f, 0);
//set headers to download file rather than displayed
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="' . $filename . '";');
//output all remaining data on a file pointer
fpassthru($f);
}
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Export', log_description = '$session_name exported $num_rows login(s) to a CSV file', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
exit;
}
if(isset($_POST["import_client_logins_csv"])){
validateTechRole();
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
$error = false;
//Check file is CSV
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$allowed_file_extensions = array('csv');
if(in_array($file_extension,$allowed_file_extensions) === false){
$error = true;
$_SESSION['alert_message'] = "Bad file extension";
}
//Check file isn't empty
elseif($_FILES["file"]["size"] < 1){
$error = true;
$_SESSION['alert_message'] = "Bad file size (empty?)";
}
//(Else)Check column count
$f = fopen($file_name, "r");
$f_columns = fgetcsv($f, 1000, ",");
if(!$error & count($f_columns) != 4) {
$error = true;
$_SESSION['alert_message'] = "Bad column count.";
}
//Else, parse the file
if(!$error){
$file = fopen($file_name, "r");
fgetcsv($file, 1000, ","); // Skip first line
$row_count = 0;
$duplicate_count = 0;
while(($column = fgetcsv($file, 1000, ",")) !== false){
$duplicate_detect = 0;
if(isset($column[0])){
$name = sanitizeInput($column[0]);
if(mysqli_num_rows(mysqli_query($mysqli,"SELECT * FROM logins WHERE login_name = '$name' AND login_client_id = $client_id")) > 0){
$duplicate_detect = 1;
}
}
if(isset($column[1])){
$description = sanitizeInput($column[1]);
}
if(isset($column[2])){
$username = sanitizeInput(encryptLoginEntry($column[2]));
}
if(isset($column[3])){
$password = sanitizeInput(encryptLoginEntry($column[3]));
}
if(isset($column[4])){
$url = sanitizeInput($column[4]);
}
// Check if duplicate was detected
if($duplicate_detect == 0){
//Add
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$url', login_username = '$username', login_password = '$password', login_client_id = $client_id");
$row_count = $row_count + 1;
}else{
$duplicate_count = $duplicate_count + 1;
}
}
fclose($file);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Import', log_description = '$session_name imported $row_count login(s) via csv file. $duplicate_count duplicate(s) detected and not imported', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
$_SESSION['alert_message'] = "$row_count Login(s) imported, $duplicate_count duplicate(s) detected and not imported";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
//Check for any errors, if there are notify user and redirect
if($error) {
$_SESSION['alert_type'] = "warning";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
}
if(isset($_GET['download_client_logins_csv_template'])){
$client_id = intval($_GET['download_client_logins_csv_template']);
//get records from database
$sql = mysqli_query($mysqli,"SELECT client_name FROM clients WHERE client_id = $client_id");
$row = mysqli_fetch_array($sql);
$client_name = $row['client_name'];
$delimiter = ",";
$filename = strtoAZaz09($client_name) . "-Logins-Template.csv";
//create a file pointer
$f = fopen('php://memory', 'w');
//set column headers
$fields = array('Name', 'Description', 'Username', 'Password', 'URL');
fputcsv($f, $fields, $delimiter);
//move back to beginning of file
fseek($f, 0);
//set headers to download file rather than displayed
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="' . $filename . '";');
//output all remaining data on a file pointer
fpassthru($f);
exit;
}
Reference in New Issue View Git Blame Copy Permalink