ivancarlos/bundledcmdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

yey

Browse Source
This commit is contained in:
Ivan Carlos
2025-12-09 15:33:05 -03:00
parent a1ee7d672e
commit 2115a73472
15 changed files with 2054 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

395
public/asset.php Normal file
View File

@@ -0,0 +1,395 @@
<?php
// asset.php
session_start();
require_once '../config.php';
// Optional: enable during debugging only (remove or comment in production)
# ini_set('display_errors', 1);
# ini_set('display_startup_errors', 1);
# error_reporting(E_ALL);
// --- Security check ---
if (!isset($_SESSION['user_email'])) {
header('Location: index.php');
exit();
}
// --- Company from session ---
$company = $_SESSION['company'] ?? '';
if ($company === '') {
http_response_code(400);
exit('No company assigned in session.');
}
$table = 'assets'; // Fixed table name
// --- Row id ---
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
http_response_code(400);
exit('Invalid record ID');
}
$recordId = (int) $_GET['id'];
// --- Admin check from session ---
$role = $_SESSION['role'] ?? 'user';
$isAdmin = ($role === 'admin' || $role === 'superadmin');
$currentUserEmail = $_SESSION['user_email'] ?? '';
$currentUserEmail = $_SESSION['user_email'] ?? '';
// --- Helper functions ---
// --- DB Connection ---
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
require_once '../s3_client.php';
$s3 = new S3Client();
// --- Helper functions (Local DB & S3) ---
function get_row($pdo, $table, $id, $company)
{
$stmt = $pdo->prepare("SELECT * FROM `$table` WHERE Id = :id AND company = :company");
$stmt->execute([':id' => $id, ':company' => $company]);
return $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
function update_row($pdo, $table, $id, $data, $company)
{
if (empty($data))
return;
$set = [];
$params = [':id' => $id, ':company' => $company];
foreach ($data as $col => $val) {
$set[] = "`$col` = :$col";
$params[":$col"] = $val;
}
$sql = "UPDATE `$table` SET " . implode(', ', $set) . " WHERE Id = :id AND company = :company";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
}
function get_files($pdo, $table, $id)
{
$stmt = $pdo->prepare("SELECT * FROM device_files WHERE device_id = :id AND device_table = 'assets'");
$stmt->execute([':id' => $id]);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function upload_file($pdo, $s3, $table, $id, $file)
{
$fileName = $file['name'];
$tmpName = $file['tmp_name'];
$mime = $file['type'];
$size = $file['size'];
// Generate unique key
$key = "uploads/$table/$id/" . uniqid() . '_' . $fileName;
$result = $s3->uploadFile($tmpName, $key, $mime);
if ($result['success']) {
$stmt = $pdo->prepare("INSERT INTO device_files (device_id, device_table, file_path, file_name, mime_type, size) VALUES (:did, :dtab, :path, :name, :mime, :size)");
$stmt->execute([
':did' => $id,
':dtab' => 'assets',
':path' => $key,
':name' => $fileName,
':mime' => $mime,
':size' => $size
]);
return ['success' => true];
}
return $result;
}
function delete_file($pdo, $s3, $fileId)
{
$stmt = $pdo->prepare("SELECT * FROM device_files WHERE id = :id");
$stmt->execute([':id' => $fileId]);
$file = $stmt->fetch(PDO::FETCH_ASSOC);
if ($file) {
if ($s3->deleteFile($file['file_path'])) {
$del = $pdo->prepare("DELETE FROM device_files WHERE id = :id");
$del->execute([':id' => $fileId]);
return true;
}
}
return false;
}
// --- Handle file actions ---
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($role === 'user') {
die('Access Denied: Read-only user.');
}
if (isset($_FILES['new_file'])) {
$file = $_FILES['new_file'];
if ($file['error'] === UPLOAD_ERR_OK) {
$result = upload_file($pdo, $s3, $table, $recordId, $file);
if (!$result['success']) {
die("S3 Upload Failed. Code: " . $result['code'] . " | Message: " . htmlspecialchars($result['message']));
}
} else {
die("File upload error code: " . $file['error']);
}
header("Location: asset.php?id=" . urlencode((string) $recordId));
exit();
}
if (isset($_POST['delete_file'])) {
delete_file($pdo, $s3, $_POST['delete_file']);
header("Location: asset.php?id=" . urlencode((string) $recordId));
exit();
}
}
// --- Row data ---
$row = get_row($pdo, $table, $recordId, $company);
if ($role === 'user' && ($row['UserEmail'] ?? '') !== $currentUserEmail) {
die('Access Denied: You do not own this asset.');
}
$files = get_files($pdo, $table, $recordId);
$companyUsers = [];
if ($role === 'admin' || $role === 'manager' || $role === 'superadmin') {
// Fetch all users for this company to populate the dropdown
$uStmt = $pdo->prepare("SELECT email FROM users WHERE company = :comp ORDER BY email ASC");
$uStmt->execute([':comp' => $company]);
$companyUsers = $uStmt->fetchAll(PDO::FETCH_COLUMN);
}
function escape($v)
{
return htmlspecialchars((string) ($v ?? ''), ENT_QUOTES, 'UTF-8');
}
// Serial number for title/h2; fall back to record id if empty
$serial = trim((string) ($row['SN'] ?? ''));
$serialForTitle = $serial !== '' ? $serial : (string) $recordId;
// --- Columns config ---
// Reordered: Term first, then LastSeen, then UserEmail, then rest.
$columns = [
'Id',
'UUID',
'SN',
'OS',
'OSVersion',
'Hostname',
'Mobile',
'Manufacturer',
'Term',
'LastSeen',
'UserEmail',
'BYOD',
'Status',
'Warranty',
'Asset',
'PurchaseDate',
'CypherID',
'CypherKey',
'Notes'
];
// Insert the new read-only, view-only columns immediately after CypherKey (or append if not present)
$newReadOnlyCols = [
'CPUs',
'HDs',
'HDsTypes',
'HDsSpacesGB',
'NetworkAdapters',
'MACAddresses',
'ESETComponents',
'PrimaryLocalIP',
'PrimaryRemoteIP'
];
$idx = array_search('CypherKey', $columns, true);
if ($idx !== false) {
array_splice($columns, $idx + 1, 0, $newReadOnlyCols);
} else {
// Non-admin or CypherKey absent: still show these new fields
$columns = array_merge($columns, $newReadOnlyCols);
}
$hidden = ['Id'];
$editable = ['UserEmail', 'Status', 'Warranty', 'Asset', 'PurchaseDate', 'BYOD'];
// Role-based editability
if ($role === 'user') {
$editable = [];
} else {
// Manager, Admin, Superadmin can edit Notes
if (in_array($role, ['manager', 'admin', 'superadmin'])) {
$editable[] = 'Notes';
}
// Admin, Superadmin can edit Cypher fields
if (in_array($role, ['admin', 'superadmin'])) {
$editable[] = 'CypherID';
$editable[] = 'CypherKey';
}
}
// Mark the requested fields as read-only (view-only)
$readonly = array_merge(
['Hostname'],
[
'CPUs',
'HDs',
'HDsTypes',
'HDsSpacesGB',
'NetworkAdapters',
'MACAddresses',
'ESETComponents',
'PrimaryLocalIP',
'PrimaryRemoteIP'
]
);
$display = array_filter($columns, fn($c) => !in_array($c, $hidden, true));
$status_options = ["In Use", "In Stock", "In Repair", "Replaced", "Decommissioned", "Lost or Stolen"];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>CMDB Row Details (SN #<?php echo escape($serialForTitle); ?>)</title>
<link rel="stylesheet" href="style.css">
</head>
<body class="asset-page">
<a href="main.php" class="back-link">&larr; Back to CMDB Company: <?php echo escape($company); ?></a>
<h2>CMDB Row Details (SN #<?php echo escape($serialForTitle); ?>)</h2>
<form method="post" action="save_row.php" class="form-section">
<input type="hidden" name="row[Id]" value="<?php echo escape($row['Id'] ?? $recordId); ?>">
<input type="hidden" name="row[UUID]" value="<?php echo escape($row['UUID'] ?? ''); ?>">
<table class="details-table">
<tbody>
<?php foreach ($display as $col): ?>
<tr>
<th><?php echo escape($col); ?></th>
<td>
<?php
$value = $row[$col] ?? '';
// Mobile: show "True"/"False" explicitly
if ($col === 'Mobile') {
$norm = is_bool($value) ? $value : strtolower(trim((string) $value));
$isMobile = is_bool($norm) ? $norm : in_array($norm, ['true', '1', 'yes', 'on'], true);
echo $isMobile ? 'True' : 'False';
} elseif ($col === 'Term') {
$count = is_array($row['Term'] ?? null) ? count($row['Term']) : 0;
echo $count ? "$count file" . ($count > 1 ? 's' : '') : 'No files';
} elseif ($col === 'SN') {
echo escape($value);
} elseif (in_array($col, $editable, true)) {
if ($col === 'BYOD') {
$v = strtolower(trim((string) $value));
$isTrue = in_array($v, ['true', '1', 'yes', 'on'], true);
?>
<select name="row[BYOD]">
<option value="true" <?php echo $isTrue ? 'selected' : ''; ?>>True</option>
<option value="false" <?php echo !$isTrue ? 'selected' : ''; ?>>False</option>
</select>
<?php } elseif ($col === 'Status') { ?>
<select name="row[Status]">
<option value="" <?php echo ($value === '' || is_null($value)) ? 'selected' : ''; ?>></option>
<?php foreach ($status_options as $opt): ?>
<option value="<?php echo escape($opt); ?>" <?php echo ($value === $opt) ? 'selected' : ''; ?>>
<?php echo escape($opt); ?>
</option>
<?php endforeach; ?>
</select>
<?php } elseif ($col === 'UserEmail') { ?>
<select name="row[UserEmail]">
<option value="" <?php echo ($value === '') ? 'selected' : ''; ?>></option>
<?php foreach ($companyUsers as $uEmail): ?>
<option value="<?php echo escape($uEmail); ?>" <?php echo ($value === $uEmail) ? 'selected' : ''; ?>>
<?php echo escape($uEmail); ?>
</option>
<?php endforeach; ?>
</select>
<?php } elseif ($col === 'Warranty' || $col === 'PurchaseDate') { ?>
<input type="date" name="row[<?php echo escape($col); ?>]"
value="<?php echo escape($value); ?>">
<?php } elseif ($col === 'Notes') { ?>
<textarea name="row[<?php echo escape($col); ?>]" rows="5" style="width: 100%;"><?php echo escape($value); ?></textarea>
<?php } else { ?>
<input type="text" name="row[<?php echo escape($col); ?>]"
value="<?php echo escape($value); ?>">
<?php }
} elseif (in_array($col, $readonly, true)) {
echo is_array($value) ? escape(json_encode($value)) : escape($value);
} elseif ($col === 'BYOD') {
$v = strtolower(trim((string) $value));
$isTrue = in_array($v, ['true', '1', 'yes', 'on'], true);
echo $isTrue ? 'True' : 'False';
} else {
echo is_array($value) ? escape(json_encode($value)) : escape($value);
}
?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<div class="save-section">
<?php if ($role !== 'user'): ?>
<button type="submit">Save Changes</button>
<?php endif; ?>
</div>
</form>
<!-- Files Upload -->
<?php if ($role !== 'user'): ?>
<div class="upload-box">
<h3>Upload New File</h3>
<form method="post" enctype="multipart/form-data">
<input type="file" name="new_file" required>
<button type="submit" class="upload">Upload</button>
</form>
</div>
<?php endif; ?>
<!-- Existing Files -->
<div class="existing-files">
<h3>Existing Files</h3>
<div class="file-list">
<?php if (is_array($files) && count($files)):
foreach ($files as $f):
$url = $s3->getPresignedUrl($f['file_path']);
$title = $f['file_name'];
$delete = $f['id'];
?>
<div class="file-item">
<a href="<?php echo escape($url); ?>" target="_blank"><?php echo escape($title); ?></a>
<?php if ($role !== 'user'): ?>
<form method="post" style="display:inline;">
<input type="hidden" name="delete_file" value="<?php echo escape($delete); ?>">
<button type="submit" onclick="return confirm('Delete this file?');">Delete</button>
</form>
<?php endif; ?>
</div>
<?php endforeach; else: ?>
<div>No files found.</div>
<?php endif; ?>
</div>
</div>
</body>
</html>

159
public/export.php Normal file
View File

@@ -0,0 +1,159 @@
<?php
session_start();
require_once '../config.php';
// Only allow logged-in users to export
if (!isset($_SESSION['user_email'])) {
header('HTTP/1.1 403 Forbidden');
echo 'Access denied';
exit();
}
$company = $_SESSION['company'] ?? '';
if ($company === '') {
die('No company assigned in session.');
}
$userTableName = 'assets';
// Check admin status from session
$role = $_SESSION['role'] ?? 'user';
$isAdmin = ($role === 'admin');
// Base columns matching your main.php + asset.php (all visible for export)
$base_columns = [
'Id',
'UUID',
'SN',
'OS',
'OSVersion',
'Hostname',
'Mobile',
'Manufacturer',
'Term',
'LastSeen',
'UserEmail',
'BYOD',
'Status',
'Warranty',
'Asset',
'PurchaseDate'
];
// Admin-only columns
$admin_columns = ['CypherID', 'CypherKey'];
// Read-only additional columns included for everyone (some admin-only?), from asset.php insertion logic
$additional_read_only = [
'CPUs',
'HDs',
'HDsTypes',
'HDsSpacesGB',
'NetworkAdapters',
'MACAddresses',
'ESETComponents',
'PrimaryLocalIP',
'PrimaryRemoteIP'
];
// Build columns for export respecting admin rights
$columns_to_export = $base_columns;
if ($isAdmin) {
// Insert admin columns after 'Asset' (somewhere in middle, here after base)
$columns_to_export = array_merge($columns_to_export, $admin_columns);
}
$columns_to_export = array_merge($columns_to_export, $additional_read_only);
$fields_param = implode(',', $columns_to_export);
// Get filter and sort parameters from GET to match the table view
$search_field = $_GET['search_field'] ?? '';
$search_text = $_GET['search_text'] ?? '';
$sort_by = $_GET['sort_by'] ?? '';
$sort_dir = strtolower($_GET['sort_dir'] ?? 'asc');
$sort_dir = in_array($sort_dir, ['asc', 'desc'], true) ? $sort_dir : 'asc';
$filterParamStr = '';
if ($search_field !== '' && $search_text !== '') {
$filterParamStr = '&where=(' . rawurlencode($search_field) . ',like,' . rawurlencode('%' . $search_text . '%') . ')';
}
$sortParamStr = '';
if ($sort_by !== '' && in_array($sort_by, $columns_to_export, true)) {
$prefix = ($sort_dir === 'desc') ? '-' : '+';
$sortParamStr = '&sort=' . rawurlencode($prefix . $sort_by);
}
// Helper: DB Connection
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
// Build Query
$whereClauses = [];
$params = [];
if ($search_field !== '' && $search_text !== '') {
$whereClauses[] = "`$search_field` LIKE :searchText";
$params[':searchText'] = '%' . $search_text . '%';
}
// Always filter by company
$whereClauses[] = "`company` = :company";
$params[':company'] = $company;
$whereSql = '';
if (!empty($whereClauses)) {
$whereSql = 'WHERE ' . implode(' AND ', $whereClauses);
}
// Sorting
$orderSql = '';
if ($sort_by !== '' && in_array($sort_by, $columns_to_export, true)) {
$orderSql = "ORDER BY `$sort_by` " . ($sort_dir === 'desc' ? 'DESC' : 'ASC');
} else {
$orderSql = "ORDER BY Id DESC";
}
// Fetch All Rows
$sql = "SELECT * FROM `$userTableName` $whereSql $orderSql";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
$allRows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Send headers to prompt download as CSV file
header('Content-Type: text/csv; charset=UTF-8');
header('Content-Disposition: attachment; filename="cmdb_export_' . date('Ymd_His') . '.csv"');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
header('Expires: 0');
$output = fopen('php://output', 'w');
// Write UTF-8 BOM for Excel compatibility
fwrite($output, "\xEF\xBB\xBF");
// Write CSV header row
fputcsv($output, $columns_to_export);
// Write all rows
foreach ($allRows as $row) {
$exportRow = [];
foreach ($columns_to_export as $colName) {
$val = $row[$colName] ?? '';
if (is_array($val)) {
$val = implode('; ', $val); // Flatten arrays if any
}
$exportRow[] = $val;
}
fputcsv($output, $exportRow);
}
fclose($output);
exit();

123
public/index.php Normal file
View File

@@ -0,0 +1,123 @@
<?php
// index.php
session_start();
require_once '../config.php';
require_once '../auth_keycloak.php';
$debug = false;
$message = '';
// Initialize Keycloak Helper
$keycloak = new KeycloakAuth();
// Handle Logout
if (isset($_GET['action']) && $_GET['action'] === 'logout') {
session_destroy();
header('Location: ' . $keycloak->getLogoutUrl());
exit();
}
// Handle Keycloak Callback
if (isset($_GET['code'])) {
$tokenData = $keycloak->getToken($_GET['code']);
if ($tokenData && isset($tokenData['access_token'])) {
$userInfo = $keycloak->getUserInfo($tokenData['access_token']);
if ($userInfo && isset($userInfo['email'])) {
$email = $userInfo['email'];
// Verify user in MariaDB
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
$user = $keycloak->verifyUser($email, $pdo);
if ($user) {
$company = $user['company'] ?? '';
$role = $user['role'] ?? 'user';
$_SESSION['user_email'] = $email;
$_SESSION['company'] = $company;
$_SESSION['role'] = $role;
header('Location: main.php');
exit();
} else {
$message = 'Access Denied: User not found in authorized list.';
}
} else {
$message = 'Failed to retrieve user information from Keycloak.';
}
} else {
$message = 'Failed to authenticate with Keycloak.';
}
}
// If already logged in, redirect to main
if (isset($_SESSION['user_email'])) {
header('Location: main.php');
exit();
}
// If no code and not logged in, show login page or redirect
// For better UX, we can show a "Login with SSO" button or auto-redirect.
// Let's show a simple page with a button to avoid infinite loops if configuration is wrong.
$loginUrl = $keycloak->getLoginUrl();
?>
<!DOCTYPE html>
<html>
<head>
<title>CMDB - Login</title>
<meta charset="utf-8">
<link rel="stylesheet" href="style.css">
<style>
.login-container {
text-align: center;
margin-top: 100px;
}
.sso-btn {
display: inline-block;
padding: 10px 20px;
background-color: #4CAF50;
color: white;
text-decoration: none;
border-radius: 5px;
font-size: 16px;
}
.sso-btn:hover {
background-color: #45a049;
}
.error-msg {
color: red;
margin-bottom: 20px;
}
</style>
</head>
<body class="login-page">
<div class="login-container">
<h2>CMDB - Login</h2>
<?php if ($message): ?>
<p class="error-msg"><?php echo htmlspecialchars($message); ?></p>
<?php endif; ?>
<p>Please sign in using your company account.</p>
<a href="<?php echo htmlspecialchars($loginUrl); ?>" class="sso-btn">Sign in with SSO</a>
</div>
</body>
</html>

9
public/logout.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
// logout.php
session_start();
require_once '../config.php';
require_once '../auth_keycloak.php';
session_destroy();
header('Location: index.php?action=logout');
exit();

426
public/main.php Normal file
View File

@@ -0,0 +1,426 @@
<?php
//main.php
session_start();
require_once '../config.php';
require_once '../auth_keycloak.php';
if (!isset($_SESSION['user_email'])) {
header('Location: index.php');
exit();
}
$role = $_SESSION['role'] ?? 'user';
// Superadmin: Handle company switch
if ($role === 'superadmin') {
// Fetch all available companies
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
$stmt = $pdo->query("SELECT DISTINCT company FROM assets ORDER BY company ASC");
$allCompanies = $stmt->fetchAll(PDO::FETCH_COLUMN);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
// Handle switch action
if (isset($_POST['switch_company']) && in_array($_POST['switch_company'], $allCompanies)) {
$_SESSION['company'] = $_POST['switch_company'];
header("Location: main.php");
exit();
}
}
$company = $_SESSION['company'] ?? '';
if ($company === '') {
if ($role === 'superadmin' && !empty($allCompanies)) {
// Auto-select first company if none selected
$company = $allCompanies[0];
$_SESSION['company'] = $company;
} else {
die('No company assigned in session.');
}
}
$userTableName = 'assets'; // Fixed table name
$role = $_SESSION['role'] ?? 'user';
$currentUserEmail = $_SESSION['user_email'] ?? '';
$perPage = 25;
$page = (isset($_GET['page']) && is_numeric($_GET['page']) && $_GET['page'] > 0) ? intval($_GET['page']) : 1;
// Sorting
$sort_by = $_GET['sort_by'] ?? '';
$sort_dir = strtolower($_GET['sort_dir'] ?? 'asc');
$sort_dir = in_array($sort_dir, ['asc','desc'], true) ? $sort_dir : 'asc';
// Columns to fetch from API (Term before UserEmail)
$columns_to_show = [
'Id','UUID','SN','OS','OSVersion','Hostname','Mobile','Manufacturer',
'Term','UserEmail','BYOD','Status','Warranty','Asset','PurchaseDate',
'CypherID','CypherKey'
];
// Columns editable in this grid
$columns_editable = ['UserEmail','Status','Warranty','Asset','PurchaseDate','BYOD'];
// Columns read-only in this grid
$columns_readonly = ['Hostname'];
// Columns hidden in this grid (but still fetched)
$columns_hidden = ['Id','UUID','CypherID','CypherKey','OSVersion','Mobile'];
// Visible columns in this grid (Term will appear before UserEmail here)
$columns_visible = array_values(array_diff($columns_to_show, $columns_hidden));
if ($role === 'user') {
$columns_editable = [];
$columns_readonly = $columns_visible;
}
$fields_param = implode(',', $columns_to_show);
// Hardcoded Status options
$status_options = ["In Use","In Stock","In Repair","Replaced","Decommissioned","Lost or Stolen"];
// Search/filter
$search_field = $_GET['search_field'] ?? '';
$search_text = $_GET['search_text'] ?? '';
$filterParamStr = '';
if ($search_field !== '' && $search_text !== '') {
$filterParamStr = '&where=(' . rawurlencode($search_field) . ',like,' . rawurlencode('%' . $search_text . '%') . ')';
}
// Helper: DB Connection
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
// Build Query
$whereClauses = [];
$params = [];
if ($search_field !== '' && $search_text !== '') {
$whereClauses[] = "`$search_field` LIKE :searchText";
$params[':searchText'] = '%' . $search_text . '%';
}
if ($role === 'user') {
$whereClauses[] = "`UserEmail` = :currentUserEmail";
$params[':currentUserEmail'] = $currentUserEmail;
}
// Always filter by company
$whereClauses[] = "`company` = :company";
$params[':company'] = $company;
$whereSql = '';
if (!empty($whereClauses)) {
$whereSql = 'WHERE ' . implode(' AND ', $whereClauses);
}
// Count Total
$countSql = "SELECT COUNT(*) FROM `$userTableName` $whereSql";
$stmt = $pdo->prepare($countSql);
$stmt->execute($params);
$totalRows = $stmt->fetchColumn();
$totalPages = $perPage > 0 ? (int)ceil($totalRows / $perPage) : 1;
// Sorting
$orderSql = '';
if ($sort_by !== '' && in_array($sort_by, $columns_to_show, true)) {
$orderSql = "ORDER BY `$sort_by` " . ($sort_dir === 'desc' ? 'DESC' : 'ASC');
} else {
// Default sort
$orderSql = "ORDER BY Id DESC";
}
// Pagination
$offset = ($page - 1) * $perPage;
$limitSql = "LIMIT :offset, :limit";
// Fetch Rows
$sql = "SELECT * FROM `$userTableName` $whereSql $orderSql $limitSql";
$stmt = $pdo->prepare($sql);
foreach ($params as $k => $v) {
$stmt->bindValue($k, $v);
}
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->bindValue(':limit', $perPage, PDO::PARAM_INT);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
$companyUsers = [];
if ($role === 'admin' || $role === 'manager' || $role === 'superadmin') {
// Fetch all users for this company to populate the dropdown
// We need to query the 'users' table.
$uStmt = $pdo->prepare("SELECT email FROM users WHERE company = :comp ORDER BY email ASC");
$uStmt->execute([':comp' => $company]);
$companyUsers = $uStmt->fetchAll(PDO::FETCH_COLUMN);
}
function escape($text) {
return htmlspecialchars((string)$text, ENT_QUOTES, 'UTF-8');
}
function count_files_in_term($row, $pdo, $tableName) {
$id = $row['Id'] ?? 0;
$stmt = $pdo->prepare("SELECT COUNT(*) FROM device_files WHERE device_id = :id AND device_table = 'assets'");
$stmt->execute([':id' => $id]);
return $stmt->fetchColumn();
}
// Preserve query params for pagination links
$queryParams = $_GET;
unset($queryParams['page']);
$queryFilterStr = http_build_query($queryParams);
$paginationSuffix = $queryFilterStr ? '&' . $queryFilterStr : '';
$startRecord = $totalRows > 0 ? (($page - 1) * $perPage) + 1 : 0;
$endRecord = ($page * $perPage) > $totalRows ? $totalRows : ($page * $perPage);
// Helper to build sorted header links and arrow
function sort_link($col, $current_by, $current_dir) {
$params = $_GET;
$params['sort_by'] = $col;
$params['sort_dir'] = ($current_by === $col && strtolower($current_dir) === 'asc') ? 'desc' : 'asc';
$qs = http_build_query($params);
return '?' . $qs;
}
function sort_arrow($col, $current_by, $current_dir) {
if ($col !== $current_by) return '';
return strtolower($current_dir) === 'asc' ? '▲' : '▼';
}
?>
<!DOCTYPE html>
<html>
<head>
<title>CMDB Company: <?php echo escape($company); ?></title>
<meta charset="utf-8">
<link rel="stylesheet" href="style.css">
</head>
<body>
<h2>CMDB Company: <?php echo escape($company); ?></h2>
<p>Signed in as: <?php echo escape($_SESSION['user_email']); ?> (<?php echo escape($role); ?>)</p>
<?php if ($role === 'superadmin'): ?>
<div class="superadmin-controls" style="background: #f0f0f0; padding: 10px; margin-bottom: 20px; border: 1px solid #ccc;">
<form method="post" style="display:inline;">
<label for="switch_company"><strong>Superadmin - Switch Company:</strong></label>
<select name="switch_company" id="switch_company" onchange="this.form.submit()">
<?php foreach ($allCompanies as $comp): ?>
<option value="<?php echo escape($comp); ?>" <?php echo ($company === $comp) ? 'selected' : ''; ?>>
<?php echo escape($comp); ?>
</option>
<?php endforeach; ?>
</select>
<noscript><button type="submit">Switch</button></noscript>
</form>
</div>
<?php endif; ?>
<div class="search-container" style="display: flex; align-items: center; gap: 1rem; flex-wrap: wrap;">
<form method="get" action="main.php" style="flex-grow:1; min-width: 300px; max-width: 600px;">
<label for="search_field">Search Field:</label>
<select name="search_field" id="search_field" required>
<option value="" disabled <?php echo $search_field === '' ? 'selected' : ''; ?>>Select field</option>
<?php foreach ($columns_visible as $col): ?>
<option value="<?php echo escape($col); ?>" <?php echo ($search_field === $col) ? 'selected' : ''; ?>>
<?php echo escape($col); ?>
</option>
<?php endforeach; ?>
</select>
<label for="search_text">Search Text:</label>
<input type="text" id="search_text" name="search_text" value="<?php echo escape($search_text); ?>" required>
<button type="submit">Search</button>
<a href="main.php" style="margin-left:10px;">Clear</a>
</form>
<form method="get" action="export.php" style="margin: 0;">
<?php if ($search_field !== ''): ?>
<input type="hidden" name="search_field" value="<?php echo escape($search_field); ?>">
<?php endif; ?>
<?php if ($search_text !== ''): ?>
<input type="hidden" name="search_text" value="<?php echo escape($search_text); ?>">
<?php endif; ?>
<?php if ($sort_by !== ''): ?>
<input type="hidden" name="sort_by" value="<?php echo escape($sort_by); ?>">
<?php endif; ?>
<?php if ($sort_dir !== ''): ?>
<input type="hidden" name="sort_dir" value="<?php echo escape($sort_dir); ?>">
<?php endif; ?>
<button type="submit" class="export-btn">Export to Excel</button>
</form>
<div class="header-links">
<form method="post" action="logout.php" style="display:inline;">
<button type="submit">Logout</button>
</form>
</div>
</div>
<div class="record-info">
Showing <?php echo (int)$startRecord; ?> to <?php echo (int)$endRecord; ?> of <?php echo (int)$totalRows; ?> records
</div>
<form method="post" action="save_rows.php" id="editForm">
<table>
<thead>
<tr>
<?php foreach ($columns_visible as $col): ?>
<?php $arrow = sort_arrow($col, $sort_by, $sort_dir); ?>
<th>
<a href="<?php echo escape(sort_link($col, $sort_by, $sort_dir)); ?>">
<?php echo escape($col); ?>
<?php if ($arrow): ?><span class="arrow"><?php echo $arrow; ?></span><?php endif; ?>
</a>
</th>
<?php endforeach; ?>
</tr>
</thead>
<tbody>
<?php foreach ($rows as $index => $row): ?>
<?php
$row = (array)$row;
$rowId = $row['Id'] ?? '';
?>
<tr data-row-index="<?php echo (int)$index; ?>">
<input type="hidden" name="rows[<?php echo (int)$index; ?>][Id]" value="<?php echo escape($rowId); ?>">
<input type="hidden" name="rows[<?php echo (int)$index; ?>][UUID]" value="<?php echo escape($row['UUID'] ?? ''); ?>">
<?php foreach ($columns_visible as $col): ?>
<td>
<?php
$value = $row[$col] ?? '';
if ($col === 'SN') {
$label = ($value !== '') ? escape($value) : 'Open files';
echo '<a href="asset.php?id=' . urlencode($rowId) . '">' . $label . '</a>';
} elseif ($col === 'Term') {
$fileCount = count_files_in_term($row, $pdo, $userTableName);
echo '<a href="asset.php?id=' . urlencode($rowId) . '">';
echo $fileCount > 0 ? ($fileCount . ' file' . ($fileCount > 1 ? 's' : '')) : 'No files';
echo '</a>';
} elseif (in_array($col, $columns_editable, true)) {
if ($col === 'BYOD') {
$v = strtolower(trim((string)$value));
$isTrue = in_array($v, ['true','1','yes','on'], true);
?>
<select name="rows[<?php echo (int)$index; ?>][BYOD]" class="track-change">
<option value="true" <?php echo $isTrue ? 'selected' : ''; ?>>True</option>
<option value="false" <?php echo !$isTrue ? 'selected' : ''; ?>>False</option>
</select>
<?php
} elseif ($col === 'Status') { ?>
<select name="rows[<?php echo (int)$index; ?>][Status]" class="track-change">
<option value="" <?php echo ($value === '' || is_null($value)) ? 'selected' : ''; ?>></option>
<?php foreach ($status_options as $option): ?>
<option value="<?php echo escape($option); ?>" <?php echo ($value === $option) ? 'selected' : ''; ?>>
<?php echo escape($option); ?>
</option>
<?php endforeach; ?>
</select>
<?php
} elseif ($col === 'UserEmail') { ?>
<select name="rows[<?php echo (int)$index; ?>][UserEmail]" class="track-change">
<option value="" <?php echo ($value === '') ? 'selected' : ''; ?>></option>
<?php foreach ($companyUsers as $uEmail): ?>
<option value="<?php echo escape($uEmail); ?>" <?php echo ($value === $uEmail) ? 'selected' : ''; ?>>
<?php echo escape($uEmail); ?>
</option>
<?php endforeach; ?>
</select>
<?php
} elseif ($col === 'Warranty' || $col === 'PurchaseDate') { ?>
<input
type="date"
name="rows[<?php echo (int)$index; ?>][<?php echo escape($col); ?>]"
value="<?php echo escape($value); ?>"
class="track-change"
>
<?php
} elseif ($col === 'Asset') { ?>
<input
type="text"
name="rows[<?php echo (int)$index; ?>][Asset]"
value="<?php echo escape($value); ?>"
class="track-change"
>
<?php
} else { ?>
<input
type="text"
name="rows[<?php echo (int)$index; ?>][<?php echo escape($col); ?>]"
value="<?php echo escape($value); ?>"
class="track-change"
>
<?php
}
} elseif ($col === 'BYOD') {
$v = strtolower(trim((string)$value));
$isTrue = in_array($v, ['true','1','yes','on'], true);
echo $isTrue ? 'True' : 'False';
} elseif (in_array($col, $columns_readonly, true)) {
echo escape($value);
} else {
echo escape($value);
}
?>
</td>
<?php endforeach; ?>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<br>
<button type="submit">Save Changes</button>
</form>
<div class="pagination">
<?php if ($page > 1): ?>
<a href="?page=<?php echo ($page - 1) . $paginationSuffix; ?>">&laquo; Previous</a>
<?php else: ?>
<span>&laquo; Previous</span>
<?php endif; ?>
<span class="current">Page <?php echo (int)$page; ?> of <?php echo (int)max(1, $totalPages); ?></span>
<?php if ($page < $totalPages): ?>
<a href="?page=<?php echo ($page + 1) . $paginationSuffix; ?>">Next &raquo;</a>
<?php else: ?>
<span>Next &raquo;</span>
<?php endif; ?>
</div>
<script>
// Preserve native validation and only disable untouched rows.
document.getElementById('editForm').addEventListener('submit', function(e) {
const form = this;
Array.from(form.querySelectorAll('tbody tr')).forEach(function(row) {
let hasChanged = false;
Array.from(row.querySelectorAll('[name^="rows["]')).forEach(function(input) {
if (input.type === "hidden") return;
if (input.type === "checkbox" || input.type === "radio") {
if (input.checked !== input.defaultChecked) hasChanged = true;
} else if (input.tagName === "SELECT") {
const selectedIndex = input.selectedIndex;
let hasDefaultSelected = false;
Array.from(input.options).forEach(function(opt, idx) {
if (opt.defaultSelected && idx === selectedIndex) {
hasDefaultSelected = true;
}
});
if (!hasDefaultSelected) {
const anyDefault = Array.from(input.options).some(opt => opt.defaultSelected);
if (!anyDefault) {
if (input.value !== '') hasChanged = true;
} else {
hasChanged = true;
}
}
} else {
if (input.value !== input.defaultValue) hasChanged = true;
}
});
if (!hasChanged) {
Array.from(row.querySelectorAll('input,select,textarea')).forEach(function(input) {
input.disabled = true;
});
}
});
if (!form.reportValidity()) {
e.preventDefault();
return false;
}
});
</script>
</body>
</html>

235
public/save_row.php Normal file
View File

@@ -0,0 +1,235 @@
<?php
// save_row.php
session_start();
require_once '../config.php';
require_once '../s3_client.php';
if (!isset($_SESSION['user_email'])) {
header('Location: index.php');
exit();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['row'])) {
http_response_code(405);
exit('Method Not Allowed');
}
$userEmail = $_SESSION['user_email'];
$company = $_SESSION['company'] ?? '';
if ($company === '') {
http_response_code(400);
exit('No company assigned in session.');
}
$userTableName = 'assets';
$row = $_POST['row'];
$rowId = $row['Id'] ?? null;
$uuidForLog = $row['UUID'] ?? '';
if (!$rowId) {
http_response_code(400);
exit('Missing Id');
}
// ----------------- Helpers (same style as save_rows.php) -----------------
// Helpers
// DB Connection
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
// GET current row (before) to compare
function get_row($pdo, $table, $pk, $company)
{
$stmt = $pdo->prepare("SELECT * FROM `$table` WHERE Id = :id AND company = :company");
$stmt->execute([':id' => $pk, ':company' => $company]);
return $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
// PATCH only certain fields
function update_row($pdo, $table, $pk, $data, $company)
{
if (empty($data))
return ['ok' => true];
$set = [];
$params = [':id' => $pk, ':company' => $company];
foreach ($data as $col => $val) {
$set[] = "`$col` = :$col";
$params[":$col"] = $val;
}
$sql = "UPDATE `$table` SET " . implode(', ', $set) . " WHERE Id = :id AND company = :company";
try {
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
return ['ok' => true];
} catch (PDOException $e) {
return ['error' => $e->getMessage()];
}
}
// INSERT a single audit log
function insert_log($pdo, $email, $field, $newValue, $uuid, $dateTimeIsoUtc)
{
// Skip logging for now or implement local log table
return ['ok' => true];
}
// Normalize payload similarly to your grid flow
function normalize_update_payload(array $input): array
{
$updateData = $input;
// Remove PK/immutable from update set
unset($updateData['Id']);
// Email: optional, but if filled must be valid; blank -> null
if (array_key_exists('UserEmail', $updateData)) {
$emailVal = trim((string) ($updateData['UserEmail'] ?? ''));
if ($emailVal !== '' && !filter_var($emailVal, FILTER_VALIDATE_EMAIL)) {
$updateData['**invalid_email**'] = $emailVal;
} else {
$updateData['UserEmail'] = ($emailVal === '') ? null : $emailVal;
}
}
// BYOD boolean normalization
if (array_key_exists('BYOD', $updateData)) {
$val = strtolower(trim((string) $updateData['BYOD']));
$updateData['BYOD'] = in_array($val, ['true', '1', 'on', 'yes'], true) ? 1 : 0;
}
// Optional date/text fields: empty string -> null
foreach (['Warranty', 'PurchaseDate', 'Asset'] as $field) {
if (array_key_exists($field, $updateData)) {
$v = $updateData[$field];
if ($v === '' || $v === null) {
$updateData[$field] = null;
} elseif (in_array($field, ['Warranty', 'PurchaseDate'], true)) {
// Normalize to YYYY-MM-DD if parseable; else null
$ts = strtotime((string) $v);
$updateData[$field] = ($ts !== false) ? date('Y-m-d', $ts) : null;
}
}
}
return $updateData;
}
// Robust equality with normalization (empty string ~ null, boolean-ish strings, numeric strings)
function values_equal($a, $b): bool
{
$boolMap = ['true' => true, 'false' => false, '1' => true, '0' => false, 'yes' => true, 'no' => false];
if (is_string($a) && array_key_exists(strtolower($a), $boolMap))
$a = $boolMap[strtolower($a)];
if (is_string($b) && array_key_exists(strtolower($b), $boolMap))
$b = $boolMap[strtolower($b)];
if (is_string($a) && is_numeric($a))
$a = $a + 0;
if (is_string($b) && is_numeric($b))
$b = $b + 0;
// Treat '' and null as equal
if ($a === '' && $b === null)
return true;
if ($b === '' && $a === null)
return true;
if ((is_array($a) || is_object($a)) || (is_array($b) || is_object($b))) {
return json_encode($a, JSON_UNESCAPED_SLASHES) === json_encode($b, JSON_UNESCAPED_SLASHES);
}
return $a === $b;
}
// ----------------- Build and apply update -----------------
// Compute which fields are allowed to be edited on this page
$editable = ['UserEmail', 'Status', 'Warranty', 'Asset', 'PurchaseDate', 'BYOD'];
$role = $_SESSION['role'] ?? 'user';
if ($role !== 'user') {
// Manager, Admin, Superadmin can edit Notes
if (in_array($role, ['manager', 'admin', 'superadmin'])) {
$editable[] = 'Notes';
}
// Admin, Superadmin can edit Cypher fields
if (in_array($role, ['admin', 'superadmin'])) {
$editable[] = 'CypherID';
$editable[] = 'CypherKey';
}
}
// Start from posted row; keep only editable keys
$incoming = [];
foreach ($editable as $k) {
if (array_key_exists($k, $row)) {
$incoming[$k] = $row[$k];
}
}
// Normalize incoming values (email/boolean/dates/empties)
$updateData = normalize_update_payload($incoming);
// Abort on invalid email (mirror save_rows.php behavior)
if (isset($updateData['**invalid_email**'])) {
header("Location: asset.php?id=" . urlencode((string) $rowId));
exit();
}
// If nothing submitted, return
if (empty($updateData)) {
header("Location: asset.php?id=" . urlencode((string) $rowId));
exit();
}
// Fetch current state
$before = get_row($pdo, $userTableName, $rowId, $company);
if (empty($before)) {
// On fetch error, just return to the page (or render an error if preferred)
header("Location: asset.php?id=" . urlencode((string) $rowId));
exit();
}
// Determine actual changes vs DB
$changedPayload = [];
$changedFields = [];
foreach ($updateData as $fieldName => $newVal) {
$oldVal = $before[$fieldName] ?? null;
if (!values_equal($oldVal, $newVal)) {
$changedPayload[$fieldName] = $newVal;
$changedFields[$fieldName] = $newVal;
}
}
// If no changes, redirect back
if (empty($changedPayload)) {
header("Location: asset.php?id=" . urlencode((string) $rowId));
exit();
}
// Apply PATCH with only changed fields
$result = update_row($pdo, $userTableName, $rowId, $changedPayload, $company);
if (isset($result['error'])) {
// If update failed, just go back; you can improve UX with a query param or flash
header("Location: asset.php?id=" . urlencode((string) $rowId));
exit();
}
// Write one log per changed field (skip sensitive values if needed)
$nowUtc = (new DateTime('now', new DateTimeZone('UTC')))->format('Y-m-d\TH:i:s\Z');
foreach ($changedFields as $fieldName => $newValue) {
if (in_array($fieldName, ['CypherKey'], true)) {
// Skip logging sensitive secrets if desired
continue;
}
insert_log($pdo, $userEmail, $fieldName, $newValue, $uuidForLog, $nowUtc);
}
// Done
header("Location: asset.php?id=" . urlencode((string) $rowId));
exit();

241
public/save_rows.php Normal file
View File

@@ -0,0 +1,241 @@
<?php
// save_rows.php
session_start();
require_once '../config.php';
require_once '../s3_client.php';
if (!isset($_SESSION['user_email'])) {
header('Location: index.php');
exit();
}
$userEmail = $_SESSION['user_email'];
$company = $_SESSION['company'] ?? '';
if ($company === '') {
http_response_code(400);
exit('Missing company from session.');
}
$userTableName = 'assets';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
exit('Method Not Allowed');
}
$rows = $_POST['rows'] ?? [];
// Helpers
// Helpers
// DB Connection
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
// GET a single row by Id to compare before/after
function get_row($pdo, $table, $pk, $company)
{
$stmt = $pdo->prepare("SELECT * FROM `$table` WHERE Id = :id AND company = :company");
$stmt->execute([':id' => $pk, ':company' => $company]);
return $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
// PATCH a single row by Id
function update_row($pdo, $table, $pk, $data, $company)
{
if (empty($data))
return ['ok' => true];
$set = [];
$params = [':id' => $pk, ':company' => $company];
foreach ($data as $col => $val) {
$set[] = "`$col` = :$col";
$params[":$col"] = $val;
}
$sql = "UPDATE `$table` SET " . implode(', ', $set) . " WHERE Id = :id AND company = :company";
try {
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
return ['ok' => true];
} catch (PDOException $e) {
return ['error' => $e->getMessage()];
}
}
// INSERT a single audit log (Optional: create a logs table if you want to keep this feature)
// For now, we'll skip logging or just log to a file/table if requested.
// The user didn't explicitly ask for a logs table migration, but NocoDB had it.
// Let's assume we skip it or log to error_log for now to save complexity,
// or create a simple logs table if we want to be thorough.
// Given the prompt "add collumns to manage S3 files", logging wasn't the main point.
// I'll comment it out or implement a simple local log.
function insert_log($pdo, $email, $field, $newValue, $uuid, $dateTimeIsoUtc)
{
// Check if logs table exists, if not create it? Or just ignore.
// Let's just return ok to not break the flow.
return ['ok' => true];
}
// Normalize booleans, dates, email, and empty strings consistently with your grid behavior.
function normalize_update_payload(array $input): array
{
$updateData = $input;
// Remove immutable/PK fields from update payload
unset($updateData['Id']);
// Validate email if provided
if (array_key_exists('UserEmail', $updateData)) {
$emailVal = trim((string) ($updateData['UserEmail'] ?? ''));
if ($emailVal !== '' && !filter_var($emailVal, FILTER_VALIDATE_EMAIL)) {
$updateData['__invalid_email__'] = $emailVal;
} else {
$updateData['UserEmail'] = ($emailVal === '') ? null : $emailVal;
}
}
// Normalize BYOD to boolean if present
if (array_key_exists('BYOD', $updateData)) {
$val = strtolower((string) $updateData['BYOD']);
$updateData['BYOD'] = ($val === 'true' || $val === '1' || $val === 'on' || $val === 'yes') ? 1 : 0;
}
// Convert empty date/asset strings to null
foreach (['Warranty', 'PurchaseDate', 'Asset'] as $field) {
if (array_key_exists($field, $updateData) && $updateData[$field] === '') {
$updateData[$field] = null;
}
}
// Ensure immutable are not unintentionally nulled
foreach (['UUID', 'CypherID', 'CypherKey'] as $immutable) {
if (array_key_exists($immutable, $updateData) && ($updateData[$immutable] === '' || $updateData[$immutable] === null)) {
unset($updateData[$immutable]);
}
}
return $updateData;
}
// Strict comparison helper with type normalization for DB values
function values_equal($a, $b): bool
{
// Normalize boolean-ish strings
$boolStrings = ['true' => true, 'false' => false, '1' => true, '0' => false, 'yes' => true, 'no' => false, '' => null];
if (is_string($a) && array_key_exists(strtolower($a), $boolStrings))
$a = $boolStrings[strtolower($a)];
if (is_string($b) && array_key_exists(strtolower($b), $boolStrings))
$b = $boolStrings[strtolower($b)];
// Normalize numeric strings
if (is_string($a) && is_numeric($a))
$a = $a + 0;
if (is_string($b) && is_numeric($b))
$b = $b + 0;
// Treat empty string and null as equal for nullable fields
if ($a === '' && $b === null)
return true;
if ($b === '' && $a === null)
return true;
// For arrays/objects (e.g., attachments), compare JSON representations
if ((is_array($a) || is_object($a)) || (is_array($b) || is_object($b))) {
return json_encode($a, JSON_UNESCAPED_SLASHES) === json_encode($b, JSON_UNESCAPED_SLASHES);
}
return $a === $b;
}
$errors = [];
foreach ($rows as $index => $row) {
$pk = $row['Id'] ?? '';
$uuidForLog = $row['UUID'] ?? ''; // taken from the hidden input in the form
if (!$pk) {
$errors[] = "Missing Id in one row, skipping update.";
continue;
}
if ($uuidForLog === '') {
// Proceed but note missing UUID so you can diagnose later
$uuidForLog = '';
}
// Normalize incoming payload
$updateData = normalize_update_payload($row);
// Invalid email?
if (isset($updateData['__invalid_email__'])) {
$errors[] = "Invalid email address on record Id $pk: " . htmlspecialchars($updateData['__invalid_email__']);
continue;
}
// Which fields were submitted (touched)
$submittedFields = array_keys($updateData);
if (empty($submittedFields)) {
continue; // nothing to do
}
// Fetch current row (Before) to compare
$before = get_row($pdo, $userTableName, $pk, $company);
if (isset($before['error'])) {
$errors[] = "Error fetching current row Id $pk: " . $before['error'];
continue;
}
// Build minimal PATCH payload with only truly changed fields
$changedPayload = [];
$changedFields = [];
foreach ($submittedFields as $fieldName) {
$newVal = $updateData[$fieldName];
$oldVal = $before[$fieldName] ?? null;
if (!values_equal($oldVal, $newVal)) {
$changedPayload[$fieldName] = $newVal;
$changedFields[$fieldName] = $newVal;
}
}
if (empty($changedPayload)) {
// No real changes vs DB; skip patch and logging
continue;
}
// Patch only changed fields
$result = update_row($pdo, $userTableName, $pk, $changedPayload, $company);
if (isset($result['error'])) {
$errors[] = "Error updating Id $pk: " . $result['error'];
continue;
}
// Log only actual changed fields with current UTC timestamp and the record's UUID
$nowUtc = (new DateTime('now', new DateTimeZone('UTC')))->format('Y-m-d\TH:i:s\Z');
foreach ($changedFields as $fieldName => $newValue) {
// Optional: skip sensitive fields from logging
if (in_array($fieldName, ['CypherKey'], true)) {
continue;
}
$logResp = insert_log($pdo, $userEmail, $fieldName, $newValue, $uuidForLog, $nowUtc);
if (isset($logResp['error'])) {
$errors[] = "Log write failed for Id $pk, field $fieldName: " . $logResp['error'];
}
}
}
if (!empty($errors)) {
echo "<h2>Completed with notices:</h2><ul>";
foreach ($errors as $error) {
echo "<li>" . htmlspecialchars($error) . "</li>";
}
echo "</ul><a href='main.php'>Back</a>";
exit();
}
header('Location: main.php');
exit();

248
public/style.css Normal file
View File

@@ -0,0 +1,248 @@
/* ===== Global ===== */
body {
font-family: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen,Ubuntu,Cantarell,"Open Sans","Helvetica Neue",sans-serif;
background-color: #fafafa;
color: #333;
margin: 20px;
}
h2 { font-weight: 600; color: #222; }
a {
color: #3b82f6;
text-decoration: none;
font-weight: 600;
}
a:hover { text-decoration: underline; }
/* ===== Buttons ===== */
button {
background-color: #3b82f6;
color: white;
border: none;
padding: 8px 16px;
cursor: pointer;
font-weight: 600;
border-radius: 4px;
transition: background-color 0.2s ease;
}
button:hover { background-color: #2563eb; }
.header-links form button { background-color: #ef4444; }
.header-links form button:hover { background-color: #b91c1c; }
/* ===== Search area (main.php) ===== */
.search-container { margin-bottom: 15px; }
.search-container select,
.search-container input[type=text] {
padding: 6px 8px;
font-size: 14px;
border-radius: 4px;
border: 1px solid #ccc;
font-family: inherit;
}
.search-container form {
display: flex;
gap: 10px;
align-items: center;
max-width: 600px;
text-wrap: nowrap;
}
.record-info {
margin-bottom: 15px;
font-size: 14px;
color: #555;
}
/* ===== Tables (shared for grid + asset details) ===== */
table {
border-collapse: collapse;
width: 100%;
background-color: #fff;
box-shadow: 0 0 10px rgb(0 0 0 / 0.1);
border-radius: 5px;
overflow: hidden;
font-size: 13px;
}
th, td {
padding: 10px 12px;
border-bottom: 1px solid #ddd;
text-align: left;
vertical-align: middle;
}
th {
background-color: #f5f7fa;
font-weight: 600;
color: #555;
white-space: nowrap;
}
tr:nth-child(even) { background-color: #f9f9f9; }
th a { color: inherit; text-decoration: none; }
th .arrow { font-size: 11px; color: #888; margin-left: 6px; }
/* ===== Inputs in cells ===== */
input[type=text],
input[type=email],
input[type=date],
select {
width: 100%;
box-sizing: border-box;
padding: 6px 8px;
border: 1px solid #ccc;
border-radius: 3px;
font-size: 13px;
font-family: inherit;
transition: border-color 0.2s ease-in-out;
}
input[type=text]:focus,
input[type=email]:focus,
input[type=date]:focus,
select:focus {
border-color: #3b82f6;
outline: none;
box-shadow: 0 0 2px rgba(59,130,246,0.6);
}
/* ===== Pagination (main.php) ===== */
.pagination { margin-top: 20px; font-size: 14px; }
.pagination a, .pagination span {
margin: 0 6px;
text-decoration: none;
color: #3b82f6;
font-weight: 600;
}
.pagination .current { color: #111827; font-weight: 700; }
/* ===== Header links (main.php) ===== */
.header-container { margin-bottom: 20px; }
.header-links a, .header-links form {
margin-right: 15px;
display: inline-block;
vertical-align: middle;
}
/* ===== Asset page layout ===== */
.asset-page .form-section,
.asset-page .upload-box,
.asset-page .existing-files {
max-width: 900px;
margin: 0 auto 30px;
background: #fff;
border-radius: 5px;
box-shadow: 0 0 10px rgba(0,0,0,0.1);
padding: 20px;
}
.asset-page .save-section {
margin: 20px 0 30px;
text-align: center;
}
/* File list items */
.asset-page .file-item {
margin-bottom: 10px;
display: flex;
align-items: center;
gap: 10px;
}
.asset-page .file-item button {
background: #ef4444;
color: #fff;
padding: 4px 10px;
font-size: 12px;
border-radius: 3px;
}
.asset-page .file-item button:hover { background: #b91c1c; }
.asset-page .upload-box button.upload { margin-left: 10px; }
/* ===== Login page ===== */
.login-page {
background-color: #fafafa;
color: #333;
margin: 20px;
font-family: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen,Ubuntu,Cantarell,"Open Sans","Helvetica Neue",sans-serif;
}
.login-form {
max-width: 360px;
margin-top: 20px;
}
.login-form label {
display: block;
margin-bottom: 8px;
font-weight: 600;
}
.login-form input[type=email],
.login-form input[type=password] {
width: 100%;
padding: 8px 10px;
margin: 8px 0 16px;
border: 1px solid #ccc;
border-radius: 4px;
font-size: 14px;
box-sizing: border-box;
}
.error-msg {
color: #ef4444;
font-weight: 600;
margin-top: 8px;
}
/* ==== Change Password Page ==== */
.change-password-form {
max-width: 360px;
margin-top: 20px;
}
.change-password-form label {
display: block;
margin-bottom: 8px;
font-weight: 600;
}
.change-password-form input[type=password] {
width: 100%;
padding: 8px 10px;
margin: 8px 0 16px;
border: 1px solid #ccc;
border-radius: 4px;
font-size: 14px;
box-sizing: border-box;
font-family: inherit;
}
.success-msg {
color: #22c55e;
font-weight: 600;
margin-top: 8px;
}
/* ==== Password Hasher Page ==== */
.password-hasher-form {
max-width: 420px;
margin-top: 20px;
}
.password-hasher-form label {
display: block;
margin-bottom: 8px;
font-weight: 600;
}
.password-hasher-form input[type=password],
.password-hasher-form select {
width: 100%;
padding: 8px 10px;
margin: 8px 0 16px;
border: 1px solid #ccc;
border-radius: 4px;
font-size: 14px;
box-sizing: border-box;
font-family: inherit;
}
/* Feedback */
.error-msg { color: #ef4444; font-weight: 600; margin-top: 8px; }
.success-msg { color: #22c55e; font-weight: 600; margin-top: 8px; }
/* Code block + meta info */
.code-block {
background: #e5e7eb;
padding: 10px;
border-radius: 4px;
overflow-x: auto;
font-size: 14px;
font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
}
.meta-text { color: #555; font-size: 13px; margin-top: 6px; }