160 lines
4.1 KiB
PHP
160 lines
4.1 KiB
PHP
<?php
|
|
session_start();
|
|
require_once '../config.php';
|
|
|
|
// Only allow logged-in users to export
|
|
if (!isset($_SESSION['user_email'])) {
|
|
header('HTTP/1.1 403 Forbidden');
|
|
echo 'Access denied';
|
|
exit();
|
|
}
|
|
|
|
$company = $_SESSION['company'] ?? '';
|
|
if ($company === '') {
|
|
die('No company assigned in session.');
|
|
}
|
|
$userTableName = 'assets';
|
|
|
|
// Check admin status from session
|
|
$role = $_SESSION['role'] ?? 'user';
|
|
$isAdmin = ($role === 'admin');
|
|
|
|
// Base columns matching your main.php + asset.php (all visible for export)
|
|
$base_columns = [
|
|
'Id',
|
|
'UUID',
|
|
'SN',
|
|
'OS',
|
|
'OSVersion',
|
|
'Hostname',
|
|
'Mobile',
|
|
'Manufacturer',
|
|
'Term',
|
|
'LastSeen',
|
|
'UserEmail',
|
|
'BYOD',
|
|
'Status',
|
|
'Warranty',
|
|
'Asset',
|
|
'PurchaseDate'
|
|
];
|
|
|
|
// Admin-only columns
|
|
$admin_columns = ['CypherID', 'CypherKey'];
|
|
|
|
// Read-only additional columns included for everyone (some admin-only?), from asset.php insertion logic
|
|
$additional_read_only = [
|
|
'CPUs',
|
|
'HDs',
|
|
'HDsTypes',
|
|
'HDsSpacesGB',
|
|
'NetworkAdapters',
|
|
'MACAddresses',
|
|
'ESETComponents',
|
|
'PrimaryLocalIP',
|
|
'PrimaryRemoteIP'
|
|
];
|
|
|
|
// Build columns for export respecting admin rights
|
|
$columns_to_export = $base_columns;
|
|
if ($isAdmin) {
|
|
// Insert admin columns after 'Asset' (somewhere in middle, here after base)
|
|
$columns_to_export = array_merge($columns_to_export, $admin_columns);
|
|
}
|
|
$columns_to_export = array_merge($columns_to_export, $additional_read_only);
|
|
|
|
$fields_param = implode(',', $columns_to_export);
|
|
|
|
// Get filter and sort parameters from GET to match the table view
|
|
$search_field = $_GET['search_field'] ?? '';
|
|
$search_text = $_GET['search_text'] ?? '';
|
|
$sort_by = $_GET['sort_by'] ?? '';
|
|
$sort_dir = strtolower($_GET['sort_dir'] ?? 'asc');
|
|
$sort_dir = in_array($sort_dir, ['asc', 'desc'], true) ? $sort_dir : 'asc';
|
|
|
|
$filterParamStr = '';
|
|
if ($search_field !== '' && $search_text !== '') {
|
|
$filterParamStr = '&where=(' . rawurlencode($search_field) . ',like,' . rawurlencode('%' . $search_text . '%') . ')';
|
|
}
|
|
|
|
$sortParamStr = '';
|
|
if ($sort_by !== '' && in_array($sort_by, $columns_to_export, true)) {
|
|
$prefix = ($sort_dir === 'desc') ? '-' : '+';
|
|
$sortParamStr = '&sort=' . rawurlencode($prefix . $sort_by);
|
|
}
|
|
|
|
// Helper: DB Connection
|
|
try {
|
|
$pdo = new PDO(
|
|
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
|
|
DB_USER,
|
|
DB_PASS,
|
|
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
|
|
);
|
|
} catch (PDOException $e) {
|
|
die("DB Connection failed: " . $e->getMessage());
|
|
}
|
|
|
|
// Build Query
|
|
$whereClauses = [];
|
|
$params = [];
|
|
|
|
if ($search_field !== '' && $search_text !== '') {
|
|
$whereClauses[] = "`$search_field` LIKE :searchText";
|
|
$params[':searchText'] = '%' . $search_text . '%';
|
|
}
|
|
|
|
// Always filter by company
|
|
$whereClauses[] = "`company` = :company";
|
|
$params[':company'] = $company;
|
|
|
|
$whereSql = '';
|
|
if (!empty($whereClauses)) {
|
|
$whereSql = 'WHERE ' . implode(' AND ', $whereClauses);
|
|
}
|
|
|
|
// Sorting
|
|
$orderSql = '';
|
|
if ($sort_by !== '' && in_array($sort_by, $columns_to_export, true)) {
|
|
$orderSql = "ORDER BY `$sort_by` " . ($sort_dir === 'desc' ? 'DESC' : 'ASC');
|
|
} else {
|
|
$orderSql = "ORDER BY Id DESC";
|
|
}
|
|
|
|
// Fetch All Rows
|
|
$sql = "SELECT * FROM `$userTableName` $whereSql $orderSql";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($params);
|
|
$allRows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
// Send headers to prompt download as CSV file
|
|
header('Content-Type: text/csv; charset=UTF-8');
|
|
header('Content-Disposition: attachment; filename="cmdb_export_' . date('Ymd_His') . '.csv"');
|
|
header('Cache-Control: no-cache, no-store, must-revalidate');
|
|
header('Pragma: no-cache');
|
|
header('Expires: 0');
|
|
|
|
$output = fopen('php://output', 'w');
|
|
|
|
// Write UTF-8 BOM for Excel compatibility
|
|
fwrite($output, "\xEF\xBB\xBF");
|
|
|
|
// Write CSV header row
|
|
fputcsv($output, $columns_to_export);
|
|
|
|
// Write all rows
|
|
foreach ($allRows as $row) {
|
|
$exportRow = [];
|
|
foreach ($columns_to_export as $colName) {
|
|
$val = $row[$colName] ?? '';
|
|
if (is_array($val)) {
|
|
$val = implode('; ', $val); // Flatten arrays if any
|
|
}
|
|
$exportRow[] = $val;
|
|
}
|
|
fputcsv($output, $exportRow);
|
|
}
|
|
|
|
fclose($output);
|
|
exit();
|