troy-grunt/businesscard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Verbessere die Anmeldefunktionalität: Aktualisiere Sicherheitsüberprüfungen, verbessere die Benutzeroberfläche und implementiere UUID-Management für Identitäten.

Browse Source
This commit is contained in:
Troy Grunt
2026-02-02 23:11:41 +01:00
parent 39b1075bd5
commit e73a717dbd
2 changed files with 359 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
db/init/001_schema.sql
View File

@@ -1,6 +1,7 @@
-- Identitäten -- Identitäten
CREATE TABLE identities ( CREATE TABLE identities (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB; ) ENGINE=InnoDB;
@@ -8,6 +9,7 @@ CREATE TABLE identities (
CREATE TABLE identity_fields ( CREATE TABLE identity_fields (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,
identity_id INT NOT NULL, identity_id INT NOT NULL,
typ ENUM('single','multi','file') NULL,
field_key VARCHAR(50) NOT NULL, field_key VARCHAR(50) NOT NULL,
field_value TEXT NOT NULL, field_value TEXT NOT NULL,
FOREIGN KEY (identity_id) FOREIGN KEY (identity_id)

397
www/admin.php
View File

@@ -4,45 +4,38 @@ require '_func.php';
require '_user.php'; require '_user.php';
session_start(); session_start();
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
/* ─────────────────────────────
Security
───────────────────────────── */
if (isIpLocked($ip, $sql)) { if (isIpLocked($ip, $sql)) {
http_response_code(403); http_response_code(403);
exit('Zu viele Fehlversuche. IP für 1 Stunde gesperrt.'); exit('Zu viele Fehlversuche.');
} }
/* ─────────────────────────────
Login
───────────────────────────── */
if (!($_SESSION['is_admin'] ?? false)) { if (!($_SESSION['is_admin'] ?? false)) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user = $_POST['username'] ?? ''; $u = $_POST['username'] ?? '';
$pass = $_POST['password'] ?? ''; $p = $_POST['password'] ?? '';
if ( if (
$user !== $admin_user || $u !== $admin_user ||
$pass !== $admin_password $p !== $admin_password
) { ) {
registerFailedLogin($ip, $sql); registerFailedLogin($ip, $sql);
$error = 'Ungültige Zugangsdaten'; $error = 'Login fehlgeschlagen';
} else { } else {
clearLoginAttempts($ip, $sql); clearLoginAttempts($ip, $sql);
$_SESSION['is_admin'] = true; $_SESSION['is_admin'] = true;
header('Location: admin.php'); header('Location: admin.php');
exit; exit;
} }
if (!$admin || !password_verify($pass, $admin['password_hash'])) {
registerFailedLogin($ip, $sql);
$error = 'Ungültige Zugangsdaten';
} else {
clearLoginAttempts($ip, $sql);
$_SESSION['is_admin'] = true;
$_SESSION['admin_id'] = $admin['id'];
header('Location: admin.php');
exit;
} }
}
// 🔑 Login-Formular
?> ?>
<!doctype html> <!doctype html>
<html lang="de"> <html lang="de">
@@ -50,10 +43,31 @@ if (!($_SESSION['is_admin'] ?? false)) {
<meta charset="utf-8"> <meta charset="utf-8">
<title>Admin Login</title> <title>Admin Login</title>
<style> <style>
body { font-family: sans-serif; background:#0f172a; color:#e5e7eb; display:flex; height:100vh; align-items:center; justify-content:center; } body {
form { background:#020617; padding:2rem; border-radius:12px; width:300px; } font-family: system-ui, sans-serif;
input, button { width:100%; padding:.6rem; margin-top:.75rem; } background:#0f172a;
button { background:#38bdf8; border:0; cursor:pointer; } color:#e5e7eb;
display:flex;
justify-content:center;
align-items:center;
height:100vh;
}
form {
background:#020617;
padding:2rem;
border-radius:12px;
width:320px;
}
input,button {
width:100%;
padding:.6rem;
margin-top:.75rem;
}
button {
background:#38bdf8;
border:0;
cursor:pointer;
}
.err { color:#f87171; margin-top:.5rem; } .err { color:#f87171; margin-top:.5rem; }
</style> </style>
</head> </head>
@@ -73,49 +87,257 @@ if (!($_SESSION['is_admin'] ?? false)) {
exit; exit;
} }
$uuid = $_GET['uuid'] ?? null; /* ─────────────────────────────
Action Routing
───────────────────────────── */
$action = $_GET['action'] ?? null;
if ($uuid) { /* ─────────────────────────────
UUID DIRECT ACCESS (?uuid=...)
Create flow if missing
───────────────────────────── */
if (!$action && isset($_GET['uuid'])) {
$uuid = $_GET['uuid'];
// Prüfen ob UUID existiert
$token = $sql->single( $token = $sql->single(
"SELECT * FROM access_tokens WHERE uuid = ?", "SELECT * FROM access_tokens WHERE uuid = ?",
"s", "s",
[$uuid] [$uuid]
); );
if (!$token) { if ($token) {
// UUID existiert → weiter zum edit-Formular
$action = 'uuid_edit';
$_GET['uuid'] = $uuid;
} else {
// UUID existiert nicht → Initial-Form
$action = 'uuid_create_initial';
$_GET['uuid'] = $uuid;
}
}
/* ─────────────────────────────
CREATE IDENTITY
───────────────────────────── */
if ($action === 'identity_create') {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = trim($_POST['name'] ?? '');
if ($name !== '') {
$sql->set( $sql->set(
"INSERT INTO access_tokens (identity_id, uuid) "INSERT INTO identities (name) VALUES (?)",
VALUES (1, ?)",
"s", "s",
[$uuid] [$name]
);
header('Location: admin.php');
exit;
}
}
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>Identität anlegen</title></head>
<body>
<h1>Neue Identität</h1>
<form method="post">
<input name="name" placeholder="Name der Identität" required>
<button>Speichern</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
INITIAL UUID CREATION
───────────────────────────── */
if ($action === 'uuid_create_initial') {
$uuid = $_GET['uuid'];
// Alle Identitäten für Auswahl
$identities = $sql->get("SELECT * FROM identities ORDER BY name ASC");
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$identityId = (int)($_POST['identity_id'] ?? 0);
$notes = trim($_POST['notes'] ?? '');
if (!$identityId) {
$error = 'Bitte eine Identität auswählen.';
} else {
// UUID anlegen
$sql->set(
"INSERT INTO access_tokens (identity_id, uuid, notes) VALUES (?, ?, ?)",
"iss",
[$identityId, $uuid, $notes]
); );
$token = $sql->single( // Weiterleiten zum Bearbeitungsformular
"SELECT * FROM access_tokens WHERE uuid = ?", header("Location: admin.php?action=uuid_edit&uuid=$uuid");
"s", exit;
[$uuid] }
}
?>
<!doctype html>
<html>
<head><meta charset="utf-8"><title>Neue UUID anlegen</title></head>
<body>
<h1>Neue UUID anlegen</h1>
<form method="post">
<label>Identität auswählen:
<select name="identity_id" required>
<option value="">-- bitte wählen --</option>
<?php foreach ($identities as $i): ?>
<option value="<?= $i['id'] ?>"><?= htmlspecialchars($i['name']) ?></option>
<?php endforeach; ?>
</select>
</label>
<br><br>
<label>Notiz (optional):<br>
<textarea name="notes" rows="3"></textarea>
</label>
<br><br>
<button>Speichern</button>
</form>
<?php if (!empty($error)): ?>
<p style="color:red"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<p><a href="admin.php">← zurück zum Dashboard</a></p>
</body>
</html>
<?php
exit;
}
/* ─────────────────────────────
EDIT IDENTITY
───────────────────────────── */
if ($action === 'identity_edit') {
$id = (int)($_GET['id'] ?? 0);
$identity = $sql->single(
"SELECT * FROM identities WHERE id = ?",
"i",
[$id]
); );
if (!$identity) {
exit('Identität nicht gefunden');
} }
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$issuedTo = $_POST['issued_to'] ?? '';
$fields = $_POST['fields'] ?? [];
// Notiz speichern if (isset($_POST['rename'])) {
$sql->set( $sql->set(
"UPDATE access_tokens SET notes = ? WHERE id = ?", "UPDATE identities SET name = ? WHERE id = ?",
"si", "si",
[$issuedTo, $token['id']] [trim($_POST['name']), $id]
);
}
if (isset($_POST['add_field'])) {
$sql->set(
"INSERT INTO identity_fields (identity_id, field_key, field_value)
VALUES (?, ?, ?)",
"iss",
[$id, trim($_POST['key']), trim($_POST['value'])]
);
//TODO typ
}
header("Location: admin.php?action=identity_edit&id=$id");
exit;
}
$fields = $sql->get(
"SELECT * FROM identity_fields WHERE identity_id = ?",
"i",
[$id]
);
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>Identität bearbeiten</title></head>
<body>
<h1><?= htmlspecialchars($identity['name']) ?></h1>
<form method="post">
<input name="name" value="<?= htmlspecialchars($identity['name']) ?>">
<button name="rename">Umbenennen</button>
</form>
<h2>Felder</h2>
<ul>
<?php foreach ($fields as $f): ?>
<li>
<strong><?= htmlspecialchars($f['field_key']) ?>:</strong>
<?= htmlspecialchars($f['field_value']) ?>
</li>
<?php endforeach; ?>
</ul>
<form method="post">
<input name="key" placeholder="Feldname" required>
<input name="value" placeholder="Wert" required>
<button name="add_field"> Feld hinzufügen</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
CREATE UUID
───────────────────────────── */
if ($action === 'uuid_create') {
$identityId = (int)($_GET['identity_id'] ?? 0);
$uuid = uuid_create(UUID_TYPE_RANDOM);
$sql->set(
"INSERT INTO access_tokens (identity_id, uuid)
VALUES (?, ?)",
"is",
[$identityId, $uuid]
); );
// Rechte neu setzen header("Location: admin.php?action=uuid_edit&uuid=$uuid");
exit;
}
/* ─────────────────────────────
EDIT UUID
───────────────────────────── */
if ($action === 'uuid_edit') {
$uuid = $_GET['uuid'] ?? '';
$token = $sql->single(
"SELECT * FROM access_tokens WHERE uuid = ?",
"s",
[$uuid]
);
if (!$token) exit('UUID nicht gefunden');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$sql->set( $sql->set(
"DELETE FROM token_permissions WHERE token_id = ?", "DELETE FROM token_permissions WHERE token_id = ?",
"i", "i",
[$token['id']] [$token['id']]
); );
foreach ($fields as $key) { foreach ($_POST['fields'] ?? [] as $key) {
$sql->set( $sql->set(
"INSERT INTO token_permissions (token_id, field_key) "INSERT INTO token_permissions (token_id, field_key)
VALUES (?, ?)", VALUES (?, ?)",
@@ -124,92 +346,87 @@ if ($uuid) {
); );
} }
$saved = true; $sql->set(
"UPDATE access_tokens SET notes = ? WHERE id = ?",
"si",
[trim($_POST['notes']), $token['id']]
);
} }
// Alle Felder der Identität // Alle Felder der zugehörigen Identität
$allFields = $sql->get( $fields = $sql->get(
"SELECT DISTINCT field_key FROM identity_fields WHERE identity_id = ?", "SELECT field_key, field_value FROM identity_fields WHERE identity_id = ?",
"i", "i",
[$token['identity_id']] [$token['identity_id']]
); );
// Aktive Rechte // Welche Felder aktuell für diesen Token erlaubt sind
$allowed = $sql->get( $allowed = array_column(
$sql->get(
"SELECT field_key FROM token_permissions WHERE token_id = ?", "SELECT field_key FROM token_permissions WHERE token_id = ?",
"i", "i",
[$token['id']] [$token['id']]
),
'field_key'
); );
$allowedKeys = array_column($allowed, 'field_key'); // Name der Identität
$identity = $sql->single(
"SELECT name FROM identities WHERE id = ?",
"i",
[$token['identity_id']]
);
?> ?>
<!doctype html> <!doctype html>
<html lang="de"> <html><head><meta charset="utf-8"><title>UUID bearbeiten</title></head>
<head>
<meta charset="utf-8">
<title>UUID bearbeiten</title>
</head>
<body> <body>
<h1>UUID verwalten</h1> <h1>UUID bearbeiten</h1>
<p><strong><?= htmlspecialchars($uuid) ?></strong></p> <p><strong>UUID:</strong> <code><?= htmlspecialchars($uuid) ?></code></p>
<p><strong>Identität:</strong> <?= htmlspecialchars($identity['name']) ?></p>
<?php if (!empty($saved)) echo '<p>Gespeichert ✔</p>'; ?>
<form method="post"> <form method="post">
<h3>Sichtbare Informationen</h3> <h3>Sichtbare Felder</h3>
<?php foreach ($fields as $f): ?>
<?php foreach ($allFields as $f): ?>
<label> <label>
<input type="checkbox" name="fields[]" value="<?= htmlspecialchars($f['field_key']) ?>" <input type="checkbox" name="fields[]"
<?= in_array($f['field_key'], $allowedKeys) ? 'checked' : '' ?>> value="<?= htmlspecialchars($f['field_key']) ?>"
<?= htmlspecialchars($f['field_key']) ?> <?= in_array($f['field_key'], $allowed) ? 'checked' : '' ?>>
<?= htmlspecialchars($f['field_key']) ?>:
<em><?= htmlspecialchars($f['field_value']) ?></em>
</label><br> </label><br>
<?php endforeach; ?> <?php endforeach; ?>
<h3>Ausgegeben an</h3> <h3>Notiz</h3>
<textarea name="issued_to" rows="4" cols="40"><?= htmlspecialchars($token['notes']) ?></textarea> <textarea name="notes" rows="4"><?= htmlspecialchars($token['notes']) ?></textarea>
<br>
<br><br>
<button>Speichern</button> <button>Speichern</button>
</form> </form>
<p><a href="admin.php">← Zurück</a></p> <p><a href="admin.php">← zurück</a></p>
</body> </body></html>
</html>
<?php <?php
exit; exit;
} }
/** /* ─────────────────────────────
* 📊 ADMIN DASHBOARD DASHBOARD
*/ ───────────────────────────── */
$identities = $sql->get("SELECT * FROM identities ORDER BY id DESC"); $identities = $sql->get("SELECT * FROM identities ORDER BY id DESC");
$tokens = $sql->get("SELECT * FROM access_tokens ORDER BY created_at DESC");
?> ?>
<!doctype html> <!doctype html>
<html lang="de"> <html lang="de">
<head> <head><meta charset="utf-8"><title>Admin</title></head>
<meta charset="utf-8">
<title>Admin Dashboard</title>
</head>
<body> <body>
<h1>Admin Dashboard</h1> <h1>Admin Dashboard</h1>
<h2>Identitäten</h2> <p><a href="admin.php?action=identity_create"> Identität anlegen</a></p>
<ul> <ul>
<?php foreach ($identities as $i): ?> <?php foreach ($identities as $i): ?>
<li>ID <?= $i['id'] ?></li>
<?php endforeach; ?>
</ul>
<h2>UUIDs</h2>
<ul>
<?php foreach ($tokens as $t): ?>
<li> <li>
<a href="admin.php?uuid=<?= htmlspecialchars($t['uuid']) ?>"> <strong><?= htmlspecialchars($i['name']) ?></strong>
<?= htmlspecialchars($t['uuid']) ?> <a href="admin.php?action=identity_edit&id=<?= $i['id'] ?>">bearbeiten</a>
</a>
</li> </li>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>