troy-grunt/businesscard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: troy-grunt:8433c8d88056c43afc5aaa09d4ac631cdd7261bd
Branches Tags
troy-grunt:main
...
compare: troy-grunt:main
Branches Tags
troy-grunt:main

6 Commits
8433c8d880 ... main

Author SHA1 Message Date
Troy Grunt
963d29fd4e Erweitere die Verwaltung von Identitäten: Füge Unterstützung für URL-Felder hinzu, aktualisiere die Benutzeroberfläche zur Bearbeitung von Feldern und verbessere die Darstellung in Tabellenform. 2026-02-03 14:05:26 +01:00
Troy Grunt
79f49441f7 Füge Dashboard-Funktionen hinzu: Zeige UUIDs und zugehörige Identitäten an, verbessere die Benutzeroberfläche des Admin Dashboards. 2026-02-02 23:34:06 +01:00
Troy Grunt
e73a717dbd Verbessere die Anmeldefunktionalität: Aktualisiere Sicherheitsüberprüfungen, verbessere die Benutzeroberfläche und implementiere UUID-Management für Identitäten. 2026-02-02 23:11:41 +01:00
Troy Grunt
39b1075bd5 Aktualisiere README.md: Ersetze "flood control" durch "admin create edit delete" in der TODO-Liste 2026-02-01 23:10:43 +01:00
Troy Grunt
43ab962ca5 Füge Unterstützung für IP-Sperre und verbessere die Anmeldefunktionalität hinzu; aktualisiere .gitignore, Dockerfile und Datenbankschema 2026-02-01 23:06:49 +01:00
Troy Grunt
b2a74c2a17 Füge Funktionen zur Verwaltung von fehlgeschlagenen Anmeldeversuchen hinzu und integriere IP-Sperre 2026-02-01 22:40:30 +01:00
10 changed files with 651 additions and 3 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
www/secret.php www/secret.php
www/_user.php

3
README.md
View File

@@ -1,5 +1,4 @@
# businesscard # businesscard
## TODO ## TODO
- flood control - admin ident werte typen
- admin https://chatgpt.com/share/697f82e6-1ed0-800e-b8d1-1ba0ce969dcf

2
apache/Dockerfile
View File

@@ -4,7 +4,7 @@ FROM php:8.2-apache
RUN a2enmod rewrite RUN a2enmod rewrite
# PHP-Extensions für MariaDB # PHP-Extensions für MariaDB
RUN docker-php-ext-install pdo pdo_mysql RUN docker-php-ext-install mysqli pdo pdo_mysql
# VHost kopieren # VHost kopieren
COPY vhost.conf /etc/apache2/sites-available/000-default.conf COPY vhost.conf /etc/apache2/sites-available/000-default.conf

13
db/init/001_schema.sql
View File

@@ -1,6 +1,7 @@
-- Identitäten -- Identitäten
CREATE TABLE identities ( CREATE TABLE identities (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB; ) ENGINE=InnoDB;
@@ -8,6 +9,7 @@ CREATE TABLE identities (
CREATE TABLE identity_fields ( CREATE TABLE identity_fields (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,
identity_id INT NOT NULL, identity_id INT NOT NULL,
typ ENUM('single','multi','file','url') NULL,
field_key VARCHAR(50) NOT NULL, field_key VARCHAR(50) NOT NULL,
field_value TEXT NOT NULL, field_value TEXT NOT NULL,
FOREIGN KEY (identity_id) FOREIGN KEY (identity_id)
@@ -22,6 +24,7 @@ CREATE TABLE access_tokens (
uuid CHAR(36) NOT NULL UNIQUE, uuid CHAR(36) NOT NULL UNIQUE,
expires_at DATETIME NULL, expires_at DATETIME NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
notes TEXT NULL,
FOREIGN KEY (identity_id) FOREIGN KEY (identity_id)
REFERENCES identities(id) REFERENCES identities(id)
ON DELETE CASCADE ON DELETE CASCADE
@@ -53,3 +56,13 @@ CREATE TABLE files (
REFERENCES access_tokens(id) REFERENCES access_tokens(id)
ON DELETE SET NULL ON DELETE SET NULL
) ENGINE=InnoDB; ) ENGINE=InnoDB;
CREATE TABLE admin_login_attempts (
id INT AUTO_INCREMENT PRIMARY KEY,
ip_address VARCHAR(45) NOT NULL,
attempts INT NOT NULL DEFAULT 1,
locked_until DATETIME NULL,
last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY (ip_address)
);

70
www/_func.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
function registerFailedLogin(string $ip, $sql): void {
global $sql;
$entry = $sql->single(
"SELECT id, attempts
FROM admin_login_attempts
WHERE ip_address = ?",
"s",
[$ip]
);
if (!$entry) {
// Erster Fehlversuch
$sql->set(
"INSERT INTO admin_login_attempts (ip_address, attempts, last_attempt)
VALUES (?, 1, NOW())",
"s",
[$ip]
);
return;
}
$attempts = (int)$entry['attempts'] + 1;
if ($attempts >= 3) {
$sql->set(
"UPDATE admin_login_attempts
SET attempts = ?,
locked_until = DATE_ADD(NOW(), INTERVAL 1 HOUR),
last_attempt = NOW()
WHERE id = ?",
"ii",
[$attempts, $entry['id']]
);
} else {
$sql->set(
"UPDATE admin_login_attempts
SET attempts = ?,
last_attempt = NOW()
WHERE id = ?",
"ii",
[$attempts, $entry['id']]
);
}
}
function isIpLocked(string $ip, $sql): bool {
global $sql;
$entry = $sql->single(
"SELECT locked_until
FROM admin_login_attempts
WHERE ip_address = ?
AND locked_until IS NOT NULL
AND locked_until > NOW()",
"s",
[$ip]
);
return (bool)$entry;
}
function clearLoginAttempts(string $ip, $sql): void {
global $sql;
$sql->set(
"DELETE FROM admin_login_attempts WHERE ip_address = ?",
"s",
[$ip]
);
}
?>

2
www/_sql.php
View File

@@ -171,4 +171,6 @@ class SQL {
// echo 'DESTROY'; // echo 'DESTROY';
} }
} }
$sql = new SQL();
?> ?>

3
www/_user.php.example Normal file
View File

@@ -0,0 +1,3 @@
<?php
$admin_user = 'admin';
$admin_password = 'password';

558
www/admin.php Normal file
View File

@@ -0,0 +1,558 @@
<?php
require '_sql.php';
require '_func.php';
require '_user.php';
session_start();
$ip = $_SERVER['REMOTE_ADDR'];
/* ─────────────────────────────
Security
───────────────────────────── */
if (isIpLocked($ip, $sql)) {
http_response_code(403);
exit('Zu viele Fehlversuche.');
}
/* ─────────────────────────────
Login
───────────────────────────── */
if (!($_SESSION['is_admin'] ?? false)) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$u = $_POST['username'] ?? '';
$p = $_POST['password'] ?? '';
if (
$u !== $admin_user ||
$p !== $admin_password
) {
registerFailedLogin($ip, $sql);
$error = 'Login fehlgeschlagen';
} else {
clearLoginAttempts($ip, $sql);
$_SESSION['is_admin'] = true;
header('Location: admin.php');
exit;
}
}
?>
<!doctype html>
<html lang="de">
<head>
<meta charset="utf-8">
<title>Admin Login</title>
<style>
body {
font-family: system-ui, sans-serif;
background:#0f172a;
color:#e5e7eb;
display:flex;
justify-content:center;
align-items:center;
height:100vh;
}
form {
background:#020617;
padding:2rem;
border-radius:12px;
width:320px;
}
input,button {
width:100%;
padding:.6rem;
margin-top:.75rem;
}
button {
background:#38bdf8;
border:0;
cursor:pointer;
}
.err { color:#f87171; margin-top:.5rem; }
</style>
</head>
<body>
<form method="post">
<h2>Admin Login</h2>
<input name="username" placeholder="Benutzername" required>
<input name="password" type="password" placeholder="Passwort" required>
<button>Login</button>
<?php if (!empty($error)): ?>
<div class="err"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
</form>
</body>
</html>
<?php
exit;
}
/* ─────────────────────────────
Action Routing
───────────────────────────── */
$action = $_GET['action'] ?? null;
/* ─────────────────────────────
UUID DIRECT ACCESS (?uuid=...)
Create flow if missing
───────────────────────────── */
if (!$action && isset($_GET['uuid'])) {
$uuid = $_GET['uuid'];
// Prüfen ob UUID existiert
$token = $sql->single(
"SELECT * FROM access_tokens WHERE uuid = ?",
"s",
[$uuid]
);
if ($token) {
// UUID existiert → weiter zum edit-Formular
$action = 'uuid_edit';
$_GET['uuid'] = $uuid;
} else {
// UUID existiert nicht → Initial-Form
$action = 'uuid_create_initial';
$_GET['uuid'] = $uuid;
}
}
/* ─────────────────────────────
CREATE IDENTITY
───────────────────────────── */
if ($action === 'identity_create') {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = trim($_POST['name'] ?? '');
if ($name !== '') {
$sql->set(
"INSERT INTO identities (name) VALUES (?)",
"s",
[$name]
);
header('Location: admin.php');
exit;
}
}
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>Identität anlegen</title></head>
<body>
<h1>Neue Identität</h1>
<form method="post">
<input name="name" placeholder="Name der Identität" required>
<button>Speichern</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
INITIAL UUID CREATION
───────────────────────────── */
if ($action === 'uuid_create_initial') {
$uuid = $_GET['uuid'];
// Alle Identitäten für Auswahl
$identities = $sql->get("SELECT * FROM identities ORDER BY name ASC");
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$identityId = (int)($_POST['identity_id'] ?? 0);
$notes = trim($_POST['notes'] ?? '');
if (!$identityId) {
$error = 'Bitte eine Identität auswählen.';
} else {
// UUID anlegen
$sql->set(
"INSERT INTO access_tokens (identity_id, uuid, notes) VALUES (?, ?, ?)",
"iss",
[$identityId, $uuid, $notes]
);
// Weiterleiten zum Bearbeitungsformular
header("Location: admin.php?action=uuid_edit&uuid=$uuid");
exit;
}
}
?>
<!doctype html>
<html>
<head><meta charset="utf-8"><title>Neue UUID anlegen</title></head>
<body>
<h1>Neue UUID anlegen</h1>
<form method="post">
<label>Identität auswählen:
<select name="identity_id" required>
<option value="">-- bitte wählen --</option>
<?php foreach ($identities as $i): ?>
<option value="<?= $i['id'] ?>"><?= htmlspecialchars($i['name']) ?></option>
<?php endforeach; ?>
</select>
</label>
<br><br>
<label>Notiz (optional):<br>
<textarea name="notes" rows="3"></textarea>
</label>
<br><br>
<button>Speichern</button>
</form>
<?php if (!empty($error)): ?>
<p style="color:red"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<p><a href="admin.php">← zurück zum Dashboard</a></p>
</body>
</html>
<?php
exit;
}
/* ─────────────────────────────
EDIT IDENTITY
───────────────────────────── */
if ($action === 'identity_edit') {
$id = (int)($_GET['id'] ?? 0);
$identity = $sql->single(
"SELECT * FROM identities WHERE id = ?",
"i",
[$id]
);
if (!$identity) {
exit('Identität nicht gefunden');
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Identität umbenennen
if (isset($_POST['rename'])) {
$sql->set(
"UPDATE identities SET name = ? WHERE id = ?",
"si",
[trim($_POST['name']), $id]
);
}
// Neues Feld
if (isset($_POST['add_field'])) {
$sql->set(
"INSERT INTO identity_fields (identity_id, field_key, field_value, typ)
VALUES (?, ?, ?, ?)",
"isss",
[
$id,
trim($_POST['key']),
trim($_POST['value']),
$_POST['typ'] ?? 'single'
]
);
}
// Feld aktualisieren
if (isset($_POST['update_field'])) {
$sql->set(
"UPDATE identity_fields
SET field_key = ?, field_value = ?, typ = ?
WHERE id = ? AND identity_id = ?",
"sssii",
[
trim($_POST['key']),
trim($_POST['value']),
$_POST['typ'] ?? 'single',
(int)$_POST['field_id'],
$id
]
);
}
// Feld löschen
if (isset($_POST['delete_field'])) {
$sql->set(
"DELETE FROM identity_fields
WHERE id = ? AND identity_id = ?",
"ii",
[(int)$_POST['field_id'], $id]
);
}
header("Location: admin.php?action=identity_edit&id=$id");
exit;
}
$fields = $sql->get(
"SELECT * FROM identity_fields WHERE identity_id = ? ORDER BY id ASC",
"i",
[$id]
);
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Identität bearbeiten</title>
</head>
<body>
<h1><?= htmlspecialchars($identity['name']) ?></h1>
<form method="post">
<input name="name" value="<?= htmlspecialchars($identity['name']) ?>">
<button name="rename">Umbenennen</button>
</form>
<h2>Felder</h2>
<table border="1" cellpadding="6" cellspacing="0">
<thead>
<tr>
<th>Key</th>
<th>Wert</th>
<th>Typ</th>
<th>Aktion</th>
</tr>
</thead>
<tbody>
<?php foreach ($fields as $f): ?>
<tr>
<form method="post">
<td>
<input name="key"
value="<?= htmlspecialchars($f['field_key']) ?>">
</td>
<td>
<?php if ($f['typ'] === 'multi'): ?>
<textarea name="value" rows="3" style="width:100%"><?= htmlspecialchars($f['field_value']) ?></textarea>
<?php else: ?>
<input name="value"
value="<?= htmlspecialchars($f['field_value']) ?>"
style="width:100%">
<?php endif; ?>
</td>
<td>
<select name="typ">
<option value="single" <?= $f['typ']==='single'?'selected':'' ?>>einzeilig</option>
<option value="multi" <?= $f['typ']==='multi'?'selected':'' ?>>mehrzeilig</option>
<option value="file" <?= $f['typ']==='file'?'selected':'' ?>>Datei</option>
<option value="url" <?= $f['typ']==='url'?'selected':'' ?>>URL</option>
</select>
</td>
<td>
<input type="hidden" name="field_id" value="<?= (int)$f['id'] ?>">
<button name="update_field">💾</button>
<button name="delete_field"
onclick="return confirm('Feld wirklich löschen?')">🗑</button>
</td>
</form>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<h3>Neues Feld</h3>
<form method="post">
<input name="key" placeholder="Feldname" required>
<input name="value" placeholder="Wert">
<select name="typ">
<option value="single">einzeilig</option>
<option value="multi">mehrzeilig</option>
<option value="file">Datei</option>
<option value="url">URL</option>
</select>
<button name="add_field"> Feld hinzufügen</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body>
</html>
<?php
exit;
}
/* ─────────────────────────────
CREATE UUID
───────────────────────────── */
if ($action === 'uuid_create') {
$identityId = (int)($_GET['identity_id'] ?? 0);
$uuid = uuid_create(UUID_TYPE_RANDOM);
$sql->set(
"INSERT INTO access_tokens (identity_id, uuid)
VALUES (?, ?)",
"is",
[$identityId, $uuid]
);
header("Location: admin.php?action=uuid_edit&uuid=$uuid");
exit;
}
/* ─────────────────────────────
EDIT UUID
───────────────────────────── */
if ($action === 'uuid_edit') {
$uuid = $_GET['uuid'] ?? '';
$token = $sql->single(
"SELECT * FROM access_tokens WHERE uuid = ?",
"s",
[$uuid]
);
if (!$token) exit('UUID nicht gefunden');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$sql->set(
"DELETE FROM token_permissions WHERE token_id = ?",
"i",
[$token['id']]
);
foreach ($_POST['fields'] ?? [] as $key) {
$sql->set(
"INSERT INTO token_permissions (token_id, field_key)
VALUES (?, ?)",
"is",
[$token['id'], $key]
);
}
$sql->set(
"UPDATE access_tokens SET notes = ? WHERE id = ?",
"si",
[trim($_POST['notes']), $token['id']]
);
}
// Alle Felder der zugehörigen Identität
$fields = $sql->get(
"SELECT field_key, field_value FROM identity_fields WHERE identity_id = ?",
"i",
[$token['identity_id']]
);
// Welche Felder aktuell für diesen Token erlaubt sind
$allowed = array_column(
$sql->get(
"SELECT field_key FROM token_permissions WHERE token_id = ?",
"i",
[$token['id']]
),
'field_key'
);
// Name der Identität
$identity = $sql->single(
"SELECT name FROM identities WHERE id = ?",
"i",
[$token['identity_id']]
);
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>UUID bearbeiten</title></head>
<body>
<h1>UUID bearbeiten</h1>
<p><strong>UUID:</strong> <code><?= htmlspecialchars($uuid) ?></code></p>
<p><strong>Identität:</strong> <?= htmlspecialchars($identity['name']) ?></p>
<form method="post">
<h3>Sichtbare Felder</h3>
<?php foreach ($fields as $f): ?>
<label>
<input type="checkbox" name="fields[]"
value="<?= htmlspecialchars($f['field_key']) ?>"
<?= in_array($f['field_key'], $allowed) ? 'checked' : '' ?>>
<?= htmlspecialchars($f['field_key']) ?>:
<em><?= htmlspecialchars($f['field_value']) ?></em>
</label><br>
<?php endforeach; ?>
<h3>Notiz</h3>
<textarea name="notes" rows="4"><?= htmlspecialchars($token['notes']) ?></textarea>
<br>
<button>Speichern</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
DASHBOARD (UUIDs + Identitäten)
───────────────────────────── */
$tokens = $sql->get(
"SELECT t.uuid, t.notes, i.name AS identity_name
FROM access_tokens t
JOIN identities i ON t.identity_id = i.id
ORDER BY t.created_at DESC"
);
$identities = $sql->get("SELECT * FROM identities ORDER BY id DESC");
?>
<!doctype html>
<html lang="de">
<head><meta charset="utf-8"><title>Admin Dashboard</title></head>
<body>
<h1>Admin Dashboard</h1>
<h2>Alle UUIDs</h2>
<?php if (!empty($tokens)): ?>
<table border="1" cellpadding="5" cellspacing="0">
<thead>
<tr>
<th>UUID</th>
<th>Identität</th>
<th>Notiz</th>
<th>Aktion</th>
</tr>
</thead>
<tbody>
<?php foreach ($tokens as $t): ?>
<tr>
<td><code><?= htmlspecialchars($t['uuid']) ?></code></td>
<td><?= htmlspecialchars($t['identity_name']) ?></td>
<td><?= htmlspecialchars($t['notes']) ?></td>
<td><a href="admin.php?action=uuid_edit&uuid=<?= urlencode($t['uuid']) ?>">bearbeiten</a></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php else: ?>
<p>Keine UUIDs vorhanden.</p>
<?php endif; ?>
<hr>
<h2>Identitäten</h2>
<p><a href="admin.php?action=identity_create"> Identität anlegen</a></p>
<ul>
<?php foreach ($identities as $i): ?>
<li>
<strong><?= htmlspecialchars($i['name']) ?></strong>
<a href="admin.php?action=identity_edit&id=<?= $i['id'] ?>">bearbeiten</a>
</li>
<?php endforeach; ?>
</ul>
<p><a href="logout.php">Logout</a></p>
</body>
</html>

1
www/card.php
View File

@@ -1,5 +1,6 @@
<?php <?php
require '_sql.php'; require '_sql.php';
require '_func.php';
$uuid = $_GET['uuid'] ?? null; $uuid = $_GET['uuid'] ?? null;
if (!$uuid) { if (!$uuid) {

1
www/download.php
View File

@@ -1,5 +1,6 @@
<?php <?php
require '_sql.php'; require '_sql.php';
require '_func.php';
/** /**
* Eingaben prüfen * Eingaben prüfen