220 lines
5.8 KiB
PHP
220 lines
5.8 KiB
PHP
<?php
|
|
require '_sql.php';
|
|
require '_func.php';
|
|
require '_user.php';
|
|
|
|
session_start();
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
if (isIpLocked($ip, $sql)) {
|
|
http_response_code(403);
|
|
exit('Zu viele Fehlversuche. IP für 1 Stunde gesperrt.');
|
|
}
|
|
|
|
if (!($_SESSION['is_admin'] ?? false)) {
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$user = $_POST['username'] ?? '';
|
|
$pass = $_POST['password'] ?? '';
|
|
|
|
if (
|
|
$user !== $admin_user ||
|
|
$pass !== $admin_password
|
|
) {
|
|
registerFailedLogin($ip, $sql);
|
|
$error = 'Ungültige Zugangsdaten';
|
|
} else {
|
|
clearLoginAttempts($ip, $sql);
|
|
$_SESSION['is_admin'] = true;
|
|
header('Location: admin.php');
|
|
exit;
|
|
}
|
|
|
|
if (!$admin || !password_verify($pass, $admin['password_hash'])) {
|
|
registerFailedLogin($ip, $sql);
|
|
$error = 'Ungültige Zugangsdaten';
|
|
} else {
|
|
clearLoginAttempts($ip, $sql);
|
|
$_SESSION['is_admin'] = true;
|
|
$_SESSION['admin_id'] = $admin['id'];
|
|
header('Location: admin.php');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// 🔑 Login-Formular
|
|
?>
|
|
<!doctype html>
|
|
<html lang="de">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Admin Login</title>
|
|
<style>
|
|
body { font-family: sans-serif; background:#0f172a; color:#e5e7eb; display:flex; height:100vh; align-items:center; justify-content:center; }
|
|
form { background:#020617; padding:2rem; border-radius:12px; width:300px; }
|
|
input, button { width:100%; padding:.6rem; margin-top:.75rem; }
|
|
button { background:#38bdf8; border:0; cursor:pointer; }
|
|
.err { color:#f87171; margin-top:.5rem; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<form method="post">
|
|
<h2>Admin Login</h2>
|
|
<input name="username" placeholder="Benutzername" required>
|
|
<input name="password" type="password" placeholder="Passwort" required>
|
|
<button>Login</button>
|
|
<?php if (!empty($error)): ?>
|
|
<div class="err"><?= htmlspecialchars($error) ?></div>
|
|
<?php endif; ?>
|
|
</form>
|
|
</body>
|
|
</html>
|
|
<?php
|
|
exit;
|
|
}
|
|
|
|
$uuid = $_GET['uuid'] ?? null;
|
|
|
|
if ($uuid) {
|
|
$token = $sql->single(
|
|
"SELECT * FROM access_tokens WHERE uuid = ?",
|
|
"s",
|
|
[$uuid]
|
|
);
|
|
|
|
if (!$token) {
|
|
$sql->set(
|
|
"INSERT INTO access_tokens (identity_id, uuid)
|
|
VALUES (1, ?)",
|
|
"s",
|
|
[$uuid]
|
|
);
|
|
|
|
$token = $sql->single(
|
|
"SELECT * FROM access_tokens WHERE uuid = ?",
|
|
"s",
|
|
[$uuid]
|
|
);
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$issuedTo = $_POST['issued_to'] ?? '';
|
|
$fields = $_POST['fields'] ?? [];
|
|
|
|
// Notiz speichern
|
|
$sql->set(
|
|
"UPDATE access_tokens SET notes = ? WHERE id = ?",
|
|
"si",
|
|
[$issuedTo, $token['id']]
|
|
);
|
|
|
|
// Rechte neu setzen
|
|
$sql->set(
|
|
"DELETE FROM token_permissions WHERE token_id = ?",
|
|
"i",
|
|
[$token['id']]
|
|
);
|
|
|
|
foreach ($fields as $key) {
|
|
$sql->set(
|
|
"INSERT INTO token_permissions (token_id, field_key)
|
|
VALUES (?, ?)",
|
|
"is",
|
|
[$token['id'], $key]
|
|
);
|
|
}
|
|
|
|
$saved = true;
|
|
}
|
|
|
|
// Alle Felder der Identität
|
|
$allFields = $sql->get(
|
|
"SELECT DISTINCT field_key FROM identity_fields WHERE identity_id = ?",
|
|
"i",
|
|
[$token['identity_id']]
|
|
);
|
|
|
|
// Aktive Rechte
|
|
$allowed = $sql->get(
|
|
"SELECT field_key FROM token_permissions WHERE token_id = ?",
|
|
"i",
|
|
[$token['id']]
|
|
);
|
|
|
|
$allowedKeys = array_column($allowed, 'field_key');
|
|
?>
|
|
<!doctype html>
|
|
<html lang="de">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>UUID bearbeiten</title>
|
|
</head>
|
|
<body>
|
|
<h1>UUID verwalten</h1>
|
|
<p><strong><?= htmlspecialchars($uuid) ?></strong></p>
|
|
|
|
<?php if (!empty($saved)) echo '<p>Gespeichert ✔</p>'; ?>
|
|
|
|
<form method="post">
|
|
<h3>Sichtbare Informationen</h3>
|
|
|
|
<?php foreach ($allFields as $f): ?>
|
|
<label>
|
|
<input type="checkbox" name="fields[]" value="<?= htmlspecialchars($f['field_key']) ?>"
|
|
<?= in_array($f['field_key'], $allowedKeys) ? 'checked' : '' ?>>
|
|
<?= htmlspecialchars($f['field_key']) ?>
|
|
</label><br>
|
|
<?php endforeach; ?>
|
|
|
|
<h3>Ausgegeben an</h3>
|
|
<textarea name="issued_to" rows="4" cols="40"><?= htmlspecialchars($token['notes']) ?></textarea>
|
|
|
|
<br><br>
|
|
<button>Speichern</button>
|
|
</form>
|
|
|
|
<p><a href="admin.php">← Zurück</a></p>
|
|
</body>
|
|
</html>
|
|
<?php
|
|
exit;
|
|
}
|
|
|
|
/**
|
|
* 📊 ADMIN DASHBOARD
|
|
*/
|
|
$identities = $sql->get("SELECT * FROM identities ORDER BY id DESC");
|
|
$tokens = $sql->get("SELECT * FROM access_tokens ORDER BY created_at DESC");
|
|
|
|
?>
|
|
<!doctype html>
|
|
<html lang="de">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Admin Dashboard</title>
|
|
</head>
|
|
<body>
|
|
<h1>Admin Dashboard</h1>
|
|
|
|
<h2>Identitäten</h2>
|
|
<ul>
|
|
<?php foreach ($identities as $i): ?>
|
|
<li>ID <?= $i['id'] ?></li>
|
|
<?php endforeach; ?>
|
|
</ul>
|
|
|
|
<h2>UUIDs</h2>
|
|
<ul>
|
|
<?php foreach ($tokens as $t): ?>
|
|
<li>
|
|
<a href="admin.php?uuid=<?= htmlspecialchars($t['uuid']) ?>">
|
|
<?= htmlspecialchars($t['uuid']) ?>
|
|
</a>
|
|
</li>
|
|
<?php endforeach; ?>
|
|
</ul>
|
|
|
|
<p><a href="logout.php">Logout</a></p>
|
|
</body>
|
|
</html>
|