troy-grunt/businesscard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79f49441f724b3925858e15b26a56cf4f840b1a6
businesscard/www/admin.php

473 lines
12 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
require '_sql.php';
require '_func.php';
require '_user.php';
session_start();
$ip = $_SERVER['REMOTE_ADDR'];
/* ─────────────────────────────
Security
───────────────────────────── */
if (isIpLocked($ip, $sql)) {
http_response_code(403);
exit('Zu viele Fehlversuche.');
}
/* ─────────────────────────────
Login
───────────────────────────── */
if (!($_SESSION['is_admin'] ?? false)) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$u = $_POST['username'] ?? '';
$p = $_POST['password'] ?? '';
if (
$u !== $admin_user ||
$p !== $admin_password
) {
registerFailedLogin($ip, $sql);
$error = 'Login fehlgeschlagen';
} else {
clearLoginAttempts($ip, $sql);
$_SESSION['is_admin'] = true;
header('Location: admin.php');
exit;
}
}
?>
<!doctype html>
<html lang="de">
<head>
<meta charset="utf-8">
<title>Admin Login</title>
<style>
body {
font-family: system-ui, sans-serif;
background:#0f172a;
color:#e5e7eb;
display:flex;
justify-content:center;
align-items:center;
height:100vh;
}
form {
background:#020617;
padding:2rem;
border-radius:12px;
width:320px;
}
input,button {
width:100%;
padding:.6rem;
margin-top:.75rem;
}
button {
background:#38bdf8;
border:0;
cursor:pointer;
}
.err { color:#f87171; margin-top:.5rem; }
</style>
</head>
<body>
<form method="post">
<h2>Admin Login</h2>
<input name="username" placeholder="Benutzername" required>
<input name="password" type="password" placeholder="Passwort" required>
<button>Login</button>
<?php if (!empty($error)): ?>
<div class="err"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
</form>
</body>
</html>
<?php
exit;
}
/* ─────────────────────────────
Action Routing
───────────────────────────── */
$action = $_GET['action'] ?? null;
/* ─────────────────────────────
UUID DIRECT ACCESS (?uuid=...)
Create flow if missing
───────────────────────────── */
if (!$action && isset($_GET['uuid'])) {
$uuid = $_GET['uuid'];
// Prüfen ob UUID existiert
$token = $sql->single(
"SELECT * FROM access_tokens WHERE uuid = ?",
"s",
[$uuid]
);
if ($token) {
// UUID existiert → weiter zum edit-Formular
$action = 'uuid_edit';
$_GET['uuid'] = $uuid;
} else {
// UUID existiert nicht → Initial-Form
$action = 'uuid_create_initial';
$_GET['uuid'] = $uuid;
}
}
/* ─────────────────────────────
CREATE IDENTITY
───────────────────────────── */
if ($action === 'identity_create') {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$name = trim($_POST['name'] ?? '');
if ($name !== '') {
$sql->set(
"INSERT INTO identities (name) VALUES (?)",
"s",
[$name]
);
header('Location: admin.php');
exit;
}
}
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>Identität anlegen</title></head>
<body>
<h1>Neue Identität</h1>
<form method="post">
<input name="name" placeholder="Name der Identität" required>
<button>Speichern</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
INITIAL UUID CREATION
───────────────────────────── */
if ($action === 'uuid_create_initial') {
$uuid = $_GET['uuid'];
// Alle Identitäten für Auswahl
$identities = $sql->get("SELECT * FROM identities ORDER BY name ASC");
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$identityId = (int)($_POST['identity_id'] ?? 0);
$notes = trim($_POST['notes'] ?? '');
if (!$identityId) {
$error = 'Bitte eine Identität auswählen.';
} else {
// UUID anlegen
$sql->set(
"INSERT INTO access_tokens (identity_id, uuid, notes) VALUES (?, ?, ?)",
"iss",
[$identityId, $uuid, $notes]
);
// Weiterleiten zum Bearbeitungsformular
header("Location: admin.php?action=uuid_edit&uuid=$uuid");
exit;
}
}
?>
<!doctype html>
<html>
<head><meta charset="utf-8"><title>Neue UUID anlegen</title></head>
<body>
<h1>Neue UUID anlegen</h1>
<form method="post">
<label>Identität auswählen:
<select name="identity_id" required>
<option value="">-- bitte wählen --</option>
<?php foreach ($identities as $i): ?>
<option value="<?= $i['id'] ?>"><?= htmlspecialchars($i['name']) ?></option>
<?php endforeach; ?>
</select>
</label>
<br><br>
<label>Notiz (optional):<br>
<textarea name="notes" rows="3"></textarea>
</label>
<br><br>
<button>Speichern</button>
</form>
<?php if (!empty($error)): ?>
<p style="color:red"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<p><a href="admin.php">← zurück zum Dashboard</a></p>
</body>
</html>
<?php
exit;
}
/* ─────────────────────────────
EDIT IDENTITY
───────────────────────────── */
if ($action === 'identity_edit') {
$id = (int)($_GET['id'] ?? 0);
$identity = $sql->single(
"SELECT * FROM identities WHERE id = ?",
"i",
[$id]
);
if (!$identity) {
exit('Identität nicht gefunden');
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['rename'])) {
$sql->set(
"UPDATE identities SET name = ? WHERE id = ?",
"si",
[trim($_POST['name']), $id]
);
}
if (isset($_POST['add_field'])) {
$sql->set(
"INSERT INTO identity_fields (identity_id, field_key, field_value)
VALUES (?, ?, ?)",
"iss",
[$id, trim($_POST['key']), trim($_POST['value'])]
);
//TODO typ
}
header("Location: admin.php?action=identity_edit&id=$id");
exit;
}
$fields = $sql->get(
"SELECT * FROM identity_fields WHERE identity_id = ?",
"i",
[$id]
);
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>Identität bearbeiten</title></head>
<body>
<h1><?= htmlspecialchars($identity['name']) ?></h1>
<form method="post">
<input name="name" value="<?= htmlspecialchars($identity['name']) ?>">
<button name="rename">Umbenennen</button>
</form>
<h2>Felder</h2>
<ul>
<?php foreach ($fields as $f): ?>
<li>
<strong><?= htmlspecialchars($f['field_key']) ?>:</strong>
<?= htmlspecialchars($f['field_value']) ?>
</li>
<?php endforeach; ?>
</ul>
<form method="post">
<input name="key" placeholder="Feldname" required>
<input name="value" placeholder="Wert" required>
<button name="add_field"> Feld hinzufügen</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
CREATE UUID
───────────────────────────── */
if ($action === 'uuid_create') {
$identityId = (int)($_GET['identity_id'] ?? 0);
$uuid = uuid_create(UUID_TYPE_RANDOM);
$sql->set(
"INSERT INTO access_tokens (identity_id, uuid)
VALUES (?, ?)",
"is",
[$identityId, $uuid]
);
header("Location: admin.php?action=uuid_edit&uuid=$uuid");
exit;
}
/* ─────────────────────────────
EDIT UUID
───────────────────────────── */
if ($action === 'uuid_edit') {
$uuid = $_GET['uuid'] ?? '';
$token = $sql->single(
"SELECT * FROM access_tokens WHERE uuid = ?",
"s",
[$uuid]
);
if (!$token) exit('UUID nicht gefunden');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$sql->set(
"DELETE FROM token_permissions WHERE token_id = ?",
"i",
[$token['id']]
);
foreach ($_POST['fields'] ?? [] as $key) {
$sql->set(
"INSERT INTO token_permissions (token_id, field_key)
VALUES (?, ?)",
"is",
[$token['id'], $key]
);
}
$sql->set(
"UPDATE access_tokens SET notes = ? WHERE id = ?",
"si",
[trim($_POST['notes']), $token['id']]
);
}
// Alle Felder der zugehörigen Identität
$fields = $sql->get(
"SELECT field_key, field_value FROM identity_fields WHERE identity_id = ?",
"i",
[$token['identity_id']]
);
// Welche Felder aktuell für diesen Token erlaubt sind
$allowed = array_column(
$sql->get(
"SELECT field_key FROM token_permissions WHERE token_id = ?",
"i",
[$token['id']]
),
'field_key'
);
// Name der Identität
$identity = $sql->single(
"SELECT name FROM identities WHERE id = ?",
"i",
[$token['identity_id']]
);
?>
<!doctype html>
<html><head><meta charset="utf-8"><title>UUID bearbeiten</title></head>
<body>
<h1>UUID bearbeiten</h1>
<p><strong>UUID:</strong> <code><?= htmlspecialchars($uuid) ?></code></p>
<p><strong>Identität:</strong> <?= htmlspecialchars($identity['name']) ?></p>
<form method="post">
<h3>Sichtbare Felder</h3>
<?php foreach ($fields as $f): ?>
<label>
<input type="checkbox" name="fields[]"
value="<?= htmlspecialchars($f['field_key']) ?>"
<?= in_array($f['field_key'], $allowed) ? 'checked' : '' ?>>
<?= htmlspecialchars($f['field_key']) ?>:
<em><?= htmlspecialchars($f['field_value']) ?></em>
</label><br>
<?php endforeach; ?>
<h3>Notiz</h3>
<textarea name="notes" rows="4"><?= htmlspecialchars($token['notes']) ?></textarea>
<br>
<button>Speichern</button>
</form>
<p><a href="admin.php">← zurück</a></p>
</body></html>
<?php
exit;
}
/* ─────────────────────────────
DASHBOARD (UUIDs + Identitäten)
───────────────────────────── */
$tokens = $sql->get(
"SELECT t.uuid, t.notes, i.name AS identity_name
FROM access_tokens t
JOIN identities i ON t.identity_id = i.id
ORDER BY t.created_at DESC"
);
$identities = $sql->get("SELECT * FROM identities ORDER BY id DESC");
?>
<!doctype html>
<html lang="de">
<head><meta charset="utf-8"><title>Admin Dashboard</title></head>
<body>
<h1>Admin Dashboard</h1>
<p><a href="admin.php?action=identity_create"> Identität anlegen</a></p>
<h2>Alle UUIDs</h2>
<?php if (!empty($tokens)): ?>
<table border="1" cellpadding="5" cellspacing="0">
<thead>
<tr>
<th>UUID</th>
<th>Identität</th>
<th>Notiz</th>
<th>Aktion</th>
</tr>
</thead>
<tbody>
<?php foreach ($tokens as $t): ?>
<tr>
<td><code><?= htmlspecialchars($t['uuid']) ?></code></td>
<td><?= htmlspecialchars($t['identity_name']) ?></td>
<td><?= htmlspecialchars($t['notes']) ?></td>
<td><a href="admin.php?action=uuid_edit&uuid=<?= urlencode($t['uuid']) ?>">bearbeiten</a></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php else: ?>
<p>Keine UUIDs vorhanden.</p>
<?php endif; ?>
<hr>
<h2>Identitäten</h2>
<ul>
<?php foreach ($identities as $i): ?>
<li>
<strong><?= htmlspecialchars($i['name']) ?></strong>
<a href="admin.php?action=identity_edit&id=<?= $i['id'] ?>">bearbeiten</a>
</li>
<?php endforeach; ?>
</ul>
<p><a href="logout.php">Logout</a></p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink