Credentials can now be hidden from the customer
--- a/Install/index.php
+++ b/Install/index.php
@@ -478,6 +478,7 @@
`Address` blob,
`UName` blob,
`Custom` blob,
+ `hidden` tinyint(1) DEFAULT 0,
PRIMARY KEY (`id`),
KEY `idx_Cred_Group` (`Group`),
KEY `idx_cred_cust` (`cust`)
--- a/Resources/main.js
+++ b/Resources/main.js
@@ -96,8 +96,12 @@
if (count <= 0 || cancel == 1)
{
clearInterval(counter);
+ if (document.getElementById('credHidden'+id)){
+ field.innerHTML = 'Display<span class="DisPwdText"> Username</span>';
+ }else{
+ field.innerHTML = 'Display<span class="DisPwdText"> Password</span>';
+ }
- field.innerHTML = 'Display<span class="DisPwdText"> Password</span>';
document.getElementById('Address'+id).innerHTML = '';
document.getElementById('UserName'+id).innerHTML = '';
document.getElementById('Password'+id).innerHTML = '';
@@ -106,7 +110,7 @@
return;
}
- field.innerHTML = 'Displaying Password for ' +count+ ' seconds';
+ field.innerHTML = 'Displaying for ' +count+ ' seconds';
}
--- a/lib/API.php
+++ b/lib/API.php
@@ -82,7 +82,13 @@
$key = 'Cre'.$cred->CredType;
// Build the response
+
+ if ((BTMain::getUser()->PortalLogin != 1) || ($cred->hidden !=1)){
$pass = htmlspecialchars($crypt->decrypt($cred->Hash,$key));
+ }else{
+ $pass = "<span style='font-size: x-small'>You are not authorised to view this password</span>";
+ }
+
$address = htmlspecialchars($crypt->decrypt($cred->Address,$key));
$uname = htmlspecialchars($crypt->decrypt($cred->UName,$key));
--- a/lib/db/Credentials.php
+++ b/lib/db/Credentials.php
@@ -60,7 +60,7 @@
$id = $this->stringEscape($id);
-$sql = "SELECT Hash, Clicky, Address, UName, CredType, `Group` FROM #__Cred WHERE id='$id' AND ($ACL)";
+$sql = "SELECT Hash, Clicky, Address, UName, CredType, `hidden`, `Group` FROM #__Cred WHERE id='$id' AND ($ACL)";
$this->setQuery($sql);
@@ -211,7 +211,7 @@
*
* @return object
*/
-function addCred($cust,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '')
+function addCred($cust,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '',$hidden = 0)
{
@@ -239,10 +239,11 @@
$clicky = $this->stringEscape($clicky);
$date = date('Y-m-d H:i:s');
$group = $this->stringEscape($group);
-
-
-$sql = "INSERT INTO #__Cred (`cust`,`Added`,`Group`,`Hash`,`CredType`,`Clicky`,`Address`,`UName`) ".
-"VALUES ('$cust','$date','$group','$cred','$credtype','$clicky','$address','$uname')";
+$hidden = $this->stringEscape($hidden);
+
+
+$sql = "INSERT INTO #__Cred (`cust`,`Added`,`Group`,`Hash`,`CredType`,`Clicky`,`Address`,`UName`,`hidden`) ".
+"VALUES ('$cust','$date','$group','$cred','$credtype','$clicky','$address','$uname','$hidden')";
$this->setQuery($sql);
$id = $this->insertID();
@@ -272,7 +273,7 @@
*
* @return object
*/
-function editCred($id,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '')
+function editCred($id,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '', $hidden = 0)
{
@@ -280,6 +281,7 @@
$crypt = new Crypto;
$ACL = BTMain::buildACLQuery();
$credtype = $this->stringEscape($credtype);
+$hidden = $this->stringEscape($hidden);
$id = $this->stringEscape($id);
$date = date('Y-m-d H:i:s');
$group = $this->stringEscape($group);
@@ -287,7 +289,7 @@
// build the SQL
-$sql = "UPDATE #__Cred SET `Added`='$date', `Group`='$group',";
+$sql = "UPDATE #__Cred SET `Added`='$date', `Group`='$group', hidden='$hidden',";
if ($cred){
$cred = $crypt->encrypt($cred,'Cre'.$credtype);
@@ -312,6 +314,7 @@
$uname = $this->stringEscape($uname);
$sql .= "`UName`='$uname',";
}
+
// Get rid of the last comma to prevent a syntax error
$sql = rtrim($sql,",");
--- a/lib/db/Customer.php
+++ b/lib/db/Customer.php
@@ -171,7 +171,7 @@
$ACL = BTMain::buildACLQuery();
-$sql = "SELECT a.CredType, a.id, b.Name as CredName, c.Name FROM #__Cred as a LEFT JOIN #__CredTypes as b on a.CredType = b.id LEFT JOIN #__Cust as c ON a.cust = c.id ".
+$sql = "SELECT a.CredType, a.id, a.hidden, b.Name as CredName, c.Name FROM #__Cred as a LEFT JOIN #__CredTypes as b on a.CredType = b.id LEFT JOIN #__Cust as c ON a.cust = c.id ".
"WHERE a.cust='$id' AND (" . str_replace("`Group`","a.`Group`",$ACL) . ") AND (" . str_replace("`Group`","c.`Group`",$ACL) . ")";
$this->setQuery($sql);
return $this->loadResults();
--- a/views/Creds/add.php
+++ b/views/Creds/add.php
@@ -20,6 +20,7 @@
$cred = BTMain::getVar('frmCredential');
$addr = BTMain::getVar('frmAddress');
$user = BTMain::getVar('frmUser');
+ $hidden = BTMain::getVar('frmHidden');
if (!BTMain::getConnTypeSSL()){
$crypt = new Crypto;
@@ -30,7 +31,7 @@
}
- $newcred = $creds->addCred(BTMain::getVar('cust'),BTMain::getVar('FrmCredType'),$cred,BTMain::getVar('frmClicky'),BTMain::getVar('frmGroup'),$addr,$user);
+ $newcred = $creds->addCred(BTMain::getVar('cust'),BTMain::getVar('FrmCredType'),$cred,BTMain::getVar('frmClicky'),BTMain::getVar('frmGroup'),$addr,$user,$hidden);
// Add the cred to the db
if ($newcred){
// Success
@@ -124,7 +125,7 @@
<label for="frmAddress"><?php echo Lang::_("Address");?></label><input type="text" name="frmAddress" id="frmAddress">
-
+<label for="frmCredentialHidden">Hide from Customer</label><input type="checkbox" name="frmHidden" id="frmHidden" value="1">
<?php include 'lib/includes/groupSelection.php'; ?>
--- a/views/Creds/edit.php
+++ b/views/Creds/edit.php
@@ -30,6 +30,12 @@
$address = BTMain::getVar('frmAddress');
$uname = BTMain::getVar('frmUser');
$group = BTMain::getVar('frmGroup');
+
+if (BTMain::getUser()->PortalLogin != 1){
+$hidden = BTMain::getVar('frmHidden');
+}else{
+$hidden = 0;
+}
if (!BTMain::getConnTypeSSL()){
$crypt = new Crypto;
@@ -51,7 +57,7 @@
// Add the cred to the db
- if ($creds->editCred($id,$credtype,$cred,$clicky,$group,$address,$uname)){
+ if ($creds->editCred($id,$credtype,$cred,$clicky,$group,$address,$uname,$hidden)){
// Success
$notifications->setNotification("addCredSuccess");
$data->cred->id = $id;
@@ -119,14 +125,14 @@
<label for='FrmCredType'><?php echo Lang::_("Credential Type");?></label><select id="FrmCredType" name="FrmCredType" readonly='readonly'>
<?php
-foreach ($credtypes as $cred){
+foreach ($credtypes as $credt){
?>
-<option value="<?php echo $cred->id;?>"
-<?php if ($credtype == $cred->id):?>
+<option value="<?php echo $credt->id;?>"
+<?php if ($credtype == $credt->id):?>
selected
<?php endif; ?>
-><?php echo htmlspecialchars($crypt->decrypt($cred->Name,'CredType'));?></option>
+><?php echo htmlspecialchars($crypt->decrypt($credt->Name,'CredType'));?></option>
<?php
}
@@ -139,6 +145,10 @@
<label for="frmCredential"><?php echo Lang::_("Password");?></label><textarea id="frmCredential" name="frmCredential">NOCHANGE</textarea>
<a href="javascript: genPwd('frmCredential',10);">Generate Password</a>
<label for="frmAddress"><?php echo Lang::_("Address");?></label><input type="text" name="frmAddress" id="frmAddress" value="NOCHANGE">
+
+<?php if (BTMain::getUser()->PortalLogin != 1): ?>
+<label for="frmCredentialHidden">Hide from Customer</label><input type="checkbox" name="frmHidden" id="frmHidden" value="1" <?php if ($cred->hidden){ echo "checked"; }?>>
+<?php endif; ?>
<?php
--- a/views/Customer/view.php
+++ b/views/Customer/view.php
@@ -89,12 +89,22 @@
<?php echo $cname;?>
</td>
-
+
<td class="passViewNotif" onclick="getCreds('<?php echo $customer->id;?>');">
<input type="hidden" id="clickCount<?php echo $customer->id;?>" value="0" disabled="disabled">
<input type="hidden" id="PassCount<?php echo $customer->id;?>" value="<?php echo BTMain::getConf()->CredDisplay; ?>">
- <span class='retrievePassword' id='retrievePassword<?php echo $customer->id;?>'>Display<span class='DisPwdText'> Password</span></span>
+ <span class='retrievePassword' id='retrievePassword<?php echo $customer->id;?>'>Display<span class='DisPwdText'>
+
+ <?php if (($portallogin != 1) || ($customer->hidden !=1)): ?>
+ Password
+ <?php else: ?>
+ Username <input type="hidden" disabled="disabled" id="credHidden<?php echo $customer->id; ?>">
+ <?php endif; ?>
+</span></span>
</td>
+
+
+
<td>
<span id='Address<?php echo $customer->id;?>' class='CredAddress'></span>
@@ -110,7 +120,7 @@
<td class='editicon' onclick="window.location.href = 'index.php?option=editCred&id=<?php echo $customer->id;?>'">
-<i class="icon-pencil"></i>
+ <?php if (($portallogin != 1) || ($customer->hidden !=1)): ?><i class="icon-pencil"></i><?php endif; ?>
</td>
<td class='delicon' onclick="DelCred('<?php echo $customer->id;?>');">