Credentials can now be hidden from the customer
Credentials can now be hidden from the customer

--- a/Install/index.php
+++ b/Install/index.php
@@ -478,6 +478,7 @@
   `Address` blob,
   `UName` blob,
   `Custom` blob,
+  `hidden` tinyint(1) DEFAULT 0,
   PRIMARY KEY (`id`),
   KEY `idx_Cred_Group` (`Group`),
   KEY `idx_cred_cust` (`cust`)

--- a/Resources/main.js
+++ b/Resources/main.js
@@ -96,8 +96,12 @@
   if (count <= 0 || cancel == 1)
   {
      clearInterval(counter);
+     if (document.getElementById('credHidden'+id)){
+     field.innerHTML = 'Display<span class="DisPwdText"> Username</span>';  
+     }else{
+     field.innerHTML = 'Display<span class="DisPwdText"> Password</span>';  
+     }
      
-     field.innerHTML = 'Display<span class="DisPwdText"> Password</span>';
      document.getElementById('Address'+id).innerHTML = '';
      document.getElementById('UserName'+id).innerHTML = '';
      document.getElementById('Password'+id).innerHTML = '';
@@ -106,7 +110,7 @@
      return;
   }
 
-  field.innerHTML = 'Displaying Password for ' +count+ ' seconds';
+  field.innerHTML = 'Displaying for ' +count+ ' seconds';
 }
 
 

--- a/lib/API.php
+++ b/lib/API.php
@@ -82,7 +82,13 @@
     $key = 'Cre'.$cred->CredType;
 
     // Build the response
+
+    if ((BTMain::getUser()->PortalLogin != 1) || ($cred->hidden !=1)){
     $pass = htmlspecialchars($crypt->decrypt($cred->Hash,$key));
+    }else{
+    $pass = "<span style='font-size: x-small'>You are not authorised to view this password</span>";
+    }
+
     $address = htmlspecialchars($crypt->decrypt($cred->Address,$key));
     $uname = htmlspecialchars($crypt->decrypt($cred->UName,$key));
 

--- a/lib/db/Credentials.php
+++ b/lib/db/Credentials.php
@@ -60,7 +60,7 @@
 
 $id = $this->stringEscape($id);
 
-$sql = "SELECT Hash, Clicky, Address, UName, CredType, `Group` FROM #__Cred WHERE id='$id' AND ($ACL)";
+$sql = "SELECT Hash, Clicky, Address, UName, CredType, `hidden`, `Group` FROM #__Cred WHERE id='$id' AND ($ACL)";
 $this->setQuery($sql);
 
 
@@ -211,7 +211,7 @@
 *
 * @return object
 */
-function addCred($cust,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '')
+function addCred($cust,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '',$hidden = 0)
 {
 
 
@@ -239,10 +239,11 @@
 $clicky = $this->stringEscape($clicky);
 $date = date('Y-m-d H:i:s');
 $group = $this->stringEscape($group);
-
-
-$sql = "INSERT INTO #__Cred (`cust`,`Added`,`Group`,`Hash`,`CredType`,`Clicky`,`Address`,`UName`) ".
-"VALUES ('$cust','$date','$group','$cred','$credtype','$clicky','$address','$uname')";
+$hidden = $this->stringEscape($hidden);
+
+
+$sql = "INSERT INTO #__Cred (`cust`,`Added`,`Group`,`Hash`,`CredType`,`Clicky`,`Address`,`UName`,`hidden`) ".
+"VALUES ('$cust','$date','$group','$cred','$credtype','$clicky','$address','$uname','$hidden')";
 $this->setQuery($sql);
 
 $id = $this->insertID();
@@ -272,7 +273,7 @@
 *
 * @return object
 */
-function editCred($id,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '')
+function editCred($id,$credtype,$cred,$clicky,$group = 1,$address = '', $uname = '', $hidden = 0)
 {
 
 
@@ -280,6 +281,7 @@
 $crypt = new Crypto;
 $ACL = BTMain::buildACLQuery();
 $credtype = $this->stringEscape($credtype);
+$hidden = $this->stringEscape($hidden);
 $id = $this->stringEscape($id);
 $date = date('Y-m-d H:i:s');
 $group = $this->stringEscape($group);
@@ -287,7 +289,7 @@
 
 // build the SQL
 
-$sql = "UPDATE #__Cred SET `Added`='$date', `Group`='$group',";
+$sql = "UPDATE #__Cred SET `Added`='$date', `Group`='$group', hidden='$hidden',";
 
 if ($cred){
 $cred = $crypt->encrypt($cred,'Cre'.$credtype);
@@ -312,6 +314,7 @@
 $uname = $this->stringEscape($uname);
 $sql .= "`UName`='$uname',";
 }
+
 
 // Get rid of the last comma to prevent a syntax error
 $sql = rtrim($sql,",");

--- a/lib/db/Customer.php
+++ b/lib/db/Customer.php
@@ -171,7 +171,7 @@
 
 $ACL = BTMain::buildACLQuery();
 
-$sql = "SELECT a.CredType, a.id, b.Name as CredName, c.Name FROM #__Cred as a LEFT JOIN #__CredTypes as b on a.CredType = b.id LEFT JOIN #__Cust as c ON a.cust = c.id ".
+$sql = "SELECT a.CredType, a.id, a.hidden, b.Name as CredName, c.Name FROM #__Cred as a LEFT JOIN #__CredTypes as b on a.CredType = b.id LEFT JOIN #__Cust as c ON a.cust = c.id ".
 "WHERE a.cust='$id' AND (" . str_replace("`Group`","a.`Group`",$ACL) . ") AND (" . str_replace("`Group`","c.`Group`",$ACL) . ")";
 $this->setQuery($sql);
 return $this->loadResults();

--- a/views/Creds/add.php
+++ b/views/Creds/add.php
@@ -20,6 +20,7 @@
   $cred = BTMain::getVar('frmCredential');
   $addr = BTMain::getVar('frmAddress');
   $user = BTMain::getVar('frmUser');
+  $hidden = BTMain::getVar('frmHidden');
   
   if (!BTMain::getConnTypeSSL()){
 	    $crypt = new Crypto;
@@ -30,7 +31,7 @@
 	 }
 
 
-  $newcred = $creds->addCred(BTMain::getVar('cust'),BTMain::getVar('FrmCredType'),$cred,BTMain::getVar('frmClicky'),BTMain::getVar('frmGroup'),$addr,$user);
+  $newcred = $creds->addCred(BTMain::getVar('cust'),BTMain::getVar('FrmCredType'),$cred,BTMain::getVar('frmClicky'),BTMain::getVar('frmGroup'),$addr,$user,$hidden);
   // Add the cred to the db
   if ($newcred){
   // Success
@@ -124,7 +125,7 @@
 <label for="frmAddress"><?php echo Lang::_("Address");?></label><input type="text" name="frmAddress" id="frmAddress">
 
 
-
+<label for="frmCredentialHidden">Hide from Customer</label><input type="checkbox" name="frmHidden" id="frmHidden" value="1">
 <?php include 'lib/includes/groupSelection.php'; ?>
 
 

--- a/views/Creds/edit.php
+++ b/views/Creds/edit.php
@@ -30,6 +30,12 @@
 $address = BTMain::getVar('frmAddress');
 $uname = BTMain::getVar('frmUser');
 $group = BTMain::getVar('frmGroup');
+
+if (BTMain::getUser()->PortalLogin != 1){
+$hidden = BTMain::getVar('frmHidden');
+}else{
+$hidden = 0;
+}
   
   if (!BTMain::getConnTypeSSL()){
 	    $crypt = new Crypto;
@@ -51,7 +57,7 @@
 
 
   // Add the cred to the db
-  if ($creds->editCred($id,$credtype,$cred,$clicky,$group,$address,$uname)){
+  if ($creds->editCred($id,$credtype,$cred,$clicky,$group,$address,$uname,$hidden)){
   // Success
   $notifications->setNotification("addCredSuccess");
       $data->cred->id = $id;
@@ -119,14 +125,14 @@
 
 <label for='FrmCredType'><?php echo Lang::_("Credential Type");?></label><select id="FrmCredType" name="FrmCredType" readonly='readonly'>
 <?php 
-foreach ($credtypes as $cred){
+foreach ($credtypes as $credt){
 
 ?>
-<option value="<?php echo $cred->id;?>" 
-<?php if ($credtype == $cred->id):?>
+<option value="<?php echo $credt->id;?>" 
+<?php if ($credtype == $credt->id):?>
 selected
 <?php endif; ?>
-><?php echo htmlspecialchars($crypt->decrypt($cred->Name,'CredType'));?></option>
+><?php echo htmlspecialchars($crypt->decrypt($credt->Name,'CredType'));?></option>
 <?php
 
 }
@@ -139,6 +145,10 @@
 <label for="frmCredential"><?php echo Lang::_("Password");?></label><textarea id="frmCredential" name="frmCredential">NOCHANGE</textarea>
 <a href="javascript: genPwd('frmCredential',10);">Generate Password</a>
 <label for="frmAddress"><?php echo Lang::_("Address");?></label><input type="text" name="frmAddress" id="frmAddress" value="NOCHANGE">
+
+<?php if (BTMain::getUser()->PortalLogin != 1): ?>
+<label for="frmCredentialHidden">Hide from Customer</label><input type="checkbox" name="frmHidden" id="frmHidden" value="1" <?php if ($cred->hidden){ echo "checked"; }?>>
+<?php endif; ?>
 
 <?php
 

--- a/views/Customer/view.php
+++ b/views/Customer/view.php
@@ -89,12 +89,22 @@
     <?php echo $cname;?>
   </td>
 
-  
+
   <td class="passViewNotif" onclick="getCreds('<?php echo $customer->id;?>');">
   <input type="hidden" id="clickCount<?php echo $customer->id;?>" value="0" disabled="disabled">
     <input type="hidden" id="PassCount<?php echo $customer->id;?>" value="<?php echo BTMain::getConf()->CredDisplay; ?>">
-    <span class='retrievePassword' id='retrievePassword<?php echo $customer->id;?>'>Display<span class='DisPwdText'> Password</span></span>
+    <span class='retrievePassword' id='retrievePassword<?php echo $customer->id;?>'>Display<span class='DisPwdText'> 
+
+  <?php if (($portallogin != 1) || ($customer->hidden !=1)): ?>
+      Password
+  <?php else: ?>
+      Username <input type="hidden" disabled="disabled" id="credHidden<?php echo $customer->id; ?>">
+  <?php endif; ?>
+</span></span>
   </td>
+
+   
+
 
   <td>
     <span id='Address<?php echo $customer->id;?>' class='CredAddress'></span>
@@ -110,7 +120,7 @@
 
 
 <td class='editicon' onclick="window.location.href = 'index.php?option=editCred&id=<?php echo $customer->id;?>'">
-<i class="icon-pencil"></i>
+ <?php if (($portallogin != 1) || ($customer->hidden !=1)): ?><i class="icon-pencil"></i><?php endif; ?>
 </td>
 
   <td class='delicon' onclick="DelCred('<?php echo $customer->id;?>');">