EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
151 Commits 3 Branches 0 Tags
django-migration
Commit Graph

151 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Naiel
174276da04 Many updates 2026-03-16 22:51:13 +00:00
Naiel
d4c17fc219 Eliminar tipos predeterminados de menú en la función comedor para simplificar la lógica de creación. 2026-03-16 21:39:42 +00:00
Naiel
b51281c817 Refactor event template styles for improved layout and responsiveness; remove unused Masonry script. 2026-03-16 14:59:27 +00:00
Naiel
01f907dc5e Refactor Aulario model and integrate with core; update views and templates for club events; enhance upload functionality with progress tracking; improve admin interfaces for better management; update requirements and CSS styles for improved UI. 2026-03-16 14:53:50 +00:00
Naiel
0f368bd89f Migration to django 2026-03-16 12:43:36 +00:00
Naiel
d82c100e19 Merge pull request #20 from Axia4/copilot/fix-http-500-error-menu-comedor-proyectos 
Fix HTTP 500 on AulaTek comedor and proyectos modules
 2026-03-07 22:07:49 +01:00
copilot-swe-agent[bot]
704acf4cc3 Fix HTTP 500 in comedor and proyectos: remove duplicate safe_filename declarations and fix api/comedor.php require paths 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 21:06:54 +00:00
copilot-swe-agent[bot]
7e7818f002 Initial plan 2026-03-07 20:58:40 +00:00
Naiel
a0a304e8ec Fix icon assignment to use null coalescing operator 2026-03-07 21:53:16 +01:00
Naiel
556ec6b838 Change Sf to Ssql for name input sanitization 2026-03-07 21:49:25 +01:00
Naiel
e22a96ed8b Merge pull request #19 from Axia4/copilot/add-upload-classroom-photo 
SysAdmin: Add aulario photo file upload
 2026-03-07 21:45:50 +01:00
copilot-swe-agent[bot]
3398bee812 Add aulario photo upload in SysAdmin; hide icon URL field 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 20:45:08 +00:00
copilot-swe-agent[bot]
36bacb1368 Initial plan 2026-03-07 20:42:19 +00:00
Naiel
41db3bf422 Merge pull request #18 from Axia4/copilot/add-delete-account-button 
Add delete account button (with confirmation) to sysadmin user edit page
 2026-03-07 20:59:43 +01:00
copilot-swe-agent[bot]
ce120cbd4f Add delete account button with confirmation in sysadmin/users.php?action=edit 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:53:33 +00:00
copilot-swe-agent[bot]
39eda13d94 Initial plan 2026-03-07 19:51:32 +00:00
Naiel
bef9babd0b Merge pull request #17 from Axia4/copilot/add-session-management-login 
Add proper session management: secure cookies, CSRF, connected devices, opaque remember token
 2026-03-07 20:43:08 +01:00
copilot-swe-agent[bot]
6f0ada0713 Replace auth_user+auth_pass_b64 cookies with secure opaque remember token 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:40:33 +00:00
copilot-swe-agent[bot]
868b8477e0 Add Dispositivos conectados (connected devices) session tracking 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:37:23 +00:00
copilot-swe-agent[bot]
c21dfad437 Add proper session management (CSRF, secure cookies, session tracking) 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:33:13 +00:00
copilot-swe-agent[bot]
b3a2795d66 Initial plan 2026-03-07 19:27:54 +00:00
Naiel
7b226b4bb2 Modify username generation to include unique ID 2026-03-07 20:27:14 +01:00
Naiel
378515d28a Enhance db_get_user to find user by email or username 
Updated db_get_user function to allow searching by email in addition to username.
 2026-03-07 20:25:13 +01:00
naielv
f1ac55f359 update pre-body.php 2026-03-07 20:04:41 +01:00
naielv
51437cca18 update 2026-03-07 20:00:56 +01:00
naielv
b2c1314c69 update 2026-03-07 19:51:48 +01:00
Naiel
9fed6f9af9 Merge pull request #16 from Axia4/copilot/make-app-feel-integrated 
Redesign UI to match Google Workspace integrated feel + SQLite DB with migrations, multi-tenant account management
 2026-03-07 13:34:58 +01:00
Naiel
f7d60a3c2a fix: corregir texto de descripción y limpiar código en la página principal 2026-03-07 12:34:22 +00:00
Naiel
a8936e55a2 Add organization management functionality and logo image 
- Implemented organization creation, editing, and activity management in orgs.php.
- Added safe path segment function to sanitize input.
- Included file upload handling for activity photos.
- Created a new logo image for the application.
 2026-03-07 12:30:08 +00:00
copilot-swe-agent[bot]
6aaee59b3d fix: address code review feedback (DB filename, migration query, error handling) 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 22:02:32 +00:00
copilot-swe-agent[bot]
0c362fd40b feat: SQLite DB with migrations replaces all JSON file storage 
- Add db.php with PDO singleton, migration runner, and all helper functions
- Add migrations/001_initial_schema.sql (full schema)
- Add migrations/002_import_json.php (one-time JSON → DB importer)
- Add _incl/switch_tenant.php POST endpoint for tenant/centro switching
- Update tools.auth.php: DB-backed login, cookie auth, session reload, init_active_centro()
- Update all sysadmin pages (users, centros, aularios, invitations, reset_password) to use DB
- Update aulatek/index.php, aulario.php, supercafe.php, supercafe_edit.php to use DB
- Update aulatek/comedor.php and api/comedor.php to use DB
- Update aulatek/paneldiario.php: aulario config + comedor data from DB
- Update aulatek/proyectos.php: aulario config + sharing metadata from DB
- Update club/cal.php, index.php, edit_data.php, upload/upload.php to use DB
- Update account/index.php: rich profile, tenant list, aula list, session info, permissions
- Update pre-body.php account dropdown: shows active org + inline tenant switcher
- Update DATA_STRUCTURE.md to document DB approach and migration system

Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 22:00:48 +00:00
copilot-swe-agent[bot]
937a0f4083 Plan: real SQLite DB with migrations system 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 21:37:34 +00:00
copilot-swe-agent[bot]
c0a93ce109 Redesign UI to match Google Workspace integrated feel 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 20:50:53 +00:00
copilot-swe-agent[bot]
7e85c2a1f2 Initial plan 2026-03-06 20:40:10 +00:00
Naiel
b6cc385092 Mejorar estilo de entrada en el generador de letras A4: ajustar propiedades de color y contorno 2026-03-05 14:10:26 +00:00
Naiel
dc198f16ea Add A4 Letter Generator with customizable fonts and styles for printing 2026-03-05 14:07:25 +00:00
Naiel
8694d5a470 Agregar botón "Abrir" en la lista de archivos y cambiar altura mínima del contenedor en la página principal 2026-03-05 13:55:58 +00:00
Naiel
a881d90398 Remove entreaulas in favor of TeleSec. 2026-03-05 13:44:21 +00:00
naielv
1b3f4b619f Refactor seguridad: agregar funciones de sanitización y reestructurar código en varios archivos 2026-02-26 23:27:44 +01:00
Naiel
da9c495769 Merge pull request #13 from Axia4/copilot/add-supercafe-module 
Add SuperCafe module inside EntreAulas
 2026-02-21 22:09:37 +01:00
copilot-swe-agent[bot]
6e4496b050 SuperCafe: use Alumnos for persons, fix sysadmin add-user form 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-21 21:07:46 +00:00
Naiel
4e9c9bcf96 Update filename sanitization method 
Sanitize the filename by removing path information.
 2026-02-21 21:57:14 +01:00
copilot-swe-agent[bot]
69d7e46dc8 Add SuperCafe module inside EntreAulas based on TeleSec supercafe.js 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-21 19:12:26 +00:00
copilot-swe-agent[bot]
322ab38fd1 Initial plan 2026-02-21 19:02:41 +00:00
Naiel
fd3576674c Merge pull request #12 from Axia4/copilot/fix-security-issues 
Security: fix auth bypass, open redirects, broken cookie security, OAuth CSRF, and Sf() misuse across EntreAulas
 2026-02-21 20:00:31 +01:00
copilot-swe-agent[bot]
56918315ea Security: improve login auth check to use if/elseif structure for clarity 
Remove the intermediate variable pattern that could potentially allow
authentication without a valid password_hash, using an if/elseif pattern instead.

Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-21 18:56:35 +00:00
copilot-swe-agent[bot]
ffb6b6ce45 Security: fix auth bypass, open redirects, cookie security, OAuth CSRF, and Sf() misuse 
- Fix critical inverted authentication logic in tools.auth.php (password_verify was inverted)
- Fix broken Sf() misuse for username lookups (was always returning empty string)
- Add safe_username_to_filename() to tools.security.php for proper username handling
- Fix open redirect vulnerability in _login.php for all redirect targets
- Add HttpOnly, Secure, SameSite cookie flags to all setcookie() calls
- Add CSRF nonce to OAuth state parameter and verify it on callback
- Add session_regenerate_id(true) after successful login
- Remove redundant session_regenerate_id() from tools.session.php (was called on every request)
- Add authentication check to entreaulas/_filefetch.php
- Fix broken Sf() usage in entreaulas pages (aulario.php, comedor.php, diario.php, paneldiario.php, proyectos.php, api/comedor.php)
- Fix broken Sf() usage in sysadmin/users.php and sysadmin/reset_password.php

Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-21 18:55:06 +00:00
copilot-swe-agent[bot]
35fa27b199 Initial plan 2026-02-21 18:40:16 +00:00
Naiel
5c277ab969 Delete .github/workflows/codacy.yml 2026-02-21 19:36:13 +01:00
naielv
57ec8e57fc Refactor: update path for tools.security.php inclusion across multiple files 2026-02-19 22:45:15 +01:00