EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
146 Commits 3 Branches 0 Tags
main
Commit Graph

41 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
704acf4cc3 Fix HTTP 500 in comedor and proyectos: remove duplicate safe_filename declarations and fix api/comedor.php require paths 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 21:06:54 +00:00
copilot-swe-agent[bot]
6f0ada0713 Replace auth_user+auth_pass_b64 cookies with secure opaque remember token 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:40:33 +00:00
copilot-swe-agent[bot]
868b8477e0 Add Dispositivos conectados (connected devices) session tracking 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:37:23 +00:00
copilot-swe-agent[bot]
c21dfad437 Add proper session management (CSRF, secure cookies, session tracking) 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-07 19:33:13 +00:00
Naiel
378515d28a Enhance db_get_user to find user by email or username 
Updated db_get_user function to allow searching by email in addition to username.
 2026-03-07 20:25:13 +01:00
naielv
f1ac55f359 update pre-body.php 2026-03-07 20:04:41 +01:00
naielv
51437cca18 update 2026-03-07 20:00:56 +01:00
Naiel
a8936e55a2 Add organization management functionality and logo image 
- Implemented organization creation, editing, and activity management in orgs.php.
- Added safe path segment function to sanitize input.
- Included file upload handling for activity photos.
- Created a new logo image for the application.
 2026-03-07 12:30:08 +00:00
copilot-swe-agent[bot]
6aaee59b3d fix: address code review feedback (DB filename, migration query, error handling) 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 22:02:32 +00:00
copilot-swe-agent[bot]
0c362fd40b feat: SQLite DB with migrations replaces all JSON file storage 
- Add db.php with PDO singleton, migration runner, and all helper functions
- Add migrations/001_initial_schema.sql (full schema)
- Add migrations/002_import_json.php (one-time JSON → DB importer)
- Add _incl/switch_tenant.php POST endpoint for tenant/centro switching
- Update tools.auth.php: DB-backed login, cookie auth, session reload, init_active_centro()
- Update all sysadmin pages (users, centros, aularios, invitations, reset_password) to use DB
- Update aulatek/index.php, aulario.php, supercafe.php, supercafe_edit.php to use DB
- Update aulatek/comedor.php and api/comedor.php to use DB
- Update aulatek/paneldiario.php: aulario config + comedor data from DB
- Update aulatek/proyectos.php: aulario config + sharing metadata from DB
- Update club/cal.php, index.php, edit_data.php, upload/upload.php to use DB
- Update account/index.php: rich profile, tenant list, aula list, session info, permissions
- Update pre-body.php account dropdown: shows active org + inline tenant switcher
- Update DATA_STRUCTURE.md to document DB approach and migration system

Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 22:00:48 +00:00
copilot-swe-agent[bot]
937a0f4083 Plan: real SQLite DB with migrations system 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 21:37:34 +00:00
copilot-swe-agent[bot]
c0a93ce109 Redesign UI to match Google Workspace integrated feel 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-03-06 20:50:53 +00:00
naielv
1b3f4b619f Refactor seguridad: agregar funciones de sanitización y reestructurar código en varios archivos 2026-02-26 23:27:44 +01:00
Naiel
4e9c9bcf96 Update filename sanitization method 
Sanitize the filename by removing path information.
 2026-02-21 21:57:14 +01:00
copilot-swe-agent[bot]
ffb6b6ce45 Security: fix auth bypass, open redirects, cookie security, OAuth CSRF, and Sf() misuse 
- Fix critical inverted authentication logic in tools.auth.php (password_verify was inverted)
- Fix broken Sf() misuse for username lookups (was always returning empty string)
- Add safe_username_to_filename() to tools.security.php for proper username handling
- Fix open redirect vulnerability in _login.php for all redirect targets
- Add HttpOnly, Secure, SameSite cookie flags to all setcookie() calls
- Add CSRF nonce to OAuth state parameter and verify it on callback
- Add session_regenerate_id(true) after successful login
- Remove redundant session_regenerate_id() from tools.session.php (was called on every request)
- Add authentication check to entreaulas/_filefetch.php
- Fix broken Sf() usage in entreaulas pages (aulario.php, comedor.php, diario.php, paneldiario.php, proyectos.php, api/comedor.php)
- Fix broken Sf() usage in sysadmin/users.php and sysadmin/reset_password.php

Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-02-21 18:55:06 +00:00
naielv
98f430188c Enhance security and input sanitization across multiple files 
- Added a new tools.security.php file containing functions for sanitizing filenames, paths, and user inputs to prevent directory traversal and XSS attacks.
- Updated various files to utilize the new sanitization functions (Sf, Si) for user inputs and file operations, ensuring safer handling of data.
- Improved HTML output safety by applying htmlspecialchars to user-generated content in pre-body.php, cal.php, and other relevant files.
- Refactored user authentication and data retrieval processes in tools.auth.php and _login.php to enhance security and maintainability.
- Ensured consistent use of sanitization functions in API endpoints and admin functionalities to mitigate potential security vulnerabilities.
 2026-02-18 23:22:58 +01:00
naielv
51fd926065 Actualizar la configuración de autenticación y mejorar la gestión de sesiones 2026-02-17 14:33:51 +01:00
naielv
8f45eac632 Actualizar la acción del formulario de búsqueda a un nuevo endpoint 2026-02-16 01:12:16 +01:00
Naiel
12add1cd3f Agregar variable PAGE_TITLE para personalizar títulos en las páginas del club 2026-02-15 20:14:31 +00:00
Naiel
22c4c09303 Refactor menu styles to include header context 2026-02-14 12:04:20 +01:00
Naiel
28770f9650 add manifest 2026-02-13 09:31:45 +00:00
naielv
30fce4b5a9 v2.0,0 - Refactor code structure for improved readability and maintainability 2026-02-13 01:56:00 +01:00
naielv
dbe4601f65 update 2026-01-29 22:11:09 +01:00
naielv
436fd17cc6 Fix nav, paneldiario, index logout url, Refactor card-body divs to improve consistency across multiple files 2026-01-28 20:24:16 +01:00
naielv
d41915056e Fix paneldiario, change auth system. 2026-01-27 21:42:45 +01:00
naielv
3d97703b7d Update button style 2026-01-27 21:08:54 +01:00
naielv
a28d2c6a18 Fix .pad style 2026-01-27 19:25:25 +01:00
naielv
2e956575aa Now using bootstrap 2026-01-27 19:21:49 +01:00
naielv
37585269b8 update 2026-01-26 22:53:03 +01:00
Naiel
880e3fcdbf Add Account app 2026-01-26 15:18:26 +00:00
Naiel
bb95d9af85 Many changes! New logos, some fixes & updates, new apps. 2026-01-26 14:54:59 +00:00
Naiel
62929e7565 More stuff & install system 2026-01-26 13:53:21 +00:00
Naiel
7e55e2f971 Update grid item styles in pre-body.php 
Refactor CSS styles for grid items and images.
 2026-01-26 11:04:36 +01:00
Naiel
e42394afe1 Change user agent check from SysAdminAuth to Axia4Auth 2026-01-26 10:19:05 +01:00
Naiel
d1f41a19c9 Replace password hash check with password_verify 2026-01-26 10:18:45 +01:00
naielv
03f6e566fa Changes & added Club 2026-01-26 02:56:57 +01:00
naielv
5f45017997 update many stuff 2026-01-25 23:23:22 +01:00
Naiel
d58c9b6af2 Remove unnecesary files, fixed docker stuff. 2026-01-25 22:30:05 +01:00
copilot-swe-agent[bot]
a9d5d178a6 Fix path concatenation in pre-body.php 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-01-25 20:21:27 +00:00
copilot-swe-agent[bot]
0fb90783e9 Fix hardcoded paths and complete Docker setup with documentation 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
 2026-01-25 20:20:35 +00:00
naielv
89d049af37 initial semi release 2026-01-24 20:16:23 +01:00