Attempt to merge main into our semester work#52
Conversation
GBSA-8329: Replace User Static pages hook up to live Feed
Admin live data
…e db GBSA-8331 connecting pages to the db
There was a problem hiding this comment.
Code Review
This pull request introduces significant updates to the CyberCafe system, including a new database seeding script, support ticket schema, and comprehensive backend logic for user, admin, and owner dashboards. However, several critical issues must be addressed before merging. Most notably, a security vulnerability was introduced where all new registrants are assigned the 'owner' role by default. Additionally, multiple files contain unresolved merge conflict markers, and several scripts include debugging code (var_dump), active error display settings, or incorrect redirection paths that will cause runtime failures. Improvements are also needed in error handling to prevent sensitive information exposure in database functions.
| $phone_number = trim($_POST['phone_number'] ?? ''); | ||
| $access_code = trim($_POST['access_code'] ?? ''); | ||
| $user_role = 'user'; | ||
| $user_role = 'owner'; //All New Users are set as owner changed if needed |
| <<<<<<< HEAD | ||
| declare(strict_types=1); | ||
| $pageTitle = "A - Dashboard"; | ||
| ======= | ||
| require_once $_SERVER['DOCUMENT_ROOT'] . '/Website/config/auth.php'; | ||
| require_roles(['admin']); | ||
| // Set the page title dynamically | ||
| $pageTitle = "A - Dashboard"; | ||
| >>>>>>> main |
There was a problem hiding this comment.
| <<<<<<< HEAD | ||
| declare(strict_types=1); | ||
|
|
||
| ======= | ||
| require_once $_SERVER['DOCUMENT_ROOT'] . '/Website/config/auth.php'; | ||
| require_roles(['admin']); | ||
| >>>>>>> main |
| <<<<<<< HEAD | ||
| declare(strict_types=1); | ||
|
|
||
| ======= | ||
| require_once $_SERVER['DOCUMENT_ROOT'] . '/Website/config/auth.php'; | ||
| require_roles(['admin']); | ||
| >>>>>>> main |
| echo "<pre style='background:red;color:white;padding:20px;'>"; | ||
| echo "BLOCK URL ERROR: " . $e->getMessage(); | ||
| echo "</pre>"; |
There was a problem hiding this comment.
| echo '<pre>'; | ||
| var_dump($activeUsers); | ||
| var_dump($bandwidthUsage); | ||
| var_dump($allUser); | ||
| echo '</pre>'; |
| echo '<pre>'; | ||
| var_dump($blockedUrls); | ||
| var_dump($restrictedevices); | ||
| echo '</pre>'; |
|
|
||
| $result = getUserSessionSummary(); | ||
|
|
||
| var_dump($result); |
| ini_set('display_errors', 1); | ||
| error_reporting(E_ALL); |
| if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['add_url'])) { | ||
| $url = trim($_POST['add_url']); | ||
| if (!str_starts_with($url, 'http')) $url = 'https://' . $url; | ||
|
|
||
| blockUrl($url, $_SESSION['user_id'] ?? 'ADMIN'); | ||
| $_SESSION['flash'] = [ | ||
| 'type' => 'success', | ||
| 'msg' => 'URL has been blocked: <strong>' . htmlspecialchars($url) . '</strong>' | ||
| ]; | ||
| echo "<script> | ||
| setTimeout(() => { | ||
| window.location.href = window.location.pathname; | ||
| }, 100); | ||
| </script>"; | ||
| exit; | ||
| } |
There was a problem hiding this comment.
No description provided.