adding permissions for incident response panel

src/server/cyberhex-code/install/create_admin.php

@@ -42,7 +42,7 @@ include "../api/php/log/add_server_entry.php"; //to log things
 							$email=htmlspecialchars($_POST["email"]);
 							$username=htmlspecialchars($_POST["username"]);
 							$password=htmlspecialchars($_POST["password"]);
-							$permissions="1111111111";
+							$permissions="11111111111";
 							// Create connection
 							$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
 
@@ -64,7 +64,7 @@ include "../api/php/log/add_server_entry.php"; //to log things
 							$email=htmlspecialchars($_POST["email"]);
 							$username=htmlspecialchars($_POST["username"]);
 							$password=$_POST["password"];
-							$permissions="1111111111";
+							$permissions="11111111111";
 							$hash=password_hash($password, PASSWORD_BCRYPT);
 							
 							$stmt->execute();

src/server/cyberhex-code/system/secure_zone/php/add_user.php

@@ -108,6 +108,16 @@ include "../../../api/php/log/add_server_entry.php"; //to log things
 							  <td>Delete/list clients</td>
 							  <td><input type="checkbox" name="delete_clients"></td>
 							</tr>
+							<tr>
+							  <th scope="row">9</th>
+							  <td>View Incidents</td>
+							  <td><input type="checkbox" name="view_incidents"></td>
+							</tr>
+							<tr>
+							  <th scope="row">9</th>
+							  <td>Manage Incidents</td>
+							  <td><input type="checkbox" name="manage_incidents"></td>
+							</tr>
 						  </tbody>
 						</table>
 

src/server/cyberhex-code/system/secure_zone/php/index.php

@@ -109,6 +109,17 @@ if(isset($_GET["page"])){
 				echo('<li><a href="index.php?page=client_list.php">Client List</a></li>');
 		   ?>
 		  </ul>
+		  
+		   <?php
+				if($perms[9]=="1")
+					echo("<p>Incidents</p>");
+		   ?>
+		   <ul>
+		  <?php
+			if($perms[9]=="1")
+				echo('<li><a href="index.php?page=manage_incident.php">View / Manage Incidents</a></li>');
+		   ?>
+		  </ul>
 
 		</div>
 

src/server/cyberhex-code/system/secure_zone/php/manage_user.php

@@ -171,6 +171,26 @@ include "../../../api/php/log/add_server_entry.php"; //to log things
 									echo('<td><input type="checkbox" name="delete_clients"></td>');
 								?>
 							</tr>
+							<tr>
+							  <th scope="row">10</th>
+							  <td>View Incidents</td>
+							  <?php
+								if($m_permissions[8]=="1")
+									echo('<td><input type="checkbox" name="view_incidents" checked></td>');
+								else
+									echo('<td><input type="checkbox" name="view_incidents"></td>');
+								?>
+							</tr>
+							<tr>
+							  <th scope="row">11</th>
+							  <td>Manage Incidents</td>
+							  <?php
+								if($m_permissions[8]=="1")
+									echo('<td><input type="checkbox" name="manage_incidents" checked></td>');
+								else
+									echo('<td><input type="checkbox" name="manage_incidents"></td>');
+								?>
+							</tr>
 						  </tbody>
 						</table>
 

src/server/cyberhex-code/system/secure_zone/php/perms_functions.php

@@ -12,7 +12,9 @@ function get_perm_str(){
 	$p7 = isset( $_POST["database_settings"]);
 	$p8 = isset($_POST["add_clients"]);
 	$p9 = isset($_POST["delete_clients"]);
-	$p10 = "0";
+	$p10 = isset($_POST["view_incidents"]);
+	$p11 = isset($_POST["manage_incidents"]);
+	//$p10 = "0";
 	
 	//init the permission string
 	$perms_str="";
@@ -57,6 +59,10 @@ function get_perm_str(){
 		$perms_str.="1";
 	else
 		$perms_str.="0";
+	if($p11==1)
+		$perms_str.="1";
+	else
+		$perms_str.="0";
 	return $perms_str;
 }
 

src/server/cyberhex-code/system/secure_zone/php/profile.php

@@ -155,7 +155,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 				1 Database Settings<br>
 				1 Add Clients<br>
 				1 Client List (manage)<br>
-				1 Reserved for later use
+				1 View Incidents<br>
+				1 Manage Incidents<br>
 			  </div>
 			</div>
 		  </div>