From a379d739c84c9d89fd40401aa6540b4c58c90083 Mon Sep 17 00:00:00 2001
From: jakani24 <janis.st44@gmail.com>
Date: Thu, 20 Jun 2024 15:31:46 +0200
Subject: [PATCH] adding incident infrastructure

---
 .../system/secure_zone/php/incident_list.php  | 109 ++++++++++++++++++
 .../system/secure_zone/php/index.php          |   6 +-
 .../secure_zone/php/manage_incident.php       |   2 +-
 3 files changed, 112 insertions(+), 5 deletions(-)
 create mode 100644 src/server/cyberhex-code/system/secure_zone/php/incident_list.php

diff --git a/src/server/cyberhex-code/system/secure_zone/php/incident_list.php b/src/server/cyberhex-code/system/secure_zone/php/incident_list.php
new file mode 100644
index 0000000..421933f
--- /dev/null
+++ b/src/server/cyberhex-code/system/secure_zone/php/incident_list.php
@@ -0,0 +1,109 @@
+<?php
+session_start();
+
+// Check if the user is logged in
+if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
+    // Redirect to the login page or handle unauthorized access
+    header("Location: /login.php");
+    exit();
+}
+
+$username = $_SESSION['username'];
+$perms = $_SESSION["perms"];
+$email = $_SESSION["email"];
+if($perms[9]!=="1" && $perms[10]!=="1"){
+	header("location:/system/insecure_zone/php/no_access.php");
+	$block=1;
+	exit();
+}else{
+	$block=0;
+}
+
+include "../../../api/php/log/add_server_entry.php"; //to log things
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
+	 <title>Change Password</title>
+</head>
+<body>
+
+<div class="container mt-5">
+    <div class="row justify-content-center">
+        <div class="col-md-12">
+            <div class="card">
+                <div class="card-header">
+                    <h4>Incident list</h4>
+                </div>
+                <div class="card-body">
+					<?php
+						//include db pw
+						include "../../../config.php";
+						$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
+						if ($conn->connect_error) {
+							die("Connection failed: " . $conn->connect_error);
+						}
+						
+						
+						//get count of users
+
+						$sql = "SELECT count(*) AS incident_count FROM incidents";
+						$stmt = $conn->prepare($sql);
+						// Execute the statement
+						$stmt->execute();
+						// Get the result
+						$result = $stmt->get_result();
+						$row = $result->fetch_assoc();
+						$num_of_incidents=$row["incident_count"];
+						$stmt->close();
+						
+						// Create a connection
+						$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
+
+						// Check the connection
+						if ($conn->connect_error) {
+							die("Connection failed: " . $conn->connect_error);
+						}
+						$last_id=-1;
+						//create the table header
+						echo('<table class="table">');
+						echo('<thead>');
+						echo('<tr>');
+						echo('<th>Incident Id</th><th>Status</th><th>Goto Incident</th>');
+						echo('</tr>');
+						echo('</thead>');
+						echo('<tbody>');
+						while($num_of_incidents!=0){
+							$sql = "SELECT * FROM incidents where id > $last_id";
+							$stmt = $conn->prepare($sql);
+							// Execute the statement
+							$stmt->execute();
+							// Get the result
+							$result = $stmt->get_result();
+							$row = $result->fetch_assoc();
+							$last_id=$row["id"];
+							$status=$row["status"];
+							if($last_id!=1){ //number 1 is the unauthenticated user
+								echo('<tr>');
+									echo('<td>'.$last_id.'</td>');
+									echo('<td>'.$status.'</td>');
+									echo('<td><a href="manage_incident.php?incident_id='.$last_id.'">Goto Incident</a></td>');
+								echo('</tr>');
+							}
+							$stmt->close();
+							$num_of_incidents--;
+						}
+						echo('</tbody>');
+						echo('</table>');
+						$conn->close();
+					?>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>
diff --git a/src/server/cyberhex-code/system/secure_zone/php/index.php b/src/server/cyberhex-code/system/secure_zone/php/index.php
index fd55f68..7d9903a 100644
--- a/src/server/cyberhex-code/system/secure_zone/php/index.php
+++ b/src/server/cyberhex-code/system/secure_zone/php/index.php
@@ -116,12 +116,10 @@ if(isset($_GET["page"])){
 		   ?>
 		   <ul>
 		  <?php
-			if($perms[9]=="1")
+			if($perms[9]=="1" or $perms[10]=="1")
 				echo('<li><a href="index.php?page=manage_incident.php">View Incidents</a></li>');
-		   ?>
-		  <?php
 			if($perms[10]=="1")
-				echo('<li><a href="index.php?page=manage_incident.php">Manage Incidents</a></li>');
+				echo('<li><a href="index.php?page=add_incident.php">Add Incident</a></li>');
 		   ?>
 		  </ul>
 
diff --git a/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php b/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php
index 77ea722..f01cac6 100644
--- a/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php
+++ b/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php
@@ -44,7 +44,7 @@ include "../../../api/php/log/add_server_entry.php"; //to log things
         <div class="col-md-12">
             <div class="card">
                 <div class="card-header">
-                    <h4>Client settings</h4>
+                    <h4>Incident</h4>
                 </div>
                 <div class="card-body">
 					<ul class="nav nav-tabs">