From 3e66ade7ea8a99638c068b2f877bc18bfe7fbe17 Mon Sep 17 00:00:00 2001
From: "AFTECH.RO" <38830718+aftechro@users.noreply.github.com>
Date: Tue, 2 Jan 2024 23:42:00 +0000
Subject: [PATCH 1/3] Update settings_backup.php

Backup and restore from the backup menu. Add backups folder into the uploads, so the backup path will be uploads/backups

https://www.veed.io/view/5bc75a75-9af6-4fc4-a462-6a161c8b9c23?panel=share
---
 settings_backup.php | 225 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 204 insertions(+), 21 deletions(-)

diff --git a/settings_backup.php b/settings_backup.php
index 7c42002b8..2cd8013c7 100644
--- a/settings_backup.php
+++ b/settings_backup.php
@@ -1,37 +1,220 @@
 <?php
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
 require_once "inc_all_settings.php";
- ?>
 
-<div class="card card-dark mb-3">
-    <div class="card-header py-3">
-        <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Download Database</h3>
+$backupFolder = 'uploads/backups/';
+$backups = array_diff(scandir($backupFolder), array('..', '.'));
+
+// Database connection
+$mysqli = mysqli_connect($dbhost, $dbusername, $dbpassword, $database) or die('Database Connection Failed');
+$conn = new mysqli($dbhost, $dbusername, $dbpassword, $database);
+
+// Handle backup action
+if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['backup'])) {
+    // Create a backup
+    $backupFileName = date("d-m-Y_H-i-s") . ".sql";
+    $backupPath = $backupFolder . $backupFileName;
+
+    // Run mysqldump command to include table content
+    $escapedBackupPath = escapeshellarg($backupPath);
+    $command = "mysqldump --complete-insert --skip-comments -h $dbhost -u $dbusername -p$dbpassword $database > $escapedBackupPath";
+    exec($command);
+
+    // Refresh backup list after creating a new backup
+    $backups = array_diff(scandir($backupFolder), array('..', '.'));
+}
+
+// Handle restore action
+if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['proceed-restore'])) {
+    $selectedBackup = $_POST['proceed-restore'];
+
+    $sqlFile = $backupFolder . $selectedBackup;
+    $sqlContent = file_get_contents($sqlFile);
+
+    // Remove comments and split into separate queries
+    $sqlQueries = preg_split('/;(?=(?:[^\'"]*[\'"][^\'"]*[\'"])*[^\'"]*$)/', $sqlContent);
+
+    foreach ($sqlQueries as $query) {
+        $query = trim($query);
+        if (!empty($query)) {
+            // Execute each query separately using $conn
+            $result = $conn->query($query);
+
+            // Check for execution success
+            if ($result === false) {
+                die("Error executing query: " . $conn->error);
+            }
+        }
+    }
+
+    // Display success message
+    echo '<div class="alert alert-success" role="alert">Database restore successful!</div>';
+}
+
+// Handle delete action
+if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['delete'])) {
+    $selectedBackup = $_POST['delete'];
+
+    // Validate the selectedBackup variable to prevent directory traversal
+    if (in_array($selectedBackup, $backups)) {
+        unlink($backupFolder . $selectedBackup);
+    }
+}
+
+
+
+// Handle delete selected action
+if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['delete-selected'])) {
+    // Implement delete selected logic here
+    if (isset($_POST['selectedBackups'])) {
+        foreach ($_POST['selectedBackups'] as $selectedBackup) {
+            unlink($backupFolder . $selectedBackup);
+        }
+    }
+}
+
+// Reverse the order of backups to display the latest on top
+$backups = array_reverse(array_diff(scandir($backupFolder), array('..', '.')));
+
+// Function to format file size in human-readable format
+function formatBytes($bytes, $decimals = 2)
+{
+    $size = ['B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
+
+    $factor = floor((strlen($bytes) - 1) / 3);
+
+    return sprintf("%.{$decimals}f", $bytes / (1024 ** $factor)) . ' ' . @$size[$factor];
+}
+
+
+?>
+
+
+
+<div class="row">
+    <div class="col-md-6">
+        <div class="card card-dark mb-3">
+            <div class="card-header py-3">
+                <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Backup Database</h3>
+            </div>
+            <div class="card-body" style="text-align: center;">
+                <form method="post">
+                    <button type="submit" name="backup" class="btn btn-lg btn-primary"><i class="fas fa-fw fa-save"></i> New Backup</button>
+                    <button type="submit" name="filerestore" value="<?= $backup ?>" class="btn btn-lg btn-warning"><i class="fas fa-fw fa-undo"></i> Restore from file</button>
+                </form>
+            </div>
+        </div>
     </div>
-    <div class="card-body" style="text-align: center;">
-        <a class="btn btn-primary btn-lg p-3" href="post.php?download_database&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download</a>
+
+    <div class="col-md-6">
+        <div class="card card-dark">
+            <div class="card-header py-3">
+                <h3 class="card-title"><i class="fas fa-fw fa-key mr-2"></i>Backup Master Encryption Key</h3>
+            </div>
+            <div class="card-body">
+                <form action="post.php" method="POST">
+                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+                    <div class="row d-flex justify-content-center">
+                        <div class="input-group col-8">
+                            <div class="input-group-prepend">
+                                <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
+                            </div>
+                            <button class="btn btn-primary" type="submit" name="backup_master_key"><i class="fas fa-fw fa-key mr-2"></i>Get Master Key</button>
+                        </div>
+                    </div>
+                </form>
+            </div>
+        </div>
     </div>
 </div>
 
+
+<!-- Display a table with backup list -->
 <div class="card card-dark">
     <div class="card-header py-3">
-        <h3 class="card-title"><i class="fas fa-fw fa-key mr-2"></i>Backup Master Encryption Key</h3>
+        <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Backup Manager</h3>
     </div>
     <div class="card-body">
-        <div class="card-body">
-            <form action="post.php" method="POST">
-                <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-                <div class="row d-flex justify-content-center">
-                    <div class="input-group col-4">
-                        <div class="input-group-prepend">
-                            <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
+        <!-- Backup list table here -->
+        <form method="post">
+            <table class="table">
+                <thead>
+                    <tr>
+                        <th>Select</th>
+                        <th>Backup Name</th>
+                        <th>File Size</th>
+                        <th>Actions</th>
+                        <th>Download</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php foreach ($backups as $backup) : ?>
+                        <?php
+                        // Sanitize the file name for use as an HTML ID attribute
+                        $modalId = preg_replace("/[^a-zA-Z0-9]/", "_", $backup);
+                        ?>
+                        <tr>
+                            <td><input type="checkbox" name="selectedBackups[]" value="<?= $backup ?>"></td>
+                            <td><?= $backup ?></td>
+                            <td><?= formatBytes(filesize($backupFolder . $backup)) ?></td>
+                            <td>
+                                <button type="button" class="btn btn-warning" data-toggle="modal" data-target="#restoreModal<?= $modalId ?>"><i class="fas fa-fw fa-undo"></i> Restore</button>
+                                <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#deleteModal<?= $modalId ?>"><i class="fas fa-fw fa-trash"></i> Delete</button>
+                            </td>
+                            <td><a href="<?= $backupFolder . $backup ?>" download class="btn btn-info"><i class="fas fa-fw fa-download"></i> Download</a></td>
+                        </tr>
+                        
+
+                        <!-- Restore Modal -->
+                        <div class="modal" id="restoreModal<?= $modalId ?>">
+                            <div class="modal-dialog">
+                                <div class="modal-content">
+                                    <div class="modal-header">
+                                        <h5 class="modal-title">Restore Database</h5>
+                                        <button type="button" class="close" data-dismiss="modal">&times;</button>
+                                    </div>
+                                    <div class="modal-body">
+                                        <p>Are you sure you want to restore the database from the selected backup?</p>
+                                    </div>
+                                    <div class="modal-footer">
+                                        <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
+                                        <button type="submit" name="proceed-restore" value="<?= $backup ?>" class="btn btn-primary">Proceed</button>
+                                    </div>
+                                </div>
+                            </div>
                         </div>
-                        <button class="btn btn-primary" type="submit" name="backup_master_key"><i class="fas fa-fw fa-key mr-2"></i>Get Master Key</button>
-                    </div>
-                </div>
-            </form>
-        </div>
+                   
+
+                        <!-- Delete Modal -->
+                        <div class="modal" id="deleteModal<?= $modalId ?>">
+                            <div class="modal-dialog">
+                                <div class="modal-content">
+                                    <div class="modal-header">
+                                        <h5 class="modal-title">Delete Backup</h5>
+                                        <button type="button" class="close" data-dismiss="modal">&times;</button>
+                                    </div>
+                                    <div class="modal-body">
+                                        <p>Are you sure you want to delete the backup: <?= $backup ?>?</p>
+                                    </div>
+                                    <div class="modal-footer">
+                                        <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+                                        <button type="submit" name="delete" value="<?= $backup ?>" class="btn btn-danger">Delete</button>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    <?php endforeach; ?>
+                </tbody>
+            </table>
+            <button type="submit" name="delete-selected" class="btn btn-danger"><i class="fas fa-fw fa-trash"></i> Delete Selected</button>
+        </form>
     </div>
-</div>
+</div>                    
+                    
+             
 
 <?php
 require_once "footer.php";
-
+?>

From e11e996f69813809c993cfb4629c36af38703673 Mon Sep 17 00:00:00 2001
From: "AFTECH.RO" <38830718+aftechro@users.noreply.github.com>
Date: Wed, 3 Jan 2024 09:50:23 +0000
Subject: [PATCH 2/3] Update settings_backup.php

create backups folder in /uploads folder if not exists
create backups and restore
---
 settings_backup.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/settings_backup.php b/settings_backup.php
index 2cd8013c7..163748c3b 100644
--- a/settings_backup.php
+++ b/settings_backup.php
@@ -4,7 +4,24 @@
 
 require_once "inc_all_settings.php";
 
+
 $backupFolder = 'uploads/backups/';
+
+// Check if the uploads folder exists, if not, create it
+$uploadsFolder = 'uploads/';
+if (!file_exists($uploadsFolder) || !is_dir($uploadsFolder)) {
+    if (!mkdir($uploadsFolder, 0777, true)) {
+        die('Failed to create uploads folder');
+    }
+}
+
+// Check if the backup folder exists inside uploads, if not, create it
+if (!file_exists($backupFolder) || !is_dir($backupFolder)) {
+    if (!mkdir($backupFolder, 0777, true)) {
+        die('Failed to create backup folder');
+    }
+}
+
 $backups = array_diff(scandir($backupFolder), array('..', '.'));
 
 // Database connection

From edf1e9efb7183990836d7019ab736ad1fa259cdb Mon Sep 17 00:00:00 2001
From: "AFTECH.RO" <38830718+aftechro@users.noreply.github.com>
Date: Wed, 3 Jan 2024 09:52:03 +0000
Subject: [PATCH 3/3] Delete settings_backup.php

---
 settings_backup.php | 237 --------------------------------------------
 1 file changed, 237 deletions(-)
 delete mode 100644 settings_backup.php

diff --git a/settings_backup.php b/settings_backup.php
deleted file mode 100644
index 163748c3b..000000000
--- a/settings_backup.php
+++ /dev/null
@@ -1,237 +0,0 @@
-<?php
-error_reporting(E_ALL);
-ini_set('display_errors', 1);
-
-require_once "inc_all_settings.php";
-
-
-$backupFolder = 'uploads/backups/';
-
-// Check if the uploads folder exists, if not, create it
-$uploadsFolder = 'uploads/';
-if (!file_exists($uploadsFolder) || !is_dir($uploadsFolder)) {
-    if (!mkdir($uploadsFolder, 0777, true)) {
-        die('Failed to create uploads folder');
-    }
-}
-
-// Check if the backup folder exists inside uploads, if not, create it
-if (!file_exists($backupFolder) || !is_dir($backupFolder)) {
-    if (!mkdir($backupFolder, 0777, true)) {
-        die('Failed to create backup folder');
-    }
-}
-
-$backups = array_diff(scandir($backupFolder), array('..', '.'));
-
-// Database connection
-$mysqli = mysqli_connect($dbhost, $dbusername, $dbpassword, $database) or die('Database Connection Failed');
-$conn = new mysqli($dbhost, $dbusername, $dbpassword, $database);
-
-// Handle backup action
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['backup'])) {
-    // Create a backup
-    $backupFileName = date("d-m-Y_H-i-s") . ".sql";
-    $backupPath = $backupFolder . $backupFileName;
-
-    // Run mysqldump command to include table content
-    $escapedBackupPath = escapeshellarg($backupPath);
-    $command = "mysqldump --complete-insert --skip-comments -h $dbhost -u $dbusername -p$dbpassword $database > $escapedBackupPath";
-    exec($command);
-
-    // Refresh backup list after creating a new backup
-    $backups = array_diff(scandir($backupFolder), array('..', '.'));
-}
-
-// Handle restore action
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['proceed-restore'])) {
-    $selectedBackup = $_POST['proceed-restore'];
-
-    $sqlFile = $backupFolder . $selectedBackup;
-    $sqlContent = file_get_contents($sqlFile);
-
-    // Remove comments and split into separate queries
-    $sqlQueries = preg_split('/;(?=(?:[^\'"]*[\'"][^\'"]*[\'"])*[^\'"]*$)/', $sqlContent);
-
-    foreach ($sqlQueries as $query) {
-        $query = trim($query);
-        if (!empty($query)) {
-            // Execute each query separately using $conn
-            $result = $conn->query($query);
-
-            // Check for execution success
-            if ($result === false) {
-                die("Error executing query: " . $conn->error);
-            }
-        }
-    }
-
-    // Display success message
-    echo '<div class="alert alert-success" role="alert">Database restore successful!</div>';
-}
-
-// Handle delete action
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['delete'])) {
-    $selectedBackup = $_POST['delete'];
-
-    // Validate the selectedBackup variable to prevent directory traversal
-    if (in_array($selectedBackup, $backups)) {
-        unlink($backupFolder . $selectedBackup);
-    }
-}
-
-
-
-// Handle delete selected action
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST['delete-selected'])) {
-    // Implement delete selected logic here
-    if (isset($_POST['selectedBackups'])) {
-        foreach ($_POST['selectedBackups'] as $selectedBackup) {
-            unlink($backupFolder . $selectedBackup);
-        }
-    }
-}
-
-// Reverse the order of backups to display the latest on top
-$backups = array_reverse(array_diff(scandir($backupFolder), array('..', '.')));
-
-// Function to format file size in human-readable format
-function formatBytes($bytes, $decimals = 2)
-{
-    $size = ['B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
-
-    $factor = floor((strlen($bytes) - 1) / 3);
-
-    return sprintf("%.{$decimals}f", $bytes / (1024 ** $factor)) . ' ' . @$size[$factor];
-}
-
-
-?>
-
-
-
-<div class="row">
-    <div class="col-md-6">
-        <div class="card card-dark mb-3">
-            <div class="card-header py-3">
-                <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Backup Database</h3>
-            </div>
-            <div class="card-body" style="text-align: center;">
-                <form method="post">
-                    <button type="submit" name="backup" class="btn btn-lg btn-primary"><i class="fas fa-fw fa-save"></i> New Backup</button>
-                    <button type="submit" name="filerestore" value="<?= $backup ?>" class="btn btn-lg btn-warning"><i class="fas fa-fw fa-undo"></i> Restore from file</button>
-                </form>
-            </div>
-        </div>
-    </div>
-
-    <div class="col-md-6">
-        <div class="card card-dark">
-            <div class="card-header py-3">
-                <h3 class="card-title"><i class="fas fa-fw fa-key mr-2"></i>Backup Master Encryption Key</h3>
-            </div>
-            <div class="card-body">
-                <form action="post.php" method="POST">
-                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-                    <div class="row d-flex justify-content-center">
-                        <div class="input-group col-8">
-                            <div class="input-group-prepend">
-                                <input type="password" class="form-control" placeholder="Enter your account password" name="password" autocomplete="new-password" required>
-                            </div>
-                            <button class="btn btn-primary" type="submit" name="backup_master_key"><i class="fas fa-fw fa-key mr-2"></i>Get Master Key</button>
-                        </div>
-                    </div>
-                </form>
-            </div>
-        </div>
-    </div>
-</div>
-
-
-<!-- Display a table with backup list -->
-<div class="card card-dark">
-    <div class="card-header py-3">
-        <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Backup Manager</h3>
-    </div>
-    <div class="card-body">
-        <!-- Backup list table here -->
-        <form method="post">
-            <table class="table">
-                <thead>
-                    <tr>
-                        <th>Select</th>
-                        <th>Backup Name</th>
-                        <th>File Size</th>
-                        <th>Actions</th>
-                        <th>Download</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    <?php foreach ($backups as $backup) : ?>
-                        <?php
-                        // Sanitize the file name for use as an HTML ID attribute
-                        $modalId = preg_replace("/[^a-zA-Z0-9]/", "_", $backup);
-                        ?>
-                        <tr>
-                            <td><input type="checkbox" name="selectedBackups[]" value="<?= $backup ?>"></td>
-                            <td><?= $backup ?></td>
-                            <td><?= formatBytes(filesize($backupFolder . $backup)) ?></td>
-                            <td>
-                                <button type="button" class="btn btn-warning" data-toggle="modal" data-target="#restoreModal<?= $modalId ?>"><i class="fas fa-fw fa-undo"></i> Restore</button>
-                                <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#deleteModal<?= $modalId ?>"><i class="fas fa-fw fa-trash"></i> Delete</button>
-                            </td>
-                            <td><a href="<?= $backupFolder . $backup ?>" download class="btn btn-info"><i class="fas fa-fw fa-download"></i> Download</a></td>
-                        </tr>
-                        
-
-                        <!-- Restore Modal -->
-                        <div class="modal" id="restoreModal<?= $modalId ?>">
-                            <div class="modal-dialog">
-                                <div class="modal-content">
-                                    <div class="modal-header">
-                                        <h5 class="modal-title">Restore Database</h5>
-                                        <button type="button" class="close" data-dismiss="modal">&times;</button>
-                                    </div>
-                                    <div class="modal-body">
-                                        <p>Are you sure you want to restore the database from the selected backup?</p>
-                                    </div>
-                                    <div class="modal-footer">
-                                        <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
-                                        <button type="submit" name="proceed-restore" value="<?= $backup ?>" class="btn btn-primary">Proceed</button>
-                                    </div>
-                                </div>
-                            </div>
-                        </div>
-                   
-
-                        <!-- Delete Modal -->
-                        <div class="modal" id="deleteModal<?= $modalId ?>">
-                            <div class="modal-dialog">
-                                <div class="modal-content">
-                                    <div class="modal-header">
-                                        <h5 class="modal-title">Delete Backup</h5>
-                                        <button type="button" class="close" data-dismiss="modal">&times;</button>
-                                    </div>
-                                    <div class="modal-body">
-                                        <p>Are you sure you want to delete the backup: <?= $backup ?>?</p>
-                                    </div>
-                                    <div class="modal-footer">
-                                        <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
-                                        <button type="submit" name="delete" value="<?= $backup ?>" class="btn btn-danger">Delete</button>
-                                    </div>
-                                </div>
-                            </div>
-                        </div>
-                    <?php endforeach; ?>
-                </tbody>
-            </table>
-            <button type="submit" name="delete-selected" class="btn btn-danger"><i class="fas fa-fw fa-trash"></i> Delete Selected</button>
-        </form>
-    </div>
-</div>                    
-                    
-             
-
-<?php
-require_once "footer.php";
-?>