Feature/enhance settings page #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… done so far and provide feedback for Jules to continue.
This commit implements new Security and Docs pages accessible from the navbar profile modal, and significantly refactors parts of the main Profile page for improved security and centralized logic.
Completed Work:
1. **New 'Security' Page:**
- Created `public/security.php`, `src/controllers/security.php`, `templates/security.php`.
- Added route `/security.php`.
- Page uses Tailwind CSS, standard navbar, includes a link to `change_password.php` and placeholder text for 2FA.
2. **New 'Docs' Page:**
- Added 'Docs' link to `templates/navbar.php` profile modal (points to `/privatevault/docs.php`).
- Created `public/docs.php`, `src/controllers/docs.php`, `templates/docs.php`.
- Added route `/docs.php`.
- Page allows you to view your documents from an assumed `documents` table, fetched securely. Styled with Tailwind and uses standard navbar.
3. **Profile Page (`profile.php`) Enhancements:**
- **Centralized Document Category Fetching:** Logic for fetching documents by category (contracts, insurance, etc.) moved from individual sub-tab templates into `src/controllers/profile.php`, using prepared statements. Sub-tab templates simplified.
- **Refactored Personal Info Updates:**
- Logic from `src/controllers/profile_save.php` (for public profile, HR info, detailed personal data) and `src/controllers/profile_security.php` (for password changes from profile) has been centralized into `src/controllers/profile.php`.
- Implemented CSRF protection, improved server-side input validation (including password complexity for profile-based password changes), ensured use of prepared statements for all DB updates, and standardized feedback to you via session messages and redirects for these sections.
- Corrected password update logic to use the `password_hash` column.
- Relevant `personal_info` and `security` sub-tab templates updated to submit to the main profile controller with CSRF tokens.
Work In Progress (Stuck - I was unable to complete the work on Notification Settings):
- Refactoring of `profile_notifications.php` logic into `src/controllers/profile.php` was initiated but not confirmed complete.
- Addressing GET-based document deletion links.
- Further "complete programming" of other profile sections and document upload integration.
This commit represents substantial progress in unifying and securing the user profile functionalities and adding requested new pages.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
test