From a910718401a8c94d9c636fe8f6e7622f6e6ec539 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 14 Feb 2026 20:13:48 +0000
Subject: [PATCH 1/4] Initial plan


From d6bcc7802f1606e18be137b2727afd97b7d21487 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 14 Feb 2026 20:15:51 +0000
Subject: [PATCH 2/4] Add last_login tracking to user database and admin panel

Co-authored-by: thehack904 <35552907+thehack904@users.noreply.github.com>
---
 app.py                      | 32 ++++++++++++++++++++++++--------
 templates/manage_users.html |  9 +++++----
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/app.py b/app.py
index 969e2c4..b437fcf 100644
--- a/app.py
+++ b/app.py
@@ -87,10 +87,11 @@ def validate_tuner_url(url, label="Tuner"):
 
 # ------------------- User Model -------------------
 class User(UserMixin):
-    def __init__(self, id, username, password_hash):
+    def __init__(self, id, username, password_hash, last_login=None):
         self.id = id
         self.username = username
         self.password_hash = password_hash
+        self.last_login = last_login
 
 # ------------------- Init DBs -------------------
 def init_db():
@@ -98,8 +99,16 @@ def init_db():
         conn.execute("PRAGMA journal_mode=WAL;")
         c = conn.cursor()
         c.execute('''CREATE TABLE IF NOT EXISTS users
-                     (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE, password TEXT)''')
+                     (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE, password TEXT, last_login TEXT)''')
         conn.commit()
+        
+        # Add last_login column if it doesn't exist (for existing databases)
+        try:
+            c.execute('ALTER TABLE users ADD COLUMN last_login TEXT')
+            conn.commit()
+        except sqlite3.OperationalError:
+            # Column already exists
+            pass
 
 def add_user(username, password):
     password_hash = generate_password_hash(password)
@@ -111,20 +120,20 @@ def add_user(username, password):
 def get_user(username):
     with sqlite3.connect(DATABASE, timeout=10) as conn:
         c = conn.cursor()
-        c.execute('SELECT id, username, password FROM users WHERE username=?', (username,))
+        c.execute('SELECT id, username, password, last_login FROM users WHERE username=?', (username,))
         row = c.fetchone()
     if row:
-        return User(row[0], row[1], row[2])
+        return User(row[0], row[1], row[2], row[3] if len(row) > 3 else None)
     return None
 
 @login_manager.user_loader
 def load_user(user_id):
     with sqlite3.connect(DATABASE, timeout=10) as conn:
         c = conn.cursor()
-        c.execute('SELECT id, username, password FROM users WHERE id=?', (user_id,))
+        c.execute('SELECT id, username, password, last_login FROM users WHERE id=?', (user_id,))
         row = c.fetchone()
     if row:
-        return User(row[0], row[1], row[2])
+        return User(row[0], row[1], row[2], row[3] if len(row) > 3 else None)
     return None
 
 # ------------------- Tuner DB -------------------
@@ -360,6 +369,13 @@ def login():
         remember = request.form.get('remember') == 'on' or request.form.get('remember') == 'true' or 'remember' in request.form
         user = get_user(username)
         if user and check_password_hash(user.password_hash, password):
+            # Update last_login timestamp
+            with sqlite3.connect(DATABASE, timeout=10) as conn:
+                c = conn.cursor()
+                c.execute('UPDATE users SET last_login=? WHERE username=?',
+                          (datetime.now(timezone.utc).isoformat(), username))
+                conn.commit()
+            
             login_user(user, remember=remember)
             log_event(username, "Logged in")
 
@@ -531,8 +547,8 @@ def manage_users():
     # ---- Normal admin logic below ----
     with sqlite3.connect(DATABASE, timeout=10) as conn:
         c = conn.cursor()
-        c.execute('SELECT username FROM users WHERE username != "admin"')
-        users = [row[0] for row in c.fetchall()]
+        c.execute('SELECT username, last_login FROM users WHERE username != "admin"')
+        users = [{'username': row[0], 'last_login': row[1]} for row in c.fetchall()]
 
     if request.method == 'POST':
         action = request.form.get('action')
diff --git a/templates/manage_users.html b/templates/manage_users.html
index 4db5521..b07b67a 100644
--- a/templates/manage_users.html
+++ b/templates/manage_users.html
@@ -22,20 +22,21 @@ <h3>Existing Users</h3>
     <div class="table-wrap">
       <table class="users-table">
           <thead>
-            <tr><th>Username</th><th>Actions</th></tr>
+            <tr><th>Username</th><th>Last Login</th><th>Actions</th></tr>
           </thead>
           <tbody>
             {% for user in users %}
             <tr>
-              <td>{{ user }}</td>
+              <td>{{ user.username }}</td>
+              <td>{{ user.last_login if user.last_login else 'Never' }}</td>
               <td class="actions">
                 <form method="POST" class="inline-form">
-                  <input type="hidden" name="username" value="{{ user }}">
+                  <input type="hidden" name="username" value="{{ user.username }}">
                   <input type="hidden" name="action" value="delete">
                   <button class="btn danger" type="submit">Delete</button>
                 </form>
                 <form method="POST" class="inline-form">
-                  <input type="hidden" name="username" value="{{ user }}">
+                  <input type="hidden" name="username" value="{{ user.username }}">
                   <input type="hidden" name="action" value="signout">
                   <button class="btn warn" type="submit">Sign Out All</button>
                 </form>

From aedca6f8117fc50d1f9308803c81a6ab5214d1ce Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 14 Feb 2026 20:19:29 +0000
Subject: [PATCH 3/4] Fix LOG_PATH permission issue for test environments

Co-authored-by: thehack904 <35552907+thehack904@users.noreply.github.com>
---
 app.py                      | 25 +++++++++++++++++++++----
 templates/manage_users.html |  2 +-
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/app.py b/app.py
index b437fcf..5029119 100644
--- a/app.py
+++ b/app.py
@@ -46,13 +46,17 @@
 login_manager.init_app(app)
 
 # ------------------- Activity Log -------------------
-LOG_PATH = "/home/iptv/iptv-server/logs/activity.log"
+LOG_PATH = os.path.join(os.getcwd(), "logs", "activity.log")
 
 def log_event(user, action):
     ts = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
-    os.makedirs(os.path.dirname(LOG_PATH), exist_ok=True)
-    with open(LOG_PATH, "a") as f:
-        f.write(f"{user} | {action} | {ts}\n")
+    try:
+        os.makedirs(os.path.dirname(LOG_PATH), exist_ok=True)
+        with open(LOG_PATH, "a") as f:
+            f.write(f"{user} | {action} | {ts}\n")
+    except (PermissionError, OSError) as e:
+        # Log to stderr if file logging fails
+        print(f"Warning: Could not write to log file: {e}", file=sys.stderr)
 
 # ------------------- URL Validation -------------------
 def validate_tuner_url(url, label="Tuner"):
@@ -225,6 +229,19 @@ def rename_tuner(old_name, new_name):
 
 
 # ------------------- Template context helpers -------------------
+@app.template_filter('format_datetime')
+def format_datetime_filter(iso_string):
+    """Format ISO datetime string to human-readable format."""
+    if not iso_string:
+        return 'Never'
+    try:
+        dt = datetime.fromisoformat(iso_string.replace('Z', '+00:00'))
+        # Convert to local time (or keep UTC, depending on preference)
+        # For now, we'll display in UTC with a cleaner format
+        return dt.strftime('%Y-%m-%d %H:%M:%S UTC')
+    except Exception:
+        return iso_string
+
 @app.context_processor
 def inject_tuner_context():
     """Inject tuner info into all templates (for header fly-outs)."""
diff --git a/templates/manage_users.html b/templates/manage_users.html
index b07b67a..05e4c3d 100644
--- a/templates/manage_users.html
+++ b/templates/manage_users.html
@@ -28,7 +28,7 @@ <h3>Existing Users</h3>
             {% for user in users %}
             <tr>
               <td>{{ user.username }}</td>
-              <td>{{ user.last_login if user.last_login else 'Never' }}</td>
+              <td>{{ user.last_login | format_datetime }}</td>
               <td class="actions">
                 <form method="POST" class="inline-form">
                   <input type="hidden" name="username" value="{{ user.username }}">

From e9e34c4d59c1f81b9cbc076ad5e892f4b1e8fe8a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 14 Feb 2026 20:20:33 +0000
Subject: [PATCH 4/4] Address code review feedback: fix LOG_PATH, simplify
 conditionals, improve timestamp handling

Co-authored-by: thehack904 <35552907+thehack904@users.noreply.github.com>
---
 app.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app.py b/app.py
index 5029119..76c879e 100644
--- a/app.py
+++ b/app.py
@@ -46,7 +46,7 @@
 login_manager.init_app(app)
 
 # ------------------- Activity Log -------------------
-LOG_PATH = os.path.join(os.getcwd(), "logs", "activity.log")
+LOG_PATH = os.path.join(os.path.dirname(__file__), "logs", "activity.log")
 
 def log_event(user, action):
     ts = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
@@ -127,7 +127,7 @@ def get_user(username):
         c.execute('SELECT id, username, password, last_login FROM users WHERE username=?', (username,))
         row = c.fetchone()
     if row:
-        return User(row[0], row[1], row[2], row[3] if len(row) > 3 else None)
+        return User(row[0], row[1], row[2], row[3])
     return None
 
 @login_manager.user_loader
@@ -137,7 +137,7 @@ def load_user(user_id):
         c.execute('SELECT id, username, password, last_login FROM users WHERE id=?', (user_id,))
         row = c.fetchone()
     if row:
-        return User(row[0], row[1], row[2], row[3] if len(row) > 3 else None)
+        return User(row[0], row[1], row[2], row[3])
     return None
 
 # ------------------- Tuner DB -------------------
@@ -235,7 +235,7 @@ def format_datetime_filter(iso_string):
     if not iso_string:
         return 'Never'
     try:
-        dt = datetime.fromisoformat(iso_string.replace('Z', '+00:00'))
+        dt = datetime.fromisoformat(iso_string)
         # Convert to local time (or keep UTC, depending on preference)
         # For now, we'll display in UTC with a cleaner format
         return dt.strftime('%Y-%m-%d %H:%M:%S UTC')