2603.8 purging old records

settings.php

@@ -1,27 +1,43 @@
 <?php
 require_once __DIR__ . '/includes/auth.php';
+require_once __DIR__ . '/includes/functions.php';
 require_login();
 
 $errors  = [];
 $success = '';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $current  = $_POST['current_password']  ?? '';
-    $new      = $_POST['new_password']      ?? '';
-    $confirm  = $_POST['confirm_password']  ?? '';
+    $action = $_POST['action'] ?? '';
 
-    if (!password_verify($current, active_pass_hash())) {
-        $errors[] = 'Current password is incorrect.';
-    } elseif (strlen($new) < 8) {
-        $errors[] = 'New password must be at least 8 characters.';
-    } elseif ($new !== $confirm) {
-        $errors[] = 'New passwords do not match.';
-    } elseif (!save_password($new)) {
-        $errors[] = 'Could not write auth.passwd — check file permissions.';
-    } else {
-        $success = 'Password updated successfully.';
+    if ($action === 'password') {
+        $current = $_POST['current_password'] ?? '';
+        $new     = $_POST['new_password']     ?? '';
+        $confirm = $_POST['confirm_password'] ?? '';
+
+        if (!password_verify($current, active_pass_hash())) {
+            $errors[] = 'Current password is incorrect.';
+        } elseif (strlen($new) < 8) {
+            $errors[] = 'New password must be at least 8 characters.';
+        } elseif ($new !== $confirm) {
+            $errors[] = 'New passwords do not match.';
+        } elseif (!save_password($new)) {
+            $errors[] = 'Could not write auth.passwd — check file permissions.';
+        } else {
+            $success = 'Password updated successfully.';
+        }
+
+    } elseif ($action === 'retention') {
+        $days = (int)($_POST['retention_days'] ?? 0);
+        if ($days < 1) {
+            $errors[] = 'Retention period must be at least 1 day.';
+        } else {
+            set_setting('retention_days', (string)$days);
+            $success = 'Retention period saved.';
+        }
     }
 }
+
+$retention_days = (int)get_setting('retention_days', '7');
 ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -48,10 +64,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 <main>
 
 <?php if ($success): ?>
-  <div class="alert ok"><?= htmlspecialchars($success, ENT_QUOTES, 'UTF-8') ?></div>
+  <div class="alert ok"><?= h($success) ?></div>
 <?php endif; ?>
 <?php foreach ($errors as $e): ?>
-  <div class="alert err"><?= htmlspecialchars($e, ENT_QUOTES, 'UTF-8') ?></div>
+  <div class="alert err"><?= h($e) ?></div>
 <?php endforeach; ?>
 
 <section class="card">
@@ -60,6 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     <p class="muted">Authentication is disabled. Set <code>UI_PASS_HASH</code> in <code>config.php</code> to enable it.</p>
   <?php else: ?>
   <form method="post">
+    <input type="hidden" name="action" value="password">
     <label>Current password
       <input type="password" name="current_password" autocomplete="current-password" required>
     </label>
@@ -74,6 +91,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
   <?php endif; ?>
 </section>
 
+<section class="card">
+  <h2>Data retention</h2>
+  <p class="muted" style="margin-bottom:1rem;font-size:.85rem">
+    Connections older than the retention period are removed by the daily purge cron.
+  </p>
+  <form method="post">
+    <input type="hidden" name="action" value="retention">
+    <label>Retention period <small>(days)</small>
+      <input type="number" name="retention_days" min="1" max="3650"
+             value="<?= $retention_days ?>" style="width:120px">
+    </label>
+    <button type="submit">Save</button>
+  </form>
+</section>
+
 </main>
 <?php include __DIR__ . '/includes/footer.php'; ?>
 </body>