Fix setup
This commit is contained in:
Greg Sarjeant
parent
747c594662
commit
0b4348f14b
@ -50,7 +50,7 @@ function handle_setup_exception(SetupException $e){
|
||||
$currentPath = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/');
|
||||
|
||||
if (strpos($currentPath, 'setup') === false) {
|
||||
header("Location: {$config->basePath}/setup");
|
||||
header('Location: ' . $config->basePath . 'setup');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,17 +15,7 @@ if (preg_match('/\.php$/', $path)) {
|
||||
include_once(dirname(dirname(__FILE__)) . "/config/bootstrap.php");
|
||||
load_classes();
|
||||
|
||||
// Make sure the initial setup is complete
|
||||
try {
|
||||
confirm_setup();
|
||||
} catch (SetupException $e) {
|
||||
handle_setup_exception($e);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Everything's loaded and setup is confirmed.
|
||||
// Let's start ticking.
|
||||
|
||||
// Initialize core entities
|
||||
// Defining these as globals isn't great practice,
|
||||
// but this is a small, single-user app and this data will rarely change.
|
||||
global $db;
|
||||
@ -36,11 +26,6 @@ $db = get_db();
|
||||
$config = ConfigModel::load();
|
||||
$user = UserModel::load();
|
||||
|
||||
// Start a session and generate a CSRF Token
|
||||
// if there isn't already an active session
|
||||
Session::start();
|
||||
Session::generateCsrfToken();
|
||||
|
||||
// Remove the base path from the URL
|
||||
if (strpos($path, $config->basePath) === 0) {
|
||||
$path = substr($path, strlen($config->basePath));
|
||||
@ -49,9 +34,29 @@ if (strpos($path, $config->basePath) === 0) {
|
||||
// strip the trailing slash from the resulting route
|
||||
$path = trim($path, '/');
|
||||
|
||||
// if this is a POST, make sure there's a valid session
|
||||
// Make sure the initial setup is complete
|
||||
// unless we're already heading to setup
|
||||
if (!($path === 'setup')){
|
||||
try {
|
||||
confirm_setup();
|
||||
} catch (SetupException $e) {
|
||||
handle_setup_exception($e);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Everything's loaded and setup is confirmed.
|
||||
// Let's start ticking.
|
||||
|
||||
// Start a session and generate a CSRF Token
|
||||
// if there isn't already an active session
|
||||
Session::start();
|
||||
Session::generateCsrfToken();
|
||||
|
||||
// if this is a POST and we aren't in setup,
|
||||
// make sure there's a valid session
|
||||
// if not, redirect to /login or die as appropriate
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if ($method === 'POST' && $path != 'setup') {
|
||||
if ($path != 'login'){
|
||||
if (!Session::isValid($_POST['csrf_token'])) {
|
||||
// Invalid session - redirect to /login
|
||||
@ -59,7 +64,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
if (!Session::isvalidCsrfToken($_POST['csrf_token'])) {
|
||||
if (!Session::isValidCsrfToken($_POST['csrf_token'])) {
|
||||
// Just die if the token is invalid on login
|
||||
die('Invalid CSRF token');
|
||||
exit;
|
||||
|
||||
@ -9,6 +9,20 @@ class AdminController extends Controller {
|
||||
$vars = [
|
||||
'user' => $user,
|
||||
'config' => $config,
|
||||
'isSetup' => false,
|
||||
];
|
||||
|
||||
$this->render("admin.php", $vars);
|
||||
}
|
||||
|
||||
public function showSetup(){
|
||||
global $config;
|
||||
global $user;
|
||||
|
||||
$vars = [
|
||||
'user' => $user,
|
||||
'config' => $config,
|
||||
'isSetup' => true,
|
||||
];
|
||||
|
||||
$this->render("admin.php", $vars);
|
||||
|
||||
@ -1,8 +1,11 @@
|
||||
<?php /** @var ConfigModel $config */ ?>
|
||||
<?php /** @var UserModel $user */ ?>
|
||||
<h1>Admin</h1>
|
||||
<?php /** @var isSetup bool */ ?>
|
||||
<h1><?php if ($isSetup): ?>Setup<?php else: ?>Admin<?php endif; ?></h1>
|
||||
<div>
|
||||
<form method="post">
|
||||
<form
|
||||
action="<?php echo $config->basePath . ($isSetup ? 'setup' : 'admin') ?>"
|
||||
method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
<fieldset>
|
||||
<legend>UserModel settings</legend>
|
||||
@ -59,10 +62,20 @@
|
||||
<fieldset>
|
||||
<legend>Change password</legend>
|
||||
<div class="fieldset-items">
|
||||
<label>New password</label>
|
||||
<input type="password" name="password">
|
||||
<label>Confirm new password</label>
|
||||
<input type="password" name="confirm_password">
|
||||
<label>New password
|
||||
<?php if($isSetup): ?><span class=required>*</span><?php endif; ?>
|
||||
</label>
|
||||
<input type="password"
|
||||
name="password"
|
||||
<?php if($isSetup): ?>required <?php endif; ?>
|
||||
>
|
||||
<label>Confirm new password
|
||||
<?php if($isSetup): ?><span class=required>*</span><?php endif; ?>
|
||||
</label>
|
||||
<input type="password"
|
||||
name="confirm_password"
|
||||
<?php if($isSetup): ?>required <?php endif; ?>
|
||||
>
|
||||
</div>
|
||||
</fieldset>
|
||||
<button type="submit" class="submit-btn">Save Settings</button>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user