Fix setup

This commit is contained in:
Greg Sarjeant 2025-06-15 22:48:43 -04:00
parent 747c594662
commit 0b4348f14b
4 changed files with 58 additions and 26 deletions

View File

@ -50,7 +50,7 @@ function handle_setup_exception(SetupException $e){
$currentPath = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/');
if (strpos($currentPath, 'setup') === false) {
header("Location: {$config->basePath}/setup");
header('Location: ' . $config->basePath . 'setup');
exit;
}
}

View File

@ -15,17 +15,7 @@ if (preg_match('/\.php$/', $path)) {
include_once(dirname(dirname(__FILE__)) . "/config/bootstrap.php");
load_classes();
// Make sure the initial setup is complete
try {
confirm_setup();
} catch (SetupException $e) {
handle_setup_exception($e);
exit;
}
// Everything's loaded and setup is confirmed.
// Let's start ticking.
// Initialize core entities
// Defining these as globals isn't great practice,
// but this is a small, single-user app and this data will rarely change.
global $db;
@ -36,11 +26,6 @@ $db = get_db();
$config = ConfigModel::load();
$user = UserModel::load();
// Start a session and generate a CSRF Token
// if there isn't already an active session
Session::start();
Session::generateCsrfToken();
// Remove the base path from the URL
if (strpos($path, $config->basePath) === 0) {
$path = substr($path, strlen($config->basePath));
@ -49,9 +34,29 @@ if (strpos($path, $config->basePath) === 0) {
// strip the trailing slash from the resulting route
$path = trim($path, '/');
// if this is a POST, make sure there's a valid session
// Make sure the initial setup is complete
// unless we're already heading to setup
if (!($path === 'setup')){
try {
confirm_setup();
} catch (SetupException $e) {
handle_setup_exception($e);
exit;
}
}
// Everything's loaded and setup is confirmed.
// Let's start ticking.
// Start a session and generate a CSRF Token
// if there isn't already an active session
Session::start();
Session::generateCsrfToken();
// if this is a POST and we aren't in setup,
// make sure there's a valid session
// if not, redirect to /login or die as appropriate
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($method === 'POST' && $path != 'setup') {
if ($path != 'login'){
if (!Session::isValid($_POST['csrf_token'])) {
// Invalid session - redirect to /login
@ -59,7 +64,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit;
}
} else {
if (!Session::isvalidCsrfToken($_POST['csrf_token'])) {
if (!Session::isValidCsrfToken($_POST['csrf_token'])) {
// Just die if the token is invalid on login
die('Invalid CSRF token');
exit;

View File

@ -9,6 +9,20 @@ class AdminController extends Controller {
$vars = [
'user' => $user,
'config' => $config,
'isSetup' => false,
];
$this->render("admin.php", $vars);
}
public function showSetup(){
global $config;
global $user;
$vars = [
'user' => $user,
'config' => $config,
'isSetup' => true,
];
$this->render("admin.php", $vars);

View File

@ -1,8 +1,11 @@
<?php /** @var ConfigModel $config */ ?>
<?php /** @var UserModel $user */ ?>
<h1>Admin</h1>
<?php /** @var isSetup bool */ ?>
<h1><?php if ($isSetup): ?>Setup<?php else: ?>Admin<?php endif; ?></h1>
<div>
<form method="post">
<form
action="<?php echo $config->basePath . ($isSetup ? 'setup' : 'admin') ?>"
method="post">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<fieldset>
<legend>UserModel settings</legend>
@ -59,10 +62,20 @@
<fieldset>
<legend>Change password</legend>
<div class="fieldset-items">
<label>New password</label>
<input type="password" name="password">
<label>Confirm new password</label>
<input type="password" name="confirm_password">
<label>New password
<?php if($isSetup): ?><span class=required>*</span><?php endif; ?>
</label>
<input type="password"
name="password"
<?php if($isSetup): ?>required <?php endif; ?>
>
<label>Confirm new password
<?php if($isSetup): ?><span class=required>*</span><?php endif; ?>
</label>
<input type="password"
name="confirm_password"
<?php if($isSetup): ?>required <?php endif; ?>
>
</div>
</fieldset>
<button type="submit" class="submit-btn">Save Settings</button>