From 0b4348f14bff8b5581292c2632aca136ea23a89a Mon Sep 17 00:00:00 2001 From: Greg Sarjeant <1686767+gsarjeant@users.noreply.github.com> Date: Sun, 15 Jun 2025 22:48:43 -0400 Subject: [PATCH] Fix setup --- config/bootstrap.php | 2 +- public/index.php | 43 +++++++++++-------- .../AdminController/AdminController.php | 14 ++++++ templates/partials/admin.php | 25 ++++++++--- 4 files changed, 58 insertions(+), 26 deletions(-) diff --git a/config/bootstrap.php b/config/bootstrap.php index 4536857..3998f86 100644 --- a/config/bootstrap.php +++ b/config/bootstrap.php @@ -50,7 +50,7 @@ function handle_setup_exception(SetupException $e){ $currentPath = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/'); if (strpos($currentPath, 'setup') === false) { - header("Location: {$config->basePath}/setup"); + header('Location: ' . $config->basePath . 'setup'); exit; } } diff --git a/public/index.php b/public/index.php index 8d25892..e3c4267 100644 --- a/public/index.php +++ b/public/index.php @@ -15,17 +15,7 @@ if (preg_match('/\.php$/', $path)) { include_once(dirname(dirname(__FILE__)) . "/config/bootstrap.php"); load_classes(); -// Make sure the initial setup is complete -try { - confirm_setup(); -} catch (SetupException $e) { - handle_setup_exception($e); - exit; -} - -// Everything's loaded and setup is confirmed. -// Let's start ticking. - +// Initialize core entities // Defining these as globals isn't great practice, // but this is a small, single-user app and this data will rarely change. global $db; @@ -36,11 +26,6 @@ $db = get_db(); $config = ConfigModel::load(); $user = UserModel::load(); -// Start a session and generate a CSRF Token -// if there isn't already an active session -Session::start(); -Session::generateCsrfToken(); - // Remove the base path from the URL if (strpos($path, $config->basePath) === 0) { $path = substr($path, strlen($config->basePath)); @@ -49,9 +34,29 @@ if (strpos($path, $config->basePath) === 0) { // strip the trailing slash from the resulting route $path = trim($path, '/'); -// if this is a POST, make sure there's a valid session +// Make sure the initial setup is complete +// unless we're already heading to setup +if (!($path === 'setup')){ + try { + confirm_setup(); + } catch (SetupException $e) { + handle_setup_exception($e); + exit; + } +} + +// Everything's loaded and setup is confirmed. +// Let's start ticking. + +// Start a session and generate a CSRF Token +// if there isn't already an active session +Session::start(); +Session::generateCsrfToken(); + +// if this is a POST and we aren't in setup, +// make sure there's a valid session // if not, redirect to /login or die as appropriate -if ($_SERVER['REQUEST_METHOD'] === 'POST') { +if ($method === 'POST' && $path != 'setup') { if ($path != 'login'){ if (!Session::isValid($_POST['csrf_token'])) { // Invalid session - redirect to /login @@ -59,7 +64,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { exit; } } else { - if (!Session::isvalidCsrfToken($_POST['csrf_token'])) { + if (!Session::isValidCsrfToken($_POST['csrf_token'])) { // Just die if the token is invalid on login die('Invalid CSRF token'); exit; diff --git a/src/Controller/AdminController/AdminController.php b/src/Controller/AdminController/AdminController.php index 3a3eef9..8338189 100644 --- a/src/Controller/AdminController/AdminController.php +++ b/src/Controller/AdminController/AdminController.php @@ -9,6 +9,20 @@ class AdminController extends Controller { $vars = [ 'user' => $user, 'config' => $config, + 'isSetup' => false, + ]; + + $this->render("admin.php", $vars); + } + + public function showSetup(){ + global $config; + global $user; + + $vars = [ + 'user' => $user, + 'config' => $config, + 'isSetup' => true, ]; $this->render("admin.php", $vars); diff --git a/templates/partials/admin.php b/templates/partials/admin.php index 5485c04..0e615ce 100644 --- a/templates/partials/admin.php +++ b/templates/partials/admin.php @@ -1,8 +1,11 @@ -

Admin

+ +

SetupAdmin

-
+
UserModel settings @@ -59,10 +62,20 @@
Change password
- - - - + + required + > + + required + >