subcultureofone/tkr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix setup

Browse Source
This commit is contained in:
Greg Sarjeant 2025-06-15 22:48:43 -04:00
parent 747c594662
commit 0b4348f14b
4 changed files with 58 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/bootstrap.php
View File

@ -50,7 +50,7 @@ function handle_setup_exception(SetupException $e){
$currentPath = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/'); $currentPath = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/');
if (strpos($currentPath, 'setup') === false) { if (strpos($currentPath, 'setup') === false) {
header("Location: {$config->basePath}/setup"); header('Location: ' . $config->basePath . 'setup');
exit; exit;
} }
} }

43
public/index.php
View File

@ -15,17 +15,7 @@ if (preg_match('/\.php$/', $path)) {
include_once(dirname(dirname(__FILE__)) . "/config/bootstrap.php"); include_once(dirname(dirname(__FILE__)) . "/config/bootstrap.php");
load_classes(); load_classes();
// Make sure the initial setup is complete // Initialize core entities
try {
confirm_setup();
} catch (SetupException $e) {
handle_setup_exception($e);
exit;
}
// Everything's loaded and setup is confirmed.
// Let's start ticking.
// Defining these as globals isn't great practice, // Defining these as globals isn't great practice,
// but this is a small, single-user app and this data will rarely change. // but this is a small, single-user app and this data will rarely change.
global $db; global $db;
@ -36,11 +26,6 @@ $db = get_db();
$config = ConfigModel::load(); $config = ConfigModel::load();
$user = UserModel::load(); $user = UserModel::load();
// Start a session and generate a CSRF Token
// if there isn't already an active session
Session::start();
Session::generateCsrfToken();
// Remove the base path from the URL // Remove the base path from the URL
if (strpos($path, $config->basePath) === 0) { if (strpos($path, $config->basePath) === 0) {
$path = substr($path, strlen($config->basePath)); $path = substr($path, strlen($config->basePath));
@ -49,9 +34,29 @@ if (strpos($path, $config->basePath) === 0) {
// strip the trailing slash from the resulting route // strip the trailing slash from the resulting route
$path = trim($path, '/'); $path = trim($path, '/');
// if this is a POST, make sure there's a valid session // Make sure the initial setup is complete
// unless we're already heading to setup
if (!($path === 'setup')){
try {
confirm_setup();
} catch (SetupException $e) {
handle_setup_exception($e);
exit;
}
}
// Everything's loaded and setup is confirmed.
// Let's start ticking.
// Start a session and generate a CSRF Token
// if there isn't already an active session
Session::start();
Session::generateCsrfToken();
// if this is a POST and we aren't in setup,
// make sure there's a valid session
// if not, redirect to /login or die as appropriate // if not, redirect to /login or die as appropriate
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($method === 'POST' && $path != 'setup') {
if ($path != 'login'){ if ($path != 'login'){
if (!Session::isValid($_POST['csrf_token'])) { if (!Session::isValid($_POST['csrf_token'])) {
// Invalid session - redirect to /login // Invalid session - redirect to /login
@ -59,7 +64,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit; exit;
} }
} else { } else {
if (!Session::isvalidCsrfToken($_POST['csrf_token'])) { if (!Session::isValidCsrfToken($_POST['csrf_token'])) {
// Just die if the token is invalid on login // Just die if the token is invalid on login
die('Invalid CSRF token'); die('Invalid CSRF token');
exit; exit;

14
src/Controller/AdminController/AdminController.php
View File

@ -9,6 +9,20 @@ class AdminController extends Controller {
$vars = [ $vars = [
'user' => $user, 'user' => $user,
'config' => $config, 'config' => $config,
'isSetup' => false,
];
$this->render("admin.php", $vars);
}
public function showSetup(){
global $config;
global $user;
$vars = [
'user' => $user,
'config' => $config,
'isSetup' => true,
]; ];
$this->render("admin.php", $vars); $this->render("admin.php", $vars);

25
templates/partials/admin.php
View File

@ -1,8 +1,11 @@
<?php /** @var ConfigModel $config */ ?> <?php /** @var ConfigModel $config */ ?>
<?php /** @var UserModel $user */ ?> <?php /** @var UserModel $user */ ?>
<h1>Admin</h1> <?php /** @var isSetup bool */ ?>
<h1><?php if ($isSetup): ?>Setup<?php else: ?>Admin<?php endif; ?></h1>
<div> <div>
<form method="post"> <form
action="<?php echo $config->basePath . ($isSetup ? 'setup' : 'admin') ?>"
method="post">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<fieldset> <fieldset>
<legend>UserModel settings</legend> <legend>UserModel settings</legend>
@ -59,10 +62,20 @@
<fieldset> <fieldset>
<legend>Change password</legend> <legend>Change password</legend>
<div class="fieldset-items"> <div class="fieldset-items">
<label>New password</label> <label>New password
<input type="password" name="password"> <?php if($isSetup): ?><span class=required>*</span><?php endif; ?>
<label>Confirm new password</label> </label>
<input type="password" name="confirm_password"> <input type="password"
name="password"
<?php if($isSetup): ?>required <?php endif; ?>
>
<label>Confirm new password
<?php if($isSetup): ?><span class=required>*</span><?php endif; ?>
</label>
<input type="password"
name="confirm_password"
<?php if($isSetup): ?>required <?php endif; ?>
>
</div> </div>
</fieldset> </fieldset>
<button type="submit" class="submit-btn">Save Settings</button> <button type="submit" class="submit-btn">Save Settings</button>