From 05f53bf8ca0765e2a09fd7c3bf30a0c46b6bdf46 Mon Sep 17 00:00:00 2001
From: Ryan <ryantl66@gmail.com>
Date: Fri, 7 Mar 2025 05:24:45 -0500
Subject: [PATCH] auth and session changes

---
 addUser.php     |  1 -
 auth.js         | 62 +++++++++++++++++++++----------------------------
 auth.php        |  1 -
 checkAuth.php   |  1 -
 config.php      |  1 +
 copyFiles.php   |  1 -
 deleteFiles.php |  1 -
 getFileList.php |  1 -
 getUsers.php    |  1 -
 main.js         |  4 ++--
 moveFiles.php   |  1 -
 removeUser.php  |  1 -
 renameFile.php  |  1 -
 saveFile.php    |  1 -
 upload.php      |  1 -
 15 files changed, 30 insertions(+), 49 deletions(-)

diff --git a/addUser.php b/addUser.php
index 6dce62b..55fa83f 100644
--- a/addUser.php
+++ b/addUser.php
@@ -1,6 +1,5 @@
 <?php
 require 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 $usersFile = USERS_DIR . USERS_FILE;
diff --git a/auth.js b/auth.js
index 5381c88..7e5bda4 100644
--- a/auth.js
+++ b/auth.js
@@ -6,13 +6,10 @@ import { toggleVisibility } from './domUtils.js';
 import { loadFileList } from './fileManager.js';
 
 export function initAuth() {
-  // On initial load, show the login form and hide the main operations.
-  toggleVisibility("loginForm", true);
-  toggleVisibility("mainOperations", false);
-  // Ensure header buttons are hidden.
-  document.querySelector(".header-buttons").style.visibility = "hidden";
+  // First, check if the user is already authenticated.
+  checkAuthentication(); 
 
-  // Set up the authentication form listener.
+  // Attach event listener for login.
   document.getElementById("authForm").addEventListener("submit", function (event) {
     event.preventDefault();
     const formData = {
@@ -24,38 +21,35 @@ export function initAuth() {
       .then(data => {
         console.log("Login response:", data);
         if (data.success) {
-          console.log("Login successful.");
-          // On successful login, hide the login form and show main operations.
-          toggleVisibility("loginForm", false);
-          toggleVisibility("mainOperations", true);
-          toggleVisibility("uploadFileForm", true);
-          toggleVisibility("fileListContainer", true);
-          // Check if the user is an admin.
-          if (data.isAdmin) {
-            // Show Add and Remove User buttons for admin.
-            const addUserBtn = document.getElementById("addUserBtn");
-            const removeUserBtn = document.getElementById("removeUserBtn");
-            if (addUserBtn) addUserBtn.style.display = "block";
-            if (removeUserBtn) removeUserBtn.style.display = "block";
-          } else {
-            // Hide Add and Remove User buttons for non-admin.
-            const addUserBtn = document.getElementById("addUserBtn");
-            const removeUserBtn = document.getElementById("removeUserBtn");
-            if (addUserBtn) addUserBtn.style.display = "none";
-            if (removeUserBtn) removeUserBtn.style.display = "none";
-          }
-          // Show header buttons (at least the Logout button) always.
-          document.querySelector(".header-buttons").style.visibility = "visible";
-          // Refresh the file list immediately using the current folder.
-          loadFileList(window.currentFolder || "root");
-          // Optionally, you can also call checkAuthentication() to update UI further.
-          checkAuthentication();
+          console.log("✅ Login successful.");
+          updateUIOnLogin(data.isAdmin);
+          checkAuthentication(); // Double-check session persistence.
         } else {
           alert("Login failed: " + (data.error || "Unknown error"));
         }
       })
-      .catch(error => console.error("Error logging in:", error));
+      .catch(error => console.error("❌ Error logging in:", error));
   });
+}
+
+// Helper function to update UI based on authentication.
+function updateUIOnLogin(isAdmin) {
+  toggleVisibility("loginForm", false);
+  toggleVisibility("mainOperations", true);
+  toggleVisibility("uploadFileForm", true);
+  toggleVisibility("fileListContainer", true);
+  
+  if (isAdmin) {
+    document.getElementById("addUserBtn").style.display = "block";
+    document.getElementById("removeUserBtn").style.display = "block";
+  } else {
+    document.getElementById("addUserBtn").style.display = "none";
+    document.getElementById("removeUserBtn").style.display = "none";
+  }
+
+  document.querySelector(".header-buttons").style.visibility = "visible";
+  loadFileList(window.currentFolder || "root");
+}
 
   // Set up the logout button.
   document.getElementById("logoutBtn").addEventListener("click", function () {
@@ -141,12 +135,10 @@ export function initAuth() {
   document.getElementById("cancelRemoveUserBtn").addEventListener("click", function () {
     closeRemoveUserModal();
   });
-}
 
 export function checkAuthentication() {
   sendRequest("checkAuth.php")
     .then(data => {
-      console.log("Authentication check:", data);
       if (data.setup) {
         window.setupMode = true;
         // In setup mode, hide login and main operations; show Add User modal.
diff --git a/auth.php b/auth.php
index 613c3ff..5970bda 100644
--- a/auth.php
+++ b/auth.php
@@ -1,6 +1,5 @@
 <?php
 require 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 $usersFile = USERS_DIR . USERS_FILE;
diff --git a/checkAuth.php b/checkAuth.php
index eae563c..a73da6c 100644
--- a/checkAuth.php
+++ b/checkAuth.php
@@ -1,6 +1,5 @@
 <?php
 require 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 // Check if users.txt is empty or doesn't exist
diff --git a/config.php b/config.php
index db749d7..060d443 100644
--- a/config.php
+++ b/config.php
@@ -1,4 +1,5 @@
 <?php
+session_start();
 // config.php
 define('UPLOAD_DIR', '/var/www/uploads/');
 define('BASE_URL', 'http://yourwebsite/uploads/');
diff --git a/copyFiles.php b/copyFiles.php
index 55e2eb4..5765cfa 100644
--- a/copyFiles.php
+++ b/copyFiles.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 // Check authentication.
diff --git a/deleteFiles.php b/deleteFiles.php
index 5a4b17d..d36c180 100644
--- a/deleteFiles.php
+++ b/deleteFiles.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 // Ensure user is authenticated
diff --git a/getFileList.php b/getFileList.php
index eb82fc0..cfc50ae 100644
--- a/getFileList.php
+++ b/getFileList.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header("Cache-Control: no-cache, no-store, must-revalidate");
 header("Pragma: no-cache");
 header("Expires: 0");
diff --git a/getUsers.php b/getUsers.php
index 6e1189a..d4349ff 100644
--- a/getUsers.php
+++ b/getUsers.php
@@ -1,6 +1,5 @@
 <?php
 require 'config.php';
-session_start();
 header('Content-Type: application/json');
 if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true ||
     !isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) {
diff --git a/main.js b/main.js
index 9562917..18e2f4b 100644
--- a/main.js
+++ b/main.js
@@ -36,6 +36,8 @@ window.currentFolder = "root";
 
 // DOMContentLoaded initialization.
 document.addEventListener("DOMContentLoaded", function () {
+  // Initialize authentication and user management.
+  initAuth();
   window.currentFolder = window.currentFolder || "root";
   loadFileList(window.currentFolder);
   loadCopyMoveFolderList();
@@ -43,6 +45,4 @@ document.addEventListener("DOMContentLoaded", function () {
   initUpload();
   loadFolderList();
   updateFileActionButtons();
-  // Initialize authentication and user management.
-  initAuth();
 });
diff --git a/moveFiles.php b/moveFiles.php
index 3a4c093..e5777bb 100644
--- a/moveFiles.php
+++ b/moveFiles.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 // Check authentication.
diff --git a/removeUser.php b/removeUser.php
index 08f8881..6f64ad4 100644
--- a/removeUser.php
+++ b/removeUser.php
@@ -1,6 +1,5 @@
 <?php
 require 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 $usersFile = USERS_DIR . USERS_FILE;
diff --git a/renameFile.php b/renameFile.php
index 8d24e27..f8a6149 100644
--- a/renameFile.php
+++ b/renameFile.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header('Content-Type: application/json');
 header("Cache-Control: no-cache, no-store, must-revalidate");
 header("Pragma: no-cache");
diff --git a/saveFile.php b/saveFile.php
index 5617ed7..341eed9 100644
--- a/saveFile.php
+++ b/saveFile.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 // Ensure user is authenticated
diff --git a/upload.php b/upload.php
index 1127f9c..586e574 100644
--- a/upload.php
+++ b/upload.php
@@ -1,6 +1,5 @@
 <?php
 require_once 'config.php';
-session_start();
 header('Content-Type: application/json');
 
 if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {