From 679637d7972c8ec0c17ceaa717b09e1524a72a15 Mon Sep 17 00:00:00 2001
From: Ryan <ryantl66@gmail.com>
Date: Sat, 22 Feb 2025 11:29:37 -0500
Subject: [PATCH] added setup mode

---
 addUser.php | 46 ++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 38 insertions(+), 8 deletions(-)

diff --git a/addUser.php b/addUser.php
index 7ecba53..de7e4eb 100644
--- a/addUser.php
+++ b/addUser.php
@@ -4,17 +4,36 @@ header('Content-Type: application/json');
 
 $usersFile = 'users.txt';
 
-// Only allow admins to add users
-if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true || !isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) {
-    echo json_encode(["error" => "Unauthorized"]);
-    exit;
+// Determine if we are in setup mode:
+// - Query parameter setup=1 is passed
+// - And users.txt is either missing or empty
+$isSetup = (isset($_GET['setup']) && $_GET['setup'] == '1');
+if ($isSetup && (!file_exists($usersFile) || trim(file_get_contents($usersFile)) === '')) {
+    // Allow initial admin creation without session checks.
+    $setupMode = true;
+} else {
+    $setupMode = false;
+    // Only allow admins to add users normally.
+    if (
+        !isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true ||
+        !isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true
+    ) {
+        echo json_encode(["error" => "Unauthorized"]);
+        exit;
+    }
 }
 
-// Get input data
+// Get input data from JSON
 $data = json_decode(file_get_contents("php://input"), true);
 $newUsername = trim($data["username"] ?? "");
 $newPassword = trim($data["password"] ?? "");
-$isAdmin = !empty($data["isAdmin"]) ? "1" : "0"; // Store as "1" for admin, "0" for user
+
+// In setup mode, force the new user to be admin.
+if ($setupMode) {
+    $isAdmin = "1";
+} else {
+    $isAdmin = !empty($data["isAdmin"]) ? "1" : "0"; // "1" for admin, "0" for regular user.
+}
 
 // Validate input
 if (!$newUsername || !$newPassword) {
@@ -22,6 +41,11 @@ if (!$newUsername || !$newPassword) {
     exit;
 }
 
+// Ensure users.txt exists
+if (!file_exists($usersFile)) {
+    file_put_contents($usersFile, '');
+}
+
 // Check if username already exists
 $existingUsers = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
 foreach ($existingUsers as $line) {
@@ -35,9 +59,15 @@ foreach ($existingUsers as $line) {
 // Hash the password
 $hashedPassword = password_hash($newPassword, PASSWORD_BCRYPT);
 
-// Append new user to users.txt
+// Prepare new user line
 $newUserLine = $newUsername . ":" . $hashedPassword . ":" . $isAdmin . PHP_EOL;
-file_put_contents($usersFile, $newUserLine, FILE_APPEND);
+
+// In setup mode, overwrite users.txt; otherwise, append to it.
+if ($setupMode) {
+    file_put_contents($usersFile, $newUserLine);
+} else {
+    file_put_contents($usersFile, $newUserLine, FILE_APPEND);
+}
 
 echo json_encode(["success" => "User added successfully"]);
 ?>