joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added setup mode

Browse Source
This commit is contained in:
Ryan
2025-02-22 11:29:37 -05:00
committed by GitHub
parent 6e0781e1bc
commit 679637d797
1 changed files with 38 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
addUser.php
View File

@@ -4,17 +4,36 @@ header('Content-Type: application/json');
$usersFile = 'users.txt'; $usersFile = 'users.txt';
// Only allow admins to add users // Determine if we are in setup mode:
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true || !isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true) { // - Query parameter setup=1 is passed
echo json_encode(["error" => "Unauthorized"]); // - And users.txt is either missing or empty
exit; $isSetup = (isset($_GET['setup']) && $_GET['setup'] == '1');
if ($isSetup && (!file_exists($usersFile) || trim(file_get_contents($usersFile)) === '')) {
// Allow initial admin creation without session checks.
$setupMode = true;
} else {
$setupMode = false;
// Only allow admins to add users normally.
if (
!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true ||
!isset($_SESSION['isAdmin']) || $_SESSION['isAdmin'] !== true
) {
echo json_encode(["error" => "Unauthorized"]);
exit;
}
} }
// Get input data // Get input data from JSON
$data = json_decode(file_get_contents("php://input"), true); $data = json_decode(file_get_contents("php://input"), true);
$newUsername = trim($data["username"] ?? ""); $newUsername = trim($data["username"] ?? "");
$newPassword = trim($data["password"] ?? ""); $newPassword = trim($data["password"] ?? "");
$isAdmin = !empty($data["isAdmin"]) ? "1" : "0"; // Store as "1" for admin, "0" for user
// In setup mode, force the new user to be admin.
if ($setupMode) {
$isAdmin = "1";
} else {
$isAdmin = !empty($data["isAdmin"]) ? "1" : "0"; // "1" for admin, "0" for regular user.
}
// Validate input // Validate input
if (!$newUsername || !$newPassword) { if (!$newUsername || !$newPassword) {
@@ -22,6 +41,11 @@ if (!$newUsername || !$newPassword) {
exit; exit;
} }
// Ensure users.txt exists
if (!file_exists($usersFile)) {
file_put_contents($usersFile, '');
}
// Check if username already exists // Check if username already exists
$existingUsers = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); $existingUsers = file($usersFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($existingUsers as $line) { foreach ($existingUsers as $line) {
@@ -35,9 +59,15 @@ foreach ($existingUsers as $line) {
// Hash the password // Hash the password
$hashedPassword = password_hash($newPassword, PASSWORD_BCRYPT); $hashedPassword = password_hash($newPassword, PASSWORD_BCRYPT);
// Append new user to users.txt // Prepare new user line
$newUserLine = $newUsername . ":" . $hashedPassword . ":" . $isAdmin . PHP_EOL; $newUserLine = $newUsername . ":" . $hashedPassword . ":" . $isAdmin . PHP_EOL;
file_put_contents($usersFile, $newUserLine, FILE_APPEND);
// In setup mode, overwrite users.txt; otherwise, append to it.
if ($setupMode) {
file_put_contents($usersFile, $newUserLine);
} else {
file_put_contents($usersFile, $newUserLine, FILE_APPEND);
}
echo json_encode(["success" => "User added successfully"]); echo json_encode(["success" => "User added successfully"]);
?> ?>