From fc45767712e27bfd5af2dd445d007914871e0797 Mon Sep 17 00:00:00 2001
From: Ryan <ryantl66@gmail.com>
Date: Mon, 24 Mar 2025 10:21:20 -0400
Subject: [PATCH] Save admin status in persistent token

---
 README.md  | 2 +-
 auth.php   | 5 +++--
 config.php | 3 +--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index a8720ad..346c061 100644
--- a/README.md
+++ b/README.md
@@ -251,7 +251,7 @@ The `config.php` file contains several key constants that may need adjustment fo
   Defines the maximum upload size (default is `5G`). Ensure that PHP’s `upload_max_filesize` and `post_max_size` in your `php.ini` are consistent with this setting. The startup script (`start.sh`) updates PHP limits at runtime based on this value.
 
 - **Environment Variables (Docker):**  
-  The Docker image supports overriding configuration via environment variables. For example, you can set `SECURE`, `SHARE_URL`, and port settings via the container’s environment.
+  The Docker image supports overriding configuration via environment variables. For example, you can set `SECURE`, `SHARE_URL`, `PERSISTENT_TOKENS_KEY` and port settings via the container’s environment.
 
 ---
 
diff --git a/auth.php b/auth.php
index ca2403b..185e813 100644
--- a/auth.php
+++ b/auth.php
@@ -110,10 +110,11 @@ if ($userRole !== false) {
                 $persistentTokens = [];
             }
         }
-        // Save token along with username and expiry.
+        // Save token along with username, expiry, and admin status.
         $persistentTokens[$token] = [
             "username" => $username,
-            "expiry"   => $expiry
+            "expiry"   => $expiry,
+            "isAdmin"  => ($userRole === "1")
         ];
         $encryptedContent = encryptData(json_encode($persistentTokens, JSON_PRETTY_PRINT), $encryptionKey);
         file_put_contents($persistentTokensFile, $encryptedContent, LOCK_EX);
diff --git a/config.php b/config.php
index 4fc1a01..060f8b4 100644
--- a/config.php
+++ b/config.php
@@ -97,8 +97,7 @@ if (!isset($_SESSION["authenticated"]) && isset($_COOKIE['remember_me_token']))
             // Token is valid; auto-authenticate the user.
             $_SESSION["authenticated"] = true;
             $_SESSION["username"] = $tokenData["username"];
-            // Optionally, set admin status if stored in token data:
-            // $_SESSION["isAdmin"] = $tokenData["isAdmin"];
+            $_SESSION["isAdmin"] = $tokenData["isAdmin"]; // Restore admin status from the token
         } else {
             // Token expired; remove it and clear the cookie.
             unset($persistentTokens[$_COOKIE['remember_me_token']]);