'Unauthorized access.']); exit; } // Validate CSRF token. $headersArr = array_change_key_case(getallheaders(), CASE_LOWER); $receivedToken = isset($headersArr['x-csrf-token']) ? trim($headersArr['x-csrf-token']) : ''; if (!isset($_SESSION['csrf_token']) || $receivedToken !== $_SESSION['csrf_token']) { http_response_code(403); echo json_encode(['error' => 'Invalid CSRF token.']); exit; } // Retrieve and decode JSON input. $input = file_get_contents('php://input'); $data = json_decode($input, true); if (!is_array($data)) { http_response_code(400); echo json_encode(['error' => 'Invalid input.']); exit; } // Prepare configuration array. $headerTitle = isset($data['header_title']) ? trim($data['header_title']) : ""; $oidc = isset($data['oidc']) ? $data['oidc'] : []; $oidcProviderUrl = isset($oidc['providerUrl']) ? filter_var($oidc['providerUrl'], FILTER_SANITIZE_URL) : ''; $oidcClientId = isset($oidc['clientId']) ? trim($oidc['clientId']) : ''; $oidcClientSecret = isset($oidc['clientSecret']) ? trim($oidc['clientSecret']) : ''; $oidcRedirectUri = isset($oidc['redirectUri']) ? filter_var($oidc['redirectUri'], FILTER_SANITIZE_URL) : ''; if (!$oidcProviderUrl || !$oidcClientId || !$oidcClientSecret || !$oidcRedirectUri) { http_response_code(400); echo json_encode(['error' => 'Incomplete OIDC configuration.']); exit; } $disableFormLogin = false; if (isset($data['loginOptions']['disableFormLogin'])) { $disableFormLogin = filter_var($data['loginOptions']['disableFormLogin'], FILTER_VALIDATE_BOOLEAN); } elseif (isset($data['disableFormLogin'])) { $disableFormLogin = filter_var($data['disableFormLogin'], FILTER_VALIDATE_BOOLEAN); } $disableBasicAuth = false; if (isset($data['loginOptions']['disableBasicAuth'])) { $disableBasicAuth = filter_var($data['loginOptions']['disableBasicAuth'], FILTER_VALIDATE_BOOLEAN); } elseif (isset($data['disableBasicAuth'])) { $disableBasicAuth = filter_var($data['disableBasicAuth'], FILTER_VALIDATE_BOOLEAN); } $disableOIDCLogin = false; if (isset($data['loginOptions']['disableOIDCLogin'])) { $disableOIDCLogin = filter_var($data['loginOptions']['disableOIDCLogin'], FILTER_VALIDATE_BOOLEAN); } elseif (isset($data['disableOIDCLogin'])) { $disableOIDCLogin = filter_var($data['disableOIDCLogin'], FILTER_VALIDATE_BOOLEAN); } $globalOtpauthUrl = isset($data['globalOtpauthUrl']) ? trim($data['globalOtpauthUrl']) : ""; $configUpdate = [ 'header_title' => $headerTitle, 'oidc' => [ 'providerUrl' => $oidcProviderUrl, 'clientId' => $oidcClientId, 'clientSecret' => $oidcClientSecret, 'redirectUri' => $oidcRedirectUri, ], 'loginOptions' => [ 'disableFormLogin' => $disableFormLogin, 'disableBasicAuth' => $disableBasicAuth, 'disableOIDCLogin' => $disableOIDCLogin, ], 'globalOtpauthUrl' => $globalOtpauthUrl ]; // Delegate to the model. $result = AdminModel::updateConfig($configUpdate); if (isset($result['error'])) { http_response_code(500); } echo json_encode($result); exit; } }