PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add admin account page for PHP password management

Browse Source 
Implements the admin user management UI as a self-contained PHP password
change/set flow — no SSH or sudo required.

- public/admin/account.php: shows auth status (PHP hash present, credentials
  file path), password change form (requires current password when one exists,
  min 12 chars, confirm field), and a danger-zone form to delete the
  credentials file entirely
- public/admin/actions/account.php: CSRF-guarded POST handler; verifies
  current password via AdminAuth::login() before accepting a new one;
  generates bcrypt (cost 12) hash; writes config/admin_credentials.php
  atomically via a temp file + rename; regenerates session on success;
  redirects to /admin/login.php when credentials are deleted
- templates/admin/head.php: 'Compte' nav link added (active on account.php)
- public/assets/admin.css: .admin-account-status, .admin-section-title,
  .admin-field-hint, .admin-danger-zone component styles added

Note: the nginx htpasswd flow (manage-admin-users.sh) requires root on the
server and is intentionally kept as a CLI-only operation.
This commit is contained in:
Pontoporeia
2026-03-24 15:52:00 +01:00
parent 020bfa5a33
commit 20a633c0e2
5 changed files with 319 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
public/admin/account.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
require_once __DIR__ . "/../../config/bootstrap.php";
require_once __DIR__ . '/../../src/AdminAuth.php';
AdminAuth::requireLogin();
$pageTitle = "Compte administrateur";
$credentialsFile = APP_ROOT . '/config/admin_credentials.php';
$hasPassword = defined('ADMIN_PASSWORD_HASH');
$success = $_SESSION['success'] ?? null;
$error = $_SESSION['error'] ?? null;
unset($_SESSION['success'], $_SESSION['error']);
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
<?php require_once APP_ROOT . '/templates/admin/head.php'; ?>
<main class="admin-main">
<h1 class="admin-page-title">Compte administrateur</h1>
<?php if ($error): ?>
<div class="admin-alert admin-alert--error">⚠ <?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<?php if ($success): ?>
<div class="admin-alert admin-alert--success">✓ <?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<!-- Status info -->
<div class="admin-account-status">
<div class="admin-account-status__row">
<span class="admin-account-status__label">Authentification PHP</span>
<?php if ($hasPassword): ?>
<span class="status-badge status-published">Active</span>
<?php else: ?>
<span class="status-badge status-pending">Non configurée</span>
<?php endif; ?>
</div>
<div class="admin-account-status__row">
<span class="admin-account-status__label">Fichier de configuration</span>
<code class="admin-account-status__code">config/admin_credentials.php</code>
<?php if (file_exists($credentialsFile)): ?>
<span class="status-badge status-published">Présent</span>
<?php else: ?>
<span class="status-badge status-pending">Absent</span>
<?php endif; ?>
</div>
<?php if (!$hasPassword): ?>
<p class="admin-account-status__note">
Aucun mot de passe PHP configuré. Le formulaire ci-dessous créera
<code>config/admin_credentials.php</code> avec un hash bcrypt.
</p>
<?php endif; ?>
</div>
<!-- Password change form -->
<h2 class="admin-section-title"><?= $hasPassword ? 'Changer le mot de passe' : 'Définir le mot de passe' ?></h2>
<form method="post" action="/admin/actions/account.php" class="admin-form" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<?php if ($hasPassword): ?>
<div class="admin-form-row">
<label class="admin-label" for="current_password">Mot de passe actuel</label>
<div>
<input class="admin-input" type="password" id="current_password"
name="current_password" required autocomplete="current-password">
</div>
</div>
<?php endif; ?>
<div class="admin-form-row">
<label class="admin-label" for="new_password">Nouveau mot de passe</label>
<div>
<input class="admin-input" type="password" id="new_password"
name="new_password" required autocomplete="new-password"
minlength="12">
<p class="admin-field-hint">Minimum 12 caractères.</p>
</div>
</div>
<div class="admin-form-row">
<label class="admin-label" for="confirm_password">Confirmer le mot de passe</label>
<div>
<input class="admin-input" type="password" id="confirm_password"
name="confirm_password" required autocomplete="new-password">
</div>
</div>
<div class="admin-submit-wrap">
<button type="submit" class="admin-btn">
<?= $hasPassword ? 'Mettre à jour le mot de passe' : 'Définir le mot de passe' ?>
</button>
</div>
</form>
<?php if ($hasPassword): ?>
<!-- Danger zone: remove password -->
<h2 class="admin-section-title admin-section-title--danger" style="margin-top:3rem;">Zone de danger</h2>
<div class="admin-danger-zone">
<div class="admin-danger-zone__description">
<strong>Supprimer la configuration du mot de passe PHP</strong><br>
<span style="color:var(--admin-text-muted);font-size:.9rem;">
Supprime <code>config/admin_credentials.php</code>. L'accès admin
dépendra uniquement de l'authentification nginx Basic Auth si elle est configurée.
</span>
</div>
<form method="post" action="/admin/actions/account.php"
onsubmit="return confirm('Supprimer le fichier de mot de passe PHP ? L\'accès admin ne sera protégé que par nginx Basic Auth.')">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="action" value="remove_credentials">
<input type="hidden" name="current_password_remove" id="current_password_remove" value="">
<button type="submit" class="admin-btn admin-btn--danger">Supprimer le fichier</button>
</form>
</div>
<?php endif; ?>
</main>
<?php require_once APP_ROOT . '/templates/admin/footer.php'; ?>

122
public/admin/actions/account.php Normal file
View File

@@ -0,0 +1,122 @@
<?php
/**
* Admin account action — update or remove admin_credentials.php
*
* Actions:
* POST (default) — set/change the PHP admin password
* POST action=remove_credentials — delete admin_credentials.php
*/
require_once __DIR__ . '/../../../config/bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();
// ── CSRF ──────────────────────────────────────────────────────────────────────
if (empty($_SESSION['csrf_token']) || ($_POST['csrf_token'] ?? '') !== $_SESSION['csrf_token']) {
http_response_code(403);
die('Invalid CSRF token.');
}
$credentialsFile = APP_ROOT . '/config/admin_credentials.php';
$hasPassword = defined('ADMIN_PASSWORD_HASH');
$action = $_POST['action'] ?? 'change_password';
// ── Remove credentials ────────────────────────────────────────────────────────
if ($action === 'remove_credentials') {
if (!$hasPassword) {
$_SESSION['error'] = 'Aucun fichier de mot de passe à supprimer.';
header('Location: /admin/account.php');
exit;
}
if (!is_writable($credentialsFile) && !is_writable(dirname($credentialsFile))) {
$_SESSION['error'] = 'Le fichier de configuration n\'est pas accessible en écriture.';
header('Location: /admin/account.php');
exit;
}
if (@unlink($credentialsFile)) {
// Destroy session so the user is forced to re-authenticate via nginx Basic Auth.
AdminAuth::logout();
header('Location: /admin/login.php');
exit;
} else {
$_SESSION['error'] = 'Impossible de supprimer le fichier de configuration.';
header('Location: /admin/account.php');
exit;
}
}
// ── Change / set password ─────────────────────────────────────────────────────
// 1. If a password is already set, verify the current one.
if ($hasPassword) {
$currentPassword = $_POST['current_password'] ?? '';
if (!AdminAuth::login($currentPassword)) {
$_SESSION['error'] = 'Mot de passe actuel incorrect.';
header('Location: /admin/account.php');
exit;
}
}
// 2. Validate new password.
$newPassword = $_POST['new_password'] ?? '';
$confirmPassword = $_POST['confirm_password'] ?? '';
if (strlen($newPassword) < 12) {
$_SESSION['error'] = 'Le nouveau mot de passe doit contenir au moins 12 caractères.';
header('Location: /admin/account.php');
exit;
}
if ($newPassword !== $confirmPassword) {
$_SESSION['error'] = 'Les mots de passe ne correspondent pas.';
header('Location: /admin/account.php');
exit;
}
// 3. Generate bcrypt hash (cost 12).
$hash = password_hash($newPassword, PASSWORD_BCRYPT, ['cost' => 12]);
if ($hash === false) {
$_SESSION['error'] = 'Erreur lors du hachage du mot de passe.';
header('Location: /admin/account.php');
exit;
}
// 4. Write credentials file.
$configContent = '<?php' . "\n"
. '/**' . "\n"
. ' * Admin PHP-level password for the session auth guard (defence-in-depth).' . "\n"
. ' *' . "\n"
. ' * Generated by the admin panel on ' . date('Y-m-d H:i:s') . '.' . "\n"
. ' * To regenerate manually:' . "\n"
. ' * php -r "echo password_hash(\'your-password\', PASSWORD_BCRYPT, [\'cost\' => 12]);"' . "\n"
. ' */' . "\n"
. "\n"
. 'define(\'ADMIN_PASSWORD_HASH\', ' . var_export($hash, true) . ');' . "\n";
// Write atomically via a temp file.
$tmpFile = $credentialsFile . '.tmp.' . bin2hex(random_bytes(6));
if (file_put_contents($tmpFile, $configContent, LOCK_EX) === false) {
@unlink($tmpFile);
$_SESSION['error'] = 'Impossible d\'écrire le fichier de configuration. Vérifiez les permissions sur config/.';
header('Location: /admin/account.php');
exit;
}
if (!rename($tmpFile, $credentialsFile)) {
@unlink($tmpFile);
$_SESSION['error'] = 'Impossible de mettre à jour le fichier de configuration.';
header('Location: /admin/account.php');
exit;
}
// 5. Regenerate session (password changed — invalidate old sessions).
session_regenerate_id(true);
$_SESSION['admin_authenticated'] = true;
$_SESSION['success'] = $hasPassword
? 'Mot de passe mis à jour avec succès.'
: 'Mot de passe défini avec succès. L\'authentification PHP est maintenant active.';
header('Location: /admin/account.php');
exit;