mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-07 03:29:19 +02:00
20a633c0e2
Implements the admin user management UI as a self-contained PHP password change/set flow — no SSH or sudo required. - public/admin/account.php: shows auth status (PHP hash present, credentials file path), password change form (requires current password when one exists, min 12 chars, confirm field), and a danger-zone form to delete the credentials file entirely - public/admin/actions/account.php: CSRF-guarded POST handler; verifies current password via AdminAuth::login() before accepting a new one; generates bcrypt (cost 12) hash; writes config/admin_credentials.php atomically via a temp file + rename; regenerates session on success; redirects to /admin/login.php when credentials are deleted - templates/admin/head.php: 'Compte' nav link added (active on account.php) - public/assets/admin.css: .admin-account-status, .admin-section-title, .admin-field-hint, .admin-danger-zone component styles added Note: the nginx htpasswd flow (manage-admin-users.sh) requires root on the server and is intentionally kept as a CLI-only operation.
123 lines
4.6 KiB
PHP
123 lines
4.6 KiB
PHP
<?php
|
|
/**
|
|
* Admin account action — update or remove admin_credentials.php
|
|
*
|
|
* Actions:
|
|
* POST (default) — set/change the PHP admin password
|
|
* POST action=remove_credentials — delete admin_credentials.php
|
|
*/
|
|
|
|
require_once __DIR__ . '/../../../config/bootstrap.php';
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
AdminAuth::requireLogin();
|
|
|
|
// ── CSRF ──────────────────────────────────────────────────────────────────────
|
|
if (empty($_SESSION['csrf_token']) || ($_POST['csrf_token'] ?? '') !== $_SESSION['csrf_token']) {
|
|
http_response_code(403);
|
|
die('Invalid CSRF token.');
|
|
}
|
|
|
|
$credentialsFile = APP_ROOT . '/config/admin_credentials.php';
|
|
$hasPassword = defined('ADMIN_PASSWORD_HASH');
|
|
$action = $_POST['action'] ?? 'change_password';
|
|
|
|
// ── Remove credentials ────────────────────────────────────────────────────────
|
|
if ($action === 'remove_credentials') {
|
|
if (!$hasPassword) {
|
|
$_SESSION['error'] = 'Aucun fichier de mot de passe à supprimer.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
|
|
if (!is_writable($credentialsFile) && !is_writable(dirname($credentialsFile))) {
|
|
$_SESSION['error'] = 'Le fichier de configuration n\'est pas accessible en écriture.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
|
|
if (@unlink($credentialsFile)) {
|
|
// Destroy session so the user is forced to re-authenticate via nginx Basic Auth.
|
|
AdminAuth::logout();
|
|
header('Location: /admin/login.php');
|
|
exit;
|
|
} else {
|
|
$_SESSION['error'] = 'Impossible de supprimer le fichier de configuration.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// ── Change / set password ─────────────────────────────────────────────────────
|
|
|
|
// 1. If a password is already set, verify the current one.
|
|
if ($hasPassword) {
|
|
$currentPassword = $_POST['current_password'] ?? '';
|
|
if (!AdminAuth::login($currentPassword)) {
|
|
$_SESSION['error'] = 'Mot de passe actuel incorrect.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// 2. Validate new password.
|
|
$newPassword = $_POST['new_password'] ?? '';
|
|
$confirmPassword = $_POST['confirm_password'] ?? '';
|
|
|
|
if (strlen($newPassword) < 12) {
|
|
$_SESSION['error'] = 'Le nouveau mot de passe doit contenir au moins 12 caractères.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
|
|
if ($newPassword !== $confirmPassword) {
|
|
$_SESSION['error'] = 'Les mots de passe ne correspondent pas.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
|
|
// 3. Generate bcrypt hash (cost 12).
|
|
$hash = password_hash($newPassword, PASSWORD_BCRYPT, ['cost' => 12]);
|
|
if ($hash === false) {
|
|
$_SESSION['error'] = 'Erreur lors du hachage du mot de passe.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
|
|
// 4. Write credentials file.
|
|
$configContent = '<?php' . "\n"
|
|
. '/**' . "\n"
|
|
. ' * Admin PHP-level password for the session auth guard (defence-in-depth).' . "\n"
|
|
. ' *' . "\n"
|
|
. ' * Generated by the admin panel on ' . date('Y-m-d H:i:s') . '.' . "\n"
|
|
. ' * To regenerate manually:' . "\n"
|
|
. ' * php -r "echo password_hash(\'your-password\', PASSWORD_BCRYPT, [\'cost\' => 12]);"' . "\n"
|
|
. ' */' . "\n"
|
|
. "\n"
|
|
. 'define(\'ADMIN_PASSWORD_HASH\', ' . var_export($hash, true) . ');' . "\n";
|
|
|
|
// Write atomically via a temp file.
|
|
$tmpFile = $credentialsFile . '.tmp.' . bin2hex(random_bytes(6));
|
|
if (file_put_contents($tmpFile, $configContent, LOCK_EX) === false) {
|
|
@unlink($tmpFile);
|
|
$_SESSION['error'] = 'Impossible d\'écrire le fichier de configuration. Vérifiez les permissions sur config/.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
if (!rename($tmpFile, $credentialsFile)) {
|
|
@unlink($tmpFile);
|
|
$_SESSION['error'] = 'Impossible de mettre à jour le fichier de configuration.';
|
|
header('Location: /admin/account.php');
|
|
exit;
|
|
}
|
|
|
|
// 5. Regenerate session (password changed — invalidate old sessions).
|
|
session_regenerate_id(true);
|
|
$_SESSION['admin_authenticated'] = true;
|
|
|
|
$_SESSION['success'] = $hasPassword
|
|
? 'Mot de passe mis à jour avec succès.'
|
|
: 'Mot de passe défini avec succès. L\'authentification PHP est maintenant active.';
|
|
|
|
header('Location: /admin/account.php');
|
|
exit;
|