PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
928e074d24f25b733211b2fc82be4e4408022ece
xamxam/nginx/docs/PHP_AUTH_LAYER.md
Pontoporeia d588ae004d Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-15 15:56:52 +02:00

75 lines
2.3 KiB
Markdown
Raw Blame History

# PHP Session Auth Layer — Admin Panel
> Addresses: **TODO item #2** (No PHP-level authentication in admin panel — 🔴 CRITICAL)
---
## Overview
The admin panel uses a single **PHP session-based authentication** layer.
Authentication is password-only (no username required).
| Layer | Mechanism | Configured by |
|-------|-----------|---------------|
| **PHP** | Session guard (`src/AdminAuth.php`) | `site_settings.admin_password_hash` in DB |
The user sees an HTML login form at `/admin/login.php` that asks only for a
password. On successful login, a PHP session is created and all admin pages
use `AdminAuth::requireLogin()` to enforce the guard.
## Authentication flow
```
Browser → /admin/login.php (HTML password-only form)
POST password → AdminAuth::login()
├─ password_verify(password, stored_hash)
│ ├─ ✓ → create session → redirect to /admin/
│ └─ ✗ → show error, stay on login form
└─
```
If no password hash is stored in the DB (dev / cli-server), `AdminAuth`
is a no-op — all admin pages are open.
## PHP auth setup (production)
1. Generate a bcrypt hash for the admin password:
```bash
php -r "echo password_hash('your-secret-password', PASSWORD_DEFAULT);"
```
2. Store it in the DB via the admin panel at `/admin/parametres` (Account tab)
or by inserting directly:
```sql
INSERT INTO site_settings (key, value) VALUES ('admin_password_hash', '$2y$12$...')
ON CONFLICT(key) DO UPDATE SET value = excluded.value;
```
## Session cookie hardening (TODO item #8)
`AdminAuth::startSession()` calls `session_set_cookie_params()` before
`session_start()`, applying:
| Attribute | Value |
|-----------|-------|
| `HttpOnly` | `true` |
| `SameSite` | `Strict` |
| `Secure` | `true` (disabled on cli-server for dev) |
| `Path` | `/admin` |
| `Lifetime` | `0` (session cookie, expires on browser close) |
## Logout
A **Déconnexion** button is shown in the admin nav when a password hash is
configured. It hits `/admin/logout.php` which destroys the PHP session.
## Files
| File | Purpose |
|------|---------|
| `src/AdminAuth.php` | Auth guard class |
| `public/admin/login.php` | Login form (password-only) |
| `public/admin/logout.php` | Logout handler |
Reference in New Issue View Git Blame Copy Permalink