Pontoporeia 20a633c0e2 Add admin account page for PHP password management ...

Implements the admin user management UI as a self-contained PHP password
change/set flow — no SSH or sudo required.

- public/admin/account.php: shows auth status (PHP hash present, credentials
  file path), password change form (requires current password when one exists,
  min 12 chars, confirm field), and a danger-zone form to delete the
  credentials file entirely
- public/admin/actions/account.php: CSRF-guarded POST handler; verifies
  current password via AdminAuth::login() before accepting a new one;
  generates bcrypt (cost 12) hash; writes config/admin_credentials.php
  atomically via a temp file + rename; regenerates session on success;
  redirects to /admin/login.php when credentials are deleted
- templates/admin/head.php: 'Compte' nav link added (active on account.php)
- public/assets/admin.css: .admin-account-status, .admin-section-title,
  .admin-field-hint, .admin-danger-zone component styles added

Note: the nginx htpasswd flow (manage-admin-users.sh) requires root on the
server and is intentionally kept as a CLI-only operation.

2026-03-24 15:52:00 +01:00

4.6 KiB

Raw Blame History

View Raw