Fixed admin panel user registration.
Now including start.sh to start a php server using the router.php so no webserver is needed.
This commit is contained in:
12
.gitignore
vendored
12
.gitignore
vendored
@@ -6,3 +6,15 @@
|
||||
|
||||
./.idea
|
||||
./.idea/*
|
||||
./.crush
|
||||
/AGENTS.md
|
||||
/composer.lock
|
||||
/.idea/copilot.data.migration.agent.xml
|
||||
/.idea/copilot.data.migration.ask.xml
|
||||
/.idea/copilot.data.migration.ask2agent.xml
|
||||
/.idea/copilot.data.migration.edit.xml
|
||||
/.idea/php.xml
|
||||
/.idea/phpunit.xml
|
||||
/PROFILES_README.md
|
||||
/.idea/vcs.xml
|
||||
/.idea/workspace.xml
|
||||
|
||||
@@ -32,25 +32,4 @@ class AdminController extends Controller
|
||||
|
||||
Redirect::to("admin");
|
||||
}
|
||||
|
||||
public function registerUser()
|
||||
{
|
||||
// Ensure the user is logged in and is an admin
|
||||
if (!LoginModel::isUserLoggedIn() || !LoginModel::isAdmin()) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_ADMIN_ONLY'));
|
||||
Redirect::to('admin/index');
|
||||
return;
|
||||
}
|
||||
|
||||
// Validate and register the new user
|
||||
$registration_successful = RegistrationModel::registerNewUser(true);
|
||||
|
||||
if ($registration_successful) {
|
||||
Session::add('feedback_positive', Text::get('FEEDBACK_USER_REGISTERED_SUCCESSFULLY'));
|
||||
} else {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_USER_REGISTRATION_FAILED'));
|
||||
}
|
||||
|
||||
Redirect::to('admin/index');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,12 +22,8 @@ class RegisterController extends Controller
|
||||
*/
|
||||
public function index()
|
||||
{
|
||||
// Redirect non-logged-in users to the login page
|
||||
if (!LoginModel::isUserLoggedIn()) {
|
||||
Redirect::to('login/index');
|
||||
return;
|
||||
}
|
||||
|
||||
// only admins can access registration; reuse existing admin auth check
|
||||
Auth::checkAdminAuthentication();
|
||||
$this->View->render('register/index');
|
||||
}
|
||||
|
||||
@@ -37,20 +33,12 @@ class RegisterController extends Controller
|
||||
*/
|
||||
public function register_action()
|
||||
{
|
||||
// Restrict registration to admins only
|
||||
if (!LoginModel::isAdmin()) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_ADMIN_ONLY'));
|
||||
Redirect::to('login/index');
|
||||
return;
|
||||
}
|
||||
// enforce admin-only for registration
|
||||
Auth::checkAdminAuthentication();
|
||||
|
||||
$registration_successful = RegistrationModel::registerNewUser();
|
||||
RegistrationModel::registerNewUser();
|
||||
|
||||
if ($registration_successful) {
|
||||
Redirect::to('login/index');
|
||||
} else {
|
||||
Redirect::to('register/index');
|
||||
}
|
||||
Redirect::to('admin/index');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -76,7 +64,7 @@ class RegisterController extends Controller
|
||||
*/
|
||||
public function showCaptcha()
|
||||
{
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_CAPTCHA_NOT_USED'));
|
||||
// Captcha no longer used
|
||||
Redirect::to('register/index');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,29 +2,16 @@
|
||||
|
||||
class Text
|
||||
{
|
||||
private static $texts;
|
||||
public static $texts;
|
||||
|
||||
public static function get($key, $data = null)
|
||||
public static function get($key)
|
||||
{
|
||||
// if not $key
|
||||
if (!$key) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($data) {
|
||||
foreach ($data as $var => $value) {
|
||||
${$var} = $value;
|
||||
}
|
||||
}
|
||||
|
||||
// load config file (this is only done once per application lifecycle)
|
||||
if (!self::$texts) {
|
||||
self::$texts = require(__DIR__ . '/../config/texts.php');
|
||||
}
|
||||
|
||||
// check if array key exists
|
||||
if (!array_key_exists($key, self::$texts)) {
|
||||
return null;
|
||||
return "TEXT NOT FOUND";
|
||||
}
|
||||
|
||||
return self::$texts[$key];
|
||||
|
||||
@@ -379,15 +379,4 @@ class LoginModel
|
||||
{
|
||||
return Session::userIsLoggedIn();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the logged-in user is an admin
|
||||
*
|
||||
* @return bool True if the user is an admin, false otherwise
|
||||
*/
|
||||
public static function isAdmin()
|
||||
{
|
||||
$user_role = Session::get('user_role'); // Assuming user role is stored in session
|
||||
return $user_role === 'admin';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,28 +19,35 @@ class RegistrationModel
|
||||
$user_name = strip_tags(Request::post('user_name'));
|
||||
$user_email = strip_tags(Request::post('user_email'));
|
||||
// Use 'user_password' if provided (admin registration), otherwise 'user_password_new'
|
||||
$user_password_new = $isAdmin ? Request::post('user_password') : Request::post('user_password_new');
|
||||
$user_password_new = $isAdmin ? Request::post('user_password_new') : Request::post('user_password_new');
|
||||
$user_password_repeat = $user_password_new; // no repeat field
|
||||
|
||||
// validate input (skip captcha validation)
|
||||
$validation_result = self::registrationInputValidation($user_name, $user_password_new, $user_email);
|
||||
if (!$validation_result) {
|
||||
return false;
|
||||
}
|
||||
// validate using existing validators and messages
|
||||
$valid = true;
|
||||
if (!self::validateUserName($user_name)) { $valid = false; }
|
||||
if (!self::validateUserEmail($user_email, $user_email)) { $valid = false; }
|
||||
if (!self::validateUserPassword($user_password_new, $user_password_repeat)) { $valid = false; }
|
||||
if (!$valid) { return false; }
|
||||
|
||||
// hash the password
|
||||
$user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);
|
||||
|
||||
// check if username or email already exists
|
||||
if (UserModel::doesUsernameAlreadyExist($user_name) || UserModel::doesEmailAlreadyExist($user_email)) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_OR_EMAIL_TAKEN'));
|
||||
return false;
|
||||
$return = true;
|
||||
if (UserModel::doesUsernameAlreadyExist($user_name)) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN'));
|
||||
$return = false;
|
||||
}
|
||||
if (UserModel::doesEmailAlreadyExist($user_email)) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
|
||||
$return = false;
|
||||
}
|
||||
if (!$return) return false;
|
||||
|
||||
// directly activate user (skip email verification)
|
||||
$user_active = 1;
|
||||
// directly activate user: set empty activation hash
|
||||
$user_activation_hash = null;
|
||||
|
||||
// write user data to database
|
||||
if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_active)) {
|
||||
if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_activation_hash)) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
|
||||
return false;
|
||||
}
|
||||
@@ -141,11 +148,7 @@ class RegistrationModel
|
||||
return false;
|
||||
}
|
||||
|
||||
if (strlen($user_password_new) < 6) {
|
||||
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
|
||||
return false;
|
||||
}
|
||||
|
||||
// no minimum length restriction
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -164,9 +167,9 @@ class RegistrationModel
|
||||
{
|
||||
$database = DatabaseFactory::getFactory()->getConnection();
|
||||
|
||||
// write new users data into database
|
||||
$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type)
|
||||
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type)";
|
||||
// write new users data into database; set user_active=1 and user_activation_hash to provided value (can be null)
|
||||
$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type, user_active)
|
||||
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type, 1)";
|
||||
$query = $database->prepare($sql);
|
||||
try {
|
||||
$query->execute(array(
|
||||
@@ -178,8 +181,7 @@ class RegistrationModel
|
||||
':user_provider_type' => 'DEFAULT'
|
||||
));
|
||||
} catch (PDOException $e) {
|
||||
error_log("Database error during user creation: " . $e->getMessage());
|
||||
Session::add('feedback_negative', "Database error: " . $e->getMessage());
|
||||
// only one feedback message on failure
|
||||
return false;
|
||||
}
|
||||
$count = $query->rowCount();
|
||||
|
||||
@@ -56,10 +56,10 @@
|
||||
|
||||
<h3>Register a new user</h3>
|
||||
|
||||
<form method="post" action="<?php echo Config::get('URL'); ?>admin/registerUser">
|
||||
<form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
|
||||
<input type="text" name="user_name" placeholder="Username" required />
|
||||
<input type="email" name="user_email" placeholder="Email address" required />
|
||||
<input type="password" name="user_password" placeholder="Password" required />
|
||||
<input type="password" name="user_password_new" placeholder="Password" required autocomplete="off" />
|
||||
<input type="submit" value="Register User" />
|
||||
</form>
|
||||
|
||||
|
||||
@@ -11,9 +11,7 @@
|
||||
<form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
|
||||
<input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required />
|
||||
<input type="text" name="user_email" placeholder="email address (a real address)" required />
|
||||
<input type="text" name="user_email_repeat" placeholder="repeat email address (to prevent typos)" required />
|
||||
<input type="password" name="user_password_new" pattern=".{6,}" placeholder="Password (6+ characters)" required autocomplete="off" />
|
||||
<input type="password" name="user_password_repeat" pattern=".{6,}" required placeholder="Repeat your password" autocomplete="off" />
|
||||
<input type="submit" value="Register" />
|
||||
</form>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user