1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-22 13:45:02 +00:00

Require the site secret to use the first-run installer

This commit is contained in:
Starbeamrainbowlabs 2019-05-11 12:51:22 +01:00
parent 1dc0438a18
commit 215c0d41ef
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -13,10 +13,6 @@ register_module([
// TODO: Figure out how to detect pre-existing wikis here
if(!$firstrun_complete && count(glob("._peppermint_secret_*")) == 0) {
}
/**
* @api {get} ?action=firstrun Display the firstrun page
* @apiName FirstRun
@ -56,6 +52,13 @@ register_module([
<p>Welcome to Pepperminty Wiki.</p>
<p>Fill out the below form to get your wiki up and running!</p>
<form method='post' action='?action=firstrun-complete'>
<fieldset>
<legend>Authorisation</legend>
<p><em>Find your wiki secret in the <code>secret</code> property inside <code>peppermint.json</code>. Don't forget to avoid copying the quotes surrounding the value!</em></p>
<label for='secret'>Wiki Secret:</label>
<input type='password' id='secret' name='secret' />
</fieldset>
<fieldset>
<legend>Admin account details</legend>
@ -98,6 +101,11 @@ register_module([
exit(page_renderer::render_main("Setup complete - Error - $settings->sitename", "<p>Oops! Looks like $settings->sitename is already setup and ready to go! Go to the <a href='?action=$settings->defaultaction&page=".rawurlencode($settings->defaultpage)."'>" . htmlentities($settings->defaultpage)."</a> to get started!</p>"));
}
if($_POST["secret"] !== $settings->secret) {
http_response_code(401);
exit(page_renderer::render_main("Incorrect secret - Pepperminty Wiki", "<p>Oops! That secret was incorrect. Open <code>peppermint.json</code> that is automatically written to the directory alongside the <code>index.php</code> that you uploaded to your web server and copy the value of the <code>secret</code> property into the wiki secret box on the previous page, taking care to avoid copying the quotation marks.</p>"));
}
// $_POST: username, email-address, password, password-again, wiki-name, data-dir
if(empty($_POST["username"])) {