From 215c0d41eff2c70e7aa7b1546ee008e421eae4b3 Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sat, 11 May 2019 12:51:22 +0100 Subject: [PATCH] Require the site secret to use the first-run installer --- modules/feature-firstrun.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/feature-firstrun.php b/modules/feature-firstrun.php index 89bd5d8..6add06a 100644 --- a/modules/feature-firstrun.php +++ b/modules/feature-firstrun.php @@ -13,10 +13,6 @@ register_module([ // TODO: Figure out how to detect pre-existing wikis here - if(!$firstrun_complete && count(glob("._peppermint_secret_*")) == 0) { - - } - /** * @api {get} ?action=firstrun Display the firstrun page * @apiName FirstRun @@ -56,6 +52,13 @@ register_module([

Welcome to Pepperminty Wiki.

Fill out the below form to get your wiki up and running!

+
+ Authorisation + +

Find your wiki secret in the secret property inside peppermint.json. Don't forget to avoid copying the quotes surrounding the value!

+ + +
Admin account details @@ -98,6 +101,11 @@ register_module([ exit(page_renderer::render_main("Setup complete - Error - $settings->sitename", "

Oops! Looks like $settings->sitename is already setup and ready to go! Go to the " . htmlentities($settings->defaultpage)." to get started!

")); } + if($_POST["secret"] !== $settings->secret) { + http_response_code(401); + exit(page_renderer::render_main("Incorrect secret - Pepperminty Wiki", "

Oops! That secret was incorrect. Open peppermint.json that is automatically written to the directory alongside the index.php that you uploaded to your web server and copy the value of the secret property into the wiki secret box on the previous page, taking care to avoid copying the quotation marks.

")); + } + // $_POST: username, email-address, password, password-again, wiki-name, data-dir if(empty($_POST["username"])) {