Add one-time admin account setup script.

2017-07-04 22:12:29 -06:00 · 2017-07-04 22:12:29 -06:00 · 2cee224450
commit 2cee224450
parent be892b007d
2 changed files with 47 additions and 2 deletions
--- a/lib/login.php
+++ b/lib/login.php
@ -22,10 +22,10 @@ $ldap = new LdapManager($ldap_config);
 * @param string $email User's email address.
 * @param string $phone1 Phone number #1
 * @param string $phone2 Phone number #2
- * @param string $type Account type
+ * @param int $type Account type
 * @return int The new user's ID number in the database.
 */
-function adduser($username, $password, $realname, $email = null, $phone1 = "", $phone2 = "", $type) {
+function adduser($username, $password, $realname, $email = null, $phone1 = "", $phone2 = "", $type = 1) {
    global $database;
    $database->insert('accounts', [
        'username' => strtolower($username),
--- a/setup.php
+++ b/setup.php
@ -0,0 +1,45 @@
+<?php
+
+/*
+ * This script will create a local administrator account.
+ */
+
+require __DIR__ . '/required.php';
+
+if ($database->has('accounts', ["[>]assigned_permissions" => ["uid" => "uid"]], ['permid' => 1])) {
+    die("An admin account already exists, exiting.");
+}
+
+if (is_empty($_POST['username']) || is_empty($_POST['password']) || is_empty($_POST['realname'])) {
+    ?>
+    <!DOCTYPE html>
+    <html>
+        <head>
+            <title>Admin Account Creation</title>
+        </head>
+        <body>
+            <h1>Admin Account Creation tool</h1>
+            <form action="setup.php" method="POST">
+                Username: <input type="text" name="username" placeholder="Username" required="required" /><br />
+                Password: <input type="text" name="password" placeholder="Password" required="required" /><br />
+                Name: <input type="text" name="realname" placeholder="Real Name" required="required" /><br />
+                Email: <input type="email" name="email" placeholder="Email Address" /><br />
+                <button type="submit">
+                    Create account
+                </button>
+            </form>
+        </body>
+    </html>
+<?php
+} else {
+    require_once __DIR__ . "/lib/login.php";
+    $userid = adduser($_POST['username'],
+            $_POST['password'],
+            $_POST['realname'],
+            (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) ? $_POST['email'] : null),
+            "",
+            "",
+            1);
+    $database->insert('assigned_permissions', ['uid' => $userid, 'permid' => 1]);
+    die("Account created.");
+}