Skip to content

Store auth users in database and add admin user management#23

Open
compuvin wants to merge 1 commit intomasterfrom
codex/add-password-protection-for-page
Open

Store auth users in database and add admin user management#23
compuvin wants to merge 1 commit intomasterfrom
codex/add-password-protection-for-page

Conversation

@compuvin
Copy link
Owner

@compuvin compuvin commented Feb 3, 2026

Motivation

  • Replace the previous single-config authentication with a persistent, role-aware user store so accounts can be managed and multiple users can be added.
  • Ensure the app can seed a default admin when no admin exists and give that admin ability to create additional accounts.

Description

  • Add auth-config.php to hold a default admin ($AUTH_DEFAULT_ADMIN) with a precomputed password hash.
  • Replace in-memory auth with DB-backed logic in auth.php, including auth_db_connect(), auth_initialize() (auto-creates the auth_users table and seeds the default admin), role-aware auth_login() and session storage, and a new require_admin() helper.
  • Add admin-users.php as an admin-only page to create new users (with admin/user roles) and list existing accounts.
  • Enforce authentication by adding require_auth() to data-editing pages and update README.md to document DB-backed auth and admin-users.php usage.

Testing

  • Started the PHP built-in server with php -S 0.0.0.0:8000 -t /workspace/SoftwareMatrix-GUI, which started successfully.
  • Ran a Playwright script to exercise the login and capture admin-users.php, but the Playwright run timed out (failed).

Codex Task

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 3, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 651ebe7854

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

auth.php
Comment on lines +18 to +26
if (preg_match('/^https?:\\/\\//i', $path)) {
return '/';
}

if ($path[0] !== '/') {
$path = '/' . ltrim($path, '/');
}

return $path;
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject protocol-relative redirects

The new auth_safe_redirect only blocks paths that start with http:// or https://, but it allows protocol‑relative URLs like //evil.example to pass through. When auth-login.php redirects after login, Location: //evil.example is treated by browsers as an external redirect, enabling an open‑redirect if an attacker supplies ?redirect=//evil.example. This is a security issue introduced with the new login flow; consider also rejecting // prefixes or normalizing to a known-safe path.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@compuvin