<?php
$pin_file = $initialization_pin_file;
if (!file_exists($pin_file)||!is_file($pin_file)){
throw new \Exception("Pin file '$pin_file' does not exist");
}
$pin = trim(file_get_contents($pin_file));
if (strlen($pin) < 20 || strlen($pin) > 40){
throw new \Exception("Pin file is less than 20 chars or more than 40 chars");
}
$stored_pin = $pin;
$lib = new \Tlf\User\Lib($lib->pdo);
try {
$pdo = $lib->pdo;
$stmt = $pdo->prepare($lib->queries['extra.get_one_user']);
$stmt->execute();
$user_rows = $stmt->fetchAll(\PDO::FETCH_ASSOC);
} catch (\PDOException $e){
if (strpos($e->getMessage(),"SQLSTATE[42S02]") === false){
throw $e;
}
$user_rows = [];
error_log("Database tables not found (PDO Exception), assumed no users");
}
if (count($user_rows) !== 0){
throw new \Exception("Users already exist.");
}
if (isset($_POST['pin']) && isset($_POST['email']) && isset($_POST['password'])){
$post_pin = substr($_POST['pin'],0,40);
$email = substr($_POST['email'],0,80);
$password = substr($_POST['password'],0,50);
$filtered_email = filter_var($email,FILTER_VALIDATE_EMAIL);
if ($filtered_email === false || $filtered_email !== $email){
throw new \Exception("Email was not valid email characters or was longer than 80 characters");
}
unset($email); // only use the filtered email
if ($_POST['pin'] !== $post_pin){
throw new \Exception("Submitted pin is too long.");
}
if ($_POST['pin'] !== $stored_pin){
throw new \Exception("Submitted pin does not match stored pin");
}
if (!is_file($pin_file)){
throw new \Exception("Pin file does not exist");
}
$unlinked_file = unlink($pin_file);
if (!$unlinked_file || file_exists($pin_file)){
throw new \Exception("Failed to delete pin file");
}
error_log("Pin file deleted");
if (($_POST['init-db']??false)==='on'){
error_log("Initialize database");
$lib->init_db();
}
$lib = new \Tlf\User\Lib($lib->pdo);
$user = $lib->user_from_email($filtered_email);
$user->register($password);
$code = $user->new_code('registration');
$user->activate($code);
$user->add_role('admin');
echo "Added admin role (unless there was an error)";
error_log("Admin email set to '$filtered_email'");
exit;
}
?>
<h1>Initialize User Login Library</h1>
<form method="POST" action="">
<label>Initialize Database?
<input type="checkbox" name="init-db"/>
</label>
<br><br>
<label>User Initialization Pin<br>
<input type="password" name="pin"/>
</label>
<br>
<br>
<label>Admin User Email<br>
<input type="text" name="email"/>
</label>
<br>
<br>
<label>Admin User Password<br>
<input type="password" name="password"/>
</label>
<br>
<br>
<input type="submit" value="Submit" />
</form>