diff options
| -rw-r--r-- | README.md | 11 | ||||
| -rw-r--r-- | classes/BusinessAdmin.php | 21 | ||||
| -rw-r--r-- | install/index.php | 16 |
3 files changed, 48 insertions, 0 deletions
@@ -71,6 +71,17 @@ folder. This is also a check to make sure that your permissions are correct. You can also create these folders yourself, if you make sure the webserver has permission to it. +## Creating a first user + +Go to `/install/index.php?create_user` to create an `admin` user with a random +password. + +## Security + +Go to `/install/index.php?password_cost` to benchmark your system to find an +appropriate password cost. Set the constant `password_cost` in +`classes/constants.php` to this value. + ## Permissions The files folder will be used to put generated invoices in. Make your server diff --git a/classes/BusinessAdmin.php b/classes/BusinessAdmin.php index ce332ee..347c9c6 100644 --- a/classes/BusinessAdmin.php +++ b/classes/BusinessAdmin.php @@ -338,6 +338,27 @@ class BusinessAdmin { } /** + * Create a new user + * + * @param PDO $pdo The database connection + * @param string $username The username for the new user + * @param string $password The password for the new user + * + * @throws PDOException If something went wrong with the database + * + * @return user|bool A new instance of the user object, or false on failure + */ + public static function createUser($pdo, $username, $password) { + $stmt = $pdo->prepare("INSERT INTO `".constants::db_prefix."user` (`username`, `password`) VALUES (?,?)"); + $stmt->execute([$username, user::hash($password)]); + if ($stmt->rowCount() == 1) { + return new user($pdo, $pdo->lastInsertId()); + } else { + return false; + } + } + + /** * Format a date nicely * * @todo implement $relatively = true diff --git a/install/index.php b/install/index.php index 41fb450..878fe38 100644 --- a/install/index.php +++ b/install/index.php @@ -128,6 +128,21 @@ if (isset($_GET['create_folders'])) { } } +if (isset($_GET['create_user'])) { + $username = 'admin'; + try { + $password = bin2hex(openssl_random_pseudo_bytes(8)); + $user = BusinessAdmin::createUser($_pdo, $username, $password); + if ($user !== false) { + echo "Created user '$username' ({$user->getId()}) with password '$password'."; + } else { + echo "Unknown error while creating the admin user."; + } + } catch (PDOException $e) { + echo "Creating an admin user failed (does one exist already?)."; + } +} + if (isset($_GET['password_cost'])) { $target = 1; $start = $end = 0; @@ -147,6 +162,7 @@ if (isset($_GET['password_cost'])) { <ol> <li><a href="?create_tables">Create database tables</a></li> <li><a href="?create_folders">Create folders</a></li> + <li><a href="?create_user">Create a user</a></li> <li><a href="?password_cost">Finding a good password cost</a></li> </ol> |