feat: admin setup script for initial password configuration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Gestoría LP
123
admin/setup.php
Normal file
123
admin/setup.php
Normal file
@@ -0,0 +1,123 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../includes/db.php';
|
||||
require_once __DIR__ . '/../includes/csrf.php';
|
||||
|
||||
if (session_status() === PHP_SESSION_NONE) session_start();
|
||||
|
||||
// Setup key - change this or delete this file after setup
|
||||
define('SETUP_KEY', 'gestorialp2026');
|
||||
|
||||
$message = '';
|
||||
$error = '';
|
||||
|
||||
// Verify setup key
|
||||
$keyValid = false;
|
||||
if (isset($_GET['key']) && $_GET['key'] === SETUP_KEY) {
|
||||
$keyValid = true;
|
||||
$_SESSION['setup_key_valid'] = true;
|
||||
} elseif (!empty($_SESSION['setup_key_valid'])) {
|
||||
$keyValid = true;
|
||||
}
|
||||
|
||||
if (!$keyValid) {
|
||||
die('<!DOCTYPE html><html><head><title>Setup</title></head><body style="font-family:Inter,sans-serif;display:flex;justify-content:center;align-items:center;height:100vh;"><div style="text-align:center;"><h1>Acceso Denegado</h1><p>Necesitas la clave de setup. Accede con: <code>setup.php?key=TU_CLAVE</code></p></div></body></html>');
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrfValidate()) {
|
||||
$username = trim($_POST['username'] ?? 'admin');
|
||||
$password = $_POST['password'] ?? '';
|
||||
$passwordConfirm = $_POST['password_confirm'] ?? '';
|
||||
|
||||
if (strlen($password) < 8) {
|
||||
$error = 'La contraseña debe tener al menos 8 caracteres.';
|
||||
} elseif ($password !== $passwordConfirm) {
|
||||
$error = 'Las contraseñas no coinciden.';
|
||||
} else {
|
||||
$db = getDB();
|
||||
$hash = password_hash($password, PASSWORD_DEFAULT);
|
||||
|
||||
// Check if user exists
|
||||
$stmt = $db->prepare('SELECT id FROM usuarios WHERE username = ?');
|
||||
$stmt->execute([$username]);
|
||||
$existing = $stmt->fetch();
|
||||
|
||||
if ($existing) {
|
||||
$stmt = $db->prepare('UPDATE usuarios SET password_hash = ? WHERE username = ?');
|
||||
$stmt->execute([$hash, $username]);
|
||||
$message = "Contraseña actualizada para el usuario '{$username}'.";
|
||||
} else {
|
||||
$stmt = $db->prepare('INSERT INTO usuarios (username, password_hash, email) VALUES (?, ?, ?)');
|
||||
$stmt->execute([$username, $hash, 'admin@gestorialp.com']);
|
||||
$message = "Usuario '{$username}' creado exitosamente.";
|
||||
}
|
||||
|
||||
// Clear setup session
|
||||
unset($_SESSION['setup_key_valid']);
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="es">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Setup - Gestoría LP</title>
|
||||
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap" rel="stylesheet">
|
||||
<style>
|
||||
* { margin: 0; padding: 0; box-sizing: border-box; }
|
||||
body { font-family: 'Inter', sans-serif; background: linear-gradient(135deg, #1B3A5C 0%, #0d1f33 100%); min-height: 100vh; display: flex; align-items: center; justify-content: center; }
|
||||
.setup-card { background: white; padding: 2.5rem; border-radius: 12px; box-shadow: 0 20px 60px rgba(0,0,0,0.3); width: 100%; max-width: 450px; }
|
||||
.setup-card h1 { color: #1B3A5C; margin-bottom: 0.5rem; }
|
||||
.setup-card p { color: #666; margin-bottom: 1.5rem; }
|
||||
.form-group { margin-bottom: 1rem; }
|
||||
.form-group label { display: block; font-weight: 600; margin-bottom: 0.3rem; color: #333; }
|
||||
.form-group input { width: 100%; padding: 0.75rem; border: 2px solid #ddd; border-radius: 8px; font-size: 1rem; transition: border-color 0.3s; }
|
||||
.form-group input:focus { outline: none; border-color: #C9A94E; }
|
||||
.btn { width: 100%; padding: 0.85rem; background: #1B3A5C; color: white; border: none; border-radius: 8px; font-size: 1rem; font-weight: 600; cursor: pointer; transition: background 0.3s; }
|
||||
.btn:hover { background: #142d47; }
|
||||
.alert { padding: 1rem; border-radius: 8px; margin-bottom: 1rem; }
|
||||
.alert--success { background: #d4edda; color: #155724; border: 1px solid #c3e6cb; }
|
||||
.alert--danger { background: #f8d7da; color: #721c24; border: 1px solid #f5c6cb; }
|
||||
.note { margin-top: 1.5rem; padding: 1rem; background: #fff3cd; border-radius: 8px; font-size: 0.85rem; color: #856404; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="setup-card">
|
||||
<h1>Setup Inicial</h1>
|
||||
<p>Configura tu usuario administrador para Gestoría LP</p>
|
||||
|
||||
<?php if ($message): ?>
|
||||
<div class="alert alert--success">
|
||||
<?= htmlspecialchars($message) ?>
|
||||
<br><br><a href="login.php" style="color:#155724;font-weight:600;">Ir al Login →</a>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($error): ?>
|
||||
<div class="alert alert--danger"><?= htmlspecialchars($error) ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if (!$message): ?>
|
||||
<form method="POST">
|
||||
<?= csrfField() ?>
|
||||
<div class="form-group">
|
||||
<label for="username">Usuario</label>
|
||||
<input type="text" id="username" name="username" value="admin" required>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="password">Contraseña</label>
|
||||
<input type="password" id="password" name="password" required minlength="8" placeholder="Mínimo 8 caracteres">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="password_confirm">Confirmar Contraseña</label>
|
||||
<input type="password" id="password_confirm" name="password_confirm" required>
|
||||
</div>
|
||||
<button type="submit" class="btn">Crear / Actualizar Usuario</button>
|
||||
</form>
|
||||
<div class="note">
|
||||
<strong>Importante:</strong> Después de configurar tu usuario, elimina este archivo (setup.php) del servidor por seguridad.
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user