fix aws
This commit is contained in:
Purple
@@ -154,6 +154,10 @@ try {
|
||||
handleSystemInfo($db);
|
||||
break;
|
||||
|
||||
case 'auth_debug':
|
||||
handleAuthDebug($db);
|
||||
break;
|
||||
|
||||
case 'schema_check':
|
||||
handleSchemaCheck($db);
|
||||
break;
|
||||
@@ -1714,6 +1718,64 @@ function handleDatabaseImport($db) {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Debug authentication info - helps troubleshoot Cloudflare Access and RBAC
|
||||
*/
|
||||
function handleAuthDebug($db) {
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
|
||||
jsonResponse(['error' => 'Method not allowed'], 405);
|
||||
}
|
||||
|
||||
// Include auth helper if not already loaded
|
||||
$authFile = __DIR__ . '/includes/auth.php';
|
||||
if (file_exists($authFile) && !function_exists('getCurrentUser')) {
|
||||
require_once $authFile;
|
||||
}
|
||||
|
||||
// Collect all possible CF headers
|
||||
$cfHeaders = [];
|
||||
foreach ($_SERVER as $key => $value) {
|
||||
if (stripos($key, 'CF_') !== false || stripos($key, 'CLOUDFLARE') !== false) {
|
||||
$cfHeaders[$key] = $value;
|
||||
}
|
||||
}
|
||||
|
||||
// Also check getallheaders
|
||||
$allHeaders = [];
|
||||
if (function_exists('getallheaders')) {
|
||||
foreach (getallheaders() as $key => $value) {
|
||||
if (stripos($key, 'cf') !== false || stripos($key, 'cloudflare') !== false) {
|
||||
$allHeaders[$key] = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Get ADMIN_EMAILS from various sources
|
||||
$adminEmailsSources = [
|
||||
'getenv' => getenv('ADMIN_EMAILS'),
|
||||
'$_ENV' => $_ENV['ADMIN_EMAILS'] ?? null,
|
||||
'$_SERVER' => $_SERVER['ADMIN_EMAILS'] ?? null,
|
||||
'constant' => defined('ADMIN_EMAILS') ? ADMIN_EMAILS : null,
|
||||
];
|
||||
|
||||
// Get current user info
|
||||
$currentUser = function_exists('getCurrentUser') ? getCurrentUser() : null;
|
||||
$userDisplayInfo = function_exists('getUserDisplayInfo') ? getUserDisplayInfo() : null;
|
||||
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'debug' => [
|
||||
'cloudflare_headers_in_server' => $cfHeaders,
|
||||
'cloudflare_headers_in_getallheaders' => $allHeaders,
|
||||
'admin_emails_sources' => $adminEmailsSources,
|
||||
'current_user' => $currentUser,
|
||||
'user_display_info' => $userDisplayInfo,
|
||||
'session_user' => $_SESSION['user'] ?? null,
|
||||
'session_authenticated' => $_SESSION['authenticated'] ?? false,
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get system information for developer tab
|
||||
*/
|
||||
|
||||
@@ -76,18 +76,38 @@ function getUserRole($email) {
|
||||
return ROLE_STAFF;
|
||||
}
|
||||
|
||||
// First, check environment variable for admin emails (highest priority)
|
||||
$adminEmails = getenv('ADMIN_EMAILS');
|
||||
if (!empty($adminEmails)) {
|
||||
$adminList = array_map('trim', explode(',', $adminEmails));
|
||||
if (in_array($email, $adminList)) {
|
||||
return ROLE_ADMIN;
|
||||
}
|
||||
// Normalize email for comparison (lowercase, trimmed)
|
||||
$email = strtolower(trim($email));
|
||||
|
||||
// Try multiple ways to get ADMIN_EMAILS (different PHP configs handle env vars differently)
|
||||
$adminEmails = '';
|
||||
|
||||
// Method 1: getenv()
|
||||
if (empty($adminEmails)) {
|
||||
$adminEmails = getenv('ADMIN_EMAILS');
|
||||
}
|
||||
|
||||
// Also check if defined as a constant (from config.php)
|
||||
if (defined('ADMIN_EMAILS') && !empty(ADMIN_EMAILS)) {
|
||||
$adminList = array_map('trim', explode(',', ADMIN_EMAILS));
|
||||
// Method 2: $_ENV superglobal
|
||||
if (empty($adminEmails) && isset($_ENV['ADMIN_EMAILS'])) {
|
||||
$adminEmails = $_ENV['ADMIN_EMAILS'];
|
||||
}
|
||||
|
||||
// Method 3: $_SERVER (some configs put env vars here)
|
||||
if (empty($adminEmails) && isset($_SERVER['ADMIN_EMAILS'])) {
|
||||
$adminEmails = $_SERVER['ADMIN_EMAILS'];
|
||||
}
|
||||
|
||||
// Method 4: Defined constant from config.php
|
||||
if (empty($adminEmails) && defined('ADMIN_EMAILS')) {
|
||||
$adminEmails = ADMIN_EMAILS;
|
||||
}
|
||||
|
||||
// Check if email is in admin list
|
||||
if (!empty($adminEmails)) {
|
||||
$adminList = array_map(function($e) {
|
||||
return strtolower(trim($e));
|
||||
}, explode(',', $adminEmails));
|
||||
|
||||
if (in_array($email, $adminList)) {
|
||||
return ROLE_ADMIN;
|
||||
}
|
||||
@@ -97,7 +117,7 @@ function getUserRole($email) {
|
||||
if (function_exists('getDB')) {
|
||||
try {
|
||||
$db = getDB();
|
||||
$stmt = $db->prepare("SELECT role FROM users WHERE email = ? AND active = 1");
|
||||
$stmt = $db->prepare("SELECT role FROM users WHERE LOWER(email) = ? AND active = 1");
|
||||
$stmt->execute([$email]);
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user