fix aws

webapp/includes/auth.php

@@ -17,7 +17,28 @@ define('ROLE_ADMIN', 'admin');
  */
 function getCurrentUser() {
     // Check for Cloudflare Access headers first
-    $cfEmail = $_SERVER['HTTP_CF_ACCESS_AUTHENTICATED_USER_EMAIL'] ?? null;
+    // Try multiple header variations that Cloudflare might use
+    $cfEmail = null;
+    $headerChecked = [];
+
+    // Standard Cloudflare Access header
+    if (!empty($_SERVER['HTTP_CF_ACCESS_AUTHENTICATED_USER_EMAIL'])) {
+        $cfEmail = $_SERVER['HTTP_CF_ACCESS_AUTHENTICATED_USER_EMAIL'];
+        $headerChecked[] = 'HTTP_CF_ACCESS_AUTHENTICATED_USER_EMAIL';
+    }
+    // Alternative: some proxies might pass it differently
+    elseif (!empty($_SERVER['CF_ACCESS_AUTHENTICATED_USER_EMAIL'])) {
+        $cfEmail = $_SERVER['CF_ACCESS_AUTHENTICATED_USER_EMAIL'];
+        $headerChecked[] = 'CF_ACCESS_AUTHENTICATED_USER_EMAIL';
+    }
+    // Check via getallheaders() for non-standard server configs
+    elseif (function_exists('getallheaders')) {
+        $headers = getallheaders();
+        if (!empty($headers['Cf-Access-Authenticated-User-Email'])) {
+            $cfEmail = $headers['Cf-Access-Authenticated-User-Email'];
+            $headerChecked[] = 'getallheaders:Cf-Access-Authenticated-User-Email';
+        }
+    }
 
     if ($cfEmail) {
         // User authenticated via Cloudflare Access
@@ -177,7 +198,9 @@ function getUserDisplayInfo() {
             'name' => 'Guest',
             'email' => '',
             'role' => '',
-            'initials' => 'G'
+            'initials' => 'G',
+            'auth_method' => 'none',
+            'is_admin' => false
         ];
     }
 
@@ -190,6 +213,7 @@ function getUserDisplayInfo() {
         'email' => $email,
         'role' => $user['role'],
         'initials' => $initials,
+        'auth_method' => $user['auth_method'],
         'is_admin' => $user['role'] === ROLE_ADMIN
     ];
 }

webapp/index.php

@@ -1603,6 +1603,7 @@ $isUserAdmin = $userInfo['is_admin'] ?? false;
             border-radius: var(--radius-md);
             font-size: 12px;
             color: white;
+            cursor: default;
         }
 
         .user-initials {
@@ -1617,6 +1618,14 @@ $isUserAdmin = $userInfo['is_admin'] ?? false;
             font-size: 11px;
         }
 
+        .user-email {
+            max-width: 180px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+            font-size: 12px;
+        }
+
         .user-role-badge {
             background: rgba(255, 255, 255, 0.9);
             color: var(--purple-primary);
@@ -1657,8 +1666,9 @@ $isUserAdmin = $userInfo['is_admin'] ?? false;
                 <?php endif; ?>
 
                 <!-- User Badge -->
-                <div class="user-badge" title="<?php echo htmlspecialchars($userInfo['email']); ?>">
+                <div class="user-badge" title="<?php echo htmlspecialchars($userInfo['email'] ?: 'Not authenticated'); ?> (<?php echo htmlspecialchars($userInfo['auth_method'] ?? 'unknown'); ?>)">
                     <span class="user-initials"><?php echo htmlspecialchars($userInfo['initials']); ?></span>
+                    <span class="user-email hide-mobile"><?php echo htmlspecialchars($userInfo['email'] ?: 'Guest'); ?></span>
                     <?php if ($isUserAdmin): ?>
                         <span class="user-role-badge">Admin</span>
                     <?php endif; ?>