From 1b95574b7607d09aa567350b2050527835cba4ce Mon Sep 17 00:00:00 2001 From: janis steiner Date: Sun, 10 May 2026 10:25:18 +0200 Subject: [PATCH] adding posibility to disable user registration --- backend/api/index.php | 36 +++++++++++++++++++++++++++++++++++- backend/config/database.php | 11 +++++++++++ frontend/assets/js/app.js | 13 ++++++++++++- frontend/index.html | 10 ++++++++++ 4 files changed, 68 insertions(+), 2 deletions(-) diff --git a/backend/api/index.php b/backend/api/index.php index 540fa3d..9fec74f 100644 --- a/backend/api/index.php +++ b/backend/api/index.php @@ -23,7 +23,7 @@ $path = str_replace('/api/', '', $path); $segments = explode('/', trim($path, '/')); $resource = $segments[0] ?? ''; -if ($resource !== 'session' && $resource !== 'login' && $resource !== 'logout') { +if ($resource !== 'session' && $resource !== 'login' && $resource !== 'logout' && $resource !== 'registration') { $loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true; if (!$loggedin) { http_response_code(401); @@ -70,6 +70,9 @@ try { case 'shapes': handleShapes($method, $id, $db); break; + case 'registration': + handleRegistration($method, $db); + break; default: http_response_code(404); echo json_encode(['error' => 'Not found']); @@ -79,6 +82,28 @@ try { echo json_encode(['error' => $e->getMessage()]); } +function handleRegistration($method, $db) { + if ($method === 'GET') { + $stmt = $db->prepare("SELECT setting_value FROM neptune_settings WHERE setting_key = 'registration_enabled'"); + $stmt->execute(); + $row = $stmt->fetch(); + $enabled = $row ? $row['setting_value'] !== '0' : true; + echo json_encode(['registration_enabled' => $enabled]); + } elseif ($method === 'POST') { + $role = $_SESSION['neptune_role'] ?? 'user'; + if ($role !== 'admin') { + http_response_code(403); + echo json_encode(['error' => 'Admins only']); + return; + } + $data = json_decode(file_get_contents('php://input'), true); + $enabled = isset($data['registration_enabled']) ? ($data['registration_enabled'] ? '1' : '0') : '1'; + $stmt = $db->prepare("INSERT INTO neptune_settings (setting_key, setting_value) VALUES ('registration_enabled', ?) ON DUPLICATE KEY UPDATE setting_value = ?"); + $stmt->execute([$enabled, $enabled]); + echo json_encode(['status' => 'success', 'registration_enabled' => $enabled === '1']); + } +} + function handleSession($method, $db) { $loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true; if (!$loggedin && $method === 'GET') { @@ -152,6 +177,15 @@ function handleLogin($method, $db) { $_SESSION['neptune_username'] = $user['username']; $_SESSION['neptune_role'] = $user['role']; } else { + $stmt = $db->prepare("SELECT setting_value FROM neptune_settings WHERE setting_key = 'registration_enabled'"); + $stmt->execute(); + $regSetting = $stmt->fetch(); + $registrationEnabled = $regSetting ? $regSetting['setting_value'] !== '0' : true; + if (!$registrationEnabled) { + http_response_code(403); + echo json_encode(['error' => 'Registration is disabled by admin']); + return; + } $count = $db->query("SELECT COUNT(*) as c FROM neptune_users")->fetch()['c']; $role = ($count == 0) ? 'admin' : 'user'; $stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, ?)"); diff --git a/backend/config/database.php b/backend/config/database.php index cec374f..4c60305 100644 --- a/backend/config/database.php +++ b/backend/config/database.php @@ -54,4 +54,15 @@ function migrate($db) { $rootDb->exec("ALTER TABLE neptune.network_nodes ADD COLUMN IF NOT EXISTS notes VARCHAR(1000) DEFAULT '' AFTER group_name"); } catch (Exception $e) { } + $db->exec("CREATE TABLE IF NOT EXISTS neptune_settings ( + setting_key VARCHAR(100) PRIMARY KEY, + setting_value TEXT NOT NULL + )"); + try { + $stmt = $db->prepare("SELECT COUNT(*) as c FROM neptune_settings WHERE setting_key = 'registration_enabled'"); + $stmt->execute(); + if ($stmt->fetch()['c'] == 0) { + $db->exec("INSERT INTO neptune_settings (setting_key, setting_value) VALUES ('registration_enabled', '1')"); + } + } catch (Exception $e) {} } \ No newline at end of file diff --git a/frontend/assets/js/app.js b/frontend/assets/js/app.js index c38337e..4c4aa17 100644 --- a/frontend/assets/js/app.js +++ b/frontend/assets/js/app.js @@ -1033,6 +1033,13 @@ function esc(s) { return div.innerHTML; } +async function loadRegistrationSetting() { + try { + const res = await apiFetch('registration'); + document.getElementById('registrationToggle').checked = res.registration_enabled === true; + } catch (e) {} +} + async function loadUsers() { const list = document.getElementById('userList'); try { @@ -1076,7 +1083,11 @@ async function removeUser(id) { } } -document.getElementById('settingsModal').addEventListener('show.bs.modal', loadUsers); +document.getElementById('settingsModal').addEventListener('show.bs.modal', () => { + loadUsers(); + loadRegistrationSetting(); +}); +document.getElementById('registrationToggle').addEventListener('change', saveRegistrationSetting); // ==================== DOCUMENTS ==================== const DOC_TYPE_ICONS = { diff --git a/frontend/index.html b/frontend/index.html index 3521e01..4c8c731 100644 --- a/frontend/index.html +++ b/frontend/index.html @@ -480,6 +480,16 @@ Get the user token from the user's Jakach Auth profile or ask them to log in once. +
+
+
+
New User Registration
+ Allow new users to register via login link +
+
+ +
+