Slightly cleanup auth + enable CGIPassAuth

Should hopefully fix any issues with CGI servers.
Also renamed the 'SiteInfo' config key to 'siteInfo' to follow the naming scheme for everything else

readme.md

@@ -41,7 +41,7 @@ AntCMS stores its configuration in the human-readable "yaml" file format. The ma
 
 #### Options in `Config/config.yaml`
 
-- `SiteInfo:`
+- `siteInfo:`
   - `siteTitle: AntCMS` - This configuration sets the title of your AntCMS website.
 - `forceHTTPS: true` - Set to 'true' by default, enables HTTPs redirection.
 - `activeTheme: Default` - Sets what theme AntCMS should use. should match the folder name of the theme you want to use.

src/.htaccess

@@ -1,4 +1,5 @@
 RewriteEngine On
+CGIPassAuth On
 
 # If the requested file is an asset, serve it directly
 RewriteCond %{REQUEST_FILENAME} -f

src/AntCMS/AntAuth.php

@@ -16,22 +16,24 @@ class AntAuth
     public static function checkAuth()
     {
         $currentConfig = AntConfig::currentConfig();
+        $username = $_SERVER['PHP_AUTH_USER'] ?? null;
+        $password = $_SERVER['PHP_AUTH_PW'] ?? null;
 
         if (empty($currentConfig['admin']['password'])) {
             die("You must set a password in your config.yaml file before you can authenticate within AntCMS.");
         }
 
-        if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
-            //First, we check if the passwords match in plain text. If it does, we hash the password and update the config file
-            if ($_SERVER['PHP_AUTH_PW'] == $currentConfig['admin']['password']) {
-                $currentConfig['admin']['password'] = password_hash($currentConfig['admin']['password'], PASSWORD_DEFAULT);
-                AntConfig::saveConfig($currentConfig);
-            }
-
-            //Now, we can perform the check as normal
-            if ($currentConfig['admin']['username'] == $_SERVER['PHP_AUTH_USER'] && password_verify($_SERVER['PHP_AUTH_PW'], $currentConfig['admin']['password'])) {
-                return;
-            }
+        // If the stored password is not hashed in the config, hash it
+        if ($password == $currentConfig['admin']['password']) {
+            $currentConfig['admin']['password'] = password_hash($currentConfig['admin']['password'], PASSWORD_DEFAULT);
+            AntConfig::saveConfig($currentConfig);
+
+            // Reload the config so the next step can pass
+            $currentConfig = AntConfig::currentConfig();
+        }
+
+        if ($currentConfig['admin']['username'] == $username && password_verify($password, $currentConfig['admin']['password'])) {
+            return;
         }
 
         AntAuth::requireAuth();
@@ -44,8 +46,8 @@ class AntAuth
      */
     private static function requireAuth()
     {
-        $currentConfig = AntConfig::currentConfig();
-        header('WWW-Authenticate: Basic realm="' . $currentConfig['SiteInfo']['siteTitle'] . '"');
+        $title = AntConfig::currentConfig('siteInfo.siteTitle');
+        header('WWW-Authenticate: Basic realm="' . $title . '"');
         header('HTTP/1.0 401 Unauthorized');
         echo 'You must enter a valid username and password to access this page';
         exit;

src/AntCMS/AntCMS.php

@@ -214,7 +214,7 @@ class AntCMS
      */
     public static function getSiteInfo()
     {
-        return AntConfig::currentConfig('SiteInfo');
+        return AntConfig::currentConfig('siteInfo');
     }
 
     /**

src/AntCMS/AntConfig.php

@@ -13,7 +13,7 @@ class AntConfig
     public static function generateConfig()
     {
         $defaultOptions = array(
-            'SiteInfo' => array(
+            'siteInfo' => array(
                 'siteTitle' => 'AntCMS',
             ),
             'forceHTTPS' => true,

src/Content/index.md

@@ -44,7 +44,7 @@ AntCMS stores its configuration in the human-readable yaml file format. The main
 
 #### Options in `config.yaml`
 
-- `SiteInfo:`
+- `siteInfo:`
   - `siteTitle: AntCMS` - This configuration sets the title of your AntCMS website.
 - `forceHTTPS: true` - Set to 'true' by default, enables HTTPs redirection.
 - `activeTheme: Default` - Sets what theme AntCMS should use. should match the folder name of the theme you want to use.

tests/ConfigTest.php

@@ -12,7 +12,7 @@ class ConfigTest extends TestCase
         $config = AntConfig::currentConfig();
 
         $expectedKeys = array(
-            'SiteInfo',
+            'siteInfo',
             'forceHTTPS',
             'activeTheme',
             'generateKeywords',

tests/Includes/config.yaml

@@ -1,4 +1,4 @@
-SiteInfo:
+siteInfo:
     siteTitle: 'AntCMS'
 forceHTTPS: true
 activeTheme: Default