26 Sep 2023

Author: code-boxx

core/assets/core-boxx-1.png

@@ -12,6 +12,9 @@
 if (I_PUSH && I_OPENSSL) {
   require PATH_LIB . "webpush/autoload.php";
   define("I_VAPID", Minishlink\WebPush\VAPID::createVapidKeys());
+  if (I_VAPID==null || I_VAPID==false || I_VAPID=="") {
+    exit("Failed to generate push notification VAPID keys. Make sure that OpenSSL is properly installed and configured.");
+  }
 }
 
 // (C) HTML ?>
@@ -77,8 +80,11 @@
           </select>
           <label>Enforce HTTPS?</label>
         </div>
+        <div class="text-secondary">
+          * Once enforced, API will only respond to HTTPS calls. Recommended for live servers.
+        </div>
         <div class="text-secondary mb-2">
-          * If enforced, API will only respond to HTTPS calls - Recommended to set "yes" for live servers.
+          * The host URL above need to be set to "HTTPS" if you want to enforce this.
         </div>
 
         <div class="form-floating mb-2">
@@ -217,4 +223,4 @@
       <input id="gobtn" type="submit" class="btn btn-primary" value="Go!" disabled>
     </form>
   </div></body>
-</html>
+</html>

core/assets/core-boxx-2.png

@@ -67,7 +67,7 @@
     // (E1) LOCK INSTALL FORM
     install.toggle(false);
 
-    // (E2) DUMMY PROOFING TO THE MAX!
+    // (E2) URL DUMMY PROOFING TO THE MAX!
     let hHost = document.getElementsByName("host")[0],
         domain = hHost.value;
     domain = domain.trim();
@@ -77,8 +77,17 @@
     if (domain.charAt(domain.length-1) != "/") { domain = domain + "/"; }
     hHost.value = domain;
 
+    // (E3) DUMMY PROOFING - API ENFORCE HTTPS BUT HOST URL IS NOT HTTPS
+    let https = document.getElementsByName("https")[0].value,
+        enforce = document.getElementsByName("apihttps")[0].value;
+    if (enforce==1 && https==0) {
+      alert("Please set your HOST URL to HTTPS if you want to enforce HTTPS for API calls. Also make sure that you have a valid SSL cert.");
+      install.toggle(true);
+      return false;
+    }
+
     <?php if (I_USER) { ?>
-    // (E3) ADMIN PASSWORD
+    // (E4) ADMIN PASSWORD
     var pass = document.getElementsByName("apass")[0],
         cpass = document.getElementsByName("apassc")[0];
     if (pass.value != cpass.value) {
@@ -87,23 +96,23 @@
       return false;
     }
 
-    // (E4) PASSWORD STRENGTH CHECK - AT LEAST 8 CHARACTERS ALPHANUMERIC
+    // (E5) PASSWORD STRENGTH CHECK - AT LEAST 8 CHARACTERS ALPHANUMERIC
     if (!/^(?=.*[0-9])(?=.*[A-Z]).{8,20}$/i.test(pass.value)) {
       alert("Password must be at least 8 characters alphanumeric");
       install.toggle(true);
       return false;
     }
     <?php } ?>
 
-    // (E5) URL PATH
+    // (E6) URL PATH
     let url = (document.getElementsByName("https")[0].value=="0" ? "http" : "https")
             + "://" + domain ;
 
-    // (E6) GENERATE HTACCESS
+    // (E7) GENERATE HTACCESS
     install.ajax(url, "E1", () => {
-      // (E7) VERIFY HTACCESS
+      // (E8) VERIFY HTACCESS
       install.ajax(url + "installer/test/", "E2", () => {
-        // (E8) PROCEED INSTALLATION
+        // (E9) PROCEED INSTALLATION
         install.ajax(url, "F", () => {
           alert("Installation complete, this page will now reload.");
           location.href = url;
@@ -119,4 +128,4 @@
   install.rnd();
   install.toggle(true);
 };
-</script>
+</script>

core/assets/core-boxx-3.png

@@ -11,8 +11,8 @@
 // (C) GENERATE VAPID KEYS
 require PATH_LIB . "webpush/autoload.php";
 $keys = Minishlink\WebPush\VAPID::createVapidKeys();
-if ($keys == null) {
-  exit("Unabled to create keys, please make sure OpenSSL is properly installed and configured.");
+if ($keys==null || $keys==false || $keys=="") {
+  exit("Unable to create keys, please make sure OpenSSL is properly installed and configured.");
 }
 
 // (D) INSERT KEYS INTO CORE-CONFIG.PHP