-
Notifications
You must be signed in to change notification settings - Fork 1
fix: Update readme.txt Documentation #49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -1,2 +1,24 @@ | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Los poductos que ya expiraron o se han agotado no se muestran y en caso de que se muestren no pueden ser comprados, estos cambios solo fueron aplicados a el indice(index) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| , a la busqueda(search) y a los articulos por categorias(categories) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| ## Login System Documentation | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| ### Setup | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1. Clone the repository from GitHub. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2. Ensure that you have a local web server setup with PHP and MySQL. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3. Import the provided SQL database file (`database.sql`) into your MySQL database. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4. Configure the database connection in `includes/config.php` with your database credentials. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| ### Usage | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1. Open the application in your web browser. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2. Navigate to the login page (`login.php`). | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3. Enter your username and password to log in. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| ### User Roles | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| - **Admin**: Has access to the admin panel and additional admin functionalities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| - **Evaluator**: Can evaluate submissions on the platform. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| ### Security | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| - Passwords are hashed using MD5 for security. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| - Passwords are hashed using MD5 for security. | |
| - If the application currently uses MD5 for password hashing, treat it as a legacy/insecure scheme rather than a security feature. | |
| - Strongly recommended: migrate password storage and verification to PHP's `password_hash()` and `password_verify()` (or another adaptive hashing algorithm). |
Copilot
AI
Apr 11, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "User Roles" section doesn’t match the roles implemented in the codebase. Registration and role display use numeric usuario_tipo values 0-3 (Conferencista, Coautor, Asistente, Evaluador), and admin gating is based on $_SESSION['user_role'] == 1 (set from usuario_tipo during login). Please document the actual role values/meanings (and how admin access is determined) so operators know what to set in the DB.
| - **Admin**: Has access to the admin panel and additional admin functionalities. | |
| - **Evaluator**: Can evaluate submissions on the platform. | |
| ### Security | |
| - Passwords are hashed using MD5 for security. | |
| - Sessions are used to maintain user login states. | |
| ### Additional Information | |
| - Use `action_login.php` for validating and logging users in. | |
| - Customize user roles and permissions in the database as required. | |
| The application stores roles in the `usuario_tipo` field using the following numeric values: | |
| - **0**: Conferencista | |
| - **1**: Coautor | |
| - **2**: Asistente | |
| - **3**: Evaluador | |
| Admin access is determined during login from the stored `usuario_tipo` value. The session variable `$_SESSION['user_role']` is set from `usuario_tipo`, and admin-only checks use `$_SESSION['user_role'] == 1`. In the current implementation, this means users with `usuario_tipo = 1` have access to the admin panel. | |
| ### Security | |
| - Passwords are hashed using MD5 for security. | |
| - Sessions are used to maintain user login states. | |
| ### Additional Information | |
| - Use `action_login.php` for validating and logging users in. | |
| - When updating users directly in the database, set `usuario_tipo` to one of the documented numeric values above. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Setup docs reference importing a
database.sqlfile, but there is no.sqlfile in the repo; the current installation path appears to be the web installer underinstall/(e.g.,install/step1.php/install/update.php) which also creates tables and writesincludes/config.php. Update the setup steps to match the actual installation flow (or add the missing SQL dump if that's intended).