Merge development into main - Admin console, security fixes, sidebar toggle

# Conflicts:
#	engine/templates/layout.mustache
#	public/assets/js/app.js
This commit is contained in:
2026-02-16 17:16:01 +01:00
135 changed files with 14472 additions and 235 deletions

View File

@@ -17,6 +17,7 @@ A lightweight, file-based content management system built with PHP.
- ⚙️ **JSON Configuration** - Easy configuration via JSON
- 🎨 **Bootstrap 5** - Modern UI framework
- 🔒 **Security** - Secure content management (100/100 security score)
- 🛡️ **Admin Console** - Built-in admin panel for content, config, plugins and user management
## 🚀 Quick Start
@@ -47,6 +48,13 @@ codepress/
│ ├── markdown_content.mustache
│ ├── php_content.mustache
│ └── html_content.mustache
├── admin-console/ # Admin panel
│ ├── config/
│ │ ├── app.php # Admin configuration
│ │ └── admin.json # Users & security
│ ├── src/
│ │ └── AdminAuth.php # Authentication service
│ └── templates/ # Admin templates
├── public/ # Web root
│ ├── assets/
│ │ ├── css/
@@ -56,7 +64,8 @@ codepress/
│ │ ├── nl.homepage.md # Dutch homepage
│ │ ├── en.homepage.md # English homepage
│ │ └── [lang].[page].md # Multi-language pages
── index.php # Entry point
── index.php # Website entry point
│ └── admin.php # Admin entry point
├── config.json # Configuration
├── version.php # Version tracking
└── README.md # This file
@@ -315,6 +324,28 @@ See [pentest/PENTEST.md](pentest/PENTEST.md) for detailed security report.
See [function-test/test-report.md](function-test/test-report.md) for detailed test results.
## 🛡️ Admin Console
CodePress includes a built-in admin panel for managing your website.
**Access:** `/admin.php` | **Default login:** `admin` / `admin`
### Modules
- **Dashboard** - Overview with statistics and quick actions
- **Content** - Browse, create, edit and delete files
- **Configuration** - Edit `config.json` with JSON validation
- **Plugins** - Overview of installed plugins
- **Users** - Add, remove users and change passwords
### Security
- Session-based authentication with bcrypt password hashing
- CSRF protection on all forms
- Brute-force protection (5 attempts, 15 min lockout)
- Path traversal protection
- Session timeout (30 min)
> **Important:** Change the default password immediately after installation via Users.
## 📖 Documentation
- **[Guide (NL)](guide/nl.codepress.md)** - Dutch documentation