Go to file

copilot-swe-agent[bot] ffb6b6ce45 Security: fix auth bypass, open redirects, cookie security, OAuth CSRF, and Sf() misuse

- Fix critical inverted authentication logic in tools.auth.php (password_verify was inverted)
- Fix broken Sf() misuse for username lookups (was always returning empty string)
- Add safe_username_to_filename() to tools.security.php for proper username handling
- Fix open redirect vulnerability in _login.php for all redirect targets
- Add HttpOnly, Secure, SameSite cookie flags to all setcookie() calls
- Add CSRF nonce to OAuth state parameter and verify it on callback
- Add session_regenerate_id(true) after successful login
- Remove redundant session_regenerate_id() from tools.session.php (was called on every request)
- Add authentication check to entreaulas/_filefetch.php
- Fix broken Sf() usage in entreaulas pages (aulario.php, comedor.php, diario.php, paneldiario.php, proyectos.php, api/comedor.php)
- Fix broken Sf() usage in sysadmin/users.php and sysadmin/reset_password.php

Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>

2026-02-21 18:55:06 +00:00

.github/workflows

Delete .github/workflows/codacy.yml

2026-02-21 19:36:13 +01:00

docker

Changes & added Club

2026-01-26 02:56:57 +01:00

public_html

Security: fix auth bypass, open redirects, cookie security, OAuth CSRF, and Sf() misuse

2026-02-21 18:55:06 +00:00

.dockerignore

Add Docker support and migrate data paths to /DATA/

2026-01-25 20:17:21 +00:00

.gitignore

Add Docker support and migrate data paths to /DATA/

2026-01-25 20:17:21 +00:00

DATA_STRUCTURE.md

Add ¿Quién soy? flow to Panel Diario

2026-02-14 13:18:22 +00:00

docker-compose.yml

Actualizar configuración de Docker y mejorar autenticación de Google en el inicio de sesión

2026-02-13 12:30:29 +00:00

Dockerfile

Enhance Dockerfile with opcache configuration and update PHP extension installation; improve project description in proyectos.php; remove unused lazo.php file

2026-02-06 23:23:04 +00:00

Dockerfile.dev

Actualizar configuración de Docker y mejorar autenticación de Google en el inicio de sesión

2026-02-13 12:30:29 +00:00

README.md

Actualizar configuración de Docker y mejorar autenticación de Google en el inicio de sesión

2026-02-13 12:30:29 +00:00

TODO.md

Many changes! New logos, some fixes & updates, new apps.

2026-01-26 14:54:59 +00:00

README.md

Axia4

Axia4 is a unified platform for EuskadiTech and Sketaria, providing various services including EntreAulas (connected classroom management system).

Quick Start with Docker

The easiest way to run Axia4 is using Docker:

# 1. Clone the repository
git clone https://github.com/Axia4/Axia4.git
cd Axia4

# 2. Create the data directory structure
mkdir -p DATA/entreaulas/Usuarios
mkdir -p DATA/entreaulas/Centros

# 3. Start the application
docker compose up -d

# 4. Access the application
# Open http://localhost:8080 in your browser

Documentation

Docker Setup Guide - Complete guide for running Axia4 with Docker
Data Structure - Information about the data directory structure and how to set up users

Features

EntreAulas: Management system for connected classrooms
Aularios: Centralized access to classroom resources
Integration with multiple external services

Requirements

Docker (Recommended)

Docker Engine 20.10+
Docker Compose V2

Manual Installation

PHP 8.2+
Apache 2.4+
PHP GD extension

Configuration

All application data is stored in the /DATA directory which is mounted from the host system. See DATA_STRUCTURE.md for details on how to set up your data files.

Development

To enable live code updates during development, uncomment the volume mount in docker-compose.yml:

volumes:
  - ./DATA:/DATA
  - ./public_html:/var/www/html  # Uncomment this line

Google OAuth Redirect URLs

Format: https://example.com/_login.php?google_callback=1

Support

For issues and questions, please open an issue on GitHub.

License

See LICENSE file for details.

Languages

PHP 96.8%

HTML 2%

JavaScript 0.4%

Dockerfile 0.4%

CSS 0.2%

Other 0.2%