Alright, this one should actually work since rather than a rushed "here's where I'm at", this is a more polished and tested release where user creation, deletion, and editing is implemented, as are the one to many user permissions.
https://cutcodedown.com/paladinX/milestone_02_Dec_2020_14_27/Again, see the
installation instructions post for how to set things up.
Beware that the /setup routine requires that the database be EMPTY -- no tables -- before you start. Any existing tables should be wiped. I've put a "upgrade" option on my to-do list. For now because the data structures are so in-flux, I'm not willing to commit to that part YET.
Also note that the admin panel is 100% form driven off a single URI (/admin). As such it's very hard to XSS exploit, but normal navigation -- forward/back/refresh -- is UTTERLY BANJAXED. This is on purpose, and the errors you see are in fact EXPECTED. They'll even "break" if you try to open multiple admin tabs at once. (only the most recent one will work!)
Administration action pages are not revisitable or re-usable. PERIOD. Get used to it. You can't XSS if you can't predict what random hash is required on the form for actions to work.
'Cause that's how I roll.