auth changes

README.md

@@ -31,6 +31,8 @@ This application uses environment variables for configuration. These must be set
 |----------|-------------|----------|---------|
 | `SITE_URL` | Public URL where the app is hosted (used for QR codes) | Yes | `https://nlcc.rydertech.us` |
 | `AUTH_SECRET` | Secret key for authentication sessions | Yes | `change-this-secret-in-production` |
+| `ADMIN_USERNAME` | Admin login username | Yes | `admin` |
+| `ADMIN_PASSWORD` | Admin login password | Yes | `admin123` |
 
 ### Setting Up Environment Variables
 
@@ -73,6 +75,10 @@ SITE_URL=https://your-domain.com
 # Required: Set a secure authentication secret
 # Generate with: openssl rand -hex 32
 AUTH_SECRET=your-secure-random-secret-here
+
+# Required: Set your admin credentials
+ADMIN_USERNAME=your-admin-username
+ADMIN_PASSWORD=your-secure-password
 ```
 
 4. Build and run with Docker Compose:
@@ -84,12 +90,15 @@ The application will be available at `http://localhost:3002` (or your configured
 
 **Important**: The `SITE_URL` must be set correctly for QR codes to work. This should be the public URL where your application is accessible (e.g., `https://church.example.com`).
 
-### Default Credentials
+### Admin Credentials
 
+Admin credentials are now configured via environment variables (`ADMIN_USERNAME` and `ADMIN_PASSWORD`). Set these in your `.env` file before building the Docker image.
+
+**Default values** (if not set in `.env`):
 - **Username**: admin
 - **Password**: admin123
 
-⚠️ **Important**: Change these credentials in production by modifying `server/utils/database.ts`
+⚠️ **Important**: Always change these default credentials in production by setting `ADMIN_USERNAME` and `ADMIN_PASSWORD` in your `.env` file.
 
 ## Project Structure