From 93987719cb5e633966eff2f32e8665f2f58ebcc0 Mon Sep 17 00:00:00 2001 From: dignajar Date: Sat, 8 Aug 2015 11:44:25 -0300 Subject: [PATCH 01/15] Bug fixes --- admin/controllers/plugins.php | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 admin/controllers/plugins.php diff --git a/admin/controllers/plugins.php b/admin/controllers/plugins.php new file mode 100644 index 00000000..20c8e2fb --- /dev/null +++ b/admin/controllers/plugins.php @@ -0,0 +1,26 @@ +role()!=='admin') { + Alert::set($Language->g('you-do-not-have-sufficient-permissions')); + Redirect::page('admin', 'dashboard'); +} + +// ============================================================================ +// Functions +// ============================================================================ + +// ============================================================================ +// Main before POST +// ============================================================================ + +// ============================================================================ +// POST Method +// ============================================================================ + +// ============================================================================ +// Main after POST +// ============================================================================ \ No newline at end of file From 52bfcf4d89c542c621a6859e389f2d2465c325ec Mon Sep 17 00:00:00 2001 From: Jory Phillips Date: Mon, 10 Aug 2015 18:01:50 -0700 Subject: [PATCH 02/15] Small HTML reconfigure and CSS adjustments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PHP/HTML change removes the blank UL from child pages and instead uses the parent UL identified in the settings. The change also puts the child list ‘dash’ into the CSS and adds margins to the content. --- plugins/pages/plugin.php | 12 ++++++------ themes/pure/css/blog.css | 12 ++++++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/plugins/pages/plugin.php b/plugins/pages/plugin.php index 6c7b8157..31d83df7 100755 --- a/plugins/pages/plugin.php +++ b/plugins/pages/plugin.php @@ -50,25 +50,25 @@ class pluginPages extends Plugin { if($Site->homepage()!==$parent->key()) { // Print the parent - $html .= '
  • '.$parent->title().'
    • '; + $html .= '
  • '.$parent->title().''; - // Check if the parent hash children + // Check if the parent has children if(isset($pagesParents[$parent->key()])) { $children = $pagesParents[$parent->key()]; // Print the children - $html .= '
  • '; } } } - $html .= ''; + $html .= '
    • '; $html .= ''; $html .= ''; diff --git a/themes/pure/css/blog.css b/themes/pure/css/blog.css index e64c8e54..0fd8a85f 100644 --- a/themes/pure/css/blog.css +++ b/themes/pure/css/blog.css @@ -64,6 +64,12 @@ code { letter-spacing: 0.1em; } +.content { + padding-top: 3em; + margin-right: 30px; + margin-left: 30px; +} + #layout { padding: 0; } @@ -268,6 +274,12 @@ div.plugin-content ul > li > ul > li { margin: 0; } +div.plugin-content ul > li > ul > li:before { + color: #777; + content: "—"; + padding-right: 5px; +} + div.plugin-content ul > li > ul > li > a { color: #777; } From 1f0e439b3d083c45c9722f76480042ed5ae52484 Mon Sep 17 00:00:00 2001 From: dignajar Date: Wed, 12 Aug 2015 17:15:17 -0300 Subject: [PATCH 03/15] Bug fixes --- admin/views/manage-pages.php | 2 +- admin/views/manage-posts.php | 2 +- admin/views/themes.php | 6 +++--- admin/views/users.php | 2 +- kernel/security.class.php | 38 ++++++++++++++++++++++++++++++++++-- 5 files changed, 42 insertions(+), 8 deletions(-) diff --git a/admin/views/manage-pages.php b/admin/views/manage-pages.php index 22c18e12..e2370ee1 100644 --- a/admin/views/manage-pages.php +++ b/admin/views/manage-pages.php @@ -24,7 +24,7 @@ } echo ''; - echo ''.($Page->parentKey()?NO_PARENT_CHAR:'').''.($Page->published()?'':'['.$Language->g('Draft').'] ').($Page->title()?$Page->title():'['.$Language->g('Empty title').'] ').''; + echo ''.($Page->parentKey()?NO_PARENT_CHAR:'').''.($Page->published()?'':''.$Language->g('Draft').' ').($Page->title()?$Page->title():''.$Language->g('Empty title').' ').''; echo ''.$parentTitle.''; echo ''; } diff --git a/admin/views/manage-posts.php b/admin/views/manage-posts.php index 2745600c..2d0562b7 100755 --- a/admin/views/manage-posts.php +++ b/admin/views/manage-posts.php @@ -16,7 +16,7 @@ foreach($posts as $Post) { echo ''; - echo ''.($Post->published()?'':''.$Language->g('Draft').' ').($Post->title()?$Post->title():'['.$Language->g('Empty title').'] ').''; + echo ''.($Post->published()?'':''.$Language->g('Draft').' ').($Post->title()?$Post->title():''.$Language->g('Empty title').' ').''; echo ''.$Post->dateCreated().''; echo ''.$Post->timeago().''; echo ''; diff --git a/admin/views/themes.php b/admin/views/themes.php index 7dbb312b..88bcdbb8 100644 --- a/admin/views/themes.php +++ b/admin/views/themes.php @@ -3,12 +3,12 @@ theme()) { - $installed = 'themeBoxInstalled'; + $installedCSS = 'themeBoxInstalled'; } - echo '
    '; + echo '
    '; echo '

    '.$theme['name'].'

    '; echo '

    '.$theme['description'].'

    '; diff --git a/admin/views/users.php b/admin/views/users.php index 6f9a4ac9..da6f4634 100644 --- a/admin/views/users.php +++ b/admin/views/users.php @@ -22,7 +22,7 @@ echo ''.$username.''; echo ''.$field['firstName'].''; echo ''.$field['lastName'].''; - echo ''.$field['role'].''; + echo 'a'.$field['role'].''; echo ''.$field['email'].''; echo ''.Date::format($field['registered'], '%d %B').''; echo ''; diff --git a/kernel/security.class.php b/kernel/security.class.php index 90a7e38c..c4ac5a34 100644 --- a/kernel/security.class.php +++ b/kernel/security.class.php @@ -4,7 +4,8 @@ class Security extends dbJSON { private $dbFields = array( 'minutesBlocked'=>5, - 'numberFailures'=>10 + 'numberFailuresAllowed'=>10, + 'blackList'=>array('numberFailures', 'lastFailure') ); function __construct() @@ -12,14 +13,47 @@ class Security extends dbJSON parent::__construct(PATH_DATABASES.'security.php'); } + public function isBlocked() + { + $ip = $this->getUserIp(); + if(!isset($this->db['blackList'][$ip])) { + return false; + } + + $currentTime = time(); + $userBlack = $this->db['blackList'][$ip]; + $numberFailures = $userBlack['numberFailures']; + $lastFailure = $userBlack['lastFailure']; + + // Check if the IP is expired, then is not blocked. + if($currentTime > $lastFailure + $this->db['minutesBlocked']) { + return false; + } + + // The IP has more failures than number of failures, then the IP is blocked. + if($numberFailures >= $this->db['numberFailuresAllowed']) { + return true; + } + + // Otherwise the IP is not blocked. + return false; + } public function addLoginFail() { $ip = $this->getUserIp(); + $currentTime = time(); + $numberFailures = 1; + + if(isset($this->db['blackList'][$ip])) { + $numberFailures = $userBlack['numberFailures']; + $numberFailures = $numberFailures + 1; + } + + $this->db['blackList'][$ip] = array('lastFailure'=>$currentTime, 'numberFailures'=>$numberFailures); // Save the database - $this->db[$ip] = (int)$this->db[$ip] + 1; if( $this->save() === false ) { Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.'); return false; From 72e377956f1f0cd305f57cb3aae6738a4a7a824d Mon Sep 17 00:00:00 2001 From: dignajar Date: Thu, 13 Aug 2015 18:41:16 -0300 Subject: [PATCH 04/15] Bug fixes --- admin/themes/default/css/default.css | 7 +++++++ admin/views/dashboard.php | 6 ++---- admin/views/users.php | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/admin/themes/default/css/default.css b/admin/themes/default/css/default.css index a8d4dca0..b375a66d 100644 --- a/admin/themes/default/css/default.css +++ b/admin/themes/default/css/default.css @@ -140,6 +140,7 @@ div.dashboardBox .nav { div.dashboardBox .nav a { padding: 0 !important; display: inline-block; + margin-left: 8px; } div.dashboardBox i.iconContent { @@ -154,6 +155,11 @@ div.dashboardBox div.bigContent { font-weight: bold; } +div.dashboardBox span { + display: inline-block !important; + padding: 3px 6px; +} + div.dashboardBox h2 { color: #666; font-size: 1.1em; @@ -189,6 +195,7 @@ div.dashboardBox ul.menu li.description:last-child { margin-bottom: 0 !important; } + /* ----------- FORMS ----------- */ form h4 { diff --git a/admin/views/dashboard.php b/admin/views/dashboard.php index f96240a9..f76afbb9 100644 --- a/admin/views/dashboard.php +++ b/admin/views/dashboard.php @@ -63,11 +63,11 @@ { foreach($_draftPosts as $Post) { - echo '
  • ('.$Language->g('Post').') '.($Post->title()?$Post->title():'['.$Language->g('Empty title').'] ').'
    • '; + echo '
  • '.$Language->g('Post').''.($Post->title()?$Post->title():'['.$Language->g('Empty title').'] ').'
    • '; } foreach($_draftPages as $Page) { - echo '
  • ('.$Language->g('Page').') '.($Page->title()?$Page->title():'['.$Language->g('Empty title').'] ').'
    • '; + echo '
  • '.$Language->g('Page').''.($Page->title()?$Page->title():'['.$Language->g('Empty title').'] ').'
    • '; } } ?> @@ -75,7 +75,5 @@
    - - \ No newline at end of file diff --git a/admin/views/users.php b/admin/views/users.php index da6f4634..6f9a4ac9 100644 --- a/admin/views/users.php +++ b/admin/views/users.php @@ -22,7 +22,7 @@ echo ''.$username.''; echo ''.$field['firstName'].''; echo ''.$field['lastName'].''; - echo 'a'.$field['role'].''; + echo ''.$field['role'].''; echo ''.$field['email'].''; echo ''.Date::format($field['registered'], '%d %B').''; echo ''; From e6b44e15b2f59cc7cf24ab1c6bfeeefb3651e186 Mon Sep 17 00:00:00 2001 From: dignajar Date: Thu, 13 Aug 2015 22:22:26 -0300 Subject: [PATCH 05/15] Disqus plugins --- plugins/disqus/language/en_US.json | 12 ++++++ plugins/disqus/plugin.php | 65 ++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 plugins/disqus/language/en_US.json create mode 100644 plugins/disqus/plugin.php diff --git a/plugins/disqus/language/en_US.json b/plugins/disqus/language/en_US.json new file mode 100644 index 00000000..fd997417 --- /dev/null +++ b/plugins/disqus/language/en_US.json @@ -0,0 +1,12 @@ +{ + "plugin-data": + { + "name": "Disqus comment system", + "description": "Disqus is a blog comment hosting service for web sites. It's necesary to register on Disqus.com before using this plugin.", + "author": "Bludit", + "email": "", + "website": "http://www.bludit.com", + "version": "0.1", + "releaseDate": "2015-08-02" + } +} \ No newline at end of file diff --git a/plugins/disqus/plugin.php b/plugins/disqus/plugin.php new file mode 100644 index 00000000..42f13aae --- /dev/null +++ b/plugins/disqus/plugin.php @@ -0,0 +1,65 @@ +dbFields = array( + 'shortname'=>'' + ); + } + + public function form() + { + global $Language; + + $html = '
    '; + $html .= ''; + $html .= ''; + $html .= '
    '; + + return $html; + } + + public function postEnd() + { + $html = '
    '; + return $html; + } + + public function pageEnd() + { + return $this->postEnd(); + } + + public function siteHead() + { + $html = ''; + return $html; + } + + public function siteBodyEnd() + { + global $Url; + + if( ($Url->whereAmI()!='post') && ($Url->whereAmI()!='page') ) { + return ''; + } + + $html = ' + +'; + + return $html; + } +} \ No newline at end of file From cb0d6cc14579886eb7928fc604e703c3baa44730 Mon Sep 17 00:00:00 2001 From: dignajar Date: Thu, 13 Aug 2015 22:36:03 -0300 Subject: [PATCH 06/15] Bug fixes --- kernel/boot/rules/70.build_pages.php | 7 +++---- plugins/pages/plugin.php | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/kernel/boot/rules/70.build_pages.php b/kernel/boot/rules/70.build_pages.php index d3ea1db0..3ccddac6 100644 --- a/kernel/boot/rules/70.build_pages.php +++ b/kernel/boot/rules/70.build_pages.php @@ -74,7 +74,7 @@ function build_page($key) $user = $dbUsers->getDb( $Page->username() ); $Page->setField('authorFirstName', $user['firstName'], false); - + $Page->setField('authorLastName', $user['lastName'], false); } @@ -167,14 +167,13 @@ if( ($Url->whereAmI()==='page') && ($Url->notFound()===false) ) // Default homepage if($Url->notFound()===false) { - if( ($Site->homepage()!=='home') && ($Url->whereAmI()==='home') ) + if( Text::isNotEmpty($Site->homepage()) && ($Url->whereAmI()==='home') ) { $Url->setWhereAmI('page'); $Page = build_page( $Site->homepage() ); - if($Page===false) - { + if($Page===false) { $Url->setWhereAmI('home'); } } diff --git a/plugins/pages/plugin.php b/plugins/pages/plugin.php index 31d83df7..eafa9b06 100755 --- a/plugins/pages/plugin.php +++ b/plugins/pages/plugin.php @@ -47,7 +47,7 @@ class pluginPages extends Plugin { foreach($parents as $parent) { - if($Site->homepage()!==$parent->key()) + //if($Site->homepage()!==$parent->key()) { // Print the parent $html .= '
  • '.$parent->title().''; From 2bbd0aba165bb874a599ee7c34fccaddf0838ac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20K?= Date: Sun, 16 Aug 2015 12:34:53 +0200 Subject: [PATCH 07/15] Check lang in install --- install.php | 22 +++++++++++++--------- languages/en_US.json | 7 ++++++- languages/es_AR.json | 0 languages/es_VE.json | 0 languages/fr_FR.json | 7 ++++++- languages/ja_JP.json | 0 languages/ru_RU.json | 0 languages/zh_TW.json | 0 8 files changed, 25 insertions(+), 11 deletions(-) mode change 100644 => 100755 install.php mode change 100644 => 100755 languages/en_US.json mode change 100644 => 100755 languages/es_AR.json mode change 100644 => 100755 languages/es_VE.json mode change 100644 => 100755 languages/ja_JP.json mode change 100644 => 100755 languages/ru_RU.json mode change 100644 => 100755 languages/zh_TW.json diff --git a/install.php b/install.php old mode 100644 new mode 100755 index d278b097..e70cf8ae --- a/install.php +++ b/install.php @@ -9,7 +9,7 @@ // Security constant define('BLUDIT', true); - + // Directory separator define('DS', DIRECTORY_SEPARATOR); @@ -60,6 +60,10 @@ include(PATH_HELPERS.'text.class.php'); include(PATH_ABSTRACT.'dbjson.class.php'); include(PATH_KERNEL.'dblanguage.class.php'); +// Load language +$locale = Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']); +$Language = new dbLanguage($locale); + // ============================================================================ // FUNCTIONS // ============================================================================ @@ -351,7 +355,7 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' ) - Bludit Installer + <?php echo $Language->get('Bludit Installer') ?> @@ -363,8 +367,8 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
    -

    Bludit Installer

    -

    Welcome to the Bludit installer

    +

    get('Bludit Installer') ?>

    +

    get('Welcome to the Bludit installer') ?>

    -

    Complete the form, choose a password for the username admin

    +

    get('Complete the form, choose a password for the username « admin »') ?>

    @@ -392,15 +396,15 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )

    - +

    diff --git a/languages/en_US.json b/languages/en_US.json old mode 100644 new mode 100755 index 4fb8fe50..2e7e3dad --- a/languages/en_US.json +++ b/languages/en_US.json @@ -8,7 +8,12 @@ "email": "", "website": "" }, - + + "bludit-installer": "Bludit Installer", + "welcome-to-the-bludit-installer": "Welcome to the Bludit installer", + "complete-the-form,-choose-a-password-for-the-username-«-admin-»": "Complete the form, choose a password for the username « admin »", + "password,-visible-field!": "Password, visible field!", + "install": "Install", "username": "Username", "password": "Password", "confirm-password": "Confirm Password", diff --git a/languages/es_AR.json b/languages/es_AR.json old mode 100644 new mode 100755 diff --git a/languages/es_VE.json b/languages/es_VE.json old mode 100644 new mode 100755 diff --git a/languages/fr_FR.json b/languages/fr_FR.json index 0aadd039..a4faffd0 100755 --- a/languages/fr_FR.json +++ b/languages/fr_FR.json @@ -8,7 +8,12 @@ "email": "", "website": "" }, - + + "bludit-installer": "Installation de Bludit", + "welcome-to-the-bludit-installer": "Bienvenue dans l’assistant d’installation de Bludit", + "complete-the-form,-choose-a-password-for-the-username-«-admin-»": "Complétez le formulaire et choisissez un mot de passe pour l’utilisateur « admin »", + "password,-visible-field!": "Mot de passe, champ visible !", + "install": "Installer", "username": "Nom d’utilisateur", "password": "Mot de passe", "confirm-password": "Confirmation du mot de passe", diff --git a/languages/ja_JP.json b/languages/ja_JP.json old mode 100644 new mode 100755 diff --git a/languages/ru_RU.json b/languages/ru_RU.json old mode 100644 new mode 100755 diff --git a/languages/zh_TW.json b/languages/zh_TW.json old mode 100644 new mode 100755 From 2854c971482d930a1d17e06ca1b96807c19d65cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20K?= Date: Sun, 16 Aug 2015 14:33:33 +0200 Subject: [PATCH 08/15] Fix lang exist --- install.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/install.php b/install.php index e70cf8ae..7897f835 100755 --- a/install.php +++ b/install.php @@ -6,10 +6,9 @@ * Author Diego Najar * Bludit is opensource software licensed under the MIT license. */ - // Security constant define('BLUDIT', true); - + // Directory separator define('DS', DIRECTORY_SEPARATOR); @@ -61,7 +60,12 @@ include(PATH_ABSTRACT.'dbjson.class.php'); include(PATH_KERNEL.'dblanguage.class.php'); // Load language -$locale = Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']); +$HTTP_ACCEPT_LANGUAGE = Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']); +if (file_exists(PATH_LANGUAGES.$HTTP_ACCEPT_LANGUAGE. '.json')) { + $locale = $HTTP_ACCEPT_LANGUAGE; +} else { + $locale = 'en_US'; +} $Language = new dbLanguage($locale); // ============================================================================ From 5d70ba31711f59efc7227b760e6d1b0d96110f04 Mon Sep 17 00:00:00 2001 From: dignajar Date: Sun, 16 Aug 2015 21:24:22 -0300 Subject: [PATCH 09/15] Installer improves --- admin/themes/default/css/installer.css | 10 +- index.php | 2 +- install.php | 154 +++++++++++++++---------- kernel/boot/init.php | 51 ++++---- kernel/boot/rules/99.header.php | 2 - kernel/dblanguage.class.php | 18 ++- kernel/dbpages.class.php | 10 +- languages/en_US.json | 18 +-- languages/es_AR.json | 8 +- languages/fr_FR.json | 17 ++- 10 files changed, 165 insertions(+), 125 deletions(-) diff --git a/admin/themes/default/css/installer.css b/admin/themes/default/css/installer.css index 988fe753..153f0e5f 100644 --- a/admin/themes/default/css/installer.css +++ b/admin/themes/default/css/installer.css @@ -8,6 +8,10 @@ a:hover { text-decoration: none !important; } +p { + margin-bottom: 0; +} + /* ----------- FONTS AWESOME ----------- */ .fa-right { margin-right: 5px; @@ -16,7 +20,7 @@ a:hover { /* ----------- ----------- */ div.main { text-align: center; - margin: 30px 0; + margin: 50px 0 0 0; } h1.title { font-weight: lighter; @@ -27,6 +31,10 @@ td { text-align: center; } +.boxInstallerForm { + margin-top: 30px !important; +} + .tools-message { display: block; position: relative; diff --git a/index.php b/index.php index 75f5d69e..6fee318f 100644 --- a/index.php +++ b/index.php @@ -23,7 +23,7 @@ define('BLUDIT', true); // Directory separator define('DS', DIRECTORY_SEPARATOR); -// PHP paths +// PHP paths for init define('PATH_ROOT', __DIR__.DS); define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS); diff --git a/install.php b/install.php index 7897f835..00dd9d6b 100755 --- a/install.php +++ b/install.php @@ -6,13 +6,14 @@ * Author Diego Najar * Bludit is opensource software licensed under the MIT license. */ + // Security constant define('BLUDIT', true); - + // Directory separator define('DS', DIRECTORY_SEPARATOR); -// PATHs +// PHP paths define('PATH_ROOT', __DIR__.DS); define('PATH_CONTENT', PATH_ROOT.'content'.DS); define('PATH_POSTS', PATH_CONTENT.'posts'.DS); @@ -30,6 +31,9 @@ define('DOMAIN', getenv('HTTP_HOST')); $base = (dirname(getenv('SCRIPT_NAME'))==DS)?'/':dirname(getenv('SCRIPT_NAME')).'/'; define('HTML_PATH_ROOT', $base); +// Log separator +define('LOG_SEP', ' | '); + // JSON if(!defined('JSON_PRETTY_PRINT')) { define('JSON_PRETTY_PRINT', 128); @@ -38,17 +42,18 @@ if(!defined('JSON_PRETTY_PRINT')) { // Check if JSON encode and decode are enabled. define('JSON', function_exists('json_encode')); -// Multibyte string / UTF-8 -define('MB_STRING', extension_loaded('mbstring')); - +// Charset, default UTF-8. define('CHARSET', 'UTF-8'); +// Multibyte string extension loaded. +define('MB_STRING', extension_loaded('mbstring')); + if(MB_STRING) { - // Tell PHP that we're using UTF-8 strings until the end of the script. + // Set internal character encoding. mb_internal_encoding(CHARSET); - // Tell PHP that we'll be outputting UTF-8 to the browser. + // Set HTTP output character encoding. mb_http_output(CHARSET); } @@ -58,15 +63,16 @@ include(PATH_HELPERS.'valid.class.php'); include(PATH_HELPERS.'text.class.php'); include(PATH_ABSTRACT.'dbjson.class.php'); include(PATH_KERNEL.'dblanguage.class.php'); +include(PATH_HELPERS.'log.class.php'); // Load language -$HTTP_ACCEPT_LANGUAGE = Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']); -if (file_exists(PATH_LANGUAGES.$HTTP_ACCEPT_LANGUAGE. '.json')) { - $locale = $HTTP_ACCEPT_LANGUAGE; -} else { - $locale = 'en_US'; +$localeFromHTTP = Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']); + +if(isset($_GET['language'])) { + $localeFromHTTP = Sanitize::html($_GET['language']); } -$Language = new dbLanguage($locale); + +$Language = new dbLanguage($localeFromHTTP); // ============================================================================ // FUNCTIONS @@ -152,9 +158,9 @@ function checkSystem() return $stdOut; } -function install($adminPassword, $email, $locale) +function install($adminPassword, $email) { - $Language = new dbLanguage($locale); + global $Language; $stdOut = array(); @@ -230,9 +236,9 @@ function install($adminPassword, $email, $locale) 'title'=>'Bludit', 'slogan'=>'cms', 'description'=>'', - 'footer'=>'©2015', - 'language'=>$locale, - 'locale'=>$locale, + 'footer'=>'', + 'language'=>$Language->getCurrentLocale(), + 'locale'=>$Language->getCurrentLocale(), 'timezone'=>'UTC', 'theme'=>'pure', 'adminTheme'=>'default', @@ -303,10 +309,12 @@ Content: function checkPOST($args) { + global $Language; + // Check empty password if(empty($args['password'])) { - return '
    The password field is empty
    '; + return '
    '.$Language->g('The password field is empty').'
    '; } // Check invalid email @@ -369,21 +377,37 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
    -
    -
    -

    get('Bludit Installer') ?>

    -

    get('Welcome to the Bludit installer') ?>

    +
    +
    - get('Bludit Installer') ?> +

    get('Welcome to the Bludit installer') ?>

    - if(empty($system)) - { - ?> + get('Complete the form, choose a password for the username « admin »') ?>

    + $system = checkSystem(); -
    + // Missing requirements + if(!empty($system)) + { + echo '
    '; + echo ''; + + foreach($system as $value) { + echo ''; + } + + echo '
    '.$value.'
    '; + echo '
    '; + } + // Second step + elseif(isset($_GET['language'])) + { + + ?> +

    get('Complete the form choose a password for the username admin') ?>

    + +
    + +

    +

    + +
    + +

    get('Choose your language') ?>

    + +
    + +
    + -

    - +

    + - '; - echo ''; + + - foreach ($system as $value) - { - echo ''; - } - - echo '
    '.$value.'
    '; - echo ' -
    -
    - - +
    diff --git a/kernel/boot/init.php b/kernel/boot/init.php index 08f30f4b..09814485 100644 --- a/kernel/boot/init.php +++ b/kernel/boot/init.php @@ -1,14 +1,16 @@ '); -// Bludit version -define('BLUDIT_VERSION', 'githubVersion'); -define('BLUDIT_CODENAME', ''); -define('BLUDIT_RELEASE_DATE', ''); - -// +// No parent character define('NO_PARENT_CHAR', '—'); // Post per page on Manage->Posts define('POSTS_PER_PAGE_ADMIN', 10); -// Multibyte string / UTF-8 -define('MB_STRING', extension_loaded('mbstring')); - // Check if JSON encode and decode are enabled. define('JSON', function_exists('json_encode')); // TRUE if new posts hand-made set published, or FALSE for draft. define('HANDMADE_PUBLISHED', true); +// Charset, default UTF-8. define('CHARSET', 'UTF-8'); +// Multibyte string extension loaded. +define('MB_STRING', extension_loaded('mbstring')); + if(MB_STRING) { - // Tell PHP that we're using UTF-8 strings until the end of the script. + // Set internal character encoding. mb_internal_encoding(CHARSET); - // Tell PHP that we'll be outputting UTF-8 to the browser. + // Set HTTP output character encoding. mb_http_output(CHARSET); } -// Abstract Classes +// Inclde Abstract Classes include(PATH_ABSTRACT.'dbjson.class.php'); include(PATH_ABSTRACT.'filecontent.class.php'); include(PATH_ABSTRACT.'plugin.class.php'); +// Inclde Classes include(PATH_KERNEL.'dbposts.class.php'); include(PATH_KERNEL.'dbpages.class.php'); include(PATH_KERNEL.'dbusers.class.php'); include(PATH_KERNEL.'dblanguage.class.php'); include(PATH_KERNEL.'dbsite.class.php'); - include(PATH_KERNEL.'post.class.php'); include(PATH_KERNEL.'page.class.php'); - include(PATH_KERNEL.'url.class.php'); include(PATH_KERNEL.'login.class.php'); include(PATH_KERNEL.'parsedown.class.php'); -// Helpers Classes +// Include Helpers Classes include(PATH_HELPERS.'text.class.php'); include(PATH_HELPERS.'log.class.php'); include(PATH_HELPERS.'date.class.php'); @@ -146,7 +139,7 @@ define('HTML_PATH_ADMIN_ROOT', HTML_PATH_ROOT.'admin/'); define('HTML_PATH_UPLOADS', HTML_PATH_ROOT.'content/uploads/'); define('HTML_PATH_PLUGINS', HTML_PATH_ROOT.'plugins/'); -// PHP PATHs with dependency +// PHP paths with dependency define('PATH_THEME', PATH_ROOT.'themes/'.$Site->theme().'/'); // Objects with dependency diff --git a/kernel/boot/rules/99.header.php b/kernel/boot/rules/99.header.php index d67de305..27df4585 100644 --- a/kernel/boot/rules/99.header.php +++ b/kernel/boot/rules/99.header.php @@ -5,5 +5,3 @@ if($Url->notFound()) { header('HTTP/1.0 404 Not Found'); } - -?> diff --git a/kernel/dblanguage.class.php b/kernel/dblanguage.class.php index 4ec34ee2..7da6c0fa 100644 --- a/kernel/dblanguage.class.php +++ b/kernel/dblanguage.class.php @@ -4,24 +4,27 @@ class dbLanguage extends dbJSON { public $data; public $db; + public $currentLocale; - function __construct($language) + function __construct($locale) { $this->data = array(); $this->db = array(); + $this->currentLocale = 'en_US'; // Default language en_US $filename = PATH_LANGUAGES.'en_US.json'; - if(file_exists($filename)) + if( Sanitize::pathFile($filename) ) { $Tmp = new dbJSON($filename, false); $this->db = array_merge($this->db, $Tmp->db); } // User language - $filename = PATH_LANGUAGES.$language.'.json'; - if( file_exists($filename) && ($language!=="en_US") ) + $filename = PATH_LANGUAGES.$locale.'.json'; + if( Sanitize::pathFile($filename) && ($locale!=="en_US") ) { + $this->currentLocale = $locale; $Tmp = new dbJSON($filename, false); $this->db = array_merge($this->db, $Tmp->db); } @@ -30,6 +33,11 @@ class dbLanguage extends dbJSON unset($this->db['language-data']); } + public function getCurrentLocale() + { + return $this->currentLocale; + } + // Return the translation, if the translation does'n exist then return the English translation. public function get($string) { @@ -73,7 +81,7 @@ class dbLanguage extends dbJSON return $this->data[$key]; } - return ''; + return ''; } // Returns an array with all dictionaries. diff --git a/kernel/dbpages.class.php b/kernel/dbpages.class.php index 1f47d0e4..70bd7f74 100644 --- a/kernel/dbpages.class.php +++ b/kernel/dbpages.class.php @@ -5,14 +5,14 @@ class dbPages extends dbJSON private $parentKeyList = array(); private $dbFields = array( - 'title'=> array('inFile'=>true, 'value'=>''), - 'content'=> array('inFile'=>true, 'value'=>''), + 'title'=> array('inFile'=>true, 'value'=>''), + 'content'=> array('inFile'=>true, 'value'=>''), 'description'=> array('inFile'=>false, 'value'=>''), 'username'=> array('inFile'=>false, 'value'=>''), - 'tags'=> array('inFile'=>false, 'value'=>''), - 'status'=> array('inFile'=>false, 'value'=>'draft'), + 'tags'=> array('inFile'=>false, 'value'=>''), + 'status'=> array('inFile'=>false, 'value'=>'draft'), 'unixTimeCreated'=> array('inFile'=>false, 'value'=>0), - 'unixTimeModified'=>array('inFile'=>false, 'value'=>0), + 'unixTimeModified'=> array('inFile'=>false, 'value'=>0), 'position'=> array('inFile'=>false, 'value'=>0) ); diff --git a/languages/en_US.json b/languages/en_US.json index 2e7e3dad..4b703101 100755 --- a/languages/en_US.json +++ b/languages/en_US.json @@ -8,12 +8,7 @@ "email": "", "website": "" }, - - "bludit-installer": "Bludit Installer", - "welcome-to-the-bludit-installer": "Welcome to the Bludit installer", - "complete-the-form,-choose-a-password-for-the-username-«-admin-»": "Complete the form, choose a password for the username « admin »", - "password,-visible-field!": "Password, visible field!", - "install": "Install", + "username": "Username", "password": "Password", "confirm-password": "Confirm Password", @@ -149,6 +144,13 @@ "read-the-documentation-for-more-information": "Read the [documentation](http://docs.bludit.com) for more information", "share-with-your-friends-and-enjoy": "Share with your friends and enjoy", "the-page-has-not-been-found": "The page has not been found.", - "error": "Error" - + "error": "Error", + "bludit-installer": "Bludit Installer", + "welcome-to-the-bludit-installer": "Welcome to the Bludit installer", + "complete-the-form-choose-a-password-for-the-username-admin": "Complete the form, choose a password for the username « admin »", + "password-visible-field": "Password, visible field!", + "install": "Install", + "choose-your-language": "Choose your language", + "next": "Next", + "the-password-field-is-empty": "The password field is empty" } \ No newline at end of file diff --git a/languages/es_AR.json b/languages/es_AR.json index 8fa3d00f..58fe0dba 100755 --- a/languages/es_AR.json +++ b/languages/es_AR.json @@ -144,5 +144,11 @@ "read-the-documentation-for-more-information": "Lea la [documentacion](http://docs.bludit.com) para mas informacion", "share-with-your-friends-and-enjoy": "Comparti con tus amigos y a disfrutar", "the-page-has-not-been-found": "La pagina no fue encontrada.", - "error": "Error" + "error": "Error", + "bludit-installer": "Bludit Instalador", + "welcome-to-the-bludit-installer": "Bienvenido al asistente para la instalación de Bludit.", + "complete-the-form-choose-a-password-for-the-username-admin": "Complete el formulario y elija una contraseña para el usuario « admin »", + "password-visible-field": "Contraseña, este campo es visible!", + "install": "Instalar", + "the-password-field-is-empty": "Debe completar el campo contraseña" } \ No newline at end of file diff --git a/languages/fr_FR.json b/languages/fr_FR.json index a4faffd0..7ccc65ce 100755 --- a/languages/fr_FR.json +++ b/languages/fr_FR.json @@ -8,12 +8,7 @@ "email": "", "website": "" }, - - "bludit-installer": "Installation de Bludit", - "welcome-to-the-bludit-installer": "Bienvenue dans l’assistant d’installation de Bludit", - "complete-the-form,-choose-a-password-for-the-username-«-admin-»": "Complétez le formulaire et choisissez un mot de passe pour l’utilisateur « admin »", - "password,-visible-field!": "Mot de passe, champ visible !", - "install": "Installer", + "username": "Nom d’utilisateur", "password": "Mot de passe", "confirm-password": "Confirmation du mot de passe", @@ -40,7 +35,7 @@ "position": "Position", "save": "Sauvegarder", "draft": "Brouillon", - "delete": "Supprimer", + "delete": "Supprimer", "registered": "Inscrit", "Notifications": "Notifications", "profile": "Profil", @@ -149,6 +144,10 @@ "read-the-documentation-for-more-information": "Lisez la [documentation](http://docs.bludit.com) pour plus d’information", "share-with-your-friends-and-enjoy": "Partagez avec vos amis et apprécier !", "the-page-has-not-been-found": "La page n’a pas été trouvée.", - "error": "Erreur" - + "error": "Erreur", + "bludit-installer": "Installation de Bludit", + "welcome-to-the-bludit-installer": "Bienvenue dans l’assistant d’installation de Bludit", + "complete-the-form-choose-a-password-for-the-username-admin": "Complétez le formulaire et choisissez un mot de passe pour l’utilisateur « admin »", + "password-visible-field": "Mot de passe, champ visible !", + "install": "Installer" } \ No newline at end of file From b97b26a9778c93f555e2b75402a79ee0148cf9f9 Mon Sep 17 00:00:00 2001 From: dignajar Date: Sun, 16 Aug 2015 23:33:49 -0300 Subject: [PATCH 10/15] Installer improves --- admin/views/dashboard.php | 2 +- admin/views/settings.php | 2 +- index.php | 6 +- install.php | 2 +- kernel/boot/admin.php | 18 +++-- kernel/boot/site.php | 6 +- languages/en_US.json | 6 +- languages/es_AR.json | 105 +++++++++++++++-------------- languages/es_VE.json | 2 +- languages/fr_FR.json | 2 +- languages/zh_TW.json | 2 +- plugins/disqus/language/en_US.json | 6 +- plugins/disqus/plugin.php | 33 +++++++-- 13 files changed, 115 insertions(+), 77 deletions(-) diff --git a/admin/views/dashboard.php b/admin/views/dashboard.php index f76afbb9..9e159b1c 100644 --- a/admin/views/dashboard.php +++ b/admin/views/dashboard.php @@ -50,7 +50,7 @@
    -

    Drafts

    +

    p('Drafts') ?>

    @@ -31,13 +31,13 @@
    -
    +
    '.Alert::get().'
    '; + echo '
    '.Alert::get().'
    '; } // Load view @@ -51,8 +51,6 @@
    - - diff --git a/install.php b/install.php index d5e6fda8..6c937ad6 100755 --- a/install.php +++ b/install.php @@ -273,6 +273,16 @@ function install($adminPassword, $email) file_put_contents(PATH_DATABASES.'users.php', $dataHead.json_encode($data, JSON_PRETTY_PRINT), LOCK_EX); + // File security.php + $data = array( + 'minutesBlocked'=>5, + 'numberFailuresAllowed'=>10, + 'blackList'=>array() + ); + + file_put_contents(PATH_DATABASES.'security.php', $dataHead.json_encode($data, JSON_PRETTY_PRINT), LOCK_EX); + + // File plugins/pages/db.php $data = array( 'homeLink'=>true, @@ -364,7 +374,7 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' ) - + <?php echo $Language->get('Bludit Installer') ?> @@ -390,7 +400,7 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' ) // Missing requirements if(!empty($system)) { - echo '
    '; + echo '
    '; echo ''; foreach($system as $value) { diff --git a/kernel/boot/admin.php b/kernel/boot/admin.php index 954de147..3f7e2719 100644 --- a/kernel/boot/admin.php +++ b/kernel/boot/admin.php @@ -25,14 +25,14 @@ if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) } // AJAX -if( $Login->isLogged() && ($layout['slug']==='ajax') ) +if( $layout['slug']==='ajax' ) { - // Boot rules - // Ajax doesn't load rules - - // Load AJAX file - if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) { - include(PATH_AJAX.$layout['parameters'].'.php'); + if($Login->isLogged()) + { + // Load AJAX file + if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) { + include(PATH_AJAX.$layout['parameters'].'.php'); + } } } // ADMIN AREA @@ -73,4 +73,4 @@ else // Plugins after admin area loaded Theme::plugins('afterAdminLoad'); -} +} \ No newline at end of file diff --git a/kernel/boot/init.php b/kernel/boot/init.php index 09814485..afd5c70a 100644 --- a/kernel/boot/init.php +++ b/kernel/boot/init.php @@ -97,6 +97,7 @@ include(PATH_KERNEL.'page.class.php'); include(PATH_KERNEL.'url.class.php'); include(PATH_KERNEL.'login.class.php'); include(PATH_KERNEL.'parsedown.class.php'); +include(PATH_KERNEL.'security.class.php'); // Include Helpers Classes include(PATH_HELPERS.'text.class.php'); @@ -125,6 +126,7 @@ $dbUsers = new dbUsers(); $Site = new dbSite(); $Url = new Url(); $Parsedown = new Parsedown(); +$Security = new Security(); // HTML PATHs $base = (dirname(getenv('SCRIPT_NAME'))==DS)?'/':dirname(getenv('SCRIPT_NAME')).'/'; diff --git a/kernel/login.class.php b/kernel/login.class.php index d55d118b..476c09cb 100644 --- a/kernel/login.class.php +++ b/kernel/login.class.php @@ -65,7 +65,7 @@ class Login { $user = $this->dbUsers->getDb($username); if($user==false) { - Log::set(__METHOD__.LOG_SEP.'Username not exist: '.$username); + Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username); return false; } @@ -78,7 +78,7 @@ class Login { return true; } else { - Log::set(__METHOD__.LOG_SEP.'Password are differents.'); + Log::set(__METHOD__.LOG_SEP.'Password incorrect.'); } return false; @@ -113,4 +113,4 @@ class Login { return Session::destroy(); } -} +} \ No newline at end of file diff --git a/kernel/security.class.php b/kernel/security.class.php index c4ac5a34..7fe3be21 100644 --- a/kernel/security.class.php +++ b/kernel/security.class.php @@ -5,7 +5,7 @@ class Security extends dbJSON private $dbFields = array( 'minutesBlocked'=>5, 'numberFailuresAllowed'=>10, - 'blackList'=>array('numberFailures', 'lastFailure') + 'blackList'=>array() ); function __construct() @@ -27,12 +27,13 @@ class Security extends dbJSON $lastFailure = $userBlack['lastFailure']; // Check if the IP is expired, then is not blocked. - if($currentTime > $lastFailure + $this->db['minutesBlocked']) { + if($currentTime > $lastFailure + ($this->db['minutesBlocked']*60)) { return false; } // The IP has more failures than number of failures, then the IP is blocked. if($numberFailures >= $this->db['numberFailuresAllowed']) { + Log::set(__METHOD__.LOG_SEP.'IP Blocked:'.$ip); return true; } @@ -46,13 +47,23 @@ class Security extends dbJSON $currentTime = time(); $numberFailures = 1; - if(isset($this->db['blackList'][$ip])) { - $numberFailures = $userBlack['numberFailures']; - $numberFailures = $numberFailures + 1; + if(isset($this->db['blackList'][$ip])) + { + $userBlack = $this->db['blackList'][$ip]; + $lastFailure = $userBlack['lastFailure']; + + // Check if the IP is expired, then renew the number of failures. + if($currentTime <= $lastFailure + ($this->db['minutesBlocked']*60)) + { + $numberFailures = $userBlack['numberFailures']; + $numberFailures = $numberFailures + 1; + } } $this->db['blackList'][$ip] = array('lastFailure'=>$currentTime, 'numberFailures'=>$numberFailures); + Log::set(__METHOD__.LOG_SEP.'Blacklist, IP:'.$ip.', Number of failures:'.$numberFailures); + // Save the database if( $this->save() === false ) { Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.'); diff --git a/languages/en_US.json b/languages/en_US.json index 6fdec683..23d306a8 100755 --- a/languages/en_US.json +++ b/languages/en_US.json @@ -155,5 +155,7 @@ "the-password-field-is-empty": "The password field is empty", "your-email-address-is-invalid":"Your email address is invalid.", "proceed-anyway": "Proceed anyway!", - "drafts":"Drafts" + "drafts":"Drafts", + "ip-address-has-been-blocked": "IP address has been blocked.", + "try-again-in-a-few-minutes": "Try again in a few minutes." } \ No newline at end of file diff --git a/languages/es_AR.json b/languages/es_AR.json index 8c8d6dc1..6d5643ab 100755 --- a/languages/es_AR.json +++ b/languages/es_AR.json @@ -153,5 +153,7 @@ "the-password-field-is-empty": "Debe completar el campo contraseña", "your-email-address-is-invalid":"Su dirección de correo es invalida.", "proceed-anyway": "Continuar de todas formas!", - "drafts":"Borradores" + "drafts":"Borradores", + "ip-address-has-been-blocked":"La direccion IP fue bloqueada.", + "try-again-in-a-few-minutes": "Vuelva a intentar en unos minutos." } \ No newline at end of file From 9d3de43d9ee7089e2e17f0fcf743a145acf3aa8d Mon Sep 17 00:00:00 2001 From: dignajar Date: Mon, 17 Aug 2015 23:18:57 -0300 Subject: [PATCH 15/15] Bruteforce protection --- kernel/security.class.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/kernel/security.class.php b/kernel/security.class.php index 7fe3be21..3761a1e4 100644 --- a/kernel/security.class.php +++ b/kernel/security.class.php @@ -73,6 +73,18 @@ class Security extends dbJSON return true; } + public function getNumberFailures($ip=null) + { + if(empty($ip)) { + $ip = $this->getUserIp(); + } + + if(isset($this->db['blackList'][$ip])) { + $userBlack = $this->db['blackList'][$ip]; + return $userBlack['numberFailures']; + } + } + public function getUserIp() { // User IP