Updates
This commit is contained in:
parent
3120e7975a
commit
62196c1177
|
@ -22,6 +22,9 @@ function checkPost($args)
|
|||
// Verify User sanitize the input
|
||||
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
|
||||
{
|
||||
// Renew the token. This token will be the same inside the session for multiple forms.
|
||||
$Security->generateToken();
|
||||
|
||||
Redirect::page('admin', 'dashboard');
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@ span.label {
|
|||
/* ----------- HEAD ----------- */
|
||||
#head {
|
||||
overflow: auto;
|
||||
border-top: 10px #f1f1f1 solid;
|
||||
border-top: 10px #eee solid;
|
||||
border-bottom: 1px solid #f1f1f1;
|
||||
padding: 10px 0;
|
||||
}
|
||||
|
@ -105,6 +105,10 @@ h2.title {
|
|||
font-weight: normal;
|
||||
}
|
||||
|
||||
h2.title i.fa {
|
||||
margin-right: 8px;
|
||||
}
|
||||
|
||||
/* ----------- TABLE ----------- */
|
||||
table {
|
||||
background-color: #fff;
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
<h2 class="title"><i class="fa fa-user-plus"></i> <?php $Language->p('Add a new user') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-user-plus"></i><?php $Language->p('Add a new user') ?></h2>
|
||||
|
||||
<?php makeNavbar('users'); ?>
|
||||
|
||||
<form method="post" action="" class="forms" autocomplete="off">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label>
|
||||
<?php $Language->p('Username') ?>
|
||||
<input type="text" name="username" class="width-50" value="<?php echo (isset($_POST['username'])?$_POST['username']:'') ?>">
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
<form id="jsformplugin" method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
<input type="hidden" id="jskey" name="key" value="">
|
||||
|
||||
<?php
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('Edit page') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('Edit page') ?></h2>
|
||||
|
||||
<form id="jsform" method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
<input type="hidden" id="jskey" name="key" value="<?php echo $_Page->key() ?>">
|
||||
|
||||
<label>
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('Edit post') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('Edit post') ?></h2>
|
||||
|
||||
<form method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
<input type="hidden" id="jskey" name="key" value="<?php echo $_Post->key() ?>">
|
||||
|
||||
<label>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-user"></i> <?php $Language->p('Edit user') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-user"></i><?php $Language->p('Edit user') ?></h2>
|
||||
|
||||
<nav class="navbar nav-pills sublinks" data-tools="tabs" data-active="#profile">
|
||||
<ul>
|
||||
|
@ -18,6 +18,8 @@
|
|||
|
||||
<div id="profile">
|
||||
<form method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
<input type="hidden" name="edit-user" value="true">
|
||||
<input type="hidden" name="username" value="<?php echo $_user['username'] ?>">
|
||||
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
<h2 class="title"><?php $Language->p('Login') ?></h2>
|
||||
|
||||
<form method="post" action="<?php echo HTML_PATH_ADMIN_ROOT.'login' ?>" class="forms" autocomplete="off">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label>
|
||||
<input type="text" name="username" placeholder="<?php $Language->p('Username') ?>" class="width-100" autocomplete="off">
|
||||
</label>
|
||||
|
||||
<label>
|
||||
<input type="password" name="password" placeholder="<?php $Language->p('Password') ?>" class="width-100" autocomplete="off">
|
||||
</label>
|
||||
|
||||
<p>
|
||||
<button class="btn btn-blue width-100"><?php $Language->p('Login') ?></button>
|
||||
</p>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-file-text-o"></i> <?php $Language->p('Manage pages') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-file-text-o"></i><?php $Language->p('Manage pages') ?></h2>
|
||||
|
||||
<?php makeNavbar('manage'); ?>
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-file-text-o"></i> <?php $Language->p('Manage posts') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-file-text-o"></i><?php $Language->p('Manage posts') ?></h2>
|
||||
|
||||
<?php makeNavbar('manage'); ?>
|
||||
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
<form method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label>
|
||||
<?php $Language->p('Title') ?>
|
||||
<input id="jstitle" name="title" type="text" class="width-90">
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('New post') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('New post') ?></h2>
|
||||
|
||||
<form method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label>
|
||||
<?php $Language->p('Title') ?>
|
||||
<input id="jstitle" name="title" type="text" class="width-90">
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-rocket"></i> <?php $Language->p('Plugins') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-rocket"></i><?php $Language->p('Plugins') ?></h2>
|
||||
|
||||
<?php
|
||||
foreach($plugins['all'] as $Plugin)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-cogs"></i> <?php $Language->p('Settings') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-cogs"></i><?php $Language->p('Settings') ?></h2>
|
||||
|
||||
<nav class="navbar nav-pills sublinks" data-tools="tabs" data-active="#general">
|
||||
<ul>
|
||||
|
@ -15,6 +15,9 @@
|
|||
|
||||
<div id="general">
|
||||
<form method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label>
|
||||
<?php $Language->p('Site title') ?>
|
||||
<input type="text" name="title" class="width-50" value="<?php echo $Site->title() ?>">
|
||||
|
@ -50,6 +53,9 @@
|
|||
|
||||
<div id="advanced">
|
||||
<form method="post" action="" class="forms">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label for="postsperpage">
|
||||
<?php $Language->p('Posts per page') ?>
|
||||
<select name="postsperpage" class="width-50">
|
||||
|
@ -112,6 +118,9 @@
|
|||
|
||||
<div id="regional">
|
||||
<form method="post" action="" class="forms" name="form-regional">
|
||||
|
||||
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
|
||||
|
||||
<label for="jslanguage">
|
||||
<?php $Language->p('Language') ?>
|
||||
<select id="jslanguage" name="language" class="width-50">
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-adjust"></i> <?php $Language->p('Themes') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-adjust"></i><?php $Language->p('Themes') ?></h2>
|
||||
|
||||
<?php
|
||||
foreach($themes as $theme)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<h2 class="title"><i class="fa fa-users"></i> <?php $Language->p('Users') ?></h2>
|
||||
<h2 class="title"><i class="fa fa-users"></i><?php $Language->p('Users') ?></h2>
|
||||
|
||||
<?php makeNavbar('users'); ?>
|
||||
|
||||
|
|
|
@ -45,12 +45,16 @@ else
|
|||
include(PATH_RULES.'99.header.php');
|
||||
include(PATH_RULES.'99.paginator.php');
|
||||
include(PATH_RULES.'99.themes.php');
|
||||
include(PATH_RULES.'99.security.php');
|
||||
|
||||
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') )
|
||||
{
|
||||
$layout['controller'] = 'login';
|
||||
$layout['view'] = 'login';
|
||||
$layout['template'] = 'login.php';
|
||||
|
||||
// Generate the token for the user not logged, when the user is loggued the token will be change.
|
||||
$Security->generateToken();
|
||||
}
|
||||
|
||||
// Plugins before admin area loaded
|
||||
|
|
|
@ -99,8 +99,7 @@ function buildPostsForPage($pageNumber=0, $amount=POSTS_PER_PAGE_ADMIN, $removeU
|
|||
}
|
||||
|
||||
// There are not posts for the page number then set the page notfound
|
||||
//if(empty($list) && $pageNumber>0) {
|
||||
if(empty($list)) {
|
||||
if(empty($list) && $pageNumber>0) {
|
||||
$Url->setNotFound(true);
|
||||
}
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@ function build_plugins()
|
|||
$Language->add($databaseArray);
|
||||
|
||||
// Push Plugin to array all plugins installed and not installed.
|
||||
array_push($plugins['all'], $Plugin);
|
||||
$plugins['all'][$pluginClass] = $Plugin;
|
||||
|
||||
// If the plugin installed
|
||||
if($Plugin->installed())
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
<?php defined('BLUDIT') or die('Bludit CMS.');
|
||||
|
||||
// ============================================================================
|
||||
// Variables
|
||||
// ============================================================================
|
||||
|
||||
// ============================================================================
|
||||
// Functions
|
||||
// ============================================================================
|
||||
|
||||
// ============================================================================
|
||||
// Main before POST
|
||||
// ============================================================================
|
||||
|
||||
// ============================================================================
|
||||
// POST Method
|
||||
// ============================================================================
|
||||
|
||||
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
||||
{
|
||||
$token = isset($_POST['token']) ? Sanitize::html($_POST['token']) : false;
|
||||
|
||||
if( !$Security->validateToken($token) )
|
||||
{
|
||||
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying validate the token. Token ID: '.$token);
|
||||
|
||||
// Destroy the session.
|
||||
Session::destroy();
|
||||
|
||||
// Redirect to login panel.
|
||||
Redirect::page('admin', 'login');
|
||||
}
|
||||
else
|
||||
{
|
||||
unset($_POST['token']);
|
||||
}
|
||||
}
|
||||
|
||||
// ============================================================================
|
||||
// Main after POST
|
||||
// ============================================================================
|
|
@ -20,6 +20,9 @@ if( Sanitize::pathFile(PATH_THEMES, $Site->theme().DS.'init.php') ) {
|
|||
if( Sanitize::pathFile(PATH_THEMES, $Site->theme().DS.'index.php') ) {
|
||||
include(PATH_THEMES.$Site->theme().DS.'index.php');
|
||||
}
|
||||
else {
|
||||
$Language->p('Please check your theme configuration');
|
||||
}
|
||||
|
||||
// Plugins after site loaded
|
||||
Theme::plugins('afterSiteLoad');
|
|
@ -112,6 +112,12 @@ class dbPosts extends dbJSON
|
|||
$args['status'] = 'scheduled';
|
||||
}
|
||||
|
||||
// Tags
|
||||
if(Text::isNotEmpty($args['tags'])) {
|
||||
$cleanTags = array_map('trim', explode(',', $args['tags']));
|
||||
$args['tags'] = implode(',', $cleanTags);
|
||||
}
|
||||
|
||||
// Verify arguments with the database fields.
|
||||
foreach($this->dbFields as $field=>$options)
|
||||
{
|
||||
|
@ -336,9 +342,6 @@ class dbPosts extends dbJSON
|
|||
uasort($this->db, array($this, 'sortLowToHigh'));
|
||||
}
|
||||
|
||||
|
||||
Log::set(__METHOD__.LOG_SEP.'Sorted.'.$HighToLow);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -65,7 +65,8 @@ class dbTags extends dbJSON
|
|||
foreach($explode as $tagName)
|
||||
{
|
||||
$tagName = trim($tagName);
|
||||
$tagKey = Text::cleanUrl($tagName);
|
||||
$tagKey = $tagName;
|
||||
//$tagKey = Text::cleanUrl($tagName);
|
||||
|
||||
// If the tag is not empty.
|
||||
if(Text::isNotEmpty($tagName))
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?php defined('BLUDIT') or die('Bludit CMS.');
|
||||
|
||||
class Session {
|
||||
class Session {
|
||||
|
||||
private static $started = false;
|
||||
|
||||
|
@ -25,7 +25,8 @@ class Session {
|
|||
// Gets current cookies params.
|
||||
$cookieParams = session_get_cookie_params();
|
||||
|
||||
session_set_cookie_params($cookieLifetime,
|
||||
session_set_cookie_params(
|
||||
$cookieLifetime,
|
||||
$cookieParams["path"],
|
||||
$cookieParams["domain"],
|
||||
$secure,
|
||||
|
|
|
@ -148,7 +148,7 @@ class Text {
|
|||
|
||||
public static function imgRel2Abs($string, $base)
|
||||
{
|
||||
return preg_replace('/(?!code).(src)="([^:"]*)(?:")/', "$1=\"$base$2\"", $string);
|
||||
return preg_replace('/(src)="([^:"]*)(?:")/', "$1=\"$base$2\"", $string);
|
||||
}
|
||||
|
||||
public static function pre2htmlentities($string)
|
||||
|
|
|
@ -111,9 +111,18 @@ class Post extends fileContent
|
|||
return $date;
|
||||
}
|
||||
|
||||
public function tags()
|
||||
public function tags($returnsArray=false)
|
||||
{
|
||||
return $this->getField('tags');
|
||||
global $Url;
|
||||
|
||||
$tags = $this->getField('tags');
|
||||
|
||||
if($returnsArray) {
|
||||
return explode(',', $tags);
|
||||
}
|
||||
else {
|
||||
return $tags;
|
||||
}
|
||||
}
|
||||
|
||||
public function slug()
|
||||
|
|
|
@ -13,6 +13,42 @@ class Security extends dbJSON
|
|||
parent::__construct(PATH_DATABASES.'security.php');
|
||||
}
|
||||
|
||||
// ====================================================
|
||||
// TOKEN FOR CSRF
|
||||
// ====================================================
|
||||
|
||||
// Generate and save the token in Session.
|
||||
public function generateToken()
|
||||
{
|
||||
$token = Text::randomText(8);
|
||||
$token = sha1($token);
|
||||
|
||||
Session::set('token', $token);
|
||||
}
|
||||
|
||||
// Validate the token.
|
||||
public function validateToken($token)
|
||||
{
|
||||
$sessionToken = Session::get('token');
|
||||
|
||||
return ( !empty($sessionToken) && ($sessionToken===$token) );
|
||||
}
|
||||
|
||||
// Returns the token.
|
||||
public function getToken()
|
||||
{
|
||||
return Session::get('token');
|
||||
}
|
||||
|
||||
public function printToken()
|
||||
{
|
||||
echo Session::get('token');
|
||||
}
|
||||
|
||||
// ====================================================
|
||||
// BRUTE FORCE PROTECTION
|
||||
// ====================================================
|
||||
|
||||
public function isBlocked()
|
||||
{
|
||||
$ip = $this->getUserIp();
|
||||
|
|
|
@ -100,9 +100,15 @@ class Url
|
|||
}
|
||||
|
||||
// Return the filter used
|
||||
public function filters($type)
|
||||
public function filters($type, $trim=true)
|
||||
{
|
||||
return $this->filters[$type];
|
||||
$filter = $this->filters[$type];
|
||||
|
||||
if($trim) {
|
||||
$filter = trim($filter, '/');
|
||||
}
|
||||
|
||||
return $filter;
|
||||
}
|
||||
|
||||
// Return: home, tag, post
|
||||
|
|
|
@ -161,5 +161,6 @@
|
|||
"date": "Date",
|
||||
"you-can-schedule-the-post-just-select-the-date-and-time": "You can schedule the post, just select the date and time.",
|
||||
"scheduled": "Scheduled",
|
||||
"publish": "Publish"
|
||||
"publish": "Publish",
|
||||
"please-check-your-theme-configuration": "Please check your theme configuration."
|
||||
}
|
||||
|
|
|
@ -34,7 +34,13 @@ class pluginPages extends Plugin {
|
|||
global $Site;
|
||||
|
||||
$html = '<div class="plugin plugin-pages">';
|
||||
$html .= '<h2>'.$this->getDbField('label').'</h2>';
|
||||
|
||||
// If the label is not empty, print it.
|
||||
$label = $this->getDbField('label');
|
||||
if( !empty($label) ) {
|
||||
$html .= '<h2>'.$label.'</h2>';
|
||||
}
|
||||
|
||||
$html .= '<div class="plugin-content">';
|
||||
|
||||
$parents = $pagesParents[NO_PARENT_CHAR];
|
||||
|
|
|
@ -82,7 +82,7 @@ class pluginsimpleMDE extends Plugin {
|
|||
toolbarTips: true,
|
||||
toolbarGuideIcon: true,
|
||||
autofocus: false,
|
||||
lineWrapping: false,
|
||||
lineWrapping: true,
|
||||
indentWithTabs: true,
|
||||
tabSize: '.$this->getDbField('tabSize').',
|
||||
spellChecker: false,
|
||||
|
|
|
@ -28,7 +28,7 @@ class pluginTags extends Plugin {
|
|||
global $Url;
|
||||
|
||||
$db = $dbTags->db['postsIndex'];
|
||||
$filter = trim($Url->filters('tag'), '/');
|
||||
$filter = $Url->filters('tag');
|
||||
|
||||
$html = '<div class="plugin plugin-tags">';
|
||||
$html .= '<h2>'.$this->getDbField('label').'</h2>';
|
||||
|
|
Loading…
Reference in New Issue