This commit is contained in:
dignajar 2015-09-07 21:51:48 -03:00
parent 3120e7975a
commit 62196c1177
33 changed files with 240 additions and 97 deletions

View File

@ -22,6 +22,9 @@ function checkPost($args)
// Verify User sanitize the input
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
{
// Renew the token. This token will be the same inside the session for multiple forms.
$Security->generateToken();
Redirect::page('admin', 'dashboard');
return true;
}

View File

@ -32,7 +32,7 @@ span.label {
/* ----------- HEAD ----------- */
#head {
overflow: auto;
border-top: 10px #f1f1f1 solid;
border-top: 10px #eee solid;
border-bottom: 1px solid #f1f1f1;
padding: 10px 0;
}
@ -105,6 +105,10 @@ h2.title {
font-weight: normal;
}
h2.title i.fa {
margin-right: 8px;
}
/* ----------- TABLE ----------- */
table {
background-color: #fff;

View File

@ -1,38 +1,41 @@
<h2 class="title"><i class="fa fa-user-plus"></i> <?php $Language->p('Add a new user') ?></h2>
<h2 class="title"><i class="fa fa-user-plus"></i><?php $Language->p('Add a new user') ?></h2>
<?php makeNavbar('users'); ?>
<form method="post" action="" class="forms" autocomplete="off">
<label>
<?php $Language->p('Username') ?>
<input type="text" name="username" class="width-50" value="<?php echo (isset($_POST['username'])?$_POST['username']:'') ?>">
</label>
<label>
<?php $Language->p('Password') ?>
<input type="password" name="password" class="width-50">
</label>
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label>
<?php $Language->p('Confirm Password') ?>
<input type="password" name="confirm-password" class="width-50">
</label>
<label>
<?php $Language->p('Username') ?>
<input type="text" name="username" class="width-50" value="<?php echo (isset($_POST['username'])?$_POST['username']:'') ?>">
</label>
<label for="country">
<?php $Language->p('Role') ?>
<select name="role" class="width-50">
<option value="editor"><?php $Language->p('Editor') ?></option>
<option value="admin"><?php $Language->p('Administrator') ?></option>
</select>
<div class="forms-desc"><?php $Language->p('you-can-choose-the-users-privilege') ?></div>
</label>
<label>
<?php $Language->p('Password') ?>
<input type="password" name="password" class="width-50">
</label>
<label>
Email
<input type="text" name="email" class="width-50" value="<?php echo (isset($_POST['email'])?$_POST['email']:'') ?>">
<div class="forms-desc"><?php $Language->p('email-will-not-be-publicly-displayed') ?></div>
</label>
<label>
<?php $Language->p('Confirm Password') ?>
<input type="password" name="confirm-password" class="width-50">
</label>
<input type="submit" class="btn btn-blue" value="<?php $Language->p('Add') ?>" name="add-user">
<a href="<?php echo HTML_PATH_ADMIN_ROOT.'users' ?>" class="btn"><?php $Language->p('Cancel') ?></a>
<label for="country">
<?php $Language->p('Role') ?>
<select name="role" class="width-50">
<option value="editor"><?php $Language->p('Editor') ?></option>
<option value="admin"><?php $Language->p('Administrator') ?></option>
</select>
<div class="forms-desc"><?php $Language->p('you-can-choose-the-users-privilege') ?></div>
</label>
<label>
Email
<input type="text" name="email" class="width-50" value="<?php echo (isset($_POST['email'])?$_POST['email']:'') ?>">
<div class="forms-desc"><?php $Language->p('email-will-not-be-publicly-displayed') ?></div>
</label>
<input type="submit" class="btn btn-blue" value="<?php $Language->p('Add') ?>" name="add-user">
<a href="<?php echo HTML_PATH_ADMIN_ROOT.'users' ?>" class="btn"><?php $Language->p('Cancel') ?></a>
</form>

View File

@ -2,14 +2,15 @@
<form id="jsformplugin" method="post" action="" class="forms">
<input type="hidden" id="jskey" name="key" value="">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<input type="hidden" id="jskey" name="key" value="">
<?php
echo $_Plugin->form();
?>
<?php
echo $_Plugin->form();
?>
<div>
<button class="btn btn-blue" name="publish"><?php echo $Language->p('Save') ?></button>
</div>
<div>
<button class="btn btn-blue" name="publish"><?php echo $Language->p('Save') ?></button>
</div>
</form>

View File

@ -1,7 +1,8 @@
<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('Edit page') ?></h2>
<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('Edit page') ?></h2>
<form id="jsform" method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<input type="hidden" id="jskey" name="key" value="<?php echo $_Page->key() ?>">
<label>

View File

@ -1,7 +1,8 @@
<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('Edit post') ?></h2>
<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('Edit post') ?></h2>
<form method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<input type="hidden" id="jskey" name="key" value="<?php echo $_Post->key() ?>">
<label>

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-user"></i> <?php $Language->p('Edit user') ?></h2>
<h2 class="title"><i class="fa fa-user"></i><?php $Language->p('Edit user') ?></h2>
<nav class="navbar nav-pills sublinks" data-tools="tabs" data-active="#profile">
<ul>
@ -18,6 +18,8 @@
<div id="profile">
<form method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<input type="hidden" name="edit-user" value="true">
<input type="hidden" name="username" value="<?php echo $_user['username'] ?>">

View File

@ -1,13 +1,18 @@
<h2 class="title"><?php $Language->p('Login') ?></h2>
<form method="post" action="<?php echo HTML_PATH_ADMIN_ROOT.'login' ?>" class="forms" autocomplete="off">
<label>
<input type="text" name="username" placeholder="<?php $Language->p('Username') ?>" class="width-100" autocomplete="off">
</label>
<label>
<input type="password" name="password" placeholder="<?php $Language->p('Password') ?>" class="width-100" autocomplete="off">
</label>
<p>
<button class="btn btn-blue width-100"><?php $Language->p('Login') ?></button>
</p>
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label>
<input type="text" name="username" placeholder="<?php $Language->p('Username') ?>" class="width-100" autocomplete="off">
</label>
<label>
<input type="password" name="password" placeholder="<?php $Language->p('Password') ?>" class="width-100" autocomplete="off">
</label>
<p>
<button class="btn btn-blue width-100"><?php $Language->p('Login') ?></button>
</p>
</form>

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-file-text-o"></i> <?php $Language->p('Manage pages') ?></h2>
<h2 class="title"><i class="fa fa-file-text-o"></i><?php $Language->p('Manage pages') ?></h2>
<?php makeNavbar('manage'); ?>

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-file-text-o"></i> <?php $Language->p('Manage posts') ?></h2>
<h2 class="title"><i class="fa fa-file-text-o"></i><?php $Language->p('Manage posts') ?></h2>
<?php makeNavbar('manage'); ?>

View File

@ -2,9 +2,11 @@
<form method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label>
<?php $Language->p('Title') ?>
<input id="jstitle" name="title" type="text" class="width-90">
<?php $Language->p('Title') ?>
<input id="jstitle" name="title" type="text" class="width-90">
</label>
<label class="width-90">

View File

@ -1,7 +1,9 @@
<h2 class="title"><i class="fa fa-pencil"></i> <?php $Language->p('New post') ?></h2>
<h2 class="title"><i class="fa fa-pencil"></i><?php $Language->p('New post') ?></h2>
<form method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label>
<?php $Language->p('Title') ?>
<input id="jstitle" name="title" type="text" class="width-90">

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-rocket"></i> <?php $Language->p('Plugins') ?></h2>
<h2 class="title"><i class="fa fa-rocket"></i><?php $Language->p('Plugins') ?></h2>
<?php
foreach($plugins['all'] as $Plugin)

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-cogs"></i> <?php $Language->p('Settings') ?></h2>
<h2 class="title"><i class="fa fa-cogs"></i><?php $Language->p('Settings') ?></h2>
<nav class="navbar nav-pills sublinks" data-tools="tabs" data-active="#general">
<ul>
@ -15,6 +15,9 @@
<div id="general">
<form method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label>
<?php $Language->p('Site title') ?>
<input type="text" name="title" class="width-50" value="<?php echo $Site->title() ?>">
@ -50,6 +53,9 @@
<div id="advanced">
<form method="post" action="" class="forms">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label for="postsperpage">
<?php $Language->p('Posts per page') ?>
<select name="postsperpage" class="width-50">
@ -112,6 +118,9 @@
<div id="regional">
<form method="post" action="" class="forms" name="form-regional">
<input type="hidden" id="jstoken" name="token" value="<?php $Security->printToken() ?>">
<label for="jslanguage">
<?php $Language->p('Language') ?>
<select id="jslanguage" name="language" class="width-50">

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-adjust"></i> <?php $Language->p('Themes') ?></h2>
<h2 class="title"><i class="fa fa-adjust"></i><?php $Language->p('Themes') ?></h2>
<?php
foreach($themes as $theme)

View File

@ -1,4 +1,4 @@
<h2 class="title"><i class="fa fa-users"></i> <?php $Language->p('Users') ?></h2>
<h2 class="title"><i class="fa fa-users"></i><?php $Language->p('Users') ?></h2>
<?php makeNavbar('users'); ?>

View File

@ -45,12 +45,16 @@ else
include(PATH_RULES.'99.header.php');
include(PATH_RULES.'99.paginator.php');
include(PATH_RULES.'99.themes.php');
include(PATH_RULES.'99.security.php');
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') )
{
$layout['controller'] = 'login';
$layout['view'] = 'login';
$layout['template'] = 'login.php';
// Generate the token for the user not logged, when the user is loggued the token will be change.
$Security->generateToken();
}
// Plugins before admin area loaded

View File

@ -99,8 +99,7 @@ function buildPostsForPage($pageNumber=0, $amount=POSTS_PER_PAGE_ADMIN, $removeU
}
// There are not posts for the page number then set the page notfound
//if(empty($list) && $pageNumber>0) {
if(empty($list)) {
if(empty($list) && $pageNumber>0) {
$Url->setNotFound(true);
}

View File

@ -83,7 +83,7 @@ function build_plugins()
$Language->add($databaseArray);
// Push Plugin to array all plugins installed and not installed.
array_push($plugins['all'], $Plugin);
$plugins['all'][$pluginClass] = $Plugin;
// If the plugin installed
if($Plugin->installed())

View File

@ -0,0 +1,41 @@
<?php defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Variables
// ============================================================================
// ============================================================================
// Functions
// ============================================================================
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
$token = isset($_POST['token']) ? Sanitize::html($_POST['token']) : false;
if( !$Security->validateToken($token) )
{
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying validate the token. Token ID: '.$token);
// Destroy the session.
Session::destroy();
// Redirect to login panel.
Redirect::page('admin', 'login');
}
else
{
unset($_POST['token']);
}
}
// ============================================================================
// Main after POST
// ============================================================================

View File

@ -20,6 +20,9 @@ if( Sanitize::pathFile(PATH_THEMES, $Site->theme().DS.'init.php') ) {
if( Sanitize::pathFile(PATH_THEMES, $Site->theme().DS.'index.php') ) {
include(PATH_THEMES.$Site->theme().DS.'index.php');
}
else {
$Language->p('Please check your theme configuration');
}
// Plugins after site loaded
Theme::plugins('afterSiteLoad');

View File

@ -112,6 +112,12 @@ class dbPosts extends dbJSON
$args['status'] = 'scheduled';
}
// Tags
if(Text::isNotEmpty($args['tags'])) {
$cleanTags = array_map('trim', explode(',', $args['tags']));
$args['tags'] = implode(',', $cleanTags);
}
// Verify arguments with the database fields.
foreach($this->dbFields as $field=>$options)
{
@ -336,9 +342,6 @@ class dbPosts extends dbJSON
uasort($this->db, array($this, 'sortLowToHigh'));
}
Log::set(__METHOD__.LOG_SEP.'Sorted.'.$HighToLow);
return true;
}

View File

@ -138,7 +138,7 @@ class dbSite extends dbJSON
// Returns the relative home link
public function homeLink()
{
return HTML_PATH_ROOT;
return HTML_PATH_ROOT;
}
// Returns the timezone.

View File

@ -65,7 +65,8 @@ class dbTags extends dbJSON
foreach($explode as $tagName)
{
$tagName = trim($tagName);
$tagKey = Text::cleanUrl($tagName);
$tagKey = $tagName;
//$tagKey = Text::cleanUrl($tagName);
// If the tag is not empty.
if(Text::isNotEmpty($tagName))

View File

@ -1,6 +1,6 @@
<?php defined('BLUDIT') or die('Bludit CMS.');
class Session {
class Session {
private static $started = false;
@ -10,40 +10,41 @@ class Session {
// return true;
// DEBUG: Ver un nombre con alguna llave random al momentode instalar.
$session_name = 'Bludit-KEY';
$session_name = 'Bludit-KEY';
// If TRUE cookie will only be sent over secure connections.
$secure = false;
// If TRUE cookie will only be sent over secure connections.
$secure = false;
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
$httponly = true;
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
$httponly = true;
// This specifies the lifetime of the cookie in seconds which is sent to the browser.
// The value 0 means until the browser is closed.
$cookieLifetime = 0;
// This specifies the lifetime of the cookie in seconds which is sent to the browser.
// The value 0 means until the browser is closed.
$cookieLifetime = 0;
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieLifetime,
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly
);
session_set_cookie_params(
$cookieLifetime,
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly
);
// Sets the session name to the one set above.
session_name($session_name);
// Sets the session name to the one set above.
session_name($session_name);
// Start session.
self::$started = session_start();
// Start session.
self::$started = session_start();
// Regenerated the session, delete the old one. There are problems with AJAX.
//session_regenerate_id(true);
if(!self::$started) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to start the session.');
}
if(!self::$started) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to start the session.');
}
}
public static function started()

View File

@ -148,7 +148,7 @@ class Text {
public static function imgRel2Abs($string, $base)
{
return preg_replace('/(?!code).(src)="([^:"]*)(?:")/', "$1=\"$base$2\"", $string);
return preg_replace('/(src)="([^:"]*)(?:")/', "$1=\"$base$2\"", $string);
}
public static function pre2htmlentities($string)

View File

@ -111,9 +111,18 @@ class Post extends fileContent
return $date;
}
public function tags()
public function tags($returnsArray=false)
{
return $this->getField('tags');
global $Url;
$tags = $this->getField('tags');
if($returnsArray) {
return explode(',', $tags);
}
else {
return $tags;
}
}
public function slug()

View File

@ -13,6 +13,42 @@ class Security extends dbJSON
parent::__construct(PATH_DATABASES.'security.php');
}
// ====================================================
// TOKEN FOR CSRF
// ====================================================
// Generate and save the token in Session.
public function generateToken()
{
$token = Text::randomText(8);
$token = sha1($token);
Session::set('token', $token);
}
// Validate the token.
public function validateToken($token)
{
$sessionToken = Session::get('token');
return ( !empty($sessionToken) && ($sessionToken===$token) );
}
// Returns the token.
public function getToken()
{
return Session::get('token');
}
public function printToken()
{
echo Session::get('token');
}
// ====================================================
// BRUTE FORCE PROTECTION
// ====================================================
public function isBlocked()
{
$ip = $this->getUserIp();

View File

@ -100,9 +100,15 @@ class Url
}
// Return the filter used
public function filters($type)
public function filters($type, $trim=true)
{
return $this->filters[$type];
$filter = $this->filters[$type];
if($trim) {
$filter = trim($filter, '/');
}
return $filter;
}
// Return: home, tag, post

View File

@ -161,5 +161,6 @@
"date": "Date",
"you-can-schedule-the-post-just-select-the-date-and-time": "You can schedule the post, just select the date and time.",
"scheduled": "Scheduled",
"publish": "Publish"
"publish": "Publish",
"please-check-your-theme-configuration": "Please check your theme configuration."
}

View File

@ -34,7 +34,13 @@ class pluginPages extends Plugin {
global $Site;
$html = '<div class="plugin plugin-pages">';
$html .= '<h2>'.$this->getDbField('label').'</h2>';
// If the label is not empty, print it.
$label = $this->getDbField('label');
if( !empty($label) ) {
$html .= '<h2>'.$label.'</h2>';
}
$html .= '<div class="plugin-content">';
$parents = $pagesParents[NO_PARENT_CHAR];

View File

@ -82,7 +82,7 @@ class pluginsimpleMDE extends Plugin {
toolbarTips: true,
toolbarGuideIcon: true,
autofocus: false,
lineWrapping: false,
lineWrapping: true,
indentWithTabs: true,
tabSize: '.$this->getDbField('tabSize').',
spellChecker: false,

View File

@ -28,7 +28,7 @@ class pluginTags extends Plugin {
global $Url;
$db = $dbTags->db['postsIndex'];
$filter = trim($Url->filters('tag'), '/');
$filter = $Url->filters('tag');
$html = '<div class="plugin plugin-tags">';
$html .= '<h2>'.$this->getDbField('label').'</h2>';