Opengraph, Admin panel responsive, Improves on Security tokens
This commit is contained in:
parent
3c72cc92e2
commit
8d8cf62de8
|
@ -30,6 +30,7 @@ define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS);
|
||||||
// Init
|
// Init
|
||||||
require(PATH_BOOT.'init.php');
|
require(PATH_BOOT.'init.php');
|
||||||
|
|
||||||
|
|
||||||
// Admin area
|
// Admin area
|
||||||
if($Url->whereAmI()==='admin') {
|
if($Url->whereAmI()==='admin') {
|
||||||
require(PATH_BOOT.'admin.php');
|
require(PATH_BOOT.'admin.php');
|
||||||
|
|
|
@ -83,7 +83,7 @@ function checkGet($args)
|
||||||
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
|
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
|
||||||
{
|
{
|
||||||
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
|
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
|
||||||
$Security->generateToken();
|
$Security->generateTokenCSRF();
|
||||||
|
|
||||||
Redirect::page('admin', 'dashboard');
|
Redirect::page('admin', 'dashboard');
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -23,7 +23,7 @@ function checkPost($args)
|
||||||
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
|
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
|
||||||
{
|
{
|
||||||
// Renew the token. This token will be the same inside the session for multiple forms.
|
// Renew the token. This token will be the same inside the session for multiple forms.
|
||||||
$Security->generateToken();
|
$Security->generateTokenCSRF();
|
||||||
|
|
||||||
Redirect::page('admin', 'dashboard');
|
Redirect::page('admin', 'dashboard');
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
|
|
||||||
.uk-form legend {
|
.uk-form legend {
|
||||||
width: 70% !important;
|
width: 70% !important;
|
||||||
|
margin-top: 40px;
|
||||||
}
|
}
|
||||||
|
|
||||||
.uk-navbar-nav > li > a {
|
.uk-navbar-nav > li > a {
|
||||||
|
@ -90,7 +91,7 @@ li.bludit-logo {
|
||||||
}
|
}
|
||||||
|
|
||||||
h2.title {
|
h2.title {
|
||||||
margin: 20px 0;
|
margin: 0 0 20px 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
button.delete-button {
|
button.delete-button {
|
||||||
|
@ -111,6 +112,10 @@ button.delete-button:hover {
|
||||||
height: 400px;
|
height: 400px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.bl-view {
|
||||||
|
margin-top: 25px;
|
||||||
|
margin-bottom: 25px;
|
||||||
|
}
|
||||||
|
|
||||||
/* ----------- ALERT ----------- */
|
/* ----------- ALERT ----------- */
|
||||||
|
|
||||||
|
@ -149,7 +154,7 @@ div.login-form {
|
||||||
/* ----------- DASHBOARD ----------- */
|
/* ----------- DASHBOARD ----------- */
|
||||||
|
|
||||||
div.dashboard-links {
|
div.dashboard-links {
|
||||||
margin: 20px 0;
|
margin: 0 0 25px 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
div.dashboard-links h4 {
|
div.dashboard-links h4 {
|
||||||
|
|
|
@ -18,6 +18,11 @@ input[type="password"] {
|
||||||
|
|
||||||
/* ----------- BLUDIT ----------- */
|
/* ----------- BLUDIT ----------- */
|
||||||
|
|
||||||
|
div.login-box {
|
||||||
|
width: 400px;
|
||||||
|
max-width: calc(100% - 40px);
|
||||||
|
}
|
||||||
|
|
||||||
div.login-box > h1 {
|
div.login-box > h1 {
|
||||||
font-weight: lighter;
|
font-weight: lighter;
|
||||||
letter-spacing: 4px;
|
letter-spacing: 4px;
|
||||||
|
@ -26,7 +31,6 @@ div.login-box > h1 {
|
||||||
}
|
}
|
||||||
|
|
||||||
div.login-form {
|
div.login-form {
|
||||||
width: 400px;
|
|
||||||
text-align: left;
|
text-align: left;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -55,9 +55,11 @@ $(document).ready(function() {
|
||||||
|
|
||||||
<!-- Navbar -->
|
<!-- Navbar -->
|
||||||
<nav class="uk-navbar">
|
<nav class="uk-navbar">
|
||||||
<div class="uk-container uk-container-center">
|
|
||||||
|
|
||||||
<ul class="uk-navbar-nav uk-hidden-small">
|
<!-- Navbar for Desktop -->
|
||||||
|
<div class="uk-container uk-container-center uk-hidden-small">
|
||||||
|
|
||||||
|
<ul class="uk-navbar-nav">
|
||||||
<li class="bludit-logo">BLUDIT</li>
|
<li class="bludit-logo">BLUDIT</li>
|
||||||
<li <?php echo ($layout['view']=='dashboard')?'class="uk-active"':'' ?> ><a href="<?php echo HTML_PATH_ADMIN_ROOT.'dashboard' ?>"><i class="uk-icon-object-ungroup"></i> <?php $L->p('Dashboard') ?></a></li>
|
<li <?php echo ($layout['view']=='dashboard')?'class="uk-active"':'' ?> ><a href="<?php echo HTML_PATH_ADMIN_ROOT.'dashboard' ?>"><i class="uk-icon-object-ungroup"></i> <?php $L->p('Dashboard') ?></a></li>
|
||||||
<li <?php echo ($layout['view']=='new-post')?'class="uk-active"':'' ?>><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-post' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New post') ?></a></li>
|
<li <?php echo ($layout['view']=='new-post')?'class="uk-active"':'' ?>><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-post' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New post') ?></a></li>
|
||||||
|
@ -96,7 +98,7 @@ $(document).ready(function() {
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<div class="uk-navbar-flip uk-hidden-small">
|
<div class="uk-navbar-flip">
|
||||||
<ul class="uk-navbar-nav">
|
<ul class="uk-navbar-nav">
|
||||||
<li class="uk-parent" data-uk-dropdown>
|
<li class="uk-parent" data-uk-dropdown>
|
||||||
<?php
|
<?php
|
||||||
|
@ -119,13 +121,14 @@ $(document).ready(function() {
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<a href="#offcanvas" class="uk-navbar-toggle uk-visible-small" data-uk-offcanvas></a>
|
|
||||||
<div class="uk-navbar-brand uk-navbar-center uk-visible-small">Bludit</div>
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<!-- Navbar for Mobile -->
|
||||||
|
<a href="#offcanvas" class="uk-navbar-toggle uk-visible-small" data-uk-offcanvas></a>
|
||||||
|
<div class="uk-navbar-brand uk-navbar-center uk-visible-small">BLUDIT</div>
|
||||||
</nav>
|
</nav>
|
||||||
|
|
||||||
<!-- Offcanvas -->
|
<!-- Offcanvas for Mobile -->
|
||||||
<div id="offcanvas" class="uk-offcanvas">
|
<div id="offcanvas" class="uk-offcanvas">
|
||||||
<div class="uk-offcanvas-bar">
|
<div class="uk-offcanvas-bar">
|
||||||
<ul class="uk-nav uk-nav-offcanvas">
|
<ul class="uk-nav uk-nav-offcanvas">
|
||||||
|
@ -148,7 +151,7 @@ $(document).ready(function() {
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- View -->
|
<!-- View -->
|
||||||
<div class="uk-container uk-container-center">
|
<div class="uk-container uk-container-center bl-view">
|
||||||
<?php
|
<?php
|
||||||
if( Sanitize::pathFile(PATH_ADMIN_VIEWS, $layout['view'].'.php') ) {
|
if( Sanitize::pathFile(PATH_ADMIN_VIEWS, $layout['view'].'.php') ) {
|
||||||
include(PATH_ADMIN_VIEWS.$layout['view'].'.php');
|
include(PATH_ADMIN_VIEWS.$layout['view'].'.php');
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
<!DOCTYPE HTML>
|
<!DOCTYPE HTML>
|
||||||
<html class="uk-height-1-1 uk-notouch">
|
<html class="uk-height-1-1 uk-notouch">
|
||||||
<head>
|
<head>
|
||||||
<base href="<?php echo HTML_PATH_ADMIN_THEME ?>">
|
|
||||||
<meta charset="<?php echo CHARSET ?>">
|
<meta charset="<?php echo CHARSET ?>">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
<meta name="robots" content="noindex,nofollow">
|
<meta name="robots" content="noindex,nofollow">
|
||||||
|
@ -9,15 +8,15 @@
|
||||||
<title>Bludit</title>
|
<title>Bludit</title>
|
||||||
|
|
||||||
<!-- Favicon -->
|
<!-- Favicon -->
|
||||||
<link rel="shortcut icon" type="image/x-icon" href="./img/favicon.png">
|
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_ADMIN_THEME.'img/favicon.png' ?>">
|
||||||
|
|
||||||
<!-- CSS -->
|
<!-- CSS -->
|
||||||
<link rel="stylesheet" type="text/css" href="./css/uikit/uikit.almost-flat.min.css?version=<?php echo BLUDIT_VERSION ?>">
|
<link rel="stylesheet" type="text/css" href="<?php echo HTML_PATH_ADMIN_THEME.'css/uikit/uikit.almost-flat.min.css?version='.BLUDIT_VERSION ?>">
|
||||||
<link rel="stylesheet" type="text/css" href="./css/login.css?version=<?php echo BLUDIT_VERSION ?>">
|
<link rel="stylesheet" type="text/css" href="<?php echo HTML_PATH_ADMIN_THEME.'css/login.css?version='.BLUDIT_VERSION ?>">
|
||||||
|
|
||||||
<!-- Javascript -->
|
<!-- Javascript -->
|
||||||
<script charset="utf-8" src="./js/jquery.min.js?version=<?php echo BLUDIT_VERSION ?>"></script>
|
<script charset="utf-8" src="<?php echo HTML_PATH_ADMIN_THEME.'js/jquery.min.js?version='.BLUDIT_VERSION ?>"></script>
|
||||||
<script charset="utf-8" src="./js/uikit/uikit.min.js?version=<?php echo BLUDIT_VERSION ?>"></script>
|
<script charset="utf-8" src="<?php echo HTML_PATH_ADMIN_THEME.'js/uikit/uikit.min.js?version='.BLUDIT_VERSION ?>"></script>
|
||||||
|
|
||||||
<!-- Plugins -->
|
<!-- Plugins -->
|
||||||
<?php Theme::plugins('loginHead') ?>
|
<?php Theme::plugins('loginHead') ?>
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'add-user-form', 'class'=>'uk-form-horizontal'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
HTML::formInputText(array(
|
HTML::formInputText(array(
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'jsformplugin'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// Print the plugin form
|
// Print the plugin form
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// Key input
|
// Key input
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// Key input
|
// Key input
|
||||||
|
|
|
@ -10,7 +10,7 @@ HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// Security token
|
// Security token
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
<form method="post" action="" class="uk-form" autocomplete="off">
|
<form method="post" action="" class="uk-form" autocomplete="off">
|
||||||
|
|
||||||
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printToken() ?>">
|
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printTokenCSRF() ?>">
|
||||||
|
|
||||||
<div class="uk-form-row">
|
<div class="uk-form-row">
|
||||||
<input name="email" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Email') ?>" type="text">
|
<input name="email" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Email') ?>" type="text">
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
<form method="post" action="" class="uk-form" autocomplete="off">
|
<form method="post" action="" class="uk-form" autocomplete="off">
|
||||||
|
|
||||||
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printToken() ?>">
|
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printTokenCSRF() ?>">
|
||||||
|
|
||||||
<div class="uk-form-row">
|
<div class="uk-form-row">
|
||||||
<input name="username" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Username') ?>" type="text">
|
<input name="username" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Username') ?>" type="text">
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// ---- LEFT SIDE ----
|
// ---- LEFT SIDE ----
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// ---- LEFT SIDE ----
|
// ---- LEFT SIDE ----
|
||||||
|
|
|
@ -6,9 +6,11 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
|
||||||
|
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
|
HTML::legend(array('value'=>$L->g('General')));
|
||||||
|
|
||||||
HTML::formSelect(array(
|
HTML::formSelect(array(
|
||||||
'name'=>'postsperpage',
|
'name'=>'postsperpage',
|
||||||
'label'=>$L->g('Posts per page'),
|
'label'=>$L->g('Posts per page'),
|
||||||
|
|
|
@ -7,9 +7,11 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
|
HTML::legend(array('value'=>$L->g('Site')));
|
||||||
|
|
||||||
HTML::formInputText(array(
|
HTML::formInputText(array(
|
||||||
'name'=>'title',
|
'name'=>'title',
|
||||||
'label'=>$L->g('Site title'),
|
'label'=>$L->g('Site title'),
|
||||||
|
|
|
@ -6,7 +6,7 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
|
||||||
|
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
HTML::formSelect(array(
|
HTML::formSelect(array(
|
||||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal
|
||||||
// Security token
|
// Security token
|
||||||
HTML::formInputHidden(array(
|
HTML::formInputHidden(array(
|
||||||
'name'=>'tokenCSRF',
|
'name'=>'tokenCSRF',
|
||||||
'value'=>$Security->getToken()
|
'value'=>$Security->getTokenCSRF()
|
||||||
));
|
));
|
||||||
|
|
||||||
// Hidden field username
|
// Hidden field username
|
||||||
|
|
|
@ -15,7 +15,7 @@ $layout['controller'] = $layout['view'] = $layout['slug'] = $explodeSlug[0];
|
||||||
unset($explodeSlug[0]);
|
unset($explodeSlug[0]);
|
||||||
$layout['parameters'] = implode('/', $explodeSlug);
|
$layout['parameters'] = implode('/', $explodeSlug);
|
||||||
|
|
||||||
// Disable Magic Quotes
|
// Disable Magic Quotes.
|
||||||
// Thanks, http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting
|
// Thanks, http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting
|
||||||
if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
|
if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
|
||||||
{
|
{
|
||||||
|
@ -24,18 +24,19 @@ if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) )
|
||||||
$_COOKIE = array_map('stripslashes', $_COOKIE);
|
$_COOKIE = array_map('stripslashes', $_COOKIE);
|
||||||
}
|
}
|
||||||
|
|
||||||
// AJAX
|
// --- AJAX ---
|
||||||
if( $layout['slug']==='ajax' )
|
if( $layout['slug']==='ajax' )
|
||||||
{
|
{
|
||||||
|
// Check if the user is loggued.
|
||||||
if($Login->isLogged())
|
if($Login->isLogged())
|
||||||
{
|
{
|
||||||
// Load AJAX file
|
// Load the ajax file.
|
||||||
if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
|
if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
|
||||||
include(PATH_AJAX.$layout['parameters'].'.php');
|
include(PATH_AJAX.$layout['parameters'].'.php');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// ADMIN AREA
|
// --- ADMIN AREA ---
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Boot rules
|
// Boot rules
|
||||||
|
@ -47,6 +48,10 @@ else
|
||||||
include(PATH_RULES.'99.themes.php');
|
include(PATH_RULES.'99.themes.php');
|
||||||
include(PATH_RULES.'99.security.php');
|
include(PATH_RULES.'99.security.php');
|
||||||
|
|
||||||
|
// Page not found.
|
||||||
|
// User not logged.
|
||||||
|
// Slug is login.
|
||||||
|
// Slug is login-email.
|
||||||
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') || ($Url->slug()==='login-email') )
|
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') || ($Url->slug()==='login-email') )
|
||||||
{
|
{
|
||||||
$layout['controller'] = 'login';
|
$layout['controller'] = 'login';
|
||||||
|
@ -59,28 +64,29 @@ else
|
||||||
$layout['view'] = 'login-email';
|
$layout['view'] = 'login-email';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate the token for the user not logged, when the user is loggued the token will be change.
|
// Generate the tokenCSRF for the user not logged, when the user log-in the token will be change.
|
||||||
$Security->generateToken();
|
$Security->generateTokenCSRF();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Plugins before admin area loaded
|
// Load plugins before the admin area will be load.
|
||||||
Theme::plugins('beforeAdminLoad');
|
Theme::plugins('beforeAdminLoad');
|
||||||
|
|
||||||
// Admin theme init.php
|
// Load init.php if the theme has one.
|
||||||
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') ) {
|
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') ) {
|
||||||
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
|
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load controller
|
// Load controller.
|
||||||
if( Sanitize::pathFile(PATH_ADMIN_CONTROLLERS, $layout['controller'].'.php') ) {
|
if( Sanitize::pathFile(PATH_ADMIN_CONTROLLERS, $layout['controller'].'.php') ) {
|
||||||
include(PATH_ADMIN_CONTROLLERS.$layout['controller'].'.php');
|
include(PATH_ADMIN_CONTROLLERS.$layout['controller'].'.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load view and theme
|
// Load view and theme.
|
||||||
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) ) {
|
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) ) {
|
||||||
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
|
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Plugins after admin area loaded
|
// Load plugins after the admin area is loaded.
|
||||||
Theme::plugins('afterAdminLoad');
|
Theme::plugins('afterAdminLoad');
|
||||||
|
|
||||||
}
|
}
|
|
@ -20,9 +20,9 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
||||||
{
|
{
|
||||||
$token = isset($_POST['tokenCSRF']) ? Sanitize::html($_POST['tokenCSRF']) : false;
|
$token = isset($_POST['tokenCSRF']) ? Sanitize::html($_POST['tokenCSRF']) : false;
|
||||||
|
|
||||||
if( !$Security->validateToken($token) )
|
if( !$Security->validateTokenCSRF($token) )
|
||||||
{
|
{
|
||||||
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying validate the tokenCSRF. Token CSRF ID: '.$token);
|
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF. Token CSRF ID: '.$token);
|
||||||
|
|
||||||
// Destroy the session.
|
// Destroy the session.
|
||||||
Session::destroy();
|
Session::destroy();
|
||||||
|
|
|
@ -150,6 +150,14 @@ class dbSite extends dbJSON
|
||||||
return $this->getField('url');
|
return $this->getField('url');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function domain()
|
||||||
|
{
|
||||||
|
$parse = parse_url($this->url());
|
||||||
|
$domain = $parse['scheme']."://".$parse['host'];
|
||||||
|
|
||||||
|
return $domain;
|
||||||
|
}
|
||||||
|
|
||||||
// Returns TRUE if the cli mode is enabled, otherwise FALSE.
|
// Returns TRUE if the cli mode is enabled, otherwise FALSE.
|
||||||
public function cliMode()
|
public function cliMode()
|
||||||
{
|
{
|
||||||
|
|
|
@ -19,16 +19,18 @@ class Security extends dbJSON
|
||||||
// ====================================================
|
// ====================================================
|
||||||
|
|
||||||
// Generate and save the token in Session.
|
// Generate and save the token in Session.
|
||||||
public function generateToken()
|
public function generateTokenCSRF()
|
||||||
{
|
{
|
||||||
$token = Text::randomText(8);
|
$token = Text::randomText(8);
|
||||||
$token = sha1($token);
|
$token = sha1($token);
|
||||||
|
|
||||||
|
Log::set(__METHOD__.LOG_SEP.'New tokenCSRF was generated '.$token);
|
||||||
|
|
||||||
Session::set('tokenCSRF', $token);
|
Session::set('tokenCSRF', $token);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate the token.
|
// Validate the token.
|
||||||
public function validateToken($token)
|
public function validateTokenCSRF($token)
|
||||||
{
|
{
|
||||||
$sessionToken = Session::get('tokenCSRF');
|
$sessionToken = Session::get('tokenCSRF');
|
||||||
|
|
||||||
|
@ -36,12 +38,12 @@ class Security extends dbJSON
|
||||||
}
|
}
|
||||||
|
|
||||||
// Returns the token.
|
// Returns the token.
|
||||||
public function getToken()
|
public function getTokenCSRF()
|
||||||
{
|
{
|
||||||
return Session::get('tokenCSRF');
|
return Session::get('tokenCSRF');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function printToken()
|
public function printTokenCSRF()
|
||||||
{
|
{
|
||||||
echo Session::get('tokenCSRF');
|
echo Session::get('tokenCSRF');
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,28 @@
|
||||||
|
|
||||||
class pluginOpenGraph extends Plugin {
|
class pluginOpenGraph extends Plugin {
|
||||||
|
|
||||||
|
private function getImage($content)
|
||||||
|
{
|
||||||
|
$dom = new DOMDocument();
|
||||||
|
$dom->loadHTML('<meta http-equiv="content-type" content="text/html; charset=utf-8">'.$content);
|
||||||
|
$finder = new DomXPath($dom);
|
||||||
|
$classname = "bludit-img-opengraph";
|
||||||
|
$images = $finder->query("//img[contains(@class, '$classname')]");
|
||||||
|
|
||||||
|
if($images->length>0)
|
||||||
|
{
|
||||||
|
// First image from the list
|
||||||
|
$image = $images->item(0);
|
||||||
|
|
||||||
|
// Get value from attribute src
|
||||||
|
$coverImage = $image->getAttribute('src');
|
||||||
|
|
||||||
|
return $coverImage;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function siteHead()
|
public function siteHead()
|
||||||
{
|
{
|
||||||
global $Url, $Site;
|
global $Url, $Site;
|
||||||
|
@ -24,12 +46,14 @@ class pluginOpenGraph extends Plugin {
|
||||||
$og['title'] = $Post->title().' | '.$og['title'];
|
$og['title'] = $Post->title().' | '.$og['title'];
|
||||||
$og['description'] = $Post->description();
|
$og['description'] = $Post->description();
|
||||||
$og['url'] = $Post->permalink(true);
|
$og['url'] = $Post->permalink(true);
|
||||||
|
$og['image'] = $Site->domain().$this->getImage($Post->content());
|
||||||
break;
|
break;
|
||||||
case 'page':
|
case 'page':
|
||||||
$og['type'] = 'article';
|
$og['type'] = 'article';
|
||||||
$og['title'] = $Page->title().' | '.$og['title'];
|
$og['title'] = $Page->title().' | '.$og['title'];
|
||||||
$og['description'] = $Page->description();
|
$og['description'] = $Page->description();
|
||||||
$og['url'] = $Page->permalink(true);
|
$og['url'] = $Page->permalink(true);
|
||||||
|
$og['image'] = $Site->domain().$this->getImage($Page->content());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue