Opengraph, Admin panel responsive, Improves on Security tokens
This commit is contained in:
parent
3c72cc92e2
commit
8d8cf62de8
|
@ -30,6 +30,7 @@ define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS);
|
|||
// Init
|
||||
require(PATH_BOOT.'init.php');
|
||||
|
||||
|
||||
// Admin area
|
||||
if($Url->whereAmI()==='admin') {
|
||||
require(PATH_BOOT.'admin.php');
|
||||
|
|
|
@ -83,7 +83,7 @@ function checkGet($args)
|
|||
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
|
||||
{
|
||||
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
|
||||
$Security->generateToken();
|
||||
$Security->generateTokenCSRF();
|
||||
|
||||
Redirect::page('admin', 'dashboard');
|
||||
return true;
|
||||
|
|
|
@ -23,7 +23,7 @@ function checkPost($args)
|
|||
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
|
||||
{
|
||||
// Renew the token. This token will be the same inside the session for multiple forms.
|
||||
$Security->generateToken();
|
||||
$Security->generateTokenCSRF();
|
||||
|
||||
Redirect::page('admin', 'dashboard');
|
||||
return true;
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
|
||||
.uk-form legend {
|
||||
width: 70% !important;
|
||||
margin-top: 40px;
|
||||
}
|
||||
|
||||
.uk-navbar-nav > li > a {
|
||||
|
@ -90,7 +91,7 @@ li.bludit-logo {
|
|||
}
|
||||
|
||||
h2.title {
|
||||
margin: 20px 0;
|
||||
margin: 0 0 20px 0;
|
||||
}
|
||||
|
||||
button.delete-button {
|
||||
|
@ -111,6 +112,10 @@ button.delete-button:hover {
|
|||
height: 400px;
|
||||
}
|
||||
|
||||
.bl-view {
|
||||
margin-top: 25px;
|
||||
margin-bottom: 25px;
|
||||
}
|
||||
|
||||
/* ----------- ALERT ----------- */
|
||||
|
||||
|
@ -149,7 +154,7 @@ div.login-form {
|
|||
/* ----------- DASHBOARD ----------- */
|
||||
|
||||
div.dashboard-links {
|
||||
margin: 20px 0;
|
||||
margin: 0 0 25px 0;
|
||||
}
|
||||
|
||||
div.dashboard-links h4 {
|
||||
|
|
|
@ -18,6 +18,11 @@ input[type="password"] {
|
|||
|
||||
/* ----------- BLUDIT ----------- */
|
||||
|
||||
div.login-box {
|
||||
width: 400px;
|
||||
max-width: calc(100% - 40px);
|
||||
}
|
||||
|
||||
div.login-box > h1 {
|
||||
font-weight: lighter;
|
||||
letter-spacing: 4px;
|
||||
|
@ -26,7 +31,6 @@ div.login-box > h1 {
|
|||
}
|
||||
|
||||
div.login-form {
|
||||
width: 400px;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
|
|
|
@ -55,9 +55,11 @@ $(document).ready(function() {
|
|||
|
||||
<!-- Navbar -->
|
||||
<nav class="uk-navbar">
|
||||
<div class="uk-container uk-container-center">
|
||||
|
||||
<ul class="uk-navbar-nav uk-hidden-small">
|
||||
<!-- Navbar for Desktop -->
|
||||
<div class="uk-container uk-container-center uk-hidden-small">
|
||||
|
||||
<ul class="uk-navbar-nav">
|
||||
<li class="bludit-logo">BLUDIT</li>
|
||||
<li <?php echo ($layout['view']=='dashboard')?'class="uk-active"':'' ?> ><a href="<?php echo HTML_PATH_ADMIN_ROOT.'dashboard' ?>"><i class="uk-icon-object-ungroup"></i> <?php $L->p('Dashboard') ?></a></li>
|
||||
<li <?php echo ($layout['view']=='new-post')?'class="uk-active"':'' ?>><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-post' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New post') ?></a></li>
|
||||
|
@ -96,7 +98,7 @@ $(document).ready(function() {
|
|||
|
||||
</ul>
|
||||
|
||||
<div class="uk-navbar-flip uk-hidden-small">
|
||||
<div class="uk-navbar-flip">
|
||||
<ul class="uk-navbar-nav">
|
||||
<li class="uk-parent" data-uk-dropdown>
|
||||
<?php
|
||||
|
@ -119,13 +121,14 @@ $(document).ready(function() {
|
|||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Navbar for Mobile -->
|
||||
<a href="#offcanvas" class="uk-navbar-toggle uk-visible-small" data-uk-offcanvas></a>
|
||||
<div class="uk-navbar-brand uk-navbar-center uk-visible-small">Bludit</div>
|
||||
</div>
|
||||
<div class="uk-navbar-brand uk-navbar-center uk-visible-small">BLUDIT</div>
|
||||
</nav>
|
||||
|
||||
<!-- Offcanvas -->
|
||||
<!-- Offcanvas for Mobile -->
|
||||
<div id="offcanvas" class="uk-offcanvas">
|
||||
<div class="uk-offcanvas-bar">
|
||||
<ul class="uk-nav uk-nav-offcanvas">
|
||||
|
@ -148,7 +151,7 @@ $(document).ready(function() {
|
|||
</div>
|
||||
|
||||
<!-- View -->
|
||||
<div class="uk-container uk-container-center">
|
||||
<div class="uk-container uk-container-center bl-view">
|
||||
<?php
|
||||
if( Sanitize::pathFile(PATH_ADMIN_VIEWS, $layout['view'].'.php') ) {
|
||||
include(PATH_ADMIN_VIEWS.$layout['view'].'.php');
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html class="uk-height-1-1 uk-notouch">
|
||||
<head>
|
||||
<base href="<?php echo HTML_PATH_ADMIN_THEME ?>">
|
||||
<meta charset="<?php echo CHARSET ?>">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="robots" content="noindex,nofollow">
|
||||
|
@ -9,15 +8,15 @@
|
|||
<title>Bludit</title>
|
||||
|
||||
<!-- Favicon -->
|
||||
<link rel="shortcut icon" type="image/x-icon" href="./img/favicon.png">
|
||||
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_ADMIN_THEME.'img/favicon.png' ?>">
|
||||
|
||||
<!-- CSS -->
|
||||
<link rel="stylesheet" type="text/css" href="./css/uikit/uikit.almost-flat.min.css?version=<?php echo BLUDIT_VERSION ?>">
|
||||
<link rel="stylesheet" type="text/css" href="./css/login.css?version=<?php echo BLUDIT_VERSION ?>">
|
||||
<link rel="stylesheet" type="text/css" href="<?php echo HTML_PATH_ADMIN_THEME.'css/uikit/uikit.almost-flat.min.css?version='.BLUDIT_VERSION ?>">
|
||||
<link rel="stylesheet" type="text/css" href="<?php echo HTML_PATH_ADMIN_THEME.'css/login.css?version='.BLUDIT_VERSION ?>">
|
||||
|
||||
<!-- Javascript -->
|
||||
<script charset="utf-8" src="./js/jquery.min.js?version=<?php echo BLUDIT_VERSION ?>"></script>
|
||||
<script charset="utf-8" src="./js/uikit/uikit.min.js?version=<?php echo BLUDIT_VERSION ?>"></script>
|
||||
<script charset="utf-8" src="<?php echo HTML_PATH_ADMIN_THEME.'js/jquery.min.js?version='.BLUDIT_VERSION ?>"></script>
|
||||
<script charset="utf-8" src="<?php echo HTML_PATH_ADMIN_THEME.'js/uikit/uikit.min.js?version='.BLUDIT_VERSION ?>"></script>
|
||||
|
||||
<!-- Plugins -->
|
||||
<?php Theme::plugins('loginHead') ?>
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'add-user-form', 'class'=>'uk-form-horizontal'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
HTML::formInputText(array(
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'jsformplugin'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// Print the plugin form
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// Key input
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// Key input
|
||||
|
|
|
@ -10,7 +10,7 @@ HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// Security token
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<form method="post" action="" class="uk-form" autocomplete="off">
|
||||
|
||||
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printToken() ?>">
|
||||
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printTokenCSRF() ?>">
|
||||
|
||||
<div class="uk-form-row">
|
||||
<input name="email" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Email') ?>" type="text">
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<form method="post" action="" class="uk-form" autocomplete="off">
|
||||
|
||||
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printToken() ?>">
|
||||
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printTokenCSRF() ?>">
|
||||
|
||||
<div class="uk-form-row">
|
||||
<input name="username" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Username') ?>" type="text">
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// ---- LEFT SIDE ----
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// ---- LEFT SIDE ----
|
||||
|
|
|
@ -6,9 +6,11 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
|
|||
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
HTML::legend(array('value'=>$L->g('General')));
|
||||
|
||||
HTML::formSelect(array(
|
||||
'name'=>'postsperpage',
|
||||
'label'=>$L->g('Posts per page'),
|
||||
|
|
|
@ -7,9 +7,11 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
HTML::legend(array('value'=>$L->g('Site')));
|
||||
|
||||
HTML::formInputText(array(
|
||||
'name'=>'title',
|
||||
'label'=>$L->g('Site title'),
|
||||
|
|
|
@ -6,7 +6,7 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
|
|||
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
HTML::formSelect(array(
|
||||
|
|
|
@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal
|
|||
// Security token
|
||||
HTML::formInputHidden(array(
|
||||
'name'=>'tokenCSRF',
|
||||
'value'=>$Security->getToken()
|
||||
'value'=>$Security->getTokenCSRF()
|
||||
));
|
||||
|
||||
// Hidden field username
|
||||
|
|
|
@ -15,7 +15,7 @@ $layout['controller'] = $layout['view'] = $layout['slug'] = $explodeSlug[0];
|
|||
unset($explodeSlug[0]);
|
||||
$layout['parameters'] = implode('/', $explodeSlug);
|
||||
|
||||
// Disable Magic Quotes
|
||||
// Disable Magic Quotes.
|
||||
// Thanks, http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting
|
||||
if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
|
||||
{
|
||||
|
@ -24,18 +24,19 @@ if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) )
|
|||
$_COOKIE = array_map('stripslashes', $_COOKIE);
|
||||
}
|
||||
|
||||
// AJAX
|
||||
// --- AJAX ---
|
||||
if( $layout['slug']==='ajax' )
|
||||
{
|
||||
// Check if the user is loggued.
|
||||
if($Login->isLogged())
|
||||
{
|
||||
// Load AJAX file
|
||||
// Load the ajax file.
|
||||
if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
|
||||
include(PATH_AJAX.$layout['parameters'].'.php');
|
||||
}
|
||||
}
|
||||
}
|
||||
// ADMIN AREA
|
||||
// --- ADMIN AREA ---
|
||||
else
|
||||
{
|
||||
// Boot rules
|
||||
|
@ -47,6 +48,10 @@ else
|
|||
include(PATH_RULES.'99.themes.php');
|
||||
include(PATH_RULES.'99.security.php');
|
||||
|
||||
// Page not found.
|
||||
// User not logged.
|
||||
// Slug is login.
|
||||
// Slug is login-email.
|
||||
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') || ($Url->slug()==='login-email') )
|
||||
{
|
||||
$layout['controller'] = 'login';
|
||||
|
@ -59,28 +64,29 @@ else
|
|||
$layout['view'] = 'login-email';
|
||||
}
|
||||
|
||||
// Generate the token for the user not logged, when the user is loggued the token will be change.
|
||||
$Security->generateToken();
|
||||
// Generate the tokenCSRF for the user not logged, when the user log-in the token will be change.
|
||||
$Security->generateTokenCSRF();
|
||||
}
|
||||
|
||||
// Plugins before admin area loaded
|
||||
// Load plugins before the admin area will be load.
|
||||
Theme::plugins('beforeAdminLoad');
|
||||
|
||||
// Admin theme init.php
|
||||
// Load init.php if the theme has one.
|
||||
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') ) {
|
||||
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
|
||||
}
|
||||
|
||||
// Load controller
|
||||
// Load controller.
|
||||
if( Sanitize::pathFile(PATH_ADMIN_CONTROLLERS, $layout['controller'].'.php') ) {
|
||||
include(PATH_ADMIN_CONTROLLERS.$layout['controller'].'.php');
|
||||
}
|
||||
|
||||
// Load view and theme
|
||||
// Load view and theme.
|
||||
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) ) {
|
||||
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
|
||||
}
|
||||
|
||||
// Plugins after admin area loaded
|
||||
// Load plugins after the admin area is loaded.
|
||||
Theme::plugins('afterAdminLoad');
|
||||
|
||||
}
|
|
@ -20,9 +20,9 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
|||
{
|
||||
$token = isset($_POST['tokenCSRF']) ? Sanitize::html($_POST['tokenCSRF']) : false;
|
||||
|
||||
if( !$Security->validateToken($token) )
|
||||
if( !$Security->validateTokenCSRF($token) )
|
||||
{
|
||||
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying validate the tokenCSRF. Token CSRF ID: '.$token);
|
||||
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF. Token CSRF ID: '.$token);
|
||||
|
||||
// Destroy the session.
|
||||
Session::destroy();
|
||||
|
|
|
@ -150,6 +150,14 @@ class dbSite extends dbJSON
|
|||
return $this->getField('url');
|
||||
}
|
||||
|
||||
public function domain()
|
||||
{
|
||||
$parse = parse_url($this->url());
|
||||
$domain = $parse['scheme']."://".$parse['host'];
|
||||
|
||||
return $domain;
|
||||
}
|
||||
|
||||
// Returns TRUE if the cli mode is enabled, otherwise FALSE.
|
||||
public function cliMode()
|
||||
{
|
||||
|
|
|
@ -19,16 +19,18 @@ class Security extends dbJSON
|
|||
// ====================================================
|
||||
|
||||
// Generate and save the token in Session.
|
||||
public function generateToken()
|
||||
public function generateTokenCSRF()
|
||||
{
|
||||
$token = Text::randomText(8);
|
||||
$token = sha1($token);
|
||||
|
||||
Log::set(__METHOD__.LOG_SEP.'New tokenCSRF was generated '.$token);
|
||||
|
||||
Session::set('tokenCSRF', $token);
|
||||
}
|
||||
|
||||
// Validate the token.
|
||||
public function validateToken($token)
|
||||
public function validateTokenCSRF($token)
|
||||
{
|
||||
$sessionToken = Session::get('tokenCSRF');
|
||||
|
||||
|
@ -36,12 +38,12 @@ class Security extends dbJSON
|
|||
}
|
||||
|
||||
// Returns the token.
|
||||
public function getToken()
|
||||
public function getTokenCSRF()
|
||||
{
|
||||
return Session::get('tokenCSRF');
|
||||
}
|
||||
|
||||
public function printToken()
|
||||
public function printTokenCSRF()
|
||||
{
|
||||
echo Session::get('tokenCSRF');
|
||||
}
|
||||
|
|
|
@ -2,6 +2,28 @@
|
|||
|
||||
class pluginOpenGraph extends Plugin {
|
||||
|
||||
private function getImage($content)
|
||||
{
|
||||
$dom = new DOMDocument();
|
||||
$dom->loadHTML('<meta http-equiv="content-type" content="text/html; charset=utf-8">'.$content);
|
||||
$finder = new DomXPath($dom);
|
||||
$classname = "bludit-img-opengraph";
|
||||
$images = $finder->query("//img[contains(@class, '$classname')]");
|
||||
|
||||
if($images->length>0)
|
||||
{
|
||||
// First image from the list
|
||||
$image = $images->item(0);
|
||||
|
||||
// Get value from attribute src
|
||||
$coverImage = $image->getAttribute('src');
|
||||
|
||||
return $coverImage;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function siteHead()
|
||||
{
|
||||
global $Url, $Site;
|
||||
|
@ -24,12 +46,14 @@ class pluginOpenGraph extends Plugin {
|
|||
$og['title'] = $Post->title().' | '.$og['title'];
|
||||
$og['description'] = $Post->description();
|
||||
$og['url'] = $Post->permalink(true);
|
||||
$og['image'] = $Site->domain().$this->getImage($Post->content());
|
||||
break;
|
||||
case 'page':
|
||||
$og['type'] = 'article';
|
||||
$og['title'] = $Page->title().' | '.$og['title'];
|
||||
$og['description'] = $Page->description();
|
||||
$og['url'] = $Page->permalink(true);
|
||||
$og['image'] = $Site->domain().$this->getImage($Page->content());
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue