Opengraph, Admin panel responsive, Improves on Security tokens

This commit is contained in:
dignajar 2015-11-28 11:47:03 -03:00
parent 3c72cc92e2
commit 8d8cf62de8
79 changed files with 246 additions and 190 deletions

View File

@ -30,6 +30,7 @@ define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS);
// Init
require(PATH_BOOT.'init.php');
// Admin area
if($Url->whereAmI()==='admin') {
require(PATH_BOOT.'admin.php');

View File

@ -83,7 +83,7 @@ function checkGet($args)
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
{
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
$Security->generateToken();
$Security->generateTokenCSRF();
Redirect::page('admin', 'dashboard');
return true;

View File

@ -23,7 +23,7 @@ function checkPost($args)
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
{
// Renew the token. This token will be the same inside the session for multiple forms.
$Security->generateToken();
$Security->generateTokenCSRF();
Redirect::page('admin', 'dashboard');
return true;

View File

@ -28,6 +28,7 @@
.uk-form legend {
width: 70% !important;
margin-top: 40px;
}
.uk-navbar-nav > li > a {
@ -90,7 +91,7 @@ li.bludit-logo {
}
h2.title {
margin: 20px 0;
margin: 0 0 20px 0;
}
button.delete-button {
@ -111,6 +112,10 @@ button.delete-button:hover {
height: 400px;
}
.bl-view {
margin-top: 25px;
margin-bottom: 25px;
}
/* ----------- ALERT ----------- */
@ -149,7 +154,7 @@ div.login-form {
/* ----------- DASHBOARD ----------- */
div.dashboard-links {
margin: 20px 0;
margin: 0 0 25px 0;
}
div.dashboard-links h4 {

View File

@ -18,6 +18,11 @@ input[type="password"] {
/* ----------- BLUDIT ----------- */
div.login-box {
width: 400px;
max-width: calc(100% - 40px);
}
div.login-box > h1 {
font-weight: lighter;
letter-spacing: 4px;
@ -26,7 +31,6 @@ div.login-box > h1 {
}
div.login-form {
width: 400px;
text-align: left;
}

View File

@ -55,9 +55,11 @@ $(document).ready(function() {
<!-- Navbar -->
<nav class="uk-navbar">
<div class="uk-container uk-container-center">
<ul class="uk-navbar-nav uk-hidden-small">
<!-- Navbar for Desktop -->
<div class="uk-container uk-container-center uk-hidden-small">
<ul class="uk-navbar-nav">
<li class="bludit-logo">BLUDIT</li>
<li <?php echo ($layout['view']=='dashboard')?'class="uk-active"':'' ?> ><a href="<?php echo HTML_PATH_ADMIN_ROOT.'dashboard' ?>"><i class="uk-icon-object-ungroup"></i> <?php $L->p('Dashboard') ?></a></li>
<li <?php echo ($layout['view']=='new-post')?'class="uk-active"':'' ?>><a href="<?php echo HTML_PATH_ADMIN_ROOT.'new-post' ?>"><i class="uk-icon-pencil"></i> <?php $L->p('New post') ?></a></li>
@ -96,7 +98,7 @@ $(document).ready(function() {
</ul>
<div class="uk-navbar-flip uk-hidden-small">
<div class="uk-navbar-flip">
<ul class="uk-navbar-nav">
<li class="uk-parent" data-uk-dropdown>
<?php
@ -119,13 +121,14 @@ $(document).ready(function() {
</li>
</ul>
</div>
</div>
<!-- Navbar for Mobile -->
<a href="#offcanvas" class="uk-navbar-toggle uk-visible-small" data-uk-offcanvas></a>
<div class="uk-navbar-brand uk-navbar-center uk-visible-small">Bludit</div>
</div>
<div class="uk-navbar-brand uk-navbar-center uk-visible-small">BLUDIT</div>
</nav>
<!-- Offcanvas -->
<!-- Offcanvas for Mobile -->
<div id="offcanvas" class="uk-offcanvas">
<div class="uk-offcanvas-bar">
<ul class="uk-nav uk-nav-offcanvas">
@ -148,7 +151,7 @@ $(document).ready(function() {
</div>
<!-- View -->
<div class="uk-container uk-container-center">
<div class="uk-container uk-container-center bl-view">
<?php
if( Sanitize::pathFile(PATH_ADMIN_VIEWS, $layout['view'].'.php') ) {
include(PATH_ADMIN_VIEWS.$layout['view'].'.php');

View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html class="uk-height-1-1 uk-notouch">
<head>
<base href="<?php echo HTML_PATH_ADMIN_THEME ?>">
<meta charset="<?php echo CHARSET ?>">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex,nofollow">
@ -9,15 +8,15 @@
<title>Bludit</title>
<!-- Favicon -->
<link rel="shortcut icon" type="image/x-icon" href="./img/favicon.png">
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_ADMIN_THEME.'img/favicon.png' ?>">
<!-- CSS -->
<link rel="stylesheet" type="text/css" href="./css/uikit/uikit.almost-flat.min.css?version=<?php echo BLUDIT_VERSION ?>">
<link rel="stylesheet" type="text/css" href="./css/login.css?version=<?php echo BLUDIT_VERSION ?>">
<link rel="stylesheet" type="text/css" href="<?php echo HTML_PATH_ADMIN_THEME.'css/uikit/uikit.almost-flat.min.css?version='.BLUDIT_VERSION ?>">
<link rel="stylesheet" type="text/css" href="<?php echo HTML_PATH_ADMIN_THEME.'css/login.css?version='.BLUDIT_VERSION ?>">
<!-- Javascript -->
<script charset="utf-8" src="./js/jquery.min.js?version=<?php echo BLUDIT_VERSION ?>"></script>
<script charset="utf-8" src="./js/uikit/uikit.min.js?version=<?php echo BLUDIT_VERSION ?>"></script>
<script charset="utf-8" src="<?php echo HTML_PATH_ADMIN_THEME.'js/jquery.min.js?version='.BLUDIT_VERSION ?>"></script>
<script charset="utf-8" src="<?php echo HTML_PATH_ADMIN_THEME.'js/uikit/uikit.min.js?version='.BLUDIT_VERSION ?>"></script>
<!-- Plugins -->
<?php Theme::plugins('loginHead') ?>

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'add-user-form', 'class'=>'uk-form-horizontal'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
HTML::formInputText(array(

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'jsformplugin'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// Print the plugin form

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// Key input

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// Key input

View File

@ -10,7 +10,7 @@ HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// Security token

View File

@ -2,7 +2,7 @@
<form method="post" action="" class="uk-form" autocomplete="off">
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printToken() ?>">
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printTokenCSRF() ?>">
<div class="uk-form-row">
<input name="email" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Email') ?>" type="text">

View File

@ -2,7 +2,7 @@
<form method="post" action="" class="uk-form" autocomplete="off">
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printToken() ?>">
<input type="hidden" id="jstoken" name="tokenCSRF" value="<?php $Security->printTokenCSRF() ?>">
<div class="uk-form-row">
<input name="username" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Username') ?>" type="text">

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// ---- LEFT SIDE ----

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('class'=>'uk-form-stacked'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// ---- LEFT SIDE ----

View File

@ -6,9 +6,11 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
HTML::legend(array('value'=>$L->g('General')));
HTML::formSelect(array(
'name'=>'postsperpage',
'label'=>$L->g('Posts per page'),

View File

@ -7,9 +7,11 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
HTML::legend(array('value'=>$L->g('Site')));
HTML::formInputText(array(
'name'=>'title',
'label'=>$L->g('Site title'),

View File

@ -6,7 +6,7 @@ HTML::formOpen(array('class'=>'uk-form-horizontal'));
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
HTML::formSelect(array(

View File

@ -7,7 +7,7 @@ HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal
// Security token
HTML::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getToken()
'value'=>$Security->getTokenCSRF()
));
// Hidden field username

View File

@ -15,7 +15,7 @@ $layout['controller'] = $layout['view'] = $layout['slug'] = $explodeSlug[0];
unset($explodeSlug[0]);
$layout['parameters'] = implode('/', $explodeSlug);
// Disable Magic Quotes
// Disable Magic Quotes.
// Thanks, http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting
if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
{
@ -24,18 +24,19 @@ if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) )
$_COOKIE = array_map('stripslashes', $_COOKIE);
}
// AJAX
// --- AJAX ---
if( $layout['slug']==='ajax' )
{
// Check if the user is loggued.
if($Login->isLogged())
{
// Load AJAX file
// Load the ajax file.
if( Sanitize::pathFile(PATH_AJAX, $layout['parameters'].'.php') ) {
include(PATH_AJAX.$layout['parameters'].'.php');
}
}
}
// ADMIN AREA
// --- ADMIN AREA ---
else
{
// Boot rules
@ -47,6 +48,10 @@ else
include(PATH_RULES.'99.themes.php');
include(PATH_RULES.'99.security.php');
// Page not found.
// User not logged.
// Slug is login.
// Slug is login-email.
if($Url->notFound() || !$Login->isLogged() || ($Url->slug()==='login') || ($Url->slug()==='login-email') )
{
$layout['controller'] = 'login';
@ -59,28 +64,29 @@ else
$layout['view'] = 'login-email';
}
// Generate the token for the user not logged, when the user is loggued the token will be change.
$Security->generateToken();
// Generate the tokenCSRF for the user not logged, when the user log-in the token will be change.
$Security->generateTokenCSRF();
}
// Plugins before admin area loaded
// Load plugins before the admin area will be load.
Theme::plugins('beforeAdminLoad');
// Admin theme init.php
// Load init.php if the theme has one.
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') ) {
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
}
// Load controller
// Load controller.
if( Sanitize::pathFile(PATH_ADMIN_CONTROLLERS, $layout['controller'].'.php') ) {
include(PATH_ADMIN_CONTROLLERS.$layout['controller'].'.php');
}
// Load view and theme
// Load view and theme.
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) ) {
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
}
// Plugins after admin area loaded
// Load plugins after the admin area is loaded.
Theme::plugins('afterAdminLoad');
}

View File

@ -20,9 +20,9 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
$token = isset($_POST['tokenCSRF']) ? Sanitize::html($_POST['tokenCSRF']) : false;
if( !$Security->validateToken($token) )
if( !$Security->validateTokenCSRF($token) )
{
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying validate the tokenCSRF. Token CSRF ID: '.$token);
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF. Token CSRF ID: '.$token);
// Destroy the session.
Session::destroy();

View File

@ -150,6 +150,14 @@ class dbSite extends dbJSON
return $this->getField('url');
}
public function domain()
{
$parse = parse_url($this->url());
$domain = $parse['scheme']."://".$parse['host'];
return $domain;
}
// Returns TRUE if the cli mode is enabled, otherwise FALSE.
public function cliMode()
{

View File

@ -19,16 +19,18 @@ class Security extends dbJSON
// ====================================================
// Generate and save the token in Session.
public function generateToken()
public function generateTokenCSRF()
{
$token = Text::randomText(8);
$token = sha1($token);
Log::set(__METHOD__.LOG_SEP.'New tokenCSRF was generated '.$token);
Session::set('tokenCSRF', $token);
}
// Validate the token.
public function validateToken($token)
public function validateTokenCSRF($token)
{
$sessionToken = Session::get('tokenCSRF');
@ -36,12 +38,12 @@ class Security extends dbJSON
}
// Returns the token.
public function getToken()
public function getTokenCSRF()
{
return Session::get('tokenCSRF');
}
public function printToken()
public function printTokenCSRF()
{
echo Session::get('tokenCSRF');
}

View File

@ -2,6 +2,28 @@
class pluginOpenGraph extends Plugin {
private function getImage($content)
{
$dom = new DOMDocument();
$dom->loadHTML('<meta http-equiv="content-type" content="text/html; charset=utf-8">'.$content);
$finder = new DomXPath($dom);
$classname = "bludit-img-opengraph";
$images = $finder->query("//img[contains(@class, '$classname')]");
if($images->length>0)
{
// First image from the list
$image = $images->item(0);
// Get value from attribute src
$coverImage = $image->getAttribute('src');
return $coverImage;
}
return false;
}
public function siteHead()
{
global $Url, $Site;
@ -24,12 +46,14 @@ class pluginOpenGraph extends Plugin {
$og['title'] = $Post->title().' | '.$og['title'];
$og['description'] = $Post->description();
$og['url'] = $Post->permalink(true);
$og['image'] = $Site->domain().$this->getImage($Post->content());
break;
case 'page':
$og['type'] = 'article';
$og['title'] = $Page->title().' | '.$og['title'];
$og['description'] = $Page->description();
$og['url'] = $Page->permalink(true);
$og['image'] = $Site->domain().$this->getImage($Page->content());
break;
}