User object, new reader role for users

.gitignore

@@ -1,4 +1,5 @@
 .DS_Store
+dbgenerator.php
 bl-content/*
 bl-plugins/timemachine
 bl-plugins/timemachine-x

bl-kernel/abstract/dbjson.class.php

@@ -1,14 +1,14 @@
 <?php defined('BLUDIT') or die('Bludit CMS.');
 
-class dbJSON
+class dbJSON {
-{
+
 	public $db;
 	public $dbBackup;
 	public $file;
 	public $firstLine;
 
 	// $file, the JSON file.
-	// $firstLine, TRUE if you want to remove the first line, FALSE otherwise.
+	// $firstLine, TRUE if you want to remove the first line, FALSE otherwise
 	function __construct($file, $firstLine=true)
 	{
 		$this->file = $file;
@@ -16,26 +16,25 @@ class dbJSON
 		$this->dbBackup = array();
 		$this->firstLine = $firstLine;
 
-		if(file_exists($file))
+		if (file_exists($file)) {
-		{
+			// Read JSON file
-			// Read JSON file.
 			$lines = file($file);
 
-			// Remove the first line, the first line is for security reasons.
+			// Remove the first line, the first line is for security reasons
 			if ($firstLine) {
 				unset($lines[0]);
 			}
 
-			// Regenerate the JSON file.
+			// Regenerate the JSON file
 			$implode = implode($lines);
 
-			// Unserialize, JSON to Array.
+			// Unserialize, JSON to Array
 			$array = $this->unserialize($implode);
 
 			if (empty($array)) {
-				//Log::set(__METHOD__.LOG_SEP.'Invalid JSON file: '.$file.', cannot be decoded. Check the file content.');
+				$this->db = array();
-			}
+				$this->dbBackup = array();
-			else {
+			} else {
 				$this->db = $array;
 				$this->dbBackup = $array;
 			}
@@ -45,31 +44,28 @@ class dbJSON
 	public function restoreDB()
 	{
 		$this->db = $this->dbBackup;
-
 		return true;
 	}
 
-	// Returns the amount of database items.
+	// Returns the amount of rows in the database
 	public function count()
 	{
 		return count($this->db);
 	}
 
-	// Returns the value from the field.
+	// Returns the value from the field
 	public function getField($field)
 	{
 		if (isset($this->db[$field])) {
 			return $this->db[$field];
 		}
-
 		return $this->dbFields[$field]['value'];
 	}
 
-	// Save the JSON file.
+	// Save the JSON file
 	public function save()
 	{
 		$data = '';
-
 		if ($this->firstLine) {
 			$data  = "<?php defined('BLUDIT') or die('Bludit CMS.'); ?>".PHP_EOL;
 		}
@@ -83,31 +79,35 @@ class dbJSON
 		// LOCK_EX flag to prevent anyone else writing to the file at the same time.
 		if (file_put_contents($this->file, $data, LOCK_EX)) {
 			return true;
-		}
+		} else {
-		else {
+			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.', LOG_TYPE_ERROR);
-			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.');
 			return false;
 		}
 	}
 
-	// Returns a JSON encoded string on success or FALSE on failure.
+	// Returns a JSON encoded string on success or FALSE on failure
 	private function serialize($data)
 	{
+		if (DEBUG_MODE) {
 			return json_encode($data, JSON_PRETTY_PRINT);
 		}
+		return json_encode($data);
+	}
 
-	// Returns the value encoded in json in appropriate PHP type.
+	// Returns the value encoded in json in appropriate PHP type
 	private function unserialize($data)
 	{
-		// NULL is returned if the json cannot be decoded.
+		// NULL is returned if the json cannot be decoded
 		$decode = json_decode($data, true);
-
-		// If NULL returns false.
 		if (empty($decode)) {
 			return false;
 		}
-
 		return $decode;
 	}
 
+	public function getDB()
+	{
+		return $this->db;
+	}
+
 }

bl-kernel/admin/controllers/edit-category.php

@@ -19,9 +19,9 @@ checkRole(array('admin'));
 // ============================================================================
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-	if (isset($_POST['delete'])) {
+	if ($_POST['action']=='delete') {
 		deleteCategory($_POST);
-	} elseif (isset($_POST['edit'])) {
+	} elseif ($_POST['action']=='edit') {
 		editCategory($_POST);
 	}
 

bl-kernel/admin/controllers/edit-user.php

@@ -39,14 +39,16 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 // Main after POST
 // ============================================================================
 
+$username = $layout['parameters'];
+
 // Prevent non-administrators to change other users
 if ($login->role()!=='admin') {
-	$layout['parameters'] = $login->username();
+	$username = $login->username();
 }
 
-// Get the user to edit
+try {
-$user = $dbUsers->get($layout['parameters']);
+	$user = new User($username);
-if ($user===false) {
+} catch (Exception $e) {
 	Redirect::page('users');
 }
 

bl-kernel/admin/controllers/login.php

@@ -25,6 +25,12 @@ function checkLogin($args)
 		}
 		// Renew the token. This token will be the same inside the session for multiple forms.
 		$security->generateTokenCSRF();
+
+		// Users with the role reader do not need access to dashboard
+		if ($login->role()=='reader') {
+			Redirect::home();
+		}
+
 		Redirect::page('dashboard');
 		return true;
 	}

bl-kernel/admin/controllers/new-content.php

@@ -4,6 +4,8 @@
 // Check role
 // ============================================================================
 
+checkRole(array('admin', 'moderator', 'editor'));
+
 // ============================================================================
 // Functions
 // ============================================================================

bl-kernel/admin/controllers/user-password.php

@@ -33,9 +33,10 @@ if ($login->role()!=='admin') {
 	$layout['parameters'] = $login->username();
 }
 
-// Get the user to edit
+try {
-$user = $dbUsers->get($layout['parameters']);
+	$username = $layout['parameters'];
-if ($user===false) {
+	$user = new User($username);
+} catch (Exception $e) {
 	Redirect::page('users');
 }
 

bl-kernel/admin/themes/booty/init.php

@@ -2,6 +2,37 @@
 
 class Bootstrap {
 
+	public static function modal($args) {
+
+		$buttonSecondary = $args['buttonSecondary'];
+		$buttonSecondaryClass = $args['buttonSecondaryClass'];
+
+		$buttonPrimary = $args['buttonPrimary'];
+		$buttonPrimaryClass = $args['buttonPrimaryClass'];
+
+		$modalText = $args['modalText'];
+		$modalTitle = $args['modalTitle'];
+		$modalId = $args['modalId'];
+
+
+return <<<EOF
+<div id="$modalId" class="modal fade" tabindex="-1" role="dialog">
+	<div class="modal-dialog" role="document">
+		<div class="modal-content">
+			<div class="modal-body">
+				<h3>$modalTitle</h3>
+				<p>$modalText</p>
+			</div>
+			<div class="modal-footer">
+				<button type="button" class="$buttonSecondaryClass btn btn-secondary" data-dismiss="modal">$buttonSecondary</button>
+				<button type="button" class="$buttonPrimaryClass btn btn-primary">$buttonPrimary</button>
+			</div>
+		</div>
+	</div>
+</div>
+EOF;
+	}
+
 	public static function link($args)
 	{
 		$options = 'href="'.$args['href'].'"';

bl-kernel/admin/views/edit-category.php

@@ -2,13 +2,18 @@
 
 echo Bootstrap::pageTitle(array('title'=>$L->g('Edit Category'), 'icon'=>'tags'));
 
-echo Bootstrap::formOpen(array());
+echo Bootstrap::formOpen(array('id'=>'jsform'));
 
 	echo Bootstrap::formInputHidden(array(
 		'name'=>'tokenCSRF',
 		'value'=>$security->getTokenCSRF()
 	));
 
+	echo Bootstrap::formInputHidden(array(
+		'name'=>'action',
+		'value'=>'edit'
+	));
+
 	echo Bootstrap::formInputHidden(array(
 		'name'=>'oldKey',
 		'value'=>$categoryMap['key']
@@ -44,10 +49,34 @@ echo Bootstrap::formOpen(array());
 
 	echo '
 	<div class="form-group mt-4">
-		<button type="submit" class="btn btn-primary mr-2" name="edit">'.$L->g('Save').'</button>
+		<button type="submit" class="btn btn-primary">'.$L->g('Save').'</button>
-		<button type="submit" class="btn btn-secondary mr-2" name="delete">'.$L->g('Delete').'</button>
 		<a class="btn btn-secondary" href="'.HTML_PATH_ADMIN_ROOT.'categories" role="button">'.$L->g('Cancel').'</a>
+		<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#jsdeleteModal">'.$L->g('Delete').'</button>
 	</div>
 	';
 
 echo Bootstrap::formClose();
+
+?>
+
+<!-- Modal for delete category -->
+<?php
+	echo Bootstrap::modal(array(
+		'buttonPrimary'=>'Delete',
+		'buttonPrimaryClass'=>'jsbuttonDeleteAccept',
+		'buttonSecondary'=>'Cancel',
+		'buttonSecondaryClass'=>'',
+		'modalTitle'=>'Delete category',
+		'modalText'=>'Are you sure you want to delete the category ?',
+		'modalId'=>'jsdeleteModal'
+	));
+?>
+<script>
+$(document).ready(function() {
+	// Delete content
+	$(".jsbuttonDeleteAccept").on("click", function() {
+		$("#jsaction").val("delete");
+		$("#jsform").submit();
+	});
+});
+</script>

bl-kernel/admin/views/edit-content.php

@@ -88,7 +88,7 @@
 			<a href="<?php echo HTML_PATH_ADMIN_ROOT ?>dashboard" class="btn btn-secondary"><?php echo $L->g('Cancel') ?></a>
 			<?php
 			if (count($page->children())===0) {
-				echo '<button type="button" class="jsbuttonDelete btn btn-secondary">'.$L->g('Delete').'</button>';
+				echo '<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#jsdeletePageModal">'.$L->g('Delete').'</button>';
 			}
 			?>
 		</div>
@@ -249,6 +249,28 @@
 		?>
 	</div>
 
+	<!-- Modal for delete page -->
+	<?php echo Bootstrap::modal(array(
+		'buttonPrimary'=>'Delete',
+		'buttonPrimaryClass'=>'jsbuttonDeleteAccept',
+		'buttonSecondary'=>'Cancel',
+		'buttonSecondaryClass'=>'',
+		'modalTitle'=>'Delete content',
+		'modalText'=>'Are you sure you want to delete: <b>'.$page->title().'</b>',
+		'modalId'=>'jsdeletePageModal'
+	));
+	?>
+	<script>
+	$(document).ready(function() {
+		// Delete content
+		$(".jsbuttonDeleteAccept").on("click", function() {
+			$("#jstype").val("delete");
+			$("#jscontent").val("");
+			$("#jsform").submit();
+		});
+	});
+	</script>
+
 	<!-- Modal for Categories -->
 	<div id="jscategoryModal" class="modal fade" tabindex="-1" role="dialog">
 		<div class="modal-dialog">
@@ -369,13 +391,6 @@ $(document).ready(function() {
 		$("#jsform").submit();
 	});
 
-	// Button Delete
-	$(".jsbuttonDelete").on("click", function() {
-		$("#jstype").val("delete");
-		$("#jscontent").val("");
-		$("#jsform").submit();
-	});
-
 	// External cover image
 	$("#jsexternalCoverImage").change(function() {
 		$("#jscoverImage").val( $(this).val() );

bl-kernel/admin/views/edit-user.php

@@ -28,7 +28,7 @@ echo Bootstrap::formOpen(array());
 		echo Bootstrap::formSelect(array(
 			'name'=>'role',
 			'label'=>$L->g('Role'),
-			'options'=>array('editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
+			'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
 			'selected'=>$user->role(),
 			'class'=>'',
 			'tip'=>''
@@ -127,14 +127,6 @@ echo Bootstrap::formOpen(array());
 		'tip'=>''
 	));
 
-	echo Bootstrap::formInputText(array(
-		'name'=>'codepen',
-		'label'=>'Codepen',
-		'value'=>$user->codepen(),
-		'class'=>'',
-		'tip'=>''
-	));
-
 	echo Bootstrap::formInputText(array(
 		'name'=>'googlePlus',
 		'label'=>'Google+',
@@ -151,6 +143,38 @@ echo Bootstrap::formOpen(array());
 		'tip'=>''
 	));
 
+	echo Bootstrap::formInputText(array(
+		'name'=>'codepen',
+		'label'=>'Codepen',
+		'value'=>$user->codepen(),
+		'class'=>'',
+		'tip'=>''
+	));
+
+	echo Bootstrap::formInputText(array(
+		'name'=>'linkedin',
+		'label'=>'Linkedin',
+		'value'=>$user->linkedin(),
+		'class'=>'',
+		'tip'=>''
+	));
+
+	echo Bootstrap::formInputText(array(
+		'name'=>'github',
+		'label'=>'Github',
+		'value'=>$user->github(),
+		'class'=>'',
+		'tip'=>''
+	));
+
+	echo Bootstrap::formInputText(array(
+		'name'=>'gitlab',
+		'label'=>'Gitlab',
+		'value'=>$user->gitlab(),
+		'class'=>'',
+		'tip'=>''
+	));
+
 	echo '
 	<div class="form-group mt-4">
 		<button type="submit" class="btn btn-primary mr-2" name="save">'.$L->g('Save').'</button>

bl-kernel/admin/views/new-user.php

@@ -41,8 +41,8 @@ echo Bootstrap::formOpen(array());
 	echo Bootstrap::formSelect(array(
 		'name'=>'role',
 		'label'=>$L->g('Role'),
-		'options'=>array('editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
+		'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
-		'selected'=>'editor',
+		'selected'=>'reader',
 		'class'=>'',
 		'tip'=>''
 	));

bl-kernel/admin/views/users.php

@@ -24,23 +24,30 @@ echo '
 	<tbody>
 ';
 
-$users = $dbUsers->getAllUsers();
+$list = $dbUsers->getAllUsernames();
-foreach ($users as $username=>$User) {
+foreach ($list as $username) {
+	try {
+		$user = new User($username);
 		echo '<tr>';
 		echo '<td><a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$username.'">'.$username.'</a></td>';
-	echo '<td class="d-none d-lg-table-cell">'.$User->firstName().'</td>';
+		echo '<td class="d-none d-lg-table-cell">'.$user->firstName().'</td>';
-	echo '<td class="d-none d-lg-table-cell">'.$User->lastName().'</td>';
+		echo '<td class="d-none d-lg-table-cell">'.$user->lastName().'</td>';
-	echo '<td>'.$User->email().'</td>';
+		echo '<td>'.$user->email().'</td>';
-	echo '<td>'.($User->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>';
+		echo '<td>'.($user->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>';
-	if ($User->role()=='admin') {
+		if ($user->role()=='admin') {
 			echo '<td>'.$L->g('Administrator').'</td>';
-	} elseif ($User->role()=='moderator') {
+		} elseif ($user->role()=='moderator') {
 			echo '<td>'.$L->g('Moderator').'</td>';
-	} elseif ($User->role()=='editor') {
+		} elseif ($user->role()=='editor') {
 			echo '<td>'.$L->g('Editor').'</td>';
+		} else {
+			echo '<td>'.$L->g('Reader').'</td>';
 		}
-	echo '<td class="d-none d-lg-table-cell">'.Date::format($User->registered(), DB_DATE_FORMAT, ADMIN_PANEL_DATE_FORMAT).'</td>';
+		echo '<td class="d-none d-lg-table-cell">'.Date::format($user->registered(), DB_DATE_FORMAT, ADMIN_PANEL_DATE_FORMAT).'</td>';
 		echo '</tr>';
+	} catch (Exception $e) {
+		// Continue
+	}
 }
 
 echo '

bl-kernel/boot/site.php

@@ -1,5 +1,12 @@
 <?php defined('BLUDIT') or die('Bludit CMS.');
 
+// // Start session if the cookie is defined
+// if (Cookie::get('BLUDIT-KEY')) {
+// 	if (!Session::started()) {
+// 		Session::start();
+// 	}
+// }
+
 // Load plugins rules
 include(PATH_RULES.'60.plugins.php');
 
@@ -32,3 +39,4 @@ Theme::plugins('afterSiteLoad');
 
 // Plugins after all
 Theme::plugins('afterAll');
+

bl-kernel/dbpages.class.php

@@ -33,6 +33,22 @@ class dbPages extends dbJSON {
 		return $this->dbFields;
 	}
 
+	// Return an array with the database for a page, FALSE otherwise
+	public function getPageDB($key)
+	{
+		if ($this->exists($key)) {
+			return $this->db[$key];
+		}
+
+		return false;
+	}
+
+	// Return TRUE if the page exists, FALSE otherwise
+	public function exists($key)
+	{
+		return isset( $this->db[$key] );
+	}
+
 	// Create a new page
 	// This function returns the key of the new page
 	public function add($args, $climode=false)
@@ -389,16 +405,6 @@ class dbPages extends dbJSON {
 		return $tmp;
 	}
 
-	// Return an array with the database for a page, FALSE otherwise
-	public function getPageDB($key)
-	{
-		if ($this->exists($key)) {
-			return $this->db[$key];
-		}
-
-		return false;
-	}
-
 	// Returns the next number of the bigger position
 	public function nextPositionNumber()
 	{
@@ -515,11 +521,7 @@ class dbPages extends dbJSON {
 		return $list;
 	}
 
-	// Return TRUE if the page exists, FALSE otherwise
+
-	public function exists($key)
-	{
-		return isset( $this->db[$key] );
-	}
 
 	public function sortBy()
 	{
@@ -787,12 +789,6 @@ class dbPages extends dbJSON {
 		return Text::firstCharUp($field).': '.$value;
 	}
 
-	// Returns the database
-	public function getDB()
-	{
-		return $this->db;
-	}
-
 	// Returns an Array, array('tagSlug'=>'tagName')
 	// (string) $tags, tag list separeted by comma.
 	public function generateTags($tags)

bl-kernel/dbusers.class.php

@@ -1,24 +1,26 @@
 <?php defined('BLUDIT') or die('Bludit CMS.');
 
-class dbUsers extends dbJSON
+class dbUsers extends dbJSON {
-{
+
 	public $dbFields = array(
-		'firstName'=>		array('inFile'=>false, 'value'=>''),
+		'firstName'=>'',
-		'lastName'=>		array('inFile'=>false, 'value'=>''),
+		'lastName'=>'',
-		'username'=>		array('inFile'=>false, 'value'=>''),
+		'role'=>'editor', // admin, moderator, editor, reader
-		'role'=>		array('inFile'=>false, 'value'=>'editor'),
+		'password'=>'',
-		'password'=>		array('inFile'=>false, 'value'=>''),
+		'salt'=>'!Pink Floyd!Welcome to the machine!',
-		'salt'=>		array('inFile'=>false, 'value'=>'!Pink Floyd!Welcome to the machine!'),
+		'email'=>'',
-		'email'=>		array('inFile'=>false, 'value'=>''),
+		'registered'=>'1985-03-15 10:00',
-		'registered'=>		array('inFile'=>false, 'value'=>'1985-03-15 10:00'),
+		'tokenRemember'=>'',
-		'tokenRemember'=>	array('inFile'=>false, 'value'=>''),
+		'tokenAuth'=>'',
-		'tokenAuth'=>		array('inFile'=>false, 'value'=>''),
+		'tokenAuthTTL'=>'2009-03-15 14:00',
-		'tokenAuthTTL'=>	array('inFile'=>false, 'value'=>'2009-03-15 14:00'),
+		'twitter'=>'',
-		'twitter'=>		array('inFile'=>false, 'value'=>''),
+		'facebook'=>'',
-		'facebook'=>		array('inFile'=>false, 'value'=>''),
+		'googlePlus'=>'',
-		'codepen'=>		array('inFile'=>false, 'value'=>''),
+		'instagram'=>'',
-		'googlePlus'=>		array('inFile'=>false, 'value'=>''),
+		'codepen'=>'',
-		'instagram'=>		array('inFile'=>false, 'value'=>'')
+		'linkedin'=>'',
+		'github'=>'',
+		'gitlab'=>''
 	);
 
 	function __construct()
@@ -26,6 +28,26 @@ class dbUsers extends dbJSON
 		parent::__construct(DB_USERS);
 	}
 
+	public function getDefaultFields()
+	{
+		return $this->dbFields;
+	}
+
+	// Return an array with the database of the user, FALSE otherwise
+	public function getUserDB($username)
+	{
+		if ($this->exists($username)) {
+			return $this->db[$username];
+		}
+		return false;
+	}
+
+	// Return TRUE if the user exists, FALSE otherwise
+	public function exists($username)
+	{
+		return isset($this->db[$username]);
+	}
+
 	// Disable the user
 	public function disableUser($username)
 	{
@@ -33,64 +55,69 @@ class dbUsers extends dbJSON
 		return $this->save();
 	}
 
-	// Return TRUE if the user exists, FALSE otherwise
+	// Add a new user
-	public function exists($username)
-	{
-		return isset($this->db[$username]);
-	}
-
-	// Create a new user
 	public function add($args)
 	{
-		$dataForDb = array();
+		// The username is store as key and not as field
+		$username = $args['username'];
 
-		// Verify arguments with the database fields
+		// The password is hashed, the password doesn't need to be sanitize in the next step
-		foreach ($this->dbFields as $field=>$options) {
+		$password = $args['password'];
+
+		$row = array();
+		foreach ($this->dbFields as $field=>$value) {
 			if (isset($args[$field])) {
-				$value = Sanitize::html($args[$field]);
+				// Sanitize if will be stored on database
+				$finalValue = Sanitize::html($args[$field]);
 			} else {
-				$value = $options['value'];
+				// Default value for the field if not defined
+				$finalValue = $value;
+			}
+			settype($finalValue, gettype($value));
+			$row[$field] = $finalValue;
 		}
 
-			// Set type
+		$row['registered'] = Date::current(DB_DATE_FORMAT);
-			settype($value, gettype($options['value']));
+		$row['salt'] = $this->generateSalt();
-			$dataForDb[$field] = $value;
+		$row['password'] = $this->generatePasswordHash($password, $row['salt']);
-		}
+		$row['tokenAuth'] = $this->generateAuthToken();
-
-		$dataForDb['registered'] = Date::current(DB_DATE_FORMAT);
-		$dataForDb['salt'] = $this->generateSalt();
-		$dataForDb['password'] = $this->generatePasswordHash($dataForDb['password'], $dataForDb['salt']);
-		$dataForDb['tokenAuth'] = $this->generateAuthToken();
 
 		// Save the database
-		$this->db[$dataForDb['username']] = $dataForDb;
+		$this->db[$username] = $row;
 		return $this->save();
 	}
 
-	// Set the parameters of a user
+	// Edit an user
 	public function set($args)
 	{
-		// Current database of the user
+		// The username is store as key and not as field
-		$user = $this->db[$args['username']];
+		$username = $args['username'];
 
-		// Verify arguments with the database fields
+		// Current database of the user
-		foreach ($args as $field=>$value) {
+		$row = $this->db[$username];
-			if (isset($this->dbFields[$field])) {
+		foreach ($this->dbFields as $field=>$value) {
-				$value = Sanitize::html($value);
+			if ($field!=='password') {
-				settype($value, gettype($this->dbFields[$field]['value']));
+				if (isset($args[$field])) {
-				$user[$field] = $value;
+					// Sanitize if will be stored on database
+					$finalValue = Sanitize::html($args[$field]);
+				} else {
+					// Default value is the current one
+					$finalValue = $row[$field];
+				}
+				settype($finalValue, gettype($value));
+				$row[$field] = $finalValue;
 			}
 		}
 
 		// Set a new password
 		if (!empty($args['password'])) {
-			$user['salt'] = $this->generateSalt();
+			$row['salt'] = $this->generateSalt();
-			$user['password'] = $this->generatePasswordHash($args['password'], $user['salt']);
+			$row['password'] = $this->generatePasswordHash($args['password'], $row['salt']);
-			$user['tokenAuth'] = $this->generateAuthToken();
+			$row['tokenAuth'] = $this->generateAuthToken();
 		}
 
 		// Save the database
-		$this->db[$args['username']] = $user;
+		$this->db[$username] = $row;
 		return $this->save();
 	}
 
@@ -101,27 +128,6 @@ class dbUsers extends dbJSON
 		return $this->save();
 	}
 
-	// DEPRECATED
-	public function getUser($username)
-	{
-		return $this->get($username);
-	}
-
-	// Returns an User Object
-	public function get($username)
-	{
-		if ($this->exists($username)) {
-			$User = new User();
-			$User->setField('username', $username);
-
-			foreach ($this->db[$username] as $key=>$value) {
-				$User->setField($key, $value);
-			}
-			return $User;
-		}
-		return false;
-	}
-
 	public function generateAuthToken()
 	{
 		return md5( uniqid().time().DOMAIN );
@@ -201,26 +207,8 @@ class dbUsers extends dbJSON
 		return $this->save();
 	}
 
-	// Returns array with the username databases filtered by username, FALSE otherwise
+	public function getAllUsernames()
-	public function getDB($username)
 	{
-		if ($this->exists($username)) {
+		return array_keys($this->db);
-			return $this->db[$username];
-		}
-		return false;
-	}
-
-	public function getAll()
-	{
-		return $this->db;
-	}
-
-	public function getAllUsers()
-	{
-		$tmp = array();
-		foreach ($this->db as $username=>$fields) {
-			$tmp[$username] = $this->getUser($username);
-		}
-		return $tmp;
 	}
 }

bl-kernel/functions.php

@@ -27,7 +27,7 @@ function buildErrorPage() {
 		$pageNotFound = New PageX(false);
 		$pageNotFound->setField('title', 	$language->get('page-not-found'));
 		$pageNotFound->setField('content', 	$language->get('page-not-found-content'));
-		$pageNotFound->setField('user', 	$dbUsers->getUser('admin'));
+		$pageNotFound->setField('username', 	'admin');
 	}
 
 	return $pageNotFound;
@@ -47,8 +47,7 @@ function buildThePage() {
 		return false;
 	}
 
-	// Check if the page is NOT published
+	if ( $page->draft() || $page->scheduled() ) {
-	if ( !$page->published() ) {
 		$url->setNotFound();
 		return false;
 	}
@@ -648,6 +647,9 @@ function checkRole($allowRoles, $redirect=true) {
 		));
 
 		Alert::set($Language->g('You do not have sufficient permissions'));
+		if ($userRole=='reader') {
+			Redirect::home();
+		}
 		Redirect::page('dashboard');
 	}
 	return false;
@@ -717,14 +719,14 @@ function deleteCategory($args) {
 	global $syslog;
 
 	// Remove the category by key
-	$dbCategories->remove($args['oldCategoryKey']);
+	$dbCategories->remove($args['oldKey']);
 
 	// Remove the category from the pages ? or keep it if the user want to recovery the category ?
 
 	// Add to syslog
 	$syslog->add(array(
 		'dictionaryKey'=>'category-deleted',
-		'notes'=>$args['oldCategoryKey']
+		'notes'=>$args['oldKey']
 	));
 
 	Alert::set($Language->g('The changes have been saved'));

bl-kernel/helpers/text.class.php

@@ -130,8 +130,9 @@ class Text {
 
 		if (EXTREME_FRIENDLY_URL) {
 			$string = self::lowercase($string);
+			$string = trim($string, $separator);
 			$string = preg_replace("/[\/_|+:!@#$%^&*(). -]+/", $separator, $string);
-			$string = trim($string, '-');
+			$string = trim($string, $separator);
 			return $string;
 		}
 

bl-kernel/login.class.php

@@ -104,15 +104,15 @@ class Login {
 			return false;
 		}
 
-		$user = $this->dbUsers->getDB($username);
+		try {
-		if ($user==false) {
+			$user = new User($username);
-			Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username);
+		} catch (Exception $e) {
 			return false;
 		}
 
-		$passwordHash = $this->dbUsers->generatePasswordHash($password, $user['salt']);
+		$passwordHash = $this->dbUsers->generatePasswordHash($password, $user->salt());
-		if ($passwordHash===$user['password']) {
+		if ($passwordHash===$user->password()) {
-			$this->setLogin($username, $user['role']);
+			$this->setLogin($username, $user->role());
 			Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username);
 			return true;
 		}

bl-kernel/pagex.class.php

@@ -40,7 +40,6 @@ class PageX {
 		return false;
 	}
 
-	// Set a field with a value
 	public function setField($field, $value)
 	{
 		$this->vars[$field] = $value;
@@ -501,7 +500,7 @@ class PageX {
 	// $complete = true  : full version
 	public function relativeTime($complete = false) {
 		$current = new DateTime;
-		$past    = new DateTime($this->getValue('date'));
+		$past    = new DateTime($this->getValue('dateRaw'));
 		$elapsed = $current->diff($past);
 
 		$elapsed->w  = floor($elapsed->d / 7);

bl-kernel/user.class.php

@@ -1,104 +1,143 @@
 <?php defined('BLUDIT') or die('Bludit CMS.');
 
-class User
+class User {
-{
+	private $vars;
-	public $db;
 
-	public function setField($field, $value)
+	function __construct($username)
 	{
-		$this->db[$field] = $value;
+		global $dbUsers;
 
-		return true;
+		$this->vars['username'] = $username;
+
+		if ($username===false) {
+			$row = $dbUsers->getDefaultFields();
+		} else {
+			if (Text::isEmpty($username) || !$dbUsers->exists($username)) {
+				$errorMessage = 'User not found in database by username ['.$username.']';
+				Log::set(__METHOD__.LOG_SEP.$errorMessage);
+				throw new Exception($errorMessage);
+			}
+			$row = $dbUsers->getUserDB($username);
 		}
 
-	public function getField($field)
+		foreach ($row as $field=>$value) {
+			$this->setField($field, $value);
+		}
+	}
+
+	public function getValue($field)
 	{
-		if (isset($this->db[$field])) {
+		if (isset($this->vars[$field])) {
-			return $this->db[$field];
+			return $this->vars[$field];
 		}
 		return false;
 	}
 
-	// Returns username
+	public function setField($field, $value)
+	{
+		$this->vars[$field] = $value;
+		return true;
+	}
+
+	public function getDB()
+	{
+		return $this->vars;
+	}
+
 	public function username()
 	{
-		return $this->getField('username');
+		return $this->getValue('username');
 	}
 
 	public function firstName()
 	{
-		return $this->getField('firstName');
+		return $this->getValue('firstName');
 	}
 
 	public function lastName()
 	{
-		return $this->getField('lastName');
+		return $this->getValue('lastName');
 	}
 
 	public function tokenAuth()
 	{
-		return $this->getField('tokenAuth');
+		return $this->getValue('tokenAuth');
 	}
 
 	public function role()
 	{
-		return $this->getField('role');
+		return $this->getValue('role');
 	}
 
 	public function password()
 	{
-		return $this->getField('password');
+		return $this->getValue('password');
 	}
 
 	public function enabled()
 	{
-		$password = $this->getField('password');
+		$password = $this->getValue('password');
 		return $password != '!';
 	}
 
 	public function salt()
 	{
-		return $this->getField('salt');
+		return $this->getValue('salt');
 	}
 
 	public function email()
 	{
-		return $this->getField('email');
+		return $this->getValue('email');
 	}
 
 	public function registered()
 	{
-		return $this->getField('registered');
+		return $this->getValue('registered');
 	}
 
 	public function twitter()
 	{
-		return $this->getField('twitter');
+		return $this->getValue('twitter');
 	}
 
 	public function facebook()
 	{
-		return $this->getField('facebook');
+		return $this->getValue('facebook');
 	}
 
 	public function codepen()
 	{
-		return $this->getField('codepen');
+		return $this->getValue('codepen');
 	}
 
 	public function googlePlus()
 	{
-		return $this->getField('googlePlus');
+		return $this->getValue('googlePlus');
 	}
 
 	public function instagram()
 	{
-		return $this->getField('instagram');
+		return $this->getValue('instagram');
+	}
+
+	public function github()
+	{
+		return $this->getValue('github');
+	}
+
+	public function gitlab()
+	{
+		return $this->getValue('gitlab');
+	}
+
+	public function linkedin()
+	{
+		return $this->getValue('linkedin');
 	}
 
 	public function profilePicture($absolute=true)
 	{
-		$filename = $this->getField('username').'.png';
+		$filename = $this->getValue('username').'.png';
 
 		if( !file_exists(PATH_UPLOADS_PROFILES.$filename) ) {
 			return '#';

bl-plugins/simple-stats/plugin.php

@@ -161,10 +161,12 @@ EOF;
 		if (empty($lines)) {
 			return 0;
 		}
+		$login = new Login();
 		$tmp = array();
 		foreach ($lines as $line) {
-			$key = json_decode($line);
+			$data = json_decode($line);
-			$tmp[$key[0]] = true;
+			$hashIP = $data[0];
+			$tmp[$hashIP] = true;
 		}
 		return count($tmp);
 	}
@@ -173,26 +175,18 @@ EOF;
 	// The line is a json array with the hash IP of the visitor and the time
 	public function addVisitor()
 	{
-		// Exclude administrators visits
+		if (Cookie::get('BLUDIT-KEY') && defined('BLUDIT_PRO') && $this->getValue('excludeAdmins')) {
-		global $login;
-		if ($this->getValue('excludeAdmins') && defined('BLUDIT_PRO')) {
-			if ($login->role()=='admin') {
 			return false;
 		}
-		}
-
                 $currentTime = Date::current('Y-m-d H:i:s');
 		$ip = TCP::getIP();
-		if (empty($ip)) {
-			$ip = session_id();
-		}
 		$hashIP = md5($ip);
 
 		$line = json_encode(array($hashIP, $currentTime));
 		$currentDate = Date::current('Y-m-d');
-		$file = $this->workspace().$currentDate.'.log';
+		$logFile = $this->workspace().$currentDate.'.log';
 
-		return file_put_contents($file, $line.PHP_EOL, FILE_APPEND | LOCK_EX)!==false;
+		return file_put_contents($logFile, $line.PHP_EOL, FILE_APPEND | LOCK_EX)!==false;
 	}
 
 }