User object, new reader role for users

This commit is contained in:
Diego Najar 2018-07-25 23:42:00 +02:00
parent 33c89e8bd7
commit 910545dae2
23 changed files with 394 additions and 249 deletions

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
.DS_Store .DS_Store
dbgenerator.php
bl-content/* bl-content/*
bl-plugins/timemachine bl-plugins/timemachine
bl-plugins/timemachine-x bl-plugins/timemachine-x

View File

@ -1,14 +1,14 @@
<?php defined('BLUDIT') or die('Bludit CMS.'); <?php defined('BLUDIT') or die('Bludit CMS.');
class dbJSON class dbJSON {
{
public $db; public $db;
public $dbBackup; public $dbBackup;
public $file; public $file;
public $firstLine; public $firstLine;
// $file, the JSON file. // $file, the JSON file.
// $firstLine, TRUE if you want to remove the first line, FALSE otherwise. // $firstLine, TRUE if you want to remove the first line, FALSE otherwise
function __construct($file, $firstLine=true) function __construct($file, $firstLine=true)
{ {
$this->file = $file; $this->file = $file;
@ -16,26 +16,25 @@ class dbJSON
$this->dbBackup = array(); $this->dbBackup = array();
$this->firstLine = $firstLine; $this->firstLine = $firstLine;
if(file_exists($file)) if (file_exists($file)) {
{ // Read JSON file
// Read JSON file.
$lines = file($file); $lines = file($file);
// Remove the first line, the first line is for security reasons. // Remove the first line, the first line is for security reasons
if($firstLine) { if ($firstLine) {
unset($lines[0]); unset($lines[0]);
} }
// Regenerate the JSON file. // Regenerate the JSON file
$implode = implode($lines); $implode = implode($lines);
// Unserialize, JSON to Array. // Unserialize, JSON to Array
$array = $this->unserialize($implode); $array = $this->unserialize($implode);
if(empty($array)) { if (empty($array)) {
//Log::set(__METHOD__.LOG_SEP.'Invalid JSON file: '.$file.', cannot be decoded. Check the file content.'); $this->db = array();
} $this->dbBackup = array();
else { } else {
$this->db = $array; $this->db = $array;
$this->dbBackup = $array; $this->dbBackup = $array;
} }
@ -45,32 +44,29 @@ class dbJSON
public function restoreDB() public function restoreDB()
{ {
$this->db = $this->dbBackup; $this->db = $this->dbBackup;
return true; return true;
} }
// Returns the amount of database items. // Returns the amount of rows in the database
public function count() public function count()
{ {
return count($this->db); return count($this->db);
} }
// Returns the value from the field. // Returns the value from the field
public function getField($field) public function getField($field)
{ {
if (isset($this->db[$field])) { if (isset($this->db[$field])) {
return $this->db[$field]; return $this->db[$field];
} }
return $this->dbFields[$field]['value']; return $this->dbFields[$field]['value'];
} }
// Save the JSON file. // Save the JSON file
public function save() public function save()
{ {
$data = ''; $data = '';
if ($this->firstLine) {
if($this->firstLine) {
$data = "<?php defined('BLUDIT') or die('Bludit CMS.'); ?>".PHP_EOL; $data = "<?php defined('BLUDIT') or die('Bludit CMS.'); ?>".PHP_EOL;
} }
@ -81,33 +77,37 @@ class dbJSON
$this->dbBackup = $this->db; $this->dbBackup = $this->db;
// LOCK_EX flag to prevent anyone else writing to the file at the same time. // LOCK_EX flag to prevent anyone else writing to the file at the same time.
if( file_put_contents($this->file, $data, LOCK_EX) ) { if (file_put_contents($this->file, $data, LOCK_EX)) {
return true; return true;
} } else {
else { Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.', LOG_TYPE_ERROR);
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.');
return false; return false;
} }
} }
// Returns a JSON encoded string on success or FALSE on failure. // Returns a JSON encoded string on success or FALSE on failure
private function serialize($data) private function serialize($data)
{ {
if (DEBUG_MODE) {
return json_encode($data, JSON_PRETTY_PRINT); return json_encode($data, JSON_PRETTY_PRINT);
} }
return json_encode($data);
// Returns the value encoded in json in appropriate PHP type.
private function unserialize($data)
{
// NULL is returned if the json cannot be decoded.
$decode = json_decode($data, true);
// If NULL returns false.
if(empty($decode)) {
return false;
} }
// Returns the value encoded in json in appropriate PHP type
private function unserialize($data)
{
// NULL is returned if the json cannot be decoded
$decode = json_decode($data, true);
if (empty($decode)) {
return false;
}
return $decode; return $decode;
} }
public function getDB()
{
return $this->db;
}
} }

View File

@ -19,9 +19,9 @@ checkRole(array('admin'));
// ============================================================================ // ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['delete'])) { if ($_POST['action']=='delete') {
deleteCategory($_POST); deleteCategory($_POST);
} elseif (isset($_POST['edit'])) { } elseif ($_POST['action']=='edit') {
editCategory($_POST); editCategory($_POST);
} }

View File

@ -39,14 +39,16 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Main after POST // Main after POST
// ============================================================================ // ============================================================================
$username = $layout['parameters'];
// Prevent non-administrators to change other users // Prevent non-administrators to change other users
if ($login->role()!=='admin') { if ($login->role()!=='admin') {
$layout['parameters'] = $login->username(); $username = $login->username();
} }
// Get the user to edit try {
$user = $dbUsers->get($layout['parameters']); $user = new User($username);
if ($user===false) { } catch (Exception $e) {
Redirect::page('users'); Redirect::page('users');
} }

View File

@ -25,6 +25,12 @@ function checkLogin($args)
} }
// Renew the token. This token will be the same inside the session for multiple forms. // Renew the token. This token will be the same inside the session for multiple forms.
$security->generateTokenCSRF(); $security->generateTokenCSRF();
// Users with the role reader do not need access to dashboard
if ($login->role()=='reader') {
Redirect::home();
}
Redirect::page('dashboard'); Redirect::page('dashboard');
return true; return true;
} }

View File

@ -4,6 +4,8 @@
// Check role // Check role
// ============================================================================ // ============================================================================
checkRole(array('admin', 'moderator', 'editor'));
// ============================================================================ // ============================================================================
// Functions // Functions
// ============================================================================ // ============================================================================

View File

@ -33,9 +33,10 @@ if ($login->role()!=='admin') {
$layout['parameters'] = $login->username(); $layout['parameters'] = $login->username();
} }
// Get the user to edit try {
$user = $dbUsers->get($layout['parameters']); $username = $layout['parameters'];
if ($user===false) { $user = new User($username);
} catch (Exception $e) {
Redirect::page('users'); Redirect::page('users');
} }

View File

@ -2,6 +2,37 @@
class Bootstrap { class Bootstrap {
public static function modal($args) {
$buttonSecondary = $args['buttonSecondary'];
$buttonSecondaryClass = $args['buttonSecondaryClass'];
$buttonPrimary = $args['buttonPrimary'];
$buttonPrimaryClass = $args['buttonPrimaryClass'];
$modalText = $args['modalText'];
$modalTitle = $args['modalTitle'];
$modalId = $args['modalId'];
return <<<EOF
<div id="$modalId" class="modal fade" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-body">
<h3>$modalTitle</h3>
<p>$modalText</p>
</div>
<div class="modal-footer">
<button type="button" class="$buttonSecondaryClass btn btn-secondary" data-dismiss="modal">$buttonSecondary</button>
<button type="button" class="$buttonPrimaryClass btn btn-primary">$buttonPrimary</button>
</div>
</div>
</div>
</div>
EOF;
}
public static function link($args) public static function link($args)
{ {
$options = 'href="'.$args['href'].'"'; $options = 'href="'.$args['href'].'"';

View File

@ -2,13 +2,18 @@
echo Bootstrap::pageTitle(array('title'=>$L->g('Edit Category'), 'icon'=>'tags')); echo Bootstrap::pageTitle(array('title'=>$L->g('Edit Category'), 'icon'=>'tags'));
echo Bootstrap::formOpen(array()); echo Bootstrap::formOpen(array('id'=>'jsform'));
echo Bootstrap::formInputHidden(array( echo Bootstrap::formInputHidden(array(
'name'=>'tokenCSRF', 'name'=>'tokenCSRF',
'value'=>$security->getTokenCSRF() 'value'=>$security->getTokenCSRF()
)); ));
echo Bootstrap::formInputHidden(array(
'name'=>'action',
'value'=>'edit'
));
echo Bootstrap::formInputHidden(array( echo Bootstrap::formInputHidden(array(
'name'=>'oldKey', 'name'=>'oldKey',
'value'=>$categoryMap['key'] 'value'=>$categoryMap['key']
@ -44,10 +49,34 @@ echo Bootstrap::formOpen(array());
echo ' echo '
<div class="form-group mt-4"> <div class="form-group mt-4">
<button type="submit" class="btn btn-primary mr-2" name="edit">'.$L->g('Save').'</button> <button type="submit" class="btn btn-primary">'.$L->g('Save').'</button>
<button type="submit" class="btn btn-secondary mr-2" name="delete">'.$L->g('Delete').'</button>
<a class="btn btn-secondary" href="'.HTML_PATH_ADMIN_ROOT.'categories" role="button">'.$L->g('Cancel').'</a> <a class="btn btn-secondary" href="'.HTML_PATH_ADMIN_ROOT.'categories" role="button">'.$L->g('Cancel').'</a>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#jsdeleteModal">'.$L->g('Delete').'</button>
</div> </div>
'; ';
echo Bootstrap::formClose(); echo Bootstrap::formClose();
?>
<!-- Modal for delete category -->
<?php
echo Bootstrap::modal(array(
'buttonPrimary'=>'Delete',
'buttonPrimaryClass'=>'jsbuttonDeleteAccept',
'buttonSecondary'=>'Cancel',
'buttonSecondaryClass'=>'',
'modalTitle'=>'Delete category',
'modalText'=>'Are you sure you want to delete the category ?',
'modalId'=>'jsdeleteModal'
));
?>
<script>
$(document).ready(function() {
// Delete content
$(".jsbuttonDeleteAccept").on("click", function() {
$("#jsaction").val("delete");
$("#jsform").submit();
});
});
</script>

View File

@ -88,7 +88,7 @@
<a href="<?php echo HTML_PATH_ADMIN_ROOT ?>dashboard" class="btn btn-secondary"><?php echo $L->g('Cancel') ?></a> <a href="<?php echo HTML_PATH_ADMIN_ROOT ?>dashboard" class="btn btn-secondary"><?php echo $L->g('Cancel') ?></a>
<?php <?php
if (count($page->children())===0) { if (count($page->children())===0) {
echo '<button type="button" class="jsbuttonDelete btn btn-secondary">'.$L->g('Delete').'</button>'; echo '<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#jsdeletePageModal">'.$L->g('Delete').'</button>';
} }
?> ?>
</div> </div>
@ -249,6 +249,28 @@
?> ?>
</div> </div>
<!-- Modal for delete page -->
<?php echo Bootstrap::modal(array(
'buttonPrimary'=>'Delete',
'buttonPrimaryClass'=>'jsbuttonDeleteAccept',
'buttonSecondary'=>'Cancel',
'buttonSecondaryClass'=>'',
'modalTitle'=>'Delete content',
'modalText'=>'Are you sure you want to delete: <b>'.$page->title().'</b>',
'modalId'=>'jsdeletePageModal'
));
?>
<script>
$(document).ready(function() {
// Delete content
$(".jsbuttonDeleteAccept").on("click", function() {
$("#jstype").val("delete");
$("#jscontent").val("");
$("#jsform").submit();
});
});
</script>
<!-- Modal for Categories --> <!-- Modal for Categories -->
<div id="jscategoryModal" class="modal fade" tabindex="-1" role="dialog"> <div id="jscategoryModal" class="modal fade" tabindex="-1" role="dialog">
<div class="modal-dialog"> <div class="modal-dialog">
@ -369,13 +391,6 @@ $(document).ready(function() {
$("#jsform").submit(); $("#jsform").submit();
}); });
// Button Delete
$(".jsbuttonDelete").on("click", function() {
$("#jstype").val("delete");
$("#jscontent").val("");
$("#jsform").submit();
});
// External cover image // External cover image
$("#jsexternalCoverImage").change(function() { $("#jsexternalCoverImage").change(function() {
$("#jscoverImage").val( $(this).val() ); $("#jscoverImage").val( $(this).val() );

View File

@ -28,7 +28,7 @@ echo Bootstrap::formOpen(array());
echo Bootstrap::formSelect(array( echo Bootstrap::formSelect(array(
'name'=>'role', 'name'=>'role',
'label'=>$L->g('Role'), 'label'=>$L->g('Role'),
'options'=>array('editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')), 'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
'selected'=>$user->role(), 'selected'=>$user->role(),
'class'=>'', 'class'=>'',
'tip'=>'' 'tip'=>''
@ -127,14 +127,6 @@ echo Bootstrap::formOpen(array());
'tip'=>'' 'tip'=>''
)); ));
echo Bootstrap::formInputText(array(
'name'=>'codepen',
'label'=>'Codepen',
'value'=>$user->codepen(),
'class'=>'',
'tip'=>''
));
echo Bootstrap::formInputText(array( echo Bootstrap::formInputText(array(
'name'=>'googlePlus', 'name'=>'googlePlus',
'label'=>'Google+', 'label'=>'Google+',
@ -151,6 +143,38 @@ echo Bootstrap::formOpen(array());
'tip'=>'' 'tip'=>''
)); ));
echo Bootstrap::formInputText(array(
'name'=>'codepen',
'label'=>'Codepen',
'value'=>$user->codepen(),
'class'=>'',
'tip'=>''
));
echo Bootstrap::formInputText(array(
'name'=>'linkedin',
'label'=>'Linkedin',
'value'=>$user->linkedin(),
'class'=>'',
'tip'=>''
));
echo Bootstrap::formInputText(array(
'name'=>'github',
'label'=>'Github',
'value'=>$user->github(),
'class'=>'',
'tip'=>''
));
echo Bootstrap::formInputText(array(
'name'=>'gitlab',
'label'=>'Gitlab',
'value'=>$user->gitlab(),
'class'=>'',
'tip'=>''
));
echo ' echo '
<div class="form-group mt-4"> <div class="form-group mt-4">
<button type="submit" class="btn btn-primary mr-2" name="save">'.$L->g('Save').'</button> <button type="submit" class="btn btn-primary mr-2" name="save">'.$L->g('Save').'</button>

View File

@ -41,8 +41,8 @@ echo Bootstrap::formOpen(array());
echo Bootstrap::formSelect(array( echo Bootstrap::formSelect(array(
'name'=>'role', 'name'=>'role',
'label'=>$L->g('Role'), 'label'=>$L->g('Role'),
'options'=>array('editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')), 'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
'selected'=>'editor', 'selected'=>'reader',
'class'=>'', 'class'=>'',
'tip'=>'' 'tip'=>''
)); ));

View File

@ -24,23 +24,30 @@ echo '
<tbody> <tbody>
'; ';
$users = $dbUsers->getAllUsers(); $list = $dbUsers->getAllUsernames();
foreach ($users as $username=>$User) { foreach ($list as $username) {
try {
$user = new User($username);
echo '<tr>'; echo '<tr>';
echo '<td><a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$username.'">'.$username.'</a></td>'; echo '<td><a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$username.'">'.$username.'</a></td>';
echo '<td class="d-none d-lg-table-cell">'.$User->firstName().'</td>'; echo '<td class="d-none d-lg-table-cell">'.$user->firstName().'</td>';
echo '<td class="d-none d-lg-table-cell">'.$User->lastName().'</td>'; echo '<td class="d-none d-lg-table-cell">'.$user->lastName().'</td>';
echo '<td>'.$User->email().'</td>'; echo '<td>'.$user->email().'</td>';
echo '<td>'.($User->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>'; echo '<td>'.($user->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>';
if ($User->role()=='admin') { if ($user->role()=='admin') {
echo '<td>'.$L->g('Administrator').'</td>'; echo '<td>'.$L->g('Administrator').'</td>';
} elseif ($User->role()=='moderator') { } elseif ($user->role()=='moderator') {
echo '<td>'.$L->g('Moderator').'</td>'; echo '<td>'.$L->g('Moderator').'</td>';
} elseif ($User->role()=='editor') { } elseif ($user->role()=='editor') {
echo '<td>'.$L->g('Editor').'</td>'; echo '<td>'.$L->g('Editor').'</td>';
} else {
echo '<td>'.$L->g('Reader').'</td>';
} }
echo '<td class="d-none d-lg-table-cell">'.Date::format($User->registered(), DB_DATE_FORMAT, ADMIN_PANEL_DATE_FORMAT).'</td>'; echo '<td class="d-none d-lg-table-cell">'.Date::format($user->registered(), DB_DATE_FORMAT, ADMIN_PANEL_DATE_FORMAT).'</td>';
echo '</tr>'; echo '</tr>';
} catch (Exception $e) {
// Continue
}
} }
echo ' echo '

View File

@ -1,5 +1,12 @@
<?php defined('BLUDIT') or die('Bludit CMS.'); <?php defined('BLUDIT') or die('Bludit CMS.');
// // Start session if the cookie is defined
// if (Cookie::get('BLUDIT-KEY')) {
// if (!Session::started()) {
// Session::start();
// }
// }
// Load plugins rules // Load plugins rules
include(PATH_RULES.'60.plugins.php'); include(PATH_RULES.'60.plugins.php');
@ -32,3 +39,4 @@ Theme::plugins('afterSiteLoad');
// Plugins after all // Plugins after all
Theme::plugins('afterAll'); Theme::plugins('afterAll');

View File

@ -33,6 +33,22 @@ class dbPages extends dbJSON {
return $this->dbFields; return $this->dbFields;
} }
// Return an array with the database for a page, FALSE otherwise
public function getPageDB($key)
{
if ($this->exists($key)) {
return $this->db[$key];
}
return false;
}
// Return TRUE if the page exists, FALSE otherwise
public function exists($key)
{
return isset( $this->db[$key] );
}
// Create a new page // Create a new page
// This function returns the key of the new page // This function returns the key of the new page
public function add($args, $climode=false) public function add($args, $climode=false)
@ -389,16 +405,6 @@ class dbPages extends dbJSON {
return $tmp; return $tmp;
} }
// Return an array with the database for a page, FALSE otherwise
public function getPageDB($key)
{
if ($this->exists($key)) {
return $this->db[$key];
}
return false;
}
// Returns the next number of the bigger position // Returns the next number of the bigger position
public function nextPositionNumber() public function nextPositionNumber()
{ {
@ -515,11 +521,7 @@ class dbPages extends dbJSON {
return $list; return $list;
} }
// Return TRUE if the page exists, FALSE otherwise
public function exists($key)
{
return isset( $this->db[$key] );
}
public function sortBy() public function sortBy()
{ {
@ -787,12 +789,6 @@ class dbPages extends dbJSON {
return Text::firstCharUp($field).': '.$value; return Text::firstCharUp($field).': '.$value;
} }
// Returns the database
public function getDB()
{
return $this->db;
}
// Returns an Array, array('tagSlug'=>'tagName') // Returns an Array, array('tagSlug'=>'tagName')
// (string) $tags, tag list separeted by comma. // (string) $tags, tag list separeted by comma.
public function generateTags($tags) public function generateTags($tags)

View File

@ -1,24 +1,26 @@
<?php defined('BLUDIT') or die('Bludit CMS.'); <?php defined('BLUDIT') or die('Bludit CMS.');
class dbUsers extends dbJSON class dbUsers extends dbJSON {
{
public $dbFields = array( public $dbFields = array(
'firstName'=> array('inFile'=>false, 'value'=>''), 'firstName'=>'',
'lastName'=> array('inFile'=>false, 'value'=>''), 'lastName'=>'',
'username'=> array('inFile'=>false, 'value'=>''), 'role'=>'editor', // admin, moderator, editor, reader
'role'=> array('inFile'=>false, 'value'=>'editor'), 'password'=>'',
'password'=> array('inFile'=>false, 'value'=>''), 'salt'=>'!Pink Floyd!Welcome to the machine!',
'salt'=> array('inFile'=>false, 'value'=>'!Pink Floyd!Welcome to the machine!'), 'email'=>'',
'email'=> array('inFile'=>false, 'value'=>''), 'registered'=>'1985-03-15 10:00',
'registered'=> array('inFile'=>false, 'value'=>'1985-03-15 10:00'), 'tokenRemember'=>'',
'tokenRemember'=> array('inFile'=>false, 'value'=>''), 'tokenAuth'=>'',
'tokenAuth'=> array('inFile'=>false, 'value'=>''), 'tokenAuthTTL'=>'2009-03-15 14:00',
'tokenAuthTTL'=> array('inFile'=>false, 'value'=>'2009-03-15 14:00'), 'twitter'=>'',
'twitter'=> array('inFile'=>false, 'value'=>''), 'facebook'=>'',
'facebook'=> array('inFile'=>false, 'value'=>''), 'googlePlus'=>'',
'codepen'=> array('inFile'=>false, 'value'=>''), 'instagram'=>'',
'googlePlus'=> array('inFile'=>false, 'value'=>''), 'codepen'=>'',
'instagram'=> array('inFile'=>false, 'value'=>'') 'linkedin'=>'',
'github'=>'',
'gitlab'=>''
); );
function __construct() function __construct()
@ -26,6 +28,26 @@ class dbUsers extends dbJSON
parent::__construct(DB_USERS); parent::__construct(DB_USERS);
} }
public function getDefaultFields()
{
return $this->dbFields;
}
// Return an array with the database of the user, FALSE otherwise
public function getUserDB($username)
{
if ($this->exists($username)) {
return $this->db[$username];
}
return false;
}
// Return TRUE if the user exists, FALSE otherwise
public function exists($username)
{
return isset($this->db[$username]);
}
// Disable the user // Disable the user
public function disableUser($username) public function disableUser($username)
{ {
@ -33,64 +55,69 @@ class dbUsers extends dbJSON
return $this->save(); return $this->save();
} }
// Return TRUE if the user exists, FALSE otherwise // Add a new user
public function exists($username)
{
return isset($this->db[$username]);
}
// Create a new user
public function add($args) public function add($args)
{ {
$dataForDb = array(); // The username is store as key and not as field
$username = $args['username'];
// Verify arguments with the database fields // The password is hashed, the password doesn't need to be sanitize in the next step
foreach ($this->dbFields as $field=>$options) { $password = $args['password'];
$row = array();
foreach ($this->dbFields as $field=>$value) {
if (isset($args[$field])) { if (isset($args[$field])) {
$value = Sanitize::html($args[$field]); // Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]);
} else { } else {
$value = $options['value']; // Default value for the field if not defined
$finalValue = $value;
}
settype($finalValue, gettype($value));
$row[$field] = $finalValue;
} }
// Set type $row['registered'] = Date::current(DB_DATE_FORMAT);
settype($value, gettype($options['value'])); $row['salt'] = $this->generateSalt();
$dataForDb[$field] = $value; $row['password'] = $this->generatePasswordHash($password, $row['salt']);
} $row['tokenAuth'] = $this->generateAuthToken();
$dataForDb['registered'] = Date::current(DB_DATE_FORMAT);
$dataForDb['salt'] = $this->generateSalt();
$dataForDb['password'] = $this->generatePasswordHash($dataForDb['password'], $dataForDb['salt']);
$dataForDb['tokenAuth'] = $this->generateAuthToken();
// Save the database // Save the database
$this->db[$dataForDb['username']] = $dataForDb; $this->db[$username] = $row;
return $this->save(); return $this->save();
} }
// Set the parameters of a user // Edit an user
public function set($args) public function set($args)
{ {
// Current database of the user // The username is store as key and not as field
$user = $this->db[$args['username']]; $username = $args['username'];
// Verify arguments with the database fields // Current database of the user
foreach ($args as $field=>$value) { $row = $this->db[$username];
if (isset($this->dbFields[$field])) { foreach ($this->dbFields as $field=>$value) {
$value = Sanitize::html($value); if ($field!=='password') {
settype($value, gettype($this->dbFields[$field]['value'])); if (isset($args[$field])) {
$user[$field] = $value; // Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]);
} else {
// Default value is the current one
$finalValue = $row[$field];
}
settype($finalValue, gettype($value));
$row[$field] = $finalValue;
} }
} }
// Set a new password // Set a new password
if (!empty($args['password'])) { if (!empty($args['password'])) {
$user['salt'] = $this->generateSalt(); $row['salt'] = $this->generateSalt();
$user['password'] = $this->generatePasswordHash($args['password'], $user['salt']); $row['password'] = $this->generatePasswordHash($args['password'], $row['salt']);
$user['tokenAuth'] = $this->generateAuthToken(); $row['tokenAuth'] = $this->generateAuthToken();
} }
// Save the database // Save the database
$this->db[$args['username']] = $user; $this->db[$username] = $row;
return $this->save(); return $this->save();
} }
@ -101,27 +128,6 @@ class dbUsers extends dbJSON
return $this->save(); return $this->save();
} }
// DEPRECATED
public function getUser($username)
{
return $this->get($username);
}
// Returns an User Object
public function get($username)
{
if ($this->exists($username)) {
$User = new User();
$User->setField('username', $username);
foreach ($this->db[$username] as $key=>$value) {
$User->setField($key, $value);
}
return $User;
}
return false;
}
public function generateAuthToken() public function generateAuthToken()
{ {
return md5( uniqid().time().DOMAIN ); return md5( uniqid().time().DOMAIN );
@ -201,26 +207,8 @@ class dbUsers extends dbJSON
return $this->save(); return $this->save();
} }
// Returns array with the username databases filtered by username, FALSE otherwise public function getAllUsernames()
public function getDB($username)
{ {
if ($this->exists($username)) { return array_keys($this->db);
return $this->db[$username];
}
return false;
}
public function getAll()
{
return $this->db;
}
public function getAllUsers()
{
$tmp = array();
foreach ($this->db as $username=>$fields) {
$tmp[$username] = $this->getUser($username);
}
return $tmp;
} }
} }

View File

@ -27,7 +27,7 @@ function buildErrorPage() {
$pageNotFound = New PageX(false); $pageNotFound = New PageX(false);
$pageNotFound->setField('title', $language->get('page-not-found')); $pageNotFound->setField('title', $language->get('page-not-found'));
$pageNotFound->setField('content', $language->get('page-not-found-content')); $pageNotFound->setField('content', $language->get('page-not-found-content'));
$pageNotFound->setField('user', $dbUsers->getUser('admin')); $pageNotFound->setField('username', 'admin');
} }
return $pageNotFound; return $pageNotFound;
@ -47,8 +47,7 @@ function buildThePage() {
return false; return false;
} }
// Check if the page is NOT published if ( $page->draft() || $page->scheduled() ) {
if ( !$page->published() ) {
$url->setNotFound(); $url->setNotFound();
return false; return false;
} }
@ -648,6 +647,9 @@ function checkRole($allowRoles, $redirect=true) {
)); ));
Alert::set($Language->g('You do not have sufficient permissions')); Alert::set($Language->g('You do not have sufficient permissions'));
if ($userRole=='reader') {
Redirect::home();
}
Redirect::page('dashboard'); Redirect::page('dashboard');
} }
return false; return false;
@ -717,14 +719,14 @@ function deleteCategory($args) {
global $syslog; global $syslog;
// Remove the category by key // Remove the category by key
$dbCategories->remove($args['oldCategoryKey']); $dbCategories->remove($args['oldKey']);
// Remove the category from the pages ? or keep it if the user want to recovery the category ? // Remove the category from the pages ? or keep it if the user want to recovery the category ?
// Add to syslog // Add to syslog
$syslog->add(array( $syslog->add(array(
'dictionaryKey'=>'category-deleted', 'dictionaryKey'=>'category-deleted',
'notes'=>$args['oldCategoryKey'] 'notes'=>$args['oldKey']
)); ));
Alert::set($Language->g('The changes have been saved')); Alert::set($Language->g('The changes have been saved'));

View File

@ -1,6 +1,6 @@
<?php defined('BLUDIT') or die('Bludit CMS.'); <?php defined('BLUDIT') or die('Bludit CMS.');
class Session { class Session {
private static $started = false; private static $started = false;
private static $sessionName = 'BLUDIT-KEY'; private static $sessionName = 'BLUDIT-KEY';

View File

@ -130,8 +130,9 @@ class Text {
if (EXTREME_FRIENDLY_URL) { if (EXTREME_FRIENDLY_URL) {
$string = self::lowercase($string); $string = self::lowercase($string);
$string = trim($string, $separator);
$string = preg_replace("/[\/_|+:!@#$%^&*(). -]+/", $separator, $string); $string = preg_replace("/[\/_|+:!@#$%^&*(). -]+/", $separator, $string);
$string = trim($string, '-'); $string = trim($string, $separator);
return $string; return $string;
} }

View File

@ -104,15 +104,15 @@ class Login {
return false; return false;
} }
$user = $this->dbUsers->getDB($username); try {
if ($user==false) { $user = new User($username);
Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username); } catch (Exception $e) {
return false; return false;
} }
$passwordHash = $this->dbUsers->generatePasswordHash($password, $user['salt']); $passwordHash = $this->dbUsers->generatePasswordHash($password, $user->salt());
if ($passwordHash===$user['password']) { if ($passwordHash===$user->password()) {
$this->setLogin($username, $user['role']); $this->setLogin($username, $user->role());
Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username); Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username);
return true; return true;
} }

View File

@ -40,7 +40,6 @@ class PageX {
return false; return false;
} }
// Set a field with a value
public function setField($field, $value) public function setField($field, $value)
{ {
$this->vars[$field] = $value; $this->vars[$field] = $value;
@ -501,7 +500,7 @@ class PageX {
// $complete = true : full version // $complete = true : full version
public function relativeTime($complete = false) { public function relativeTime($complete = false) {
$current = new DateTime; $current = new DateTime;
$past = new DateTime($this->getValue('date')); $past = new DateTime($this->getValue('dateRaw'));
$elapsed = $current->diff($past); $elapsed = $current->diff($past);
$elapsed->w = floor($elapsed->d / 7); $elapsed->w = floor($elapsed->d / 7);

View File

@ -1,104 +1,143 @@
<?php defined('BLUDIT') or die('Bludit CMS.'); <?php defined('BLUDIT') or die('Bludit CMS.');
class User class User {
{ private $vars;
public $db;
public function setField($field, $value) function __construct($username)
{ {
$this->db[$field] = $value; global $dbUsers;
return true; $this->vars['username'] = $username;
if ($username===false) {
$row = $dbUsers->getDefaultFields();
} else {
if (Text::isEmpty($username) || !$dbUsers->exists($username)) {
$errorMessage = 'User not found in database by username ['.$username.']';
Log::set(__METHOD__.LOG_SEP.$errorMessage);
throw new Exception($errorMessage);
}
$row = $dbUsers->getUserDB($username);
} }
public function getField($field) foreach ($row as $field=>$value) {
$this->setField($field, $value);
}
}
public function getValue($field)
{ {
if (isset($this->db[$field])) { if (isset($this->vars[$field])) {
return $this->db[$field]; return $this->vars[$field];
} }
return false; return false;
} }
// Returns username public function setField($field, $value)
{
$this->vars[$field] = $value;
return true;
}
public function getDB()
{
return $this->vars;
}
public function username() public function username()
{ {
return $this->getField('username'); return $this->getValue('username');
} }
public function firstName() public function firstName()
{ {
return $this->getField('firstName'); return $this->getValue('firstName');
} }
public function lastName() public function lastName()
{ {
return $this->getField('lastName'); return $this->getValue('lastName');
} }
public function tokenAuth() public function tokenAuth()
{ {
return $this->getField('tokenAuth'); return $this->getValue('tokenAuth');
} }
public function role() public function role()
{ {
return $this->getField('role'); return $this->getValue('role');
} }
public function password() public function password()
{ {
return $this->getField('password'); return $this->getValue('password');
} }
public function enabled() public function enabled()
{ {
$password = $this->getField('password'); $password = $this->getValue('password');
return $password != '!'; return $password != '!';
} }
public function salt() public function salt()
{ {
return $this->getField('salt'); return $this->getValue('salt');
} }
public function email() public function email()
{ {
return $this->getField('email'); return $this->getValue('email');
} }
public function registered() public function registered()
{ {
return $this->getField('registered'); return $this->getValue('registered');
} }
public function twitter() public function twitter()
{ {
return $this->getField('twitter'); return $this->getValue('twitter');
} }
public function facebook() public function facebook()
{ {
return $this->getField('facebook'); return $this->getValue('facebook');
} }
public function codepen() public function codepen()
{ {
return $this->getField('codepen'); return $this->getValue('codepen');
} }
public function googlePlus() public function googlePlus()
{ {
return $this->getField('googlePlus'); return $this->getValue('googlePlus');
} }
public function instagram() public function instagram()
{ {
return $this->getField('instagram'); return $this->getValue('instagram');
}
public function github()
{
return $this->getValue('github');
}
public function gitlab()
{
return $this->getValue('gitlab');
}
public function linkedin()
{
return $this->getValue('linkedin');
} }
public function profilePicture($absolute=true) public function profilePicture($absolute=true)
{ {
$filename = $this->getField('username').'.png'; $filename = $this->getValue('username').'.png';
if( !file_exists(PATH_UPLOADS_PROFILES.$filename) ) { if( !file_exists(PATH_UPLOADS_PROFILES.$filename) ) {
return '#'; return '#';

View File

@ -161,10 +161,12 @@ EOF;
if (empty($lines)) { if (empty($lines)) {
return 0; return 0;
} }
$login = new Login();
$tmp = array(); $tmp = array();
foreach ($lines as $line) { foreach ($lines as $line) {
$key = json_decode($line); $data = json_decode($line);
$tmp[$key[0]] = true; $hashIP = $data[0];
$tmp[$hashIP] = true;
} }
return count($tmp); return count($tmp);
} }
@ -173,26 +175,18 @@ EOF;
// The line is a json array with the hash IP of the visitor and the time // The line is a json array with the hash IP of the visitor and the time
public function addVisitor() public function addVisitor()
{ {
// Exclude administrators visits if (Cookie::get('BLUDIT-KEY') && defined('BLUDIT_PRO') && $this->getValue('excludeAdmins')) {
global $login;
if ($this->getValue('excludeAdmins') && defined('BLUDIT_PRO')) {
if ($login->role()=='admin') {
return false; return false;
} }
}
$currentTime = Date::current('Y-m-d H:i:s'); $currentTime = Date::current('Y-m-d H:i:s');
$ip = TCP::getIP(); $ip = TCP::getIP();
if (empty($ip)) {
$ip = session_id();
}
$hashIP = md5($ip); $hashIP = md5($ip);
$line = json_encode(array($hashIP, $currentTime)); $line = json_encode(array($hashIP, $currentTime));
$currentDate = Date::current('Y-m-d'); $currentDate = Date::current('Y-m-d');
$file = $this->workspace().$currentDate.'.log'; $logFile = $this->workspace().$currentDate.'.log';
return file_put_contents($file, $line.PHP_EOL, FILE_APPEND | LOCK_EX)!==false; return file_put_contents($logFile, $line.PHP_EOL, FILE_APPEND | LOCK_EX)!==false;
} }
} }