From bb481498beaa7f3ee48c2af7db317ff154cfbb5e Mon Sep 17 00:00:00 2001 From: Diego Najar Date: Sat, 28 Jul 2018 18:33:37 +0200 Subject: [PATCH] Bug fixes --- .gitignore | 1 + bl-kernel/admin/controllers/content.php | 2 +- bl-kernel/admin/controllers/edit-content.php | 2 +- bl-kernel/admin/controllers/login.php | 2 +- bl-kernel/admin/controllers/new-content.php | 2 +- bl-kernel/admin/themes/booty/html/sidebar.php | 9 ++- bl-kernel/admin/views/content.php | 74 ++++++++++++++++--- bl-kernel/admin/views/edit-content.php | 12 ++- bl-kernel/admin/views/edit-user.php | 25 ++++++- bl-kernel/admin/views/new-user.php | 2 +- bl-kernel/admin/views/users.php | 2 - bl-kernel/ajax/user-logged.php | 2 +- bl-kernel/boot/rules/99.security.php | 12 +-- bl-kernel/dbpages.class.php | 23 ++---- bl-kernel/dbusers.class.php | 3 +- bl-kernel/helpers/log.class.php | 5 +- bl-kernel/helpers/theme.class.php | 5 ++ bl-kernel/js/bludit-ajax.php | 6 +- bl-kernel/login.class.php | 6 +- bl-kernel/pagex.class.php | 32 ++++---- bl-kernel/security.class.php | 2 +- bl-kernel/url.class.php | 6 +- bl-kernel/user.class.php | 5 ++ index.php | 4 - 24 files changed, 171 insertions(+), 73 deletions(-) diff --git a/.gitignore b/.gitignore index d422a0e4..a36cd717 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ bl-plugins/discovery bl-kernel/bludit.pro.php bl-themes/docs bl-themes/docsx +bl-themes/mediumish \ No newline at end of file diff --git a/bl-kernel/admin/controllers/content.php b/bl-kernel/admin/controllers/content.php index 7044229a..33612acb 100644 --- a/bl-kernel/admin/controllers/content.php +++ b/bl-kernel/admin/controllers/content.php @@ -4,7 +4,7 @@ // Check role // ============================================================================ -checkRole(array('admin', 'moderator')); +checkRole(array('admin', 'editor')); // ============================================================================ // Functions diff --git a/bl-kernel/admin/controllers/edit-content.php b/bl-kernel/admin/controllers/edit-content.php index 34326cfa..1582baca 100644 --- a/bl-kernel/admin/controllers/edit-content.php +++ b/bl-kernel/admin/controllers/edit-content.php @@ -4,7 +4,7 @@ // Check role // ============================================================================ -if (!checkRole(array('admin','moderator'), false)) { +if (!checkRole(array('admin','editor'), false)) { try { $pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters']; $page = new PageX($pageKey); diff --git a/bl-kernel/admin/controllers/login.php b/bl-kernel/admin/controllers/login.php index a30cbc85..66ce83e1 100644 --- a/bl-kernel/admin/controllers/login.php +++ b/bl-kernel/admin/controllers/login.php @@ -31,6 +31,7 @@ function checkLogin($args) Redirect::home(); } + // Other user without the role reader redirect to dashboard Redirect::page('dashboard'); return true; } @@ -40,7 +41,6 @@ function checkLogin($args) // Create alert Alert::set($Language->g('Username or password incorrect'), ALERT_STATUS_FAIL); - return false; } diff --git a/bl-kernel/admin/controllers/new-content.php b/bl-kernel/admin/controllers/new-content.php index 739f7c41..69572720 100644 --- a/bl-kernel/admin/controllers/new-content.php +++ b/bl-kernel/admin/controllers/new-content.php @@ -4,7 +4,7 @@ // Check role // ============================================================================ -checkRole(array('admin', 'moderator', 'editor')); +checkRole(array('admin', 'editor')); // ============================================================================ // Functions diff --git a/bl-kernel/admin/themes/booty/html/sidebar.php b/bl-kernel/admin/themes/booty/html/sidebar.php index a97cd767..3a92a4ea 100644 --- a/bl-kernel/admin/themes/booty/html/sidebar.php +++ b/bl-kernel/admin/themes/booty/html/sidebar.php @@ -16,6 +16,13 @@ p('New content') ?> + + +
  • + p('Content') ?> +
    • + +
  • @@ -24,6 +31,7 @@
  • p('Content') ?>
    • +
  • p('Categories') ?>
    • @@ -57,7 +65,6 @@ } } ?> -
  • diff --git a/bl-kernel/admin/views/content.php b/bl-kernel/admin/views/content.php index 3d7a631c..eaf7d0d1 100644 --- a/bl-kernel/admin/views/content.php +++ b/bl-kernel/admin/views/content.php @@ -57,9 +57,9 @@ function table($type) { - - - + + + @@ -111,16 +111,24 @@ function table($type) { try { $page = new PageX($pageKey); echo ''; - echo ''; $friendlyURL = Text::isEmpty($url->filters('page')) ? '/'.$page->key() : '/'.$url->filters('page').'/'.$page->key(); - echo ''; + echo ''; - echo ''; + echo ''; echo ''; } catch (Exception $e) { @@ -160,6 +168,7 @@ function table($type) {
    + 1): ?> +
    @@ -208,3 +218,49 @@ function table($type) { + + +'jsdeletePageModal', + 'modalTitle'=>'Delete content', + 'modalText'=>'Are you sure you ?', + 'buttonPrimary'=>'Delete', + 'buttonPrimaryClass'=>'deletePageModalAcceptButton', + 'buttonSecondary'=>'Cancel', + 'buttonSecondaryClass'=>'' +)); +?> + \ No newline at end of file diff --git a/bl-kernel/admin/views/edit-content.php b/bl-kernel/admin/views/edit-content.php index 37c1195f..4c985e73 100644 --- a/bl-kernel/admin/views/edit-content.php +++ b/bl-kernel/admin/views/edit-content.php @@ -138,10 +138,20 @@ -

    Cover Image

    +

    General

    '', + 'label'=>'User', + 'placeholder'=>'', + 'value'=>$page->username(), + 'tip'=>'', + 'disabled'=>true + )); + // Date echo Bootstrap::formInputText(array( 'name'=>'date', diff --git a/bl-kernel/admin/views/edit-user.php b/bl-kernel/admin/views/edit-user.php index 1f273523..59e95cd9 100644 --- a/bl-kernel/admin/views/edit-user.php +++ b/bl-kernel/admin/views/edit-user.php @@ -1,9 +1,19 @@ $L->g('Edit user'), 'icon'=>'person')); - echo Bootstrap::formOpen(array()); + echo ' +
    +
    + + '.$L->g('Cancel').' +
    +

    + Edit user +

    +
    + '; + echo Bootstrap::formInputHidden(array( 'name'=>'tokenCSRF', 'value'=>$security->getTokenCSRF() @@ -28,7 +38,7 @@ echo Bootstrap::formOpen(array()); echo Bootstrap::formSelect(array( 'name'=>'role', 'label'=>$L->g('Role'), - 'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')), + 'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'admin'=>$L->g('Administrator')), 'selected'=>$user->role(), 'class'=>'', 'tip'=>'' @@ -46,6 +56,15 @@ echo Bootstrap::formOpen(array()); echo Bootstrap::formTitle(array('title'=>$L->g('Profile'))); + echo Bootstrap::formInputText(array( + 'name'=>'nickname', + 'label'=>$L->g('Nickname'), + 'value'=>$user->nickname(), + 'class'=>'', + 'placeholder'=>'', + 'tip'=>'The nickname is almost used in the themes to display the author of the content' + )); + echo Bootstrap::formInputText(array( 'name'=>'firstName', 'label'=>$L->g('First Name'), diff --git a/bl-kernel/admin/views/new-user.php b/bl-kernel/admin/views/new-user.php index aa5dda1f..5ab59f3b 100644 --- a/bl-kernel/admin/views/new-user.php +++ b/bl-kernel/admin/views/new-user.php @@ -41,7 +41,7 @@ echo Bootstrap::formOpen(array()); echo Bootstrap::formSelect(array( 'name'=>'role', 'label'=>$L->g('Role'), - 'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')), + 'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'admin'=>$L->g('Administrator')), 'selected'=>'reader', 'class'=>'', 'tip'=>'' diff --git a/bl-kernel/admin/views/users.php b/bl-kernel/admin/views/users.php index 98aea683..ac5f7c86 100644 --- a/bl-kernel/admin/views/users.php +++ b/bl-kernel/admin/views/users.php @@ -36,8 +36,6 @@ foreach ($list as $username) { echo ''; if ($user->role()=='admin') { echo ''; - } elseif ($user->role()=='moderator') { - echo ''; } elseif ($user->role()=='editor') { echo ''; } else { diff --git a/bl-kernel/ajax/user-logged.php b/bl-kernel/ajax/user-logged.php index 12385a33..61456736 100644 --- a/bl-kernel/ajax/user-logged.php +++ b/bl-kernel/ajax/user-logged.php @@ -21,4 +21,4 @@ exit (json_encode(array( ))); -?> +?> \ No newline at end of file diff --git a/bl-kernel/boot/rules/99.security.php b/bl-kernel/boot/rules/99.security.php index bbbea0e2..f9fd0c0a 100644 --- a/bl-kernel/boot/rules/99.security.php +++ b/bl-kernel/boot/rules/99.security.php @@ -16,15 +16,15 @@ // POST Method // ============================================================================ -if( $_SERVER['REQUEST_METHOD'] == 'POST' ) -{ +if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = isset($_POST['tokenCSRF']) ? Sanitize::html($_POST['tokenCSRF']) : false; - if( !$security->validateTokenCSRF($token) ) { - Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF. Token CSRF ID: '.$token); + if (!$security->validateTokenCSRF($token)) { + Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL); + Log::set(__FILE__.LOG_SEP.'Token via POST ['.$token.']', ALERT_STATUS_FAIL); + Session::destroy(); Redirect::page('login'); - } - else { + } else { unset( $_POST['tokenCSRF'] ); } } diff --git a/bl-kernel/dbpages.class.php b/bl-kernel/dbpages.class.php index 8f46be84..9048afd0 100644 --- a/bl-kernel/dbpages.class.php +++ b/bl-kernel/dbpages.class.php @@ -57,7 +57,9 @@ class dbPages extends dbJSON { // Check values on args and set default values if not exists foreach ($this->dbFields as $field=>$value) { - if (isset($args[$field])) { + if ($field=='tags') { + $finalValue = $this->generateTags($args['tags']); + } elseif (isset($args[$field])) { // Sanitize if will be stored on database $finalValue = Sanitize::html($args[$field]); } else { @@ -100,11 +102,6 @@ class dbPages extends dbJSON { $row['uuid'] = $this->generateUUID(); } - // Tags - if (!empty($row['tags'])) { - $row['tags'] = $this->generateTags($args['tags']); - } - // Validate date if (!Valid::date($row['date'], DB_DATE_FORMAT)) { $row['date'] = Date::current(DB_DATE_FORMAT); @@ -150,7 +147,9 @@ class dbPages extends dbJSON { // Check values on args or set default values foreach ($this->dbFields as $field=>$value) { - if (isset($args[$field])) { + if ($field=='tags') { + $finalValue = $this->generateTags($args['tags']); + } elseif (isset($args[$field])) { // Sanitize if will be stored on database $finalValue = Sanitize::html($args[$field]); } else { @@ -794,23 +793,17 @@ class dbPages extends dbJSON { public function generateTags($tags) { $tmp = array(); - $tags = trim($tags); - - if(empty($tags)) { + if (empty($tags)) { return $tmp; } - // Make array $tags = explode(',', $tags); - - foreach($tags as $tag) - { + foreach ($tags as $tag) { $tag = trim($tag); $tagKey = Text::cleanUrl($tag); $tmp[$tagKey] = $tag; } - return $tmp; } diff --git a/bl-kernel/dbusers.class.php b/bl-kernel/dbusers.class.php index ffd45556..90e535a2 100644 --- a/bl-kernel/dbusers.class.php +++ b/bl-kernel/dbusers.class.php @@ -5,7 +5,8 @@ class dbUsers extends dbJSON { public $dbFields = array( 'firstName'=>'', 'lastName'=>'', - 'role'=>'editor', // admin, moderator, editor, reader + 'nickname'=>'', + 'role'=>'editor', // admin, editor, reader 'password'=>'', 'salt'=>'!Pink Floyd!Welcome to the machine!', 'email'=>'', diff --git a/bl-kernel/helpers/log.class.php b/bl-kernel/helpers/log.class.php index c589ba17..3dfe5c48 100644 --- a/bl-kernel/helpers/log.class.php +++ b/bl-kernel/helpers/log.class.php @@ -4,8 +4,11 @@ class Log { public static function set($text, $type=LOG_TYPE_INFO) { - $messageType = 0; + if (!DEBUG_MODE) { + return false; + } + $messageType = 0; if (is_array($text) ) { error_log('------------------------', $messageType); error_log('Array', $messageType); diff --git a/bl-kernel/helpers/theme.class.php b/bl-kernel/helpers/theme.class.php index 723c90a2..8fd7cbad 100644 --- a/bl-kernel/helpers/theme.class.php +++ b/bl-kernel/helpers/theme.class.php @@ -137,6 +137,11 @@ class Theme { return ''.PHP_EOL; } + public static function src($file, $base=DOMAIN_THEME) + { + return $base.$file; + } + public static function css($files, $base=DOMAIN_THEME) { if( !is_array($files) ) { diff --git a/bl-kernel/js/bludit-ajax.php b/bl-kernel/js/bludit-ajax.php index 07de7487..880685c2 100644 --- a/bl-kernel/js/bludit-ajax.php +++ b/bl-kernel/js/bludit-ajax.php @@ -20,7 +20,7 @@ class bluditAjax { title: title, content: content }, - url: "ajax/save-as-draft" + url: HTML_PATH_ADMIN_ROOT+"ajax/save-as-draft" }); ajaxRequest.done(function (response, textStatus, jqXHR) { @@ -52,7 +52,7 @@ class bluditAjax { data: { tokenCSRF: tokenCSRF // token from env variables }, - url: "ajax/user-logged" + url: HTML_PATH_ADMIN_ROOT+"ajax/user-logged" }); ajaxRequest.done(function (response, textStatus, jqXHR) { @@ -82,7 +82,7 @@ class bluditAjax { parentKey: parentKey, currentKey: currentKey }, - url: "" + url: HTML_PATH_ADMIN_ROOT+"ajax/generate-slug" }); ajaxRequest.done(function (response, textStatus, jqXHR) { diff --git a/bl-kernel/login.class.php b/bl-kernel/login.class.php index 5a7daf4f..089ceec9 100644 --- a/bl-kernel/login.class.php +++ b/bl-kernel/login.class.php @@ -44,7 +44,7 @@ class Login { } } - Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. Current fingerPrint: '.Session::get('fingerPrint').' !== Current fingerPrint: '.$this->fingerPrint()); + Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. ['.Session::get('fingerPrint').'] != ['.$this->fingerPrint().']'); return false; } @@ -56,7 +56,7 @@ class Login { Session::set('fingerPrint', $this->fingerPrint()); Session::set('sessionTime', time()); - Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint: '.$this->fingerPrint()); + Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint ['.$this->fingerPrint().']'); } public function setRememberMe($username) @@ -113,7 +113,7 @@ class Login { $passwordHash = $this->dbUsers->generatePasswordHash($password, $user->salt()); if ($passwordHash===$user->password()) { $this->setLogin($username, $user->role()); - Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username); + Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username ['.$username.']'); return true; } diff --git a/bl-kernel/pagex.class.php b/bl-kernel/pagex.class.php index 5c8e622b..61cb2b8e 100644 --- a/bl-kernel/pagex.class.php +++ b/bl-kernel/pagex.class.php @@ -205,12 +205,19 @@ class PageX { return false; } - // Returns the user object - public function user() + // Returns the user object or passing the method returns the object User method + public function user($method=false) { - global $dbUsers; $username = $this->username(); - return $dbUsers->getUser($username); + try { + $user = new User($username); + if ($method) { + return $user->{$method}(); + } + return $user; + } catch (Exception $e) { + return false; + } } public function template() @@ -226,23 +233,22 @@ class PageX { // Returns the tags separated by comma // (boolean) $returnsArray, TRUE to get the tags as an array, FALSE to get the tags separeted by comma + // The tags in array format returns array( tagKey => tagName ) public function tags($returnsArray=false) { $tags = $this->getValue('tags'); - - if($returnsArray) { - if($tags==false) { + if ($returnsArray) { + if (empty($tags)) { return array(); } return $tags; } - else { - if($tags==false) { - return false; - } - // Return string with tags separeted by comma. - return implode(', ', $tags); + + if (empty($tags)) { + return ''; } + // Return string with tags separeted by comma. + return implode(', ', $tags); } public function json($returnsArray=false) diff --git a/bl-kernel/security.class.php b/bl-kernel/security.class.php index 0c9747ec..7f406d1a 100644 --- a/bl-kernel/security.class.php +++ b/bl-kernel/security.class.php @@ -22,7 +22,7 @@ class Security extends dbJSON { $token = sha1( uniqid().time() ); Session::set('tokenCSRF', $token); - Log::set('New Token CSRF: '.$token); + Log::set(__METHOD__.LOG_SEP.'New Token CSRF ['.$token.']'); } // Validate the token diff --git a/bl-kernel/url.class.php b/bl-kernel/url.class.php index 6630987f..3aa0b998 100644 --- a/bl-kernel/url.class.php +++ b/bl-kernel/url.class.php @@ -118,15 +118,13 @@ class Url return $this->uri; } - // Return the filter used + // Return the filter filter by type public function filters($type, $trim=true) { $filter = $this->filters[$type]; - - if($trim) { + if ($trim) { $filter = trim($filter, '/'); } - return $filter; } diff --git a/bl-kernel/user.class.php b/bl-kernel/user.class.php index 00d20b8d..6a96a489 100644 --- a/bl-kernel/user.class.php +++ b/bl-kernel/user.class.php @@ -49,6 +49,11 @@ class User { return $this->getValue('username'); } + public function nickname() + { + return $this->getValue('nickname'); + } + public function firstName() { return $this->getValue('firstName'); diff --git a/index.php b/index.php index 10db1134..d72a1827 100644 --- a/index.php +++ b/index.php @@ -40,7 +40,3 @@ if ($url->whereAmI()==='admin') { else { require(PATH_BOOT.'site.php'); } - -$endLoadTime = microtime(true); -$time = $endLoadTime - $loadTime; -var_dump($time); \ No newline at end of file
    '.$Language->g('Title').''.$Language->g('URL').''.( ((ORDER_BY=='position') || ($type!='published'))?$Language->g('Position'):$Language->g('Creation date')).''.$Language->g('Title').''.$Language->g('URL').'Actions
    - ' - .($page->title()?$page->title():''.$Language->g('Empty title').' ') - .' + echo ' + +
    +

    '.( ((ORDER_BY=='position') || ($type!='published'))?'Position: '.$page->position():$page->relativeTime() ).'

    +
    		'.$friendlyURL.''.$friendlyURL.''.( ((ORDER_BY=='position') || ($type!='published'))?$page->position():$page->dateRaw(ADMIN_PANEL_DATE_FORMAT) ).''.PHP_EOL; + echo 'Edit'.PHP_EOL; + echo ''.PHP_EOL; + echo '
    '.($user->enabled()?''.$L->g('Enabled').'':$L->g('Disabled')).''.$L->g('Administrator').''.$L->g('Moderator').''.$L->g('Editor').'