Nemcio/Batflat
1
0
Fork 0
mirror of https://github.com/sruupl/batflat.git synced 2026-01-20 12:32:03 +01:00
Code Issues Packages Projects Releases Activity

Merge pull request #116 from sruupl/develop

Browse Source 
General security improvements
This commit is contained in:
Paweł Klockiewicz
2021-09-26 14:42:36 +02:00
committed by GitHub
parent b0632650f7 b48a50862c
commit 52040f71ec
20 changed files with 304 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
inc/lang/pt_portuguese/.lock Normal file
View File

28
inc/modules/galleries/Admin.php
View File

@@ -53,15 +53,16 @@ class Admin extends AdminModule
public function anyAdd()
{
$location = [ADMIN, 'galleries', 'manage'];
if (!empty($_POST['name'])) {
$name = trim($_POST['name']);
$name = htmlspecialchars(trim($_POST['name']), ENT_NOQUOTES, 'UTF-8');
if (!$this->db('galleries')->where('slug', createSlug($name))->count()) {
$query = $this->db('galleries')->save(['name' => $name, 'slug' => createSlug($name)]);
if ($query) {
$id = $this->db()->lastInsertId();
$dir = $this->_uploads.'/'.$id;
$id = $this->db()->lastInsertId();
$dir = $this->_uploads.'/'.$id;
if (mkdir($dir, 0755, true)) {
$this->notify('success', $this->lang('add_gallery_success'));
@@ -76,7 +77,7 @@ class Admin extends AdminModule
} else {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
}
redirect(url($location));
}
@@ -142,7 +143,7 @@ class Admin extends AdminModule
$this->core->addCSS(url('inc/jscripts/lightbox/lightbox.min.css'));
$this->core->addJS(url('inc/jscripts/lightbox/lightbox.min.js'));
$this->core->addJS(url('inc/jscripts/are-you-sure.min.js'));
return $this->draw('edit.html', ['gallery' => $assign]);
}
@@ -151,13 +152,15 @@ class Admin extends AdminModule
*/
public function postSaveSettings($id)
{
if (checkEmptyFields(['name', 'sort'], $_POST)) {
$formData = htmlspecialchars_array($_POST);
if (checkEmptyFields(['name', 'sort'], $formData)) {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
redirect(url([ADMIN, 'galleries', 'edit', $id]));
}
$_POST['slug'] = createSlug($_POST['name']);
if ($this->db('galleries')->where($id)->save($_POST)) {
$formData['slug'] = createSlug($formData['name']);
if ($this->db('galleries')->where($id)->save($formData)) {
$this->notify('success', $this->lang('save_settings_success'));
}
@@ -185,8 +188,8 @@ class Admin extends AdminModule
*/
public function postUpload($id)
{
$dir = $this->_uploads.'/'.$id;
$cntr = 0;
$dir = $this->_uploads.'/'.$id;
$cntr = 0;
if (!is_uploaded_file($_FILES['files']['tmp_name'][0])) {
$this->notify('failure', $this->lang('no_files'));
@@ -197,7 +200,7 @@ class Admin extends AdminModule
if ($img->load($image)) {
$imgName = time().$cntr++;
$imgPath = $dir.'/'.$imgName.'.'.$img->getInfos('type');
$src = [];
$src = [];
// oryginal size
$img->save($imgPath);
@@ -232,6 +235,7 @@ class Admin extends AdminModule
public function getDeleteImage($id)
{
$image = $this->db('galleries_items')->where($id)->oneArray();
if (!empty($image)) {
if ($this->db('galleries_items')->delete($id)) {
$images = unserialize($image['src']);

13
inc/modules/galleries/Info.php
View File

@@ -10,13 +10,12 @@
*/
return [
'name' => $core->lang['galleries']['module_name'],
'description' => $core->lang['galleries']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.0',
'compatibility' => '1.3.*',
'icon' => 'camera',
'name' => $core->lang['galleries']['module_name'],
'description' => $core->lang['galleries']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.1',
'compatibility' => '1.3.*',
'icon' => 'camera',
'install' => function () use ($core) {
$core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `galleries` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT,

3
inc/modules/galleries/Site.php
View File

@@ -33,7 +33,7 @@ class Site extends SiteModule
} else {
$items = $this->db('galleries_items')->where('gallery', $gallery['id'])->desc('id')->toArray();
}
$tempAssign = $gallery;
if (count($items)) {
@@ -51,6 +51,7 @@ class Site extends SiteModule
}
}
}
$this->tpl->set('gallery', $assign);
$this->core->addCSS(url('inc/jscripts/lightbox/lightbox.min.css'));

2
inc/modules/galleries/view/admin/edit.html
View File

@@ -60,7 +60,7 @@
<h3 class="panel-title">{$lang.galleries.settings}</h3>
</div>
<div class="panel-body">
<form action="{?=url(ADMIN.'/galleries/saveSettings/'.$gallery.id)?}" method="POST">
<form action="{?=url(ADMIN.'/galleries/saveSettings/'.$gallery.id)?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" required class="form-control" value="{$gallery.settings.name}" />

74
inc/modules/galleries/view/admin/manage.html
View File

@@ -2,37 +2,37 @@
<div class="col-md-8">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">{$lang.general.manage}</h3>
</div>
<h3 class="panel-title">{$lang.general.manage}</h3>
</div>
<div class="panel-body">
{if: !empty($galleries)}
<div class="table-responsive no-margin">
<table class="table table-striped no-margin">
<thead>
<tr>
<th>{$lang.general.name}</th>
<th>Tag</th>
<th class="text-right">{$lang.general.actions}</th>
</tr>
</thead>
<tbody>
{loop: $galleries}
<tr>
<td><a href="{$value.editURL}">{$value.name}</a></td>
<td><code>{$value.tag}</code></td>
<td class="text-right">
<a href="{$value.editURL}" class="btn btn-xs btn-success">
<i class="fa fa-pencil"></i> <span class="hidden-xs">{$lang.general.edit}</span>
</a>
<a href="{$value.delURL}" class="btn btn-xs btn-danger" data-confirm="{$lang.galleries.delete_confirm}">
<i class="fa fa-trash-o"></i> <span class="hidden-xs">{$lang.general.delete}</span>
</a>
</td>
</tr>
{/loop}
</tbody>
</table>
</div>
<div class="table-responsive no-margin">
<table class="table table-striped no-margin">
<thead>
<tr>
<th>{$lang.general.name}</th>
<th>Tag</th>
<th class="text-right">{$lang.general.actions}</th>
</tr>
</thead>
<tbody>
{loop: $galleries}
<tr>
<td><a href="{$value.editURL}">{$value.name}</a></td>
<td><code>{$value.tag}</code></td>
<td class="text-right">
<a href="{$value.editURL}" class="btn btn-xs btn-success">
<i class="fa fa-pencil"></i> <span class="hidden-xs">{$lang.general.edit}</span>
</a>
<a href="{$value.delURL}" class="btn btn-xs btn-danger" data-confirm="{$lang.galleries.delete_confirm}">
<i class="fa fa-trash-o"></i> <span class="hidden-xs">{$lang.general.delete}</span>
</a>
</td>
</tr>
{/loop}
</tbody>
</table>
</div>
{else}
<p class="no-margin">{$lang.general.empty_array}</p>
{/if}
@@ -43,15 +43,15 @@
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">{$lang.galleries.add_gallery}</h3>
</div>
<h3 class="panel-title">{$lang.galleries.add_gallery}</h3>
</div>
<div class="panel-body">
<form action="{?=url(ADMIN.'/galleries/add')?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" required />
</div>
<input type="submit" class="btn btn-primary" value="{$lang.general.save}" />
<form action="{?=url(ADMIN.'/galleries/add')?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" required />
</div>
<input type="submit" class="btn btn-primary" value="{$lang.general.save}" />
</form>
</div>
</div>

2
inc/modules/galleries/view/gallery.html
View File

@@ -21,6 +21,6 @@
<script>
$(document).ready(function(){
$('.gallery-{$gallery.slug}').lightbox();
$('.gallery-{$gallery.slug}').lightbox();
});
</script>

81
inc/modules/navigation/Admin.php
View File

@@ -19,9 +19,9 @@ class Admin extends AdminModule
public function navigation()
{
return [
$this->lang('manage', 'general') => 'manage',
$this->lang('add_link') => 'newLink',
$this->lang('add_nav') => 'newNav'
$this->lang('manage', 'general') => 'manage',
$this->lang('add_link') => 'newLink',
$this->lang('add_nav') => 'newNav'
];
}
@@ -64,13 +64,9 @@ class Admin extends AdminModule
public function getNewLink()
{
// lang
if (isset($_GET['lang'])) {
$lang = $_GET['lang'];
} else {
$lang = $this->settings('settings', 'lang_site');
}
$this->assign['langs'] = $this->_getLanguages($lang, 'selected');
$lang = isset($_GET['lang']) ? $_GET['lang'] : $this->settings('settings', 'lang_site');
$this->assign['langs'] = $this->_getLanguages($lang, 'selected');
$this->assign['link'] = ['name' => '', 'lang' => '', 'page' => '', 'url' => '', 'parent' => '', 'class' => ''];
// list of pages
@@ -95,13 +91,9 @@ class Admin extends AdminModule
if (!empty($row)) {
// lang
if (isset($_GET['lang'])) {
$lang = $_GET['lang'];
} else {
$lang = $row['lang'];
}
$this->assign['langs'] = $this->_getLanguages($lang, 'selected');
$lang = isset($_GET['lang']) ? $_GET['lang'] : $row['lang'];
$this->assign['langs'] = $this->_getLanguages($lang, 'selected');
$this->assign['link'] = filter_var_array($row, FILTER_SANITIZE_SPECIAL_CHARS);
// list of pages
@@ -126,47 +118,39 @@ class Admin extends AdminModule
public function postSaveLink($id = null)
{
unset($_POST['save']);
$formData = htmlspecialchars_array($_POST);
// check if it's an external link
if ($_POST['page']) {
$fields = ['name', 'page', 'lang', 'parent'];
} else {
$fields = ['name', 'url', 'lang', 'parent'];
}
$fields = $formData['page'] ? ['name', 'page', 'lang', 'parent'] : ['name', 'url', 'lang', 'parent'];
$location = $id ? url([ADMIN, 'navigation', 'editLink', $id]) : url([ADMIN, 'navigation', 'newLink']);
if (!$id) {
$location = url([ADMIN, 'navigation', 'newLink']);
} else {
$location = url([ADMIN, 'navigation', 'editLink', $id]);
}
if (checkEmptyFields($fields, $_POST)) {
if (checkEmptyFields($fields, $formData)) {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
$this->assign['form'] = filter_var_array($_POST, FILTER_SANITIZE_SPECIAL_CHARS);
$this->assign['form'] = filter_var_array($formData, FILTER_SANITIZE_SPECIAL_CHARS);
redirect($location);
}
if ($_POST['page']) {
$_POST['url'] = null;
if ($formData['page']) {
$formData['url'] = null;
}
// get parent
$parent = explode('_', $_POST['parent']);
$_POST['nav'] = $parent[0];
$_POST['parent'] = (isset($parent[1]) ? $parent[1] : 0);
$parent = explode('_', $formData['parent']);
$formData['nav'] = $parent[0];
$formData['parent'] = (isset($parent[1]) ? $parent[1] : 0);
if (!is_numeric($_POST['page'])) {
$_POST['url'] = $_POST['page'];
$_POST['page'] = 0;
if (!is_numeric($formData['page'])) {
$formData['url'] = $formData['page'];
$formData['page'] = 0;
}
if (!$id) {
$_POST['"order"'] = $this->_getHighestOrder($_POST['nav'], $_POST['parent'], $_POST['lang']) + 1;
$query = $this->db('navs_items')->save($_POST);
$formData['"order"'] = $this->_getHighestOrder($formData['nav'], $formData['parent'], $formData['lang']) + 1;
$query = $this->db('navs_items')->save($formData);
} else {
$query = $this->db('navs_items')->where($id)->save($_POST);
$query = $this->db('navs_items')->where($id)->save($formData);
if ($query) {
$query = $this->db('navs_items')->where('parent', $id)->update(['nav' => $_POST['nav']]);
$query = $this->db('navs_items')->where('parent', $id)->update(['nav' => $formData['nav']]);
}
}
@@ -227,7 +211,9 @@ class Admin extends AdminModule
*/
public function postSaveNav($id = null)
{
if (empty($_POST['name'])) {
$formData = htmlspecialchars_array($_POST);
if (empty($formData['name'])) {
if (!$id) {
redirect(url([ADMIN, 'navigation', 'newNav']));
} else {
@@ -237,7 +223,7 @@ class Admin extends AdminModule
$this->notify('failure', $this->lang('empty_inputs', 'general'));
}
$name = createSlug($_POST['name']);
$name = createSlug($formData['name']);
// check if nav already exists
if (!$this->db('navs')->where('name', $name)->count()) {
@@ -283,6 +269,7 @@ class Admin extends AdminModule
private function _getPages($lang, $selected = null)
{
$rows = $this->db('pages')->where('lang', $lang)->toArray();
if (count($rows)) {
foreach ($rows as $row) {
if ($selected == $row['id']) {
@@ -293,6 +280,7 @@ class Admin extends AdminModule
$result[] = ['id' => $row['id'], 'title' => $row['title'], 'slug' => $row['slug'], 'attr' => $attr];
}
}
return $result;
}
@@ -305,6 +293,7 @@ class Admin extends AdminModule
private function _getParents($lang, $nav = null, $page = null, $except = null)
{
$rows = $this->db('navs')->toArray();
if (count($rows)) {
foreach ($rows as &$row) {
$row['name'] = $this->tpl->noParse('{$navigation.'.$row['name'].'}');
@@ -331,6 +320,7 @@ class Admin extends AdminModule
}
}
}
return $rows;
}
@@ -358,6 +348,7 @@ class Admin extends AdminModule
$item['fullURL'] = (parse_url($item['url'], PHP_URL_SCHEME) || strpos($item['url'], '#') === 0 ? '' : '/').trim($item['url'], '/');
}
}
return $this->buildTree($items);
}
}
@@ -438,10 +429,6 @@ class Admin extends AdminModule
->desc('"order"')
->oneArray();
if (!empty($item)) {
return $item['order'];
} else {
return 0;
}
return !empty($item) ? $item['order'] : 0;
}
}

17
inc/modules/navigation/Info.php
View File

@@ -10,14 +10,13 @@
*/
return [
'name' => $core->lang['navigation']['module_name'],
'description' => $core->lang['navigation']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.1',
'compatibility' => '1.3.*',
'icon' => 'list-ul',
'install' => function () use ($core) {
'name' => $core->lang['navigation']['module_name'],
'description' => $core->lang['navigation']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.3',
'compatibility' => '1.3.*',
'icon' => 'list-ul',
'install' => function () use ($core) {
$core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `navs` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT,
`name` text NOT NULL
@@ -47,7 +46,7 @@ return [
$core->db()->pdo()->exec("INSERT INTO `navs_items` (`name`, `page`, `lang`, `nav`, `order`)
VALUES ('Kontakt', 4, 'pl_polski', 1, 3)");
},
'uninstall' => function () use ($core) {
'uninstall' => function () use ($core) {
$core->db()->pdo()->exec("DROP TABLE `navs`");
$core->db()->pdo()->exec("DROP TABLE `navs_items`");
}

2
inc/modules/navigation/Site.php
View File

@@ -29,6 +29,7 @@ class Site extends SiteModule
$homepage = $this->settings('settings', 'homepage');
$lang_prefix = $this->core->lang['name'];
if ($lang_prefix != $this->settings('settings', 'lang_site')) {
$lang_prefix = explode('_', $lang_prefix)[0];
} else {
@@ -98,6 +99,7 @@ class Site extends SiteModule
}
}
}
return false;
}
}

56
inc/modules/navigation/view/admin/form.link.html
View File

@@ -6,38 +6,38 @@
</div>
<div class="panel-body">
<form name="link" action="{?=url(ADMIN.'/navigation/saveLink/'.@$navigation.link.id)?}" method="POST">
<div class="form-group">
<label>{$lang.general.lang}</label>
<select name="lang" class="form-control">
<div class="form-group">
<label>{$lang.general.lang}</label>
<select name="lang" class="form-control">
{loop: $navigation.langs}
<option value="{$value.name}" {$value.attr}>{$value.name}</option>
{/loop}
</select>
</div>
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" value="{$navigation.link.name}" required />
</div>
<div class="form-group">
<label>{$lang.navigation.page}</label>
<select name="page" class="form-control" data-use-search="true">
</select>
</div>
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" value="{$navigation.link.name}" required />
</div>
<div class="form-group">
<label>{$lang.navigation.page}</label>
<select name="page" class="form-control" data-use-search="true">
<option value="0">--- URL ---</option>
{loop: $navigation.pages}
<option value="{$value.id}" {$value.attr}>{$value.title} ({$value.slug})</option>
{/loop}
</select>
</div>
<div class="form-group" id="url">
<label>{$lang.navigation.url}</label>
<input type="text" name="url" class="form-control" value="{$navigation.link.url}" placeholder="http://" />
</div>
</select>
</div>
<div class="form-group" id="url">
<label>{$lang.navigation.url}</label>
<input type="text" name="url" class="form-control" value="{$navigation.link.url}" placeholder="http://" />
</div>
<div class="form-group" id="class">
<label>{$lang.navigation.class}</label>
<input type="text" name="class" class="form-control" value="{$navigation.link.class}" placeholder="{$lang.general.can_be_empty}" />
</div>
<div class="form-group">
<label>{$lang.navigation.parent}</label>
<select name="parent" class="form-control">
<label>{$lang.navigation.class}</label>
<input type="text" name="class" class="form-control" value="{$navigation.link.class}" placeholder="{$lang.general.can_be_empty}" />
</div>
<div class="form-group">
<label>{$lang.navigation.parent}</label>
<select name="parent" class="form-control">
{loop: $navigation.navs}
<option value="{$value.id}" {$value.attr}>{$value.name}</option>
{if: isset($value.items)}
@@ -46,10 +46,10 @@
{/loop}
{/if}
{/loop}
</select>
</div>
<input type="submit" name="save" class="btn btn-primary" value="{$lang.general.save}" />
</form>
</select>
</div>
<input type="submit" name="save" class="btn btn-primary" value="{$lang.general.save}" />
</form>
</div>
</div>
</div>

12
inc/modules/navigation/view/admin/form.nav.html
View File

@@ -6,12 +6,12 @@
</div>
<div class="panel-body">
<form name="menu" action="{?=url(ADMIN.'/navigation/saveNav/'.@$navigation.id)?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" value="{$navigation.name}" required />
</div>
<input type="submit" name="save" class="btn btn-primary" value="{$lang.general.save}" />
</form>
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" value="{$navigation.name}" required />
</div>
<input type="submit" name="save" class="btn btn-primary" value="{$lang.general.save}" />
</form>
</div>
</div>
</div>

4
inc/modules/navigation/view/admin/manage.html
View File

@@ -10,7 +10,7 @@
</ul>
</div>
<div class="panel-body">
{if: isset($navigation.navs)}
{if: isset($navigation.navs)}
{loop: $navigation.navs}
<div class="table-responsive">
<table class="table table-striped no-margin">
@@ -61,7 +61,7 @@
</table>
</div>
{/loop}
{/if}
{/if}
</div>
</div>
</div>

29
inc/modules/snippets/Admin.php
View File

@@ -18,8 +18,8 @@ class Admin extends AdminModule
public function navigation()
{
return [
$this->lang('manage', 'general') => 'manage',
$this->lang('add') => 'add',
$this->lang('manage', 'general') => 'manage',
$this->lang('add') => 'add',
];
}
@@ -61,7 +61,6 @@ class Admin extends AdminModule
if ($id === null) {
$row = ['name' => isset_or($assign['name'], null), 'content' => isset_or($assign['content'], null)];
$assign['title'] = $this->lang('add');
} elseif (!empty($row = $this->db('snippets')->oneArray($id))) {
$assign['title'] = $this->lang('edit');
@@ -74,6 +73,7 @@ class Admin extends AdminModule
$assign['content'] = [];
preg_match_all("/{lang: ([a-z]{2}_[a-z]+)}(.*?){\/lang}/ms", $row['content'], $matches);
foreach ($matches[1] as $key => $value) {
$assign['content'][trim($value)] = $this->tpl->noParse(trim($matches[2][$key]));
}
@@ -103,8 +103,9 @@ class Admin extends AdminModule
public function postSave($id = null)
{
unset($_POST['save']);
$formData = htmlspecialchars_array($_POST);
if (checkEmptyFields(['name'], $_POST)) {
if (checkEmptyFields(['name'], $formData)) {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
if (!$id) {
@@ -114,20 +115,20 @@ class Admin extends AdminModule
}
}
$_POST['name'] = trim($_POST['name']);
$_POST['slug'] = createSlug($_POST['name']);
$formData['name'] = trim($formData['name']);
$formData['slug'] = createSlug($formData['name']);
$tmp = null;
foreach ($_POST['content'] as $lang => $content) {
foreach ($formData['content'] as $lang => $content) {
$tmp .= "{lang: $lang}".$content."{/lang}";
}
$_POST['content'] = $tmp;
$formData['content'] = $tmp;
if ($id === null) { // new
$location = url([ADMIN, 'snippets', 'add']);
if (!$this->db('snippets')->where('slug', $_POST['slug'])->count()) {
if ($this->db('snippets')->save($_POST)) {
if (!$this->db('snippets')->where('slug', $formData['slug'])->count()) {
if ($this->db('snippets')->save($formData)) {
$location = url([ADMIN, 'snippets', 'edit', $this->db()->lastInsertId()]);
$this->notify('success', $this->lang('save_success'));
} else {
@@ -137,8 +138,8 @@ class Admin extends AdminModule
$this->notify('failure', $this->lang('already_exists'));
}
} else { // edit
if (!$this->db('snippets')->where('slug', $_POST['slug'])->where('id', '<>', $id)->count()) {
if ($this->db('snippets')->where($id)->save($_POST)) {
if (!$this->db('snippets')->where('slug', $formData['slug'])->where('id', '<>', $id)->count()) {
if ($this->db('snippets')->where($id)->save($formData)) {
$this->notify('success', $this->lang('save_success'));
} else {
$this->notify('failure', $this->lang('save_failure'));
@@ -146,11 +147,11 @@ class Admin extends AdminModule
} else {
$this->notify('failure', $this->lang('already_exists'));
}
$location = url([ADMIN, 'snippets', 'edit', $id]);
}
redirect($location, $_POST);
redirect($location, $formData);
}
/**

17
inc/modules/snippets/Info.php
View File

@@ -10,14 +10,13 @@
*/
return [
'name' => $core->lang['snippets']['module_name'],
'description' => $core->lang['snippets']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.1',
'compatibility' => '1.3.*',
'icon' => 'puzzle-piece',
'install' => function () use ($core) {
'name' => $core->lang['snippets']['module_name'],
'description' => $core->lang['snippets']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.2',
'compatibility' => '1.3.*',
'icon' => 'puzzle-piece',
'install' => function () use ($core) {
$core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `snippets` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT,
`name` text NOT NULL,
@@ -25,7 +24,7 @@ return [
`content` text NOT NULL
)");
},
'uninstall' => function () use ($core) {
'uninstall' => function () use ($core) {
$core->db()->pdo()->exec("DROP TABLE `snippets`");
}
];

85
inc/modules/users/Admin.php
View File

@@ -20,8 +20,8 @@ class Admin extends AdminModule
public function navigation()
{
return [
$this->lang('manage', 'general') => 'manage',
$this->lang('add_new') => 'add'
$this->lang('manage', 'general') => 'manage',
$this->lang('add_new') => 'add'
];
}
@@ -31,10 +31,12 @@ class Admin extends AdminModule
public function getManage()
{
$rows = $this->db('users')->toArray();
foreach ($rows as &$row) {
if (empty($row['fullname'])) {
$row['fullname'] = '----';
}
$row['editURL'] = url([ADMIN, 'users', 'edit', $row['id']]);
$row['delURL'] = url([ADMIN, 'users', 'delete', $row['id']]);
}
@@ -50,10 +52,14 @@ class Admin extends AdminModule
if (!empty($redirectData = getRedirectData())) {
$this->assign['form'] = filter_var_array($redirectData, FILTER_SANITIZE_STRING);
} else {
$this->assign['form'] = ['username' => '', 'email' => '', 'fullname' => '', 'description' => ''];
$this->assign['form'] = [
'username' => '',
'email' => '',
'fullname' => '',
'description' => ''
];
}
$this->assign['title'] = $this->lang('new_user');
$this->assign['modules'] = $this->_getModules('all');
$this->assign['avatarURL'] = url(MODULES.'/users/img/default.png');
@@ -86,23 +92,20 @@ class Admin extends AdminModule
public function postSave($id = null)
{
$errors = 0;
$formData = htmlspecialchars_array($_POST);
// location to redirect
if (!$id) {
$location = url([ADMIN, 'users', 'add']);
} else {
$location = url([ADMIN, 'users', 'edit', $id]);
}
$location = $id ? url([ADMIN, 'users', 'edit', $id]) : url([ADMIN, 'users', 'add']);
// admin
if ($id == 1) {
$_POST['access'] = ['all'];
$formData['access'] = ['all'];
}
// check if required fields are empty
if (checkEmptyFields(['username', 'email', 'access'], $_POST)) {
if (checkEmptyFields(['username', 'email', 'access'], $formData)) {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
redirect($location, $_POST);
redirect($location, $formData);
}
// check if user already exists
@@ -110,33 +113,37 @@ class Admin extends AdminModule
$errors++;
$this->notify('failure', $this->lang('user_already_exists'));
}
// chech if e-mail adress is correct
$_POST['email'] = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
// check if e-mail adress is correct
$formData['email'] = filter_var($formData['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($formData['email'], FILTER_VALIDATE_EMAIL)) {
$errors++;
$this->notify('failure', $this->lang('wrong_email'));
}
// check if password is longer than 5 characters
if (isset($_POST['password']) && strlen($_POST['password']) < 5) {
if (isset($formData['password']) && strlen($formData['password']) < 5) {
$errors++;
$this->notify('failure', $this->lang('too_short_pswd'));
}
// access to modules
if ((count($_POST['access']) == count($this->_getModules())) || ($id == 1)) {
$_POST['access'] = 'all';
if ((count($formData['access']) == count($this->_getModules())) || ($id == 1)) {
$formData['access'] = 'all';
} else {
$_POST['access'][] = 'dashboard';
$_POST['access'] = implode(',', $_POST['access']);
$formData['access'][] = 'dashboard';
$formData['access'] = implode(',', $formData['access']);
}
// CREATE / EDIT
if (!$errors) {
unset($_POST['save']);
unset($formData['save']);
if (!empty($_POST['password'])) {
$_POST['password'] = password_hash($_POST['password'], PASSWORD_BCRYPT);
if (!empty($formData['password'])) {
$formData['password'] = password_hash($formData['password'], PASSWORD_BCRYPT);
}
// user avatar
if (($photo = isset_or($_FILES['photo']['tmp_name'], false)) || !$id) {
$img = new \Inc\Core\Lib\Image;
@@ -158,14 +165,14 @@ class Admin extends AdminModule
$user = $this->db('users')->oneArray($id);
}
$_POST['avatar'] = uniqid('avatar').".".$img->getInfos('type');
$formData['avatar'] = uniqid('avatar').".".$img->getInfos('type');
}
}
if (!$id) { // new
$query = $this->db('users')->save($_POST);
} else { // edit
$query = $this->db('users')->where('id', $id)->save($_POST);
if (!$id) { // new
$query = $this->db('users')->save($formData);
} else { // edit
$query = $this->db('users')->where('id', $id)->save($formData);
}
if ($query) {
@@ -174,18 +181,18 @@ class Admin extends AdminModule
unlink(UPLOADS."/users/".$user['avatar']);
}
$img->save(UPLOADS."/users/".$_POST['avatar']);
$img->save(UPLOADS."/users/".$formData['avatar']);
}
$this->notify('success', $this->lang('save_success'));
} else {
$this->notify('failure', $this->lang('save_failure'));
}
redirect($location);
}
redirect($location, $_POST);
redirect($location, $formData);
}
/**
@@ -198,7 +205,7 @@ class Admin extends AdminModule
if (!empty($user['avatar'])) {
unlink(UPLOADS."/users/".$user['avatar']);
}
$this->notify('success', $this->lang('delete_success'));
} else {
$this->notify('failure', $this->lang('delete_failure'));
@@ -215,12 +222,7 @@ class Admin extends AdminModule
{
$result = [];
$rows = $this->db('modules')->toArray();
if (!$access) {
$accessArray = [];
} else {
$accessArray = explode(',', $access);
}
$accessArray = $access ? explode(',', $access) : [];
foreach ($rows as $row) {
if ($row['dir'] != 'dashboard') {
@@ -252,10 +254,7 @@ class Admin extends AdminModule
} else { // edit
$count = $this->db('users')->where('username', $_POST['username'])->where('id', '<>', $id)->count();
}
if ($count > 0) {
return true;
} else {
return false;
}
return $count > 0;
}
}

25
inc/modules/users/Info.php
View File

@@ -10,14 +10,13 @@
*/
return [
'name' => $core->lang['users']['module_name'],
'description' => $core->lang['users']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.1',
'compatibility' => '1.3.*',
'icon' => 'user',
'install' => function () use ($core) {
'name' => $core->lang['users']['module_name'],
'description' => $core->lang['users']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.2',
'compatibility' => '1.3.*',
'icon' => 'user',
'install' => function () use ($core) {
$core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `users` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT,
`username` text NOT NULL,
@@ -31,9 +30,9 @@ return [
)");
$core->db()->pdo()->exec("CREATE TABLE `login_attempts` (
`ip` TEXT NOT NULL,
`attempts` INTEGER NOT NULL,
`expires` INTEGER NOT NULL DEFAULT 0
`ip` TEXT NOT NULL,
`attempts` INTEGER NOT NULL,
`expires` INTEGER NOT NULL DEFAULT 0
)");
$core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `remember_me` (
@@ -42,7 +41,7 @@ return [
`user_id` integer NOT NULL REFERENCES users(id) ON DELETE CASCADE,
`expiry` integer NOT NULL
)");
$avatar = uniqid('avatar').'.png';
$core->db()->pdo()->exec('INSERT INTO `users` (`username`, `fullname`, `description`, `password`, `avatar`, `email`, `role`, `access`)
VALUES ("admin", "Selina Kyle", "My name is Selina Kyle but I speak for Catwoman… A mon who can offer you a path. Someone like you is only here by choice. You have been exploring the criminal fraternity but whatever your original intentions you have to become truly lost.", "$2y$10$pgRnDiukCbiYVqsamMM3ROWViSRqbyCCL33N8.ykBKZx0dlplXe9i", "'.$avatar.'", "admin@localhost", "admin", "all")');
@@ -53,7 +52,7 @@ return [
copy(MODULES.'/users/img/default.png', UPLOADS.'/users/'.$avatar);
},
'uninstall' => function () use ($core) {
'uninstall' => function () use ($core) {
$core->db()->pdo()->exec("DROP TABLE `users`");
$core->db()->pdo()->exec("DROP TABLE `login_attempts`");
$core->db()->pdo()->exec("DROP TABLE `remember_me`");

1
inc/modules/users/Site.php
View File

@@ -25,6 +25,7 @@ class Site extends SiteModule
$result[$value['id']] = $users[$key];
$result[$value['id']]['avatar'] = url('uploads/users/' . $value['avatar']);
}
return $result;
});
}

108
inc/modules/users/view/admin/form.html
View File

@@ -5,46 +5,46 @@
<h3 class="panel-title">{$users.title}</h3>
</div>
<div class="panel-body">
<form name="user" action="{?=url(ADMIN.'/users/save/'.@$users.form.id)?}" method="POST" enctype="multipart/form-data">
<fieldset>
<div class="form-group">
<label>{$lang.general.username}</label>
<input type="text" name="username" class="form-control" required value="{$users.form.username}" />
</div>
<div class="form-group">
<label>{$lang.users.display_name}</label>
<input type="text" name="fullname" class="form-control" placeholder="{$lang.general.can_be_empty}" value="{$users.form.fullname}" />
</div>
<div class="form-group">
<label>{$lang.users.photo}</label>
<div>
<img src="{$users.avatarURL}" width="96" height="96" class="img-thumbnail" id="photoPreview" style="cursor:pointer;" onclick="$('input[name=photo]').click()" />
<input type="file" name="photo" class="form-control hidden" />
</div>
</div>
<div class="form-group">
<label>{$lang.users.description}</label>
<textarea class="form-control" name="description" placeholder="{$lang.general.can_be_empty}" rows="6">{$users.form.description}</textarea>
</div>
<div class="form-group">
<label>{$lang.users.email}</label>
<input type="email" name="email" class="form-control" required value="{$users.form.email}" />
</div>
<div class="form-group">
<label>{$lang.general.password} {if: isset($users.form.id)}<a href="#" id="passwordChange" class="btn btn-default btn-xs">{$lang.general.change}</a>{/if}</label>
<input type="password" name="password" class="form-control" pattern=".{5,}" title="{$lang.users.too_short_pswd}" {if: isset($users.form.id)}value="********" placeholder="{$lang.users.new_password}" disabled {else}required{/if}/>
</div>
<div class="form-group">
<label>{$lang.users.access}</label>
<select name="access[]" multiple class="form-control" data-keep-open="true" data-use-dimmer="false" data-options-height="126px" {if: isset_or($users.form.id, 0) == 1}disabled{/if} required>
{loop: $users.modules}
<option value="{$value.dir}" data-left="<i class='fa fa-{$value.icon}'></i>" {$value.attr}>{$value.name}</option>
{/loop}
</select>
</div>
<div class="form-group">
<input type="submit" name="save" class="btn btn-primary" value="{$lang.general.save}" />
</div>
<form name="user" action="{?=url(ADMIN.'/users/save/'.@$users.form.id)?}" method="POST" enctype="multipart/form-data">
<fieldset>
<div class="form-group">
<label>{$lang.users.photo}</label>
<div>
<img src="{$users.avatarURL}" width="96" height="96" class="img-thumbnail" id="photoPreview" style="cursor:pointer;" onclick="$('input[name=photo]').click()" />
<input type="file" name="photo" class="form-control hidden" />
</div>
</div>
<div class="form-group">
<label>{$lang.general.username}</label>
<input type="text" name="username" class="form-control" required value="{$users.form.username}" />
</div>
<div class="form-group">
<label>{$lang.users.display_name}</label>
<input type="text" name="fullname" class="form-control" placeholder="{$lang.general.can_be_empty}" value="{$users.form.fullname}" />
</div>
<div class="form-group">
<label>{$lang.users.email}</label>
<input type="email" name="email" class="form-control" required value="{$users.form.email}" />
</div>
<div class="form-group">
<label>{$lang.general.password} {if: isset($users.form.id)}<a href="#" id="passwordChange" class="btn btn-default btn-xs">{$lang.general.change}</a>{/if}</label>
<input type="password" name="password" class="form-control" pattern=".{5,}" title="{$lang.users.too_short_pswd}" {if: isset($users.form.id)}value="********" placeholder="{$lang.users.new_password}" disabled {else}required{/if}/>
</div>
<div class="form-group">
<label>{$lang.users.description}</label>
<textarea class="form-control" name="description" placeholder="{$lang.general.can_be_empty}" rows="3">{$users.form.description}</textarea>
</div>
<div class="form-group">
<label>{$lang.users.access}</label>
<select name="access[]" multiple class="form-control" data-keep-open="true" data-use-dimmer="false" data-options-height="126px" {if: isset_or($users.form.id, 0) == 1}disabled{/if} required>
{loop: $users.modules}
<option value="{$value.dir}" data-left="<i class='fa fa-{$value.icon}'></i>" {$value.attr}>{$value.name}</option>
{/loop}
</select>
</div>
<div class="form-group">
<input type="submit" name="save" class="btn btn-primary" value="{$lang.general.save}" />
</div>
</fieldset>
</form>
</div>
@@ -53,19 +53,19 @@
</article>
<script>
// Avatar
var reader = new FileReader();
reader.addEventListener("load", function() {
$("#photoPreview").attr('src', reader.result);
}, false);
$("input[name=photo]").change(function() {
reader.readAsDataURL(this.files[0]);
});
// Avatar
var reader = new FileReader();
reader.addEventListener("load", function() {
$("#photoPreview").attr('src', reader.result);
}, false);
$("input[name=photo]").change(function() {
reader.readAsDataURL(this.files[0]);
});
// Password
$("#passwordChange").on("click", function() {
$("input[name=password]").val("").attr('disabled', false);
$(this).remove();
return false;
})
// Password
$("#passwordChange").on("click", function() {
$("input[name=password]").val("").attr('disabled', false);
$(this).remove();
return false;
})
</script>

58
inc/modules/users/view/admin/manage.html
View File

@@ -5,35 +5,35 @@
<h3 class="panel-title">{$lang.general.manage}</h3>
</div>
<div class="panel-body">
<div class="table-responsive no-margin">
<table class="table table-striped no-margin">
<thead>
<tr>
<th>{$lang.general.username}</th>
<th>{$lang.users.display_name}</th>
<th>{$lang.users.email}</th>
<th class="text-right">{$lang.general.actions}</th>
</tr>
</thead>
<tbody>
{loop: $users}
<tr>
<td><a href="{$value.editURL}">{$value.username}</a></td>
<td>{$value.fullname}</td>
<td>{$value.email}</td>
<td class="text-right">
<a href="{$value.editURL}" class="btn btn-xs btn-success">
<i class="fa fa-pencil"></i> <span class="hidden-xs">{$lang.general.edit}</span>
</a>
<a href="{$value.delURL}" class="btn btn-xs btn-danger {if: $value.id==1 || $value.id==$myId}disabled{/if}" data-confirm="{$lang.users.delete_confirm}">
<i class="fa fa-trash-o"></i> <span class="hidden-xs">{$lang.general.delete}</span>
</a>
</td>
</tr>
{/loop}
</tbody>
</table>
</div>
<div class="table-responsive no-margin">
<table class="table table-striped no-margin">
<thead>
<tr>
<th>{$lang.general.username}</th>
<th>{$lang.users.display_name}</th>
<th>{$lang.users.email}</th>
<th class="text-right">{$lang.general.actions}</th>
</tr>
</thead>
<tbody>
{loop: $users}
<tr>
<td><a href="{$value.editURL}">{$value.username}</a></td>
<td>{$value.fullname}</td>
<td>{$value.email}</td>
<td class="text-right">
<a href="{$value.editURL}" class="btn btn-xs btn-success">
<i class="fa fa-pencil"></i> <span class="hidden-xs">{$lang.general.edit}</span>
</a>
<a href="{$value.delURL}" class="btn btn-xs btn-danger {if: $value.id==1 || $value.id==$myId}disabled{/if}" data-confirm="{$lang.users.delete_confirm}">
<i class="fa fa-trash-o"></i> <span class="hidden-xs">{$lang.general.delete}</span>
</a>
</td>
</tr>
{/loop}
</tbody>
</table>
</div>
</div>
</div>
</div>