Bug fixes

This commit is contained in:
Diego Najar 2018-07-28 18:33:37 +02:00
parent 710d7d3c67
commit bb481498be
24 changed files with 171 additions and 73 deletions

1
.gitignore vendored
View file

@ -8,3 +8,4 @@ bl-plugins/discovery
bl-kernel/bludit.pro.php
bl-themes/docs
bl-themes/docsx
bl-themes/mediumish

View file

@ -4,7 +4,7 @@
// Check role
// ============================================================================
checkRole(array('admin', 'moderator'));
checkRole(array('admin', 'editor'));
// ============================================================================
// Functions

View file

@ -4,7 +4,7 @@
// Check role
// ============================================================================
if (!checkRole(array('admin','moderator'), false)) {
if (!checkRole(array('admin','editor'), false)) {
try {
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
$page = new PageX($pageKey);

View file

@ -31,6 +31,7 @@ function checkLogin($args)
Redirect::home();
}
// Other user without the role reader redirect to dashboard
Redirect::page('dashboard');
return true;
}
@ -40,7 +41,6 @@ function checkLogin($args)
// Create alert
Alert::set($Language->g('Username or password incorrect'), ALERT_STATUS_FAIL);
return false;
}

View file

@ -4,7 +4,7 @@
// Check role
// ============================================================================
checkRole(array('admin', 'moderator', 'editor'));
checkRole(array('admin', 'editor'));
// ============================================================================
// Functions

View file

@ -16,6 +16,13 @@
<a class="nav-link" href="<?php echo HTML_PATH_ADMIN_ROOT.'new-content' ?>"><span class="oi oi-plus"></span><?php $L->p('New content') ?></a>
</li>
<?php if (checkRole(array('editor'),false)): ?>
<li class="nav-item">
<a class="nav-link" href="<?php echo HTML_PATH_ADMIN_ROOT.'content' ?>"><span class="oi oi-layers"></span><?php $L->p('Content') ?></a>
</li>
<?php endif; ?>
<?php if (checkRole(array('admin'),false)): ?>
<li class="nav-item mt-3">
@ -24,6 +31,7 @@
<li class="nav-item">
<a class="nav-link" href="<?php echo HTML_PATH_ADMIN_ROOT.'content' ?>"><?php $L->p('Content') ?></a>
</li>
<li class="nav-item">
<a class="nav-link" href="<?php echo HTML_PATH_ADMIN_ROOT.'categories' ?>"><?php $L->p('Categories') ?></a>
</li>
@ -57,7 +65,6 @@
}
}
?>
<?php endif; ?>
<li class="nav-item mt-5">

View file

@ -57,9 +57,9 @@ function table($type) {
<table class="table mt-3">
<thead>
<tr>
<th class="border-0" scope="col">'.$Language->g('Title').'</th>
<th class="border-0 d-none d-lg-table-cell" scope="col">'.$Language->g('URL').'</th>
<th class="border-0 text-center d-none d-sm-table-cell" scope="col">'.( ((ORDER_BY=='position') || ($type!='published'))?$Language->g('Position'):$Language->g('Creation date')).'</th>
<th style="font-size: 0.8em;" class="border-0 text-uppercase text-muted" scope="col">'.$Language->g('Title').'</th>
<th style="font-size: 0.8em;" class="border-0 d-none d-lg-table-cell text-uppercase text-muted" scope="col">'.$Language->g('URL').'</th>
<th style="font-size: 0.8em;" class="border-0 text-center d-none d-sm-table-cell text-uppercase text-muted" scope="col">Actions</th>
</tr>
</thead>
<tbody>
@ -111,16 +111,24 @@ function table($type) {
try {
$page = new PageX($pageKey);
echo '<tr>';
echo '<td>
<a href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'
.($page->title()?$page->title():'<span class="label-empty-title">'.$Language->g('Empty title').'</span> ')
.'</a>
echo '<td class="pt-3">
<div>
<a style="font-size: 1.1em" href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">'
.($page->title()?$page->title():'<span class="label-empty-title">'.$Language->g('Empty title').'</span> ')
.'</a>
</div>
<div>
<p style="font-size: 0.8em" class="m-0 text-uppercase text-muted">'.( ((ORDER_BY=='position') || ($type!='published'))?'Position: '.$page->position():$page->relativeTime() ).'</p>
</div>
</td>';
$friendlyURL = Text::isEmpty($url->filters('page')) ? '/'.$page->key() : '/'.$url->filters('page').'/'.$page->key();
echo '<td class="d-none d-lg-table-cell"><a target="_blank" href="'.$page->permalink().'">'.$friendlyURL.'</a></td>';
echo '<td class="pt-3 d-none d-lg-table-cell"><a target="_blank" href="'.$page->permalink().'">'.$friendlyURL.'</a></td>';
echo '<td class="text-center d-none d-sm-table-cell">'.( ((ORDER_BY=='position') || ($type!='published'))?$page->position():$page->dateRaw(ADMIN_PANEL_DATE_FORMAT) ).'</td>';
echo '<td class="pt-3 text-center d-none d-sm-table-cell">'.PHP_EOL;
echo '<a type="button" class="btn btn-secondary btn-sm" href="'.HTML_PATH_ADMIN_ROOT.'edit-content/'.$page->key().'">Edit</a>'.PHP_EOL;
echo '<button type="button" class="btn btn-secondary btn-sm deletePageButton" data-toggle="modal" data-target="#jsdeletePageModal" data-key="'.$page->key().'"><span class="oi oi-trash"></span> Delete</button>'.PHP_EOL;
echo '</td>';
echo '</tr>';
} catch (Exception $e) {
@ -160,6 +168,7 @@ function table($type) {
<div class="tab-pane show active" id="pages" role="tabpanel">
<?php table('published'); ?>
<?php if (Paginator::amountOfPages() > 1): ?>
<!-- Paginator -->
<nav class="paginator">
<ul class="pagination flex-wrap justify-content-center">
@ -186,6 +195,7 @@ function table($type) {
</ul>
</nav>
<?php endif; ?>
</div>
<!-- TABS STATIC -->
@ -208,3 +218,49 @@ function table($type) {
<?php table('draft'); ?>
</div>
</div>
<!-- Modal for delete page -->
<?php echo Bootstrap::modal(array(
'modalId'=>'jsdeletePageModal',
'modalTitle'=>'Delete content',
'modalText'=>'Are you sure you ?',
'buttonPrimary'=>'Delete',
'buttonPrimaryClass'=>'deletePageModalAcceptButton',
'buttonSecondary'=>'Cancel',
'buttonSecondaryClass'=>''
));
?>
<script>
$(document).ready(function() {
var key = false;
// Button for delete a page in the table
$(".deletePageButton").on("click", function() {
key = $(this).data('key');
});
// Event from button accept from the modal
$(".deletePageModalAcceptButton").on("click", function() {
var form = jQuery('<form>', {
'action': HTML_PATH_ADMIN_ROOT+'edit-content/'+key,
'method': 'post',
'target': '_top'
}).append(jQuery('<input>', {
'type': 'hidden',
'name': 'tokenCSRF',
'value': tokenCSRF
}).append(jQuery('<input>', {
'type': 'hidden',
'name': 'key',
'value': key
}).append(jQuery('<input>', {
'type': 'hidden',
'name': 'type',
'value': 'delete'
}))));
form.hide().appendTo("body").submit();
});
});
</script>

View file

@ -138,10 +138,20 @@
<button type="button" class="jsbuttonSave btn btn-primary btn-sm"><?php echo ($page->draft()?$L->g('Publish'):$L->g('Update')) ?></button>
<button type="button" class="jsbuttonDraft btn btn-secondary btn-sm"><?php echo $L->g('Save as draft') ?></button>
</div>
<h4 class="mt-4 mb-4 font-weight-normal">Cover Image</h4>
<h4 class="mt-4 mb-4 font-weight-normal">General</h4>
</div>
<?php
// Username
echo Bootstrap::formInputText(array(
'name'=>'',
'label'=>'User',
'placeholder'=>'',
'value'=>$page->username(),
'tip'=>'',
'disabled'=>true
));
// Date
echo Bootstrap::formInputText(array(
'name'=>'date',

View file

@ -1,9 +1,19 @@
<?php defined('BLUDIT') or die('Bludit CMS.');
echo Bootstrap::pageTitle(array('title'=>$L->g('Edit user'), 'icon'=>'person'));
echo Bootstrap::formOpen(array());
echo '
<div>
<div class="float-right">
<button type="submit" class="btn btn-primary btn-sm" name="save">'.$L->g('Save').'</button>
<a class="btn btn-secondary btn-sm" href="'.HTML_PATH_ADMIN_ROOT.'users" role="button">'.$L->g('Cancel').'</a>
</div>
<h2 class="mt-0 mb-3">
<span class="oi oi-person" style="font-size: 0.7em;"></span> Edit user
</h2>
</div>
';
echo Bootstrap::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$security->getTokenCSRF()
@ -28,7 +38,7 @@ echo Bootstrap::formOpen(array());
echo Bootstrap::formSelect(array(
'name'=>'role',
'label'=>$L->g('Role'),
'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'admin'=>$L->g('Administrator')),
'selected'=>$user->role(),
'class'=>'',
'tip'=>''
@ -46,6 +56,15 @@ echo Bootstrap::formOpen(array());
echo Bootstrap::formTitle(array('title'=>$L->g('Profile')));
echo Bootstrap::formInputText(array(
'name'=>'nickname',
'label'=>$L->g('Nickname'),
'value'=>$user->nickname(),
'class'=>'',
'placeholder'=>'',
'tip'=>'The nickname is almost used in the themes to display the author of the content'
));
echo Bootstrap::formInputText(array(
'name'=>'firstName',
'label'=>$L->g('First Name'),

View file

@ -41,7 +41,7 @@ echo Bootstrap::formOpen(array());
echo Bootstrap::formSelect(array(
'name'=>'role',
'label'=>$L->g('Role'),
'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'moderator'=>$L->g('Moderator'), 'admin'=>$L->g('Administrator')),
'options'=>array('reader'=>$L->g('Reader'), 'editor'=>$L->g('Editor'), 'admin'=>$L->g('Administrator')),
'selected'=>'reader',
'class'=>'',
'tip'=>''

View file

@ -36,8 +36,6 @@ foreach ($list as $username) {
echo '<td>'.($user->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>';
if ($user->role()=='admin') {
echo '<td>'.$L->g('Administrator').'</td>';
} elseif ($user->role()=='moderator') {
echo '<td>'.$L->g('Moderator').'</td>';
} elseif ($user->role()=='editor') {
echo '<td>'.$L->g('Editor').'</td>';
} else {

View file

@ -21,4 +21,4 @@ exit (json_encode(array(
)));
?>
?>

View file

@ -16,15 +16,15 @@
// POST Method
// ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$token = isset($_POST['tokenCSRF']) ? Sanitize::html($_POST['tokenCSRF']) : false;
if( !$security->validateTokenCSRF($token) ) {
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF. Token CSRF ID: '.$token);
if (!$security->validateTokenCSRF($token)) {
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL);
Log::set(__FILE__.LOG_SEP.'Token via POST ['.$token.']', ALERT_STATUS_FAIL);
Session::destroy();
Redirect::page('login');
}
else {
} else {
unset( $_POST['tokenCSRF'] );
}
}

View file

@ -57,7 +57,9 @@ class dbPages extends dbJSON {
// Check values on args and set default values if not exists
foreach ($this->dbFields as $field=>$value) {
if (isset($args[$field])) {
if ($field=='tags') {
$finalValue = $this->generateTags($args['tags']);
} elseif (isset($args[$field])) {
// Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]);
} else {
@ -100,11 +102,6 @@ class dbPages extends dbJSON {
$row['uuid'] = $this->generateUUID();
}
// Tags
if (!empty($row['tags'])) {
$row['tags'] = $this->generateTags($args['tags']);
}
// Validate date
if (!Valid::date($row['date'], DB_DATE_FORMAT)) {
$row['date'] = Date::current(DB_DATE_FORMAT);
@ -150,7 +147,9 @@ class dbPages extends dbJSON {
// Check values on args or set default values
foreach ($this->dbFields as $field=>$value) {
if (isset($args[$field])) {
if ($field=='tags') {
$finalValue = $this->generateTags($args['tags']);
} elseif (isset($args[$field])) {
// Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]);
} else {
@ -794,23 +793,17 @@ class dbPages extends dbJSON {
public function generateTags($tags)
{
$tmp = array();
$tags = trim($tags);
if(empty($tags)) {
if (empty($tags)) {
return $tmp;
}
// Make array
$tags = explode(',', $tags);
foreach($tags as $tag)
{
foreach ($tags as $tag) {
$tag = trim($tag);
$tagKey = Text::cleanUrl($tag);
$tmp[$tagKey] = $tag;
}
return $tmp;
}

View file

@ -5,7 +5,8 @@ class dbUsers extends dbJSON {
public $dbFields = array(
'firstName'=>'',
'lastName'=>'',
'role'=>'editor', // admin, moderator, editor, reader
'nickname'=>'',
'role'=>'editor', // admin, editor, reader
'password'=>'',
'salt'=>'!Pink Floyd!Welcome to the machine!',
'email'=>'',

View file

@ -4,8 +4,11 @@ class Log {
public static function set($text, $type=LOG_TYPE_INFO)
{
$messageType = 0;
if (!DEBUG_MODE) {
return false;
}
$messageType = 0;
if (is_array($text) ) {
error_log('------------------------', $messageType);
error_log('Array', $messageType);

View file

@ -137,6 +137,11 @@ class Theme {
return '<meta name="viewport" content="'.$content.'">'.PHP_EOL;
}
public static function src($file, $base=DOMAIN_THEME)
{
return $base.$file;
}
public static function css($files, $base=DOMAIN_THEME)
{
if( !is_array($files) ) {

View file

@ -20,7 +20,7 @@ class bluditAjax {
title: title,
content: content
},
url: "<?php echo HTML_PATH_ADMIN_ROOT ?>ajax/save-as-draft"
url: HTML_PATH_ADMIN_ROOT+"ajax/save-as-draft"
});
ajaxRequest.done(function (response, textStatus, jqXHR) {
@ -52,7 +52,7 @@ class bluditAjax {
data: {
tokenCSRF: tokenCSRF // token from env variables
},
url: "<?php echo HTML_PATH_ADMIN_ROOT ?>ajax/user-logged"
url: HTML_PATH_ADMIN_ROOT+"ajax/user-logged"
});
ajaxRequest.done(function (response, textStatus, jqXHR) {
@ -82,7 +82,7 @@ class bluditAjax {
parentKey: parentKey,
currentKey: currentKey
},
url: "<?php echo HTML_PATH_ADMIN_ROOT.'ajax/generate-slug' ?>"
url: HTML_PATH_ADMIN_ROOT+"ajax/generate-slug"
});
ajaxRequest.done(function (response, textStatus, jqXHR) {

View file

@ -44,7 +44,7 @@ class Login {
}
}
Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. Current fingerPrint: '.Session::get('fingerPrint').' !== Current fingerPrint: '.$this->fingerPrint());
Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. ['.Session::get('fingerPrint').'] != ['.$this->fingerPrint().']');
return false;
}
@ -56,7 +56,7 @@ class Login {
Session::set('fingerPrint', $this->fingerPrint());
Session::set('sessionTime', time());
Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint: '.$this->fingerPrint());
Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint ['.$this->fingerPrint().']');
}
public function setRememberMe($username)
@ -113,7 +113,7 @@ class Login {
$passwordHash = $this->dbUsers->generatePasswordHash($password, $user->salt());
if ($passwordHash===$user->password()) {
$this->setLogin($username, $user->role());
Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username);
Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username ['.$username.']');
return true;
}

View file

@ -205,12 +205,19 @@ class PageX {
return false;
}
// Returns the user object
public function user()
// Returns the user object or passing the method returns the object User method
public function user($method=false)
{
global $dbUsers;
$username = $this->username();
return $dbUsers->getUser($username);
try {
$user = new User($username);
if ($method) {
return $user->{$method}();
}
return $user;
} catch (Exception $e) {
return false;
}
}
public function template()
@ -226,23 +233,22 @@ class PageX {
// Returns the tags separated by comma
// (boolean) $returnsArray, TRUE to get the tags as an array, FALSE to get the tags separeted by comma
// The tags in array format returns array( tagKey => tagName )
public function tags($returnsArray=false)
{
$tags = $this->getValue('tags');
if($returnsArray) {
if($tags==false) {
if ($returnsArray) {
if (empty($tags)) {
return array();
}
return $tags;
}
else {
if($tags==false) {
return false;
}
// Return string with tags separeted by comma.
return implode(', ', $tags);
if (empty($tags)) {
return '';
}
// Return string with tags separeted by comma.
return implode(', ', $tags);
}
public function json($returnsArray=false)

View file

@ -22,7 +22,7 @@ class Security extends dbJSON
{
$token = sha1( uniqid().time() );
Session::set('tokenCSRF', $token);
Log::set('New Token CSRF: '.$token);
Log::set(__METHOD__.LOG_SEP.'New Token CSRF ['.$token.']');
}
// Validate the token

View file

@ -118,15 +118,13 @@ class Url
return $this->uri;
}
// Return the filter used
// Return the filter filter by type
public function filters($type, $trim=true)
{
$filter = $this->filters[$type];
if($trim) {
if ($trim) {
$filter = trim($filter, '/');
}
return $filter;
}

View file

@ -49,6 +49,11 @@ class User {
return $this->getValue('username');
}
public function nickname()
{
return $this->getValue('nickname');
}
public function firstName()
{
return $this->getValue('firstName');

View file

@ -40,7 +40,3 @@ if ($url->whereAmI()==='admin') {
else {
require(PATH_BOOT.'site.php');
}
$endLoadTime = microtime(true);
$time = $endLoadTime - $loadTime;
var_dump($time);