108 lines
3.4 KiB
PHP
108 lines
3.4 KiB
PHP
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
// Start the session
|
|
// If the session is not started the admin area is not available
|
|
Session::start();
|
|
if (Session::started()===false) {
|
|
exit('Bludit CMS. Session initialization failed.');
|
|
}
|
|
|
|
// The login object contains the authentication system and/or the current user logged
|
|
$login = new Login();
|
|
|
|
// Initialize plugins
|
|
include(PATH_RULES.'60.plugins.php');
|
|
|
|
// Parameters for the controller and view
|
|
// For example "title" keeps the HTML tag <title>
|
|
$layout = array(
|
|
'controller'=>null,
|
|
'view'=>null,
|
|
'template'=>'index.php',
|
|
'slug'=>null,
|
|
'plugin'=>false,
|
|
'parameters'=>null,
|
|
'title'=>'Bludit'
|
|
);
|
|
|
|
// Get from the URL the controller and view
|
|
$explodeSlug = $url->explodeSlug();
|
|
$layout['controller'] = $layout['view'] = $layout['slug'] = empty($explodeSlug[0])?'dashboard':$explodeSlug[0];
|
|
unset($explodeSlug[0]);
|
|
|
|
// Check if the user want to get access to an admin controller or view from a plugin
|
|
// To get access to a plugin controller or view the URL should be: http://localhost/admin/plugin/<PLUGIN NAME>
|
|
// $explodeSlug = [0=>'<PLUGIN NAME>']
|
|
if ($layout['controller'] === 'plugin' && !empty($explodeSlug)) {
|
|
// Lowercase plugins class name to search by case-insensitive
|
|
$pluginsLowerCases = array_change_key_case($pluginsInstalled);
|
|
$pluginName = Text::lowercase(array_shift($explodeSlug));
|
|
if (isset($pluginsLowerCases[$pluginName])) {
|
|
$layout['plugin'] = $pluginsLowerCases[$pluginName];
|
|
}
|
|
}
|
|
|
|
// Get the URL parameters
|
|
$layout['parameters'] = implode('/', $explodeSlug);
|
|
|
|
// --- AJAX ---
|
|
if ($layout['slug']==='ajax') {
|
|
if ($login->isLogged()) {
|
|
// Rules: Security check CSRF
|
|
include(PATH_RULES.'99.security.php');
|
|
|
|
// Load the ajax file
|
|
if (Sanitize::pathFile(PATH_AJAX.$layout['parameters'].'.php')) {
|
|
include(PATH_AJAX.$layout['parameters'].'.php');
|
|
}
|
|
}
|
|
header('HTTP/1.1 401 User not logged.');
|
|
exit(0);
|
|
}
|
|
|
|
// Boot rules
|
|
include(PATH_RULES.'69.pages.php');
|
|
include(PATH_RULES.'99.header.php');
|
|
include(PATH_RULES.'99.paginator.php');
|
|
include(PATH_RULES.'99.themes.php');
|
|
include(PATH_RULES.'99.security.php');
|
|
|
|
// Define layout login-form for:
|
|
// - User not logged
|
|
// - Page not found
|
|
// - Slug is login. http://localhost/admin/login
|
|
if ($url->notFound() || !$login->isLogged() || ($url->slug()==='login') ) {
|
|
$layout['controller'] = 'login';
|
|
$layout['view'] = 'login';
|
|
$layout['template'] = 'login.php';
|
|
|
|
// Generate the tokenCSRF for the user not logged, when the user log-in the token will change
|
|
$security->generateTokenCSRF();
|
|
}
|
|
|
|
// Define global variables
|
|
$ADMIN_CONTROLLER = $layout['controller'];
|
|
$ADMIN_VIEW = $layout['view'];
|
|
|
|
// Execute plugins before load the admin area
|
|
execPluginsByHook('beforeAdminLoad');
|
|
|
|
// Load init.php if the theme has one
|
|
if (Sanitize::pathFile(PATH_ADMIN_THEMES.$site->adminTheme().DS.'init.php')) {
|
|
include(PATH_ADMIN_THEMES.$site->adminTheme().DS.'init.php');
|
|
}
|
|
|
|
// Load controller
|
|
if (Sanitize::pathFile(PATH_ADMIN_CONTROLLERS.$layout['controller'].'.php')) {
|
|
include(PATH_ADMIN_CONTROLLERS.$layout['controller'].'.php');
|
|
} elseif ($layout['plugin'] && method_exists($layout['plugin'], 'adminController')) {
|
|
$layout['plugin']->adminController();
|
|
}
|
|
|
|
// Load view and theme
|
|
if (Sanitize::pathFile(PATH_ADMIN_THEMES.$site->adminTheme().DS.$layout['template'])) {
|
|
include(PATH_ADMIN_THEMES.$site->adminTheme().DS.$layout['template']);
|
|
}
|
|
|
|
// Execute plugins after the admin area is loaded
|
|
execPluginsByHook('afterAdminLoad');
|