From 52b077a48c743ba4d08ac00520a0bf1ef6deef5f Mon Sep 17 00:00:00 2001 From: Thomas Lange Date: Fri, 24 Feb 2017 21:27:59 +0100 Subject: Initial commit. --- admin/auth.php | 86 +++++++++++++++++++++++++++++++++++++++++++++ admin/database.php | 49 ++++++++++++++++++++++++++ admin/index.php | 88 ++++++++++++++++++++++++++++++++++++++++++++++ admin/page/delete.php | 72 ++++++++++++++++++++++++++++++++++++++ admin/page/index.php | 76 ++++++++++++++++++++++++++++++++++++++++ admin/page/insert.php | 86 +++++++++++++++++++++++++++++++++++++++++++++ admin/page/update.php | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++ admin/post/delete.php | 72 ++++++++++++++++++++++++++++++++++++++ admin/post/index.php | 76 ++++++++++++++++++++++++++++++++++++++++ admin/post/insert.php | 86 +++++++++++++++++++++++++++++++++++++++++++++ admin/post/update.php | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++ admin/user/delete.php | 72 ++++++++++++++++++++++++++++++++++++++ admin/user/index.php | 72 ++++++++++++++++++++++++++++++++++++++ admin/user/insert.php | 78 +++++++++++++++++++++++++++++++++++++++++ admin/user/update.php | 89 +++++++++++++++++++++++++++++++++++++++++++++++ 15 files changed, 1194 insertions(+) create mode 100644 admin/auth.php create mode 100644 admin/database.php create mode 100644 admin/index.php create mode 100644 admin/page/delete.php create mode 100644 admin/page/index.php create mode 100644 admin/page/insert.php create mode 100644 admin/page/update.php create mode 100644 admin/post/delete.php create mode 100644 admin/post/index.php create mode 100644 admin/post/insert.php create mode 100644 admin/post/update.php create mode 100644 admin/user/delete.php create mode 100644 admin/user/index.php create mode 100644 admin/user/insert.php create mode 100644 admin/user/update.php (limited to 'admin') diff --git a/admin/auth.php b/admin/auth.php new file mode 100644 index 0000000..dbdd3ef --- /dev/null +++ b/admin/auth.php @@ -0,0 +1,86 @@ + Application::getSecurityToken(), ['action' => 'logout']])) { + session_destroy(); + HTTP::redirect(Application::getAdminURL('auth.php')); + } + + HTTP::redirect(Application::getAdminURL()); +} + +#=============================================================================== +# ELSE: Not authenticated +#=============================================================================== +else { + #=============================================================================== + # IF: Login action + #=============================================================================== + if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { + try { + $User = User\Factory::buildByUsername(HTTP::POST('username')); + + if($User->comparePassword(HTTP::POST('password'))) { + $_SESSION['auth'] = $User->getID(); + HTTP::redirect(Application::getAdminURL()); + } + + else { + $messages[] = $Language->text('authentication_failure'); + } + } catch(User\Exception $Exception){ + $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; + $fake_pass = HTTP::POST('password'); + + password_verify($fake_pass, $fake_hash); + + $messages[] = $Language->text('authentication_failure'); + } + } +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + $AuthTemplate = Template\Factory::build('auth'); + $AuthTemplate->set('FORM', [ + 'INFO' => [ + 'LIST' => $messages ?? [], + ], + 'DATA' => [ + 'USERNAME' => HTTP::POST('username'), + 'PASSWORD' => HTTP::POST('password'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', 'Authentication'); + $MainTemplate->set('HTML', $AuthTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> + diff --git a/admin/database.php b/admin/database.php new file mode 100644 index 0000000..47ffd29 --- /dev/null +++ b/admin/database.php @@ -0,0 +1,49 @@ + Application::getSecurityToken()], 'command')) { + try { + $Statement = $Database->query(HTTP::POST('command')); + $result = print_r($Statement->fetchAll(), TRUE); + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + $DatabaseTemplate = Template\Factory::build('database'); + $DatabaseTemplate->set('FORM', [ + 'INFO' => $messages ?? [], + 'TOKEN' => Application::getSecurityToken(), + 'RESULT' => $result ?? NULL, + 'COMMAND' => HTTP::POST('command'), + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', 'SQL'); + $MainTemplate->set('HTML', $DatabaseTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/index.php b/admin/index.php new file mode 100644 index 0000000..c2ef0e0 --- /dev/null +++ b/admin/index.php @@ -0,0 +1,88 @@ +query(sprintf('SELECT id FROM %s ORDER BY time_insert DESC LIMIT 1', Page\Attribute::TABLE)); + $LastPostStatement = $Database->query(sprintf('SELECT id FROM %s ORDER BY time_insert DESC LIMIT 1', Post\Attribute::TABLE)); + $LastUserStatement = $Database->query(sprintf('SELECT id FROM %s ORDER BY time_insert DESC LIMIT 1', User\Attribute::TABLE)); + + $PageCountStatement = $Database->query(sprintf('SELECT COUNT(*) FROM %s', Page\Attribute::TABLE)); + $PostCountStatement = $Database->query(sprintf('SELECT COUNT(*) FROM %s', Post\Attribute::TABLE)); + $UserCountStatement = $Database->query(sprintf('SELECT COUNT(*) FROM %s', User\Attribute::TABLE)); +} + +#=============================================================================== +# CATCH: PDOException +#=============================================================================== +catch(PDOException $Exception) { + exit($Exception->getMessage()); +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + try { + $LastPage = Page\Factory::build($LastPageStatement->fetchColumn()); + $LastPageUser = User\Factory::build($LastPage->attr('user')); + + $PageItemTemplate = generatePageItemTemplate($LastPage, $LastPageUser); + } + + catch(Page\Exception $Exception){} + catch(User\Exception $Exception){} + + try { + $LastPost = Post\Factory::build($LastPostStatement->fetchColumn()); + $LastPostUser = User\Factory::build($LastPost->attr('user')); + + $PostItemTemplate = generatePostItemTemplate($LastPost, $LastPostUser); + } + + catch(Post\Exception $Exception){} + catch(User\Exception $Exception){} + + try { + $LastUser = User\Factory::build($LastUserStatement->fetchColumn()); + $UserItemTemplate = generateUserItemTemplate($LastUser); + } catch(User\Exception $Exception){} + + $HomeTemplate = Template\Factory::build('home'); + $HomeTemplate->set('LAST', [ + 'PAGE' => $PageItemTemplate ?? FALSE, + 'POST' => $PostItemTemplate ?? FALSE, + 'USER' => $UserItemTemplate ?? FALSE, + + ]); + + $HomeTemplate->set('COUNT', [ + 'PAGE' => $PageCountStatement->fetchColumn(), + 'POST' => $PostCountStatement->fetchColumn(), + 'USER' => $UserCountStatement->fetchColumn(), + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', 'Dashboard'); + $MainTemplate->set('HTML', $HomeTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/page/delete.php b/admin/page/delete.php new file mode 100644 index 0000000..163bbdb --- /dev/null +++ b/admin/page/delete.php @@ -0,0 +1,72 @@ +getAttribute(); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'delete')) { + try { + if($Attribute->databaseDELETE($Database)) { + HTTP::redirect(Application::getAdminURL('page/')); + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + #=============================================================================== + # TRY: Template\Exception + #=============================================================================== + try { + $FormTemplate = Template\Factory::build('page/form'); + $FormTemplate->set('HTML', $Page->getHTML()); + $FormTemplate->set('FORM', [ + 'TYPE' => 'DELETE', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $DeleteTemplate = Template\Factory::build('page/delete'); + $DeleteTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_page_delete')); + $MainTemplate->set('HTML', $DeleteTemplate); + echo $MainTemplate; + } + + #=============================================================================== + # CATCH: Template\Exception + #=============================================================================== + catch(Template\Exception $Exception) { + $Exception->defaultHandler(); + } +} + +#=============================================================================== +# CATCH: Page\Exception +#=============================================================================== +catch(Page\Exception $Exception) { + Application::exit(404); +} +?> + diff --git a/admin/page/index.php b/admin/page/index.php new file mode 100644 index 0000000..56233a9 --- /dev/null +++ b/admin/page/index.php @@ -0,0 +1,76 @@ +query(sprintf('SELECT COUNT(id) FROM %s', Page\Attribute::TABLE))->fetchColumn() / $site_size); + +$currentSite = HTTP::GET('site') ?? 1; +$currentSite = abs(intval($currentSite)); + +if($currentSite < 1 OR ($currentSite > $lastSite AND $lastSite > 0)) { + Application::exit(404); +} + +#=============================================================================== +# Fetch page IDs from database +#=============================================================================== +$execSQL = "SELECT id FROM %s ORDER BY {$site_sort} LIMIT ".(($currentSite-1) * $site_size).", {$site_size}"; +$pageIDs = $Database->query(sprintf($execSQL, Page\Attribute::TABLE))->fetchAll($Database::FETCH_COLUMN); + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + foreach($pageIDs as $pageID) { + try { + $Page = Page\Factory::build($pageID); + $User = User\Factory::build($Page->attr('user')); + + $ItemTemplate = generatePageItemTemplate($Page, $User); + + $pages[] = $ItemTemplate; + } + catch(Page\Exception $Exception){} + catch(User\Exception $Exception){} + } + + $PaginationTemplate = Template\Factory::build('pagination'); + $PaginationTemplate->set('THIS', $currentSite); + $PaginationTemplate->set('LAST', $lastSite); + $PaginationTemplate->set('HREF', Application::getAdminURL('page/?site=%d')); + + $ListTemplate = Template\Factory::build('page/index'); + $ListTemplate->set('LIST', [ + 'PAGES' => $pages ?? [] + ]); + + $ListTemplate->set('PAGINATION', [ + 'THIS' => $currentSite, + 'LAST' => $lastSite, + 'HTML' => $PaginationTemplate + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_page_overview', $currentSite)); + $MainTemplate->set('HTML', $ListTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/page/insert.php b/admin/page/insert.php new file mode 100644 index 0000000..0f421f6 --- /dev/null +++ b/admin/page/insert.php @@ -0,0 +1,86 @@ +set('id', HTTP::POST('id') ? HTTP::POST('id') : FALSE); + $Attribute->set('user', HTTP::POST('user')); + $Attribute->set('slug', HTTP::POST('slug') ? HTTP::POST('slug') : makeSlugURL(HTTP::POST('name'))); + $Attribute->set('name', HTTP::POST('name') ? HTTP::POST('name') : NULL); + $Attribute->set('body', HTTP::POST('body') ? HTTP::POST('body') : FALSE); + $Attribute->set('time_insert', HTTP::POST('time_insert') ? HTTP::POST('time_insert') : date('Y-m-d H:i:s')); + $Attribute->set('time_update', HTTP::POST('time_update') ? HTTP::POST('time_update') : date('Y-m-d H:i:s')); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) { + try { + if($Attribute->databaseINSERT($Database)) { + HTTP::redirect(Application::getAdminURL('page/')); + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + else { + $messages[] = $Language->text('error_security_csrf'); + } +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + $userIDs = $Database->query(sprintf('SELECT id FROM %s ORDER BY fullname ASC', User\Attribute::TABLE)); + + foreach($userIDs->fetchAll(PDO::FETCH_COLUMN) as $userID) { + $User = User\Factory::build($userID); + $userAttributes[] = [ + 'ID' => $User->attr('id'), + 'FULLNAME' => $User->attr('fullname'), + 'USERNAME' => $User->attr('username'), + ]; + } + + $FormTemplate = Template\Factory::build('page/form'); + $FormTemplate->set('FORM', [ + 'TYPE' => 'INSERT', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'USER' => $Attribute->get('user'), + 'SLUG' => $Attribute->get('slug'), + 'NAME' => $Attribute->get('name'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'USER_LIST' => $userAttributes ?? [], + 'TOKEN' => Application::getSecurityToken() + ]); + + $InsertTemplate = Template\Factory::build('page/insert'); + $InsertTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_page_insert')); + $MainTemplate->set('HTML', $InsertTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/page/update.php b/admin/page/update.php new file mode 100644 index 0000000..0489406 --- /dev/null +++ b/admin/page/update.php @@ -0,0 +1,96 @@ +getAttribute(); + + if(HTTP::issetPOST('user', 'slug', 'name', 'body', 'time_insert', 'time_update', 'update')) { + $Attribute->set('user', HTTP::POST('user')); + $Attribute->set('slug', HTTP::POST('slug') ? HTTP::POST('slug') : makeSlugURL(HTTP::POST('name'))); + $Attribute->set('name', HTTP::POST('name') ? HTTP::POST('name') : NULL); + $Attribute->set('body', HTTP::POST('body') ? HTTP::POST('body') : FALSE); + $Attribute->set('time_insert', HTTP::POST('time_insert') ? HTTP::POST('time_insert') : date('Y-m-d H:i:s')); + $Attribute->set('time_update', HTTP::POST('time_update') ? HTTP::POST('time_update') : date('Y-m-d H:i:s')); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) { + try { + $Attribute->databaseUPDATE($Database); + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + else { + $messages[] = $Language->text('error_security_csrf'); + } + } + + #=============================================================================== + # TRY: Template\Exception + #=============================================================================== + try { + $userIDs = $Database->query(sprintf('SELECT id FROM %s ORDER BY fullname ASC', User\Attribute::TABLE)); + + foreach($userIDs->fetchAll(PDO::FETCH_COLUMN) as $userID) { + $User = User\Factory::build($userID); + $userAttributes[] = [ + 'ID' => $User->attr('id'), + 'FULLNAME' => $User->attr('fullname'), + 'USERNAME' => $User->attr('username'), + ]; + } + + $FormTemplate = Template\Factory::build('page/form'); + $FormTemplate->set('FORM', [ + 'TYPE' => 'UPDATE', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'USER' => $Attribute->get('user'), + 'SLUG' => $Attribute->get('slug'), + 'NAME' => $Attribute->get('name'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'USER_LIST' => $userAttributes ?? [], + 'TOKEN' => Application::getSecurityToken() + ]); + + $PageUpdateTemplate = Template\Factory::build('page/update'); + $PageUpdateTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_page_update')); + $MainTemplate->set('HTML', $PageUpdateTemplate); + echo $MainTemplate; + } + + #=============================================================================== + # CATCH: Template\Exception + #=============================================================================== + catch(Template\Exception $Exception) { + $Exception->defaultHandler(); + } +} + +#=============================================================================== +# CATCH: Page\Exception +#=============================================================================== +catch(Page\Exception $Exception) { + Application::exit(404); +} +?> \ No newline at end of file diff --git a/admin/post/delete.php b/admin/post/delete.php new file mode 100644 index 0000000..82e71da --- /dev/null +++ b/admin/post/delete.php @@ -0,0 +1,72 @@ +getAttribute(); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'delete')) { + try { + if($Attribute->databaseDELETE($Database)) { + HTTP::redirect(Application::getAdminURL('post/')); + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + #=============================================================================== + # TRY: Template\Exception + #=============================================================================== + try { + $FormTemplate = Template\Factory::build('post/form'); + $FormTemplate->set('HTML', $Post->getHTML()); + $FormTemplate->set('FORM', [ + 'TYPE' => 'DELETE', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $DeleteTemplate = Template\Factory::build('post/delete'); + $DeleteTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_post_delete')); + $MainTemplate->set('HTML', $DeleteTemplate); + echo $MainTemplate; + } + + #=============================================================================== + # CATCH: Template\Exception + #=============================================================================== + catch(Template\Exception $Exception) { + $Exception->defaultHandler(); + } +} + +#=============================================================================== +# CATCH: Post\Exception +#=============================================================================== +catch(Post\Exception $Exception) { + Application::exit(404); +} +?> + diff --git a/admin/post/index.php b/admin/post/index.php new file mode 100644 index 0000000..bf7afdf --- /dev/null +++ b/admin/post/index.php @@ -0,0 +1,76 @@ +query(sprintf('SELECT COUNT(id) FROM %s', Post\Attribute::TABLE))->fetchColumn() / $site_size); + +$currentSite = HTTP::GET('site') ?? 1; +$currentSite = abs(intval($currentSite)); + +if($currentSite < 1 OR ($currentSite > $lastSite AND $lastSite > 0)) { + Application::exit(404); +} + +#=============================================================================== +# Fetch post IDs from database +#=============================================================================== +$execSQL = "SELECT id FROM %s ORDER BY {$site_sort} LIMIT ".(($currentSite-1) * $site_size).", {$site_size}"; +$postIDs = $Database->query(sprintf($execSQL, Post\Attribute::TABLE))->fetchAll($Database::FETCH_COLUMN); + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + foreach($postIDs as $postID) { + try { + $Post = Post\Factory::build($postID); + $User = User\Factory::build($Post->attr('user')); + + $ItemTemplate = generatePostItemTemplate($Post, $User); + + $posts[] = $ItemTemplate; + } + catch(Post\Exception $Exception){} + catch(User\Exception $Exception){} + } + + $PaginationTemplate = Template\Factory::build('pagination'); + $PaginationTemplate->set('THIS', $currentSite); + $PaginationTemplate->set('LAST', $lastSite); + $PaginationTemplate->set('HREF', Application::getAdminURL('post/?site=%d')); + + $ListTemplate = Template\Factory::build('post/index'); + $ListTemplate->set('LIST', [ + 'POSTS' => $posts ?? [] + ]); + + $ListTemplate->set('PAGINATION', [ + 'THIS' => $currentSite, + 'LAST' => $lastSite, + 'HTML' => $PaginationTemplate + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_post_overview', $currentSite)); + $MainTemplate->set('HTML', $ListTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/post/insert.php b/admin/post/insert.php new file mode 100644 index 0000000..ab6bb87 --- /dev/null +++ b/admin/post/insert.php @@ -0,0 +1,86 @@ +set('id', HTTP::POST('id') ? HTTP::POST('id') : FALSE); + $Attribute->set('user', HTTP::POST('user')); + $Attribute->set('slug', HTTP::POST('slug') ? HTTP::POST('slug') : makeSlugURL(HTTP::POST('name'))); + $Attribute->set('name', HTTP::POST('name') ? HTTP::POST('name') : NULL); + $Attribute->set('body', HTTP::POST('body') ? HTTP::POST('body') : NULL); + $Attribute->set('time_insert', HTTP::POST('time_insert') ? HTTP::POST('time_insert') : date('Y-m-d H:i:s')); + $Attribute->set('time_update', HTTP::POST('time_update') ? HTTP::POST('time_update') : date('Y-m-d H:i:s')); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) { + try { + if($Attribute->databaseINSERT($Database)) { + HTTP::redirect(Application::getAdminURL('post/')); + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + else { + $messages[] = $Language->text('error_security_csrf'); + } +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + $userIDs = $Database->query(sprintf('SELECT id FROM %s ORDER BY fullname ASC', User\Attribute::TABLE)); + + foreach($userIDs->fetchAll(PDO::FETCH_COLUMN) as $userID) { + $User = User\Factory::build($userID); + $userAttributes[] = [ + 'ID' => $User->attr('id'), + 'FULLNAME' => $User->attr('fullname'), + 'USERNAME' => $User->attr('username'), + ]; + } + + $FormTemplate = Template\Factory::build('post/form'); + $FormTemplate->set('FORM', [ + 'TYPE' => 'INSERT', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'USER' => $Attribute->get('user'), + 'SLUG' => $Attribute->get('slug'), + 'NAME' => $Attribute->get('name'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'USER_LIST' => $userAttributes ?? [], + 'TOKEN' => Application::getSecurityToken() + ]); + + $InsertTemplate = Template\Factory::build('post/insert'); + $InsertTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_post_insert')); + $MainTemplate->set('HTML', $InsertTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/post/update.php b/admin/post/update.php new file mode 100644 index 0000000..875d947 --- /dev/null +++ b/admin/post/update.php @@ -0,0 +1,96 @@ +getAttribute(); + + if(HTTP::issetPOST('user', 'slug', 'name', 'body', 'time_insert', 'time_update', 'update')) { + $Attribute->set('user', HTTP::POST('user')); + $Attribute->set('slug', HTTP::POST('slug') ? HTTP::POST('slug') : makeSlugURL(HTTP::POST('name'))); + $Attribute->set('name', HTTP::POST('name') ? HTTP::POST('name') : NULL); + $Attribute->set('body', HTTP::POST('body') ? HTTP::POST('body') : FALSE); + $Attribute->set('time_insert', HTTP::POST('time_insert') ? HTTP::POST('time_insert') : date('Y-m-d H:i:s')); + $Attribute->set('time_update', HTTP::POST('time_update') ? HTTP::POST('time_update') : date('Y-m-d H:i:s')); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) { + try { + $Attribute->databaseUPDATE($Database); + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + else { + $messages[] = $Language->text('error_security_csrf'); + } + } + + #=============================================================================== + # TRY: Template\Exception + #=============================================================================== + try { + $userIDs = $Database->query(sprintf('SELECT id FROM %s ORDER BY fullname ASC', User\Attribute::TABLE)); + + foreach($userIDs->fetchAll(PDO::FETCH_COLUMN) as $userID) { + $User = User\Factory::build($userID); + $userAttributes[] = [ + 'ID' => $User->attr('id'), + 'FULLNAME' => $User->attr('fullname'), + 'USERNAME' => $User->attr('username'), + ]; + } + + $FormTemplate = Template\Factory::build('post/form'); + $FormTemplate->set('FORM', [ + 'TYPE' => 'UPDATE', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'USER' => $Attribute->get('user'), + 'SLUG' => $Attribute->get('slug'), + 'NAME' => $Attribute->get('name'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'USER_LIST' => $userAttributes ?? [], + 'TOKEN' => Application::getSecurityToken() + ]); + + $PostUpdateTemplate = Template\Factory::build('post/update'); + $PostUpdateTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_post_update')); + $MainTemplate->set('HTML', $PostUpdateTemplate); + echo $MainTemplate; + } + + #=============================================================================== + # CATCH: Template\Exception + #=============================================================================== + catch(Template\Exception $Exception) { + $Exception->defaultHandler(); + } +} + +#=============================================================================== +# CATCH: Post\Exception +#=============================================================================== +catch(Post\Exception $Exception) { + Application::exit(404); +} +?> \ No newline at end of file diff --git a/admin/user/delete.php b/admin/user/delete.php new file mode 100644 index 0000000..ed8f925 --- /dev/null +++ b/admin/user/delete.php @@ -0,0 +1,72 @@ +getAttribute(); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'delete')) { + try { + if($Attribute->databaseDELETE($Database)) { + HTTP::redirect(Application::getAdminURL('user/')); + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + #=============================================================================== + # TRY: Template\Exception + #=============================================================================== + try { + $FormTemplate = Template\Factory::build('user/form'); + $FormTemplate->set('HTML', $User->getHTML()); + $FormTemplate->set('FORM', [ + 'TYPE' => 'DELETE', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $DeleteTemplate = Template\Factory::build('user/delete'); + $DeleteTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_user_delete')); + $MainTemplate->set('HTML', $DeleteTemplate); + echo $MainTemplate; + } + + #=============================================================================== + # CATCH: Template\Exception + #=============================================================================== + catch(Template\Exception $Exception) { + $Exception->defaultHandler(); + } +} + +#=============================================================================== +# CATCH: User\Exception +#=============================================================================== +catch(User\Exception $Exception) { + Application::exit(404); +} +?> + diff --git a/admin/user/index.php b/admin/user/index.php new file mode 100644 index 0000000..3dca93a --- /dev/null +++ b/admin/user/index.php @@ -0,0 +1,72 @@ +query(sprintf('SELECT COUNT(id) FROM %s', User\Attribute::TABLE))->fetchColumn() / $site_size); + +$currentSite = HTTP::GET('site') ?? 1; +$currentSite = abs(intval($currentSite)); + +if($currentSite < 1 OR ($currentSite > $lastSite AND $lastSite > 0)) { + Application::exit(404); +} + +#=============================================================================== +# Fetch user IDs from database +#=============================================================================== +$execSQL = "SELECT id FROM %s ORDER BY {$site_sort} LIMIT ".(($currentSite-1) * $site_size).", {$site_size}"; +$userIDs = $Database->query(sprintf($execSQL, User\Attribute::TABLE))->fetchAll($Database::FETCH_COLUMN); + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + foreach($userIDs as $userID) { + try { + $User = User\Factory::build($userID); + $ItemTemplate = generateUserItemTemplate($User); + + $users[] = $ItemTemplate; + } catch(User\Exception $Exception){} + } + + $PaginationTemplate = Template\Factory::build('pagination'); + $PaginationTemplate->set('THIS', $currentSite); + $PaginationTemplate->set('LAST', $lastSite); + $PaginationTemplate->set('HREF', Application::getAdminURL('user/?site=%d')); + + $ListTemplate = Template\Factory::build('user/index'); + $ListTemplate->set('LIST', [ + 'USERS' => $users ?? [] + ]); + + $ListTemplate->set('PAGINATION', [ + 'THIS' => $currentSite, + 'LAST' => $lastSite, + 'HTML' => $PaginationTemplate + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_user_overview', $currentSite)); + $MainTemplate->set('HTML', $ListTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/user/insert.php b/admin/user/insert.php new file mode 100644 index 0000000..7c892d4 --- /dev/null +++ b/admin/user/insert.php @@ -0,0 +1,78 @@ +set('id', HTTP::POST('id') ? HTTP::POST('id') : FALSE); + $Attribute->set('slug', HTTP::POST('slug') ? HTTP::POST('slug') : makeSlugURL(HTTP::POST('username'))); + $Attribute->set('username', HTTP::POST('username') ? HTTP::POST('username') : NULL); + $Attribute->set('password', HTTP::POST('password') ? password_hash(HTTP::POST('password'), PASSWORD_BCRYPT, ['cost' => 10]) : FALSE); + $Attribute->set('fullname', HTTP::POST('fullname') ? HTTP::POST('fullname') : NULL); + $Attribute->set('mailaddr', HTTP::POST('mailaddr') ? HTTP::POST('mailaddr') : NULL); + $Attribute->set('body', HTTP::POST('body') ? HTTP::POST('body') : NULL); + $Attribute->set('time_insert', HTTP::POST('time_insert') ? HTTP::POST('time_insert') : date('Y-m-d H:i:s')); + $Attribute->set('time_update', HTTP::POST('time_update') ? HTTP::POST('time_update') : date('Y-m-d H:i:s')); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) { + try { + if($Attribute->databaseINSERT($Database)) { + HTTP::redirect(Application::getAdminURL('user/')); + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + else { + $messages[] = $Language->text('error_security_csrf'); + } +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + $FormTemplate = Template\Factory::build('user/form'); + $FormTemplate->set('FORM', [ + 'TYPE' => 'INSERT', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'SLUG' => $Attribute->get('slug'), + 'USERNAME' => $Attribute->get('username'), + 'PASSWORD' => NULL, + 'FULLNAME' => $Attribute->get('fullname'), + 'MAILADDR' => $Attribute->get('mailaddr'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $InsertTemplate = Template\Factory::build('user/insert'); + $InsertTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_user_insert')); + $MainTemplate->set('HTML', $InsertTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> \ No newline at end of file diff --git a/admin/user/update.php b/admin/user/update.php new file mode 100644 index 0000000..cab582e --- /dev/null +++ b/admin/user/update.php @@ -0,0 +1,89 @@ +getAttribute(); + + if(HTTP::issetPOST('slug', 'username', 'password', 'fullname', 'mailaddr', 'body', 'time_insert', 'time_update', 'update')) { + $Attribute->set('slug', HTTP::POST('slug') ? HTTP::POST('slug') : makeSlugURL(HTTP::POST('username'))); + $Attribute->set('username', HTTP::POST('username') ? HTTP::POST('username') : NULL); + $Attribute->set('password', HTTP::POST('password') ? password_hash(HTTP::POST('password'), PASSWORD_BCRYPT, ['cost' => 10]) : FALSE); + $Attribute->set('fullname', HTTP::POST('fullname') ? HTTP::POST('fullname') : NULL); + $Attribute->set('mailaddr', HTTP::POST('mailaddr') ? HTTP::POST('mailaddr') : NULL); + $Attribute->set('body', HTTP::POST('body') ? HTTP::POST('body') : NULL); + $Attribute->set('time_insert', HTTP::POST('time_insert') ? HTTP::POST('time_insert') : date('Y-m-d H:i:s')); + $Attribute->set('time_update', HTTP::POST('time_update') ? HTTP::POST('time_update') : date('Y-m-d H:i:s')); + + if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) { + try { + if($Attribute->databaseUPDATE($Database)) { + } + } catch(PDOException $Exception) { + $messages[] = $Exception->getMessage(); + } + } + + else { + $messages[] = $Language->text('error_security_csrf'); + } + } + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== + try { + $FormTemplate = Template\Factory::build('user/form'); + $FormTemplate->set('FORM', [ + 'TYPE' => 'UPDATE', + 'INFO' => $messages ?? [], + 'DATA' => [ + 'ID' => $Attribute->get('id'), + 'SLUG' => $Attribute->get('slug'), + 'USERNAME' => $Attribute->get('username'), + 'PASSWORD' => NULL, + 'FULLNAME' => $Attribute->get('fullname'), + 'MAILADDR' => $Attribute->get('mailaddr'), + 'BODY' => $Attribute->get('body'), + 'TIME_INSERT' => $Attribute->get('time_insert'), + 'TIME_UPDATE' => $Attribute->get('time_update'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $InsertTemplate = Template\Factory::build('user/update'); + $InsertTemplate->set('HTML', $FormTemplate); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', $Language->text('title_user_update')); + $MainTemplate->set('HTML', $InsertTemplate); + echo $MainTemplate; + } + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== + catch(Template\Exception $Exception) { + $Exception->defaultHandler(); + } +} + +#=============================================================================== +# CATCH: User\Exception +#=============================================================================== +catch(User\Exception $Exception) { + Application::exit(404); +} +?> \ No newline at end of file -- cgit v1.2.3