From f7bfdf58def6aadc922e1632f407d1418269a0d7 Mon Sep 17 00:00:00 2001 From: Evgeny Zinoviev Date: Sat, 9 Jul 2022 19:40:17 +0300 Subject: initial --- handler/admin/AdminRequestHandler.php | 20 ++++++ handler/admin/AutoAddOrEdit.php | 97 ++++++++++++++++++++++++++ handler/admin/AutoDelete.php | 34 +++++++++ handler/admin/AutoEdit.php | 127 ++++++++++++++++++++++++++++++++++ handler/admin/Index.php | 13 ++++ handler/admin/Login.php | 31 +++++++++ handler/admin/Logout.php | 17 +++++ handler/admin/MarkdownPreview.php | 22 ++++++ handler/admin/PageAdd.php | 66 ++++++++++++++++++ handler/admin/PostAdd.php | 68 ++++++++++++++++++ handler/admin/UploadDelete.php | 25 +++++++ handler/admin/UploadEditNote.php | 25 +++++++ handler/admin/Uploads.php | 73 +++++++++++++++++++ 13 files changed, 618 insertions(+) create mode 100644 handler/admin/AdminRequestHandler.php create mode 100644 handler/admin/AutoAddOrEdit.php create mode 100644 handler/admin/AutoDelete.php create mode 100644 handler/admin/AutoEdit.php create mode 100644 handler/admin/Index.php create mode 100644 handler/admin/Login.php create mode 100644 handler/admin/Logout.php create mode 100644 handler/admin/MarkdownPreview.php create mode 100644 handler/admin/PageAdd.php create mode 100644 handler/admin/PostAdd.php create mode 100644 handler/admin/UploadDelete.php create mode 100644 handler/admin/UploadEditNote.php create mode 100644 handler/admin/Uploads.php (limited to 'handler/admin') diff --git a/handler/admin/AdminRequestHandler.php b/handler/admin/AdminRequestHandler.php new file mode 100644 index 0000000..04b7cde --- /dev/null +++ b/handler/admin/AdminRequestHandler.php @@ -0,0 +1,20 @@ +skin->static[] = '/css/admin.css'; + $this->skin->static[] = '/js/admin.js'; + + if (!($this instanceof Login) && !admin::isAdmin()) + throw new \ForbiddenException('looks like you are not admin'); + + return null; + } + +} \ No newline at end of file diff --git a/handler/admin/AutoAddOrEdit.php b/handler/admin/AutoAddOrEdit.php new file mode 100644 index 0000000..027c827 --- /dev/null +++ b/handler/admin/AutoAddOrEdit.php @@ -0,0 +1,97 @@ +skin->setOptions([ + 'full_width' => true, + 'no_footer' => true + ]); + return parent::beforeDispatch(); + } + + protected function _get_postAdd( + string $title = '', + string $text = '', + ?array $tags = null, + string $short_name = '', + ?string $error_code = null + ): Response { + $this->skin->addLangKeys($this->lang->search('/^(err_)?blog_/')); + $this->skin->title = $this->lang['blog_write']; + return $this->skin->renderPage('admin/postForm', + title: $title, + text: $text, + tags: $tags ? implode(', ', $tags) : '', + short_name: $short_name, + error_code: $error_code); + } + + protected function _get_postEdit( + Post $post, + string $title = '', + string $text = '', + ?array $tags = null, + bool $visible = false, + string $short_name = '', + ?string $error_code = null, + bool $saved = false, + ): Response { + $this->skin->addLangKeys($this->lang->search('/^(err_)?blog_/')); + $this->skin->title = ($this->lang)('blog_post_edit_title', $post->title); + return $this->skin->renderPage('admin/postForm', + is_edit: true, + post_id: $post->id, + post_url: $post->getUrl(), + title: $title, + text: $text, + tags: $tags ? implode(', ', $tags) : '', + visible: $visible, + saved: $saved, + short_name: $short_name, + error_code: $error_code + ); + } + + protected function _get_pageAdd( + string $name, + string $title = '', + string $text = '', + ?string $error_code = null + ): Response { + $this->skin->addLangKeys($this->lang->search('/^(err_)?pages_/')); + $this->skin->title = ($this->lang)('pages_create_title', $name); + return $this->skin->renderPage('admin/pageForm', + short_name: $name, + title: $title, + text: $text, + error_code: $error_code); + } + + protected function _get_pageEdit( + Page $page, + string $title = '', + string $text = '', + bool $saved = false, + bool $visible = false, + ?string $error_code = null + ): Response { + $this->skin->addLangKeys($this->lang->search('/^(err_)?pages_/')); + $this->skin->title = ($this->lang)('pages_page_edit_title', $page->shortName.'.html'); + return $this->skin->renderPage('admin/pageForm', + is_edit: true, + short_name: $page->shortName, + title: $title, + text: $text, + visible: $visible, + saved: $saved, + error_code: $error_code); + } + +} \ No newline at end of file diff --git a/handler/admin/AutoDelete.php b/handler/admin/AutoDelete.php new file mode 100644 index 0000000..80c8eef --- /dev/null +++ b/handler/admin/AutoDelete.php @@ -0,0 +1,34 @@ +input('short_name'); + + $post = posts::getPostByName($name); + if ($post) { + csrf::check('delpost'.$post->id); + posts::delete($post); + return new RedirectResponse('/'); + } + + $page = pages::getPageByName($name); + if ($page) { + csrf::check('delpage'.$page->shortName); + pages::delete($page); + return new RedirectResponse('/'); + } + + throw new NotFoundException(); + } + +} \ No newline at end of file diff --git a/handler/admin/AutoEdit.php b/handler/admin/AutoEdit.php new file mode 100644 index 0000000..9d70c5b --- /dev/null +++ b/handler/admin/AutoEdit.php @@ -0,0 +1,127 @@ +input('short_name, b:saved'); + + $post = posts::getPostByName($short_name); + if ($post) { + $tags = $post->getTags(); + return $this->_get_postEdit($post, + tags: $post->getTags(), + saved: $saved, + title: $post->title, + text: $post->md, + visible: $post->visible, + short_name: $post->shortName, + ); + } + + $page = pages::getPageByName($short_name); + if ($page) { + return $this->_get_pageEdit($page, + title: $page->title, + text: $page->md, + visible: $page->visible, + saved: $saved, + ); + } + + throw new \NotFoundException(); + } + + public function post(): Response { + list($short_name) = $this->input('short_name'); + + $post = posts::getPostByName($short_name); + if ($post) { + csrf::check('editpost'.$post->id); + + list($text, $title, $tags, $visible, $short_name) + = $this->input('text, title, tags, b:visible, new_short_name'); + + $tags = posts::splitStringToTags($tags); + $error_code = null; + + if (!$title) { + $error_code = 'no_title'; + } else if (!$text) { + $error_code = 'no_text'; + } else if (empty($tags)) { + $error_code = 'no_tags'; + } else if (empty($short_name)) { + $error_code = 'no_short_name'; + } + + if ($error_code) + $this->_get_postEdit($post, + text: $text, + title: $title, + tags: $tags, + visible: $visible, + short_name: $short_name, + error_code: $error_code + ); + + $post->edit([ + 'title' => $title, + 'md' => $text, + 'visible' => (int)$visible, + 'short_name' => $short_name + ]); + $tag_ids = posts::getTagIds($tags); + $post->setTagIds($tag_ids); + + return new \RedirectResponse($post->getUrl().'edit/?saved=1'); + } + + $page = pages::getPageByName($short_name); + if ($page) { + csrf::check('editpage'.$page->shortName); + + list($text, $title, $visible, $short_name) + = $this->input('text, title, b:visible, new_short_name'); + + $text = trim($text); + $title = trim($title); + $error_code = null; + + if (!$title) { + $error_code = 'no_title'; + } else if (!$text) { + $error_code = 'no_text'; + } else if (!$short_name) { + $error_code = 'no_short_name'; + } + + if ($error_code) { + return $this->_get_pageEdit($page, + title: $title, + text: $text, + visible: $visible, + error_code: $error_code + ); + } + + $page->edit([ + 'title' => $title, + 'md' => $text, + 'visible' => (int)$visible, + 'short_name' => $short_name, + ]); + + return new \RedirectResponse($page->getUrl().'edit/?saved=1'); + } + + throw new \NotFoundException(); + } + +} \ No newline at end of file diff --git a/handler/admin/Index.php b/handler/admin/Index.php new file mode 100644 index 0000000..e829913 --- /dev/null +++ b/handler/admin/Index.php @@ -0,0 +1,13 @@ +skin->renderPage('admin/index'); + } + +} \ No newline at end of file diff --git a/handler/admin/Login.php b/handler/admin/Login.php new file mode 100644 index 0000000..cade137 --- /dev/null +++ b/handler/admin/Login.php @@ -0,0 +1,31 @@ +skin->renderPage('admin/login'); + } + + public function post(): Response { + csrf::check('adminlogin'); + $password = $_POST['password'] ?? ''; + $valid = admin::checkPassword($password); + if ($valid) { + admin::logAuth(); + admin::setCookie(); + return new RedirectResponse('/admin/'); + } + throw new UnauthorizedException('nice try'); + } + +} \ No newline at end of file diff --git a/handler/admin/Logout.php b/handler/admin/Logout.php new file mode 100644 index 0000000..bb11e43 --- /dev/null +++ b/handler/admin/Logout.php @@ -0,0 +1,17 @@ +input('md, title, b:use_image_previews'); + + $html = \markup::markdownToHtml($md, $use_image_previews); + + $ctx = new \SkinContext('\\skin\\admin'); + $html = $ctx->markdownPreview( + unsafe_html: $html, + title: $title + ); + return new \AjaxOkResponse(['html' => $html]); + } + +} \ No newline at end of file diff --git a/handler/admin/PageAdd.php b/handler/admin/PageAdd.php new file mode 100644 index 0000000..8754f0f --- /dev/null +++ b/handler/admin/PageAdd.php @@ -0,0 +1,66 @@ +input('short_name'); + $page = pages::getPageByName($name); + if ($page) + throw new NotFoundException(); + + return $this->_get_pageAdd($name); + } + + public function post(): Response { + csrf::check('addpage'); + + list($name) = $this->input('short_name'); + $page = pages::getPageByName($name); + if ($page) + throw new NotFoundException(); + + $text = trim($_POST['text'] ?? ''); + $title = trim($_POST['title'] ?? ''); + $error_code = null; + + if (!$title) { + $error_code = 'no_title'; + } else if (!$text) { + $error_code = 'no_text'; + } + + if ($error_code) { + return $this->_get_pageAdd( + name: $name, + text: $text, + title: $title, + error_code: $error_code + ); + } + + if (!pages::add([ + 'short_name' => $name, + 'title' => $title, + 'md' => $text + ])) { + return $this->_get_pageAdd( + name: $name, + text: $text, + title: $title, + error_code: 'db_err' + ); + } + + $page = pages::getPageByName($name); + return new RedirectResponse($page->getUrl()); + } + +} \ No newline at end of file diff --git a/handler/admin/PostAdd.php b/handler/admin/PostAdd.php new file mode 100644 index 0000000..c21a239 --- /dev/null +++ b/handler/admin/PostAdd.php @@ -0,0 +1,68 @@ +_get_postAdd(); + } + + public function post(): Response { + csrf::check('addpost'); + + list($text, $title, $tags, $visible, $short_name) + = $this->input('text, title, tags, b:visible, short_name'); + $tags = posts::splitStringToTags($tags); + + $error_code = null; + + if (!$title) { + $error_code = 'no_title'; + } else if (!$text) { + $error_code = 'no_text'; + } else if (empty($tags)) { + $error_code = 'no_tags'; + } else if (empty($short_name)) { + $error_code = 'no_short_name'; + } + + if ($error_code) + return $this->_get_postAdd( + text: $text, + title: $title, + tags: $tags, + short_name: $short_name, + error_code: $error_code + ); + + $id = posts::add([ + 'title' => $title, + 'md' => $text, + 'visible' => (int)$visible, + 'short_name' => $short_name, + ]); + + if (!$id) + $this->_get_postAdd( + text: $text, + title: $title, + tags: $tags, + short_name: $short_name, + error_code: 'db_err' + ); + + // set tags + $post = posts::get($id); + $tag_ids = posts::getTagIds($tags); + $post->setTagIds($tag_ids); + + return new RedirectResponse($post->getUrl()); + } + +} \ No newline at end of file diff --git a/handler/admin/UploadDelete.php b/handler/admin/UploadDelete.php new file mode 100644 index 0000000..26b58b7 --- /dev/null +++ b/handler/admin/UploadDelete.php @@ -0,0 +1,25 @@ +input('i:id'); + + $upload = \uploads::get($id); + if (!$upload) + return new RedirectResponse('/uploads/?error='.urlencode('upload not found')); + + csrf::check('delupl'.$id); + + \uploads::delete($id); + + return new RedirectResponse('/uploads/'); + } + +} \ No newline at end of file diff --git a/handler/admin/UploadEditNote.php b/handler/admin/UploadEditNote.php new file mode 100644 index 0000000..e7cdbb2 --- /dev/null +++ b/handler/admin/UploadEditNote.php @@ -0,0 +1,25 @@ +input('i:id'); + + $upload = \uploads::get($id); + if (!$upload) + return new \RedirectResponse('/uploads/?error='.urlencode('upload not found')); + + csrf::check('editupl'.$id); + + $note = $_POST['note'] ?? ''; + $upload->setNote($note); + + return new \RedirectResponse('/uploads/'); + } + +} \ No newline at end of file diff --git a/handler/admin/Uploads.php b/handler/admin/Uploads.php new file mode 100644 index 0000000..0cbb2f6 --- /dev/null +++ b/handler/admin/Uploads.php @@ -0,0 +1,73 @@ +input('error'); + $uploads = \uploads::getAll(); + + $this->skin->title = ($this->lang)('blog_upload'); + return $this->skin->renderPage('admin/uploads', + error: $error, + uploads: $uploads); + } + + public function post(): Response { + csrf::check('addupl'); + + list($custom_name, $note) = $this->input('name, note'); + + if (!isset($_FILES['files'])) + return new RedirectResponse('/uploads/?error='.urlencode('no file')); + + $files = []; + for ($i = 0; $i < count($_FILES['files']['name']); $i++) { + $files[] = [ + 'name' => $_FILES['files']['name'][$i], + 'type' => $_FILES['files']['type'][$i], + 'tmp_name' => $_FILES['files']['tmp_name'][$i], + 'error' => $_FILES['files']['error'][$i], + 'size' => $_FILES['files']['size'][$i], + ]; + } + + if (count($files) > 1) { + $note = ''; + $custom_name = ''; + } + + foreach ($files as $f) { + if ($f['error']) + return new RedirectResponse('/uploads/?error='.urlencode('error code '.$f['error'])); + + if (!$f['size']) + return new RedirectResponse('/uploads/?error='.urlencode('received empty file')); + + $ext = extension($f['name']); + if (!\uploads::isExtensionAllowed($ext)) + return new RedirectResponse('/uploads/?error='.urlencode('extension not allowed')); + + $upload_id = \uploads::add( + $f['tmp_name'], + $custom_name ?: $f['name'], + $note); + + if (!$upload_id) + return new RedirectResponse('/uploads/?error='.urlencode('failed to create upload')); + } + + return new RedirectResponse('/uploads/'); + } + +} \ No newline at end of file -- cgit v1.2.3