mirror of
https://github.com/slawkens/myaac.git
synced 2025-10-14 09:44:55 +02:00
Admin panel: Pages csrf
This commit is contained in:
slawkens
134
system/src/Admin/Pages.php
Normal file
134
system/src/Admin/Pages.php
Normal file
@@ -0,0 +1,134 @@
|
||||
<?php
|
||||
namespace MyAAC\Admin;
|
||||
|
||||
use MyAAC\Models\Pages as ModelsPages;
|
||||
|
||||
class Pages
|
||||
{
|
||||
static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
|
||||
{
|
||||
if(!isset($title[0]) || !isset($body[0])) {
|
||||
$errors[] = 'Please fill all inputs.';
|
||||
return false;
|
||||
}
|
||||
if(strlen($name) > PAGE_NAME_LIMIT) {
|
||||
$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
|
||||
return false;
|
||||
}
|
||||
if(strlen($title) > PAGE_TITLE_LIMIT) {
|
||||
$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
|
||||
return false;
|
||||
}
|
||||
if(strlen($body) > PAGE_BODY_LIMIT) {
|
||||
$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($player_id) || $player_id == 0) {
|
||||
$errors[] = 'Player ID is wrong.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($php) || ($php != 0 && $php != 1)) {
|
||||
$errors[] = 'Enable PHP is wrong.';
|
||||
return false;
|
||||
}
|
||||
if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) {
|
||||
$errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable <strong>Enable PHP Pages</strong>.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
|
||||
$errors[] = 'Enable TinyMCE is wrong.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
|
||||
$errors[] = 'Access is wrong.';
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static public function get($id)
|
||||
{
|
||||
$row = ModelsPages::find($id);
|
||||
if ($row) {
|
||||
return $row->toArray();
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
|
||||
{
|
||||
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!ModelsPages::where('name', $name)->exists())
|
||||
ModelsPages::create([
|
||||
'name' => $name,
|
||||
'title' => $title,
|
||||
'body' => $body,
|
||||
'player_id' => $player_id,
|
||||
'php' => $php ? '1' : '0',
|
||||
'enable_tinymce' => $enable_tinymce ? '1' : '0',
|
||||
'access' => $access
|
||||
]);
|
||||
else
|
||||
$errors[] = 'Page with this link already exists.';
|
||||
|
||||
return !count($errors);
|
||||
}
|
||||
|
||||
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
|
||||
{
|
||||
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
ModelsPages::where('id', $id)->update([
|
||||
'name' => $name,
|
||||
'title' => $title,
|
||||
'body' => $body,
|
||||
'player_id' => $player_id,
|
||||
'php' => $php ? '1' : '0',
|
||||
'enable_tinymce' => $enable_tinymce ? '1' : '0',
|
||||
'access' => $access
|
||||
]);
|
||||
return true;
|
||||
}
|
||||
|
||||
static public function delete($id, &$errors)
|
||||
{
|
||||
if (isset($id)) {
|
||||
$row = ModelsPages::find($id);
|
||||
if ($row) {
|
||||
$row->delete();
|
||||
}
|
||||
else
|
||||
$errors[] = 'Page with id ' . $id . ' does not exists.';
|
||||
} else
|
||||
$errors[] = 'id not set';
|
||||
|
||||
return !count($errors);
|
||||
}
|
||||
|
||||
static public function toggleHidden($id, &$errors, &$status)
|
||||
{
|
||||
if (isset($id)) {
|
||||
$row = ModelsPages::find($id);
|
||||
if ($row) {
|
||||
$row->hidden = $row->hidden == 1 ? 0 : 1;
|
||||
if (!$row->save()) {
|
||||
$errors[] = 'Fail during toggle hidden Page.';
|
||||
}
|
||||
$status = $row->hidden;
|
||||
}
|
||||
else {
|
||||
$errors[] = 'Page with id ' . $id . ' does not exists.';
|
||||
}
|
||||
} else
|
||||
$errors[] = 'id not set';
|
||||
|
||||
return !count($errors);
|
||||
}
|
||||
}
|
||||
@@ -3,8 +3,9 @@
|
||||
<div class="card-header">
|
||||
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} page</h5>
|
||||
</div>
|
||||
<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}new{% endif %}">
|
||||
<form id="form" class="form-horizontal" method="post">
|
||||
{{ csrf() }}
|
||||
<input type="hidden" name="action" value="{{ action }}" />
|
||||
{% if action == 'edit' %}
|
||||
<input type="hidden" name="id" value="{{ id }}"/>
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
<div class="card card-info card-outline">
|
||||
<div class="card-header">
|
||||
<h5 class="m-0">Pages
|
||||
<a href="?p=pages&action=new" class="float-right"><span class="btn btn-sm btn-success">New</span></a></h5>
|
||||
<form method="post" class="float-right">
|
||||
{{ csrf() }}
|
||||
<input type="hidden" name="action" value="new" />
|
||||
<button type="submit" class="btn btn-sm btn-success">New</button>
|
||||
</form>
|
||||
</h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<table class="table table-striped table-bordered table-responsive d-md-table" id="tb_pages">
|
||||
@@ -21,15 +26,26 @@
|
||||
<td>{% if page.php %}Yes{% else %}No{% endif %}</td>
|
||||
<td>
|
||||
<div class="btn-group">
|
||||
<a href="?p=pages&action=edit&id={{ page.id }}" class="btn btn-success btn-sm" title="Edit">
|
||||
<i class="fas fa-pencil-alt"></i>
|
||||
</a>
|
||||
<a href="?p=pages&action=delete&id={{ page.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
|
||||
<i class="fas fa-trash"></i>
|
||||
</a>
|
||||
<a href="?p=pages&action=hide&id={{ page.id }}" class="btn btn-{{ (page.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if page.hidden != 1 %}Hide{% else %}Show{% endif %}">
|
||||
<i class="fas fa-eye{{ (page.hidden != 1) ? '' : '-slash' }}"></i>
|
||||
</a>
|
||||
<form method="post">
|
||||
{{ csrf() }}
|
||||
<input type="hidden" name="action" value="edit" />
|
||||
<input type="hidden" name="id" value="{{ page.id }}" />
|
||||
<button type="submit" class="btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></button>
|
||||
</form>
|
||||
|
||||
<form method="post">
|
||||
{{ csrf() }}
|
||||
<input type="hidden" name="action" value="delete" />
|
||||
<input type="hidden" name="id" value="{{ page.id }}" />
|
||||
<button type="submit" class="btn btn-danger btn-sm" title="Delete" onclick="return confirm('Are you sure?');"><i class="fas fa-pencil-alt"></i></button>
|
||||
</form>
|
||||
|
||||
<form method="post">
|
||||
{{ csrf() }}
|
||||
<input type="hidden" name="action" value="hide" />
|
||||
<input type="hidden" name="id" value="{{ page.id }}" />
|
||||
<button type="submit" class="btn btn-{{ (page.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if page.hidden != 1 %}Hide{% else %}Show{% endif %}"><i class="fas fa-eye{{ (log.hidden != 1) ? '' : '-slash' }}"></i></button>
|
||||
</form>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
Reference in New Issue
Block a user