mirror of
https://github.com/slawkens/myaac.git
synced 2025-06-17 18:24:33 +02:00
Add verify to pages, add messages, limits, fix add
This commit is contained in:
slawkens
parent
c1eb7d4f52
commit
958681bdc9
@ -18,13 +18,18 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
|
||||
|
||||
header('X-XSS-Protection:0');
|
||||
|
||||
$name = $p_title = '';
|
||||
$name = $p_title = null;
|
||||
$groups = new OTS_Groups_List();
|
||||
|
||||
$php = false;
|
||||
$enable_tinymce = true;
|
||||
$access = 0;
|
||||
|
||||
// some constants, used mainly by database (cannot by modified without schema changes)
|
||||
define('PAGE_TITLE_LIMIT', 30);
|
||||
define('PAGE_NAME_LIMIT', 30);
|
||||
define('PAGE_BODY_LIMIT', 65535); // maximum page body length
|
||||
|
||||
if (!empty($action)) {
|
||||
if ($action == 'delete' || $action == 'edit' || $action == 'hide')
|
||||
$id = $_REQUEST['id'];
|
||||
@ -50,12 +55,13 @@ if (!empty($action)) {
|
||||
$errors = array();
|
||||
$player_id = 1;
|
||||
|
||||
if ($action == 'add') {
|
||||
if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
if ($action == 'new') {
|
||||
if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
$name = $p_title = $body = '';
|
||||
$player_id = $access = 0;
|
||||
$php = false;
|
||||
$enable_tinymce = true;
|
||||
success('Added successful.');
|
||||
}
|
||||
} else if ($action == 'delete') {
|
||||
if (Pages::delete($id, $errors))
|
||||
@ -70,15 +76,18 @@ if (!empty($action)) {
|
||||
$enable_tinymce = $_page['enable_tinymce'] == '1';
|
||||
$access = $_page['access'];
|
||||
} else {
|
||||
Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
|
||||
$action = $name = $p_title = $body = '';
|
||||
$player_id = 1;
|
||||
$access = 0;
|
||||
$php = false;
|
||||
$enable_tinymce = true;
|
||||
if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access)) {
|
||||
$action = $name = $p_title = $body = '';
|
||||
$player_id = 1;
|
||||
$access = 0;
|
||||
$php = false;
|
||||
$enable_tinymce = true;
|
||||
success("Updated successful.");
|
||||
}
|
||||
}
|
||||
} else if ($action == 'hide') {
|
||||
Pages::toggleHidden($id, $errors);
|
||||
Pages::toggleHidden($id, $errors, $status);
|
||||
success(($status == 1 ? 'Show' : 'Hide') . " successful.");
|
||||
}
|
||||
|
||||
if (!empty($errors))
|
||||
@ -117,6 +126,44 @@ $twig->display('admin.pages.html.twig', array(
|
||||
|
||||
class Pages
|
||||
{
|
||||
static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
|
||||
{
|
||||
if(!isset($title[0]) || !isset($body[0])) {
|
||||
$errors[] = 'Please fill all inputs.';
|
||||
return false;
|
||||
}
|
||||
if(strlen($name) > PAGE_NAME_LIMIT) {
|
||||
$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
|
||||
return false;
|
||||
}
|
||||
if(strlen($title) > PAGE_TITLE_LIMIT) {
|
||||
$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
|
||||
return false;
|
||||
}
|
||||
if(strlen($body) > PAGE_BODY_LIMIT) {
|
||||
$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($player_id) || $player_id == 0) {
|
||||
$errors[] = 'Player ID is wrong.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($php) || ($php != 0 && $php != 1)) {
|
||||
$errors[] = 'Enable PHP is wrong.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
|
||||
$errors[] = 'Enable TinyMCE is wrong.';
|
||||
return false;
|
||||
}
|
||||
if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
|
||||
$errors[] = 'Access is wrong.';
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static public function get($id)
|
||||
{
|
||||
global $db;
|
||||
@ -129,31 +176,36 @@ class Pages
|
||||
|
||||
static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
|
||||
{
|
||||
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
global $db;
|
||||
if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
|
||||
$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
|
||||
if ($query === false)
|
||||
$db->insert(TABLE_PREFIX . 'pages',
|
||||
array(
|
||||
'name' => $name,
|
||||
'title' => $title,
|
||||
'body' => $body,
|
||||
'player_id' => $player_id,
|
||||
'php' => $php ? '1' : '0',
|
||||
'enable_tinymce' => $enable_tinymce ? '1' : '0',
|
||||
'access' => $access
|
||||
)
|
||||
);
|
||||
else
|
||||
$errors[] = 'Page with this link already exists.';
|
||||
} else
|
||||
$errors[] = 'Please fill all inputs.';
|
||||
$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
|
||||
if ($query === false)
|
||||
$db->insert(TABLE_PREFIX . 'pages',
|
||||
array(
|
||||
'name' => $name,
|
||||
'title' => $title,
|
||||
'body' => $body,
|
||||
'player_id' => $player_id,
|
||||
'php' => $php ? '1' : '0',
|
||||
'enable_tinymce' => $enable_tinymce ? '1' : '0',
|
||||
'access' => $access
|
||||
)
|
||||
);
|
||||
else
|
||||
$errors[] = 'Page with this link already exists.';
|
||||
|
||||
return !count($errors);
|
||||
}
|
||||
|
||||
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
|
||||
{
|
||||
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
global $db;
|
||||
$db->update(TABLE_PREFIX . 'pages',
|
||||
array(
|
||||
@ -166,6 +218,8 @@ class Pages
|
||||
'access' => $access
|
||||
),
|
||||
array('id' => $id));
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static public function delete($id, &$errors)
|
||||
@ -182,15 +236,18 @@ class Pages
|
||||
return !count($errors);
|
||||
}
|
||||
|
||||
static public function toggleHidden($id, &$errors)
|
||||
static public function toggleHidden($id, &$errors, &$status)
|
||||
{
|
||||
global $db;
|
||||
if (isset($id)) {
|
||||
$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
|
||||
if ($query !== false)
|
||||
if ($query !== false) {
|
||||
$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
|
||||
else
|
||||
$status = $query['hidden'];
|
||||
}
|
||||
else {
|
||||
$errors[] = 'Page with id ' . $id . ' does not exists.';
|
||||
}
|
||||
} else
|
||||
$errors[] = 'id not set';
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<div class="card-header">
|
||||
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} page</h5>
|
||||
</div>
|
||||
<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}add{% endif %}">
|
||||
<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}new{% endif %}">
|
||||
{% if action == 'edit' %}
|
||||
<input type="hidden" name="id" value="{{ id }}"/>
|
||||
{% endif %}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user