mirror of
				https://github.com/slawkens/myaac.git
				synced 2025-10-20 20:43:26 +02:00 
			
		
		
		
	Add verify to pages, add messages, limits, fix add
This commit is contained in:
		| @@ -18,13 +18,18 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) { | ||||
|  | ||||
| header('X-XSS-Protection:0'); | ||||
|  | ||||
| $name = $p_title = ''; | ||||
| $name = $p_title = null; | ||||
| $groups = new OTS_Groups_List(); | ||||
|  | ||||
| $php = false; | ||||
| $enable_tinymce = true; | ||||
| $access = 0; | ||||
|  | ||||
| // some constants, used mainly by database (cannot by modified without schema changes) | ||||
| define('PAGE_TITLE_LIMIT', 30); | ||||
| define('PAGE_NAME_LIMIT', 30); | ||||
| define('PAGE_BODY_LIMIT', 65535); // maximum page body length | ||||
|  | ||||
| if (!empty($action)) { | ||||
| 	if ($action == 'delete' || $action == 'edit' || $action == 'hide') | ||||
| 		$id = $_REQUEST['id']; | ||||
| @@ -50,12 +55,13 @@ if (!empty($action)) { | ||||
| 	$errors = array(); | ||||
| 	$player_id = 1; | ||||
|  | ||||
| 	if ($action == 'add') { | ||||
| 		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { | ||||
| 	if ($action == 'new') { | ||||
| 		if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { | ||||
| 			$name = $p_title = $body = ''; | ||||
| 			$player_id = $access = 0; | ||||
| 			$php = false; | ||||
| 			$enable_tinymce = true; | ||||
| 			success('Added successful.'); | ||||
| 		} | ||||
| 	} else if ($action == 'delete') { | ||||
| 		if (Pages::delete($id, $errors)) | ||||
| @@ -70,15 +76,18 @@ if (!empty($action)) { | ||||
| 			$enable_tinymce = $_page['enable_tinymce'] == '1'; | ||||
| 			$access = $_page['access']; | ||||
| 		} else { | ||||
| 			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access); | ||||
| 			$action = $name = $p_title = $body = ''; | ||||
| 			$player_id = 1; | ||||
| 			$access = 0; | ||||
| 			$php = false; | ||||
| 			$enable_tinymce = true; | ||||
| 			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access)) { | ||||
| 				$action = $name = $p_title = $body = ''; | ||||
| 				$player_id = 1; | ||||
| 				$access = 0; | ||||
| 				$php = false; | ||||
| 				$enable_tinymce = true; | ||||
| 				success("Updated successful."); | ||||
| 			} | ||||
| 		} | ||||
| 	} else if ($action == 'hide') { | ||||
| 		Pages::toggleHidden($id, $errors); | ||||
| 		Pages::toggleHidden($id, $errors, $status); | ||||
| 		success(($status == 1 ? 'Show' : 'Hide') . " successful."); | ||||
| 	} | ||||
|  | ||||
| 	if (!empty($errors)) | ||||
| @@ -117,6 +126,44 @@ $twig->display('admin.pages.html.twig', array( | ||||
|  | ||||
| class Pages | ||||
| { | ||||
| 	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) | ||||
| 	{ | ||||
| 		if(!isset($title[0]) || !isset($body[0])) { | ||||
| 			$errors[] = 'Please fill all inputs.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(strlen($name) > PAGE_NAME_LIMIT) { | ||||
| 			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(strlen($title) > PAGE_TITLE_LIMIT) { | ||||
| 			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(strlen($body) > PAGE_BODY_LIMIT) { | ||||
| 			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(!isset($player_id) || $player_id == 0) { | ||||
| 			$errors[] = 'Player ID is wrong.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(!isset($php) || ($php != 0 && $php != 1)) { | ||||
| 			$errors[] = 'Enable PHP is wrong.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) { | ||||
| 			$errors[] = 'Enable TinyMCE is wrong.'; | ||||
| 			return false; | ||||
| 		} | ||||
| 		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) { | ||||
| 			$errors[] = 'Access is wrong.'; | ||||
| 			return false; | ||||
| 		} | ||||
|  | ||||
| 		return true; | ||||
| 	} | ||||
|  | ||||
| 	static public function get($id) | ||||
| 	{ | ||||
| 		global $db; | ||||
| @@ -129,31 +176,36 @@ class Pages | ||||
|  | ||||
| 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) | ||||
| 	{ | ||||
| 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { | ||||
| 			return false; | ||||
| 		} | ||||
|  | ||||
| 		global $db; | ||||
| 		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) { | ||||
| 			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name)); | ||||
| 			if ($query === false) | ||||
| 				$db->insert(TABLE_PREFIX . 'pages', | ||||
| 					array( | ||||
| 						'name' => $name, | ||||
| 						'title' => $title, | ||||
| 						'body' => $body, | ||||
| 						'player_id' => $player_id, | ||||
| 						'php' => $php ? '1' : '0', | ||||
| 						'enable_tinymce' => $enable_tinymce ? '1' : '0', | ||||
| 						'access' => $access | ||||
| 					) | ||||
| 				); | ||||
| 			else | ||||
| 				$errors[] = 'Page with this link already exists.'; | ||||
| 		} else | ||||
| 			$errors[] = 'Please fill all inputs.'; | ||||
| 		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name)); | ||||
| 		if ($query === false) | ||||
| 			$db->insert(TABLE_PREFIX . 'pages', | ||||
| 				array( | ||||
| 					'name' => $name, | ||||
| 					'title' => $title, | ||||
| 					'body' => $body, | ||||
| 					'player_id' => $player_id, | ||||
| 					'php' => $php ? '1' : '0', | ||||
| 					'enable_tinymce' => $enable_tinymce ? '1' : '0', | ||||
| 					'access' => $access | ||||
| 				) | ||||
| 			); | ||||
| 		else | ||||
| 			$errors[] = 'Page with this link already exists.'; | ||||
|  | ||||
| 		return !count($errors); | ||||
| 	} | ||||
|  | ||||
| 	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access) | ||||
| 	{ | ||||
| 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { | ||||
| 			return false; | ||||
| 		} | ||||
|  | ||||
| 		global $db; | ||||
| 		$db->update(TABLE_PREFIX . 'pages', | ||||
| 			array( | ||||
| @@ -166,6 +218,8 @@ class Pages | ||||
| 				'access' => $access | ||||
| 			), | ||||
| 			array('id' => $id)); | ||||
|  | ||||
| 		return true; | ||||
| 	} | ||||
|  | ||||
| 	static public function delete($id, &$errors) | ||||
| @@ -182,15 +236,18 @@ class Pages | ||||
| 		return !count($errors); | ||||
| 	} | ||||
|  | ||||
| 	static public function toggleHidden($id, &$errors) | ||||
| 	static public function toggleHidden($id, &$errors, &$status) | ||||
| 	{ | ||||
| 		global $db; | ||||
| 		if (isset($id)) { | ||||
| 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id)); | ||||
| 			if ($query !== false) | ||||
| 			if ($query !== false) { | ||||
| 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id)); | ||||
| 			else | ||||
| 				$status = $query['hidden']; | ||||
| 			} | ||||
| 			else { | ||||
| 				$errors[] = 'Page with id ' . $id . ' does not exists.'; | ||||
| 			} | ||||
| 		} else | ||||
| 			$errors[] = 'id not set'; | ||||
|  | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
| 		<div class="card-header"> | ||||
| 			<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} page</h5> | ||||
| 		</div> | ||||
| 		<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}add{% endif %}"> | ||||
| 		<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}new{% endif %}"> | ||||
| 			{% if action == 'edit' %} | ||||
| 				<input type="hidden" name="id" value="{{ id }}"/> | ||||
| 			{% endif %} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 slawkens
					slawkens