Refactor admin newses + add csrf

system/templates/admin.links.html.twig

@@ -0,0 +1,22 @@
+<br/><br/>
+
+<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
+	{{ csrf() }}
+	<input type="hidden" name="action" value="edit" />
+	<input type="hidden" name="id" value="{{ id }}" />
+	<button type="submit" class="btn btn-success btn-sm" title="Edit"><img src="images/edit.png"/> Edit</button>
+</form>
+
+<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
+	{{ csrf() }}
+	<input type="hidden" name="action" value="delete" />
+	<input type="hidden" name="id" value="{{ id }}" />
+	<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete"><img src="images/del.png"/>Delete</button>
+</form>
+
+<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
+	{{ csrf() }}
+	<input type="hidden" name="action" value="hide" />
+	<input type="hidden" name="id" value="{{ id }}" />
+	<button type="submit" class="btn btn-{{ (hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if hidden != 1 %}Hide{% else %}Show{% endif %}"><img src="images/{{ hidden != 1 ? 'success' : 'error' }}.png"/>{{ hidden != 1 ? 'Hide' : 'Show' }}</button>
+</form>

system/templates/admin.news.form.html.twig

@@ -1,10 +1,11 @@
 {% if action %}
 	<div class="card card-info card-outline">
 		<div class="card-header">
-			<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} news</h5>
+			<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} {% if type == constant('NEWS') %}News{% elseif type == constant('TICKER') %}Ticker{% else %}Article{% endif %}</h5>
 		</div>
-		<form id="form" role="form" method="post" action="{{ news_link_form }}">
+		<form id="form" role="form" method="post">
 			{{ csrf() }}
+			<input type="hidden" name="action" value="{{ action == 'edit' ? 'edit' : 'new' }}" />
 			<div class="card-body " id="page-edit-table">
 				{% if action == 'edit' %}
 					<input type="hidden" name="id" value="{{ news_id }}"/>
@@ -23,9 +24,9 @@
 				<div class="form-group row">
 					<label for="select-type">Type</label>
 					<select class="form-control" name="type" id="select-type">
-						<option value="{{ constant('NEWS') }}" {% if type is defined and type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
-						<option value="{{ constant('TICKER') }}" {% if type is defined and type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option>
-						<option value="{{ constant('ARTICLE') }}" {% if type is defined and type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
+						<option value="{{ constant('NEWS') }}" {% if type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
+						<option value="{{ constant('TICKER') }}" {% if type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option>
+						<option value="{{ constant('ARTICLE') }}" {% if type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
 					</select>
 				</div>
 
@@ -86,7 +87,7 @@
 				</div>
 			</div>
 			<div class="card-footer">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
+				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> {{ action == 'edit' ? 'Update' : 'Add' }}</button>
 				<button type="button" onclick="window.location = '{{ constant('ADMIN_URL') }}?p=news';" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</button>
 			</div>
 		</form>

system/templates/admin.news.html.twig

@@ -1,136 +1,6 @@
-<div class="card card-info card-outline">
-	<div class="card-header">
-		<h5 class="m-0">News:
-			<a href="?p=news&action=new&type=1" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
-		</h5>
-	</div>
-
-	<div class="card-body">
-		<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
-			<thead>
-			<tr>
-				<th width="5%">ID</th>
-				<th>Title</th>
-				<th>Date</th>
-				<th>Player</th>
-				<th style="width: 150px;">Options</th>
-			</tr>
-			</thead>
-			<tbody>
-			{% for news in newses[constant('NEWS')] %}
-				<tr>
-					<td>{{ news.id|raw }}</td>
-					<td><i><a href="?p=news&action=edit&id={{ news.id }}">{{ news.title }}</a></i></td>
-					<td>{{ news.date|date(setting('core.news_date_format')) }}</td>
-					<td><a target="_blank" rel="noopener noreferrer" href="{{ news.player_link }}">{{ news.player_name }}</a></td>
-					<td>
-						<div class="btn-group">
-							<a href="?p=news&action=edit&id={{ news.id }}" class="btn btn-success btn-sm" title="Edit">
-								<i class="fas fa-pencil-alt"></i>
-							</a>
-							<a href="?p=news&action=delete&id={{ news.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
-								<i class="fas fa-trash"></i>
-							</a>
-							<a href="?p=news&action=hide&id={{ news.id }}" class="btn btn-{{ (news.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if news.hidden != 1 %}Hide{% else %}Show{% endif %}">
-								<i class="fas fa-eye{{ (news.hidden != 1) ? '' : '-slash' }}"></i>
-							</a>
-						</div>
-					</td>
-				</tr>
-			{% endfor %}
-			</tbody>
-		</table>
-	</div>
-</div>
-
-<div class="card card-info card-outline">
-	<div class="card-header">
-		<h5 class="m-0">Tickers:
-			<a href="?p=news&action=new&type=2" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
-		</h5>
-	</div>
-
-	<div class="card-body">
-		<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
-			<thead>
-			<tr>
-				<th width="5%">ID</th>
-				<th>Title</th>
-				<th>Date</th>
-				<th>Player</th>
-				<th style="width: 150px;">Options</th>
-			</tr>
-			</thead>
-			<tbody>
-			{% for ticker in newses[constant('TICKER')] %}
-				<tr>
-					<td>{{ ticker.id|raw }}</td>
-					<td><i><a href="?p=news&action=edit&id={{ ticker.id }}">{{ ticker.title }}</a></i></td>
-					<td>{{ ticker.date|date(setting('core.news_date_format')) }}</td>
-					<td><a target="_blank" rel="noopener noreferrer" href="{{ ticker.player_link }}">{{ ticker.player_name }}</a></td>
-					<td>
-						<div class="btn-group">
-							<a href="?p=news&action=edit&id={{ ticker.id }}" class="btn btn-success btn-sm" title="Edit">
-								<i class="fas fa-pencil-alt"></i>
-							</a>
-							<a href="?p=news&action=delete&id={{ ticker.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
-								<i class="fas fa-trash"></i>
-							</a>
-							<a href="?p=news&action=hide&id={{ ticker.id }}" class="btn btn-{{ (ticker.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if ticker.hidden != 1 %}Hide{% else %}Show{% endif %}">
-								<i class="fas fa-eye{{ (ticker.hidden != 1) ? '' : '-slash' }}"></i>
-							</a>
-						</div>
-					</td>
-				</tr>
-			{% endfor %}
-			</tbody>
-		</table>
-	</div>
-</div>
-
-<div class="card card-info card-outline">
-	<div class="card-header">
-		<h5 class="m-0">Articles: <a href="?p=news&action=new&type=3" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
-		</h5>
-	</div>
-
-	<div class="card-body">
-		<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
-			<thead>
-			<tr>
-				<th width="5%">ID</th>
-				<th>Title</th>
-				<th>Date</th>
-				<th>Player</th>
-				<th style="width: 150px;">Options</th>
-			</tr>
-			</thead>
-			<tbody>
-			{% for article in newses[constant('ARTICLE')] %}
-				<tr>
-					<td>{{ article.id|raw }}</td>
-					<td><i><a href="?p=news&action=edit&id={{ article.id }}">{{ article.title }}</a></i></td>
-					<td>{{ article.date|date(setting('core.news_date_format')) }}</td>
-					<td><a target="_blank" rel="noopener noreferrer" href="{{ article.player_link }}">{{ article.player_name }}</a></td>
-					<td>
-						<div class="btn-group">
-							<a href="?p=news&action=edit&id={{ article.id }}" class="btn btn-success btn-sm" title="Edit">
-								<i class="fas fa-pencil-alt"></i>
-							</a>
-							<a href="?p=news&action=delete&id={{ article.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
-								<i class="fas fa-trash"></i>
-							</a>
-							<a href="?p=news&action=hide&id={{ article.id }}" class="btn btn-{{ (article.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if article.hidden != 1 %}Hide{% else %}Show{% endif %}">
-								<i class="fas fa-eye{{ (article.hidden != 1) ? '' : '-slash' }}"></i>
-							</a>
-						</div>
-					</td>
-				</tr>
-			{% endfor %}
-			</tbody>
-		</table>
-	</div>
-</div>
+{{ include('admin.news.table.html.twig', {type: 1, title: 'News'}) }}
+{{ include('admin.news.table.html.twig', {type: 2, title: 'Tickers'}) }}
+{{ include('admin.news.table.html.twig', {type: 3, title: 'Articles'}) }}
 
 <script>
 	$(function () {

system/templates/admin.news.table.html.twig

@@ -0,0 +1,64 @@
+<div class="card card-info card-outline">
+	<div class="card-header">
+		<h5 class="m-0">{{ title }}:
+			<form method="post" class="float-right">
+				{{ csrf() }}
+				<input type="hidden" name="action" value="new" />
+				<input type="hidden" name="type" value="{{ type }}" />
+				<button type="submit" class="btn btn-sm btn-success">New</button>
+			</form>
+		</h5>
+	</div>
+
+	<div class="card-body">
+		<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
+			<thead>
+			<tr>
+				<th width="5%">ID</th>
+				<th>Title</th>
+				<th>Date</th>
+				<th>Player</th>
+				<th style="width: 150px;">Options</th>
+			</tr>
+			</thead>
+			<tbody>
+			{% for news in newses[type] %}
+				<tr>
+					<td>{{ news.id|raw }}</td>
+					<td>
+						<i>
+							<a href="{{ getLink('news') }}/{{ news.id }}" target="_blank">{{ news.title }}</a>
+						</i>
+					</td>
+					<td>{{ news.date|date(setting('core.news_date_format')) }}</td>
+					<td><a target="_blank" href="{{ news.player_link }}">{{ news.player_name }}</a></td>
+					<td>
+						<div class="btn-group">
+							<form method="post">
+								{{ csrf() }}
+								<input type="hidden" name="action" value="edit" />
+								<input type="hidden" name="id" value="{{ news.id }}" />
+								<button type="submit" class="btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></button>
+							</form>
+
+							<form method="post">
+								{{ csrf() }}
+								<input type="hidden" name="action" value="delete" />
+								<input type="hidden" name="id" value="{{ news.id }}" />
+								<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete"><i class="fas fa-trash"></i></button>
+							</form>
+
+							<form method="post">
+								{{ csrf() }}
+								<input type="hidden" name="action" value="hide" />
+								<input type="hidden" name="id" value="{{ news.id }}" />
+								<button type="submit" class="btn btn-{{ (news.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if news.hidden != 1 %}Hide{% else %}Show{% endif %}"><i class="fas fa-eye{{ (news.hidden != 1) ? '' : '-slash' }}"></i></button>
+							</form>
+						</div>
+					</td>
+				</tr>
+			{% endfor %}
+			</tbody>
+		</table>
+	</div>
+</div>