Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor admin newses + add csrf

Browse Source
This commit is contained in:
slawkens 2023-11-11 07:22:43 +01:00
parent 5578dbaa83
commit f27172691c
7 changed files with 121 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
admin/pages/news.php
View File

@ -32,19 +32,20 @@ const ARTICLE_TEXT_LIMIT = 300;
const ARTICLE_IMAGE_LIMIT = 100; const ARTICLE_IMAGE_LIMIT = 100;
$name = $p_title = ''; $name = $p_title = '';
$action = $_POST['action'] ?? '';
if(!empty($action)) if(!empty($action))
{ {
$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null; $id = $_POST['id'] ?? null;
$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null; $p_title = $_POST['title'] ?? null;
$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null; $body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null; $comments = $_POST['comments'] ?? null;
$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null; $type = isset($_POST['type']) ? (int)$_POST['type'] : 1;
$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null; $category = isset($_POST['category']) ? (int)$_POST['category'] : null;
$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null; $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null; $article_text = $_POST['article_text'] ?? null;
$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null; $article_image = $_POST['article_image'] ?? null;
$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null; $forum_section = $_POST['forum_section'] ?? null;
$errors = array(); $errors = [];
if($action == 'new') { if($action == 'new') {
if(isset($forum_section) && $forum_section != '-1') { if(isset($forum_section) && $forum_section != '-1') {
@ -92,7 +93,7 @@ if(!empty($action))
} }
else if($action == 'hide') { else if($action == 'hide') {
if (News::toggleHidden($id, $errors, $status)) { if (News::toggleHidden($id, $errors, $status)) {
success(($status == 1 ? 'Show' : 'Hide') . ' successful.'); success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
} }
} }
@ -119,12 +120,10 @@ if($action == 'edit' || $action == 'new') {
$account_players->orderBy('group_id', POT::ORDER_DESC); $account_players->orderBy('group_id', POT::ORDER_DESC);
$twig->display('admin.news.form.html.twig', array( $twig->display('admin.news.form.html.twig', array(
'action' => $action, 'action' => $action,
'news_link' => getLink(PAGE),
'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
'news_id' => $id ?? null, 'news_id' => $id ?? null,
'title' => $p_title ?? '', 'title' => $p_title ?? '',
'body' => isset($body) ? escapeHtml($body) : '', 'body' => isset($body) ? escapeHtml($body) : '',
'type' => $type ?? null, 'type' => $type,
'player' => isset($player) && $player->isLoaded() ? $player : null, 'player' => isset($player) && $player->isLoaded() ? $player : null,
'player_id' => $player_id ?? null, 'player_id' => $player_id ?? null,
'account_players' => $account_players, 'account_players' => $account_players,

25
system/pages/news.php
View File

@ -13,6 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
require_once LIBS . 'forum.php'; require_once LIBS . 'forum.php';
require_once LIBS . 'news.php'; require_once LIBS . 'news.php';
$canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
if(isset($_GET['archive'])) if(isset($_GET['archive']))
{ {
$title = 'News Archive'; $title = 'News Archive';
@ -57,9 +58,14 @@ if(isset($_GET['archive']))
} }
} }
$admin_options = '';
if($canEdit) {
$admin_options = $twig->render('admin.links.html.twig', ['page' => 'news', 'id' => $news['id'], 'hidden' => $news['hidden']]);
}
$twig->display('news.html.twig', array( $twig->display('news.html.twig', array(
'title' => stripslashes($news['title']), 'title' => stripslashes($news['title']),
'content' => $content_, 'content' => $content_ . $admin_options,
'date' => $news['date'], 'date' => $news['date'],
'icon' => $categories[$news['category']]['icon_id'], 'icon' => $categories[$news['category']]['icon_id'],
'author' => setting('core.news_author') ? $author : '', 'author' => setting('core.news_author') ? $author : '',
@ -81,7 +87,7 @@ if(isset($_GET['archive']))
foreach($news_DB as $news) foreach($news_DB as $news)
{ {
$newses[] = array( $newses[] = array(
'link' => getLink('news') . '/archive/' . $news['id'], 'link' => getLink('news') . '/' . $news['id'],
'icon_id' => $categories[$news['category']]['icon_id'], 'icon_id' => $categories[$news['category']]['icon_id'],
'title' => stripslashes($news['title']), 'title' => stripslashes($news['title']),
'date' => $news['date'] 'date' => $news['date']
@ -99,7 +105,6 @@ header('X-XSS-Protection: 0');
$title = 'Latest News'; $title = 'Latest News';
$cache = Cache::getInstance(); $cache = Cache::getInstance();
$canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
$news_cached = false; $news_cached = false;
if($cache->enabled()) if($cache->enabled())
@ -180,18 +185,8 @@ if(!$news_cached)
} }
$admin_options = ''; $admin_options = '';
if($canEdit) if($canEdit) {
{ $admin_options = $twig->render('admin.links.html.twig', ['page' => 'news', 'id' => $news['id'], 'hidden' => $news['hidden']]);
$admin_options = '<br/><br/><a target="_blank" rel="noopener noreferrer" href="' . ADMIN_URL . '?p=news&action=edit&id=' . $news['id'] . '" title="Edit">
<img src="images/edit.png"/>Edit
</a>
<a id="delete" target="_blank" rel="noopener noreferrer" href="' . ADMIN_URL . '?p=news&action=delete&id=' . $news['id'] . '" onclick="return confirm(\'Are you sure?\');" title="Delete">
<img src="images/del.png"/>Delete
</a>
<a target="_blank" rel="noopener noreferrer" href="' . ADMIN_URL . '?p=news&action=hide&id=' . $news['id'] . '" title="' . ($news['hidden'] != 1 ? 'Hide' : 'Show') . '">
<img src="images/' . ($news['hidden'] != 1 ? 'success' : 'error') . '.png"/>
' . ($news['hidden'] != 1 ? 'Hide' : 'Show') . '
</a>';
} }
$content_ = $news['body']; $content_ = $news['body'];

22
system/templates/admin.links.html.twig Normal file
View File

@ -0,0 +1,22 @@
<br/><br/>
<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" class="btn btn-success btn-sm" title="Edit"><img src="images/edit.png"/> Edit</button>
</form>
<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete"><img src="images/del.png"/>Delete</button>
</form>
<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="hide" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" class="btn btn-{{ (hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if hidden != 1 %}Hide{% else %}Show{% endif %}"><img src="images/{{ hidden != 1 ? 'success' : 'error' }}.png"/>{{ hidden != 1 ? 'Hide' : 'Show' }}</button>
</form>

13
system/templates/admin.news.form.html.twig
View File

@ -1,10 +1,11 @@
{% if action %} {% if action %}
<div class="card card-info card-outline"> <div class="card card-info card-outline">
<div class="card-header"> <div class="card-header">
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} news</h5> <h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} {% if type == constant('NEWS') %}News{% elseif type == constant('TICKER') %}Ticker{% else %}Article{% endif %}</h5>
</div> </div>
<form id="form" role="form" method="post" action="{{ news_link_form }}"> <form id="form" role="form" method="post">
{{ csrf() }} {{ csrf() }}
<input type="hidden" name="action" value="{{ action == 'edit' ? 'edit' : 'new' }}" />
<div class="card-body " id="page-edit-table"> <div class="card-body " id="page-edit-table">
{% if action == 'edit' %} {% if action == 'edit' %}
<input type="hidden" name="id" value="{{ news_id }}"/> <input type="hidden" name="id" value="{{ news_id }}"/>
@ -23,9 +24,9 @@
<div class="form-group row"> <div class="form-group row">
<label for="select-type">Type</label> <label for="select-type">Type</label>
<select class="form-control" name="type" id="select-type"> <select class="form-control" name="type" id="select-type">
<option value="{{ constant('NEWS') }}" {% if type is defined and type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option> <option value="{{ constant('NEWS') }}" {% if type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
<option value="{{ constant('TICKER') }}" {% if type is defined and type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option> <option value="{{ constant('TICKER') }}" {% if type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option>
<option value="{{ constant('ARTICLE') }}" {% if type is defined and type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option> <option value="{{ constant('ARTICLE') }}" {% if type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
</select> </select>
</div> </div>
@ -86,7 +87,7 @@
</div> </div>
</div> </div>
<div class="card-footer"> <div class="card-footer">
<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button> <button type="submit" class="btn btn-info"><i class="fas fa-update"></i> {{ action == 'edit' ? 'Update' : 'Add' }}</button>
<button type="button" onclick="window.location = '{{ constant('ADMIN_URL') }}?p=news';" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</button> <button type="button" onclick="window.location = '{{ constant('ADMIN_URL') }}?p=news';" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</button>
</div> </div>
</form> </form>

136
system/templates/admin.news.html.twig
View File

@ -1,136 +1,6 @@
<div class="card card-info card-outline"> {{ include('admin.news.table.html.twig', {type: 1, title: 'News'}) }}
<div class="card-header"> {{ include('admin.news.table.html.twig', {type: 2, title: 'Tickers'}) }}
<h5 class="m-0">News: {{ include('admin.news.table.html.twig', {type: 3, title: 'Articles'}) }}
<a href="?p=news&action=new&type=1" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for news in newses[constant('NEWS')] %}
<tr>
<td>{{ news.id|raw }}</td>
<td><i><a href="?p=news&action=edit&id={{ news.id }}">{{ news.title }}</a></i></td>
<td>{{ news.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" rel="noopener noreferrer" href="{{ news.player_link }}">{{ news.player_name }}</a></td>
<td>
<div class="btn-group">
<a href="?p=news&action=edit&id={{ news.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=news&action=delete&id={{ news.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=news&action=hide&id={{ news.id }}" class="btn btn-{{ (news.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if news.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (news.hidden != 1) ? '' : '-slash' }}"></i>
</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Tickers:
<a href="?p=news&action=new&type=2" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for ticker in newses[constant('TICKER')] %}
<tr>
<td>{{ ticker.id|raw }}</td>
<td><i><a href="?p=news&action=edit&id={{ ticker.id }}">{{ ticker.title }}</a></i></td>
<td>{{ ticker.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" rel="noopener noreferrer" href="{{ ticker.player_link }}">{{ ticker.player_name }}</a></td>
<td>
<div class="btn-group">
<a href="?p=news&action=edit&id={{ ticker.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=news&action=delete&id={{ ticker.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=news&action=hide&id={{ ticker.id }}" class="btn btn-{{ (ticker.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if ticker.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (ticker.hidden != 1) ? '' : '-slash' }}"></i>
</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Articles: <a href="?p=news&action=new&type=3" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for article in newses[constant('ARTICLE')] %}
<tr>
<td>{{ article.id|raw }}</td>
<td><i><a href="?p=news&action=edit&id={{ article.id }}">{{ article.title }}</a></i></td>
<td>{{ article.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" rel="noopener noreferrer" href="{{ article.player_link }}">{{ article.player_name }}</a></td>
<td>
<div class="btn-group">
<a href="?p=news&action=edit&id={{ article.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=news&action=delete&id={{ article.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=news&action=hide&id={{ article.id }}" class="btn btn-{{ (article.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if article.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (article.hidden != 1) ? '' : '-slash' }}"></i>
</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<script> <script>
$(function () { $(function () {

64
system/templates/admin.news.table.html.twig Normal file
View File

@ -0,0 +1,64 @@
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">{{ title }}:
<form method="post" class="float-right">
{{ csrf() }}
<input type="hidden" name="action" value="new" />
<input type="hidden" name="type" value="{{ type }}" />
<button type="submit" class="btn btn-sm btn-success">New</button>
</form>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for news in newses[type] %}
<tr>
<td>{{ news.id|raw }}</td>
<td>
<i>
<a href="{{ getLink('news') }}/{{ news.id }}" target="_blank">{{ news.title }}</a>
</i>
</td>
<td>{{ news.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" href="{{ news.player_link }}">{{ news.player_name }}</a></td>
<td>
<div class="btn-group">
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="{{ news.id }}" />
<button type="submit" class="btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="{{ news.id }}" />
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete"><i class="fas fa-trash"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="hide" />
<input type="hidden" name="id" value="{{ news.id }}" />
<button type="submit" class="btn btn-{{ (news.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if news.hidden != 1 %}Hide{% else %}Show{% endif %}"><i class="fas fa-eye{{ (news.hidden != 1) ? '' : '-slash' }}"></i></button>
</form>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>

11
templates/tibiacom/news.featured_article.html.twig
View File

@ -20,16 +20,7 @@
<b> <b>
<p>{{ article.title|raw }} <p>{{ article.title|raw }}
{% if canEdit %} {% if canEdit %}
<a href="{{ constant('ADMIN_URL') }}?p=news&action=edit&id={{ article.id }}" title="Edit"> {{ include('admin.links.html.twig', {page: 'news', id: article.id, hidden: article.hidden }) }}
<img src="images/edit.png"/>Edit
</a>
<a id="delete" href="{{ constant('ADMIN_URL') }}?p=news&action=delete&id={{ article.id }}" onclick="return confirm('Are you sure?');" title="Delete">
<img src="images/del.png"/>Delete
</a>
<a href="{{ constant('ADMIN_URL') }}?p=news&action=hide&id={{ article.id }}" title="{% if article.hidden != 1 %}Hide{% else %}Show{% endif %}">
<img src="images/{% if article.hidden != 1 %}success{% else %}error{% endif %}.png"/>
{% if article.hidden != 1 %}Hide{% else %}Show{% endif %}
</a>
{% endif %} {% endif %}
</p> </p>
</b> </b>