commit
ccf65e1899
10 changed files with 87 additions and 19 deletions
|
@ -104,7 +104,58 @@ class PagesAPI
|
||||||
case "delete":
|
case "delete":
|
||||||
case "create":
|
case "create":
|
||||||
case "write":
|
case "write":
|
||||||
$result = (new Book("../content/pages"))->editPage($task, $request);
|
$body = $request->getParsedBody();
|
||||||
|
$passed = true;
|
||||||
|
if (!isset($body["form_token"])) {
|
||||||
|
$result = [
|
||||||
|
"message" => "No form token. Not good, sport.",
|
||||||
|
"type" => "TASK_FORM_AUTH",
|
||||||
|
];
|
||||||
|
} else {
|
||||||
|
if ($body["form_token"] == Session::get("form_token")) {
|
||||||
|
//TODO: Verify form fields
|
||||||
|
$keys = [
|
||||||
|
"id",
|
||||||
|
"uuid",
|
||||||
|
"layout",
|
||||||
|
"current_title",
|
||||||
|
"content",
|
||||||
|
"title",
|
||||||
|
"created",
|
||||||
|
"slug",
|
||||||
|
"tags",
|
||||||
|
"menu",
|
||||||
|
"featured",
|
||||||
|
"published",
|
||||||
|
"form_token",
|
||||||
|
"feature_image",
|
||||||
|
];
|
||||||
|
|
||||||
|
foreach ($body as $key => $item) {
|
||||||
|
if (!in_array($key, $keys)) {
|
||||||
|
//found unnecessary key, so reject submission
|
||||||
|
$passed = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($passed) {
|
||||||
|
$result = (new Book("../content/pages"))->editPage(
|
||||||
|
$task,
|
||||||
|
$request
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
$result = [
|
||||||
|
"message" => "Form token, auth failed. Uh oh.",
|
||||||
|
"type" => "TASK_FORM_AUTH",
|
||||||
|
];
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$result = [
|
||||||
|
"message" => "Form token, auth failed. Uh oh.",
|
||||||
|
"type" => "TASK_FORM_AUTH",
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case "add-entry-image":
|
case "add-entry-image":
|
||||||
$result = ImagesAPI::uploadImage($request);
|
$result = ImagesAPI::uploadImage($request);
|
||||||
|
|
|
@ -101,6 +101,7 @@ class DashControl
|
||||||
"title" => "Fipamo | Edit Page",
|
"title" => "Fipamo | Edit Page",
|
||||||
"page" => (new Book("../content/pages"))->findPageById($uuid),
|
"page" => (new Book("../content/pages"))->findPageById($uuid),
|
||||||
"mode" => $mode,
|
"mode" => $mode,
|
||||||
|
"token" => Session::get("form_token"),
|
||||||
"status" => Session::active(),
|
"status" => Session::active(),
|
||||||
];
|
];
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -53,9 +53,12 @@ class Auth
|
||||||
time() + 3600,
|
time() + 3600,
|
||||||
"localhost"
|
"localhost"
|
||||||
); //expires in an hour
|
); //expires in an hour
|
||||||
|
|
||||||
|
$form_token = md5(uniqid(microtime(), true));
|
||||||
Session::start();
|
Session::start();
|
||||||
Session::set("member", $member);
|
Session::set("member", $member);
|
||||||
Session::set("token", $token);
|
Session::set("token", $token);
|
||||||
|
Session::set("form_token", $form_token);
|
||||||
|
|
||||||
$result = "good_login";
|
$result = "good_login";
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -148,7 +148,9 @@ class Book
|
||||||
"id" => $uuid,
|
"id" => $uuid,
|
||||||
];
|
];
|
||||||
|
|
||||||
//**just testing to see why indexing isn't working **
|
//TODO: When form submission is successful, make new form token
|
||||||
|
$form_token = md5(uniqid(microtime(), true));
|
||||||
|
Session::set("form_token", $form_token);
|
||||||
|
|
||||||
//once saved, update menu
|
//once saved, update menu
|
||||||
$body["path"] = $path;
|
$body["path"] = $path;
|
||||||
|
|
|
@ -8,6 +8,7 @@ class Session
|
||||||
private static $data = [
|
private static $data = [
|
||||||
"member" => "",
|
"member" => "",
|
||||||
"token" => "",
|
"token" => "",
|
||||||
|
"form_token" => "",
|
||||||
];
|
];
|
||||||
public static function start()
|
public static function start()
|
||||||
{
|
{
|
||||||
|
|
|
@ -101,6 +101,7 @@ class SetUp
|
||||||
|
|
||||||
$backup = $request->getUploadedFiles();
|
$backup = $request->getUploadedFiles();
|
||||||
$file = $backup["backup-upload"];
|
$file = $backup["backup-upload"];
|
||||||
|
$size = $file->getSize();
|
||||||
$name = $file->getClientFileName();
|
$name = $file->getClientFileName();
|
||||||
|
|
||||||
//park it so it can be read
|
//park it so it can be read
|
||||||
|
@ -128,11 +129,11 @@ class SetUp
|
||||||
|
|
||||||
//move to appropriate spots
|
//move to appropriate spots
|
||||||
/*
|
/*
|
||||||
rename(
|
rename(
|
||||||
"../content/settings/settings.json",
|
"../content/settings/settings.json",
|
||||||
"../config/settings.json"
|
"../config/settings.json"
|
||||||
);
|
);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
//load up old config file
|
//load up old config file
|
||||||
$newConfig = json_decode(
|
$newConfig = json_decode(
|
||||||
|
@ -151,15 +152,22 @@ class SetUp
|
||||||
|
|
||||||
rename("../content/settings/tags.json", "../config/tags.json");
|
rename("../content/settings/tags.json", "../config/tags.json");
|
||||||
|
|
||||||
rename(
|
//images path for blog and user
|
||||||
"../content/public/assets/images/blog",
|
$blogImagePath = "../public/assets/images/blog";
|
||||||
"../public/assets/images/blog"
|
$userImagePath = "../public/assets/images/user";
|
||||||
);
|
|
||||||
|
|
||||||
rename(
|
//check to see if image dirs are empty, if not chill
|
||||||
"../content/public/assets/images/user",
|
if ($globs = glob($blogImagePath . "/*")) {
|
||||||
"../public/assets/images/user"
|
//directory not empty, relax
|
||||||
);
|
} else {
|
||||||
|
rename("../content/public/assets/images/blog", $blogImagePath);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($globs = glob($userImagePath . "/*")) {
|
||||||
|
//directory not empty, relax
|
||||||
|
} else {
|
||||||
|
rename("../content/public/assets/images/user", $userImagePath);
|
||||||
|
}
|
||||||
|
|
||||||
rename("../content/content/pages/", "../content/pages");
|
rename("../content/content/pages/", "../content/pages");
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
<div id="dash-restore" class="dash-restore">
|
<div id="dash-restore" class="dash-restore">
|
||||||
<form id="init-restore">
|
<form id="init-restore">
|
||||||
<img id="the-logo" src="/assets/images/global/fipamo-logo.svg"/>
|
<img id="the-logo" src="/assets/images/global/fipamo-logo.svg"/>
|
||||||
<input type="text" name="restore_member_handle" id="restore_member_handle" placeholder="handle"/><input type="text" name="restore_member_pass" id="restore_member_pass" placeholder="password"/>
|
<input type="text" name="restore_member_handle" id="restore_member_handle" placeholder="handle"/><input type="password" name="restore_member_pass" id="restore_member_pass" placeholder="password"/>
|
||||||
<div>
|
<div>
|
||||||
<label>Grab your backup zip</label>
|
<label>Grab your backup zip</label>
|
||||||
<input id="backup-upload" type="file" name="backup-upload" placeholder="Backup Zip"/>
|
<input id="backup-upload" type="file" name="backup-upload" placeholder="Backup Zip"/>
|
||||||
|
|
|
@ -78,6 +78,7 @@
|
||||||
{% endapply %}
|
{% endapply %}
|
||||||
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
||||||
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
||||||
|
<input id="form_token" name="token" type="hidden" value="{{ token }}">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
6
public/assets/scripts/dash.min.js
vendored
6
public/assets/scripts/dash.min.js
vendored
File diff suppressed because one or more lines are too long
|
@ -217,6 +217,7 @@ class FipamoAdminAPI {
|
||||||
* @param {boolean} form[].menu - property that indicates page is included in site menu
|
* @param {boolean} form[].menu - property that indicates page is included in site menu
|
||||||
* @param {boolean} form[].featured - property that indicates page is featured
|
* @param {boolean} form[].featured - property that indicates page is featured
|
||||||
* @param {boolean} form[].published - property that indicates page is public
|
* @param {boolean} form[].published - property that indicates page is public
|
||||||
|
* @param {string} form[].form_token - hidden property to authenticate form submission
|
||||||
* @param {input} form[].feature_image - main image for page
|
* @param {input} form[].feature_image - main image for page
|
||||||
* @example
|
* @example
|
||||||
* api.pageActions(TASK, data).then(response=>{
|
* api.pageActions(TASK, data).then(response=>{
|
||||||
|
|
Loading…
Reference in a new issue