commit
ccf65e1899
10 changed files with 87 additions and 19 deletions
|
@ -104,7 +104,58 @@ class PagesAPI
|
|||
case "delete":
|
||||
case "create":
|
||||
case "write":
|
||||
$result = (new Book("../content/pages"))->editPage($task, $request);
|
||||
$body = $request->getParsedBody();
|
||||
$passed = true;
|
||||
if (!isset($body["form_token"])) {
|
||||
$result = [
|
||||
"message" => "No form token. Not good, sport.",
|
||||
"type" => "TASK_FORM_AUTH",
|
||||
];
|
||||
} else {
|
||||
if ($body["form_token"] == Session::get("form_token")) {
|
||||
//TODO: Verify form fields
|
||||
$keys = [
|
||||
"id",
|
||||
"uuid",
|
||||
"layout",
|
||||
"current_title",
|
||||
"content",
|
||||
"title",
|
||||
"created",
|
||||
"slug",
|
||||
"tags",
|
||||
"menu",
|
||||
"featured",
|
||||
"published",
|
||||
"form_token",
|
||||
"feature_image",
|
||||
];
|
||||
|
||||
foreach ($body as $key => $item) {
|
||||
if (!in_array($key, $keys)) {
|
||||
//found unnecessary key, so reject submission
|
||||
$passed = false;
|
||||
}
|
||||
}
|
||||
if ($passed) {
|
||||
$result = (new Book("../content/pages"))->editPage(
|
||||
$task,
|
||||
$request
|
||||
);
|
||||
} else {
|
||||
$result = [
|
||||
"message" => "Form token, auth failed. Uh oh.",
|
||||
"type" => "TASK_FORM_AUTH",
|
||||
];
|
||||
}
|
||||
} else {
|
||||
$result = [
|
||||
"message" => "Form token, auth failed. Uh oh.",
|
||||
"type" => "TASK_FORM_AUTH",
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
case "add-entry-image":
|
||||
$result = ImagesAPI::uploadImage($request);
|
||||
|
|
|
@ -101,6 +101,7 @@ class DashControl
|
|||
"title" => "Fipamo | Edit Page",
|
||||
"page" => (new Book("../content/pages"))->findPageById($uuid),
|
||||
"mode" => $mode,
|
||||
"token" => Session::get("form_token"),
|
||||
"status" => Session::active(),
|
||||
];
|
||||
} else {
|
||||
|
|
|
@ -53,9 +53,12 @@ class Auth
|
|||
time() + 3600,
|
||||
"localhost"
|
||||
); //expires in an hour
|
||||
|
||||
$form_token = md5(uniqid(microtime(), true));
|
||||
Session::start();
|
||||
Session::set("member", $member);
|
||||
Session::set("token", $token);
|
||||
Session::set("form_token", $form_token);
|
||||
|
||||
$result = "good_login";
|
||||
} else {
|
||||
|
|
|
@ -148,7 +148,9 @@ class Book
|
|||
"id" => $uuid,
|
||||
];
|
||||
|
||||
//**just testing to see why indexing isn't working **
|
||||
//TODO: When form submission is successful, make new form token
|
||||
$form_token = md5(uniqid(microtime(), true));
|
||||
Session::set("form_token", $form_token);
|
||||
|
||||
//once saved, update menu
|
||||
$body["path"] = $path;
|
||||
|
|
|
@ -8,6 +8,7 @@ class Session
|
|||
private static $data = [
|
||||
"member" => "",
|
||||
"token" => "",
|
||||
"form_token" => "",
|
||||
];
|
||||
public static function start()
|
||||
{
|
||||
|
|
|
@ -101,6 +101,7 @@ class SetUp
|
|||
|
||||
$backup = $request->getUploadedFiles();
|
||||
$file = $backup["backup-upload"];
|
||||
$size = $file->getSize();
|
||||
$name = $file->getClientFileName();
|
||||
|
||||
//park it so it can be read
|
||||
|
@ -151,15 +152,22 @@ class SetUp
|
|||
|
||||
rename("../content/settings/tags.json", "../config/tags.json");
|
||||
|
||||
rename(
|
||||
"../content/public/assets/images/blog",
|
||||
"../public/assets/images/blog"
|
||||
);
|
||||
//images path for blog and user
|
||||
$blogImagePath = "../public/assets/images/blog";
|
||||
$userImagePath = "../public/assets/images/user";
|
||||
|
||||
rename(
|
||||
"../content/public/assets/images/user",
|
||||
"../public/assets/images/user"
|
||||
);
|
||||
//check to see if image dirs are empty, if not chill
|
||||
if ($globs = glob($blogImagePath . "/*")) {
|
||||
//directory not empty, relax
|
||||
} else {
|
||||
rename("../content/public/assets/images/blog", $blogImagePath);
|
||||
}
|
||||
|
||||
if ($globs = glob($userImagePath . "/*")) {
|
||||
//directory not empty, relax
|
||||
} else {
|
||||
rename("../content/public/assets/images/user", $userImagePath);
|
||||
}
|
||||
|
||||
rename("../content/content/pages/", "../content/pages");
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
<div id="dash-restore" class="dash-restore">
|
||||
<form id="init-restore">
|
||||
<img id="the-logo" src="/assets/images/global/fipamo-logo.svg"/>
|
||||
<input type="text" name="restore_member_handle" id="restore_member_handle" placeholder="handle"/><input type="text" name="restore_member_pass" id="restore_member_pass" placeholder="password"/>
|
||||
<input type="text" name="restore_member_handle" id="restore_member_handle" placeholder="handle"/><input type="password" name="restore_member_pass" id="restore_member_pass" placeholder="password"/>
|
||||
<div>
|
||||
<label>Grab your backup zip</label>
|
||||
<input id="backup-upload" type="file" name="backup-upload" placeholder="Backup Zip"/>
|
||||
|
|
|
@ -78,6 +78,7 @@
|
|||
{% endapply %}
|
||||
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
||||
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
||||
<input id="form_token" name="token" type="hidden" value="{{ token }}">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
6
public/assets/scripts/dash.min.js
vendored
6
public/assets/scripts/dash.min.js
vendored
File diff suppressed because one or more lines are too long
|
@ -217,6 +217,7 @@ class FipamoAdminAPI {
|
|||
* @param {boolean} form[].menu - property that indicates page is included in site menu
|
||||
* @param {boolean} form[].featured - property that indicates page is featured
|
||||
* @param {boolean} form[].published - property that indicates page is public
|
||||
* @param {string} form[].form_token - hidden property to authenticate form submission
|
||||
* @param {input} form[].feature_image - main image for page
|
||||
* @example
|
||||
* api.pageActions(TASK, data).then(response=>{
|
||||
|
|
Loading…
Reference in a new issue