Wide ranging updates to most areas of the system
This commit is contained in:
parent
f7da5f4969
commit
136e826e95
|
@ -1,2 +1,3 @@
|
|||
posts/*
|
||||
media/*
|
||||
blog_pass_hash.txt
|
||||
|
|
91
admin.php
91
admin.php
|
@ -1,20 +1,20 @@
|
|||
<?php
|
||||
$logged_in = $_COOKIE["checkin"] ?? null;
|
||||
if ( !$logged_in || $logged_in != "waiting for expiry" ) {
|
||||
header("Location: /blog_log.php");
|
||||
die();
|
||||
}
|
||||
include_once "logcheck.php";
|
||||
$post_success = $_GET["success"] ?? null;
|
||||
|
||||
// Get the file list
|
||||
$files = array_values( array_diff( scandir( "./posts" ), array('..', '.')));
|
||||
rsort($files);
|
||||
rsort( $files );
|
||||
$media_files = array_values ( array_diff( scandir( "./media" ), ["..", "."] ) );
|
||||
sort( $media_files );
|
||||
include_once "common.php";
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<title>Administration</title>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<style>
|
||||
header, main{width:90%;max-width:900px;margin:2em auto}
|
||||
hr.small-divider{width:25%;margin: 2em auto}
|
||||
|
@ -23,13 +23,12 @@
|
|||
table{width:calc(100% - 1em)}
|
||||
.error{background:darkred;color:pink}
|
||||
ul.inline li{display:inline-block; margin:0}
|
||||
ul.inline li:not(:last-child)::after{content: ' | '}
|
||||
ul.inline.pipe li:not(:last-child)::after{content: ' | '}
|
||||
ul.list-style-none{list-style:none;margin:0;padding:0}
|
||||
header ul.inline{position:absolute;top:0;right:2em;margin:0}
|
||||
header ul.inline li{background:#333;color:#DDD;border-radius:0 0 10px 10px;padding:0.5em;margin:0 5px}
|
||||
header ul.inline li a{color:#DDD;text-decoration:none}
|
||||
header ul.inline li::after{content:'' !important}
|
||||
.post-list tbody tr:nth-child(odd){background-color: #DDD}
|
||||
tbody tr:nth-child(odd){background-color: #DDD}
|
||||
td{padding-left:1em}
|
||||
details {border: 1px solid #aaa;border-radius: 4px;padding: 0.5em 0.5em 0}
|
||||
summary {font-weight: bold;margin: -0.5em -0.5em 0;padding: 0.5em}
|
||||
|
@ -57,6 +56,35 @@
|
|||
<p><a href="/post.php?f=<?php echo $files[0]; ?>">New post</a> successfully added!</p>
|
||||
<?php elseif ( $post_success === "2" ): ?>
|
||||
<p>File updated successfully!</p>
|
||||
<?php elseif ( $post_success === "3" ): ?>
|
||||
<p>Media uploaded successfully!</p>
|
||||
<?php elseif ( $post_success === "4" ): ?>
|
||||
<div class="error">
|
||||
<h2>Error</h2>
|
||||
<p>Your media upload was too large (> 1.5mb)</p>
|
||||
</div>
|
||||
<?php elseif ( $post_success === "5" ): ?>
|
||||
<div class="error">
|
||||
<h2>Error</h2>
|
||||
<p>
|
||||
Your media upload was <em>not</em> a supported file type:
|
||||
<ul>
|
||||
<li>azw3</li>
|
||||
<li>css</li>
|
||||
<li>epub</li>
|
||||
<li>gif</li>
|
||||
<li>html</li>
|
||||
<li>jpeg</li>
|
||||
<li>jpg</li>
|
||||
<li>mobi</li>
|
||||
<li>pdf</li>
|
||||
<li>png</li>
|
||||
<li>svg</li>
|
||||
</ul>
|
||||
</p>
|
||||
</div>
|
||||
<?php elseif ( $post_success === "6" ): ?>
|
||||
<p>Deletion was successful!</p>
|
||||
<?php endif; ?>
|
||||
<details>
|
||||
<summary>New Post</summary>
|
||||
|
@ -93,9 +121,9 @@
|
|||
<td>$link</td>
|
||||
<td>{$parts["time"]}</td>
|
||||
<td>
|
||||
<ul class="inline list-style-none">
|
||||
<ul class="inline list-style-none pipe">
|
||||
<li><a href="edit.php?file=posts%2F$del">Edit</a></li>
|
||||
<li><a href="delete_post.php?f=$del">Delete</a></li>
|
||||
<li><a href="delete_data.php?f=$del&k=posts">Delete</a></li>
|
||||
</ul>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -108,11 +136,50 @@ HTML;
|
|||
</details>
|
||||
<hr class="small-divider">
|
||||
<details>
|
||||
<summary>Misc.</summary>
|
||||
<summary>Site Actions</summary>
|
||||
<ul>
|
||||
<li><a href="edit.php?file=css%2Fstyle.css">Edit CSS</a></li>
|
||||
</ul>
|
||||
</details>
|
||||
<hr class="small-divider">
|
||||
<details>
|
||||
<summary>Upload Media</summary>
|
||||
<form action="/upload.php" method="post" enctype="multipart/form-data">
|
||||
<h2>New Media</h2>
|
||||
<p>
|
||||
<label>File: <input type="file" name="mediaUpload"></label>
|
||||
</p>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
</details>
|
||||
<hr class="small-divider">
|
||||
<details class="media-list">
|
||||
<summary>Media Files</summary>
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>File</th>
|
||||
<th>Delete</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
foreach( $media_files as $f ) {
|
||||
$link = make_post_link( $f, false );
|
||||
$out = <<<HTML
|
||||
<tr>
|
||||
<td>$link</td>
|
||||
<td>
|
||||
<a href="delete_data.php?f=$f&k=media">Delete</a>
|
||||
</td>
|
||||
</tr>
|
||||
HTML;
|
||||
echo $out;
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</details>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
|
|
37
blog_log.php
37
blog_log.php
|
@ -6,9 +6,10 @@
|
|||
header("Location: /admin.php");
|
||||
die();
|
||||
}
|
||||
$secret = $_POST["secret"] ?? null;
|
||||
if ( $secret ) {
|
||||
$secret = hash( "sha256", $secret );
|
||||
$user = $_POST["user"] ?? null;
|
||||
$pass = $_POST["password"] ?? null;
|
||||
if ( $pass && $user ) {
|
||||
$secret = hash( "sha256", $user . $secret );
|
||||
if ( $secret ) {
|
||||
$current = file_get_contents( PW_FILE );
|
||||
if ( $current) {
|
||||
|
@ -34,17 +35,43 @@
|
|||
<html lang="en">
|
||||
<head>
|
||||
<title>A secret opens the door</title>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<style>
|
||||
form{width:400px;max-width:80%;margin:2em auto}
|
||||
.slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}
|
||||
input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}
|
||||
input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}
|
||||
input:focus{border-color:#333}
|
||||
.logo{width:300px;max-width:60%;margin:3em auto 0em}
|
||||
img{width:100%}
|
||||
h1{text-align:center;font-size:1.5rem}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="logo">
|
||||
<img src="chickadee.svg">
|
||||
</div>
|
||||
<div>
|
||||
<?php if ( $invalid ): ?>
|
||||
<p id="error-message">
|
||||
An invalid secret was whispered.
|
||||
An invalid username or password was given.
|
||||
</p>
|
||||
<?php endif; ?>
|
||||
<div class="slant"></div>
|
||||
<form action="/blog_log.php" method="post">
|
||||
<label>Whisper a secret… <input type="password" name="secret" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
|
||||
<h1>Log In</h1>
|
||||
<p>
|
||||
<label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
|
||||
</p>
|
||||
<p>
|
||||
<label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
|
||||
</p>
|
||||
<p>
|
||||
<input type="submit" value="Submit">
|
||||
</p>
|
||||
</form>
|
||||
<div class="slant"></div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
File diff suppressed because one or more lines are too long
After Width: | Height: | Size: 392 KiB |
18
common.php
18
common.php
|
@ -1,12 +1,16 @@
|
|||
<?php
|
||||
|
||||
function make_post_link( $a ) {
|
||||
$parts = split_filename( $a );
|
||||
return sprintf(
|
||||
'<a href="post.php?f=%s">%s</a>',
|
||||
$parts["encoded"],
|
||||
$parts["title"]
|
||||
);
|
||||
function make_post_link( $a, $post=true ) {
|
||||
if ( $post ) {
|
||||
$parts = split_filename( $a );
|
||||
return sprintf(
|
||||
'<a href="post.php?f=%s">%s</a>',
|
||||
$parts["encoded"],
|
||||
$parts["title"]
|
||||
);
|
||||
} else {
|
||||
return '<a href="media/' . $a . '" target="_blank">media/' . $a . '</a>';
|
||||
}
|
||||
}
|
||||
|
||||
function title_from_filename( $fn ) {
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
<?php
|
||||
|
||||
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
|
||||
header("Location: 404.php");
|
||||
die();
|
||||
}
|
||||
|
||||
/*
|
||||
* This will appear in the header and title
|
||||
* for much of the site.
|
||||
|
@ -39,4 +44,4 @@ const SITE_FOOTER = false;
|
|||
/*
|
||||
* Change the base language of your site here.
|
||||
*/
|
||||
const LANG = "en";
|
||||
const SITE_LANG = "en";
|
||||
|
|
|
@ -16,3 +16,5 @@ body.post main h4,
|
|||
body.post main h5,
|
||||
body.post main h6{font-family:serif}
|
||||
body.post main{max-width:900px}
|
||||
|
||||
img{max-width:100%}
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
include_once "logcheck.php";
|
||||
$file = $_GET["f"] ?? null;
|
||||
$kind = $_GET["k"] ?? null;
|
||||
|
||||
// Err if all parts didnt arrive
|
||||
if ( !file || !$kind ) {
|
||||
header("Location: /admin.php?success=0");
|
||||
die();
|
||||
}
|
||||
|
||||
// Err if not a valid prefix
|
||||
if ( $kind !== "media" && $kind !== "posts" ) {
|
||||
header("Location: /admin.php?success=0");
|
||||
die();
|
||||
}
|
||||
|
||||
$path = realpath( $kind . "/" . $file );
|
||||
|
||||
// Err if file does not exist
|
||||
if ( !file_exists($path) ) {
|
||||
error_log( "File does not exist: " . $path );
|
||||
header("Location: /admin.php?success=0");
|
||||
die();
|
||||
}
|
||||
|
||||
if ( is_writable( $path ) ) {
|
||||
$success = unlink( $path ) ? "6" : "0";
|
||||
header("Location: /admin.php?success=" . $success);
|
||||
die();
|
||||
} else {
|
||||
error_log( "File not writable: " . $path );
|
||||
header("Location: /admin.php?success=0");
|
||||
die();
|
||||
}
|
7
edit.php
7
edit.php
|
@ -1,9 +1,5 @@
|
|||
<?php
|
||||
$logged_in = $_COOKIE["checkin"] ?? null;
|
||||
if ( !$logged_in || $logged_in != "waiting for expiry" ) {
|
||||
header("Location: /blog_log.php");
|
||||
die();
|
||||
}
|
||||
include_once "logcheck.php";
|
||||
include_once "common.php";
|
||||
|
||||
$update = $_POST["data"] ?? null;
|
||||
|
@ -46,6 +42,7 @@
|
|||
<html lang="en">
|
||||
<head>
|
||||
<title>Administration - Edit</title>
|
||||
<meta charset="utf-8">
|
||||
<style>
|
||||
header, main{width:90%;max-width:900px;margin:2em auto}
|
||||
hr.small-divider{width:25%;margin: 2em auto}
|
||||
|
|
|
@ -6,9 +6,11 @@
|
|||
include_once "config.php";
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<html lang="<?php echo SITE_LANG; ?>">
|
||||
<head>
|
||||
<title><?php echo SITE_NAME; ?></title>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="stylesheet" href="/css/style.css">
|
||||
<link rel="stylesheet" href="/css/admin-bar.css">
|
||||
</head>
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
|
||||
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
|
||||
header("Location: 404.php");
|
||||
die();
|
||||
}
|
||||
|
||||
$logged_in = $_COOKIE["checkin"] ?? null;
|
||||
if ( !$logged_in || $logged_in != "waiting for expiry" ) {
|
||||
header("Location: /blog_log.php");
|
||||
die();
|
||||
}
|
5
post.php
5
post.php
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
include_once "logcheck.php";
|
||||
include_once "common.php";
|
||||
include_once "config.php";
|
||||
$f = $_GET["f"] ?? null;
|
||||
|
@ -16,11 +17,13 @@
|
|||
$html = Parsedown::instance()->text( $data );
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<html lang="<?php echo SITE_LANG; ?>">
|
||||
<head>
|
||||
<title><?php echo $parts["title"]; ?></title>
|
||||
<link rel="stylesheet" href="/css/style.css">
|
||||
<link rel="stylesheet" href="/css/admin-bar.css">
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
</head>
|
||||
<body class="post">
|
||||
<?php include_once "admin-bar-partial.php"; ?>
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
<?php
|
||||
include_once "logcheck.php";
|
||||
|
||||
error_log("Upload");
|
||||
$f = $_FILES["mediaUpload"] ?? null;
|
||||
if ( !$f ) {
|
||||
header("Location: admin.php?success=0");
|
||||
die();
|
||||
}
|
||||
error_log("Got file");
|
||||
|
||||
$target_dir = "media/";
|
||||
$target_file = $target_dir . urlencode(basename( $f["name"] ) );
|
||||
$uploadOk = 1;
|
||||
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
|
||||
// Check if image file is a actual image or fake image
|
||||
$check = getimagesize($f["tmp_name"]);
|
||||
if($check !== false) {
|
||||
if ( file_exists( $target_file ) ) {
|
||||
// Check if file already exists
|
||||
$uploadOk = "0";
|
||||
} else if ($f["size"] > 1500000) {
|
||||
// Check file size
|
||||
$uploadOk = "4";
|
||||
} else if(
|
||||
!in_array(
|
||||
$imageFileType,
|
||||
["svg", "jpg", "jpeg", "png", "gif", "pdf",
|
||||
"epub", "azw3", "mobi", "html", "css" ]
|
||||
)){
|
||||
$uploadOk = 5;
|
||||
} else {
|
||||
$done = move_uploaded_file($f["tmp_name"], $target_file);
|
||||
if ( $done ) {
|
||||
$uploadOk = "3";
|
||||
} else {
|
||||
$uploadOk = "0";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
header("Location: admin.php?success=" . $uploadOk);
|
||||
die();
|
Loading…
Reference in New Issue