lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Compare commits

base: lindeas:221a6e8139bfc4bb2f62959eb6370eb957c22578
Branches Tags
lindeas:main
lindeas:v0.4
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1
...
compare: lindeas:3915ca6633f272c560cef875856d120fbee1ea3c
Branches Tags
lindeas:main
lindeas:v0.4
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1

2 Commits
221a6e8139 ... 3915ca6633

Author SHA1 Message Date
Yasen Pramatarov 3915ca6633 Prepares for plugins. Autodiscovery and hooks. 2025-04-16 20:23:27 +03:00
Yasen Pramatarov 5246c47ee6 Makes csrf_token a global constant and moves it to includes 2025-04-16 13:11:51 +03:00
9 changed files with 65 additions and 11 deletions
Show Stats Expand all files Collapse all files

0
app/templates/csrf_token.php → app/includes/csrf_token.php
View File

2
app/templates/config.php
View File

@ -37,7 +37,7 @@
<div class="card-body p-4"> <div class="card-body p-4">
<form id="configForm"> <form id="configForm">
<?php <?php
include 'csrf_token.php'; include CSRF_TOKEN_INCLUDE;
function renderConfigItem($key, $value, $path = '') { function renderConfigItem($key, $value, $path = '') {
$fullPath = $path ? $path . '[' . $key . ']' : $key; $fullPath = $path ? $path . '[' . $key . ']' : $key;

2
app/templates/form-login.php
View File

@ -4,7 +4,7 @@
<div class="card-body"> <div class="card-body">
<p class="card-text"><strong>Welcome to <?= htmlspecialchars($config['site_name']); ?>!</strong><br />Please enter login credentials:</p> <p class="card-text"><strong>Welcome to <?= htmlspecialchars($config['site_name']); ?>!</strong><br />Please enter login credentials:</p>
<form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=login"> <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=login">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<div class="form-group mb-3"> <div class="form-group mb-3">
<input type="text" class="form-control w-50 mx-auto" name="username" placeholder="Username" <input type="text" class="form-control w-50 mx-auto" name="username" placeholder="Username"
pattern="[A-Za-z0-9_\-]{3,20}" title="3-20 characters, letters, numbers, - and _" pattern="[A-Za-z0-9_\-]{3,20}" title="3-20 characters, letters, numbers, - and _"

2
app/templates/form-password-forgot.php
View File

@ -8,7 +8,7 @@
<p>Enter your email address and we will send you<br /> <p>Enter your email address and we will send you<br />
instructions to reset your password.</p> instructions to reset your password.</p>
<form method="post" action="?page=login&action=forgot"> <form method="post" action="?page=login&action=forgot">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<div class="form-group"> <div class="form-group">
<label for="email">email address:</label> <label for="email">email address:</label>
<input type="email" <input type="email"

2
app/templates/form-password-reset.php
View File

@ -6,7 +6,7 @@
<div class="card-body"> <div class="card-body">
<h3 class="card-title mb-4">Set new password</h3> <h3 class="card-title mb-4">Set new password</h3>
<form method="post" action="?page=login&action=reset&token=<?= htmlspecialchars(urlencode($token)) ?>"> <form method="post" action="?page=login&action=reset&token=<?= htmlspecialchars(urlencode($token)) ?>">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<div class="form-group"> <div class="form-group">
<label for="new_password">new password:</label> <label for="new_password">new password:</label>
<input type="password" <input type="password"

2
app/templates/form-register.php
View File

@ -4,7 +4,7 @@
<div class="card-body"> <div class="card-body">
<p class="card-text">Enter credentials for registration:</p> <p class="card-text">Enter credentials for registration:</p>
<form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=register"> <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=register">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<div class="form-group mb-3"> <div class="form-group mb-3">
<input type="text" class="form-control w-50 mx-auto" name="username" placeholder="Username" <input type="text" class="form-control w-50 mx-auto" name="username" placeholder="Username"
pattern="[A-Za-z0-9_\-]{3,20}" title="3-20 characters, letters, numbers, - and _" pattern="[A-Za-z0-9_\-]{3,20}" title="3-20 characters, letters, numbers, - and _"

4
app/templates/profile-edit.php
View File

@ -6,7 +6,7 @@
<div class="card-body"> <div class="card-body">
<form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile" enctype="multipart/form-data"> <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile" enctype="multipart/form-data">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<div class="row"> <div class="row">
<p class="border rounded bg-light mb-4"><small>edit the profile fields</small></p> <p class="border rounded bg-light mb-4"><small>edit the profile fields</small></p>
<div class="col-md-4 avatar-container"> <div class="col-md-4 avatar-container">
@ -133,7 +133,7 @@
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<form id="remove-avatar-form" data-action="remove-avatar" method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile&action=remove&item=avatar"> <form id="remove-avatar-form" data-action="remove-avatar" method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile&action=remove&item=avatar">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<button type="button" class="btn btn-danger" id="confirm-delete">Delete Avatar</button> <button type="button" class="btn btn-danger" id="confirm-delete">Delete Avatar</button>
</form> </form>
</div> </div>

8
app/templates/security.php
View File

@ -35,7 +35,7 @@
</div> </div>
<div class="card-body"> <div class="card-body">
<form method="POST" class="mb-4"> <form method="POST" class="mb-4">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<input type="hidden" name="action" value="add_whitelist"> <input type="hidden" name="action" value="add_whitelist">
<div class="row g-3"> <div class="row g-3">
<div class="col-md-4"> <div class="col-md-4">
@ -77,7 +77,7 @@
<td><?= htmlspecialchars($ip['created_at']) ?></td> <td><?= htmlspecialchars($ip['created_at']) ?></td>
<td> <td>
<form method="POST" style="display: inline;"> <form method="POST" style="display: inline;">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<input type="hidden" name="action" value="remove_whitelist"> <input type="hidden" name="action" value="remove_whitelist">
<input type="hidden" name="ip_address" value="<?= htmlspecialchars($ip['ip_address']) ?>"> <input type="hidden" name="ip_address" value="<?= htmlspecialchars($ip['ip_address']) ?>">
<button type="submit" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to remove this IP from whitelist?')">Remove</button> <button type="submit" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to remove this IP from whitelist?')">Remove</button>
@ -104,7 +104,7 @@
</div> </div>
<div class="card-body"> <div class="card-body">
<form method="POST" class="mb-4"> <form method="POST" class="mb-4">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<input type="hidden" name="action" value="add_blacklist"> <input type="hidden" name="action" value="add_blacklist">
<div class="row g-3"> <div class="row g-3">
<div class="col-md-3"> <div class="col-md-3">
@ -151,7 +151,7 @@
<td><?= $ip['expiry_time'] ? htmlspecialchars($ip['expiry_time']) : 'Never' ?></td> <td><?= $ip['expiry_time'] ? htmlspecialchars($ip['expiry_time']) : 'Never' ?></td>
<td> <td>
<form method="POST" style="display: inline;"> <form method="POST" style="display: inline;">
<?php include 'csrf_token.php'; ?> <?php include CSRF_TOKEN_INCLUDE; ?>
<input type="hidden" name="action" value="remove_blacklist"> <input type="hidden" name="action" value="remove_blacklist">
<input type="hidden" name="ip_address" value="<?= htmlspecialchars($ip['ip_address']) ?>"> <input type="hidden" name="ip_address" value="<?= htmlspecialchars($ip['ip_address']) ?>">
<button type="submit" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to remove this IP from blacklist?')">Remove</button> <button type="submit" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to remove this IP from blacklist?')">Remove</button>

54
public_html/index.php
View File

@ -11,6 +11,49 @@
* Version: 0.4 * Version: 0.4
*/ */
// Preparing plugins and hooks
$GLOBALS['plugin_hooks'] = [];
$enabled_plugins = [];
// Plugin discovery
$plugins_dir = dirname(__DIR__) . '/plugins/';
foreach (glob($plugins_dir . '*', GLOB_ONLYDIR) as $plugin_path) {
$manifest = $plugin_path . '/plugin.json';
if (file_exists($manifest)) {
$meta = json_decode(file_get_contents($manifest), true);
if (!empty($meta['enabled'])) {
$plugin_name = basename($plugin_path);
$enabled_plugins[$plugin_name] = [
'path' => $plugin_path,
'meta' => $meta
];
// Autoload plugin bootstrap if exists
$bootstrap = $plugin_path . '/bootstrap.php';
if (file_exists($bootstrap)) {
include_once $bootstrap;
}
}
}
}
$GLOBALS['enabled_plugins'] = $enabled_plugins;
// Simple hook system
function register_hook($hook, $callback) {
$GLOBALS['plugin_hooks'][$hook][] = $callback;
}
function do_hook($hook, $context = []) {
if (!empty($GLOBALS['plugin_hooks'][$hook])) {
foreach ($GLOBALS['plugin_hooks'][$hook] as $callback) {
call_user_func($callback, $context);
}
}
}
// Define CSRF token include path globally
if (!defined('CSRF_TOKEN_INCLUDE')) {
define('CSRF_TOKEN_INCLUDE', dirname(__DIR__) . '/app/includes/csrf_token.php');
}
// we start output buffering and // we start output buffering and
// flush it later only when there is no redirect // flush it later only when there is no redirect
ob_start(); ob_start();
@ -75,6 +118,17 @@ $allowed_urls = [
'about', 'about',
]; ];
// Let plugins filter/extend allowed_urls
function filter_allowed_urls($urls) {
if (!empty($GLOBALS['plugin_hooks']['filter_allowed_urls'])) {
foreach ($GLOBALS['plugin_hooks']['filter_allowed_urls'] as $callback) {
$urls = call_user_func($callback, $urls);
}
}
return $urls;
}
$allowed_urls = filter_allowed_urls($allowed_urls);
// cnfig file // cnfig file
// possible locations, in order of preference // possible locations, in order of preference
$config_file_locations = [ $config_file_locations = [