Compare commits
2 Commits
221a6e8139
...
3915ca6633
| Author | SHA1 | Date |
|---|---|---|
 Yasen Pramatarov
|
3915ca6633 | |
|
Yasen Pramatarov
|
5246c47ee6 |
|
|
@ -37,7 +37,7 @@
|
|||
<div class="card-body p-4">
|
||||
<form id="configForm">
|
||||
<?php
|
||||
include 'csrf_token.php';
|
||||
include CSRF_TOKEN_INCLUDE;
|
||||
|
||||
function renderConfigItem($key, $value, $path = '') {
|
||||
$fullPath = $path ? $path . '[' . $key . ']' : $key;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<div class="card-body">
|
||||
<p class="card-text"><strong>Welcome to <?= htmlspecialchars($config['site_name']); ?>!</strong><br />Please enter login credentials:</p>
|
||||
<form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=login">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<div class="form-group mb-3">
|
||||
<input type="text" class="form-control w-50 mx-auto" name="username" placeholder="Username"
|
||||
pattern="[A-Za-z0-9_\-]{3,20}" title="3-20 characters, letters, numbers, - and _"
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<p>Enter your email address and we will send you<br />
|
||||
instructions to reset your password.</p>
|
||||
<form method="post" action="?page=login&action=forgot">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<div class="form-group">
|
||||
<label for="email">email address:</label>
|
||||
<input type="email"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
<div class="card-body">
|
||||
<h3 class="card-title mb-4">Set new password</h3>
|
||||
<form method="post" action="?page=login&action=reset&token=<?= htmlspecialchars(urlencode($token)) ?>">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<div class="form-group">
|
||||
<label for="new_password">new password:</label>
|
||||
<input type="password"
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<div class="card-body">
|
||||
<p class="card-text">Enter credentials for registration:</p>
|
||||
<form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=register">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<div class="form-group mb-3">
|
||||
<input type="text" class="form-control w-50 mx-auto" name="username" placeholder="Username"
|
||||
pattern="[A-Za-z0-9_\-]{3,20}" title="3-20 characters, letters, numbers, - and _"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
<div class="card-body">
|
||||
|
||||
<form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile" enctype="multipart/form-data">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<div class="row">
|
||||
<p class="border rounded bg-light mb-4"><small>edit the profile fields</small></p>
|
||||
<div class="col-md-4 avatar-container">
|
||||
|
|
@ -133,7 +133,7 @@
|
|||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
|
||||
<form id="remove-avatar-form" data-action="remove-avatar" method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile&action=remove&item=avatar">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<button type="button" class="btn btn-danger" id="confirm-delete">Delete Avatar</button>
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@
|
|||
</div>
|
||||
<div class="card-body">
|
||||
<form method="POST" class="mb-4">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<input type="hidden" name="action" value="add_whitelist">
|
||||
<div class="row g-3">
|
||||
<div class="col-md-4">
|
||||
|
|
@ -77,7 +77,7 @@
|
|||
<td><?= htmlspecialchars($ip['created_at']) ?></td>
|
||||
<td>
|
||||
<form method="POST" style="display: inline;">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<input type="hidden" name="action" value="remove_whitelist">
|
||||
<input type="hidden" name="ip_address" value="<?= htmlspecialchars($ip['ip_address']) ?>">
|
||||
<button type="submit" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to remove this IP from whitelist?')">Remove</button>
|
||||
|
|
@ -104,7 +104,7 @@
|
|||
</div>
|
||||
<div class="card-body">
|
||||
<form method="POST" class="mb-4">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<input type="hidden" name="action" value="add_blacklist">
|
||||
<div class="row g-3">
|
||||
<div class="col-md-3">
|
||||
|
|
@ -151,7 +151,7 @@
|
|||
<td><?= $ip['expiry_time'] ? htmlspecialchars($ip['expiry_time']) : 'Never' ?></td>
|
||||
<td>
|
||||
<form method="POST" style="display: inline;">
|
||||
<?php include 'csrf_token.php'; ?>
|
||||
<?php include CSRF_TOKEN_INCLUDE; ?>
|
||||
<input type="hidden" name="action" value="remove_blacklist">
|
||||
<input type="hidden" name="ip_address" value="<?= htmlspecialchars($ip['ip_address']) ?>">
|
||||
<button type="submit" class="btn btn-sm btn-danger" onclick="return confirm('Are you sure you want to remove this IP from blacklist?')">Remove</button>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,49 @@
|
|||
* Version: 0.4
|
||||
*/
|
||||
|
||||
// Preparing plugins and hooks
|
||||
$GLOBALS['plugin_hooks'] = [];
|
||||
$enabled_plugins = [];
|
||||
|
||||
// Plugin discovery
|
||||
$plugins_dir = dirname(__DIR__) . '/plugins/';
|
||||
foreach (glob($plugins_dir . '*', GLOB_ONLYDIR) as $plugin_path) {
|
||||
$manifest = $plugin_path . '/plugin.json';
|
||||
if (file_exists($manifest)) {
|
||||
$meta = json_decode(file_get_contents($manifest), true);
|
||||
if (!empty($meta['enabled'])) {
|
||||
$plugin_name = basename($plugin_path);
|
||||
$enabled_plugins[$plugin_name] = [
|
||||
'path' => $plugin_path,
|
||||
'meta' => $meta
|
||||
];
|
||||
// Autoload plugin bootstrap if exists
|
||||
$bootstrap = $plugin_path . '/bootstrap.php';
|
||||
if (file_exists($bootstrap)) {
|
||||
include_once $bootstrap;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$GLOBALS['enabled_plugins'] = $enabled_plugins;
|
||||
|
||||
// Simple hook system
|
||||
function register_hook($hook, $callback) {
|
||||
$GLOBALS['plugin_hooks'][$hook][] = $callback;
|
||||
}
|
||||
function do_hook($hook, $context = []) {
|
||||
if (!empty($GLOBALS['plugin_hooks'][$hook])) {
|
||||
foreach ($GLOBALS['plugin_hooks'][$hook] as $callback) {
|
||||
call_user_func($callback, $context);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Define CSRF token include path globally
|
||||
if (!defined('CSRF_TOKEN_INCLUDE')) {
|
||||
define('CSRF_TOKEN_INCLUDE', dirname(__DIR__) . '/app/includes/csrf_token.php');
|
||||
}
|
||||
|
||||
// we start output buffering and
|
||||
// flush it later only when there is no redirect
|
||||
ob_start();
|
||||
|
|
@ -75,6 +118,17 @@ $allowed_urls = [
|
|||
'about',
|
||||
];
|
||||
|
||||
// Let plugins filter/extend allowed_urls
|
||||
function filter_allowed_urls($urls) {
|
||||
if (!empty($GLOBALS['plugin_hooks']['filter_allowed_urls'])) {
|
||||
foreach ($GLOBALS['plugin_hooks']['filter_allowed_urls'] as $callback) {
|
||||
$urls = call_user_func($callback, $urls);
|
||||
}
|
||||
}
|
||||
return $urls;
|
||||
}
|
||||
$allowed_urls = filter_allowed_urls($allowed_urls);
|
||||
|
||||
// cnfig file
|
||||
// possible locations, in order of preference
|
||||
$config_file_locations = [
|
||||
|
|
|
|||
Loading…
Reference in New Issue