diff --git a/public/index.php b/public/index.php index a7a9daf..71d6e5a 100644 --- a/public/index.php +++ b/public/index.php @@ -1,11 +1,22 @@ $user, + 'config' => $config, + ]; + + + echo render_template(TEMPLATES_DIR . "/admin.php", $vars); + } + + // POST handler + // save updated settings + public function save(){ + $isLoggedIn = isset($_SESSION['user_id']); + if (!$isLoggedIn){ + header('Location: ' . $config->basePath . 'login.php'); + exit; + } + + $config = Config::load(); + $user = User::load(); + + // handle form submission + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $errors = []; + + // User profile + $username = trim($_POST['username'] ?? ''); + $displayName = trim($_POST['display_name'] ?? ''); + $about = trim($_POST['about'] ?? ''); + $website = trim($_POST['website'] ?? ''); + + // Site settings + $siteTitle = trim($_POST['site_title']) ?? ''; + $siteDescription = trim($_POST['site_description']) ?? ''; + $basePath = trim($_POST['base_path'] ?? '/'); + $itemsPerPage = (int) ($_POST['items_per_page'] ?? 25); + // Password + // TODO - Make sure I really shouldn't trim these + // (I'm assuming there may be people who end their password with a space character) + $password = $_POST['password'] ?? ''; + $confirmPassword = $_POST['confirm_password'] ?? ''; + + // Validate user profile + if (!$username) { + $errors[] = "Username is required."; + } + if (!$displayName) { + $errors[] = "Display name is required."; + } + // Make sure the website looks like a URL and starts with a protocol + if ($website) { + if (!filter_var($website, FILTER_VALIDATE_URL)) { + $errors[] = "Please enter a valid URL (including http:// or https://)."; + } elseif (!preg_match('/^https?:\/\//i', $website)) { + $errors[] = "URL must start with http:// or https://."; + } + } + + + // Validate site settings + if (!$siteTitle) { + $errors[] = "Site title is required."; + } + if (!preg_match('#^/[^?<>:"|\\*]*$#', $basePath)) { + $errors[] = "Base path must look like a valid URL path (e.g. / or /tkr/)."; + } + if ($itemsPerPage < 1 || $itemsPerPage > 50) { + $errors[] = "Items per page must be a number between 1 and 50."; + } + + // If a password was sent, make sure it matches the confirmation + if ($password && !($password = $confirmPassword)){ + $errors[] = "Passwords do not match"; + } + + // TODO: Actually handle errors + if (empty($errors)) { + // Update site settings + $config->siteTitle = $siteTitle; + $config->siteDescription = $siteDescription; + $config->basePath = $basePath; + $config->itemsPerPage = $itemsPerPage; + + // Save site settings and reload config from database + $config = $config->save(); + + // Update user profile + $user->username = $username; + $user->displayName = $displayName; + $user->about = $about; + $user->website = $website; + + // Save user profile and reload user from database + $user = $user->save(); + + // Update the password if one was sent + if($password){ + $user->set_password($password); + } + } + } + + header('Location: ' . $config->basePath . '/admin'); + exit; + } +} \ No newline at end of file diff --git a/src/Controller/Login/Login.php b/src/Controller/Auth/Auth.php similarity index 78% rename from src/Controller/Login/Login.php rename to src/Controller/Auth/Auth.php index dda1ee6..b61b04b 100644 --- a/src/Controller/Login/Login.php +++ b/src/Controller/Auth/Auth.php @@ -1,6 +1,6 @@ basePath); exit; } else { $error = 'Invalid username or password'; } } + } - $csrf_token = generateCsrfToken(); + function handleLogout(){ + $_SESSION = []; + session_destroy(); + + $config = Config::load(); + header('Location: ' . $config->basePath); + exit; } } \ No newline at end of file diff --git a/src/Controller/Home/Home.php b/src/Controller/Home/Home.php index 7510fa9..4c81986 100644 --- a/src/Controller/Home/Home.php +++ b/src/Controller/Home/Home.php @@ -27,7 +27,7 @@ class HomeController{ // POST handler // Saves the tick and reloads the homepage - public function tick(){ + public function handleTick(){ if ($_SERVER['REQUEST_METHOD'] === 'POST' and isset($_POST['tick'])) { // ensure that the session is valid before proceeding if (!validateCsrfToken($_POST['csrf_token'])) { diff --git a/src/Controller/Mood/Mood.php b/src/Controller/Mood/Mood.php index 04d0715..5838ea2 100644 --- a/src/Controller/Mood/Mood.php +++ b/src/Controller/Mood/Mood.php @@ -15,7 +15,7 @@ echo render_template(TEMPLATES_DIR . "/mood.php", $vars); } - public function set_mood(){ + public function handleMood(){ if ($_SERVER['REQUEST_METHOD'] === 'POST' and isset($_POST['mood'])) { // ensure that the session is valid before proceeding if (!validateCsrfToken($_POST['csrf_token'])) { @@ -33,7 +33,7 @@ // go back to the index and show the updated mood header('Location: ' . $config->basePath); - //exit; + exit; } } diff --git a/src/lib/session.php b/src/lib/session.php index 0293b13..abadb43 100644 --- a/src/lib/session.php +++ b/src/lib/session.php @@ -1,4 +1,5 @@ basePath . 'login.php'); -} - -require CLASSES_DIR . '/User.php'; - -$config = Config::load(); -$user = User::load(); - -// handle form submission -if ($_SERVER['REQUEST_METHOD'] === 'POST') { - $errors = []; - - // User profile - $username = trim($_POST['username'] ?? ''); - $displayName = trim($_POST['display_name'] ?? ''); - $about = trim($_POST['about'] ?? ''); - $website = trim($_POST['website'] ?? ''); - - // Site settings - $siteTitle = trim($_POST['site_title']) ?? ''; - $siteDescription = trim($_POST['site_description']) ?? ''; - $basePath = trim($_POST['base_path'] ?? '/'); - $itemsPerPage = (int) ($_POST['items_per_page'] ?? 25); - // Password - // TODO - Make sure I really shouldn't trim these - // (I'm assuming there may be people who end their password with a space character) - $password = $_POST['password'] ?? ''; - $confirmPassword = $_POST['confirm_password'] ?? ''; - - // Validate user profile - if (!$username) { - $errors[] = "Username is required."; - } - if (!$displayName) { - $errors[] = "Display name is required."; - } - // Make sure the website looks like a URL and starts with a protocol - if ($website) { - if (!filter_var($website, FILTER_VALIDATE_URL)) { - $errors[] = "Please enter a valid URL (including http:// or https://)."; - } elseif (!preg_match('/^https?:\/\//i', $website)) { - $errors[] = "URL must start with http:// or https://."; - } - } - - - // Validate site settings - if (!$siteTitle) { - $errors[] = "Site title is required."; - } - if (!preg_match('#^/[^?<>:"|\\*]*$#', $basePath)) { - $errors[] = "Base path must look like a valid URL path (e.g. / or /tkr/)."; - } - if ($itemsPerPage < 1 || $itemsPerPage > 50) { - $errors[] = "Items per page must be a number between 1 and 50."; - } - - // If a password was sent, make sure it matches the confirmation - if ($password && !($password = $confirmPassword)){ - $errors[] = "Passwords do not match"; - } - - // TODO: Actually handle errors - if (empty($errors)) { - // Update site settings - $config->siteTitle = $siteTitle; - $config->siteDescription = $siteDescription; - $config->basePath = $basePath; - $config->itemsPerPage = $itemsPerPage; - - // Save site settings and reload config from database - $config = $config->save(); - - // Update user profile - $user->username = $username; - $user->displayName = $displayName; - $user->about = $about; - $user->website = $website; - - // Save user profile and reload user from database - $user = $user->save(); - - // Update the password if one was sent - if($password){ - $user->set_password($password); - } - } -} - -?> + + @@ -111,6 +14,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
Back to home
+
User settings
diff --git a/templates/logout.php b/templates/logout.php index afe859d..5414f2b 100644 --- a/templates/logout.php +++ b/templates/logout.php @@ -1,14 +1,8 @@ basePath); exit; \ No newline at end of file