subcultureofone/tkr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

cleanup. Improve homepage semantics. Add .htaccess files to blocked directories.

Browse Source
This commit is contained in:
Greg Sarjeant 2025-06-17 16:25:31 -04:00
parent 77ec1bbb3b
commit f72896892b
18 changed files with 240 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.htaccess Normal file
View File

@ -0,0 +1,49 @@
# Example Apache VirtualHost
# for serving tkr as a subdirectory path
# on shared hosting via .htaccess
#
# e.g. http://www.my-domain.com/tkr
#
# This should work without modification if you extract the app
# to /tkr from your web document root
# Enable mod_rewrite
RewriteEngine On
# Security headers
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
# Directory index
DirectoryIndex public/index.php
# Security: Block direct access to .php files (except through rewrites)
RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
RewriteRule ^.*$ - [R=404,L]
# Security: Block access to sensitive directories
RewriteRule ^(storage|src|templates|examples|config)(/.*)?$ - [F,L]
# Security: Block access to hidden files
RewriteRule ^\..*$ - [F,L]
# Cache CSS files for 1 hour
<FilesMatch "\.css$">
Header set Cache-Control "public, max-age=3600"
</FilesMatch>
# Serve the one static file that exists: css/tkr.css
# (Pass requests to css/custom/ through to the PHP app)
RewriteCond %{REQUEST_URI} !^/css/custom/
RewriteRule ^css/tkr\.css$ public/css/tkr.css [L]
# 404 all other static files (images, js, fonts, etc.)
# so those requests don't hit the PHP app
# (this is to reduce load on the PHP app from bots and scanners)
RewriteRule \.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$ - [R=404,L]
# Everything else goes to the front controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ public/index.php [L]

6
config/.htaccess Normal file
View File

@ -0,0 +1,6 @@
# Deny all access to this directory
Require all denied
# Fallback for Apache 2.2
Order deny,allow
Deny from all

2
config/bootstrap.php
View File

@ -41,7 +41,7 @@ function handle_setup_exception(SetupException $e){
// Show error message and exit // Show error message and exit
http_response_code(500); http_response_code(500);
echo "<h1>Configuration Error</h1>"; echo "<h1>Configuration Error</h1>";
echo "<p>" . htmlspecialchars($setupError['message']) . "</p>"; echo "<p>" . Util::escape_html($setupError['message']) . "</p>";
exit; exit;
case 'table_contents': case 'table_contents':
// Recoverable error. // Recoverable error.

6
examples/.htaccess Normal file
View File

@ -0,0 +1,6 @@
# Deny all access to this directory
Require all denied
# Fallback for Apache 2.2
Order deny,allow
Deny from all

99
public/css/tkr.css
View File

@ -95,7 +95,7 @@ fieldset.emoji-group {
} }
h1.site-description { h1.site-description {
font-size: 1.3em; font-size: 1.5em;
} }
.delete-emoji-fieldset .fieldset-items { .delete-emoji-fieldset .fieldset-items {
@ -310,19 +310,85 @@ label.description {
} }
.home-sidebar{ .home-sidebar{
padding-top: 1em;
padding-bottom: 1em; padding-bottom: 1em;
} }
.site-description { .site-description {
font-size: 1.2rem; font-size: 1.2rem;
color: var(--color-text-dark); color: var(--color-text-dark);
margin-bottom: 0.5rem; margin-bottom: 1.2rem;
} }
.profile-row { .profile-data {
display: grid;
gap: 1rem;
margin: 0;
margin-bottom: 1rem;
}
/* Description list: description */
.profile-data dd {
margin: 0;
}
/* Description list: term */
/* Hidden from visual display - screen reader only class */
.profile-data dt {
position: absolute;
width: 1px;
height: 1px;
padding: 0;
margin: -1px;
overflow: hidden;
clip: rect(0, 0, 0, 0);
white-space: nowrap;
border: 0;
}
/*
Left-justify the greeting text,
right-justify the Change Mood link
*/
/* greeting text */
.profile-greeting {
display: flex; display: flex;
width: 100%; justify-content: space-between;
gap: 0.5em; align-items: center;
gap: 0.5rem;
}
/* add a small gap between the greeting and the mood emoji */
.greeting-content {
display: flex;
align-items: baseline;
gap: 0.4em;
}
/* define the profile "greeting" style */
.greeting-text {
font-weight: 600;
font-size: 1.1em;
color: var(--color-text-primary);
}
/* Adjust emoji positioning */
.greeting-emoji {
vertical-align: middle;
}
/* Style the Change Mood link */
.change-mood {
font-size: 0.9em;
white-space: nowrap;
}
/* define the profile "about" style */
.profile-about {
font-style: italic;
font-size: 0.95em;
color: var(--color-text-muted);
} }
.tick-form { .tick-form {
@ -332,20 +398,13 @@ label.description {
gap: 0.5em; gap: 0.5em;
} }
.mood-bar { /* Styling for flash messages */
display: flex;
width: 100%;
justify-content: space-between;
align-items: center;
gap: 0.5em;
}
.flash-messages { .flash-messages {
background: white; background: var(--color-bg-white);
margin-top: 10px; margin-top: 10px;
padding: 15px; padding: 15px;
border-radius: 8px; border-radius: 8px;
box-shadow: 0 2px 10px rgba(0,0,0,0.1); box-shadow: 0 2px 10px var(--shadow-primary);
} }
.flash-message { .flash-message {
@ -436,18 +495,28 @@ label.description {
color: var(--color-required); color: var(--color-required);
} }
.tick-feed {
list-style: none;
padding: 0;
margin: 0;
margin-top: 0.5em;
}
.tick { .tick {
margin-bottom: 1em; margin-bottom: 1em;
padding-left: 0.5em;
} }
.tick-time { .tick-time {
color: var(--color-text-muted); color: var(--color-text-muted);
font-size: 0.8em; font-size: 0.8em;
margin-bottom: 0.4em;
} }
.tick-text { .tick-text {
color: var(--color-text-black); color: var(--color-text-black);
font-size: 1.0em; font-size: 1.0em;
display: block;
} }
.tick-pagination a { .tick-pagination a {

6
src/.htaccess Normal file
View File

@ -0,0 +1,6 @@
# Deny all access to this directory
Require all denied
# Fallback for Apache 2.2
Order deny,allow
Deny from all

7
src/Controller/AuthController/AuthController.php
View File

@ -16,8 +16,6 @@ class AuthController extends Controller {
function handleLogin(){ function handleLogin(){
global $config; global $config;
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? ''; $username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? ''; $password = $_POST['password'] ?? '';
@ -37,7 +35,10 @@ class AuthController extends Controller {
header('Location: ' . $config->basePath); header('Location: ' . $config->basePath);
exit; exit;
} else { } else {
$error = 'Invalid username or password'; // Set a flash message and reload the login page
Session::setFlashMessage('error', 'Invalid username or password');
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
} }
} }
} }

2
src/View/FlashView/FlashView.php
View File

@ -9,7 +9,7 @@ class FlashView {
<?php foreach ($flashMessages as $type => $messages): ?> <?php foreach ($flashMessages as $type => $messages): ?>
<?php foreach ($messages as $message): ?> <?php foreach ($messages as $message): ?>
<div class="flash-message flash-<?php echo $type; ?>"> <div class="flash-message flash-<?php echo $type; ?>">
<?php echo htmlspecialchars($message); ?> <?php echo Util::escape_html($message); ?>
</div> </div>
<?php endforeach; ?> <?php endforeach; ?>
<?php endforeach; ?> <?php endforeach; ?>

10
src/View/HomeView/HomeView.php
View File

@ -4,15 +4,14 @@ class HomeView {
ob_start(); ob_start();
?> ?>
<main id="ticks" class="home-main"> <ul class="tick-feed">
<div class="tick-feed">
<?php foreach ($ticks as $tick): ?> <?php foreach ($ticks as $tick): ?>
<article class="tick"> <li class="tick">
<div class="tick-time"><?= Util::escape_html(Util::relative_time($tick['timestamp'])) ?></div> <div class="tick-time"><?= Util::escape_html(Util::relative_time($tick['timestamp'])) ?></div>
<span class="tick-text"><?= Util::linkify(Util::escape_html($tick['tick'])) ?></span> <span class="tick-text"><?= Util::linkify(Util::escape_html($tick['tick'])) ?></span>
</article> </li>
<?php endforeach; ?> <?php endforeach; ?>
</div> </ul>
<div class="tick-pagination"> <div class="tick-pagination">
<?php if ($page > 1): ?> <?php if ($page > 1): ?>
<a href="?page=<?= $page - 1 ?>">&laquo; Newer</a> <a href="?page=<?= $page - 1 ?>">&laquo; Newer</a>
@ -21,7 +20,6 @@ class HomeView {
<a href="?page=<?= $page + 1 ?>">Older &raquo;</a> <a href="?page=<?= $page + 1 ?>">Older &raquo;</a>
<?php endif; ?> <?php endif; ?>
</div> </div>
</main>
<?php return ob_get_clean(); <?php return ob_get_clean();
} }

10
src/View/MoodView/MoodView.php
View File

@ -7,18 +7,18 @@ class MoodView {
?> ?>
<?php foreach ($emojiGroups as $group => $emojis): ?> <?php foreach ($emojiGroups as $group => $emojis): ?>
<fieldset id="<?= htmlspecialchars($group) ?>" class="emoji-group"> <fieldset id="<?= Util::escape_html($group) ?>" class="emoji-group">
<legend><?= ucfirst($group) ?></legend> <legend><?= ucfirst($group) ?></legend>
<?php foreach ($emojis as [$emoji, $description]): ?> <?php foreach ($emojis as [$emoji, $description]): ?>
<label class="emoji-option"> <label class="emoji-option">
<input <input
type="radio" type="radio"
name="mood" name="mood"
value="<?= htmlspecialchars($emoji) ?>" value="<?= Util::escape_html($emoji) ?>"
aria-label="<?=htmlspecialchars($description ?? 'emoji') ?>" aria-label="<?=Util::escape_html($description ?? 'emoji') ?>"
<?= $emoji === $selected_emoji ? 'checked' : '' ?> <?= $emoji === $selected_emoji ? 'checked' : '' ?>
> >
<span><?= htmlspecialchars($emoji) ?></span> <span><?= Util::escape_html($emoji) ?></span>
</label> </label>
<?php endforeach; ?> <?php endforeach; ?>
</fieldset> </fieldset>
@ -31,7 +31,7 @@ class MoodView {
ob_start(); ob_start();
?> ?>
<form method="post" class="emoji-form"> <form method="post" class="emoji-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<?= $this->render_emoji_groups($emojiGroups, $currentMood) ?> <?= $this->render_emoji_groups($emojiGroups, $currentMood) ?>
<div class="button-group"> <div class="button-group">
<button type="submit" name="action" value="set">Set the mood</button> <button type="submit" name="action" value="set">Set the mood</button>

6
storage/.htaccess Executable file
View File

@ -0,0 +1,6 @@
# Deny all access to this directory
Require all denied
# Fallback for Apache 2.2
Order deny,allow
Deny from all

6
templates/.htaccess Normal file
View File

@ -0,0 +1,6 @@
# Deny all access to this directory
Require all denied
# Fallback for Apache 2.2
Order deny,allow
Deny from all

12
templates/main.php
View File

@ -10,19 +10,19 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" <link rel="stylesheet"
href="<?= htmlspecialchars($config->basePath) ?>css/tkr.css"> href="<?= Util::escape_html($config->basePath) ?>css/tkr.css">
<?php if (!empty($config->cssId)): ?> <?php if (!empty($config->cssId)): ?>
<link rel="stylesheet" <link rel="stylesheet"
href="<?= htmlspecialchars($config->basePath) ?>css/custom/<?= htmlspecialchars($config->customCssFilename()) ?>"> href="<?= Util::escape_html($config->basePath) ?>css/custom/<?= Util::escape_html($config->customCssFilename()) ?>">
<?php endif; ?> <?php endif; ?>
<link rel="alternate" <link rel="alternate"
type="application/rss+xml" type="application/rss+xml"
title="<?php echo htmlspecialchars($config->siteTitle) ?> RSS Feed" title="<?php echo Util::escape_html($config->siteTitle) ?> RSS Feed"
href="<?php echo htmlspecialchars($config->baseUrl . $config->basePath)?>feed/rss/"> href="<?php echo Util::escape_html($config->baseUrl . $config->basePath)?>feed/rss/">
<link rel="alternate" <link rel="alternate"
type="application/atom+xml" type="application/atom+xml"
title="<?php echo htmlspecialchars($config->siteTitle) ?> Atom Feed" title="<?php echo Util::escape_html($config->siteTitle) ?> Atom Feed"
href="<?php echo htmlspecialchars($config->baseUrl . $config->basePath)?>feed/atom/"> href="<?php echo Util::escape_html($config->baseUrl . $config->basePath)?>feed/atom/">
</head> </head>
<body> <body>
<?php include TEMPLATES_DIR . '/partials/navbar.php'?> <?php include TEMPLATES_DIR . '/partials/navbar.php'?>

18
templates/partials/admin.php
View File

@ -6,28 +6,28 @@
<form <form
action="<?php echo $config->basePath . ($isSetup ? 'setup' : 'admin') ?>" action="<?php echo $config->basePath . ($isSetup ? 'setup' : 'admin') ?>"
method="post"> method="post">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<fieldset> <fieldset>
<legend>User settings</legend> <legend>User settings</legend>
<div class="fieldset-items"> <div class="fieldset-items">
<label>Username <span class=required>*</span></label> <label>Username <span class=required>*</span></label>
<input type="text" <input type="text"
name="username" name="username"
value="<?= $user->username ?>" value="<?= Util::escape_html($user->username) ?>"
required> required>
<label>Display name <span class=required>*</span></label> <label>Display name <span class=required>*</span></label>
<input type="text" <input type="text"
name="display_name" name="display_name"
value="<?= $user->displayName ?>" value="<?= Util::escape_html($user->displayName) ?>"
required> required>
<label>About </label> <label>About </label>
<input type="text" <input type="text"
name="about" name="about"
value="<?= $user->about ?>"> value="<?= Util::escape_html($user->about) ?>">
<label>Website </label> <label>Website </label>
<input type="text" <input type="text"
name="website" name="website"
value="<?= $user->website ?>"> value="<?= Util::escape_html($user->website) ?>">
</div> </div>
</fieldset> </fieldset>
<fieldset> <fieldset>
@ -36,21 +36,21 @@
<label>Title <span class=required>*</span></label> <label>Title <span class=required>*</span></label>
<input type="text" <input type="text"
name="site_title" name="site_title"
value="<?= $config->siteTitle ?>" value="<?= Util::escape_html($config->siteTitle) ?>"
required> required>
<label>Description <span class=required>*</span></label> <label>Description <span class=required>*</span></label>
<input type="text" <input type="text"
name="site_description" name="site_description"
value="<?= $config->siteDescription ?>"> value="<?= Util::escape_html($config->siteDescription) ?>">
<label>Base URL <span class=required>*</span></label> <label>Base URL <span class=required>*</span></label>
<input type="text" <input type="text"
name="base_url" name="base_url"
value="<?= $config->baseUrl ?>" value="<?= Util::escape_html($config->baseUrl) ?>"
required> required>
<label>Base path <span class=required>*</span></label> <label>Base path <span class=required>*</span></label>
<input type="text" <input type="text"
name="base_path" name="base_path"
value="<?= $config->basePath ?>" value="<?= Util::escape_html($config->basePath) ?>"
required> required>
<label>Items per page (max 50) <span class=required>*</span></label> <label>Items per page (max 50) <span class=required>*</span></label>
<input type="number" <input type="number"

8
templates/partials/css.php
View File

@ -3,7 +3,7 @@
<h1>CSS Management</h1> <h1>CSS Management</h1>
<div> <div>
<form action="<?= $config->basePath ?>admin/css" method="post" enctype="multipart/form-data"> <form action="<?= $config->basePath ?>admin/css" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<fieldset> <fieldset>
<legend>Manage</legend> <legend>Manage</legend>
<div class="fieldset-items"> <div class="fieldset-items">
@ -20,13 +20,13 @@
<option value=<?= $cssFile['id'] ?> <option value=<?= $cssFile['id'] ?>
<?= isset($selected) ? $selected : ""?>> <?= isset($selected) ? $selected : ""?>>
<?=$cssFile['filename']?> <?=Util::escape_html($cssFile['filename'])?>
</option> </option>
<?php endforeach; ?> <?php endforeach; ?>
</select> </select>
<?php if (isset($cssDescription) && $cssDescription): ?> <?php if (isset($cssDescription) && $cssDescription): ?>
<label>Description</label> <label>Description</label>
<label class="description"><?= $cssDescription ?></label> <label class="description"><?= Util::escape_html($cssDescription) ?></label>
<?php endif; ?> <?php endif; ?>
<div></div> <div></div>
<div> <div>
@ -38,7 +38,7 @@
<fieldset> <fieldset>
<legend>Upload</legend> <legend>Upload</legend>
<div class="fieldset-items"> <div class="fieldset-items">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<label for="uploadCssFile">Select File to Upload</label> <label for="uploadCssFile">Select File to Upload</label>
<input type="file" <input type="file"
id="uploadCssFile" id="uploadCssFile"

14
templates/partials/emoji.php
View File

@ -3,7 +3,7 @@
<h1>Emoji Management</h1> <h1>Emoji Management</h1>
<div> <div>
<form action="<?= $config->basePath ?>admin/emoji" method="post" enctype="multipart/form-data"> <form action="<?= $config->basePath ?>admin/emoji" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<fieldset> <fieldset>
<legend>Add Emoji</legend> <legend>Add Emoji</legend>
<div class="fieldset-items"> <div class="fieldset-items">
@ -25,19 +25,19 @@
</form> </form>
<?php if (!empty($emojiList)): ?> <?php if (!empty($emojiList)): ?>
<form action="<?= $config->basePath ?>admin/emoji" method="post" enctype="multipart/form-data"> <form action="<?= $config->basePath ?>admin/emoji" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<fieldset class="delete-emoji-fieldset"> <fieldset class="delete-emoji-fieldset">
<legend>Delete Emoji</legend> <legend>Delete Emoji</legend>
<div class="fieldset-items"> <div class="fieldset-items">
<?php foreach ($emojiList as $emojiItem): ?> <?php foreach ($emojiList as $emojiItem): ?>
<div class="emoji-checkbox-item"> <div class="emoji-checkbox-item">
<input type="checkbox" <input type="checkbox"
id="delete_emoji_<?= htmlspecialchars($emojiItem['id']) ?>" id="delete_emoji_<?= Util::escape_html($emojiItem['id']) ?>"
name="delete_emoji_ids[]" name="delete_emoji_ids[]"
value="<?= htmlspecialchars($emojiItem['id']) ?>"> value="<?= Util::escape_html($emojiItem['id']) ?>">
<label for="delete_emoji_<?= htmlspecialchars($emojiItem['id']) ?>"> <label for="delete_emoji_<?= Util::escape_html($emojiItem['id']) ?>">
<span class="emoji-display"><?= htmlspecialchars($emojiItem['emoji']) ?></span> <span class="emoji-display"><?= Util::escape_html($emojiItem['emoji']) ?></span>
<span class="emoji-description"><?= htmlspecialchars($emojiItem['description']) ?></span> <span class="emoji-description"><?= Util::escape_html($emojiItem['description']) ?></span>
</label> </label>
</div> </div>
<?php endforeach; ?> <?php endforeach; ?>

56
templates/partials/home.php
View File

@ -3,36 +3,50 @@
<?php /** @var UserModel $user */ ?> <?php /** @var UserModel $user */ ?>
<?php /** @var string $tickList */ ?> <?php /** @var string $tickList */ ?>
<div class="home-container"> <div class="home-container">
<section id="sidebar" class="home-sidebar"> <aside id="sidebar" class="home-sidebar">
<div class="home-header"> <dl class="profile-data">
<h1 class="site-description"><?= $config->siteDescription ?></h1> <dt>Current Status</dt>
</div> <dd class="profile-greeting">
<span class="greeting-content">
<span class="greeting-text">Hi, I'm <?php echo Util::escape_html($user->displayName) ?></span>
<span class="greeting-mood"><?php echo Util::escape_html($user->mood) ?></span>
</span>
<?php if (Session::isLoggedIn()): ?>
<a href="<?= $config->basePath ?>mood" class="change-mood">Change mood</a>
<?php endif ?>
</dd>
<?php if (!empty($user->about)): ?> <?php if (!empty($user->about)): ?>
<p>About: <?= $user->about ?></p> <dt>About</dt>
<dd class="profile-about">
<?php echo Util::escape_html($user->about) ?>
</dd>
<?php endif ?> <?php endif ?>
<?php if (!empty($user->website)): ?> <?php if (!empty($user->website)): ?>
<p>Website: <?= Util::linkify(Util::escape_html($user->website)) ?></p> <dt>Website</dt>
<dd class="profile-website">
<?php echo Util::linkify(Util::escape_html($user->website)) ?>
</dd>
<?php endif ?> <?php endif ?>
<?php if (!empty($user->mood) || Session::isLoggedIn()): ?> </dl>
<div class="profile-row">
<div class="mood-bar">
<span>Current mood: <?= $user->mood ?></span>
<?php if (Session::isLoggedIn()): ?> <?php if (Session::isLoggedIn()): ?>
<a href="<?= $config->basePath ?>mood">Change</a> <div class="profile-tick">
<?php endif; ?>
</div>
</div>
<?php endif; ?>
<?php if (Session::isLoggedIn()): ?>
<hr/>
<div class="profile-row">
<form class="tick-form" method="post"> <form class="tick-form" method="post">
<input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($_SESSION['csrf_token']) ?>">
<textarea name="tick" placeholder="What's ticking?" rows="3"></textarea> <textarea name="tick"
placeholder="What's ticking?"
minlength="1"
maxlength="200"
rows="3"></textarea>
<button type="submit" class="submit-btn">Tick</button> <button type="submit" class="submit-btn">Tick</button>
</form> </form>
</div> </div>
<?php endif; ?> <?php endif; ?>
</section> </aside>
<?php echo $tickList ?> <main id="ticks" class="home-main">
<div class="home-header">
<h1 class="site-description"><?= $config->siteDescription ?></h1>
</div>
<?php echo $tickList ?>
</main>
</div> </div>

5
templates/partials/login.php
View File

@ -2,12 +2,9 @@
<?php /** @var string $csrf_token */ ?> <?php /** @var string $csrf_token */ ?>
<?php /** @var string $error */ ?> <?php /** @var string $error */ ?>
<h2>Login</h2> <h2>Login</h2>
<?php if ($error): ?>
<p style="color:red"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<form method="post" action="<?= $config->basePath ?>login"> <form method="post" action="<?= $config->basePath ?>login">
<div class="fieldset-items"> <div class="fieldset-items">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>"> <input type="hidden" name="csrf_token" value="<?= Util::escape_html($csrf_token) ?>">
<label for="username">Username:</label> <label for="username">Username:</label>
<input type="text" id="username" name="username" required> <input type="text" id="username" name="username" required>
<label for="password">Password:</label> <label for="password">Password:</label>