diff --git a/core/module/config/config.php b/core/module/config/config.php index b5b5348c..d72b5f57 100644 --- a/core/module/config/config.php +++ b/core/module/config/config.php @@ -34,119 +34,119 @@ class config extends common ]; public static $timezones = [ - 'Pacific/Midway' => '(GMT-11:00) Midway Island', - 'US/Samoa' => '(GMT-11:00) Samoa', - 'US/Hawaii' => '(GMT-10:00) Hawaii', - 'US/Alaska' => '(GMT-09:00) Alaska', - 'US/Pacific' => '(GMT-08:00) Pacific Time (US & Canada)', - 'America/Tijuana' => '(GMT-08:00) Tijuana', - 'US/Arizona' => '(GMT-07:00) Arizona', - 'US/Mountain' => '(GMT-07:00) Mountain Time (US & Canada)', - 'America/Chihuahua' => '(GMT-07:00) Chihuahua', - 'America/Mazatlan' => '(GMT-07:00) Mazatlan', - 'America/Mexico_City' => '(GMT-06:00) Mexico City', - 'America/Monterrey' => '(GMT-06:00) Monterrey', - 'Canada/Saskatchewan' => '(GMT-06:00) Saskatchewan', - 'US/Central' => '(GMT-06:00) Central Time (US & Canada)', - 'US/Eastern' => '(GMT-05:00) Eastern Time (US & Canada)', - 'US/East-Indiana' => '(GMT-05:00) Indiana (East)', - 'America/Bogota' => '(GMT-05:00) Bogota', - 'America/Lima' => '(GMT-05:00) Lima', - 'America/Caracas' => '(GMT-04:30) Caracas', - 'Canada/Atlantic' => '(GMT-04:00) Atlantic Time (Canada)', - 'America/La_Paz' => '(GMT-04:00) La Paz', - 'America/Santiago' => '(GMT-04:00) Santiago', - 'Canada/Newfoundland' => '(GMT-03:30) Newfoundland', - 'America/Buenos_Aires' => '(GMT-03:00) Buenos Aires', - 'Greenland' => '(GMT-03:00) Greenland', - 'Atlantic/Stanley' => '(GMT-02:00) Stanley', - 'Atlantic/Azores' => '(GMT-01:00) Azores', - 'Atlantic/Cape_Verde' => '(GMT-01:00) Cape Verde Is.', - 'Africa/Casablanca' => '(GMT) Casablanca', - 'Europe/Dublin' => '(GMT) Dublin', - 'Europe/Lisbon' => '(GMT) Lisbon', - 'Europe/London' => '(GMT) London', - 'Africa/Monrovia' => '(GMT) Monrovia', - 'Europe/Amsterdam' => '(GMT+01:00) Amsterdam', - 'Europe/Belgrade' => '(GMT+01:00) Belgrade', - 'Europe/Berlin' => '(GMT+01:00) Berlin', - 'Europe/Bratislava' => '(GMT+01:00) Bratislava', - 'Europe/Brussels' => '(GMT+01:00) Brussels', - 'Europe/Budapest' => '(GMT+01:00) Budapest', - 'Europe/Copenhagen' => '(GMT+01:00) Copenhagen', - 'Europe/Ljubljana' => '(GMT+01:00) Ljubljana', - 'Europe/Madrid' => '(GMT+01:00) Madrid', - 'Europe/Paris' => '(GMT+01:00) Paris', - 'Europe/Prague' => '(GMT+01:00) Prague', - 'Europe/Rome' => '(GMT+01:00) Rome', - 'Europe/Sarajevo' => '(GMT+01:00) Sarajevo', - 'Europe/Skopje' => '(GMT+01:00) Skopje', - 'Europe/Stockholm' => '(GMT+01:00) Stockholm', - 'Europe/Vienna' => '(GMT+01:00) Vienna', - 'Europe/Warsaw' => '(GMT+01:00) Warsaw', - 'Europe/Zagreb' => '(GMT+01:00) Zagreb', - 'Europe/Athens' => '(GMT+02:00) Athens', - 'Europe/Bucharest' => '(GMT+02:00) Bucharest', - 'Africa/Cairo' => '(GMT+02:00) Cairo', - 'Africa/Harare' => '(GMT+02:00) Harare', - 'Europe/Helsinki' => '(GMT+02:00) Helsinki', - 'Europe/Istanbul' => '(GMT+02:00) Istanbul', - 'Asia/Jerusalem' => '(GMT+02:00) Jerusalem', - 'Europe/Kiev' => '(GMT+02:00) Kyiv', - 'Europe/Minsk' => '(GMT+02:00) Minsk', - 'Europe/Riga' => '(GMT+02:00) Riga', - 'Europe/Sofia' => '(GMT+02:00) Sofia', - 'Europe/Tallinn' => '(GMT+02:00) Tallinn', - 'Europe/Vilnius' => '(GMT+02:00) Vilnius', - 'Asia/Baghdad' => '(GMT+03:00) Baghdad', - 'Asia/Kuwait' => '(GMT+03:00) Kuwait', - 'Europe/Moscow' => '(GMT+03:00) Moscow', - 'Africa/Nairobi' => '(GMT+03:00) Nairobi', - 'Asia/Riyadh' => '(GMT+03:00) Riyadh', - 'Europe/Volgograd' => '(GMT+03:00) Volgograd', - 'Asia/Tehran' => '(GMT+03:30) Tehran', - 'Asia/Baku' => '(GMT+04:00) Baku', - 'Asia/Muscat' => '(GMT+04:00) Muscat', - 'Asia/Tbilisi' => '(GMT+04:00) Tbilisi', - 'Asia/Yerevan' => '(GMT+04:00) Yerevan', - 'Asia/Kabul' => '(GMT+04:30) Kabul', - 'Asia/Yekaterinburg' => '(GMT+05:00) Ekaterinburg', - 'Asia/Karachi' => '(GMT+05:00) Karachi', - 'Asia/Tashkent' => '(GMT+05:00) Tashkent', - 'Asia/Kolkata' => '(GMT+05:30) Kolkata', - 'Asia/Kathmandu' => '(GMT+05:45) Kathmandu', - 'Asia/Almaty' => '(GMT+06:00) Almaty', - 'Asia/Dhaka' => '(GMT+06:00) Dhaka', - 'Asia/Novosibirsk' => '(GMT+06:00) Novosibirsk', - 'Asia/Bangkok' => '(GMT+07:00) Bangkok', - 'Asia/Jakarta' => '(GMT+07:00) Jakarta', - 'Asia/Krasnoyarsk' => '(GMT+07:00) Krasnoyarsk', - 'Asia/Chongqing' => '(GMT+08:00) Chongqing', - 'Asia/Hong_Kong' => '(GMT+08:00) Hong Kong', - 'Asia/Irkutsk' => '(GMT+08:00) Irkutsk', - 'Asia/Kuala_Lumpur' => '(GMT+08:00) Kuala Lumpur', - 'Australia/Perth' => '(GMT+08:00) Perth', - 'Asia/Singapore' => '(GMT+08:00) Singapore', - 'Asia/Taipei' => '(GMT+08:00) Taipei', - 'Asia/Ulaanbaatar' => '(GMT+08:00) Ulaan Bataar', - 'Asia/Urumqi' => '(GMT+08:00) Urumqi', - 'Asia/Seoul' => '(GMT+09:00) Seoul', - 'Asia/Tokyo' => '(GMT+09:00) Tokyo', - 'Asia/Yakutsk' => '(GMT+09:00) Yakutsk', - 'Australia/Adelaide' => '(GMT+09:30) Adelaide', - 'Australia/Darwin' => '(GMT+09:30) Darwin', - 'Australia/Brisbane' => '(GMT+10:00) Brisbane', - 'Australia/Canberra' => '(GMT+10:00) Canberra', - 'Pacific/Guam' => '(GMT+10:00) Guam', - 'Australia/Hobart' => '(GMT+10:00) Hobart', - 'Australia/Melbourne' => '(GMT+10:00) Melbourne', - 'Pacific/Port_Moresby' => '(GMT+10:00) Port Moresby', - 'Australia/Sydney' => '(GMT+10:00) Sydney', - 'Asia/Vladivostok' => '(GMT+10:00) Vladivostok', - 'Asia/Magadan' => '(GMT+11:00) Magadan', - 'Pacific/Auckland' => '(GMT+12:00) Auckland', - 'Pacific/Fiji' => '(GMT+12:00) Fiji', - 'Asia/Kamchatka' => '(GMT+12:00) Kamchatka' + 'Pacific/Midway' => '(GMT-11:00) Midway Island', + 'US/Samoa' => '(GMT-11:00) Samoa', + 'US/Hawaii' => '(GMT-10:00) Hawaii', + 'US/Alaska' => '(GMT-09:00) Alaska', + 'US/Pacific' => '(GMT-08:00) Pacific Time (US & Canada)', + 'America/Tijuana' => '(GMT-08:00) Tijuana', + 'US/Arizona' => '(GMT-07:00) Arizona', + 'US/Mountain' => '(GMT-07:00) Mountain Time (US & Canada)', + 'America/Chihuahua' => '(GMT-07:00) Chihuahua', + 'America/Mazatlan' => '(GMT-07:00) Mazatlan', + 'America/Mexico_City' => '(GMT-06:00) Mexico City', + 'America/Monterrey' => '(GMT-06:00) Monterrey', + 'Canada/Saskatchewan' => '(GMT-06:00) Saskatchewan', + 'US/Central' => '(GMT-06:00) Central Time (US & Canada)', + 'US/Eastern' => '(GMT-05:00) Eastern Time (US & Canada)', + 'US/East-Indiana' => '(GMT-05:00) Indiana (East)', + 'America/Bogota' => '(GMT-05:00) Bogota', + 'America/Lima' => '(GMT-05:00) Lima', + 'America/Caracas' => '(GMT-04:30) Caracas', + 'Canada/Atlantic' => '(GMT-04:00) Atlantic Time (Canada)', + 'America/La_Paz' => '(GMT-04:00) La Paz', + 'America/Santiago' => '(GMT-04:00) Santiago', + 'Canada/Newfoundland' => '(GMT-03:30) Newfoundland', + 'America/Buenos_Aires' => '(GMT-03:00) Buenos Aires', + 'Greenland' => '(GMT-03:00) Greenland', + 'Atlantic/Stanley' => '(GMT-02:00) Stanley', + 'Atlantic/Azores' => '(GMT-01:00) Azores', + 'Atlantic/Cape_Verde' => '(GMT-01:00) Cape Verde Is.', + 'Africa/Casablanca' => '(GMT) Casablanca', + 'Europe/Dublin' => '(GMT) Dublin', + 'Europe/Lisbon' => '(GMT) Lisbon', + 'Europe/London' => '(GMT) London', + 'Africa/Monrovia' => '(GMT) Monrovia', + 'Europe/Amsterdam' => '(GMT+01:00) Amsterdam', + 'Europe/Belgrade' => '(GMT+01:00) Belgrade', + 'Europe/Berlin' => '(GMT+01:00) Berlin', + 'Europe/Bratislava' => '(GMT+01:00) Bratislava', + 'Europe/Brussels' => '(GMT+01:00) Brussels', + 'Europe/Budapest' => '(GMT+01:00) Budapest', + 'Europe/Copenhagen' => '(GMT+01:00) Copenhagen', + 'Europe/Ljubljana' => '(GMT+01:00) Ljubljana', + 'Europe/Madrid' => '(GMT+01:00) Madrid', + 'Europe/Paris' => '(GMT+01:00) Paris', + 'Europe/Prague' => '(GMT+01:00) Prague', + 'Europe/Rome' => '(GMT+01:00) Rome', + 'Europe/Sarajevo' => '(GMT+01:00) Sarajevo', + 'Europe/Skopje' => '(GMT+01:00) Skopje', + 'Europe/Stockholm' => '(GMT+01:00) Stockholm', + 'Europe/Vienna' => '(GMT+01:00) Vienna', + 'Europe/Warsaw' => '(GMT+01:00) Warsaw', + 'Europe/Zagreb' => '(GMT+01:00) Zagreb', + 'Europe/Athens' => '(GMT+02:00) Athens', + 'Europe/Bucharest' => '(GMT+02:00) Bucharest', + 'Africa/Cairo' => '(GMT+02:00) Cairo', + 'Africa/Harare' => '(GMT+02:00) Harare', + 'Europe/Helsinki' => '(GMT+02:00) Helsinki', + 'Europe/Istanbul' => '(GMT+02:00) Istanbul', + 'Asia/Jerusalem' => '(GMT+02:00) Jerusalem', + 'Europe/Kiev' => '(GMT+02:00) Kyiv', + 'Europe/Minsk' => '(GMT+02:00) Minsk', + 'Europe/Riga' => '(GMT+02:00) Riga', + 'Europe/Sofia' => '(GMT+02:00) Sofia', + 'Europe/Tallinn' => '(GMT+02:00) Tallinn', + 'Europe/Vilnius' => '(GMT+02:00) Vilnius', + 'Asia/Baghdad' => '(GMT+03:00) Baghdad', + 'Asia/Kuwait' => '(GMT+03:00) Kuwait', + 'Europe/Moscow' => '(GMT+03:00) Moscow', + 'Africa/Nairobi' => '(GMT+03:00) Nairobi', + 'Asia/Riyadh' => '(GMT+03:00) Riyadh', + 'Europe/Volgograd' => '(GMT+03:00) Volgograd', + 'Asia/Tehran' => '(GMT+03:30) Tehran', + 'Asia/Baku' => '(GMT+04:00) Baku', + 'Asia/Muscat' => '(GMT+04:00) Muscat', + 'Asia/Tbilisi' => '(GMT+04:00) Tbilisi', + 'Asia/Yerevan' => '(GMT+04:00) Yerevan', + 'Asia/Kabul' => '(GMT+04:30) Kabul', + 'Asia/Yekaterinburg' => '(GMT+05:00) Ekaterinburg', + 'Asia/Karachi' => '(GMT+05:00) Karachi', + 'Asia/Tashkent' => '(GMT+05:00) Tashkent', + 'Asia/Kolkata' => '(GMT+05:30) Kolkata', + 'Asia/Kathmandu' => '(GMT+05:45) Kathmandu', + 'Asia/Almaty' => '(GMT+06:00) Almaty', + 'Asia/Dhaka' => '(GMT+06:00) Dhaka', + 'Asia/Novosibirsk' => '(GMT+06:00) Novosibirsk', + 'Asia/Bangkok' => '(GMT+07:00) Bangkok', + 'Asia/Jakarta' => '(GMT+07:00) Jakarta', + 'Asia/Krasnoyarsk' => '(GMT+07:00) Krasnoyarsk', + 'Asia/Chongqing' => '(GMT+08:00) Chongqing', + 'Asia/Hong_Kong' => '(GMT+08:00) Hong Kong', + 'Asia/Irkutsk' => '(GMT+08:00) Irkutsk', + 'Asia/Kuala_Lumpur' => '(GMT+08:00) Kuala Lumpur', + 'Australia/Perth' => '(GMT+08:00) Perth', + 'Asia/Singapore' => '(GMT+08:00) Singapore', + 'Asia/Taipei' => '(GMT+08:00) Taipei', + 'Asia/Ulaanbaatar' => '(GMT+08:00) Ulaan Bataar', + 'Asia/Urumqi' => '(GMT+08:00) Urumqi', + 'Asia/Seoul' => '(GMT+09:00) Seoul', + 'Asia/Tokyo' => '(GMT+09:00) Tokyo', + 'Asia/Yakutsk' => '(GMT+09:00) Yakutsk', + 'Australia/Adelaide' => '(GMT+09:30) Adelaide', + 'Australia/Darwin' => '(GMT+09:30) Darwin', + 'Australia/Brisbane' => '(GMT+10:00) Brisbane', + 'Australia/Canberra' => '(GMT+10:00) Canberra', + 'Pacific/Guam' => '(GMT+10:00) Guam', + 'Australia/Hobart' => '(GMT+10:00) Hobart', + 'Australia/Melbourne' => '(GMT+10:00) Melbourne', + 'Pacific/Port_Moresby' => '(GMT+10:00) Port Moresby', + 'Australia/Sydney' => '(GMT+10:00) Sydney', + 'Asia/Vladivostok' => '(GMT+10:00) Vladivostok', + 'Asia/Magadan' => '(GMT+11:00) Magadan', + 'Pacific/Auckland' => '(GMT+12:00) Auckland', + 'Pacific/Fiji' => '(GMT+12:00) Fiji', + 'Asia/Kamchatka' => '(GMT+12:00) Kamchatka' ]; // Type de proxy public static $proxyType = [ @@ -187,7 +187,7 @@ class config extends common ]; public static $captchaTypes = [ 'num' => 'Chiffres', - 'alpha' => 'Lettres' + 'alpha' => 'Lettres' ]; public static $updateDelay = [ 86400 => '1', @@ -211,16 +211,26 @@ class config extends common */ public function siteMap() { + // La page n'existe pas + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } else { + // Mettre à jour le site map + $successSitemap = $this->updateSitemap(); - // Mettre à jour le site map - $successSitemap = $this->updateSitemap(); + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'config', + 'notification' => $successSitemap ? helper::translate('La carte du site a été mise à jour') : helper::translate('Echec de l\'écriture, vérifiez les permissions'), + 'state' => $successSitemap + ]); + } - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'config', - 'notification' => $successSitemap ? helper::translate('La carte du site a été mise à jour') : helper::translate('Echec de l\'écriture, vérifiez les permissions'), - 'state' => $successSitemap - ]); } @@ -289,7 +299,7 @@ class config extends common // Traitement des données reçues valides. - if (!empty($token) && $data !== false) { + if (!empty($token) && $data !== false) { $data = json_decode($data, true); $img = $data['screenshot']; // Effacer l'image et la miniature png @@ -302,9 +312,9 @@ class config extends common $success = copy($img, self::FILE_DIR . 'source/screenshot.jpg'); } - $notification = empty($token) + $notification = empty($token) ? 'La clé de l\'API ne peut pas être vide' - : ($success === false ? 'Service en ligne inaccessible' : 'Capture d\'écran générée avec succès'); + : ($success === false ? 'Service en ligne inaccessible' : 'Capture d\'écran générée avec succès'); // Valeurs en sortie $this->addOutput([ @@ -351,10 +361,10 @@ class config extends common } // Lire le contenu de l'archive dans le tableau files /* - for ($i = 0; $i < $zip->numFiles; $i++) { - $stat = $zip->statIndex($i); - $files[] = (basename($stat['name'])); - }*/ + for ($i = 0; $i < $zip->numFiles; $i++) { + $stat = $zip->statIndex($i); + $files[] = (basename($stat['name'])); + }*/ // Extraction de l'archive dans un dossier temporaire $tmpDir = uniqid(8); $success = $zip->extractTo(self::TEMP_DIR . $tmpDir); @@ -362,7 +372,7 @@ class config extends common $data = json_decode(file_get_contents(self::TEMP_DIR . $tmpDir . '/data/core.json'), true); $dataVersion = $data['core']['dataVersion']; // Version non prises en charge <9 ou erreur d'extraction - if (intval(substr($dataVersion, 0, 1)) <= 9 or !$success) { + if (intval(substr($dataVersion, 0, 1)) <= 9 or !$success) { // Valeurs en sortie erreur $this->addOutput([ 'title' => helper::translate('Restaurer'), @@ -393,8 +403,8 @@ class config extends common } // Message de notification - $notification = $success === true ? 'Restauration effectuée avec succès' : 'Erreur inconnue'; - $redirect = $this->getInput('configRestoreImportUser', helper::FILTER_BOOLEAN) === true ? helper::baseUrl() . 'config/restore' : helper::baseUrl() . 'user/login/'; + $notification = $success === true ? 'Restauration effectuée avec succès' : 'Erreur inconnue'; + $redirect = $this->getInput('configRestoreImportUser', helper::FILTER_BOOLEAN) === true ? helper::baseUrl() . 'config/restore' : helper::baseUrl() . 'user/login/'; // Valeurs en sortie erreur $this->addOutput([ 'redirect' => $redirect, @@ -455,7 +465,7 @@ class config extends common 'redditId' => $this->getInput('socialRedditId'), 'twitchId' => $this->getInput('socialTwitchId'), 'vimeoId' => $this->getInput('socialVimeoId'), - 'steamId' =>$this->getInput('socialSteamId'), + 'steamId' => $this->getInput('socialSteamId'), ], 'smtp' => [ 'enable' => $this->getInput('smtpEnable', helper::FILTER_BOOLEAN), @@ -464,7 +474,7 @@ class config extends common 'auth' => $this->getInput('smtpAuth', helper::FILTER_BOOLEAN), 'secure' => $this->getInput('smtpSecure', helper::FILTER_STRING_SHORT), 'username' => $this->getInput('smtpUsername', helper::FILTER_STRING_SHORT), - 'password' => helper::encrypt($this->getInput('smtpPassword', helper::FILTER_STRING_SHORT),$this->getInput('smtpHost', helper::FILTER_STRING_SHORT)), + 'password' => helper::encrypt($this->getInput('smtpPassword', helper::FILTER_STRING_SHORT), $this->getInput('smtpHost', helper::FILTER_STRING_SHORT)), 'from' => $this->getInput('smtpFrom', helper::FILTER_MAIL, true), ], 'seo' => [ @@ -494,7 +504,8 @@ class config extends common unlink($filename); } } - if (file_exists('site/data/.backup')) unlink('site/data/.backup'); + if (file_exists('site/data/.backup')) + unlink('site/data/.backup'); } else { touch('site/data/.backup'); } @@ -508,8 +519,8 @@ class config extends common ) { // Ajout des lignes dans le .htaccess $fileContent = file_get_contents('.htaccess'); - $rewriteData = PHP_EOL . - '# URL rewriting' . PHP_EOL . + $rewriteData = PHP_EOL . + '# URL rewriting' . PHP_EOL . '' . PHP_EOL . "\tRewriteEngine on" . PHP_EOL . "\tRewriteBase " . helper::baseUrl(false, false) . PHP_EOL . @@ -574,7 +585,7 @@ class config extends common } // Sélecteur de délais, compléter avec la traduction en jours - foreach(self::$updateDelay as $key => $value) { + foreach (self::$updateDelay as $key => $value) { self::$updateDelay[$key] = $key === 86400 ? $value . ' ' . helper::translate('jour') : $value . ' ' . helper::translate('jours'); } @@ -690,7 +701,7 @@ class config extends common $data = ''; foreach ($d as $key => $item) { $data .= helper::dateUTF8('%Y %m %d', $item['lastFail']) . ' - ' . helper::dateUTF8('%H:%M', time()); - $data .= $key . ';' . $item['ip'] . ';' . $item['connectFail'] . PHP_EOL; + $data .= $key . ';' . $item['ip'] . ';' . $item['connectFail'] . PHP_EOL; } file_put_contents($fileName, $data, FILE_APPEND); header('Content-Description: File Transfer'); @@ -780,4 +791,4 @@ class config extends common 'state' => true ]); } -} +} \ No newline at end of file diff --git a/core/module/install/install.php b/core/module/install/install.php index 73d34740..ab66772e 100644 --- a/core/module/install/install.php +++ b/core/module/install/install.php @@ -416,14 +416,24 @@ class install extends common */ public function update() { - // Nouvelle version - self::$newVersion = helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/version'); - // Valeurs en sortie - $this->addOutput([ - 'display' => self::DISPLAY_LAYOUT_LIGHT, - 'title' => helper::translate('Mise à jour'), - 'view' => 'update' - ]); + // Action interdite + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } else { + // Nouvelle version + self::$newVersion = helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/version'); + // Valeurs en sortie + $this->addOutput([ + 'display' => self::DISPLAY_LAYOUT_LIGHT, + 'title' => helper::translate('Mise à jour'), + 'view' => 'update' + ]); + } } } \ No newline at end of file diff --git a/core/module/page/page.php b/core/module/page/page.php index a4e12f45..0c2661ef 100644 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -182,18 +182,14 @@ class page extends common // $url prend l'adresse sans le token $page = $this->getUrl(2); // La page n'existe pas - if ($this->getData(['page', $page]) === null) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['page', $page]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); - } // Action interdite - elseif ($this->checkCSRF()) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'page/edit/' . $page, - 'notification' => helper::translate('Jeton invalide') - ]); } // Impossible de supprimer la page d'accueil elseif ($page === $this->getData(['locale', 'homePageId'])) { @@ -288,7 +284,10 @@ class page extends common public function edit() { // La page n'existe pas - if ($this->getData(['page', $this->getUrl(2)]) === null) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['page', $this->getUrl(2)]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false @@ -602,13 +601,14 @@ class page extends common * Retourne les informations sur les pages en omettant les clés CSS et JS qui occasionnent des bugs d'affichage dans l'éditeur de page * @return array tableau associatif des pages dans le menu */ - public function getPageInfo() { + public function getPageInfo() + { $p = $this->getData(['page']); - $d = array_map(function($d) { + $d = array_map(function ($d) { unset($d["css"], $d["js"]); return $d; }, $p); - return json_encode($d); + return json_encode($d); } } \ No newline at end of file diff --git a/core/module/plugin/plugin.php b/core/module/plugin/plugin.php index 04cd8b1a..a2f16071 100644 --- a/core/module/plugin/plugin.php +++ b/core/module/plugin/plugin.php @@ -63,12 +63,10 @@ class plugin extends common { // Action interdite - if ($this->checkCSRF()) { + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'plugin', - 'state' => false, - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { // Suppression des dossiers @@ -243,13 +241,14 @@ class plugin extends common : helper::translate('Erreur inconnue, le module n\'est pas installé') ]); } else { + // Supprimer le dossier temporaire + $this->removeDir(self::TEMP_DIR . $tempFolder); + $zip->close(); return ([ 'success' => false, 'notification' => helper::translate('Erreur inconnue, le module n\'est pas installé') ]); - // Supprimer le dossier temporaire - $this->removeDir(self::TEMP_DIR . $tempFolder); - $zip->close(); + } } else { // Message de retour @@ -266,6 +265,7 @@ class plugin extends common public function upload() { // Soumission du formulaire + if ($this->isPost()) { // Installation d'un module $checkValidMaj = $this->getInput('configModulesCheck', helper::FILTER_BOOLEAN); @@ -292,12 +292,10 @@ class plugin extends common public function uploadItem() { // Action interdite - if ($this->checkCSRF()) { + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'store', - 'state' => false, - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { // Récupérer le module en ligne @@ -572,15 +570,12 @@ class plugin extends common public function save() { // Action interdite - if ($this->checkCSRF()) { + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'plugin', - 'state' => false, - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { - // Créer un dossier temporaire $tmpFolder = self::TEMP_DIR . uniqid(); if (!is_dir($tmpFolder)) { @@ -646,12 +641,10 @@ class plugin extends common public function dataDelete() { // Action interdite - if ($this->checkCSRF()) { + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'plugin', - 'state' => false, - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { $this->setData(['page', $this->getUrl(4), 'moduleId', '']); @@ -672,20 +665,16 @@ class plugin extends common * 2 : i18n id * 3 : moduleId * 4 : pageId - * 5 : CSRF */ public function dataExport() { // Action interdite - if ($this->checkCSRF()) { + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'plugin', - 'state' => false, - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { - // Créer un dossier temporaire $tmpFolder = self::TEMP_DIR . uniqid(); if (!is_dir($tmpFolder)) { @@ -769,7 +758,6 @@ class plugin extends common */ public function dataImport() { - // Soumission du formulaire d'importation du module dans une page libre if ($this->isPost()) { // Récupérer le fichier et le décompacter diff --git a/core/module/theme/theme.php b/core/module/theme/theme.php index 079c923e..895ba5fc 100644 --- a/core/module/theme/theme.php +++ b/core/module/theme/theme.php @@ -105,7 +105,8 @@ class theme extends common '2.4vmax' => '240%' ]; public static $headerHeights = [ - 'unset' => 'Libre', // texte dynamique cf header.js.php + 'unset' => 'Libre', + // texte dynamique cf header.js.php '100px' => '100px', '150px' => '150px', '200px' => '200px', @@ -119,7 +120,7 @@ class theme extends common ]; public static $headerFeatures = [ 'wallpaper' => 'Couleur unie ou papier-peint', - 'feature' => 'Contenu HTML' + 'feature' => 'Contenu HTML' ]; public static $imagePositions = [ 'top left' => 'En haut à gauche', @@ -249,21 +250,24 @@ class theme extends common { // Soumission du formulaire if ($this->isPost()) { - $this->setData(['admin', [ - 'backgroundColor' => $this->getInput('adminBackgroundColor'), - 'colorTitle' => $this->getInput('adminColorTitle'), - 'colorText' => $this->getInput('adminColorText'), - 'backgroundColorButton' => $this->getInput('adminColorButton'), - 'backgroundColorButtonGrey' => $this->getInput('adminColorGrey'), - 'backgroundColorButtonRed' => $this->getInput('adminColorRed'), - 'backgroundColorButtonGreen' => $this->getInput('adminColorGreen'), - 'backgroundColorButtonHelp' => $this->getInput('adminColorHelp'), - 'fontText' => $this->getInput('adminFontText'), - 'fontSize' => $this->getInput('adminFontTextSize'), - 'fontTitle' => $this->getInput('adminFontTitle'), - 'backgroundBlockColor' => $this->getInput('adminBackGroundBlockColor'), - 'borderBlockColor' => $this->getInput('adminBorderBlockColor'), - ]]); + $this->setData([ + 'admin', + [ + 'backgroundColor' => $this->getInput('adminBackgroundColor'), + 'colorTitle' => $this->getInput('adminColorTitle'), + 'colorText' => $this->getInput('adminColorText'), + 'backgroundColorButton' => $this->getInput('adminColorButton'), + 'backgroundColorButtonGrey' => $this->getInput('adminColorGrey'), + 'backgroundColorButtonRed' => $this->getInput('adminColorRed'), + 'backgroundColorButtonGreen' => $this->getInput('adminColorGreen'), + 'backgroundColorButtonHelp' => $this->getInput('adminColorHelp'), + 'fontText' => $this->getInput('adminFontText'), + 'fontSize' => $this->getInput('adminFontTextSize'), + 'fontTitle' => $this->getInput('adminFontTitle'), + 'backgroundBlockColor' => $this->getInput('adminBackGroundBlockColor'), + 'borderBlockColor' => $this->getInput('adminBorderBlockColor'), + ] + ]); // Valeurs en sortie $this->addOutput([ 'notification' => helper::translate('Modifications enregistrées'), @@ -318,16 +322,20 @@ class theme extends common { // Soumission du formulaire if ($this->isPost()) { - $this->setData(['theme', 'body', [ - 'backgroundColor' => $this->getInput('themeBodyBackgroundColor'), - 'image' => $this->getInput('themeBodyImage'), - 'imageAttachment' => $this->getInput('themeBodyImageAttachment'), - 'imagePosition' => $this->getInput('themeBodyImagePosition'), - 'imageRepeat' => $this->getInput('themeBodyImageRepeat'), - 'imageSize' => $this->getInput('themeBodyImageSize'), - 'toTopbackgroundColor' => $this->getInput('themeBodyToTopBackground'), - 'toTopColor' => $this->getInput('themeBodyToTopColor') - ]]); + $this->setData([ + 'theme', + 'body', + [ + 'backgroundColor' => $this->getInput('themeBodyBackgroundColor'), + 'image' => $this->getInput('themeBodyImage'), + 'imageAttachment' => $this->getInput('themeBodyImageAttachment'), + 'imagePosition' => $this->getInput('themeBodyImagePosition'), + 'imageRepeat' => $this->getInput('themeBodyImageRepeat'), + 'imageSize' => $this->getInput('themeBodyImageSize'), + 'toTopbackgroundColor' => $this->getInput('themeBodyToTopBackground'), + 'toTopColor' => $this->getInput('themeBodyToTopColor') + ] + ]); // Valeurs en sortie $this->addOutput([ 'notification' => helper::translate('Modifications enregistrées'), @@ -364,34 +372,38 @@ class theme extends common 'state' => false ]); } else { - $this->setData(['theme', 'footer', [ - 'backgroundColor' => $this->getInput('themeFooterBackgroundColor'), - 'copyrightAlign' => $this->getInput('themeFooterCopyrightAlign'), - 'height' => $this->getInput('themeFooterHeight'), - 'loginLink' => $this->getInput('themeFooterLoginLink'), - 'margin' => $this->getInput('themeFooterMargin', helper::FILTER_BOOLEAN), - 'position' => $this->getInput('themeFooterPosition'), - 'fixed' => $this->getInput('themeFooterFixed', helper::FILTER_BOOLEAN), - 'socialsAlign' => $this->getInput('themeFooterSocialsAlign'), - 'text' => $this->getInput('themeFooterText', null), - 'textAlign' => $this->getInput('themeFooterTextAlign'), - 'textColor' => $this->getInput('themeFooterTextColor'), - 'copyrightPosition' => $this->getInput('themeFooterCopyrightPosition'), - 'textPosition' => $this->getInput('themeFooterTextPosition'), - 'socialsPosition' => $this->getInput('themeFooterSocialsPosition'), - 'textTransform' => $this->getInput('themeFooterTextTransform'), - 'font' => $this->getInput('themeFooterFont'), - 'fontSize' => $this->getInput('themeFooterFontSize'), - 'fontWeight' => $this->getInput('themeFooterFontWeight'), - 'displayVersion' => $this->getInput('themefooterDisplayVersion', helper::FILTER_BOOLEAN), - 'displaySiteMap' => $this->getInput('themefooterDisplaySiteMap', helper::FILTER_BOOLEAN), - 'displayCopyright' => $this->getInput('themefooterDisplayCopyright', helper::FILTER_BOOLEAN), - 'displayCookie' => $this->getInput('themefooterDisplayCookie', helper::FILTER_BOOLEAN), - 'displayLegal' => $this->getInput('themeFooterDisplayLegal', helper::FILTER_BOOLEAN), - 'displaySearch' => $this->getInput('themeFooterDisplaySearch', helper::FILTER_BOOLEAN), - 'memberBar' => $this->getInput('themeFooterMemberBar', helper::FILTER_BOOLEAN), - 'template' => $this->getInput('themeFooterTemplate') - ]]); + $this->setData([ + 'theme', + 'footer', + [ + 'backgroundColor' => $this->getInput('themeFooterBackgroundColor'), + 'copyrightAlign' => $this->getInput('themeFooterCopyrightAlign'), + 'height' => $this->getInput('themeFooterHeight'), + 'loginLink' => $this->getInput('themeFooterLoginLink'), + 'margin' => $this->getInput('themeFooterMargin', helper::FILTER_BOOLEAN), + 'position' => $this->getInput('themeFooterPosition'), + 'fixed' => $this->getInput('themeFooterFixed', helper::FILTER_BOOLEAN), + 'socialsAlign' => $this->getInput('themeFooterSocialsAlign'), + 'text' => $this->getInput('themeFooterText', null), + 'textAlign' => $this->getInput('themeFooterTextAlign'), + 'textColor' => $this->getInput('themeFooterTextColor'), + 'copyrightPosition' => $this->getInput('themeFooterCopyrightPosition'), + 'textPosition' => $this->getInput('themeFooterTextPosition'), + 'socialsPosition' => $this->getInput('themeFooterSocialsPosition'), + 'textTransform' => $this->getInput('themeFooterTextTransform'), + 'font' => $this->getInput('themeFooterFont'), + 'fontSize' => $this->getInput('themeFooterFontSize'), + 'fontWeight' => $this->getInput('themeFooterFontWeight'), + 'displayVersion' => $this->getInput('themefooterDisplayVersion', helper::FILTER_BOOLEAN), + 'displaySiteMap' => $this->getInput('themefooterDisplaySiteMap', helper::FILTER_BOOLEAN), + 'displayCopyright' => $this->getInput('themefooterDisplayCopyright', helper::FILTER_BOOLEAN), + 'displayCookie' => $this->getInput('themefooterDisplayCookie', helper::FILTER_BOOLEAN), + 'displayLegal' => $this->getInput('themeFooterDisplayLegal', helper::FILTER_BOOLEAN), + 'displaySearch' => $this->getInput('themeFooterDisplaySearch', helper::FILTER_BOOLEAN), + 'memberBar' => $this->getInput('themeFooterMemberBar', helper::FILTER_BOOLEAN), + 'template' => $this->getInput('themeFooterTemplate') + ] + ]); // Sauvegarder la configuration localisée $this->setData(['locale', 'legalPageId', $this->getInput('configLegalPageId')]); @@ -453,29 +465,33 @@ class theme extends common } // Sauvegarder - $this->setData(['theme', 'header', [ - 'backgroundColor' => $this->getInput('themeHeaderBackgroundColor'), - 'font' => $this->getInput('themeHeaderFont'), - 'fontSize' => $this->getInput('themeHeaderFontSize'), - 'fontWeight' => $this->getInput('themeHeaderFontWeight'), - 'height' => $this->getInput('themeHeaderHeight'), - 'wide' => $this->getInput('themeHeaderWide'), - 'image' => $this->getInput('themeHeaderImage'), - 'imagePosition' => $this->getInput('themeHeaderImagePosition'), - 'imageRepeat' => $this->getInput('themeHeaderImageRepeat'), - 'margin' => $this->getInput('themeHeaderMargin', helper::FILTER_BOOLEAN), - 'position' => $this->getInput('themeHeaderPosition'), - 'textAlign' => $this->getInput('themeHeaderTextAlign'), - 'textColor' => $this->getInput('themeHeaderTextColor'), - 'textHide' => $this->getInput('themeHeaderTextHide', helper::FILTER_BOOLEAN), - 'textTransform' => $this->getInput('themeHeaderTextTransform'), - 'linkHomePage' => $this->getInput('themeHeaderlinkHomePage', helper::FILTER_BOOLEAN), - 'imageContainer' => $this->getInput('themeHeaderImageContainer'), - 'tinyHidden' => $this->getInput('themeHeaderTinyHidden', helper::FILTER_BOOLEAN), - 'feature' => $this->getInput('themeHeaderFeature'), - 'featureContent' => $featureContent, - 'featureFiles' => $files - ]]); + $this->setData([ + 'theme', + 'header', + [ + 'backgroundColor' => $this->getInput('themeHeaderBackgroundColor'), + 'font' => $this->getInput('themeHeaderFont'), + 'fontSize' => $this->getInput('themeHeaderFontSize'), + 'fontWeight' => $this->getInput('themeHeaderFontWeight'), + 'height' => $this->getInput('themeHeaderHeight'), + 'wide' => $this->getInput('themeHeaderWide'), + 'image' => $this->getInput('themeHeaderImage'), + 'imagePosition' => $this->getInput('themeHeaderImagePosition'), + 'imageRepeat' => $this->getInput('themeHeaderImageRepeat'), + 'margin' => $this->getInput('themeHeaderMargin', helper::FILTER_BOOLEAN), + 'position' => $this->getInput('themeHeaderPosition'), + 'textAlign' => $this->getInput('themeHeaderTextAlign'), + 'textColor' => $this->getInput('themeHeaderTextColor'), + 'textHide' => $this->getInput('themeHeaderTextHide', helper::FILTER_BOOLEAN), + 'textTransform' => $this->getInput('themeHeaderTextTransform'), + 'linkHomePage' => $this->getInput('themeHeaderlinkHomePage', helper::FILTER_BOOLEAN), + 'imageContainer' => $this->getInput('themeHeaderImageContainer'), + 'tinyHidden' => $this->getInput('themeHeaderTinyHidden', helper::FILTER_BOOLEAN), + 'feature' => $this->getInput('themeHeaderFeature'), + 'featureContent' => $featureContent, + 'featureFiles' => $files + ] + ]); // Modification de la position du menu selon la position de la bannière if ($this->getData(['theme', 'header', 'position']) == 'site') { $this->setData(['theme', 'menu', 'position', str_replace('body-', 'site-', $this->getData(['theme', 'menu', 'position']))]); @@ -535,30 +551,34 @@ class theme extends common { // Soumission du formulaire if ($this->isPost()) { - $this->setData(['theme', 'menu', [ - 'backgroundColor' => $this->getInput('themeMenuBackgroundColor'), - 'backgroundColorSub' => $this->getInput('themeMenuBackgroundColorSub'), - 'font' => $this->getInput('themeMenuFont'), - 'fontSize' => $this->getInput('themeMenuFontSize'), - 'fontWeight' => $this->getInput('themeMenuFontWeight'), - 'height' => $this->getInput('themeMenuHeight'), - 'wide' => $this->getInput('themeMenuWide'), - 'loginLink' => $this->getInput('themeMenuLoginLink', helper::FILTER_BOOLEAN), - 'margin' => $this->getInput('themeMenuMargin', helper::FILTER_BOOLEAN), - 'position' => $this->getInput('themeMenuPosition'), - 'textAlign' => $this->getInput('themeMenuTextAlign'), - 'textColor' => $this->getInput('themeMenuTextColor'), - 'textTransform' => $this->getInput('themeMenuTextTransform'), - 'fixed' => $this->getInput('themeMenuFixed', helper::FILTER_BOOLEAN), - 'activeColorAuto' => $this->getInput('themeMenuActiveColorAuto', helper::FILTER_BOOLEAN), - 'activeColor' => $this->getInput('themeMenuActiveColor'), - 'activeTextColor' => $this->getInput('themeMenuActiveTextColor'), - 'radius' => $this->getInput('themeMenuRadius'), - 'burgerTitle' => $this->getInput('themeMenuBurgerTitle', helper::FILTER_BOOLEAN), - 'memberBar' => $this->getInput('themeMenuMemberBar', helper::FILTER_BOOLEAN), - 'burgerLogo' => $this->getInput('themeMenuBurgerLogo'), - 'burgerContent' => $this->getInput('themeMenuBurgerContent') - ]]); + $this->setData([ + 'theme', + 'menu', + [ + 'backgroundColor' => $this->getInput('themeMenuBackgroundColor'), + 'backgroundColorSub' => $this->getInput('themeMenuBackgroundColorSub'), + 'font' => $this->getInput('themeMenuFont'), + 'fontSize' => $this->getInput('themeMenuFontSize'), + 'fontWeight' => $this->getInput('themeMenuFontWeight'), + 'height' => $this->getInput('themeMenuHeight'), + 'wide' => $this->getInput('themeMenuWide'), + 'loginLink' => $this->getInput('themeMenuLoginLink', helper::FILTER_BOOLEAN), + 'margin' => $this->getInput('themeMenuMargin', helper::FILTER_BOOLEAN), + 'position' => $this->getInput('themeMenuPosition'), + 'textAlign' => $this->getInput('themeMenuTextAlign'), + 'textColor' => $this->getInput('themeMenuTextColor'), + 'textTransform' => $this->getInput('themeMenuTextTransform'), + 'fixed' => $this->getInput('themeMenuFixed', helper::FILTER_BOOLEAN), + 'activeColorAuto' => $this->getInput('themeMenuActiveColorAuto', helper::FILTER_BOOLEAN), + 'activeColor' => $this->getInput('themeMenuActiveColor'), + 'activeTextColor' => $this->getInput('themeMenuActiveTextColor'), + 'radius' => $this->getInput('themeMenuRadius'), + 'burgerTitle' => $this->getInput('themeMenuBurgerTitle', helper::FILTER_BOOLEAN), + 'memberBar' => $this->getInput('themeMenuMemberBar', helper::FILTER_BOOLEAN), + 'burgerLogo' => $this->getInput('themeMenuBurgerLogo'), + 'burgerContent' => $this->getInput('themeMenuBurgerContent') + ] + ]); // Valeurs en sortie $this->addOutput([ 'notification' => helper::translate('Modifications enregistrées'), @@ -591,19 +611,19 @@ class theme extends common // Polices liées au thème $used = [ - 'Bannière' => $this->getData(['theme', 'header', 'font']), - 'Menu' => $this->getData(['theme', 'menu', 'font']), - 'Titre ' => $this->getData(['theme', 'title', 'font']), - 'Texte' => $this->getData(['theme', 'text', 'font']), - 'Pied de page' => $this->getData(['theme', 'footer', 'font']), + 'Bannière' => $this->getData(['theme', 'header', 'font']), + 'Menu' => $this->getData(['theme', 'menu', 'font']), + 'Titre ' => $this->getData(['theme', 'title', 'font']), + 'Texte' => $this->getData(['theme', 'text', 'font']), + 'Pied de page' => $this->getData(['theme', 'footer', 'font']), 'Titre (admin)' => $this->getData(['admin', 'fontTitle']), 'Admin (texte)' => $this->getData(['admin', 'fontText']) ]; // Récupérer le détail des fontes installées //$f = $this->getFonts(); - $f['files'] = $this->getData(['font', 'files']); - $f['imported'] = $this->getData(['font', 'imported']); + $f['files'] = $this->getData(['font', 'files']); + $f['imported'] = $this->getData(['font', 'imported']); $f['websafe'] = self::$fontsWebSafe; // Parcourir les fontes disponibles et construire le tableau pour le formulaire @@ -614,7 +634,7 @@ class theme extends common $fontUsed[$fontId] = ''; foreach ($used as $key => $value) { if ($value === $fontId) { - $fontUsed[$fontId] .= $key . '
'; + $fontUsed[$fontId] .= $key . '
'; } } self::$fontsDetail[] = [ @@ -623,20 +643,20 @@ class theme extends common $f[$type][$fontId]['font-family'], $fontUsed[$fontId], $type, - $type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [ + $type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [ 'class' => 'themeFontEdit', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId, + 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId, 'value' => template::ico('pencil'), 'disabled' => !empty($fontUsed[$fontId]) ]) - : '', - $type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [ + : '', + $type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [ 'class' => 'themeFontDelete buttonRed', 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId, 'value' => template::ico('cancel'), 'disabled' => !empty($fontUsed[$fontId]) ]) - : '' + : '' ]; } } @@ -663,7 +683,7 @@ class theme extends common if (!empty($ressource)) { $fontId = $this->getInput('fontAddFontId', null, true); $fontName = $this->getInput('fontAddFontName', null, true); - $fontFamilyName = $this->getInput('fontAddFontFamilyName', null, true); + $fontFamilyName = $this->getInput('fontAddFontFamilyName', null, true); // Remplace les doubles quotes par des simples quotes $fontFamilyName = str_replace('"', '\'', $fontFamilyName); @@ -676,7 +696,8 @@ class theme extends common $this->setData([ 'font', $type, - $fontId, [ + $fontId, + [ 'name' => $fontName, 'font-family' => $fontFamilyName, 'resource' => $ressource @@ -724,10 +745,10 @@ class theme extends common if ($this->isPost()) { // Type d'import en ligne ou local $type = $this->getInput('fontEditUrl', helper::FILTER_BOOLEAN) ? 'imported' : 'files'; - $ressource = $type === 'imported' ? $this->getInput('fontEditUrl', null) : $this->getInput('fontEditFile', null); - $fontId = $this->getInput('fontEditFontId', null, true); + $ressource = $type === 'imported' ? $this->getInput('fontEditUrl', null) : $this->getInput('fontEditFile', null); + $fontId = $this->getInput('fontEditFontId', null, true); $fontName = $this->getInput('fontEditFontName', null, true); - $fontFamilyName = $this->getInput('fontEditFontFamilyName', null, true); + $fontFamilyName = $this->getInput('fontEditFontFamilyName', null, true); // Remplace les doubles quotes par des simples quotes $fontFamilyName = str_replace('"', '\'', $fontFamilyName); @@ -741,7 +762,8 @@ class theme extends common $this->setData([ 'font', $type, - $fontId, [ + $fontId, + [ 'name' => $fontName, 'font-family' => $fontFamilyName, 'resource' => $ressource @@ -775,11 +797,14 @@ class theme extends common public function fontDelete() { // Action interdite - if ($this->checkCSRF()) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->checkCSRF() + ) { + // Valeurs en sortie // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'theme/fonts', - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } // Suppression @@ -798,7 +823,7 @@ class theme extends common // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'theme/fonts', + 'redirect' => helper::baseUrl() . 'theme/fonts', 'notification' => helper::translate('Fonte supprimée'), 'state' => true ]); @@ -811,32 +836,41 @@ class theme extends common */ public function reset() { - // Réinitialisation - $redirect = ''; - switch ($this->getUrl(2)) { - case 'admin': - $this->initData('admin', self::$i18nUI); - $redirect = helper::baseUrl() . 'theme/admin'; - break; - case 'manage': - $this->initData('theme', self::$i18nUI); - $redirect = helper::baseUrl() . 'theme/manage'; - break; - case 'custom': - unlink(self::DATA_DIR . 'custom.css'); - $redirect = helper::baseUrl() . 'theme/advanced'; - break; - default: - $redirect = helper::baseUrl() . 'theme'; + // Action interdite + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } else { + // Réinitialisation + $redirect = ''; + switch ($this->getUrl(2)) { + case 'admin': + $this->initData('admin', self::$i18nUI); + $redirect = helper::baseUrl() . 'theme/admin'; + break; + case 'manage': + $this->initData('theme', self::$i18nUI); + $redirect = helper::baseUrl() . 'theme/manage'; + break; + case 'custom': + unlink(self::DATA_DIR . 'custom.css'); + $redirect = helper::baseUrl() . 'theme/advanced'; + break; + default: + $redirect = helper::baseUrl() . 'theme'; + } + + // Valeurs en sortie + $this->addOutput([ + 'notification' => helper::translate('Thème réinitialisé'), + 'redirect' => $redirect, + 'state' => true + ]); } - - // Valeurs en sortie - $this->addOutput([ - 'notification' => helper::translate('Thème réinitialisé'), - 'redirect' => $redirect, - 'state' => true - ]); - } @@ -847,32 +881,52 @@ class theme extends common { // Soumission du formulaire if ($this->isPost()) { - $this->setData(['theme', 'title', [ - 'font' => $this->getInput('themeTitleFont'), - 'textColor' => $this->getInput('themeTitleTextColor'), - 'fontWeight' => $this->getInput('themeTitleFontWeight'), - 'textTransform' => $this->getInput('themeTitleTextTransform') - ]]); - $this->setData(['theme', 'text', [ - 'font' => $this->getInput('themeTextFont'), - 'fontSize' => $this->getInput('themeTextFontSize'), - 'textColor' => $this->getInput('themeTextTextColor'), - 'linkColor' => $this->getInput('themeTextLinkColor') - ]]); - $this->setData(['theme', 'site', [ - 'backgroundColor' => $this->getInput('themeSiteBackgroundColor'), - 'radius' => $this->getInput('themeSiteRadius'), - 'shadow' => $this->getInput('themeSiteShadow'), - 'width' => $this->getInput('themeSiteWidth'), - 'margin' => $this->getInput('themeSiteMargin', helper::FILTER_BOOLEAN) - ]]); - $this->setData(['theme', 'button', [ - 'backgroundColor' => $this->getInput('themeButtonBackgroundColor') - ]]); - $this->setData(['theme', 'block', [ - 'backgroundColor' => $this->getInput('themeBlockBackgroundColor'), - 'borderColor' => $this->getInput('themeBlockBorderColor') - ]]); + $this->setData([ + 'theme', + 'title', + [ + 'font' => $this->getInput('themeTitleFont'), + 'textColor' => $this->getInput('themeTitleTextColor'), + 'fontWeight' => $this->getInput('themeTitleFontWeight'), + 'textTransform' => $this->getInput('themeTitleTextTransform') + ] + ]); + $this->setData([ + 'theme', + 'text', + [ + 'font' => $this->getInput('themeTextFont'), + 'fontSize' => $this->getInput('themeTextFontSize'), + 'textColor' => $this->getInput('themeTextTextColor'), + 'linkColor' => $this->getInput('themeTextLinkColor') + ] + ]); + $this->setData([ + 'theme', + 'site', + [ + 'backgroundColor' => $this->getInput('themeSiteBackgroundColor'), + 'radius' => $this->getInput('themeSiteRadius'), + 'shadow' => $this->getInput('themeSiteShadow'), + 'width' => $this->getInput('themeSiteWidth'), + 'margin' => $this->getInput('themeSiteMargin', helper::FILTER_BOOLEAN) + ] + ]); + $this->setData([ + 'theme', + 'button', + [ + 'backgroundColor' => $this->getInput('themeButtonBackgroundColor') + ] + ]); + $this->setData([ + 'theme', + 'block', + [ + 'backgroundColor' => $this->getInput('themeBlockBackgroundColor'), + 'borderColor' => $this->getInput('themeBlockBorderColor') + ] + ]); // Valeurs en sortie $this->addOutput([ 'notification' => helper::translate('Modifications enregistrées'), @@ -902,7 +956,7 @@ class theme extends common { if ($this->isPost()) { - $zipFilename = $this->getInput('themeManageImport', helper::FILTER_STRING_SHORT, true); + $zipFilename = $this->getInput('themeManageImport', helper::FILTER_STRING_SHORT, true); $data = $this->import(self::FILE_DIR . 'source/' . $zipFilename); if ($data['success']) { header("Refresh:0"); @@ -913,7 +967,8 @@ class theme extends common 'notification' => $data['notification'], 'state' => $data['success'], 'view' => 'manage' - ]);; + ]); + ; } } // Valeurs en sortie @@ -1015,18 +1070,28 @@ class theme extends common */ public function export() { - // Make zip - $zipFilename = $this->zipTheme($this->getUrl(2)); - // Téléchargement du ZIP - header('Content-Description: File Transfer'); - header('Content-Type: application/octet-stream'); - header('Content-Transfer-Encoding: binary'); - header('Content-Disposition: attachment; filename="' . $zipFilename . '"'); - header('Content-Length: ' . filesize(self::TEMP_DIR . $zipFilename)); - readfile(self::TEMP_DIR . $zipFilename); - // Nettoyage du dossier - unlink(self::TEMP_DIR . $zipFilename); - exit(); + // Action interdite + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } else { + // Make zip + $zipFilename = $this->zipTheme($this->getUrl(2)); + // Téléchargement du ZIP + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Transfer-Encoding: binary'); + header('Content-Disposition: attachment; filename="' . $zipFilename . '"'); + header('Content-Length: ' . filesize(self::TEMP_DIR . $zipFilename)); + readfile(self::TEMP_DIR . $zipFilename); + // Nettoyage du dossier + unlink(self::TEMP_DIR . $zipFilename); + exit(); + } } /** @@ -1034,21 +1099,31 @@ class theme extends common */ public function save() { - // Make zip - $zipFilename = $this->zipTheme($this->getUrl(2)); - // Téléchargement du ZIP - if (!is_dir(self::FILE_DIR . 'source/theme')) { - mkdir(self::FILE_DIR . 'source/theme', 0755); + // Action interdite + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } else { + // Make zip + $zipFilename = $this->zipTheme($this->getUrl(2)); + // Téléchargement du ZIP + if (!is_dir(self::FILE_DIR . 'source/theme')) { + mkdir(self::FILE_DIR . 'source/theme', 0755); + } + copy(self::TEMP_DIR . $zipFilename, self::FILE_DIR . 'source/theme/' . $zipFilename); + // Nettoyage du dossier + unlink(self::TEMP_DIR . $zipFilename); + // Valeurs en sortie + $this->addOutput([ + 'notification' => '' . $zipFilename . '' . helper::translate('sauvegardé avec succès'), + 'redirect' => helper::baseUrl() . 'theme/manage', + 'state' => true + ]); } - copy(self::TEMP_DIR . $zipFilename, self::FILE_DIR . 'source/theme/' . $zipFilename); - // Nettoyage du dossier - unlink(self::TEMP_DIR . $zipFilename); - // Valeurs en sortie - $this->addOutput([ - 'notification' => '' . $zipFilename . ''. helper::translate('sauvegardé avec succès'), - 'redirect' => helper::baseUrl() . 'theme/manage', - 'state' => true - ]); } /** @@ -1058,7 +1133,7 @@ class theme extends common private function zipTheme($modele) { // Creation du dossier - $zipFilename = $modele . date('Y-m-d-H-i-s', time()) . '.zip'; + $zipFilename = $modele . date('Y-m-d-H-i-s', time()) . '.zip'; $zip = new ZipArchive(); if ($zip->open(self::TEMP_DIR . $zipFilename, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { switch ($modele) { @@ -1185,8 +1260,8 @@ class theme extends common * id - nom * id - font-family - resource */ - $f['files'] = $this->getData(['font', 'files']); - $f['imported'] = $this->getData(['font', 'imported']); + $f['files'] = $this->getData(['font', 'files']); + $f['imported'] = $this->getData(['font', 'imported']); $f['websafe'] = self::$fontsWebSafe; // Construit un tableau avec leur ID et leur famille foreach (['websafe', 'imported', 'files'] as $type) { @@ -1211,7 +1286,7 @@ class theme extends common // Filtrage par fontes installées $fontsInstalled = [ - $this->getData(['theme', 'text', 'font']), + $this->getData(['theme', 'text', 'font']), $this->getData(['theme', 'title', 'font']), $this->getData(['theme', 'header', 'font']), $this->getData(['theme', 'menu', 'font']), @@ -1232,13 +1307,13 @@ class theme extends common foreach ($this->getData(['font', 'imported']) as $fontId => $fontValue) { if ( ($scope === 'user' && in_array($fontId, $fontsInstalled)) - || $scope === 'all' + || $scope === 'all' ) { //Pré chargement à revoir //$fileContent .= ''; $fileContent .= ''; // Pré connect pour api.google - $gf = strpos($fontValue['resource'], 'fonts.googleapis.com') === false ? $gf || false : $gf || true; + $gf = strpos($fontValue['resource'], 'fonts.googleapis.com') === false ? $gf || false : $gf || true; } } } @@ -1257,16 +1332,16 @@ class theme extends common foreach ($this->getData(['font', 'files']) as $fontId => $fontValue) { if ( ($scope === 'user' && in_array($fontId, $fontsInstalled)) - || $scope === 'all' + || $scope === 'all' ) { if (file_exists(self::DATA_DIR . 'font/' . $fontValue['resource'])) { // Extension - $path_parts = pathinfo(helper::baseUrl(false) . self::DATA_DIR . 'font/' . $fontValue['resource']); + $path_parts = pathinfo(helper::baseUrl(false) . self::DATA_DIR . 'font/' . $fontValue['resource']); // Chargement de la police - $fileContentCss .= '@font-face {'; + $fileContentCss .= '@font-face {'; $fileContentCss .= 'font-family:"' . $fontValue['name'] . '";'; - $fileContentCss .= 'src: url("' . $fontValue['resource'] . '") format("' . $path_parts['extension'] . '");'; - $fileContentCss .= '}'; + $fileContentCss .= 'src: url("' . $fontValue['resource'] . '") format("' . $path_parts['extension'] . '");'; + $fileContentCss .= '}'; // Préchargement //$fileContent = '' . $fileContent; } @@ -1277,6 +1352,6 @@ class theme extends common // Enregistre la personnalisation file_put_contents(self::DATA_DIR . 'font/font.html', $fileContent); // Enregistre la personnalisation - file_put_contents(self::DATA_DIR . 'font/font.css', $fileContentCss); + file_put_contents(self::DATA_DIR . 'font/font.css', $fileContentCss); } -} +} \ No newline at end of file diff --git a/core/module/user/user.php b/core/module/user/user.php index 47b5d945..f3aa870c 100644 --- a/core/module/user/user.php +++ b/core/module/user/user.php @@ -184,7 +184,7 @@ class user extends common { // Accès refusé if ( - $this->getUser('permission', __CLASS__, __FUNCTION__) === false || + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || // L'utilisateur n'existe pas $this->getData(['user', $this->getUrl(2)]) === null // Groupe insuffisant @@ -231,152 +231,150 @@ class user extends common public function edit() { if ( - $this->getUser('permission', __CLASS__, __FUNCTION__) === false - ) { - - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'user', - 'notification' => helper::translate('Action interdite') - ]); - } - // Accès refusé - if ( - // L'utilisateur n'existe pas - $this->getData(['user', $this->getUrl(2)]) === null - // Droit d'édition - and ( - // Impossible de s'auto-éditer - ($this->getUser('id') === $this->getUrl(2) - and $this->getUrl('group') <= self::GROUP_VISITOR - ) - // Impossible d'éditer un autre utilisateur - or ($this->getUrl('group') < self::GROUP_MODERATOR) - ) + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true ) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); - } - // Accès autorisé - else { - // Soumission du formulaire - if ($this->isPost()) { - // Double vérification pour le mot de passe - $newPassword = $this->getData(['user', $this->getUrl(2), 'password']); - if ($this->getInput('userEditNewPassword')) { - // L'ancien mot de passe est correct - if (password_verify(html_entity_decode($this->getInput('userEditOldPassword')), $this->getData(['user', $this->getUrl(2), 'password']))) { - // La confirmation correspond au mot de passe - if ($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) { - $newPassword = $this->getInput('userEditNewPassword', helper::FILTER_PASSWORD, true); - // Déconnexion de l'utilisateur si il change le mot de passe de son propre compte - if ($this->getUser('id') === $this->getUrl(2)) { - helper::deleteCookie('ZWII_USER_ID'); - helper::deleteCookie('ZWII_USER_PASSWORD'); - } - } else { - self::$inputNotices['userEditConfirmPassword'] = helper::translate('Incorrect'); - } - } else { - self::$inputNotices['userEditOldPassword'] = helper::translate('Incorrect'); - } - } - // Modification du groupe - if ( - $this->getUser('group') === self::GROUP_ADMIN - and $this->getUrl(2) !== $this->getUser('id') - ) { - $newGroup = $this->getInput('userEditGroup', helper::FILTER_INT, true); - } else { - $newGroup = $this->getData(['user', $this->getUrl(2), 'group']); - } - // Modification de nom Prénom - if ($this->getUser('group') === self::GROUP_ADMIN) { - $newfirstname = $this->getInput('userEditFirstname', helper::FILTER_STRING_SHORT, true); - $newlastname = $this->getInput('userEditLastname', helper::FILTER_STRING_SHORT, true); - } else { - $newfirstname = $this->getData(['user', $this->getUrl(2), 'firstname']); - $newlastname = $this->getData(['user', $this->getUrl(2), 'lastname']); - } - // Profil - $profil = null; - if ($newGroup > 1 || $newGroup < 2) { - $profil = $this->getInput('userEditProfil' . $newGroup, helper::FILTER_INT); - } - // Modifie l'utilisateur - $this->setData([ - 'user', - $this->getUrl(2), - [ - 'firstname' => $newfirstname, - 'forgot' => 0, - 'group' => $newGroup, - 'profil' => $profil, - 'lastname' => $newlastname, - 'pseudo' => $this->getInput('userEditPseudo', helper::FILTER_STRING_SHORT, true), - 'signature' => $this->getInput('userEditSignature', helper::FILTER_INT, true), - 'mail' => $this->getInput('userEditMail', helper::FILTER_MAIL, true), - 'password' => $newPassword, - 'connectFail' => $this->getData(['user', $this->getUrl(2), 'connectFail']), - 'connectTimeout' => $this->getData(['user', $this->getUrl(2), 'connectTimeout']), - 'accessUrl' => $this->getData(['user', $this->getUrl(2), 'accessUrl']), - 'accessTimer' => $this->getData(['user', $this->getUrl(2), 'accessTimer']), - 'accessCsrf' => $this->getData(['user', $this->getUrl(2), 'accessCsrf']), - 'files' => $this->getInput('userEditFiles', helper::FILTER_BOOLEAN), - 'language' => $this->getInput('userEditLanguage', helper::FILTER_STRING_SHORT), - ] - ]); - // Redirection spécifique si l'utilisateur change son mot de passe - if ($this->getUser('id') === $this->getUrl(2) and $this->getInput('userEditNewPassword')) { - $redirect = helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl()); - } - // Redirection si retour en arrière possible - elseif ($this->getUser('group') === 3) { - $redirect = helper::baseUrl() . 'user'; - } - // Redirection normale - else { - $redirect = helper::baseUrl(); - } + } else { + if ( + // L'utilisateur n'existe pas + $this->getData(['user', $this->getUrl(2)]) === null + // Droit d'édition + and ( + // Impossible de s'auto-éditer + ($this->getUser('id') === $this->getUrl(2) + and $this->getUrl('group') <= self::GROUP_VISITOR + ) + // Impossible d'éditer un autre utilisateur + or ($this->getUrl('group') < self::GROUP_MODERATOR) + ) + ) { // Valeurs en sortie $this->addOutput([ - 'redirect' => $redirect, - 'notification' => helper::translate('Modifications enregistrées'), - 'state' => true + 'access' => false ]); } - - // Langues disponibles pour l'interface de l'utilisateur - self::$languagesInstalled = $this->getData(['language']); - if (self::$languagesInstalled) { - foreach (self::$languagesInstalled as $lang => $datas) { - self::$languagesInstalled[$lang] = self::$languages[$lang]; + // Accès autorisé + else { + // Soumission du formulaire + if ($this->isPost()) { + // Double vérification pour le mot de passe + $newPassword = $this->getData(['user', $this->getUrl(2), 'password']); + if ($this->getInput('userEditNewPassword')) { + // L'ancien mot de passe est correct + if (password_verify(html_entity_decode($this->getInput('userEditOldPassword')), $this->getData(['user', $this->getUrl(2), 'password']))) { + // La confirmation correspond au mot de passe + if ($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) { + $newPassword = $this->getInput('userEditNewPassword', helper::FILTER_PASSWORD, true); + // Déconnexion de l'utilisateur si il change le mot de passe de son propre compte + if ($this->getUser('id') === $this->getUrl(2)) { + helper::deleteCookie('ZWII_USER_ID'); + helper::deleteCookie('ZWII_USER_PASSWORD'); + } + } else { + self::$inputNotices['userEditConfirmPassword'] = helper::translate('Incorrect'); + } + } else { + self::$inputNotices['userEditOldPassword'] = helper::translate('Incorrect'); + } + } + // Modification du groupe + if ( + $this->getUser('group') === self::GROUP_ADMIN + and $this->getUrl(2) !== $this->getUser('id') + ) { + $newGroup = $this->getInput('userEditGroup', helper::FILTER_INT, true); + } else { + $newGroup = $this->getData(['user', $this->getUrl(2), 'group']); + } + // Modification de nom Prénom + if ($this->getUser('group') === self::GROUP_ADMIN) { + $newfirstname = $this->getInput('userEditFirstname', helper::FILTER_STRING_SHORT, true); + $newlastname = $this->getInput('userEditLastname', helper::FILTER_STRING_SHORT, true); + } else { + $newfirstname = $this->getData(['user', $this->getUrl(2), 'firstname']); + $newlastname = $this->getData(['user', $this->getUrl(2), 'lastname']); + } + // Profil + $profil = null; + if ($newGroup > 1 || $newGroup < 2) { + $profil = $this->getInput('userEditProfil' . $newGroup, helper::FILTER_INT); + } + // Modifie l'utilisateur + $this->setData([ + 'user', + $this->getUrl(2), + [ + 'firstname' => $newfirstname, + 'forgot' => 0, + 'group' => $newGroup, + 'profil' => $profil, + 'lastname' => $newlastname, + 'pseudo' => $this->getInput('userEditPseudo', helper::FILTER_STRING_SHORT, true), + 'signature' => $this->getInput('userEditSignature', helper::FILTER_INT, true), + 'mail' => $this->getInput('userEditMail', helper::FILTER_MAIL, true), + 'password' => $newPassword, + 'connectFail' => $this->getData(['user', $this->getUrl(2), 'connectFail']), + 'connectTimeout' => $this->getData(['user', $this->getUrl(2), 'connectTimeout']), + 'accessUrl' => $this->getData(['user', $this->getUrl(2), 'accessUrl']), + 'accessTimer' => $this->getData(['user', $this->getUrl(2), 'accessTimer']), + 'accessCsrf' => $this->getData(['user', $this->getUrl(2), 'accessCsrf']), + 'files' => $this->getInput('userEditFiles', helper::FILTER_BOOLEAN), + 'language' => $this->getInput('userEditLanguage', helper::FILTER_STRING_SHORT), + ] + ]); + // Redirection spécifique si l'utilisateur change son mot de passe + if ($this->getUser('id') === $this->getUrl(2) and $this->getInput('userEditNewPassword')) { + $redirect = helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl()); + } + // Redirection si retour en arrière possible + elseif ($this->getUser('group') === 3) { + $redirect = helper::baseUrl() . 'user'; + } + // Redirection normale + else { + $redirect = helper::baseUrl(); + } + // Valeurs en sortie + $this->addOutput([ + 'redirect' => $redirect, + 'notification' => helper::translate('Modifications enregistrées'), + 'state' => true + ]); } + + // Langues disponibles pour l'interface de l'utilisateur + self::$languagesInstalled = $this->getData(['language']); + if (self::$languagesInstalled) { + foreach (self::$languagesInstalled as $lang => $datas) { + self::$languagesInstalled[$lang] = self::$languages[$lang]; + } + } + + // Profils disponibles + foreach ($this->getData(['profil']) as $profilId => $profilData) { + if ($profilId < self::GROUP_MEMBER) { + continue; + } + if ($profilId === self::GROUP_ADMIN) { + self::$userProfils[$profilId][self::GROUP_ADMIN] = $profilData['name']; + self::$userProfilsComments[$profilId][self::GROUP_ADMIN] = $profilData['comment']; + continue; + } + foreach ($profilData as $key => $value) { + self::$userProfils[$profilId][$key] = $profilData[$key]['name']; + self::$userProfilsComments[$profilId][$key] = $profilData[$key]['name'] . ' : ' . $profilData[$key]['comment']; + } + } + + // Valeurs en sortie + $this->addOutput([ + 'title' => $this->getData(['user', $this->getUrl(2), 'firstname']) . ' ' . $this->getData(['user', $this->getUrl(2), 'lastname']), + 'view' => 'edit' + ]); } - - // Profils disponibles - foreach ($this->getData(['profil']) as $profilId => $profilData) { - if ($profilId < self::GROUP_MEMBER) { - continue; - } - if ($profilId === self::GROUP_ADMIN) { - self::$userProfils[$profilId][self::GROUP_ADMIN] = $profilData['name']; - self::$userProfilsComments[$profilId][self::GROUP_ADMIN] = $profilData['comment']; - continue; - } - foreach ($profilData as $key => $value) { - self::$userProfils[$profilId][$key] = $profilData[$key]['name']; - self::$userProfilsComments[$profilId][$key] = $profilData[$key]['name'] . ' : ' . $profilData[$key]['comment']; - } - } - - // Valeurs en sortie - $this->addOutput([ - 'title' => $this->getData(['user', $this->getUrl(2), 'firstname']) . ' ' . $this->getData(['user', $this->getUrl(2), 'lastname']), - 'view' => 'edit' - ]); } } @@ -532,14 +530,12 @@ class user extends common public function profilEdit() { if ( - $this->getUser('permission', __CLASS__, __FUNCTION__) === false || + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || $this->checkCSRF() ) { - // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . 'user', - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } @@ -547,8 +543,8 @@ class user extends common if ($this->isPost()) { $this->setData([ 'profil', - $this->getInput('profilEditGroup',helper::FILTER_STRING_LONG, true), - $this->getInput('profilEditProfil',helper::FILTER_STRING_LONG, true), + $this->getInput('profilEditGroup', helper::FILTER_STRING_LONG, true), + $this->getInput('profilEditProfil', helper::FILTER_STRING_LONG, true), [ 'name' => $this->getInput('profilEditName', helper::FILTER_STRING_SHORT, true), 'readonly' => false, @@ -639,7 +635,7 @@ class user extends common 'config' => $this->getInput('profilEditRedirectionConfig', helper::FILTER_BOOLEAN), ], 'user' => [ - 'edit' => $this->getInput('profilEditUserEdit', helper::FILTER_BOOLEAN), + 'edit' => $this->getInput('profilEditUserEdit', helper::FILTER_BOOLEAN), ] ] ]); @@ -774,7 +770,7 @@ class user extends common 'config' => $this->getInput('profilAddRedirectionConfig', helper::FILTER_BOOLEAN), ], 'user' => [ - 'edit' => $this->getInput('profilAddUserEdit', helper::FILTER_BOOLEAN), + 'edit' => $this->getInput('profilAddUserEdit', helper::FILTER_BOOLEAN), ] ] ]); @@ -805,7 +801,7 @@ class user extends common public function profilDelete() { if ( - $this->getUser('permission', __CLASS__, __FUNCTION__) === false || + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || $this->getData(['profil', $this->getUrl(2), $this->getUrl(3)]) === null ) { // Valeurs en sortie @@ -814,7 +810,7 @@ class user extends common ]); // Suppression } else { - $this->deleteData([ 'profil', $this->getUrl(2), $this->getUrl(3)]); + $this->deleteData(['profil', $this->getUrl(2), $this->getUrl(3)]); // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/profil', diff --git a/module/blog/blog.php b/module/blog/blog.php index 9f10a5cc..d04647b6 100755 --- a/module/blog/blog.php +++ b/module/blog/blog.php @@ -317,53 +317,62 @@ class blog extends common */ public function comment() { - $comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']); - self::$commentsDelete = template::button('blogCommentDeleteAll', [ - 'class' => 'blogCommentDeleteAll buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2), - 'value' => 'Tout effacer' - ]); - // Ids des commentaires par ordre de création - $commentIds = array_keys(helper::arrayColumn($comments, 'createdOn', 'SORT_DESC')); - // Pagination - $pagination = helper::pagination($commentIds, $this->getUrl(), $this->getData(['module', $this->getUrl(0), 'config', 'itemsperPage'])); - // Liste des pages - self::$pages = $pagination['pages']; - // Commentaires en fonction de la pagination - for ($i = $pagination['first']; $i < $pagination['last']; $i++) { - // Met en forme le tableau - $comment = $comments[$commentIds[$i]]; - // Bouton d'approbation - $buttonApproval = ''; - // Compatibilité avec les commentaires des versions précédentes, les valider - $comment['approval'] = array_key_exists('approval', $comment) === false ? true : $comment['approval']; - if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) { - $buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [ - 'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i], - 'value' => $comment['approval'] === true ? 'A' : 'R', - 'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté', - ]); + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } else { + $comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']); + self::$commentsDelete = template::button('blogCommentDeleteAll', [ + 'class' => 'blogCommentDeleteAll buttonRed', + 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2), + 'value' => 'Tout effacer' + ]); + // Ids des commentaires par ordre de création + $commentIds = array_keys(helper::arrayColumn($comments, 'createdOn', 'SORT_DESC')); + // Pagination + $pagination = helper::pagination($commentIds, $this->getUrl(), $this->getData(['module', $this->getUrl(0), 'config', 'itemsperPage'])); + // Liste des pages + self::$pages = $pagination['pages']; + // Commentaires en fonction de la pagination + for ($i = $pagination['first']; $i < $pagination['last']; $i++) { + // Met en forme le tableau + $comment = $comments[$commentIds[$i]]; + // Bouton d'approbation + $buttonApproval = ''; + // Compatibilité avec les commentaires des versions précédentes, les valider + $comment['approval'] = array_key_exists('approval', $comment) === false ? true : $comment['approval']; + if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) { + $buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [ + 'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed', + 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i], + 'value' => $comment['approval'] === true ? 'A' : 'R', + 'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté', + ]); + } + self::$dateFormat = $this->getData(['module', $this->getUrl(0), 'config', 'dateFormat']); + self::$timeFormat = $this->getData(['module', $this->getUrl(0), 'config', 'timeFormat']); + self::$comments[] = [ + helper::dateUTF8(self::$dateFormat, $comment['createdOn']) . ' - ' . helper::dateUTF8(self::$timeFormat, $comment['createdOn']), + $comment['content'], + $comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'], + $buttonApproval, + template::button('blogCommentDelete' . $commentIds[$i], [ + 'class' => 'blogCommentDelete buttonRed', + 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i], + 'value' => template::ico('trash') + ]) + ]; } - self::$dateFormat = $this->getData(['module', $this->getUrl(0), 'config', 'dateFormat']); - self::$timeFormat = $this->getData(['module', $this->getUrl(0), 'config', 'timeFormat']); - self::$comments[] = [ - helper::dateUTF8(self::$dateFormat, $comment['createdOn']) . ' - ' . helper::dateUTF8(self::$timeFormat, $comment['createdOn']), - $comment['content'], - $comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'], - $buttonApproval, - template::button('blogCommentDelete' . $commentIds[$i], [ - 'class' => 'blogCommentDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i], - 'value' => template::ico('trash') - ]) - ]; + // Valeurs en sortie + $this->addOutput([ + 'title' => helper::translate('Gestion des commentaires'), + 'view' => 'comment' + ]); } - // Valeurs en sortie - $this->addOutput([ - 'title' => helper::translate('Gestion des commentaires'), - 'view' => 'comment' - ]); } /** @@ -372,20 +381,15 @@ class blog extends common public function commentDelete() { // Le commentaire n'existe pas - if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); } - // Action interdite - elseif ($this->checkCSRF()) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => helper::translate('Action interdite') - ]); - } // Suppression else { $this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]); @@ -403,12 +407,12 @@ class blog extends common */ public function commentDeleteAll() { - // Action interdite - if ($this->checkCSRF()) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => 'Action interdite' + 'access' => false ]); } // Suppression @@ -429,20 +433,15 @@ class blog extends common public function commentApprove() { // Le commentaire n'existe pas - if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); } - // Action interdite - elseif ($this->checkCSRF()) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => helper::translate('Action interdite') - ]); - } // Inversion du statut else { $approved = !$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3), 'approval']); @@ -593,8 +592,9 @@ class blog extends common public function delete() { if ( - $this->getUser('permission', __CLASS__, __FUNCTION__) === false || - $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false @@ -617,12 +617,12 @@ class blog extends common */ public function edit() { - // Action interdite - if ($this->checkCSRF()) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } // L'article n'existe pas @@ -857,7 +857,7 @@ class blog extends common if ($articlePublishedOn <= time() and $articleIdsStates[$articleId]) { $articleIds[] = $articleId; // Nombre de commentaires approuvés par article - self::$comments[$articleId] = 0 ; + self::$comments[$articleId] = 0; if (is_array($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment']))) { foreach ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment']) as $commentId => $commentValue) { if ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment', $commentId, 'approval'])) { diff --git a/module/form/form.php b/module/form/form.php index c13e34d5..7994fd56 100644 --- a/module/form/form.php +++ b/module/form/form.php @@ -266,12 +266,12 @@ class form extends common */ public function export2csv() { - // Action interdite - if ($this->checkCSRF()) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { $data = $this->getData(['module', $this->getUrl(0), 'data']); @@ -307,12 +307,12 @@ class form extends common */ public function deleteall() { - // Action interdite - if ($this->checkCSRF()) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + ) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { $data = ($this->getData(['module', $this->getUrl(0), 'data'])); @@ -344,11 +344,10 @@ class form extends common public function delete() { // Action interdite - if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false) { + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) { // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', - 'notification' => helper::translate('Action interdite') + 'access' => false ]); } else { // La donnée n'existe pas diff --git a/module/gallery/gallery.php b/module/gallery/gallery.php index 39e5abd5..a35aa62d 100644 --- a/module/gallery/gallery.php +++ b/module/gallery/gallery.php @@ -499,7 +499,7 @@ class gallery extends common public function delete() { // La galerie n'existe pas - if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false || + if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true || $this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) { // Valeurs en sortie $this->addOutput([ @@ -535,14 +535,6 @@ class gallery extends common */ public function edit() { - // Action interdite - if ($this->checkCSRF()) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => helper::translate('Action interdite') - ]); - } // Soumission du formulaire if ($this->isPost()) { @@ -845,14 +837,6 @@ class gallery extends common */ public function theme() { - // Action interdite - if ($this->checkCSRF()) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => helper::translate('Action interdite') - ]); - } // Soumission du formulaire if ($this->isPost()) { // Dossier de l'instance diff --git a/module/news/news.php b/module/news/news.php index b4d9382e..9040ba7d 100644 --- a/module/news/news.php +++ b/module/news/news.php @@ -365,8 +365,10 @@ class news extends common public function delete() { // La news n'existe pas - if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false || - $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false @@ -389,16 +391,11 @@ class news extends common */ public function edit() { - // Action interdite - if ($this->checkCSRF()) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', - 'notification' => helper::translate('Action interdite') - ]); - } // La news n'existe pas - if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { + if ( + $this->getUser('permission', __CLASS__, __FUNCTION__) !== true || + $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null + ) { // Valeurs en sortie $this->addOutput([ 'access' => false diff --git a/module/redirection/redirection.php b/module/redirection/redirection.php index a898cb28..459aacb8 100644 --- a/module/redirection/redirection.php +++ b/module/redirection/redirection.php @@ -51,10 +51,10 @@ class redirection extends common { */ public function index() { // Message si l'utilisateur peut éditer la page - if( - $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') - AND $this->getUser('group') >= self::GROUP_MODERATOR - AND $this->getUrl(1) !== 'force' + if( $this->getUser('permission', __CLASS__, __FUNCTION__) !== true + && $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') + && $this->getUser('group') >= self::GROUP_MODERATOR + && $this->getUrl(1) !== 'force' ) { // Valeurs en sortie $this->addOutput([