ZwiiCMS-Team/ZwiiCMS
ZwiiCMS-Team
/
ZwiiCMS
3
3
Fork 2
Code Releases 145 Activity

Implémentation des sécurités à tester

This commit is contained in:
Fred Tempez 2023-06-29 10:30:12 +02:00
parent b7d1f9e1f1
commit 101da263fd
11 changed files with 727 additions and 667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

291
core/module/config/config.php
View File

@ -34,119 +34,119 @@ class config extends common
]; ];
public static $timezones = [ public static $timezones = [
'Pacific/Midway' => '(GMT-11:00) Midway Island', 'Pacific/Midway' => '(GMT-11:00) Midway Island',
'US/Samoa' => '(GMT-11:00) Samoa', 'US/Samoa' => '(GMT-11:00) Samoa',
'US/Hawaii' => '(GMT-10:00) Hawaii', 'US/Hawaii' => '(GMT-10:00) Hawaii',
'US/Alaska' => '(GMT-09:00) Alaska', 'US/Alaska' => '(GMT-09:00) Alaska',
'US/Pacific' => '(GMT-08:00) Pacific Time (US & Canada)', 'US/Pacific' => '(GMT-08:00) Pacific Time (US & Canada)',
'America/Tijuana' => '(GMT-08:00) Tijuana', 'America/Tijuana' => '(GMT-08:00) Tijuana',
'US/Arizona' => '(GMT-07:00) Arizona', 'US/Arizona' => '(GMT-07:00) Arizona',
'US/Mountain' => '(GMT-07:00) Mountain Time (US & Canada)', 'US/Mountain' => '(GMT-07:00) Mountain Time (US & Canada)',
'America/Chihuahua' => '(GMT-07:00) Chihuahua', 'America/Chihuahua' => '(GMT-07:00) Chihuahua',
'America/Mazatlan' => '(GMT-07:00) Mazatlan', 'America/Mazatlan' => '(GMT-07:00) Mazatlan',
'America/Mexico_City' => '(GMT-06:00) Mexico City', 'America/Mexico_City' => '(GMT-06:00) Mexico City',
'America/Monterrey' => '(GMT-06:00) Monterrey', 'America/Monterrey' => '(GMT-06:00) Monterrey',
'Canada/Saskatchewan' => '(GMT-06:00) Saskatchewan', 'Canada/Saskatchewan' => '(GMT-06:00) Saskatchewan',
'US/Central' => '(GMT-06:00) Central Time (US & Canada)', 'US/Central' => '(GMT-06:00) Central Time (US & Canada)',
'US/Eastern' => '(GMT-05:00) Eastern Time (US & Canada)', 'US/Eastern' => '(GMT-05:00) Eastern Time (US & Canada)',
'US/East-Indiana' => '(GMT-05:00) Indiana (East)', 'US/East-Indiana' => '(GMT-05:00) Indiana (East)',
'America/Bogota' => '(GMT-05:00) Bogota', 'America/Bogota' => '(GMT-05:00) Bogota',
'America/Lima' => '(GMT-05:00) Lima', 'America/Lima' => '(GMT-05:00) Lima',
'America/Caracas' => '(GMT-04:30) Caracas', 'America/Caracas' => '(GMT-04:30) Caracas',
'Canada/Atlantic' => '(GMT-04:00) Atlantic Time (Canada)', 'Canada/Atlantic' => '(GMT-04:00) Atlantic Time (Canada)',
'America/La_Paz' => '(GMT-04:00) La Paz', 'America/La_Paz' => '(GMT-04:00) La Paz',
'America/Santiago' => '(GMT-04:00) Santiago', 'America/Santiago' => '(GMT-04:00) Santiago',
'Canada/Newfoundland' => '(GMT-03:30) Newfoundland', 'Canada/Newfoundland' => '(GMT-03:30) Newfoundland',
'America/Buenos_Aires' => '(GMT-03:00) Buenos Aires', 'America/Buenos_Aires' => '(GMT-03:00) Buenos Aires',
'Greenland' => '(GMT-03:00) Greenland', 'Greenland' => '(GMT-03:00) Greenland',
'Atlantic/Stanley' => '(GMT-02:00) Stanley', 'Atlantic/Stanley' => '(GMT-02:00) Stanley',
'Atlantic/Azores' => '(GMT-01:00) Azores', 'Atlantic/Azores' => '(GMT-01:00) Azores',
'Atlantic/Cape_Verde' => '(GMT-01:00) Cape Verde Is.', 'Atlantic/Cape_Verde' => '(GMT-01:00) Cape Verde Is.',
'Africa/Casablanca' => '(GMT) Casablanca', 'Africa/Casablanca' => '(GMT) Casablanca',
'Europe/Dublin' => '(GMT) Dublin', 'Europe/Dublin' => '(GMT) Dublin',
'Europe/Lisbon' => '(GMT) Lisbon', 'Europe/Lisbon' => '(GMT) Lisbon',
'Europe/London' => '(GMT) London', 'Europe/London' => '(GMT) London',
'Africa/Monrovia' => '(GMT) Monrovia', 'Africa/Monrovia' => '(GMT) Monrovia',
'Europe/Amsterdam' => '(GMT+01:00) Amsterdam', 'Europe/Amsterdam' => '(GMT+01:00) Amsterdam',
'Europe/Belgrade' => '(GMT+01:00) Belgrade', 'Europe/Belgrade' => '(GMT+01:00) Belgrade',
'Europe/Berlin' => '(GMT+01:00) Berlin', 'Europe/Berlin' => '(GMT+01:00) Berlin',
'Europe/Bratislava' => '(GMT+01:00) Bratislava', 'Europe/Bratislava' => '(GMT+01:00) Bratislava',
'Europe/Brussels' => '(GMT+01:00) Brussels', 'Europe/Brussels' => '(GMT+01:00) Brussels',
'Europe/Budapest' => '(GMT+01:00) Budapest', 'Europe/Budapest' => '(GMT+01:00) Budapest',
'Europe/Copenhagen' => '(GMT+01:00) Copenhagen', 'Europe/Copenhagen' => '(GMT+01:00) Copenhagen',
'Europe/Ljubljana' => '(GMT+01:00) Ljubljana', 'Europe/Ljubljana' => '(GMT+01:00) Ljubljana',
'Europe/Madrid' => '(GMT+01:00) Madrid', 'Europe/Madrid' => '(GMT+01:00) Madrid',
'Europe/Paris' => '(GMT+01:00) Paris', 'Europe/Paris' => '(GMT+01:00) Paris',
'Europe/Prague' => '(GMT+01:00) Prague', 'Europe/Prague' => '(GMT+01:00) Prague',
'Europe/Rome' => '(GMT+01:00) Rome', 'Europe/Rome' => '(GMT+01:00) Rome',
'Europe/Sarajevo' => '(GMT+01:00) Sarajevo', 'Europe/Sarajevo' => '(GMT+01:00) Sarajevo',
'Europe/Skopje' => '(GMT+01:00) Skopje', 'Europe/Skopje' => '(GMT+01:00) Skopje',
'Europe/Stockholm' => '(GMT+01:00) Stockholm', 'Europe/Stockholm' => '(GMT+01:00) Stockholm',
'Europe/Vienna' => '(GMT+01:00) Vienna', 'Europe/Vienna' => '(GMT+01:00) Vienna',
'Europe/Warsaw' => '(GMT+01:00) Warsaw', 'Europe/Warsaw' => '(GMT+01:00) Warsaw',
'Europe/Zagreb' => '(GMT+01:00) Zagreb', 'Europe/Zagreb' => '(GMT+01:00) Zagreb',
'Europe/Athens' => '(GMT+02:00) Athens', 'Europe/Athens' => '(GMT+02:00) Athens',
'Europe/Bucharest' => '(GMT+02:00) Bucharest', 'Europe/Bucharest' => '(GMT+02:00) Bucharest',
'Africa/Cairo' => '(GMT+02:00) Cairo', 'Africa/Cairo' => '(GMT+02:00) Cairo',
'Africa/Harare' => '(GMT+02:00) Harare', 'Africa/Harare' => '(GMT+02:00) Harare',
'Europe/Helsinki' => '(GMT+02:00) Helsinki', 'Europe/Helsinki' => '(GMT+02:00) Helsinki',
'Europe/Istanbul' => '(GMT+02:00) Istanbul', 'Europe/Istanbul' => '(GMT+02:00) Istanbul',
'Asia/Jerusalem' => '(GMT+02:00) Jerusalem', 'Asia/Jerusalem' => '(GMT+02:00) Jerusalem',
'Europe/Kiev' => '(GMT+02:00) Kyiv', 'Europe/Kiev' => '(GMT+02:00) Kyiv',
'Europe/Minsk' => '(GMT+02:00) Minsk', 'Europe/Minsk' => '(GMT+02:00) Minsk',
'Europe/Riga' => '(GMT+02:00) Riga', 'Europe/Riga' => '(GMT+02:00) Riga',
'Europe/Sofia' => '(GMT+02:00) Sofia', 'Europe/Sofia' => '(GMT+02:00) Sofia',
'Europe/Tallinn' => '(GMT+02:00) Tallinn', 'Europe/Tallinn' => '(GMT+02:00) Tallinn',
'Europe/Vilnius' => '(GMT+02:00) Vilnius', 'Europe/Vilnius' => '(GMT+02:00) Vilnius',
'Asia/Baghdad' => '(GMT+03:00) Baghdad', 'Asia/Baghdad' => '(GMT+03:00) Baghdad',
'Asia/Kuwait' => '(GMT+03:00) Kuwait', 'Asia/Kuwait' => '(GMT+03:00) Kuwait',
'Europe/Moscow' => '(GMT+03:00) Moscow', 'Europe/Moscow' => '(GMT+03:00) Moscow',
'Africa/Nairobi' => '(GMT+03:00) Nairobi', 'Africa/Nairobi' => '(GMT+03:00) Nairobi',
'Asia/Riyadh' => '(GMT+03:00) Riyadh', 'Asia/Riyadh' => '(GMT+03:00) Riyadh',
'Europe/Volgograd' => '(GMT+03:00) Volgograd', 'Europe/Volgograd' => '(GMT+03:00) Volgograd',
'Asia/Tehran' => '(GMT+03:30) Tehran', 'Asia/Tehran' => '(GMT+03:30) Tehran',
'Asia/Baku' => '(GMT+04:00) Baku', 'Asia/Baku' => '(GMT+04:00) Baku',
'Asia/Muscat' => '(GMT+04:00) Muscat', 'Asia/Muscat' => '(GMT+04:00) Muscat',
'Asia/Tbilisi' => '(GMT+04:00) Tbilisi', 'Asia/Tbilisi' => '(GMT+04:00) Tbilisi',
'Asia/Yerevan' => '(GMT+04:00) Yerevan', 'Asia/Yerevan' => '(GMT+04:00) Yerevan',
'Asia/Kabul' => '(GMT+04:30) Kabul', 'Asia/Kabul' => '(GMT+04:30) Kabul',
'Asia/Yekaterinburg' => '(GMT+05:00) Ekaterinburg', 'Asia/Yekaterinburg' => '(GMT+05:00) Ekaterinburg',
'Asia/Karachi' => '(GMT+05:00) Karachi', 'Asia/Karachi' => '(GMT+05:00) Karachi',
'Asia/Tashkent' => '(GMT+05:00) Tashkent', 'Asia/Tashkent' => '(GMT+05:00) Tashkent',
'Asia/Kolkata' => '(GMT+05:30) Kolkata', 'Asia/Kolkata' => '(GMT+05:30) Kolkata',
'Asia/Kathmandu' => '(GMT+05:45) Kathmandu', 'Asia/Kathmandu' => '(GMT+05:45) Kathmandu',
'Asia/Almaty' => '(GMT+06:00) Almaty', 'Asia/Almaty' => '(GMT+06:00) Almaty',
'Asia/Dhaka' => '(GMT+06:00) Dhaka', 'Asia/Dhaka' => '(GMT+06:00) Dhaka',
'Asia/Novosibirsk' => '(GMT+06:00) Novosibirsk', 'Asia/Novosibirsk' => '(GMT+06:00) Novosibirsk',
'Asia/Bangkok' => '(GMT+07:00) Bangkok', 'Asia/Bangkok' => '(GMT+07:00) Bangkok',
'Asia/Jakarta' => '(GMT+07:00) Jakarta', 'Asia/Jakarta' => '(GMT+07:00) Jakarta',
'Asia/Krasnoyarsk' => '(GMT+07:00) Krasnoyarsk', 'Asia/Krasnoyarsk' => '(GMT+07:00) Krasnoyarsk',
'Asia/Chongqing' => '(GMT+08:00) Chongqing', 'Asia/Chongqing' => '(GMT+08:00) Chongqing',
'Asia/Hong_Kong' => '(GMT+08:00) Hong Kong', 'Asia/Hong_Kong' => '(GMT+08:00) Hong Kong',
'Asia/Irkutsk' => '(GMT+08:00) Irkutsk', 'Asia/Irkutsk' => '(GMT+08:00) Irkutsk',
'Asia/Kuala_Lumpur' => '(GMT+08:00) Kuala Lumpur', 'Asia/Kuala_Lumpur' => '(GMT+08:00) Kuala Lumpur',
'Australia/Perth' => '(GMT+08:00) Perth', 'Australia/Perth' => '(GMT+08:00) Perth',
'Asia/Singapore' => '(GMT+08:00) Singapore', 'Asia/Singapore' => '(GMT+08:00) Singapore',
'Asia/Taipei' => '(GMT+08:00) Taipei', 'Asia/Taipei' => '(GMT+08:00) Taipei',
'Asia/Ulaanbaatar' => '(GMT+08:00) Ulaan Bataar', 'Asia/Ulaanbaatar' => '(GMT+08:00) Ulaan Bataar',
'Asia/Urumqi' => '(GMT+08:00) Urumqi', 'Asia/Urumqi' => '(GMT+08:00) Urumqi',
'Asia/Seoul' => '(GMT+09:00) Seoul', 'Asia/Seoul' => '(GMT+09:00) Seoul',
'Asia/Tokyo' => '(GMT+09:00) Tokyo', 'Asia/Tokyo' => '(GMT+09:00) Tokyo',
'Asia/Yakutsk' => '(GMT+09:00) Yakutsk', 'Asia/Yakutsk' => '(GMT+09:00) Yakutsk',
'Australia/Adelaide' => '(GMT+09:30) Adelaide', 'Australia/Adelaide' => '(GMT+09:30) Adelaide',
'Australia/Darwin' => '(GMT+09:30) Darwin', 'Australia/Darwin' => '(GMT+09:30) Darwin',
'Australia/Brisbane' => '(GMT+10:00) Brisbane', 'Australia/Brisbane' => '(GMT+10:00) Brisbane',
'Australia/Canberra' => '(GMT+10:00) Canberra', 'Australia/Canberra' => '(GMT+10:00) Canberra',
'Pacific/Guam' => '(GMT+10:00) Guam', 'Pacific/Guam' => '(GMT+10:00) Guam',
'Australia/Hobart' => '(GMT+10:00) Hobart', 'Australia/Hobart' => '(GMT+10:00) Hobart',
'Australia/Melbourne' => '(GMT+10:00) Melbourne', 'Australia/Melbourne' => '(GMT+10:00) Melbourne',
'Pacific/Port_Moresby' => '(GMT+10:00) Port Moresby', 'Pacific/Port_Moresby' => '(GMT+10:00) Port Moresby',
'Australia/Sydney' => '(GMT+10:00) Sydney', 'Australia/Sydney' => '(GMT+10:00) Sydney',
'Asia/Vladivostok' => '(GMT+10:00) Vladivostok', 'Asia/Vladivostok' => '(GMT+10:00) Vladivostok',
'Asia/Magadan' => '(GMT+11:00) Magadan', 'Asia/Magadan' => '(GMT+11:00) Magadan',
'Pacific/Auckland' => '(GMT+12:00) Auckland', 'Pacific/Auckland' => '(GMT+12:00) Auckland',
'Pacific/Fiji' => '(GMT+12:00) Fiji', 'Pacific/Fiji' => '(GMT+12:00) Fiji',
'Asia/Kamchatka' => '(GMT+12:00) Kamchatka' 'Asia/Kamchatka' => '(GMT+12:00) Kamchatka'
]; ];
// Type de proxy // Type de proxy
public static $proxyType = [ public static $proxyType = [
@ -187,7 +187,7 @@ class config extends common
]; ];
public static $captchaTypes = [ public static $captchaTypes = [
'num' => 'Chiffres', 'num' => 'Chiffres',
'alpha' => 'Lettres' 'alpha' => 'Lettres'
]; ];
public static $updateDelay = [ public static $updateDelay = [
86400 => '1', 86400 => '1',
@ -211,16 +211,26 @@ class config extends common
*/ */
public function siteMap() public function siteMap()
{ {
// La page n'existe pas
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Mettre à jour le site map
$successSitemap = $this->updateSitemap();
// Mettre à jour le site map // Valeurs en sortie
$successSitemap = $this->updateSitemap(); $this->addOutput([
'redirect' => helper::baseUrl() . 'config',
'notification' => $successSitemap ? helper::translate('La carte du site a été mise à jour') : helper::translate('Echec de l\'écriture, vérifiez les permissions'),
'state' => $successSitemap
]);
}
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'config',
'notification' => $successSitemap ? helper::translate('La carte du site a été mise à jour') : helper::translate('Echec de l\'écriture, vérifiez les permissions'),
'state' => $successSitemap
]);
} }
@ -289,7 +299,7 @@ class config extends common
// Traitement des données reçues valides. // Traitement des données reçues valides.
if (!empty($token) && $data !== false) { if (!empty($token) && $data !== false) {
$data = json_decode($data, true); $data = json_decode($data, true);
$img = $data['screenshot']; $img = $data['screenshot'];
// Effacer l'image et la miniature png // Effacer l'image et la miniature png
@ -302,9 +312,9 @@ class config extends common
$success = copy($img, self::FILE_DIR . 'source/screenshot.jpg'); $success = copy($img, self::FILE_DIR . 'source/screenshot.jpg');
} }
$notification = empty($token) $notification = empty($token)
? 'La clé de l\'API ne peut pas être vide' ? 'La clé de l\'API ne peut pas être vide'
: ($success === false ? 'Service en ligne inaccessible' : 'Capture d\'écran générée avec succès'); : ($success === false ? 'Service en ligne inaccessible' : 'Capture d\'écran générée avec succès');
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
@ -351,10 +361,10 @@ class config extends common
} }
// Lire le contenu de l'archive dans le tableau files // Lire le contenu de l'archive dans le tableau files
/* /*
for ($i = 0; $i < $zip->numFiles; $i++) { for ($i = 0; $i < $zip->numFiles; $i++) {
$stat = $zip->statIndex($i); $stat = $zip->statIndex($i);
$files[] = (basename($stat['name'])); $files[] = (basename($stat['name']));
}*/ }*/
// Extraction de l'archive dans un dossier temporaire // Extraction de l'archive dans un dossier temporaire
$tmpDir = uniqid(8); $tmpDir = uniqid(8);
$success = $zip->extractTo(self::TEMP_DIR . $tmpDir); $success = $zip->extractTo(self::TEMP_DIR . $tmpDir);
@ -362,7 +372,7 @@ class config extends common
$data = json_decode(file_get_contents(self::TEMP_DIR . $tmpDir . '/data/core.json'), true); $data = json_decode(file_get_contents(self::TEMP_DIR . $tmpDir . '/data/core.json'), true);
$dataVersion = $data['core']['dataVersion']; $dataVersion = $data['core']['dataVersion'];
// Version non prises en charge <9 ou erreur d'extraction // Version non prises en charge <9 ou erreur d'extraction
if (intval(substr($dataVersion, 0, 1)) <= 9 or !$success) { if (intval(substr($dataVersion, 0, 1)) <= 9 or !$success) {
// Valeurs en sortie erreur // Valeurs en sortie erreur
$this->addOutput([ $this->addOutput([
'title' => helper::translate('Restaurer'), 'title' => helper::translate('Restaurer'),
@ -393,8 +403,8 @@ class config extends common
} }
// Message de notification // Message de notification
$notification = $success === true ? 'Restauration effectuée avec succès' : 'Erreur inconnue'; $notification = $success === true ? 'Restauration effectuée avec succès' : 'Erreur inconnue';
$redirect = $this->getInput('configRestoreImportUser', helper::FILTER_BOOLEAN) === true ? helper::baseUrl() . 'config/restore' : helper::baseUrl() . 'user/login/'; $redirect = $this->getInput('configRestoreImportUser', helper::FILTER_BOOLEAN) === true ? helper::baseUrl() . 'config/restore' : helper::baseUrl() . 'user/login/';
// Valeurs en sortie erreur // Valeurs en sortie erreur
$this->addOutput([ $this->addOutput([
'redirect' => $redirect, 'redirect' => $redirect,
@ -455,7 +465,7 @@ class config extends common
'redditId' => $this->getInput('socialRedditId'), 'redditId' => $this->getInput('socialRedditId'),
'twitchId' => $this->getInput('socialTwitchId'), 'twitchId' => $this->getInput('socialTwitchId'),
'vimeoId' => $this->getInput('socialVimeoId'), 'vimeoId' => $this->getInput('socialVimeoId'),
'steamId' =>$this->getInput('socialSteamId'), 'steamId' => $this->getInput('socialSteamId'),
], ],
'smtp' => [ 'smtp' => [
'enable' => $this->getInput('smtpEnable', helper::FILTER_BOOLEAN), 'enable' => $this->getInput('smtpEnable', helper::FILTER_BOOLEAN),
@ -464,7 +474,7 @@ class config extends common
'auth' => $this->getInput('smtpAuth', helper::FILTER_BOOLEAN), 'auth' => $this->getInput('smtpAuth', helper::FILTER_BOOLEAN),
'secure' => $this->getInput('smtpSecure', helper::FILTER_STRING_SHORT), 'secure' => $this->getInput('smtpSecure', helper::FILTER_STRING_SHORT),
'username' => $this->getInput('smtpUsername', helper::FILTER_STRING_SHORT), 'username' => $this->getInput('smtpUsername', helper::FILTER_STRING_SHORT),
'password' => helper::encrypt($this->getInput('smtpPassword', helper::FILTER_STRING_SHORT),$this->getInput('smtpHost', helper::FILTER_STRING_SHORT)), 'password' => helper::encrypt($this->getInput('smtpPassword', helper::FILTER_STRING_SHORT), $this->getInput('smtpHost', helper::FILTER_STRING_SHORT)),
'from' => $this->getInput('smtpFrom', helper::FILTER_MAIL, true), 'from' => $this->getInput('smtpFrom', helper::FILTER_MAIL, true),
], ],
'seo' => [ 'seo' => [
@ -494,7 +504,8 @@ class config extends common
unlink($filename); unlink($filename);
} }
} }
if (file_exists('site/data/.backup')) unlink('site/data/.backup'); if (file_exists('site/data/.backup'))
unlink('site/data/.backup');
} else { } else {
touch('site/data/.backup'); touch('site/data/.backup');
} }
@ -508,8 +519,8 @@ class config extends common
) { ) {
// Ajout des lignes dans le .htaccess // Ajout des lignes dans le .htaccess
$fileContent = file_get_contents('.htaccess'); $fileContent = file_get_contents('.htaccess');
$rewriteData = PHP_EOL . $rewriteData = PHP_EOL .
'# URL rewriting' . PHP_EOL . '# URL rewriting' . PHP_EOL .
'<IfModule mod_rewrite.c>' . PHP_EOL . '<IfModule mod_rewrite.c>' . PHP_EOL .
"\tRewriteEngine on" . PHP_EOL . "\tRewriteEngine on" . PHP_EOL .
"\tRewriteBase " . helper::baseUrl(false, false) . PHP_EOL . "\tRewriteBase " . helper::baseUrl(false, false) . PHP_EOL .
@ -574,7 +585,7 @@ class config extends common
} }
// Sélecteur de délais, compléter avec la traduction en jours // Sélecteur de délais, compléter avec la traduction en jours
foreach(self::$updateDelay as $key => $value) { foreach (self::$updateDelay as $key => $value) {
self::$updateDelay[$key] = $key === 86400 ? $value . ' ' . helper::translate('jour') : $value . ' ' . helper::translate('jours'); self::$updateDelay[$key] = $key === 86400 ? $value . ' ' . helper::translate('jour') : $value . ' ' . helper::translate('jours');
} }
@ -690,7 +701,7 @@ class config extends common
$data = ''; $data = '';
foreach ($d as $key => $item) { foreach ($d as $key => $item) {
$data .= helper::dateUTF8('%Y %m %d', $item['lastFail']) . ' - ' . helper::dateUTF8('%H:%M', time()); $data .= helper::dateUTF8('%Y %m %d', $item['lastFail']) . ' - ' . helper::dateUTF8('%H:%M', time());
$data .= $key . ';' . $item['ip'] . ';' . $item['connectFail'] . PHP_EOL; $data .= $key . ';' . $item['ip'] . ';' . $item['connectFail'] . PHP_EOL;
} }
file_put_contents($fileName, $data, FILE_APPEND); file_put_contents($fileName, $data, FILE_APPEND);
header('Content-Description: File Transfer'); header('Content-Description: File Transfer');
@ -780,4 +791,4 @@ class config extends common
'state' => true 'state' => true
]); ]);
} }
} }

26
core/module/install/install.php
View File

@ -416,14 +416,24 @@ class install extends common
*/ */
public function update() public function update()
{ {
// Nouvelle version // Action interdite
self::$newVersion = helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/version'); if (
// Valeurs en sortie $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
$this->addOutput([ ) {
'display' => self::DISPLAY_LAYOUT_LIGHT, // Valeurs en sortie
'title' => helper::translate('Mise à jour'), $this->addOutput([
'view' => 'update' 'access' => false
]); ]);
} else {
// Nouvelle version
self::$newVersion = helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/version');
// Valeurs en sortie
$this->addOutput([
'display' => self::DISPLAY_LAYOUT_LIGHT,
'title' => helper::translate('Mise à jour'),
'view' => 'update'
]);
}
} }
} }

24
core/module/page/page.php
View File

@ -182,18 +182,14 @@ class page extends common
// $url prend l'adresse sans le token // $url prend l'adresse sans le token
$page = $this->getUrl(2); $page = $this->getUrl(2);
// La page n'existe pas // La page n'existe pas
if ($this->getData(['page', $page]) === null) { if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['page', $page]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} // Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'page/edit/' . $page,
'notification' => helper::translate('Jeton invalide')
]);
} }
// Impossible de supprimer la page d'accueil // Impossible de supprimer la page d'accueil
elseif ($page === $this->getData(['locale', 'homePageId'])) { elseif ($page === $this->getData(['locale', 'homePageId'])) {
@ -288,7 +284,10 @@ class page extends common
public function edit() public function edit()
{ {
// La page n'existe pas // La page n'existe pas
if ($this->getData(['page', $this->getUrl(2)]) === null) { if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['page', $this->getUrl(2)]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
@ -602,13 +601,14 @@ class page extends common
* Retourne les informations sur les pages en omettant les clés CSS et JS qui occasionnent des bugs d'affichage dans l'éditeur de page * Retourne les informations sur les pages en omettant les clés CSS et JS qui occasionnent des bugs d'affichage dans l'éditeur de page
* @return array tableau associatif des pages dans le menu * @return array tableau associatif des pages dans le menu
*/ */
public function getPageInfo() { public function getPageInfo()
{
$p = $this->getData(['page']); $p = $this->getData(['page']);
$d = array_map(function($d) { $d = array_map(function ($d) {
unset($d["css"], $d["js"]); unset($d["css"], $d["js"]);
return $d; return $d;
}, $p); }, $p);
return json_encode($d); return json_encode($d);
} }
} }

42
core/module/plugin/plugin.php
View File

@ -63,12 +63,10 @@ class plugin extends common
{ {
// Action interdite // Action interdite
if ($this->checkCSRF()) { if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'plugin', 'access' => false
'state' => false,
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
// Suppression des dossiers // Suppression des dossiers
@ -243,13 +241,14 @@ class plugin extends common
: helper::translate('Erreur inconnue, le module n\'est pas installé') : helper::translate('Erreur inconnue, le module n\'est pas installé')
]); ]);
} else { } else {
// Supprimer le dossier temporaire
$this->removeDir(self::TEMP_DIR . $tempFolder);
$zip->close();
return ([ return ([
'success' => false, 'success' => false,
'notification' => helper::translate('Erreur inconnue, le module n\'est pas installé') 'notification' => helper::translate('Erreur inconnue, le module n\'est pas installé')
]); ]);
// Supprimer le dossier temporaire
$this->removeDir(self::TEMP_DIR . $tempFolder);
$zip->close();
} }
} else { } else {
// Message de retour // Message de retour
@ -266,6 +265,7 @@ class plugin extends common
public function upload() public function upload()
{ {
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
// Installation d'un module // Installation d'un module
$checkValidMaj = $this->getInput('configModulesCheck', helper::FILTER_BOOLEAN); $checkValidMaj = $this->getInput('configModulesCheck', helper::FILTER_BOOLEAN);
@ -292,12 +292,10 @@ class plugin extends common
public function uploadItem() public function uploadItem()
{ {
// Action interdite // Action interdite
if ($this->checkCSRF()) { if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'store', 'access' => false
'state' => false,
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
// Récupérer le module en ligne // Récupérer le module en ligne
@ -572,15 +570,12 @@ class plugin extends common
public function save() public function save()
{ {
// Action interdite // Action interdite
if ($this->checkCSRF()) { if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'plugin', 'access' => false
'state' => false,
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
// Créer un dossier temporaire // Créer un dossier temporaire
$tmpFolder = self::TEMP_DIR . uniqid(); $tmpFolder = self::TEMP_DIR . uniqid();
if (!is_dir($tmpFolder)) { if (!is_dir($tmpFolder)) {
@ -646,12 +641,10 @@ class plugin extends common
public function dataDelete() public function dataDelete()
{ {
// Action interdite // Action interdite
if ($this->checkCSRF()) { if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'plugin', 'access' => false
'state' => false,
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
$this->setData(['page', $this->getUrl(4), 'moduleId', '']); $this->setData(['page', $this->getUrl(4), 'moduleId', '']);
@ -672,20 +665,16 @@ class plugin extends common
* 2 : i18n id * 2 : i18n id
* 3 : moduleId * 3 : moduleId
* 4 : pageId * 4 : pageId
* 5 : CSRF
*/ */
public function dataExport() public function dataExport()
{ {
// Action interdite // Action interdite
if ($this->checkCSRF()) { if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'plugin', 'access' => false
'state' => false,
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
// Créer un dossier temporaire // Créer un dossier temporaire
$tmpFolder = self::TEMP_DIR . uniqid(); $tmpFolder = self::TEMP_DIR . uniqid();
if (!is_dir($tmpFolder)) { if (!is_dir($tmpFolder)) {
@ -769,7 +758,6 @@ class plugin extends common
*/ */
public function dataImport() public function dataImport()
{ {
// Soumission du formulaire d'importation du module dans une page libre // Soumission du formulaire d'importation du module dans une page libre
if ($this->isPost()) { if ($this->isPost()) {
// Récupérer le fichier et le décompacter // Récupérer le fichier et le décompacter

509
core/module/theme/theme.php
View File

@ -105,7 +105,8 @@ class theme extends common
'2.4vmax' => '240%' '2.4vmax' => '240%'
]; ];
public static $headerHeights = [ public static $headerHeights = [
'unset' => 'Libre', // texte dynamique cf header.js.php 'unset' => 'Libre',
// texte dynamique cf header.js.php
'100px' => '100px', '100px' => '100px',
'150px' => '150px', '150px' => '150px',
'200px' => '200px', '200px' => '200px',
@ -119,7 +120,7 @@ class theme extends common
]; ];
public static $headerFeatures = [ public static $headerFeatures = [
'wallpaper' => 'Couleur unie ou papier-peint', 'wallpaper' => 'Couleur unie ou papier-peint',
'feature' => 'Contenu HTML' 'feature' => 'Contenu HTML'
]; ];
public static $imagePositions = [ public static $imagePositions = [
'top left' => 'En haut à gauche', 'top left' => 'En haut à gauche',
@ -249,21 +250,24 @@ class theme extends common
{ {
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
$this->setData(['admin', [ $this->setData([
'backgroundColor' => $this->getInput('adminBackgroundColor'), 'admin',
'colorTitle' => $this->getInput('adminColorTitle'), [
'colorText' => $this->getInput('adminColorText'), 'backgroundColor' => $this->getInput('adminBackgroundColor'),
'backgroundColorButton' => $this->getInput('adminColorButton'), 'colorTitle' => $this->getInput('adminColorTitle'),
'backgroundColorButtonGrey' => $this->getInput('adminColorGrey'), 'colorText' => $this->getInput('adminColorText'),
'backgroundColorButtonRed' => $this->getInput('adminColorRed'), 'backgroundColorButton' => $this->getInput('adminColorButton'),
'backgroundColorButtonGreen' => $this->getInput('adminColorGreen'), 'backgroundColorButtonGrey' => $this->getInput('adminColorGrey'),
'backgroundColorButtonHelp' => $this->getInput('adminColorHelp'), 'backgroundColorButtonRed' => $this->getInput('adminColorRed'),
'fontText' => $this->getInput('adminFontText'), 'backgroundColorButtonGreen' => $this->getInput('adminColorGreen'),
'fontSize' => $this->getInput('adminFontTextSize'), 'backgroundColorButtonHelp' => $this->getInput('adminColorHelp'),
'fontTitle' => $this->getInput('adminFontTitle'), 'fontText' => $this->getInput('adminFontText'),
'backgroundBlockColor' => $this->getInput('adminBackGroundBlockColor'), 'fontSize' => $this->getInput('adminFontTextSize'),
'borderBlockColor' => $this->getInput('adminBorderBlockColor'), 'fontTitle' => $this->getInput('adminFontTitle'),
]]); 'backgroundBlockColor' => $this->getInput('adminBackGroundBlockColor'),
'borderBlockColor' => $this->getInput('adminBorderBlockColor'),
]
]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'notification' => helper::translate('Modifications enregistrées'), 'notification' => helper::translate('Modifications enregistrées'),
@ -318,16 +322,20 @@ class theme extends common
{ {
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
$this->setData(['theme', 'body', [ $this->setData([
'backgroundColor' => $this->getInput('themeBodyBackgroundColor'), 'theme',
'image' => $this->getInput('themeBodyImage'), 'body',
'imageAttachment' => $this->getInput('themeBodyImageAttachment'), [
'imagePosition' => $this->getInput('themeBodyImagePosition'), 'backgroundColor' => $this->getInput('themeBodyBackgroundColor'),
'imageRepeat' => $this->getInput('themeBodyImageRepeat'), 'image' => $this->getInput('themeBodyImage'),
'imageSize' => $this->getInput('themeBodyImageSize'), 'imageAttachment' => $this->getInput('themeBodyImageAttachment'),
'toTopbackgroundColor' => $this->getInput('themeBodyToTopBackground'), 'imagePosition' => $this->getInput('themeBodyImagePosition'),
'toTopColor' => $this->getInput('themeBodyToTopColor') 'imageRepeat' => $this->getInput('themeBodyImageRepeat'),
]]); 'imageSize' => $this->getInput('themeBodyImageSize'),
'toTopbackgroundColor' => $this->getInput('themeBodyToTopBackground'),
'toTopColor' => $this->getInput('themeBodyToTopColor')
]
]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'notification' => helper::translate('Modifications enregistrées'), 'notification' => helper::translate('Modifications enregistrées'),
@ -364,34 +372,38 @@ class theme extends common
'state' => false 'state' => false
]); ]);
} else { } else {
$this->setData(['theme', 'footer', [ $this->setData([
'backgroundColor' => $this->getInput('themeFooterBackgroundColor'), 'theme',
'copyrightAlign' => $this->getInput('themeFooterCopyrightAlign'), 'footer',
'height' => $this->getInput('themeFooterHeight'), [
'loginLink' => $this->getInput('themeFooterLoginLink'), 'backgroundColor' => $this->getInput('themeFooterBackgroundColor'),
'margin' => $this->getInput('themeFooterMargin', helper::FILTER_BOOLEAN), 'copyrightAlign' => $this->getInput('themeFooterCopyrightAlign'),
'position' => $this->getInput('themeFooterPosition'), 'height' => $this->getInput('themeFooterHeight'),
'fixed' => $this->getInput('themeFooterFixed', helper::FILTER_BOOLEAN), 'loginLink' => $this->getInput('themeFooterLoginLink'),
'socialsAlign' => $this->getInput('themeFooterSocialsAlign'), 'margin' => $this->getInput('themeFooterMargin', helper::FILTER_BOOLEAN),
'text' => $this->getInput('themeFooterText', null), 'position' => $this->getInput('themeFooterPosition'),
'textAlign' => $this->getInput('themeFooterTextAlign'), 'fixed' => $this->getInput('themeFooterFixed', helper::FILTER_BOOLEAN),
'textColor' => $this->getInput('themeFooterTextColor'), 'socialsAlign' => $this->getInput('themeFooterSocialsAlign'),
'copyrightPosition' => $this->getInput('themeFooterCopyrightPosition'), 'text' => $this->getInput('themeFooterText', null),
'textPosition' => $this->getInput('themeFooterTextPosition'), 'textAlign' => $this->getInput('themeFooterTextAlign'),
'socialsPosition' => $this->getInput('themeFooterSocialsPosition'), 'textColor' => $this->getInput('themeFooterTextColor'),
'textTransform' => $this->getInput('themeFooterTextTransform'), 'copyrightPosition' => $this->getInput('themeFooterCopyrightPosition'),
'font' => $this->getInput('themeFooterFont'), 'textPosition' => $this->getInput('themeFooterTextPosition'),
'fontSize' => $this->getInput('themeFooterFontSize'), 'socialsPosition' => $this->getInput('themeFooterSocialsPosition'),
'fontWeight' => $this->getInput('themeFooterFontWeight'), 'textTransform' => $this->getInput('themeFooterTextTransform'),
'displayVersion' => $this->getInput('themefooterDisplayVersion', helper::FILTER_BOOLEAN), 'font' => $this->getInput('themeFooterFont'),
'displaySiteMap' => $this->getInput('themefooterDisplaySiteMap', helper::FILTER_BOOLEAN), 'fontSize' => $this->getInput('themeFooterFontSize'),
'displayCopyright' => $this->getInput('themefooterDisplayCopyright', helper::FILTER_BOOLEAN), 'fontWeight' => $this->getInput('themeFooterFontWeight'),
'displayCookie' => $this->getInput('themefooterDisplayCookie', helper::FILTER_BOOLEAN), 'displayVersion' => $this->getInput('themefooterDisplayVersion', helper::FILTER_BOOLEAN),
'displayLegal' => $this->getInput('themeFooterDisplayLegal', helper::FILTER_BOOLEAN), 'displaySiteMap' => $this->getInput('themefooterDisplaySiteMap', helper::FILTER_BOOLEAN),
'displaySearch' => $this->getInput('themeFooterDisplaySearch', helper::FILTER_BOOLEAN), 'displayCopyright' => $this->getInput('themefooterDisplayCopyright', helper::FILTER_BOOLEAN),
'memberBar' => $this->getInput('themeFooterMemberBar', helper::FILTER_BOOLEAN), 'displayCookie' => $this->getInput('themefooterDisplayCookie', helper::FILTER_BOOLEAN),
'template' => $this->getInput('themeFooterTemplate') 'displayLegal' => $this->getInput('themeFooterDisplayLegal', helper::FILTER_BOOLEAN),
]]); 'displaySearch' => $this->getInput('themeFooterDisplaySearch', helper::FILTER_BOOLEAN),
'memberBar' => $this->getInput('themeFooterMemberBar', helper::FILTER_BOOLEAN),
'template' => $this->getInput('themeFooterTemplate')
]
]);
// Sauvegarder la configuration localisée // Sauvegarder la configuration localisée
$this->setData(['locale', 'legalPageId', $this->getInput('configLegalPageId')]); $this->setData(['locale', 'legalPageId', $this->getInput('configLegalPageId')]);
@ -453,29 +465,33 @@ class theme extends common
} }
// Sauvegarder // Sauvegarder
$this->setData(['theme', 'header', [ $this->setData([
'backgroundColor' => $this->getInput('themeHeaderBackgroundColor'), 'theme',
'font' => $this->getInput('themeHeaderFont'), 'header',
'fontSize' => $this->getInput('themeHeaderFontSize'), [
'fontWeight' => $this->getInput('themeHeaderFontWeight'), 'backgroundColor' => $this->getInput('themeHeaderBackgroundColor'),
'height' => $this->getInput('themeHeaderHeight'), 'font' => $this->getInput('themeHeaderFont'),
'wide' => $this->getInput('themeHeaderWide'), 'fontSize' => $this->getInput('themeHeaderFontSize'),
'image' => $this->getInput('themeHeaderImage'), 'fontWeight' => $this->getInput('themeHeaderFontWeight'),
'imagePosition' => $this->getInput('themeHeaderImagePosition'), 'height' => $this->getInput('themeHeaderHeight'),
'imageRepeat' => $this->getInput('themeHeaderImageRepeat'), 'wide' => $this->getInput('themeHeaderWide'),
'margin' => $this->getInput('themeHeaderMargin', helper::FILTER_BOOLEAN), 'image' => $this->getInput('themeHeaderImage'),
'position' => $this->getInput('themeHeaderPosition'), 'imagePosition' => $this->getInput('themeHeaderImagePosition'),
'textAlign' => $this->getInput('themeHeaderTextAlign'), 'imageRepeat' => $this->getInput('themeHeaderImageRepeat'),
'textColor' => $this->getInput('themeHeaderTextColor'), 'margin' => $this->getInput('themeHeaderMargin', helper::FILTER_BOOLEAN),
'textHide' => $this->getInput('themeHeaderTextHide', helper::FILTER_BOOLEAN), 'position' => $this->getInput('themeHeaderPosition'),
'textTransform' => $this->getInput('themeHeaderTextTransform'), 'textAlign' => $this->getInput('themeHeaderTextAlign'),
'linkHomePage' => $this->getInput('themeHeaderlinkHomePage', helper::FILTER_BOOLEAN), 'textColor' => $this->getInput('themeHeaderTextColor'),
'imageContainer' => $this->getInput('themeHeaderImageContainer'), 'textHide' => $this->getInput('themeHeaderTextHide', helper::FILTER_BOOLEAN),
'tinyHidden' => $this->getInput('themeHeaderTinyHidden', helper::FILTER_BOOLEAN), 'textTransform' => $this->getInput('themeHeaderTextTransform'),
'feature' => $this->getInput('themeHeaderFeature'), 'linkHomePage' => $this->getInput('themeHeaderlinkHomePage', helper::FILTER_BOOLEAN),
'featureContent' => $featureContent, 'imageContainer' => $this->getInput('themeHeaderImageContainer'),
'featureFiles' => $files 'tinyHidden' => $this->getInput('themeHeaderTinyHidden', helper::FILTER_BOOLEAN),
]]); 'feature' => $this->getInput('themeHeaderFeature'),
'featureContent' => $featureContent,
'featureFiles' => $files
]
]);
// Modification de la position du menu selon la position de la bannière // Modification de la position du menu selon la position de la bannière
if ($this->getData(['theme', 'header', 'position']) == 'site') { if ($this->getData(['theme', 'header', 'position']) == 'site') {
$this->setData(['theme', 'menu', 'position', str_replace('body-', 'site-', $this->getData(['theme', 'menu', 'position']))]); $this->setData(['theme', 'menu', 'position', str_replace('body-', 'site-', $this->getData(['theme', 'menu', 'position']))]);
@ -535,30 +551,34 @@ class theme extends common
{ {
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
$this->setData(['theme', 'menu', [ $this->setData([
'backgroundColor' => $this->getInput('themeMenuBackgroundColor'), 'theme',
'backgroundColorSub' => $this->getInput('themeMenuBackgroundColorSub'), 'menu',
'font' => $this->getInput('themeMenuFont'), [
'fontSize' => $this->getInput('themeMenuFontSize'), 'backgroundColor' => $this->getInput('themeMenuBackgroundColor'),
'fontWeight' => $this->getInput('themeMenuFontWeight'), 'backgroundColorSub' => $this->getInput('themeMenuBackgroundColorSub'),
'height' => $this->getInput('themeMenuHeight'), 'font' => $this->getInput('themeMenuFont'),
'wide' => $this->getInput('themeMenuWide'), 'fontSize' => $this->getInput('themeMenuFontSize'),
'loginLink' => $this->getInput('themeMenuLoginLink', helper::FILTER_BOOLEAN), 'fontWeight' => $this->getInput('themeMenuFontWeight'),
'margin' => $this->getInput('themeMenuMargin', helper::FILTER_BOOLEAN), 'height' => $this->getInput('themeMenuHeight'),
'position' => $this->getInput('themeMenuPosition'), 'wide' => $this->getInput('themeMenuWide'),
'textAlign' => $this->getInput('themeMenuTextAlign'), 'loginLink' => $this->getInput('themeMenuLoginLink', helper::FILTER_BOOLEAN),
'textColor' => $this->getInput('themeMenuTextColor'), 'margin' => $this->getInput('themeMenuMargin', helper::FILTER_BOOLEAN),
'textTransform' => $this->getInput('themeMenuTextTransform'), 'position' => $this->getInput('themeMenuPosition'),
'fixed' => $this->getInput('themeMenuFixed', helper::FILTER_BOOLEAN), 'textAlign' => $this->getInput('themeMenuTextAlign'),
'activeColorAuto' => $this->getInput('themeMenuActiveColorAuto', helper::FILTER_BOOLEAN), 'textColor' => $this->getInput('themeMenuTextColor'),
'activeColor' => $this->getInput('themeMenuActiveColor'), 'textTransform' => $this->getInput('themeMenuTextTransform'),
'activeTextColor' => $this->getInput('themeMenuActiveTextColor'), 'fixed' => $this->getInput('themeMenuFixed', helper::FILTER_BOOLEAN),
'radius' => $this->getInput('themeMenuRadius'), 'activeColorAuto' => $this->getInput('themeMenuActiveColorAuto', helper::FILTER_BOOLEAN),
'burgerTitle' => $this->getInput('themeMenuBurgerTitle', helper::FILTER_BOOLEAN), 'activeColor' => $this->getInput('themeMenuActiveColor'),
'memberBar' => $this->getInput('themeMenuMemberBar', helper::FILTER_BOOLEAN), 'activeTextColor' => $this->getInput('themeMenuActiveTextColor'),
'burgerLogo' => $this->getInput('themeMenuBurgerLogo'), 'radius' => $this->getInput('themeMenuRadius'),
'burgerContent' => $this->getInput('themeMenuBurgerContent') 'burgerTitle' => $this->getInput('themeMenuBurgerTitle', helper::FILTER_BOOLEAN),
]]); 'memberBar' => $this->getInput('themeMenuMemberBar', helper::FILTER_BOOLEAN),
'burgerLogo' => $this->getInput('themeMenuBurgerLogo'),
'burgerContent' => $this->getInput('themeMenuBurgerContent')
]
]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'notification' => helper::translate('Modifications enregistrées'), 'notification' => helper::translate('Modifications enregistrées'),
@ -591,19 +611,19 @@ class theme extends common
// Polices liées au thème // Polices liées au thème
$used = [ $used = [
'Bannière' => $this->getData(['theme', 'header', 'font']), 'Bannière' => $this->getData(['theme', 'header', 'font']),
'Menu' => $this->getData(['theme', 'menu', 'font']), 'Menu' => $this->getData(['theme', 'menu', 'font']),
'Titre ' => $this->getData(['theme', 'title', 'font']), 'Titre ' => $this->getData(['theme', 'title', 'font']),
'Texte' => $this->getData(['theme', 'text', 'font']), 'Texte' => $this->getData(['theme', 'text', 'font']),
'Pied de page' => $this->getData(['theme', 'footer', 'font']), 'Pied de page' => $this->getData(['theme', 'footer', 'font']),
'Titre (admin)' => $this->getData(['admin', 'fontTitle']), 'Titre (admin)' => $this->getData(['admin', 'fontTitle']),
'Admin (texte)' => $this->getData(['admin', 'fontText']) 'Admin (texte)' => $this->getData(['admin', 'fontText'])
]; ];
// Récupérer le détail des fontes installées // Récupérer le détail des fontes installées
//$f = $this->getFonts(); //$f = $this->getFonts();
$f['files'] = $this->getData(['font', 'files']); $f['files'] = $this->getData(['font', 'files']);
$f['imported'] = $this->getData(['font', 'imported']); $f['imported'] = $this->getData(['font', 'imported']);
$f['websafe'] = self::$fontsWebSafe; $f['websafe'] = self::$fontsWebSafe;
// Parcourir les fontes disponibles et construire le tableau pour le formulaire // Parcourir les fontes disponibles et construire le tableau pour le formulaire
@ -614,7 +634,7 @@ class theme extends common
$fontUsed[$fontId] = ''; $fontUsed[$fontId] = '';
foreach ($used as $key => $value) { foreach ($used as $key => $value) {
if ($value === $fontId) { if ($value === $fontId) {
$fontUsed[$fontId] .= $key . '<br/>'; $fontUsed[$fontId] .= $key . '<br/>';
} }
} }
self::$fontsDetail[] = [ self::$fontsDetail[] = [
@ -623,20 +643,20 @@ class theme extends common
$f[$type][$fontId]['font-family'], $f[$type][$fontId]['font-family'],
$fontUsed[$fontId], $fontUsed[$fontId],
$type, $type,
$type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [ $type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [
'class' => 'themeFontEdit', 'class' => 'themeFontEdit',
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId, 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId,
'value' => template::ico('pencil'), 'value' => template::ico('pencil'),
'disabled' => !empty($fontUsed[$fontId]) 'disabled' => !empty($fontUsed[$fontId])
]) ])
: '', : '',
$type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [ $type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [
'class' => 'themeFontDelete buttonRed', 'class' => 'themeFontDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId, 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId,
'value' => template::ico('cancel'), 'value' => template::ico('cancel'),
'disabled' => !empty($fontUsed[$fontId]) 'disabled' => !empty($fontUsed[$fontId])
]) ])
: '' : ''
]; ];
} }
} }
@ -663,7 +683,7 @@ class theme extends common
if (!empty($ressource)) { if (!empty($ressource)) {
$fontId = $this->getInput('fontAddFontId', null, true); $fontId = $this->getInput('fontAddFontId', null, true);
$fontName = $this->getInput('fontAddFontName', null, true); $fontName = $this->getInput('fontAddFontName', null, true);
$fontFamilyName = $this->getInput('fontAddFontFamilyName', null, true); $fontFamilyName = $this->getInput('fontAddFontFamilyName', null, true);
// Remplace les doubles quotes par des simples quotes // Remplace les doubles quotes par des simples quotes
$fontFamilyName = str_replace('"', '\'', $fontFamilyName); $fontFamilyName = str_replace('"', '\'', $fontFamilyName);
@ -676,7 +696,8 @@ class theme extends common
$this->setData([ $this->setData([
'font', 'font',
$type, $type,
$fontId, [ $fontId,
[
'name' => $fontName, 'name' => $fontName,
'font-family' => $fontFamilyName, 'font-family' => $fontFamilyName,
'resource' => $ressource 'resource' => $ressource
@ -724,10 +745,10 @@ class theme extends common
if ($this->isPost()) { if ($this->isPost()) {
// Type d'import en ligne ou local // Type d'import en ligne ou local
$type = $this->getInput('fontEditUrl', helper::FILTER_BOOLEAN) ? 'imported' : 'files'; $type = $this->getInput('fontEditUrl', helper::FILTER_BOOLEAN) ? 'imported' : 'files';
$ressource = $type === 'imported' ? $this->getInput('fontEditUrl', null) : $this->getInput('fontEditFile', null); $ressource = $type === 'imported' ? $this->getInput('fontEditUrl', null) : $this->getInput('fontEditFile', null);
$fontId = $this->getInput('fontEditFontId', null, true); $fontId = $this->getInput('fontEditFontId', null, true);
$fontName = $this->getInput('fontEditFontName', null, true); $fontName = $this->getInput('fontEditFontName', null, true);
$fontFamilyName = $this->getInput('fontEditFontFamilyName', null, true); $fontFamilyName = $this->getInput('fontEditFontFamilyName', null, true);
// Remplace les doubles quotes par des simples quotes // Remplace les doubles quotes par des simples quotes
$fontFamilyName = str_replace('"', '\'', $fontFamilyName); $fontFamilyName = str_replace('"', '\'', $fontFamilyName);
@ -741,7 +762,8 @@ class theme extends common
$this->setData([ $this->setData([
'font', 'font',
$type, $type,
$fontId, [ $fontId,
[
'name' => $fontName, 'name' => $fontName,
'font-family' => $fontFamilyName, 'font-family' => $fontFamilyName,
'resource' => $ressource 'resource' => $ressource
@ -775,11 +797,14 @@ class theme extends common
public function fontDelete() public function fontDelete()
{ {
// Action interdite // Action interdite
if ($this->checkCSRF()) { if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->checkCSRF()
) {
// Valeurs en sortie
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'theme/fonts', 'access' => false
'notification' => helper::translate('Action interdite')
]); ]);
} }
// Suppression // Suppression
@ -798,7 +823,7 @@ class theme extends common
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'theme/fonts', 'redirect' => helper::baseUrl() . 'theme/fonts',
'notification' => helper::translate('Fonte supprimée'), 'notification' => helper::translate('Fonte supprimée'),
'state' => true 'state' => true
]); ]);
@ -811,32 +836,41 @@ class theme extends common
*/ */
public function reset() public function reset()
{ {
// Réinitialisation // Action interdite
$redirect = ''; if (
switch ($this->getUrl(2)) { $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
case 'admin': ) {
$this->initData('admin', self::$i18nUI); // Valeurs en sortie
$redirect = helper::baseUrl() . 'theme/admin'; $this->addOutput([
break; 'access' => false
case 'manage': ]);
$this->initData('theme', self::$i18nUI); } else {
$redirect = helper::baseUrl() . 'theme/manage'; // Réinitialisation
break; $redirect = '';
case 'custom': switch ($this->getUrl(2)) {
unlink(self::DATA_DIR . 'custom.css'); case 'admin':
$redirect = helper::baseUrl() . 'theme/advanced'; $this->initData('admin', self::$i18nUI);
break; $redirect = helper::baseUrl() . 'theme/admin';
default: break;
$redirect = helper::baseUrl() . 'theme'; case 'manage':
$this->initData('theme', self::$i18nUI);
$redirect = helper::baseUrl() . 'theme/manage';
break;
case 'custom':
unlink(self::DATA_DIR . 'custom.css');
$redirect = helper::baseUrl() . 'theme/advanced';
break;
default:
$redirect = helper::baseUrl() . 'theme';
}
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Thème réinitialisé'),
'redirect' => $redirect,
'state' => true
]);
} }
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Thème réinitialisé'),
'redirect' => $redirect,
'state' => true
]);
} }
@ -847,32 +881,52 @@ class theme extends common
{ {
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
$this->setData(['theme', 'title', [ $this->setData([
'font' => $this->getInput('themeTitleFont'), 'theme',
'textColor' => $this->getInput('themeTitleTextColor'), 'title',
'fontWeight' => $this->getInput('themeTitleFontWeight'), [
'textTransform' => $this->getInput('themeTitleTextTransform') 'font' => $this->getInput('themeTitleFont'),
]]); 'textColor' => $this->getInput('themeTitleTextColor'),
$this->setData(['theme', 'text', [ 'fontWeight' => $this->getInput('themeTitleFontWeight'),
'font' => $this->getInput('themeTextFont'), 'textTransform' => $this->getInput('themeTitleTextTransform')
'fontSize' => $this->getInput('themeTextFontSize'), ]
'textColor' => $this->getInput('themeTextTextColor'), ]);
'linkColor' => $this->getInput('themeTextLinkColor') $this->setData([
]]); 'theme',
$this->setData(['theme', 'site', [ 'text',
'backgroundColor' => $this->getInput('themeSiteBackgroundColor'), [
'radius' => $this->getInput('themeSiteRadius'), 'font' => $this->getInput('themeTextFont'),
'shadow' => $this->getInput('themeSiteShadow'), 'fontSize' => $this->getInput('themeTextFontSize'),
'width' => $this->getInput('themeSiteWidth'), 'textColor' => $this->getInput('themeTextTextColor'),
'margin' => $this->getInput('themeSiteMargin', helper::FILTER_BOOLEAN) 'linkColor' => $this->getInput('themeTextLinkColor')
]]); ]
$this->setData(['theme', 'button', [ ]);
'backgroundColor' => $this->getInput('themeButtonBackgroundColor') $this->setData([
]]); 'theme',
$this->setData(['theme', 'block', [ 'site',
'backgroundColor' => $this->getInput('themeBlockBackgroundColor'), [
'borderColor' => $this->getInput('themeBlockBorderColor') 'backgroundColor' => $this->getInput('themeSiteBackgroundColor'),
]]); 'radius' => $this->getInput('themeSiteRadius'),
'shadow' => $this->getInput('themeSiteShadow'),
'width' => $this->getInput('themeSiteWidth'),
'margin' => $this->getInput('themeSiteMargin', helper::FILTER_BOOLEAN)
]
]);
$this->setData([
'theme',
'button',
[
'backgroundColor' => $this->getInput('themeButtonBackgroundColor')
]
]);
$this->setData([
'theme',
'block',
[
'backgroundColor' => $this->getInput('themeBlockBackgroundColor'),
'borderColor' => $this->getInput('themeBlockBorderColor')
]
]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'notification' => helper::translate('Modifications enregistrées'), 'notification' => helper::translate('Modifications enregistrées'),
@ -902,7 +956,7 @@ class theme extends common
{ {
if ($this->isPost()) { if ($this->isPost()) {
$zipFilename = $this->getInput('themeManageImport', helper::FILTER_STRING_SHORT, true); $zipFilename = $this->getInput('themeManageImport', helper::FILTER_STRING_SHORT, true);
$data = $this->import(self::FILE_DIR . 'source/' . $zipFilename); $data = $this->import(self::FILE_DIR . 'source/' . $zipFilename);
if ($data['success']) { if ($data['success']) {
header("Refresh:0"); header("Refresh:0");
@ -913,7 +967,8 @@ class theme extends common
'notification' => $data['notification'], 'notification' => $data['notification'],
'state' => $data['success'], 'state' => $data['success'],
'view' => 'manage' 'view' => 'manage'
]);; ]);
;
} }
} }
// Valeurs en sortie // Valeurs en sortie
@ -1015,18 +1070,28 @@ class theme extends common
*/ */
public function export() public function export()
{ {
// Make zip // Action interdite
$zipFilename = $this->zipTheme($this->getUrl(2)); if (
// Téléchargement du ZIP $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
header('Content-Description: File Transfer'); ) {
header('Content-Type: application/octet-stream'); // Valeurs en sortie
header('Content-Transfer-Encoding: binary'); $this->addOutput([
header('Content-Disposition: attachment; filename="' . $zipFilename . '"'); 'access' => false
header('Content-Length: ' . filesize(self::TEMP_DIR . $zipFilename)); ]);
readfile(self::TEMP_DIR . $zipFilename); } else {
// Nettoyage du dossier // Make zip
unlink(self::TEMP_DIR . $zipFilename); $zipFilename = $this->zipTheme($this->getUrl(2));
exit(); // Téléchargement du ZIP
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Transfer-Encoding: binary');
header('Content-Disposition: attachment; filename="' . $zipFilename . '"');
header('Content-Length: ' . filesize(self::TEMP_DIR . $zipFilename));
readfile(self::TEMP_DIR . $zipFilename);
// Nettoyage du dossier
unlink(self::TEMP_DIR . $zipFilename);
exit();
}
} }
/** /**
@ -1034,21 +1099,31 @@ class theme extends common
*/ */
public function save() public function save()
{ {
// Make zip // Action interdite
$zipFilename = $this->zipTheme($this->getUrl(2)); if (
// Téléchargement du ZIP $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
if (!is_dir(self::FILE_DIR . 'source/theme')) { ) {
mkdir(self::FILE_DIR . 'source/theme', 0755); // Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Make zip
$zipFilename = $this->zipTheme($this->getUrl(2));
// Téléchargement du ZIP
if (!is_dir(self::FILE_DIR . 'source/theme')) {
mkdir(self::FILE_DIR . 'source/theme', 0755);
}
copy(self::TEMP_DIR . $zipFilename, self::FILE_DIR . 'source/theme/' . $zipFilename);
// Nettoyage du dossier
unlink(self::TEMP_DIR . $zipFilename);
// Valeurs en sortie
$this->addOutput([
'notification' => '<b>' . $zipFilename . '</b>' . helper::translate('sauvegardé avec succès'),
'redirect' => helper::baseUrl() . 'theme/manage',
'state' => true
]);
} }
copy(self::TEMP_DIR . $zipFilename, self::FILE_DIR . 'source/theme/' . $zipFilename);
// Nettoyage du dossier
unlink(self::TEMP_DIR . $zipFilename);
// Valeurs en sortie
$this->addOutput([
'notification' => '<b>' . $zipFilename . '</b>'. helper::translate('sauvegardé avec succès'),
'redirect' => helper::baseUrl() . 'theme/manage',
'state' => true
]);
} }
/** /**
@ -1058,7 +1133,7 @@ class theme extends common
private function zipTheme($modele) private function zipTheme($modele)
{ {
// Creation du dossier // Creation du dossier
$zipFilename = $modele . date('Y-m-d-H-i-s', time()) . '.zip'; $zipFilename = $modele . date('Y-m-d-H-i-s', time()) . '.zip';
$zip = new ZipArchive(); $zip = new ZipArchive();
if ($zip->open(self::TEMP_DIR . $zipFilename, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { if ($zip->open(self::TEMP_DIR . $zipFilename, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) {
switch ($modele) { switch ($modele) {
@ -1185,8 +1260,8 @@ class theme extends common
* id - nom * id - nom
* id - font-family - resource * id - font-family - resource
*/ */
$f['files'] = $this->getData(['font', 'files']); $f['files'] = $this->getData(['font', 'files']);
$f['imported'] = $this->getData(['font', 'imported']); $f['imported'] = $this->getData(['font', 'imported']);
$f['websafe'] = self::$fontsWebSafe; $f['websafe'] = self::$fontsWebSafe;
// Construit un tableau avec leur ID et leur famille // Construit un tableau avec leur ID et leur famille
foreach (['websafe', 'imported', 'files'] as $type) { foreach (['websafe', 'imported', 'files'] as $type) {
@ -1211,7 +1286,7 @@ class theme extends common
// Filtrage par fontes installées // Filtrage par fontes installées
$fontsInstalled = [ $fontsInstalled = [
$this->getData(['theme', 'text', 'font']), $this->getData(['theme', 'text', 'font']),
$this->getData(['theme', 'title', 'font']), $this->getData(['theme', 'title', 'font']),
$this->getData(['theme', 'header', 'font']), $this->getData(['theme', 'header', 'font']),
$this->getData(['theme', 'menu', 'font']), $this->getData(['theme', 'menu', 'font']),
@ -1232,13 +1307,13 @@ class theme extends common
foreach ($this->getData(['font', 'imported']) as $fontId => $fontValue) { foreach ($this->getData(['font', 'imported']) as $fontId => $fontValue) {
if ( if (
($scope === 'user' && in_array($fontId, $fontsInstalled)) ($scope === 'user' && in_array($fontId, $fontsInstalled))
|| $scope === 'all' || $scope === 'all'
) { ) {
//Pré chargement à revoir //Pré chargement à revoir
//$fileContent .= '<link rel="preload" href="' . $fontValue['resource'] . '" crossorigin="anonymous" as="style">'; //$fileContent .= '<link rel="preload" href="' . $fontValue['resource'] . '" crossorigin="anonymous" as="style">';
$fileContent .= '<link href="' . $fontValue['resource'] . '" rel="stylesheet">'; $fileContent .= '<link href="' . $fontValue['resource'] . '" rel="stylesheet">';
// Pré connect pour api.google // Pré connect pour api.google
$gf = strpos($fontValue['resource'], 'fonts.googleapis.com') === false ? $gf || false : $gf || true; $gf = strpos($fontValue['resource'], 'fonts.googleapis.com') === false ? $gf || false : $gf || true;
} }
} }
} }
@ -1257,16 +1332,16 @@ class theme extends common
foreach ($this->getData(['font', 'files']) as $fontId => $fontValue) { foreach ($this->getData(['font', 'files']) as $fontId => $fontValue) {
if ( if (
($scope === 'user' && in_array($fontId, $fontsInstalled)) ($scope === 'user' && in_array($fontId, $fontsInstalled))
|| $scope === 'all' || $scope === 'all'
) { ) {
if (file_exists(self::DATA_DIR . 'font/' . $fontValue['resource'])) { if (file_exists(self::DATA_DIR . 'font/' . $fontValue['resource'])) {
// Extension // Extension
$path_parts = pathinfo(helper::baseUrl(false) . self::DATA_DIR . 'font/' . $fontValue['resource']); $path_parts = pathinfo(helper::baseUrl(false) . self::DATA_DIR . 'font/' . $fontValue['resource']);
// Chargement de la police // Chargement de la police
$fileContentCss .= '@font-face {'; $fileContentCss .= '@font-face {';
$fileContentCss .= 'font-family:"' . $fontValue['name'] . '";'; $fileContentCss .= 'font-family:"' . $fontValue['name'] . '";';
$fileContentCss .= 'src: url("' . $fontValue['resource'] . '") format("' . $path_parts['extension'] . '");'; $fileContentCss .= 'src: url("' . $fontValue['resource'] . '") format("' . $path_parts['extension'] . '");';
$fileContentCss .= '}'; $fileContentCss .= '}';
// Préchargement // Préchargement
//$fileContent = '<link rel="preload" href="' . self::DATA_DIR . 'font/' . $fontValue['resource'] . '" type="font/woff" crossorigin="anonymous" as="font">' . $fileContent; //$fileContent = '<link rel="preload" href="' . self::DATA_DIR . 'font/' . $fontValue['resource'] . '" type="font/woff" crossorigin="anonymous" as="font">' . $fileContent;
} }
@ -1277,6 +1352,6 @@ class theme extends common
// Enregistre la personnalisation // Enregistre la personnalisation
file_put_contents(self::DATA_DIR . 'font/font.html', $fileContent); file_put_contents(self::DATA_DIR . 'font/font.html', $fileContent);
// Enregistre la personnalisation // Enregistre la personnalisation
file_put_contents(self::DATA_DIR . 'font/font.css', $fileContentCss); file_put_contents(self::DATA_DIR . 'font/font.css', $fileContentCss);
} }
} }

288
core/module/user/user.php
View File

@ -184,7 +184,7 @@ class user extends common
{ {
// Accès refusé // Accès refusé
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false || $this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
// L'utilisateur n'existe pas // L'utilisateur n'existe pas
$this->getData(['user', $this->getUrl(2)]) === null $this->getData(['user', $this->getUrl(2)]) === null
// Groupe insuffisant // Groupe insuffisant
@ -231,152 +231,150 @@ class user extends common
public function edit() public function edit()
{ {
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'user',
'notification' => helper::translate('Action interdite')
]);
}
// Accès refusé
if (
// L'utilisateur n'existe pas
$this->getData(['user', $this->getUrl(2)]) === null
// Droit d'édition
and (
// Impossible de s'auto-éditer
($this->getUser('id') === $this->getUrl(2)
and $this->getUrl('group') <= self::GROUP_VISITOR
)
// Impossible d'éditer un autre utilisateur
or ($this->getUrl('group') < self::GROUP_MODERATOR)
)
) { ) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} } else {
// Accès autorisé if (
else { // L'utilisateur n'existe pas
// Soumission du formulaire $this->getData(['user', $this->getUrl(2)]) === null
if ($this->isPost()) { // Droit d'édition
// Double vérification pour le mot de passe and (
$newPassword = $this->getData(['user', $this->getUrl(2), 'password']); // Impossible de s'auto-éditer
if ($this->getInput('userEditNewPassword')) { ($this->getUser('id') === $this->getUrl(2)
// L'ancien mot de passe est correct and $this->getUrl('group') <= self::GROUP_VISITOR
if (password_verify(html_entity_decode($this->getInput('userEditOldPassword')), $this->getData(['user', $this->getUrl(2), 'password']))) { )
// La confirmation correspond au mot de passe // Impossible d'éditer un autre utilisateur
if ($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) { or ($this->getUrl('group') < self::GROUP_MODERATOR)
$newPassword = $this->getInput('userEditNewPassword', helper::FILTER_PASSWORD, true); )
// Déconnexion de l'utilisateur si il change le mot de passe de son propre compte ) {
if ($this->getUser('id') === $this->getUrl(2)) {
helper::deleteCookie('ZWII_USER_ID');
helper::deleteCookie('ZWII_USER_PASSWORD');
}
} else {
self::$inputNotices['userEditConfirmPassword'] = helper::translate('Incorrect');
}
} else {
self::$inputNotices['userEditOldPassword'] = helper::translate('Incorrect');
}
}
// Modification du groupe
if (
$this->getUser('group') === self::GROUP_ADMIN
and $this->getUrl(2) !== $this->getUser('id')
) {
$newGroup = $this->getInput('userEditGroup', helper::FILTER_INT, true);
} else {
$newGroup = $this->getData(['user', $this->getUrl(2), 'group']);
}
// Modification de nom Prénom
if ($this->getUser('group') === self::GROUP_ADMIN) {
$newfirstname = $this->getInput('userEditFirstname', helper::FILTER_STRING_SHORT, true);
$newlastname = $this->getInput('userEditLastname', helper::FILTER_STRING_SHORT, true);
} else {
$newfirstname = $this->getData(['user', $this->getUrl(2), 'firstname']);
$newlastname = $this->getData(['user', $this->getUrl(2), 'lastname']);
}
// Profil
$profil = null;
if ($newGroup > 1 || $newGroup < 2) {
$profil = $this->getInput('userEditProfil' . $newGroup, helper::FILTER_INT);
}
// Modifie l'utilisateur
$this->setData([
'user',
$this->getUrl(2),
[
'firstname' => $newfirstname,
'forgot' => 0,
'group' => $newGroup,
'profil' => $profil,
'lastname' => $newlastname,
'pseudo' => $this->getInput('userEditPseudo', helper::FILTER_STRING_SHORT, true),
'signature' => $this->getInput('userEditSignature', helper::FILTER_INT, true),
'mail' => $this->getInput('userEditMail', helper::FILTER_MAIL, true),
'password' => $newPassword,
'connectFail' => $this->getData(['user', $this->getUrl(2), 'connectFail']),
'connectTimeout' => $this->getData(['user', $this->getUrl(2), 'connectTimeout']),
'accessUrl' => $this->getData(['user', $this->getUrl(2), 'accessUrl']),
'accessTimer' => $this->getData(['user', $this->getUrl(2), 'accessTimer']),
'accessCsrf' => $this->getData(['user', $this->getUrl(2), 'accessCsrf']),
'files' => $this->getInput('userEditFiles', helper::FILTER_BOOLEAN),
'language' => $this->getInput('userEditLanguage', helper::FILTER_STRING_SHORT),
]
]);
// Redirection spécifique si l'utilisateur change son mot de passe
if ($this->getUser('id') === $this->getUrl(2) and $this->getInput('userEditNewPassword')) {
$redirect = helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl());
}
// Redirection si retour en arrière possible
elseif ($this->getUser('group') === 3) {
$redirect = helper::baseUrl() . 'user';
}
// Redirection normale
else {
$redirect = helper::baseUrl();
}
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => $redirect, 'access' => false
'notification' => helper::translate('Modifications enregistrées'),
'state' => true
]); ]);
} }
// Accès autorisé
// Langues disponibles pour l'interface de l'utilisateur else {
self::$languagesInstalled = $this->getData(['language']); // Soumission du formulaire
if (self::$languagesInstalled) { if ($this->isPost()) {
foreach (self::$languagesInstalled as $lang => $datas) { // Double vérification pour le mot de passe
self::$languagesInstalled[$lang] = self::$languages[$lang]; $newPassword = $this->getData(['user', $this->getUrl(2), 'password']);
if ($this->getInput('userEditNewPassword')) {
// L'ancien mot de passe est correct
if (password_verify(html_entity_decode($this->getInput('userEditOldPassword')), $this->getData(['user', $this->getUrl(2), 'password']))) {
// La confirmation correspond au mot de passe
if ($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) {
$newPassword = $this->getInput('userEditNewPassword', helper::FILTER_PASSWORD, true);
// Déconnexion de l'utilisateur si il change le mot de passe de son propre compte
if ($this->getUser('id') === $this->getUrl(2)) {
helper::deleteCookie('ZWII_USER_ID');
helper::deleteCookie('ZWII_USER_PASSWORD');
}
} else {
self::$inputNotices['userEditConfirmPassword'] = helper::translate('Incorrect');
}
} else {
self::$inputNotices['userEditOldPassword'] = helper::translate('Incorrect');
}
}
// Modification du groupe
if (
$this->getUser('group') === self::GROUP_ADMIN
and $this->getUrl(2) !== $this->getUser('id')
) {
$newGroup = $this->getInput('userEditGroup', helper::FILTER_INT, true);
} else {
$newGroup = $this->getData(['user', $this->getUrl(2), 'group']);
}
// Modification de nom Prénom
if ($this->getUser('group') === self::GROUP_ADMIN) {
$newfirstname = $this->getInput('userEditFirstname', helper::FILTER_STRING_SHORT, true);
$newlastname = $this->getInput('userEditLastname', helper::FILTER_STRING_SHORT, true);
} else {
$newfirstname = $this->getData(['user', $this->getUrl(2), 'firstname']);
$newlastname = $this->getData(['user', $this->getUrl(2), 'lastname']);
}
// Profil
$profil = null;
if ($newGroup > 1 || $newGroup < 2) {
$profil = $this->getInput('userEditProfil' . $newGroup, helper::FILTER_INT);
}
// Modifie l'utilisateur
$this->setData([
'user',
$this->getUrl(2),
[
'firstname' => $newfirstname,
'forgot' => 0,
'group' => $newGroup,
'profil' => $profil,
'lastname' => $newlastname,
'pseudo' => $this->getInput('userEditPseudo', helper::FILTER_STRING_SHORT, true),
'signature' => $this->getInput('userEditSignature', helper::FILTER_INT, true),
'mail' => $this->getInput('userEditMail', helper::FILTER_MAIL, true),
'password' => $newPassword,
'connectFail' => $this->getData(['user', $this->getUrl(2), 'connectFail']),
'connectTimeout' => $this->getData(['user', $this->getUrl(2), 'connectTimeout']),
'accessUrl' => $this->getData(['user', $this->getUrl(2), 'accessUrl']),
'accessTimer' => $this->getData(['user', $this->getUrl(2), 'accessTimer']),
'accessCsrf' => $this->getData(['user', $this->getUrl(2), 'accessCsrf']),
'files' => $this->getInput('userEditFiles', helper::FILTER_BOOLEAN),
'language' => $this->getInput('userEditLanguage', helper::FILTER_STRING_SHORT),
]
]);
// Redirection spécifique si l'utilisateur change son mot de passe
if ($this->getUser('id') === $this->getUrl(2) and $this->getInput('userEditNewPassword')) {
$redirect = helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl());
}
// Redirection si retour en arrière possible
elseif ($this->getUser('group') === 3) {
$redirect = helper::baseUrl() . 'user';
}
// Redirection normale
else {
$redirect = helper::baseUrl();
}
// Valeurs en sortie
$this->addOutput([
'redirect' => $redirect,
'notification' => helper::translate('Modifications enregistrées'),
'state' => true
]);
} }
// Langues disponibles pour l'interface de l'utilisateur
self::$languagesInstalled = $this->getData(['language']);
if (self::$languagesInstalled) {
foreach (self::$languagesInstalled as $lang => $datas) {
self::$languagesInstalled[$lang] = self::$languages[$lang];
}
}
// Profils disponibles
foreach ($this->getData(['profil']) as $profilId => $profilData) {
if ($profilId < self::GROUP_MEMBER) {
continue;
}
if ($profilId === self::GROUP_ADMIN) {
self::$userProfils[$profilId][self::GROUP_ADMIN] = $profilData['name'];
self::$userProfilsComments[$profilId][self::GROUP_ADMIN] = $profilData['comment'];
continue;
}
foreach ($profilData as $key => $value) {
self::$userProfils[$profilId][$key] = $profilData[$key]['name'];
self::$userProfilsComments[$profilId][$key] = $profilData[$key]['name'] . ' : ' . $profilData[$key]['comment'];
}
}
// Valeurs en sortie
$this->addOutput([
'title' => $this->getData(['user', $this->getUrl(2), 'firstname']) . ' ' . $this->getData(['user', $this->getUrl(2), 'lastname']),
'view' => 'edit'
]);
} }
// Profils disponibles
foreach ($this->getData(['profil']) as $profilId => $profilData) {
if ($profilId < self::GROUP_MEMBER) {
continue;
}
if ($profilId === self::GROUP_ADMIN) {
self::$userProfils[$profilId][self::GROUP_ADMIN] = $profilData['name'];
self::$userProfilsComments[$profilId][self::GROUP_ADMIN] = $profilData['comment'];
continue;
}
foreach ($profilData as $key => $value) {
self::$userProfils[$profilId][$key] = $profilData[$key]['name'];
self::$userProfilsComments[$profilId][$key] = $profilData[$key]['name'] . ' : ' . $profilData[$key]['comment'];
}
}
// Valeurs en sortie
$this->addOutput([
'title' => $this->getData(['user', $this->getUrl(2), 'firstname']) . ' ' . $this->getData(['user', $this->getUrl(2), 'lastname']),
'view' => 'edit'
]);
} }
} }
@ -532,14 +530,12 @@ class user extends common
public function profilEdit() public function profilEdit()
{ {
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false || $this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->checkCSRF() $this->checkCSRF()
) { ) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'user', 'access' => false
'notification' => helper::translate('Action interdite')
]); ]);
} }
@ -547,8 +543,8 @@ class user extends common
if ($this->isPost()) { if ($this->isPost()) {
$this->setData([ $this->setData([
'profil', 'profil',
$this->getInput('profilEditGroup',helper::FILTER_STRING_LONG, true), $this->getInput('profilEditGroup', helper::FILTER_STRING_LONG, true),
$this->getInput('profilEditProfil',helper::FILTER_STRING_LONG, true), $this->getInput('profilEditProfil', helper::FILTER_STRING_LONG, true),
[ [
'name' => $this->getInput('profilEditName', helper::FILTER_STRING_SHORT, true), 'name' => $this->getInput('profilEditName', helper::FILTER_STRING_SHORT, true),
'readonly' => false, 'readonly' => false,
@ -639,7 +635,7 @@ class user extends common
'config' => $this->getInput('profilEditRedirectionConfig', helper::FILTER_BOOLEAN), 'config' => $this->getInput('profilEditRedirectionConfig', helper::FILTER_BOOLEAN),
], ],
'user' => [ 'user' => [
'edit' => $this->getInput('profilEditUserEdit', helper::FILTER_BOOLEAN), 'edit' => $this->getInput('profilEditUserEdit', helper::FILTER_BOOLEAN),
] ]
] ]
]); ]);
@ -774,7 +770,7 @@ class user extends common
'config' => $this->getInput('profilAddRedirectionConfig', helper::FILTER_BOOLEAN), 'config' => $this->getInput('profilAddRedirectionConfig', helper::FILTER_BOOLEAN),
], ],
'user' => [ 'user' => [
'edit' => $this->getInput('profilAddUserEdit', helper::FILTER_BOOLEAN), 'edit' => $this->getInput('profilAddUserEdit', helper::FILTER_BOOLEAN),
] ]
] ]
]); ]);
@ -805,7 +801,7 @@ class user extends common
public function profilDelete() public function profilDelete()
{ {
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false || $this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['profil', $this->getUrl(2), $this->getUrl(3)]) === null $this->getData(['profil', $this->getUrl(2), $this->getUrl(3)]) === null
) { ) {
// Valeurs en sortie // Valeurs en sortie
@ -814,7 +810,7 @@ class user extends common
]); ]);
// Suppression // Suppression
} else { } else {
$this->deleteData([ 'profil', $this->getUrl(2), $this->getUrl(3)]); $this->deleteData(['profil', $this->getUrl(2), $this->getUrl(3)]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/profil', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/profil',

148
module/blog/blog.php
View File

@ -317,53 +317,62 @@ class blog extends common
*/ */
public function comment() public function comment()
{ {
$comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']); if (
self::$commentsDelete = template::button('blogCommentDeleteAll', [ $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
'class' => 'blogCommentDeleteAll buttonRed', ) {
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2), // Valeurs en sortie
'value' => 'Tout effacer' $this->addOutput([
]); 'access' => false
// Ids des commentaires par ordre de création ]);
$commentIds = array_keys(helper::arrayColumn($comments, 'createdOn', 'SORT_DESC')); } else {
// Pagination $comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']);
$pagination = helper::pagination($commentIds, $this->getUrl(), $this->getData(['module', $this->getUrl(0), 'config', 'itemsperPage'])); self::$commentsDelete = template::button('blogCommentDeleteAll', [
// Liste des pages 'class' => 'blogCommentDeleteAll buttonRed',
self::$pages = $pagination['pages']; 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2),
// Commentaires en fonction de la pagination 'value' => 'Tout effacer'
for ($i = $pagination['first']; $i < $pagination['last']; $i++) { ]);
// Met en forme le tableau // Ids des commentaires par ordre de création
$comment = $comments[$commentIds[$i]]; $commentIds = array_keys(helper::arrayColumn($comments, 'createdOn', 'SORT_DESC'));
// Bouton d'approbation // Pagination
$buttonApproval = ''; $pagination = helper::pagination($commentIds, $this->getUrl(), $this->getData(['module', $this->getUrl(0), 'config', 'itemsperPage']));
// Compatibilité avec les commentaires des versions précédentes, les valider // Liste des pages
$comment['approval'] = array_key_exists('approval', $comment) === false ? true : $comment['approval']; self::$pages = $pagination['pages'];
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) { // Commentaires en fonction de la pagination
$buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [ for ($i = $pagination['first']; $i < $pagination['last']; $i++) {
'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed', // Met en forme le tableau
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i], $comment = $comments[$commentIds[$i]];
'value' => $comment['approval'] === true ? 'A' : 'R', // Bouton d'approbation
'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté', $buttonApproval = '';
]); // Compatibilité avec les commentaires des versions précédentes, les valider
$comment['approval'] = array_key_exists('approval', $comment) === false ? true : $comment['approval'];
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) {
$buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [
'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i],
'value' => $comment['approval'] === true ? 'A' : 'R',
'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté',
]);
}
self::$dateFormat = $this->getData(['module', $this->getUrl(0), 'config', 'dateFormat']);
self::$timeFormat = $this->getData(['module', $this->getUrl(0), 'config', 'timeFormat']);
self::$comments[] = [
helper::dateUTF8(self::$dateFormat, $comment['createdOn']) . ' - ' . helper::dateUTF8(self::$timeFormat, $comment['createdOn']),
$comment['content'],
$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
$buttonApproval,
template::button('blogCommentDelete' . $commentIds[$i], [
'class' => 'blogCommentDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i],
'value' => template::ico('trash')
])
];
} }
self::$dateFormat = $this->getData(['module', $this->getUrl(0), 'config', 'dateFormat']); // Valeurs en sortie
self::$timeFormat = $this->getData(['module', $this->getUrl(0), 'config', 'timeFormat']); $this->addOutput([
self::$comments[] = [ 'title' => helper::translate('Gestion des commentaires'),
helper::dateUTF8(self::$dateFormat, $comment['createdOn']) . ' - ' . helper::dateUTF8(self::$timeFormat, $comment['createdOn']), 'view' => 'comment'
$comment['content'], ]);
$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
$buttonApproval,
template::button('blogCommentDelete' . $commentIds[$i], [
'class' => 'blogCommentDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i],
'value' => template::ico('trash')
])
];
} }
// Valeurs en sortie
$this->addOutput([
'title' => helper::translate('Gestion des commentaires'),
'view' => 'comment'
]);
} }
/** /**
@ -372,20 +381,15 @@ class blog extends common
public function commentDelete() public function commentDelete()
{ {
// Le commentaire n'existe pas // Le commentaire n'existe pas
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null) { if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]); $this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]);
@ -403,12 +407,12 @@ class blog extends common
*/ */
public function commentDeleteAll() public function commentDeleteAll()
{ {
// Action interdite if (
if ($this->checkCSRF()) { $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'access' => false
'notification' => 'Action interdite'
]); ]);
} }
// Suppression // Suppression
@ -429,20 +433,15 @@ class blog extends common
public function commentApprove() public function commentApprove()
{ {
// Le commentaire n'existe pas // Le commentaire n'existe pas
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null) { if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Inversion du statut // Inversion du statut
else { else {
$approved = !$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3), 'approval']); $approved = !$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3), 'approval']);
@ -593,8 +592,9 @@ class blog extends common
public function delete() public function delete()
{ {
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false || $this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
@ -617,12 +617,12 @@ class blog extends common
*/ */
public function edit() public function edit()
{ {
// Action interdite if (
if ($this->checkCSRF()) { $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'access' => false
'notification' => helper::translate('Action interdite')
]); ]);
} }
// L'article n'existe pas // L'article n'existe pas
@ -857,7 +857,7 @@ class blog extends common
if ($articlePublishedOn <= time() and $articleIdsStates[$articleId]) { if ($articlePublishedOn <= time() and $articleIdsStates[$articleId]) {
$articleIds[] = $articleId; $articleIds[] = $articleId;
// Nombre de commentaires approuvés par article // Nombre de commentaires approuvés par article
self::$comments[$articleId] = 0 ; self::$comments[$articleId] = 0;
if (is_array($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment']))) { if (is_array($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment']))) {
foreach ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment']) as $commentId => $commentValue) { foreach ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment']) as $commentId => $commentValue) {
if ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment', $commentId, 'approval'])) { if ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'comment', $commentId, 'approval'])) {

21
module/form/form.php
View File

@ -266,12 +266,12 @@ class form extends common
*/ */
public function export2csv() public function export2csv()
{ {
// Action interdite if (
if ($this->checkCSRF()) { $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', 'access' => false
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
$data = $this->getData(['module', $this->getUrl(0), 'data']); $data = $this->getData(['module', $this->getUrl(0), 'data']);
@ -307,12 +307,12 @@ class form extends common
*/ */
public function deleteall() public function deleteall()
{ {
// Action interdite if (
if ($this->checkCSRF()) { $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', 'access' => false
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
$data = ($this->getData(['module', $this->getUrl(0), 'data'])); $data = ($this->getData(['module', $this->getUrl(0), 'data']));
@ -344,11 +344,10 @@ class form extends common
public function delete() public function delete()
{ {
// Action interdite // Action interdite
if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false) { if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', 'access' => false
'notification' => helper::translate('Action interdite')
]); ]);
} else { } else {
// La donnée n'existe pas // La donnée n'existe pas

18
module/gallery/gallery.php
View File

@ -499,7 +499,7 @@ class gallery extends common
public function delete() public function delete()
{ {
// La galerie n'existe pas // La galerie n'existe pas
if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false || if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) { $this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
@ -535,14 +535,6 @@ class gallery extends common
*/ */
public function edit() public function edit()
{ {
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
@ -845,14 +837,6 @@ class gallery extends common
*/ */
public function theme() public function theme()
{ {
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Soumission du formulaire // Soumission du formulaire
if ($this->isPost()) { if ($this->isPost()) {
// Dossier de l'instance // Dossier de l'instance

19
module/news/news.php
View File

@ -365,8 +365,10 @@ class news extends common
public function delete() public function delete()
{ {
// La news n'existe pas // La news n'existe pas
if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false || if (
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { $this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
@ -389,16 +391,11 @@ class news extends common
*/ */
public function edit() public function edit()
{ {
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// La news n'existe pas // La news n'existe pas
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null
) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false

8
module/redirection/redirection.php
View File

@ -51,10 +51,10 @@ class redirection extends common {
*/ */
public function index() { public function index() {
// Message si l'utilisateur peut éditer la page // Message si l'utilisateur peut éditer la page
if( if( $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') && $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')
AND $this->getUser('group') >= self::GROUP_MODERATOR && $this->getUser('group') >= self::GROUP_MODERATOR
AND $this->getUrl(1) !== 'force' && $this->getUrl(1) !== 'force'
) { ) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([