Project-Pro/it.vidok.com
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2026-03-02 16:32:35 +01:00
parent 03114778b9
commit 89f2f7fcac
15 changed files with 1130 additions and 720 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.htaccess
View File

@@ -8,13 +8,13 @@ RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ %{REQUEST_SCHEME}://%1%{REQUEST_URI} [L,R=301]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
RewriteCond %{REQUEST_URI} !^/admin(/|$) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !/$
RewriteRule ^(.+)$ %{REQUEST_SCHEME}://%{HTTP_HOST}/$1/ [L,R=301]
RewriteRule ^(.+)$ https://%{HTTP_HOST}/$1/ [L,R=301]
ErrorDocument 404 /404.html

BIN
autoload/.DS_Store vendored Normal file
View File

Binary file not shown.

173
autoload/admin/class.Site.php
View File

@@ -1,53 +1,172 @@
<?php
namespace admin;
class Site
{
// define APP_SECRET_KEY
const APP_SECRET_KEY = 'c3cb2537d25c0efc9e573d059d79c3b8';
public static function special_actions()
{
$sa = \S::get('s-action');
$domain = preg_replace('#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME']);
$cookie_name = str_replace('.', '-', $domain);
switch ($sa)
{
case 'user-logon':
{
$login = \S::get('login');
$pass = \S::get('password');
$result = \admin\factory\Users::logon( \S::get( 'login' ), \S::get( 'password' ) );
$result = \admin\factory\Users::logon($login, $pass);
if ($result == 1)
{
if(\S::get('remember'))
{
$password = md5( \S::get( 'password' ) );
$login = \S::get( 'login' );
$value = [ login => $login , hash => $password ];
$value = json_encode( $value );
$user = \admin\factory\Users::details($login);
setcookie( $cookie_name, $value, time() +(86400 * 14), "/", $domain );
if ($user['twofa_enabled'] == 1)
{
\S::set_session('twofa_pending', [
'uid' => (int)$user['id'],
'login' => $login,
'remember' => (bool)\S::get('remember'),
'started' => time(),
]);
if (!\admin\factory\Users::send_twofa_code((int)$user['id']))
{
\S::alert('Nie udało się wysłać kodu 2FA. Spróbuj ponownie.');
\S::delete_session('twofa_pending');
header('Location: /admin/');
exit;
}
header('Location: /admin/user/twofa/');
exit;
}
else
{
$user = \admin\factory\Users::details($login);
self::finalize_admin_login(
$user,
$domain,
$cookie_name,
(bool)\S::get('remember')
);
header('Location: /admin/articles/view_list/');
exit;
}
\S::set_session( 'user', \admin\factory\Users::details( \S::get( 'login' ) ) );
}
else
{
if ($result == -1)
\S::alert( 'Z powodu nieudanych 5 prób logowania Twoje konto zostało zablokowane.' );
else
\S::alert( 'Podane hasło jest nieprawidłowe, lub brak użytkownika o podanym loginie.' );
{
\S::alert('Z powodu 5 nieudanych prób Twoje konto zostało zablokowane.');
}
else
{
\S::alert('Podane hasło jest nieprawidłowe lub użytkownik nie istnieje.');
}
header('Location: /admin/');
exit;
}
}
break;
case 'user-2fa-verify':
{
$pending = \S::get_session('twofa_pending');
if (!$pending || empty($pending['uid']))
{
\S::alert('Sesja 2FA wygasła. Zaloguj się ponownie.');
header('Location: /admin/');
exit;
}
$code = trim((string)\S::get('twofa'));
if (!preg_match('/^\d{6}$/', $code))
{
\S::alert('Nieprawidłowy format kodu.');
header('Location: /admin/user/twofa/');
exit;
}
$ok = \admin\factory\Users::verify_twofa_code((int)$pending['uid'], $code);
if (!$ok)
{
\S::alert('Błędny lub wygasły kod.');
header('Location: /admin/user/twofa/');
exit;
}
// 2FA OK — finalna sesja
$user = \admin\factory\Users::details($pending['login']);
\S::set_session('user', $user);
\S::delete_session('twofa_pending');
// Remember me BEZPIECZNY podpis HMAC:
if (!empty($pending['remember']))
{
$payloadArr = ['login' => $user['login'], 'ts' => time()];
$json = json_encode($payloadArr, JSON_UNESCAPED_SLASHES);
$sig = hash_hmac('sha256', $json, APP_SECRET_KEY);
$payload = base64_encode($json . '.' . $sig);
setcookie($cookie_name, $payload, [
'expires' => time() + (86400 * 14),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
]);
}
header('Location: /admin/articles/view_list/');
exit;
}
break;
case 'user-2fa-resend':
{
$pending = \S::get_session('twofa_pending');
if (!$pending || empty($pending['uid']))
{
\S::alert('Sesja 2FA wygasła. Zaloguj się ponownie.');
header('Location: /admin/');
exit;
}
if (!\admin\factory\Users::send_twofa_code((int)$pending['uid'], true))
{
\S::alert('Kod można wysłać ponownie po krótkiej przerwie.');
}
else
{
\S::alert('Nowy kod został wysłany.');
}
header('Location: /admin/user/twofa/');
exit;
}
break;
case 'user-logout':
setcookie( $cookie_name, "", time() -(86400), "/", $domain );
{
setcookie($cookie_name, "", time() - 86400, "/", $domain);
\S::delete_session('twofa_pending');
session_destroy();
header('Location: /admin/');
exit;
}
break;
}
}
public static function route()
{
$_SESSION['admin'] = true;
@@ -68,4 +187,30 @@ class Site
return false;
}
}
static public function finalize_admin_login(array $user, string $domain, string $cookie_name, bool $remember = false) {
\S::set_session('user', $user);
\S::delete_session('twofa_pending');
if ($remember)
{
$payloadArr = [
'login' => $user['login'],
'ts' => time()
];
$json = json_encode($payloadArr, JSON_UNESCAPED_SLASHES);
$sig = hash_hmac('sha256', $json, self::APP_SECRET_KEY);
$payload = base64_encode($json . '.' . $sig);
setcookie($cookie_name, $payload, [
'expires' => time() + (86400 * 14),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
]);
}
}
}

26
autoload/admin/controls/class.Articles.php
View File

@@ -27,6 +27,22 @@ class Articles
exit;
}
static public function files_order_save()
{
global $user;
if ( !\admin\factory\Users::check_privileges( 'article_administration', $user['id'] ) )
{
echo json_encode( [ 'status' => 'error', 'msg' => 'Nie masz uprawnień' ] );
exit;
}
if ( \admin\factory\Articles::files_order_save( \S::get( 'article_id' ), \S::get( 'order' ) ) )
echo json_encode( [ 'status' => 'ok', 'msg' => 'Artykuł został zapisany.' ] );
exit;
}
public static function gallery_order_save()
{
global $user;
@@ -98,8 +114,8 @@ class Articles
$values['params'] = $params;
if ( $id = \admin\factory\Articles::article_save(
$values['id'], $values['title'], $values['main_image'], $values['entry'], $values['text'], $values['table_of_contents'], $values['status'], $values['show_title'], $values['show_date_add'], $values['date_add'],
$values['show_date_modify'], $values['seo_link'], $values['meta_title'], $values['meta_description'], $values['meta_keywords'], $values['layout_id'],
$values['id'], $values['title'], $values['main_image'], $values['entry'], $values['text'], $values['table_of_contents'], $values['status'], $values['show_title'], $values['show_table_of_contents'], $values['show_date_add'], $values['date_add'],
$values['show_date_modify'], $values['date_modify'], $values['seo_link'], $values['meta_title'], $values['meta_description'], $values['meta_keywords'], $values['layout_id'],
$values['pages'], $values['noindex'], $values['repeat_entry'], $values['copy_from'], $values['social_icons'], $values['event_date'], $values['hidden-tags'], $values['block_direct_access'],
$values['priority'], $values['password'], $values['pixieset'], $values['id_author'], $params
) )
@@ -115,8 +131,7 @@ class Articles
{
global $user;
if ( !\admin\factory\Users::check_privileges( 'article_administration',
$user['id'] ) )
if ( !\admin\factory\Users::check_privileges( 'article_administration', $user['id'] ) )
return \S::alert( 'Nie masz uprawnień' );
\admin\factory\Articles::delete_nonassigned_images();
@@ -130,7 +145,8 @@ class Articles
'additional_params_lon' => \admin\factory\Articles::additional_params( 1 ),
'additional_params_loff' => \admin\factory\Articles::additional_params( 0 ),
'settings' => \admin\factory\Settings::settings_details(),
'authors' => \admin\factory\Authors::get_simple_list()
'authors' => \admin\factory\Authors::get_simple_list(),
'user' => $user
] );
}

8
autoload/admin/controls/class.Users.php
View File

@@ -26,7 +26,7 @@ class Users
$values = \S::json_to_array( \S::get( 'values' ) );
$response = \admin\factory\Users::user_save(
$values['id'], $values['login'], $values['status'], $values['active_to'], $values['password'], $values['password_re'], $values['admin'], $values['privileges']
$values['id'], $values['login'], $values['status'], $values['active_to'], $values['password'], $values['password_re'], $values['admin'], $values['privileges'], $values['twofa_enabled'], $values['twofa_email']
);
echo json_encode( $response );
exit;
@@ -55,5 +55,11 @@ class Users
return \admin\view\Users::users_list();
}
static public function twofa() {
return \Tpl::view( 'site/unlogged', [
'content' => \Tpl::view( 'users/user-2fa' )
] );
}
}
?>

31
autoload/admin/factory/class.Articles.php
View File

@@ -86,6 +86,24 @@ class Articles
return true;
}
static public function files_order_save( $article_id, $order )
{
global $mdb;
$order = explode( ';', $order );
if ( is_array( $order ) and !empty( $order ) ) foreach ( $order as $file_id )
{
$mdb -> update( 'pp_articles_files', [
'o' => (int)$i++
], [
'AND' => [
'article_id' => $article_id,
'id' => $file_id
]
] );
}
}
public static function gallery_order_save( $article_id, $order )
{
global $mdb;
@@ -222,7 +240,7 @@ class Articles
$article['languages'][ $row['lang_id'] ] = $row;
$article['images'] = $mdb -> select( 'pp_articles_images', '*', [ 'article_id' => (int)$article_id, 'ORDER' => [ 'o' => 'ASC', 'id' => 'ASC' ] ] );
$article['files'] = $mdb -> select( 'pp_articles_files', '*', [ 'article_id' => (int)$article_id ] );
$article['files'] = $mdb -> select( 'pp_articles_files', '*', [ 'article_id' => (int)$article_id, 'ORDER' => [ 'o' => 'ASC', 'id' => 'ASC' ] ] );
$article['pages'] = $mdb -> select( 'pp_articles_pages', 'page_id', [ 'article_id' => (int)$article_id ] );
$article['tags'] = $mdb -> select( 'pp_tags', [ '[><]pp_articles_tags' => [ 'id' => 'tag_id' ] ], 'name', [ 'article_id' => (int)$article_id ] );
$article['params'] = $mdb -> select( 'pp_articles_additional_values', [ 'param_id', 'value', 'language_id' ], [ 'article_id' => (int)$article_id ] );
@@ -238,7 +256,7 @@ class Articles
}
public static function article_save(
$article_id, $title, $main_image, $entry, $text, $table_of_contents, $status, $show_title, $show_date_add, $date_add, $show_date_modify, $seo_link, $meta_title, $meta_description,
$article_id, $title, $main_image, $entry, $text, $table_of_contents, $status, $show_title, $show_table_of_contents, $show_date_add, $date_add, $show_date_modify, $date_modify, $seo_link, $meta_title, $meta_description,
$meta_keywords, $layout_id, $pages, $noindex, $repeat_entry, $copy_from, $social_icons, $event_date, $tags, $block_direct_access, $priority,
$password, $pixieset, $id_author, $params )
{
@@ -251,10 +269,11 @@ class Articles
{
$mdb -> insert( 'pp_articles', [
'show_title' => $show_title == 'on' ? 1 : 0,
'show_table_of_contents' => $show_table_of_contents == 'on' ? 1 : 0,
'show_date_add' => $show_date_add == 'on' ? 1 : 0,
'show_date_modify' => $show_date_modify == 'on' ? 1 : 0,
'date_add' => $date_add ? $date_add : date( 'Y-m-d H:i:s' ),
'date_modify' => $date_add ? $date_add : date( 'Y-m-d H:i:s' ),
'date_add' => date( 'Y-m-d H:i:s' ),
'date_modify' => date( 'Y-m-d H:i:s' ),
'modify_by' => $user['id'],
'layout_id' => $layout_id ? (int)$layout_id : null,
'status' => $status == 'on' ? 1 : 0,
@@ -435,9 +454,11 @@ class Articles
{
$mdb -> update( 'pp_articles', [
'show_title' => $show_title == 'on' ? 1 : 0,
'show_table_of_contents' => $show_table_of_contents == 'on' ? 1 : 0,
'show_date_add' => $show_date_add == 'on' ? 1 : 0,
'date_add' => $date_add,
'show_date_modify' => $show_date_modify == 'on' ? 1 : 0,
'date_modify' => date( 'Y-m-d H:i:s' ),
'date_modify' => $date_modify ? $date_modify : date( 'Y-m-d H:i:s' ),
'modify_by' => $user['id'],
'layout_id' => $layout_id ? (int)$layout_id : null,
'status' => $status == 'on' ? 1 : 0,

143
autoload/admin/factory/class.Users.php
View File

@@ -1,4 +1,5 @@
<?php
namespace admin\factory;
class Users
@@ -8,7 +9,6 @@ class Users
global $mdb;
return $mdb->delete('pp_users', ['id' => (int)$user_id]);
}
public static function user_details($user_id)
@@ -23,7 +23,7 @@ class Users
return $mdb->select('pp_users_privileges', '*', ['id_user' => (int)$user_id]);
}
public static function user_save( $user_id, $login, $status, $active_to, $password, $password_re, $admin, $privileges )
public static function user_save($user_id, $login, $status, $active_to, $password, $password_re, $admin, $privileges, $twofa_enabled = 0, $twofa_email = '' )
{
global $mdb, $lang;
@@ -37,34 +37,42 @@ class Users
if ($password != $password_re)
return $response = ['status' => 'error', 'msg' => 'Podane hasła są różne'];
if ( $mdb -> insert( 'pp_users',
if ($mdb->insert(
'pp_users',
[
'login' => $login,
'status' => $status == 'on' ? 1 : 0,
'active_to' => $active_to == '' ? NULL : $active_to,
'admin' => $admin,
'password' => md5($password),
] ) )
'twofa_enabled' => $twofa_enabled == 'on' ? 1 : 0,
'twofa_email' => $twofa_email
]
))
$id_user = $mdb->get('pp_users', 'id', ['ORDER' => ['id' => 'DESC']]);
if (is_array($privileges))
{
foreach ($privileges as $pri)
{
$mdb -> insert( 'pp_users_privileges',
$mdb->insert(
'pp_users_privileges',
[
'name' => $pri,
'id_user' => $id_user
] );
]
);
}
}
else
{
$mdb -> insert( 'pp_users_privileges',
$mdb->insert(
'pp_users_privileges',
[
'name' => $privileges,
'id_user' => $id_user
] );
]
);
}
return $response = ['status' => 'ok', 'msg' => 'Użytkownik został zapisany.'];
@@ -90,7 +98,9 @@ class Users
'admin' => $admin,
'status' => $status == 'on' ? 1 : 0,
'active_to' => $active_to == '' ? NULL : $active_to,
'error_logged_count' => 0
'error_logged_count' => 0,
'twofa_enabled' => $twofa_enabled == 'on' ? 1 : 0,
'twofa_email' => $twofa_email
], [
'id' => (int) $user_id
]);
@@ -139,7 +149,9 @@ class Users
if ($mdb->get('pp_users', '*', [
'AND' => [
'login' => $login, 'status' => 1, 'password' => md5( $password ),
'login' => $login,
'status' => 1,
'password' => md5($password),
'OR' => ['active_to[>=]' => date('Y-m-d'), 'active_to' => null]
]
]))
@@ -181,5 +193,114 @@ class Users
return $privilages;
}
}
static public function get_by_id(int $userId): ?array
{
global $mdb;
return $mdb->get('pp_users', '*', ['id' => $userId]) ?: null;
}
static public function send_twofa_code(int $userId, bool $resend = false): bool
{
$user = self::get_by_id($userId);
if (!$user)
return false;
if ((int)$user['twofa_enabled'] !== 1)
{
return false;
}
$to = $user['twofa_email'] ?: $user['login'];
if (!filter_var($to, FILTER_VALIDATE_EMAIL))
{
return false;
}
if ($resend && !empty($user['twofa_sent_at']))
{
$last = strtotime($user['twofa_sent_at']);
if ($last && (time() - $last) < 30)
{
return false;
}
}
$code = random_int(100000, 999999);
$hash = password_hash((string)$code, PASSWORD_DEFAULT);
self::update_by_id($userId, [
'twofa_code_hash' => $hash,
'twofa_expires_at' => date('Y-m-d H:i:s', time() + 10 * 60), // 10 minut
'twofa_sent_at' => date('Y-m-d H:i:s'),
'twofa_failed_attempts' => 0,
]);
$subject = 'Twój kod logowania 2FA';
$body = "Twój kod logowania do panelu administratora: {$code}. Kod jest ważny przez 10 minut. Jeśli to nie Ty inicjowałeś logowanie zignoruj tę wiadomość i poinformuj administratora.";
$sent = \S::send_email($to, $subject, $body);
if (!$sent) {
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=UTF-8\r\n";
$headers .= "From: no-reply@" . ($_SERVER['HTTP_HOST'] ?? 'localhost') . "\r\n";
$encodedSubject = mb_encode_mimeheader($subject, 'UTF-8');
$sent = mail($to, $encodedSubject, $body, $headers);
}
return $sent;
}
static public function update_by_id(int $userId, array $data): bool
{
global $mdb;
return (bool)$mdb->update('pp_users', $data, ['id' => $userId]);
}
static public function verify_twofa_code(int $userId, string $code): bool
{
$user = self::get_by_id( $userId );
if (!$user) return false;
if ((int)$user['twofa_failed_attempts'] >= 5)
{
return false; // zbyt wiele prób
}
// sprawdź ważność
if (empty($user['twofa_expires_at']) || time() > strtotime($user['twofa_expires_at']))
{
// wyczyść po wygaśnięciu
self::update_by_id($userId, [
'twofa_code_hash' => null,
'twofa_expires_at' => null,
]);
return false;
}
$ok = (!empty($user['twofa_code_hash']) && password_verify($code, $user['twofa_code_hash']));
if ($ok)
{
// sukces: czyścimy wszystko
self::update_by_id($userId, [
'twofa_code_hash' => null,
'twofa_expires_at' => null,
'twofa_sent_at' => null,
'twofa_failed_attempts' => 0,
'last_logged' => date('Y-m-d H:i:s'),
]);
return true;
}
// zła próba — inkrementacja
self::update_by_id($userId, [
'twofa_failed_attempts' => (int)$user['twofa_failed_attempts'] + 1,
'last_error_logged' => date('Y-m-d H:i:s'),
]);
return false;
}
}
?>

4
autoload/admin/view/class.Page.php
View File

@@ -7,6 +7,10 @@ class Page {
{
global $user;
if ( $_GET['module'] == 'user' && $_GET['action'] == 'twofa' ) {
return \admin\controls\Users::twofa();
}
if ( !$user || !$user['admin'] )
return \admin\view\Users::login_form();

111
autoload/class.S.php
View File

@@ -788,7 +788,7 @@ class S
if ( $row2['seo_link'] )
{
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . \S::seo($row2['seo_link']) . '$';
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . \S::seo( $row2['seo_link'] ) . '(|/)$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ ' . $domain_prefix . '://' . $www . $url_tmp . '/' . $language_link . ' [R=301,L]';
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . \S::seo($row2['seo_link']) . '/s/1$';
@@ -938,92 +938,48 @@ class S
else
$site_map[$url] .= '</urlset>';
$scheme = $settings['ssl'] ? 'https' : 'http';
$redirect = 'RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$'. PHP_EOL;
if ( $settings['ssl'] )
{
$redirect .= 'RewriteCond %{HTTPS} off' . PHP_EOL
. 'RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
}
else
{
$redirect .= 'RewriteCond %{HTTPS} on' . PHP_EOL
. 'RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
}
$redirect .= 'RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$'. PHP_EOL;
if ( $settings['link_version'] )
{
$redirect = 'RewriteCond %{HTTP_HOST} !^www\.' . PHP_EOL
. 'RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]' . PHP_EOL
. 'RewriteCond %{SERVER_PORT} !=443' . PHP_EOL
. 'RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]' . PHP_EOL;
if ( !$settings['url_version'] )
$redirect .= '## Remove trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_FILENAME} !-d [NC]' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule ^(.*)/$ https://%{HTTP_HOST}/$1 [L,R=301]';
else
$redirect .= '## Add trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !(/$|\.)' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule (.*) %{REQUEST_URI}/ [R=301,L]';
$htaccess_data = str_replace( '{REDIRECT}', $redirect, $htaccess_data );
$redirect .= 'RewriteCond %{HTTP_HOST} !^www\. [NC]' . PHP_EOL
. 'RewriteRule ^ ' . $scheme . '://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
}
else
{
$redirect = 'RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]' . PHP_EOL
. 'RewriteRule ^(.*)$ https://%1/$1 [R=301,L]' . PHP_EOL
. 'RewriteCond %{SERVER_PORT} !=443' . PHP_EOL
. 'RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]' . PHP_EOL;
if ( !$settings['url_version'] )
$redirect .= '## Remove trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_FILENAME} !-d [NC]' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule ^(.*)/$ https://%{HTTP_HOST}/$1 [L,R=301]';
else
$redirect .= '## Add trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !(/$|\.)' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule (.*) %{REQUEST_URI}/ [R=301,L]';
$htaccess_data = str_replace( '{REDIRECT}', $redirect, $htaccess_data );
$redirect .= 'RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]' . PHP_EOL
. 'RewriteRule ^ ' . $scheme . '://%1%{REQUEST_URI} [L,R=301]' . PHP_EOL;
}
$redirect .= 'RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$'. PHP_EOL;
if ( $settings['url_version'] )
{
$redirect .= 'RewriteCond %{REQUEST_URI} !^/admin(?:/.*)?$ [NC]' . PHP_EOL
. 'RewriteRule ^(.+)/$ ' . $scheme . '://%{HTTP_HOST}/$1 [L,R=301]' . PHP_EOL;
}
else
{
if ($settings['link_version'])
{
$redirect = 'RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]' . PHP_EOL
. 'RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]' . PHP_EOL
. 'RewriteCond %{SERVER_PORT} =443' . PHP_EOL
. 'RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]' . PHP_EOL;
if ( !$settings['url_version'] )
$redirect .= '## Remove trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_FILENAME} !-d [NC]' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule ^(.*)/$ http://%{HTTP_HOST}/$1 [L,R=301]';
else
$redirect .= '## Add trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !(/$|\.)' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule (.*) %{REQUEST_URI}/ [R=301,L]';
$redirect .= 'RewriteCond %{REQUEST_URI} !^/admin(/|$) [NC]' . PHP_EOL
. 'RewriteCond %{REQUEST_FILENAME} !-f' . PHP_EOL
. 'RewriteCond %{REQUEST_FILENAME} !-d' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !/$' . PHP_EOL
. 'RewriteRule ^(.+)$ ' . $scheme . '://%{HTTP_HOST}/$1/ [L,R=301]' . PHP_EOL;
}
$htaccess_data = str_replace( '{REDIRECT}', $redirect, $htaccess_data );
}
else
{
$redirect = 'RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]' . PHP_EOL
. 'RewriteRule ^(.*)$ http://%1/$1 [R=301,L]' . PHP_EOL
. 'RewriteCond %{SERVER_PORT} =443' . PHP_EOL
. 'RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]' . PHP_EOL;
if ( !$settings['url_version'] )
$redirect .= '## Remove trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_FILENAME} !-d [NC]' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule ^(.*)/$ http://%{HTTP_HOST}/$1 [L,R=301]';
else
$redirect .= '## Add trailing slash' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !(/$|\.)' . PHP_EOL
. 'RewriteCond %{REQUEST_URI} !^/admin/(.*) [NC]' . PHP_EOL
. 'RewriteRule (.*) %{REQUEST_URI}/ [R=301,L]';
$htaccess_data = str_replace( '{REDIRECT}', $redirect, $htaccess_data );
}
}
$additional_classes = file_get_contents('../libraries/additional-classes.ini');
$additional_classes = explode(PHP_EOL, $additional_classes);
@@ -1270,6 +1226,7 @@ class S
public static function send_email( $email, $subject, $text, $replay = '', $file = '' )
{
global $settings;
if ( file_exists('libraries/phpmailer/class.phpmailer.php') ) require_once 'libraries/phpmailer/class.phpmailer.php';
if ( file_exists('libraries/phpmailer/class.smtp.php') ) require_once 'libraries/phpmailer/class.smtp.php';
if ( file_exists('../libraries/phpmailer/class.phpmailer.php') ) require_once '../libraries/phpmailer/class.phpmailer.php';
@@ -1295,12 +1252,12 @@ class S
if (self::email_check($replay))
{
$mail->AddReplyTo($replay, $replay);
$mail -> SetFrom( $settings['email_login'], $settings['email_login'] );
$mail->SetFrom($settings['contact_email'], $settings['contact_email']);
}
else
{
$mail->AddReplyTo($settings['contact_email'], $settings['firm_name']);
$mail->SetFrom( $settings['email_login'], $settings['firm_name']);
$mail->SetFrom($settings['contact_email'], $settings['firm_name']);
}
$mail->AddAddress($email, '');
@@ -1322,6 +1279,6 @@ class S
$mail->IsHTML(true);
return $mail -> Send();
}
return false;
return true;
}
}

146
autoload/front/factory/class.Articles.php
View File

@@ -1,14 +1,112 @@
<?php
namespace front\factory;
class Articles
{
public static function pixieset_save_favorite_images( $hash ) {
static public function generateTableOfContents($content)
{
$result = '';
$prevLevel = 0;
$stack = [];
// Tylko h1h3
preg_match_all('/<(h[1-3])([^>]*)>(.*?)<\/\1>/i', $content, $matches, PREG_SET_ORDER);
if (empty($matches))
{
return '';
}
foreach ($matches as $match)
{
$level = (int)substr($match[1], 1);
$text = trim($match[3]);
// Pobierz lub wygeneruj ID
preg_match('/\sid=["\']?([^"\']+)["\']?/', $match[2], $idMatch);
$id = isset($idMatch[1])
? $idMatch[1]
: strtolower(preg_replace('/[^a-z0-9]+/u', '-', html_entity_decode(strip_tags($text), ENT_QUOTES, 'UTF-8')));
if ($prevLevel === 0)
{
$prevLevel = $level;
$stack[] = $level;
}
if ($level > $prevLevel)
{
for ($i = $prevLevel; $i < $level; $i++)
{
$result .= '<ol>';
$stack[] = $i + 1;
}
}
elseif ($level < $prevLevel)
{
for ($i = $prevLevel; $i > $level; $i--)
{
$result .= '</li></ol>';
array_pop($stack);
}
$result .= '</li>';
}
else
{
$result .= '</li>';
}
$result .= '<li><a href="#' . htmlspecialchars($id) . '">' . $text . '</a>';
$prevLevel = $level;
}
// Zamknij pozostałe listy
while (!empty($stack))
{
$result .= '</li></ol>';
array_pop($stack);
}
return '<ol>' . $result . '</ol>';
}
// funkcja wywoływana dla każdego dopasowania do wyrażenia regularnego
static public function processHeaders($matches)
{
$level = $matches[1];
$attrs = $matches[2];
$content = $matches[3];
$id_attr = 'id=';
$id_attr_pos = strpos($attrs, $id_attr);
if ($id_attr_pos === false)
{ // jeśli nie ma atrybutu id
$id = \S::seo($content);
$attrs .= sprintf(' id="%s"', $id);
}
$html = sprintf('<h%d%s>%s</h%d>', $level, $attrs, $content, $level);
return $html;
}
static public function generateHeadersIds($text)
{
$pattern = '/<h([1-6])(.*?)>(.*?)<\/h\1>/si';
$text = preg_replace_callback($pattern, array(__CLASS__, 'processHeaders'), $text);
return $text;
}
public static function pixieset_save_favorite_images($hash)
{
global $mdb, $settings;
\S::delete_dir('temp/');
$rows = $mdb->select('pp_articles', ['id'], ['hash' => $hash]);
if ( is_array( $rows ) ) foreach ( $rows as $row ) {
if (is_array($rows)) foreach ($rows as $row)
{
$article = \front\factory\Articles::article_details($row['id'], 'pl');
$text = '<p>Witaj,<br />';
@@ -90,7 +188,8 @@ class Articles
if (!$tags = \Cache::fetch('tags'))
{
$tags = $mdb -> query( 'SELECT '
$tags = $mdb->query(
'SELECT '
. 'name, COUNT( tag_id ) AS c '
. 'FROM '
. 'pp_tags AS pt '
@@ -149,6 +248,12 @@ class Articles
public static function get_image($article, $skip_entry = false)
{
if ($article['language']['main_image'])
{
if (file_exists(substr($article['language']['main_image'], 1, strlen($article['language']['main_image']))))
return $article['language']['main_image'];
}
if (!$skip_entry)
{
$dom = new \DOMDocument();
@@ -248,7 +353,8 @@ class Articles
}
$article['images'] = $mdb->select('pp_articles_images', '*', ['article_id' => (int)$article_id, 'ORDER' => ['o' => 'ASC', 'id' => 'ASC'] ] );
$article['files'] = $mdb -> select( 'pp_articles_files', '*', [ 'article_id' => (int)$article_id ] );
// załączniki
$article['files'] = $mdb -> select( 'pp_articles_files', '*', [ 'article_id' => (int)$article_id, 'ORDER' => [ 'o' => 'ASC', 'id' => 'ASC'] ] );
$article['pages'] = $mdb->select('pp_articles_pages', 'page_id', ['article_id' => (int)$article_id]);
$article['tags'] = $mdb->select('pp_tags', ['[><]pp_articles_tags' => ['id' => 'tag_id']], 'name', ['article_id' => (int)$article_id]);
$results = $mdb->select('pp_articles_additional_params', ['[><]pp_articles_additional_values' => ['id' => 'param_id']], ['name', 'value', 'language_id'], ['article_id' => (int)$article_id]);
@@ -273,14 +379,30 @@ class Articles
switch ($sort_type)
{
case 0: $order = 'priority DESC, date_add ASC'; break;
case 1: $order = 'priority DESC, date_add DESC'; break;
case 2: $order = 'priority DESC, date_modify ASC'; break;
case 3: $order = 'priority DESC, date_modify DESC'; break;
case 4: $order = 'priority DESC, o ASC'; break;
case 5: $order = 'priority DESC, title ASC'; break;
case 6: $order = 'priority DESC, title DESC'; break;
default: $order = 'priority DESC, id ASC'; break;
case 0:
$order = 'priority DESC, date_add ASC';
break;
case 1:
$order = 'priority DESC, date_add DESC';
break;
case 2:
$order = 'priority DESC, date_modify ASC';
break;
case 3:
$order = 'priority DESC, date_modify DESC';
break;
case 4:
$order = 'priority DESC, o ASC';
break;
case 5:
$order = 'priority DESC, title ASC';
break;
case 6:
$order = 'priority DESC, title DESC';
break;
default:
$order = 'priority DESC, id ASC';
break;
}
if (!$output = \Cache::fetch("artciles_id:$page_id:$lang_id:$order:$from:$articles_limit"))

10
autoload/front/factory/class.Menu.php
View File

@@ -3,22 +3,22 @@ namespace front\factory;
class Menu
{
public static function submenu_details( $page_id )
public static function submenu_details( $page_id, $lang_id )
{
return self::subpages( $page_id );
return self::subpages( $page_id, $lang_id );
}
public static function subpages( $page_id )
static public function subpages( $page_id, $lang_id )
{
global $mdb;
if ( !$pages = \Cache::fetch( "subpages:$page_id" ) )
if ( !$pages = \Cache::fetch( "subpages:$page_id:$lang_id" ) )
{
$results = $mdb -> select( 'pp_pages', [ 'id' ], [ 'AND' => [ 'status' => 1, 'parent_id' => $page_id ], 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) ) foreach ( $results as $row )
{
$page = \front\factory\Pages::page_details( $row['id'] );
$page['pages'] = self::subpages( $row['id'] );
$page['pages'] = self::subpages( $row['id'], $lang_id );
$pages[] = $page;
}

22
autoload/front/view/class.Articles.php
View File

@@ -31,12 +31,17 @@ class Articles
return $tpl -> render( 'articles/tags-cloud' );
}
public static function news( $page_id, $articles )
public static function news( $page_id, $articles, $template = '' )
{
$tpl = new \Tpl;
$tpl -> page_id = $page_id;
$tpl -> articles = $articles;
return $tpl -> render( 'articles/news' );
if ( $template )
$tpl = $template;
else
$tpl = 'articles/news';
return \Tpl::view( $tpl, [
'page_id' => $page_id,
'articles' => $articles
] );
}
public static function articles_list( $articles )
@@ -123,9 +128,10 @@ class Articles
$out .= \front\view\Articles::password_view( [ 'article' => $article ] );
else
{
$tpl = new \Tpl;
$tpl -> article = $article_details;
$out .= $tpl -> render( 'articles/article-full' );
$out .= \Tpl::view( 'articles/article-full', [
'article' => $article_details,
'table_of_contents' => \front\factory\Articles::generateTableOfContents( $article_details['language']['text'] )
] );
}
}

38
autoload/front/view/class.Site.php
View File

@@ -1,4 +1,5 @@
<?php
namespace front\view;
class Site
@@ -8,7 +9,7 @@ class Site
const submenu_pattern = '/SUBMENU:[0-9]*/';
const container_pattern = '/KONTENER:[0-9]*/';
const language_pattern = '/LANG:[a-zA-Z0-9_-]*/';
const news_pattern = '/AKTUALNOSCI:([0-9]*)((:([0-9]*))?)/';
const news_pattern = '/AKTUALNOSCI:([0-9]+)(?::([0-9]*))?(?::([^:\]]+))?/';
const news_list_pattern = '/AKTUALNOSCI_LISTA:([0-9]*)((:([0-9]*))?)/';
const top_news_pattern = '/NAJPOULARNIEJSZE_ARTYKULY:([0-9]*)((:([0-9]*))?)/';
const article_pattern = '/ARTYKUL:[0-9]*/';
@@ -91,7 +92,8 @@ class Site
{
$menu_tmp = explode(':', $menu_tmp);
$html = str_replace('[MENU:' . $menu_tmp[1] . ']', \front\view\Menu::menu(
\front\factory\Menu::menu_details( $menu_tmp[1] ), $page['id']
\front\factory\Menu::menu_details($menu_tmp[1]),
$page['id']
), $html);
}
@@ -100,7 +102,8 @@ class Site
{
$menu_tmp = explode(':', $menu_tmp);
$html = str_replace('[MENU_GLOWNE:' . $menu_tmp[1] . ']', \front\view\Menu::main_menu(
\front\factory\Menu::menu_details( $menu_tmp[1] ), $page['id']
\front\factory\Menu::menu_details($menu_tmp[1]),
$page['id']
), $html);
}
@@ -109,7 +112,9 @@ class Site
{
$submenu_tmp = explode(':', $submenu_tmp);
$html = str_replace('[SUBMENU:' . $submenu_tmp[1] . ']', \front\view\Menu::submenu(
\front\factory\Menu::submenu_details( $submenu_tmp[1] ), $page['id'], $submenu_tmp[1]
\front\factory\Menu::submenu_details($submenu_tmp[1], $lang_id),
$page['id'],
$submenu_tmp[1]
), $html);
}
@@ -123,17 +128,25 @@ class Site
$html = str_replace('[ZAWARTOSC]', \front\controls\Site::route(), $html);
preg_match_all( self::news_pattern, $html, $news_list );
if ( is_array( $news_list[0] ) ) foreach( $news_list[0] as $news_list_tmp )
if ( is_array( $news_list[0] ) )
{
$news_list_tmp = explode( ':', $news_list_tmp );
foreach ( $news_list[0] as $index => $news_list_tmp )
{
$id = $news_list[1][$index];
$limit = $news_list[2][$index] ?: $settings['news_limit'];
$extra = $news_list[3][$index] ?? '';
$news_list_tmp[2] != '' ? $news_limit = $news_list_tmp[2] : $news_limit = $settings['news_limit'];
$pattern_parts = ['AKTUALNOSCI', $id];
if ($news_list[2][$index] !== '') $pattern_parts[] = $limit;
if ($extra !== '') $pattern_parts[] = $extra;
$pattern = '[' . implode(':', $pattern_parts) . ']';
$news_list_tmp[2] != '' ? $pattern = '[AKTUALNOSCI:' . $news_list_tmp[1] . ':' . $news_list_tmp[2] . ']' : $pattern = '[AKTUALNOSCI:' . $news_list_tmp[1] . ']';
$html = str_replace( $pattern, \front\view\Articles::news(
$news_list_tmp[1],
\front\factory\Articles::news( $news_list_tmp[1], $news_limit, $lang_id )
), $html );
$html = str_replace(
$pattern,
\front\view\Articles::news( $id, \front\factory\Articles::news( $id, $limit, $lang_id ), $extra ),
$html
);
}
}
// prosta lista aktualności z wybranej podstrony
@@ -393,4 +406,3 @@ class Site
return $tpl->render('site/contrast');
}
}
?>

6
libraries/htaccess.conf
View File

@@ -13,11 +13,11 @@ RewriteRule ^admin/([^/]*)/([^/]*)/(.*)$ admin/index.php?module=$1&action=$2&$3
{PIXIESET]
{ADDITIONAL_CLASSES}
RewriteRule ^admin/$ admin/index.php [L]
RewriteRule ^wyszukiwarka$ index.php?search=true&lang=pl [L]
RewriteRule ^wersja-tymczasowa$ index.php?devel=true&lang=pl [L]
RewriteRule ^wyszukiwarka(|/)$ index.php?search=true&lang=pl [L]
RewriteRule ^wersja-tymczasowa(|/)$ index.php?devel=true&lang=pl [L]
RewriteRule ^pixieset/(.*)$ index.php?module=articles&action=image&hash=$1 [L]
RewriteRule ^pixieset-wszystkie/(.*)$ index.php?module=articles&action=images_download&hash=$1 [L]
RewriteRule ^audyt-seo/wynik$ index.php?module=auditSEO&action=main_view&%{QUERY_STRING} [L]
RewriteRule ^audyt-seo/wynik(|/)$ index.php?module=auditSEO&action=main_view&%{QUERY_STRING} [L]
RewriteCond %{REQUEST_URI} ^/auditSEO/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)/(.*)$ index.php?module=$1&action=$2&$3 [L]