Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ecc4fd9be7bbabc4640a58c5e6db18bc03ff307
shopPRO/autoload/admin/class.Site.php

367 lines
9.4 KiB
PHP
Raw Blame History

<?php
namespace admin;
class Site
{
// define APP_SECRET_KEY
const APP_SECRET_KEY = 'c3cb2537d25c0efc9e573d059d79c3b8';
static public function finalize_admin_login( array $user, string $domain, string $cookie_name, bool $remember = false ) {
\S::set_session( 'user', $user );
\S::delete_session( 'twofa_pending' );
if ( $remember ) {
$payloadArr = [
'login' => $user['login'],
'ts' => time()
];
$json = json_encode($payloadArr, JSON_UNESCAPED_SLASHES);
$sig = hash_hmac('sha256', $json, self::APP_SECRET_KEY);
$payload = base64_encode($json . '.' . $sig);
setcookie( $cookie_name, $payload, [
'expires' => time() + (86400 * 14),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
]);
}
}
public static function special_actions()
{
global $mdb;
$sa = \S::get('s-action');
$domain = preg_replace('/^www\./', '', $_SERVER['SERVER_NAME']);
$cookie_name = 'admin_remember_' . str_replace( '.', '-', $domain );
$users = new \Domain\User\UserRepository($mdb);
switch ($sa)
{
case 'user-logon':
{
$login = \S::get('login');
$pass = \S::get('password');
$result = $users->logon($login, $pass);
if ( $result == 1 )
{
$user = $users->details($login);
if ( $user['twofa_enabled'] == 1 )
{
\S::set_session( 'twofa_pending', [
'uid' => (int)$user['id'],
'login' => $login,
'remember' => (bool)\S::get('remember'),
'started' => time(),
] );
if ( !$users->sendTwofaCode( (int)$user['id'] ) )
{
\S::alert('Nie udało się wysłać kodu 2FA. Spróbuj ponownie.');
\S::delete_session('twofa_pending');
header('Location: /admin/');
exit;
}
header('Location: /admin/user/twofa/');
exit;
}
else
{
$user = $users->details($login);
self::finalize_admin_login(
$user,
$domain,
$cookie_name,
(bool)\S::get('remember')
);
header('Location: /admin/articles/view_list/');
exit;
}
}
else
{
if ($result == -1)
{
\S::alert('Z powodu 5 nieudanych prób Twoje konto zostało zablokowane.');
}
else
{
\S::alert('Podane hasło jest nieprawidłowe lub użytkownik nie istnieje.');
}
header('Location: /admin/');
exit;
}
}
break;
case 'user-2fa-verify':
{
$pending = \S::get_session('twofa_pending');
if ( !$pending || empty( $pending['uid'] ) ) {
\S::alert('Sesja 2FA wygasła. Zaloguj się ponownie.');
header('Location: /admin/');
exit;
}
$code = trim((string)\S::get('twofa'));
if (!preg_match('/^\d{6}$/', $code))
{
\S::alert('Nieprawidłowy format kodu.');
header('Location: /admin/user/twofa/');
exit;
}
$ok = $users->verifyTwofaCode((int)$pending['uid'], $code);
if (!$ok)
{
\S::alert('Błędny lub wygasły kod.');
header('Location: /admin/user/twofa/');
exit;
}
// 2FA OK — finalna sesja
$user = $users->details($pending['login']);
self::finalize_admin_login(
$user,
$domain,
$cookie_name,
$pending['remember'] ? true : false
);
header('Location: /admin/articles/view_list/');
exit;
}
break;
case 'user-2fa-resend':
{
$pending = \S::get_session('twofa_pending');
if (!$pending || empty($pending['uid']))
{
\S::alert('Sesja 2FA wygasła. Zaloguj się ponownie.');
header('Location: /admin/');
exit;
}
if (!$users->sendTwofaCode((int)$pending['uid'], true))
{
\S::alert('Kod można wysłać ponownie po krótkiej przerwie.');
}
else
{
\S::alert('Nowy kod został wysłany.');
}
header('Location: /admin/user/twofa/');
exit;
}
break;
case 'user-logout':
{
setcookie($cookie_name, "", [
'expires' => time() - 86400,
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
]);
\S::delete_session('twofa_pending');
session_destroy();
header('Location: /admin/');
exit;
}
break;
}
}
/**
* Mapa nowych kontrolerów: module => fabryka kontrolera (DI)
* Przy migracji kolejnego kontrolera - dodaj wpis tutaj
*/
private static $newControllers = [];
/**
* Zwraca mapę fabryk kontrolerów (inicjalizacja runtime)
*/
private static function getControllerFactories(): array
{
if ( !empty( self::$newControllers ) )
return self::$newControllers;
self::$newControllers = [
'Articles' => function() {
global $mdb;
return new \admin\Controllers\ArticlesController(
new \Domain\Article\ArticleRepository( $mdb )
);
},
'Banners' => function() {
global $mdb;
return new \admin\Controllers\BannerController(
new \Domain\Banner\BannerRepository( $mdb )
);
},
'Settings' => function() {
global $mdb;
return new \admin\Controllers\SettingsController(
new \Domain\Settings\SettingsRepository( $mdb )
);
},
'ProductArchive' => function() {
global $mdb;
return new \admin\Controllers\ProductArchiveController(
new \Domain\Product\ProductRepository( $mdb )
);
},
// Alias dla starego modułu /admin/archive/products_list/
'Archive' => function() {
global $mdb;
return new \admin\Controllers\ProductArchiveController(
new \Domain\Product\ProductRepository( $mdb )
);
},
'Dictionaries' => function() {
global $mdb;
return new \admin\Controllers\DictionariesController(
new \Domain\Dictionaries\DictionariesRepository( $mdb )
);
},
'Filemanager' => function() {
return new \admin\Controllers\FilemanagerController();
},
'Users' => function() {
global $mdb;
return new \admin\Controllers\UsersController(
new \Domain\User\UserRepository( $mdb )
);
},
];
return self::$newControllers;
}
/**
* Tworzy instancję nowego kontrolera z Dependency Injection
*/
private static function createController( string $moduleName )
{
global $mdb;
$factories = self::getControllerFactories();
if ( !isset( $factories[$moduleName] ) )
return null;
$factory = $factories[$moduleName];
if ( !is_callable( $factory ) )
return null;
return $factory();
}
/**
* Mapowanie nazw akcji: stara_nazwa => nowa_nazwa
* Potrzebne gdy stary routing używa innej konwencji nazw
*/
private static $actionMap = [
'gallery_order_save' => 'galleryOrderSave',
'view_list' => 'list',
'article_edit' => 'edit',
'article_save' => 'save',
'article_delete' => 'delete',
'banner_edit' => 'edit',
'banner_save' => 'save',
'banner_delete' => 'delete',
'clear_cache' => 'clearCache',
'clear_cache_ajax' => 'clearCacheAjax',
'settings_save' => 'save',
'products_list' => 'list',
'unit_edit' => 'edit',
'unit_save' => 'save',
'unit_delete' => 'delete',
];
public static function route()
{
$_SESSION['admin'] = true;
if ( \S::get( 'p' ) )
\S::set_session( 'p' , \S::get( 'p' ) );
$page = \S::get_session( 'p' );
// Budowanie nazwy modułu
$moduleName = '';
$results = explode( '_', \S::get( 'module' ) );
if ( is_array( $results ) ) foreach ( $results as $row )
$moduleName .= ucfirst( $row );
$action = \S::get( 'action' );
// 1. Sprawdź czy istnieje nowy kontroler
$factories = self::getControllerFactories();
if ( isset( $factories[$moduleName] ) )
{
$controller = self::createController( $moduleName );
if ( $controller )
{
// Mapuj nazwę akcji (stara → nowa) lub użyj oryginalnej
$newAction = self::$actionMap[$action] ?? $action;
if ( method_exists( $controller, $newAction ) )
{
return $controller->$newAction();
}
}
}
// 2. Fallback na stary kontroler
$class = '\admin\controls\\' . $moduleName;
if ( class_exists( $class ) and method_exists( new $class, $action ) )
return call_user_func_array( array( $class, $action ), array() );
else
{
\S::alert( 'Nieprawidłowy adres url.' );
return false;
}
}
static public function update()
{
global $mdb;
if ( $results = $mdb -> select( 'pp_updates', [ 'name' ], [ 'done' => 0 ] ) )
{
foreach ( $results as $row )
{
$class = '\admin\factory\Update';
$method = $row['name'];
if ( class_exists( $class ) and method_exists( new $class, $method ) )
call_user_func_array( array( $class, $method ), array() );
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink