diff --git a/system/admin/admin.php b/system/admin/admin.php index 8daf023..7d81e62 100644 --- a/system/admin/admin.php +++ b/system/admin/admin.php @@ -71,7 +71,20 @@ function edit_author($name, $title, $user, $password, $content) $name = get_author_info($name); $name = $name[0]; - create_user($user, $password, $name->role); + // Jika edit tanpa ganti password + if(empty($password)) { + $file = 'config/users/' . $user . '.ini'; + if (!file_exists($file)) + { + // Hanya akan dieksekusi ketika tidak melakukan penggantian password namun melakukan penggantian username + file_put_contents($file, "password = " . $name->password . "\n" . + "encryption = password_hash\n" . + "role = " . $name->role . "\n"); + } + } else { + // jika melakukan pergantian password + create_user($user, $password, $name->role); + } $user_title = safe_html($title); $user_content = '' . "\n\n" . $content; @@ -91,9 +104,10 @@ function edit_author($name, $title, $user, $password, $content) // Jika username lama tidak sama dengan yang baru maka file username lama akan dihapus if($name->username !== $user) { + // copying all content and file dari username lama ke username baru copy_folders('content/' . $name->username, 'content/' . $user); remove_folders('content/' . $name->username); - // Memastikan kalau username sesi sama dengan username lama + // Jika username sesi sama dengan username lama if($_SESSION[config("site.url")]['user'] === $name->username) { if (session_status() == PHP_SESSION_NONE) session_start(); $_SESSION[config("site.url")]['user'] = $user; diff --git a/system/admin/views/edit-author.html.php b/system/admin/views/edit-author.html.php index 912ca4c..f28d5ec 100644 --- a/system/admin/views/edit-author.html.php +++ b/system/admin/views/edit-author.html.php @@ -40,21 +40,23 @@ if(!empty($username)) {
+
- +
+
- +
- +
diff --git a/system/admin/views/layout.html.php b/system/admin/views/layout.html.php index 2a8aee6..950ae7e 100644 --- a/system/admin/views/layout.html.php +++ b/system/admin/views/layout.html.php @@ -30,15 +30,19 @@
    • -
  • - -
    • + + + @@ -95,12 +99,14 @@ +

  • - + +

    • +
  • @@ -127,11 +134,13 @@
    • +

    • +

  • diff --git a/system/htmly.php b/system/htmly.php index 0f6179a..03b531d 100644 --- a/system/htmly.php +++ b/system/htmly.php @@ -137,19 +137,27 @@ post('/login', function () { $log = session($user, $pass); if (!empty($log)) { + // Only role as admin is allowed login here + if(is_admin()) { + config('views.root', 'system/admin/views'); - config('views.root', 'system/admin/views'); - - render('login', array( - 'title' => 'Login - ' . blog_title(), - 'description' => 'Login page on ' . blog_title(), - 'canonical' => site_url(), - 'error' => '
      ' . $log . '
    ', - 'type' => 'is_login', - 'is_login' => true, - 'bodyclass' => 'in-login', - 'breadcrumb' => '    ' . config('breadcrumb.home') . ' » Login' - )); + render('login', array( + 'title' => 'Login - ' . blog_title(), + 'description' => 'Login page on ' . blog_title(), + 'canonical' => site_url(), + 'error' => '', + 'type' => 'is_login', + 'is_login' => true, + 'bodyclass' => 'in-login', + 'breadcrumb' => '' . config('breadcrumb.home') . ' » Login' + )); + } else { + // If role not as admin is not allowed login here + unset($_SESSION[config("site.url")]); + $url = site_url(); + header("Location: $url"); + } + } } else { $message['error'] = ''; @@ -319,7 +327,7 @@ post('/add/author', function () { $passconfirm = from($_REQUEST, 'passconfirm'); $content = from($_REQUEST, 'content'); - if ($proper && !empty($title) && !empty($username) && preg_match('/(?=.{6})^[a-z0-9]+$/', $username) && !username_exists($username) && !empty($password) && !empty($passconfirm) && password_match($password, $passconfirm) && login()) { + if ($proper && !empty($title) && !empty($username) && preg_match('/(?=.{6})^[a-z0-9]+$/', $username) && !username_exists($username) && !empty($password) && !empty($passconfirm) && password_match($password, $passconfirm) && is_admin()) { add_author($title, $username, $password, $content); } else { $message['error'] = ''; @@ -414,8 +422,60 @@ post('/author/:name/edit', function ($name) { $passconfirm = from($_REQUEST, 'passconfirm'); $content = from($_REQUEST, 'content'); - if ($proper && !empty($title) && !empty($username) && preg_match('/(?=.{6})^[a-z0-9]+$/', $username) && !username_exists($username, $name) && !empty($password) && !empty($passconfirm) && password_match($password, $passconfirm) && valid_password($name, $oldpassword) && login()) { - edit_author($name, $title, $username, $password, $content); + if ($proper && !empty($title) && !empty($username) && preg_match('/(?=.{6})^[a-z0-9]+$/', $username) && !username_exists($username, $name) && is_admin()) { + if(empty($password)) { + // If not change the password + edit_author($name, $title, $username, $password, $content); + } else { + // If you want change the password + if(is_admin() && !empty($passconfirm) && password_match($password, $passconfirm)) { + // Only session user role as admin + edit_author($name, $title, $username, $password, $content); + } else if(!empty($passconfirm) && password_match($password, $passconfirm) && valid_password($name, $oldpassword)) { + // If session user role not as admin + edit_author($name, $title, $username, $password, $content); + } else { + $message['error'] = ''; + if(is_admin()) { + // Only session user role as admin + if (empty($passconfirm)) { + $message['error'] .= '
  • Password Confirm field is required.
    • '; + } + if (!password_match($password, $passconfirm)) { + $message['error'] .= '
  • Password and Password Confirm is not match.
    • '; + } + } else { + // If session user role not as admin + if (empty($passconfirm)) { + $message['error'] .= '
  • Password Confirm field is required.
    • '; + } + if (!password_match($password, $passconfirm)) { + $message['error'] .= '
  • Password and Password Confirm is not match.
    • '; + } + if (!valid_password($name, $oldpassword)) { + $message['error'] .= '
  • Old Password is not valid.
    • '; + } + } + + config('views.root', 'system/admin/views'); + render('edit-author', array( + 'title' => 'Edit author - ' . blog_title(), + 'description' => strip_tags(blog_description()), + 'canonical' => site_url(), + 'error' => '', + 'aTitle' => $title, + 'aUsername' => $username, + 'aOldPassword' => $oldpassword, + 'aPassword' => $password, + 'aPassConfirm' => $passconfirm, + 'aContent' => $content, + 'heading' => 'Edit author', + 'is_admin' => true, + 'bodyclass' => 'edit-author', + 'breadcrumb' => '' . config('breadcrumb.home') . ' » Edit author' + )); + } + } } else { $message['error'] = ''; if (empty($title)) { @@ -430,18 +490,6 @@ post('/author/:name/edit', function ($name) { if (username_exists($username, $name)) { $message['error'] .= '
  • Username is already exist.
    • '; } - if (empty($password)) { - $message['error'] .= '
  • Password field is required.
    • '; - } - if (empty($passconfirm)) { - $message['error'] .= '
  • Password Confirm field is required.
    • '; - } - if (!password_match($password, $passconfirm)) { - $message['error'] .= '
  • Password and Password Confirm is not match.
    • '; - } - if (!valid_password($name, $oldpassword)) { - $message['error'] .= '
  • Old Password is not valid.
    • '; - } if (!$proper) { $message['error'] .= '
  • CSRF Token not correct.
    • '; } @@ -509,7 +557,7 @@ get('/author/:name/delete', function ($name) { // Get data Delete author post('/author/:name/delete', function () { $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); - if ($proper && login()) { + if ($proper && is_admin()) { $file = from($_REQUEST, 'file'); $destination = from($_GET, 'destination'); delete_author($file, $destination); diff --git a/system/includes/functions.php b/system/includes/functions.php index 5f5cef3..41f30b0 100644 --- a/system/includes/functions.php +++ b/system/includes/functions.php @@ -2943,8 +2943,6 @@ function head_contents() // Return toolbar function toolbar() { - $user = $_SESSION[config("site.url")]['user']; - $role = user('role', $user); $base = site_url(); echo <<