Improve the admin panel

Improve the admin panel. Use .ini file to store user informations.

admin/action/create_page.php

@@ -0,0 +1,77 @@
+<?php
+	// Change this to your timezone
+	date_default_timezone_set('Asia/Jakarta');
+	require '../../system/includes/dispatch.php';
+	config('source', '../../admin/config.ini');
+	include '../includes/session.php';
+
+	if(isset($_POST['submit'])) {
+		$post_url = $_POST['url'];
+		$post_content = $_POST['content'];
+	}
+	if(!empty($post_url) && !empty($post_content)) {
+		$filename = $post_url . '.md';
+		$dir = '../../content/static/';
+		if(is_dir($dir)) {
+			file_put_contents($dir . $filename, print_r($post_content, true));
+		}
+		else {
+			mkdir($dir, 0777, true);
+			file_put_contents($dir . $filename, print_r($post_content, true));
+		}
+		header('location: ../index.php');
+	}
+	if (login()) {
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
+	<title>Create page</title>
+	<link rel="stylesheet" type="text/css" href="../resources/style.css" />
+	<link rel="stylesheet" type="text/css" href="../editor/css/editor.css" />
+	<script type="text/javascript" src="../editor/js/Markdown.Converter.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Sanitizer.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Editor.js"></script>
+</head>
+<body>
+<div class="wrapper-outer">
+<div class="wrapper-inner">
+	<div class="nav">
+		<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
+		<a href="<?php echo config('site.url');?>/admin">Admin</a> |
+		<a href="../action/create_post.php">Create post</a> |		
+		<a href="../action/logout.php">Logout</a> | 
+		<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
+	</div>
+	<div class="wmd-panel">
+		<form method="POST">
+			Url: <br><input type="text" name="url"/><br><br>
+			<div id="wmd-button-bar" class="wmd-button-bar"></div>
+			<textarea id="wmd-input" class="wmd-input" name="content" cols="20" rows="10"></textarea><br/>
+			<input type="submit" name="submit" value="Publish"/>
+		</form>
+	</div>
+	<div id="wmd-preview" class="wmd-panel wmd-preview"></div>
+	<script type="text/javascript">
+	(function () {
+		var converter = Markdown.getSanitizingConverter();
+		
+		converter.hooks.chain("preBlockGamut", function (text, rbg) {
+			return text.replace(/^ {0,3}""" *\n((?:.*?\n)+?) {0,3}""" *$/gm, function (whole, inner) {
+				return "<blockquote>" + rbg(inner) + "</blockquote>\n";
+			});
+		});
+		
+		var editor = new Markdown.Editor(converter);
+		
+		editor.run();
+	})();
+	</script>
+</div>
+</div>	
+</body>
+</html>
+<?php } else {header('location: ../index.php');} ?>

admin/includes/create_post.php → admin/action/create_post.php

@@ -29,6 +29,9 @@
 <!DOCTYPE html>
 <html>
 <head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
 	<title>Create post</title>
 	<link rel="stylesheet" type="text/css" href="../resources/style.css" />
 	<link rel="stylesheet" type="text/css" href="../editor/css/editor.css" />
@@ -41,8 +44,9 @@
 <div class="wrapper-inner">
 	<div class="nav">
 		<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
-		<a href="<?php echo config('site.url');?>/admin">Admin</a> | 
-		<a href="../includes/logout.php">Logout</a> | 
+		<a href="<?php echo config('site.url');?>/admin">Admin</a> |
+		<a href="../action/create_page.php">Create page</a> |		
+		<a href="../action/logout.php">Logout</a> | 
 		<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
 	</div>
 	<div class="wmd-panel">

admin/action/delete_page.php

@@ -0,0 +1,58 @@
+<?php 
+	// Change this to your timezone
+	date_default_timezone_set('Asia/Jakarta');
+	require '../../system/includes/dispatch.php';
+	config('source', '../../admin/config.ini');
+	include '../includes/session.php';
+	
+	if(isset($_GET['url'])) {
+		$url = $_GET['url'];
+	}
+	else {
+		header('location: ../index.php');
+	}
+	
+	if(isset($_POST['submit'])) {
+		$deleted_content = $_POST['delete'];
+	}
+	if(!empty($deleted_content)) {
+		unlink($deleted_content);
+		header('location: ../index.php');		
+	}
+	
+	if (login()) {
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
+	<title>Delete page</title>
+	<link rel="stylesheet" type="text/css" href="../resources/style.css" />
+	<link rel="stylesheet" type="text/css" href="../editor/css/editor.css" />
+	<script type="text/javascript" src="../editor/js/Markdown.Converter.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Sanitizer.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Editor.js"></script>
+</head>
+<body>
+<div class="wrapper-outer">
+<div class="wrapper-inner">
+		<div class="nav">
+			<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
+			<a href="<?php echo config('site.url');?>/admin">Admin</a> | 
+			<a href="../action/create_post.php">Create post</a> | 
+			<a href="../action/logout.php">Logout</a> | 
+			<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
+		</div>
+		
+		<?php echo '<p>Are you sure want to delete <strong>' . $url . '</strong>?</p>';?>
+		<form method="POST">
+			<input type="hidden" name="delete" value="<?php echo '../' . $url ?>"/><br>
+			<input type="submit" name="submit" value="Delete"/>
+		</form>
+</div>
+</div>
+</body>
+</html>
+<?php } else {header('location: ../index.php');} ?>

admin/action/delete_post.php

@@ -0,0 +1,58 @@
+<?php 
+	// Change this to your timezone
+	date_default_timezone_set('Asia/Jakarta');
+	require '../../system/includes/dispatch.php';
+	config('source', '../../admin/config.ini');
+	include '../includes/session.php';
+	
+	if(isset($_GET['url'])) {
+		$url = $_GET['url'];
+	}
+	else {
+		header('location: ../index.php');
+	}
+	
+	if(isset($_POST['submit'])) {
+		$deleted_content = $_POST['delete'];
+	}
+	if(!empty($deleted_content)) {
+		unlink($deleted_content);
+		header('location: ../index.php');		
+	}
+	
+	if (login()) {
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
+	<title>Delete post</title>
+	<link rel="stylesheet" type="text/css" href="../resources/style.css" />
+	<link rel="stylesheet" type="text/css" href="../editor/css/editor.css" />
+	<script type="text/javascript" src="../editor/js/Markdown.Converter.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Sanitizer.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Editor.js"></script>
+</head>
+<body>
+<div class="wrapper-outer">
+<div class="wrapper-inner">
+		<div class="nav">
+			<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
+			<a href="<?php echo config('site.url');?>/admin">Admin</a> | 
+			<a href="../action/create_post.php">Create post</a> | 
+			<a href="../action/logout.php">Logout</a> | 
+			<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
+		</div>
+		
+		<?php echo '<p>Are you sure want to delete <strong>' . $url . '</strong>?</p>';?>
+		<form method="POST">
+			<input type="hidden" name="delete" value="<?php echo '../' . $url ?>"/><br>
+			<input type="submit" name="submit" value="Delete"/>
+		</form>
+</div>
+</div>
+</body>
+</html>
+<?php } else {header('location: ../index.php');} ?>

admin/action/edit_page.php

@@ -0,0 +1,75 @@
+<?php 
+	// Change this to your timezone
+	date_default_timezone_set('Asia/Jakarta');
+	require '../../system/includes/dispatch.php';
+	config('source', '../../admin/config.ini');
+	include '../includes/session.php';
+	
+	if(isset($_GET['url'])) {
+		$url = $_GET['url'];
+	}
+	else {
+		header('location: ../index.php');
+	}
+	
+	if(isset($_POST['submit'])) {
+		$post_content = $_POST['content'];
+	}
+	if(!empty($post_content)) {
+		file_put_contents('../'. $url, print_r($post_content, true));
+		header('location: ../index.php');		
+	}
+	
+	if (login()) {
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
+	<title>Edit page</title>
+	<link rel="stylesheet" type="text/css" href="../resources/style.css" />
+	<link rel="stylesheet" type="text/css" href="../editor/css/editor.css" />
+	<script type="text/javascript" src="../editor/js/Markdown.Converter.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Sanitizer.js"></script>
+    <script type="text/javascript" src="../editor/js/Markdown.Editor.js"></script>
+</head>
+<body>
+<div class="wrapper-outer">
+<div class="wrapper-inner">
+		<div class="nav">
+			<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
+			<a href="<?php echo config('site.url');?>/admin">Admin</a> | 
+			<a href="../action/create_post.php">Create post</a> | 
+			<a href="../action/logout.php">Logout</a> | 
+			<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
+		</div>
+		<div class="wmd-panel">
+		<form method="POST">
+			<div id="wmd-button-bar" class="wmd-button-bar"></div>
+			<textarea id="wmd-input" class="wmd-input" name="content" cols="20" rows="10"><?php echo file_get_contents('../' . $url)?></textarea><br>
+			<input type="submit" name="submit" value="Submit"/>
+		</form>
+		</div>
+		<div id="wmd-preview" class="wmd-panel wmd-preview"></div>
+		<script type="text/javascript">
+		(function () {
+			var converter = Markdown.getSanitizingConverter();
+			
+			converter.hooks.chain("preBlockGamut", function (text, rbg) {
+				return text.replace(/^ {0,3}""" *\n((?:.*?\n)+?) {0,3}""" *$/gm, function (whole, inner) {
+					return "<blockquote>" + rbg(inner) + "</blockquote>\n";
+				});
+			});
+			
+			var editor = new Markdown.Editor(converter);
+			
+			editor.run();
+		})();
+		</script>
+</div>
+</div>
+</body>
+</html>
+<?php } else {header('location: ../index.php');} ?>

admin/includes/edit_post.php → admin/action/edit_post.php

@@ -25,6 +25,9 @@
 <!DOCTYPE html>
 <html>
 <head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
 	<title>Edit post</title>
 	<link rel="stylesheet" type="text/css" href="../resources/style.css" />
 	<link rel="stylesheet" type="text/css" href="../editor/css/editor.css" />
@@ -38,8 +41,8 @@
 		<div class="nav">
 			<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
 			<a href="<?php echo config('site.url');?>/admin">Admin</a> | 
-			<a href="../includes/create_post.php">Create post</a> | 
-			<a href="../includes/logout.php">Logout</a> | 
+			<a href="../action/create_post.php">Create post</a> | 
+			<a href="../action/logout.php">Logout</a> | 
 			<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
 		</div>
 		<div class="wmd-panel">

admin/includes/login.php → admin/action/login.php

@@ -1,13 +1,13 @@
 <?php
 	include '../includes/session.php';
-		
+	include '../includes/user.php';	
 	if(!empty($_REQUEST['user']) && !empty($_REQUEST['password'])) {
 		
 		$user = $_REQUEST['user'];
 		$pass = $_REQUEST['password'];
 		
-		$user_file = '../../admin/users/' . $user . '.txt';
-		$user_pass = @file_get_contents($user_file);
+		$user_file = '../../admin/users/' . $user . '.ini';
+		$user_pass = user('password', $user);
 		
 		if(file_exists($user_file)) {
 			if($pass === $user_pass) {
@@ -46,6 +46,9 @@ EOF;
 			<!DOCTYPE html>
 			<html>
 			<head>
+				<meta charset="utf-8" />
+				<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+				<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
 				<title>Admin Panel</title>
 				<link rel="stylesheet" type="text/css" href="../resources/style.css" />
 			</head>

admin/includes/logout.php → admin/action/logout.php

@@ -1,6 +1,6 @@
 <?php
 
-include 'session.php';
+include '../includes/session.php';
 
 session_destroy();
 

admin/includes/.htaccess

@@ -0,0 +1 @@
+deny from all

admin/includes/page_list.php

@@ -0,0 +1,42 @@
+<?php
+	date_default_timezone_set('Asia/Jakarta');
+	config('source', '../../admin/config.ini');
+
+	// Get static page path. Unsorted. 
+	function admin_get_static(){
+
+		static $_cache = array();
+
+		if(empty($_cache)){
+
+			// Get the names of all the
+			// static page.
+
+			$_cache = glob('../content/static/*.md', GLOB_NOSORT);
+		}
+
+		return $_cache;
+	}
+	
+	// Auto generate menu from static page
+	function get_page_list() {
+
+		$posts = admin_get_static();
+		krsort($posts);
+		
+		echo '<table>';
+		foreach($posts as $index => $v){
+		
+			echo '<tr>';
+			echo '<td>' . $v . '</td>';
+			echo '<td><form method="GET" action="action/edit_page.php"><input type="submit" name="submit" value="Edit"/><input type="hidden" name="url" value="' . $v . '"/></form></td>';
+			echo '<td><form method="GET" action="action/delete_page.php"><input type="submit" name="submit" value="Delete"/><input type="hidden" name="url" value="' . $v . '"/></form></td>';
+			echo '</tr>';
+				
+		}
+		echo '</table>';
+		
+	}
+
+	
+?>

admin/includes/post_list.php

@@ -1,5 +1,8 @@
 <?php
 
+	date_default_timezone_set('Asia/Jakarta');
+	config('source', '../../admin/config.ini');
+
 // Get blog post with more info about the path. Sorted by filename.
 function admin_get_post(){
 
@@ -104,7 +107,7 @@ function get_profile($profile, $page, $perpage){
 	}
 	
 	if(empty($tmp)) {
-		echo '<tr><td>No posts found!</td></tr>';
+		echo '<table><tr><td>No posts found!</td></tr></table>';
 		return;
 	}
 	
@@ -112,20 +115,24 @@ function get_profile($profile, $page, $perpage){
 	
 }
 
-if (isset($_SESSION['user'])) {
+function get_post_list() {
+	if (isset($_SESSION['user'])) {
 
-	$posts = get_profile($_SESSION['user'], null, null);
+		$posts = get_profile($_SESSION['user'], null, null);
 
-	if(!empty($posts)) {
+		if(!empty($posts)) {
 
-		echo '<table>';
-		foreach($posts as $p) {
-			echo '<tr>';
-			echo '<td>' . $p->file . '</td>';
-			echo '<td><form method="GET" action="includes/edit_post.php"><input type="submit" name="submit" value="Edit"/><input type="hidden" name="url" value="' . $p->file . '"/></form></td>';
-			echo '</tr>';
-		}
-		echo '</table>';
+			echo '<table>';
+			foreach($posts as $p) {
+				echo '<tr>';
+				echo '<td>' . $p->file . '</td>';
+				echo '<td><form method="GET" action="action/edit_post.php"><input type="submit" name="submit" value="Edit"/><input type="hidden" name="url" value="' . $p->file . '"/></form></td>';
+				echo '<td><form method="GET" action="action/delete_post.php"><input type="submit" name="submit" value="Delete"/><input type="hidden" name="url" value="' . $p->file . '"/></form></td>';
+				echo '</tr>';
+			}
+			echo '</table>';
 
+		}
 	}
-}
+}
+?>

admin/includes/user.php

@@ -0,0 +1,10 @@
+<?php
+
+function user($key, $user=null) {
+	$value = '../../admin/users/' . $user . '.ini';
+	static $_config = array();
+	if (file_exists($value)) {
+		$_config = parse_ini_file($value, true);
+		return $_config[$key];
+	}
+}

admin/index.php

@@ -3,10 +3,15 @@
 	require '../system/includes/dispatch.php';
 	config('source', '../admin/config.ini');
 	include 'includes/session.php';
+	include 'includes/post_list.php';
+	include 'includes/page_list.php';
 ?>
 <!DOCTYPE html>
 <html>
 <head>
+	<meta charset="utf-8" />
+	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" user-scalable="no" />
 	<title>Admin Panel</title>
 	<link rel="stylesheet" type="text/css" href="resources/style.css" />
 </head>
@@ -18,16 +23,20 @@
 			<div class="nav">
 				<a href="<?php echo config('site.url');?>" target="_blank">Home</a> | 
 				<a href="<?php echo config('site.url');?>/admin">Admin</a> | 
-				<a href="includes/create_post.php">Create post</a> | 
-				<a href="includes/logout.php">Logout</a> | 
+				<a href="action/create_post.php">Create post</a> | 
+				<a href="action/create_page.php">Create page</a> | 				
+				<a href="action/logout.php">Logout</a> | 
 				<span class="welcome">Welcome <?php echo $_SESSION['user'];?>!</span>
 			</div>
-			<?php include 'includes/post_list.php';?>
-		
+			<p>Your blog posts:</p>
+			<?php  echo get_post_list(); ?>
+			<p>Static page:</p>
+			<?php  echo get_page_list(); ?>
+			
 		<?php } else {?>
 		
 			<p>Login Form</p>
-			<form method="POST" action="includes/login.php">
+			<form method="POST" action="action/login.php">
 				User:<br>
 				<input type="text" name="user"/><br><br>
 				Pass:<br>

admin/users/username.ini.example

@@ -0,0 +1,2 @@
+;Password
+password = yourpassword