Skip to content

Commit

Permalink
Редактор Ace 1.32.9;
Browse files Browse the repository at this point in the history 
Возможность выводить дату изменения записей ТК в админке;
Возможность отключать восстановление паролей;
Fix Open Redirect;
close instantsoft#1497
close instantsoft#1495
Cropper обновлён до актуальной версии;
Jquery Inputmask обновлён до актуальной версии;
VueJS обновлён до актуальной версии;
Мелкий рефакторинг.
  • Loading branch information
@fuzegit
fuzegit committed Mar 31, 2024
1 parent 4accf99 commit 7752cdd
Show file tree
Hide file tree
Showing 132 changed files with 679 additions and 547 deletions.
1 change: 1 addition & 0 deletions system/config/mimetypes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@
'skt' => 'application/x-koan',
'smil' => 'application/smil',
'svg' => 'image/svg+xml',
'svg' => 'image/svg',
'spl' => 'application/x-futuresplash',
'src' => 'application/x-wais-source',
'stc' => 'application/vnd.sun.xml.calc.template',
Expand Down
9 changes: 9 additions & 0 deletions system/controllers/admin/grids/grid_content_items.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,15 @@ function grid_content_items($controller, $ctype) {
return html_date($value, true);
}
],
'date_last_modified' => [
'title' => LANG_CP_GRID_COLYMNS_MODIFIED,
'switchable' => true,
'disable' => true,
'filter' => 'date',
'handler' => function ($value, $item) {
return $value ? html_date($value, true) : '-';
}
],
'is_approved' => [
'title' => LANG_MODERATION,
'width' => 150,
Expand Down
7 changes: 4 additions & 3 deletions system/controllers/admin/grids/grid_controllers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,10 @@ function grid_controllers($controller) {
];

$options = [
'order_by' => false,
'order_to' => false,
'is_pagination' => false
'deny_mass_editing' => true,
'order_by' => false,
'order_to' => false,
'is_pagination' => false
];

$columns = [
Expand Down
82 changes: 44 additions & 38 deletions system/controllers/auth/actions/login.php
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
<?php

class actionAuthLogin extends cmsAction {

private $is_added_capcha_field = false;

public function run(){
public function run() {

$is_site_offline = !cmsConfig::get('is_site_on');

Expand All @@ -16,43 +17,45 @@ public function run(){
// Авторизованных редиректим сразу
if ($this->cms_user->is_logged && !$this->cms_user->is_admin) {

if ($back_url){
$this->redirect($back_url);
if ($back_url) {

return $this->redirect($back_url);

} else {
$this->redirect(href_to_profile($this->cms_user));
}

return $this->redirect(href_to_profile($this->cms_user));
}
}

$form = $this->getForm('login');

if ($this->options['auth_captcha'] && cmsUser::sessionGet('is_auth_captcha')){
if ($this->options['auth_captcha'] && cmsUser::sessionGet('is_auth_captcha')) {

$form = $this->addCapchaField($form);
}

if ($back_url){
if ($back_url) {

$form->addField('basic',
new fieldHidden('back')
);

$data['back'] = $back_url;

}

$is_submit = $this->request->has('submit');

if ($is_submit){
if ($is_submit) {

$data = $form->parse($this->request, true);

$errors = $form->validate($this, $data);
$errors = $form->validate($this, $data);

if ($errors){
if ($errors) {

cmsUser::addSessionMessage(LANG_LOGIN_ERROR, 'error');

if ($this->options['auth_captcha'] && !$is_site_offline){
if ($this->options['auth_captcha'] && !$is_site_offline) {

cmsUser::sessionSet('is_auth_captcha', true);

Expand All @@ -63,12 +66,12 @@ public function run(){

$logged_user = cmsUser::login($data['login_email'], $data['login_password'], $data['remember'], false);

if ($logged_user){
if ($logged_user) {

cmsUser::sessionUnset('is_auth_captcha');

// Включена ли двухфакторная авторизация
if(!empty($logged_user['2fa']) && !empty($this->options['2fa_params'][$logged_user['2fa']])){
if (!empty($logged_user['2fa']) && !empty($this->options['2fa_params'][$logged_user['2fa']])) {

$twofa_params = $this->options['2fa_params'][$logged_user['2fa']];

Expand All @@ -81,33 +84,33 @@ public function run(){
executeAction($twofa_params['action'], [$logged_user, $form, $data, href_to('auth', 'login')]);

// передаём управление другому экшену
if($result !== true){
if ($result !== true) {

$this->cms_template->addOutput($result);

return $result;
}

$this->cms_template->restoreContext();

}

// Не даём авторизоваться
// если сайт выключен и доступа к просмотру нет
if ($is_site_offline){
if (empty($logged_user['permissions']['auth']['view_closed']) && empty($logged_user['is_admin'])){
if ($is_site_offline) {
if (empty($logged_user['permissions']['auth']['view_closed']) && empty($logged_user['is_admin'])) {

cmsUser::addSessionMessage(LANG_LOGIN_ADMIN_ONLY, 'error');
$this->redirectBack();

return $this->redirectBack();
}
}

// завершаем авторизацию
cmsUser::loginComplete($logged_user, $data['remember']);

// Переходное сообщение для нового типа хранения паролей
if(!empty($logged_user['is_old_auth']) && !empty($this->options['notify_old_auth'])){
if (!empty($logged_user['is_old_auth']) && !empty($this->options['notify_old_auth'])) {

cmsUser::addSessionMessage(sprintf(LANG_AUTH_IS_OLD_AUTH, href_to_profile($logged_user, ['edit', 'password'])), 'info');
}

Expand All @@ -117,60 +120,63 @@ public function run(){

$is_first_auth = cmsUser::getUPS('first_auth', $logged_user['id']);

if ($is_first_auth){
if ($is_first_auth) {

$auth_redirect = $this->options['first_auth_redirect'];
cmsUser::deleteUPS('first_auth', $logged_user['id']);
}

if ($back_url){
$this->redirect($back_url);
if ($back_url) {

return $this->redirect($back_url);

} else {
$this->redirect($this->getAuthRedirectUrl($auth_redirect));

return $this->redirect($this->getAuthRedirectUrl($auth_redirect));
}

} else {

cmsUser::addSessionMessage(LANG_LOGIN_ERROR, 'error');

if ($this->options['auth_captcha'] && !$is_site_offline){
if ($this->options['auth_captcha'] && !$is_site_offline) {

cmsUser::sessionSet('is_auth_captcha', true);

$form = $this->addCapchaField($form);
}

}

}

if ($is_site_offline) { $this->redirectBack(); }

if ($is_site_offline) {
return $this->redirectBack();
}
}

if ($back_url && !$is_submit && empty($this->options['is_site_only_auth_users'])){
if ($back_url && !$is_submit && empty($this->options['is_site_only_auth_users'])) {
cmsUser::addSessionMessage(LANG_LOGIN_REQUIRED, 'error');
}

if ($this->request->isAjax() && cmsUser::sessionGet('is_auth_captcha')){
if ($this->request->isAjax() && cmsUser::sessionGet('is_auth_captcha')) {
$ajax_page_redirect = true;
}

// Мы не передаём название шаблона для вывода
// Оно берется из названия текущего экшена
return $this->cms_template->render([
'is_reg_enabled' => $this->options['is_reg_enabled'],
'is_reg_enabled' => $this->options['is_reg_enabled'],
'ajax_page_redirect' => $ajax_page_redirect,
'errors' => (isset($errors) ? $errors : false),
'data' => $data,
'form' => $form,
'back_url' => $back_url,
'hooks_html' => cmsEventsManager::hookAll('login_form_html')
'errors' => (isset($errors) ? $errors : false),
'data' => $data,
'form' => $form,
'back_url' => $back_url,
'hooks_html' => cmsEventsManager::hookAll('login_form_html')
]);
}

private function addCapchaField($form) {

if($this->is_added_capcha_field){
if ($this->is_added_capcha_field) {
return $form;
}

Expand Down
59 changes: 33 additions & 26 deletions system/controllers/auth/actions/reset.php
View file
Original file line number Diff line number Diff line change
@@ -1,73 +1,80 @@
<?php
/**
* @property \modelUsers $model_users
*/
class actionAuthReset extends cmsAction {

public function run($pass_token){
public function run($pass_token) {

if ($this->cms_user->is_logged && !$this->cms_user->is_admin) { $this->redirectToHome(); }

if (!$pass_token) { cmsCore::error404(); }
if (!empty($this->options['disable_restore'])) {
return cmsCore::error404();
}

$users_model = cmsCore::getModel('users');
if ($this->cms_user->is_logged && !$this->cms_user->is_admin) {
return$this->redirectToHome();
}

$profile = $users_model->getUserByPassToken($pass_token);
if (!$profile) { cmsCore::error404(); }
if (!$pass_token) {
return cmsCore::error404();
}

if($profile['is_locked']){
$profile = $this->model_users->getUserByPassToken($pass_token);
if (!$profile) {
return cmsCore::error404();
}

cmsUser::addSessionMessage(LANG_RESTORE_BLOCK.($profile['lock_reason'] ? '. '.$profile['lock_reason'] : ''), 'error');
if ($profile['is_locked']) {

$this->redirectToHome();
cmsUser::addSessionMessage(LANG_RESTORE_BLOCK . ($profile['lock_reason'] ? '. ' . $profile['lock_reason'] : ''), 'error');

return $this->redirectToHome();
}

if ((strtotime($profile['date_token']) + (24 * 3600)) < time()){
if ((strtotime($profile['date_token']) + (24 * 3600)) < time()) {

$users_model->clearUserPassToken($profile['id']);
$this->model_users->clearUserPassToken($profile['id']);

cmsUser::addSessionMessage(LANG_RESTORE_TOKEN_EXPIRED, 'error');

$this->redirectToAction('restore');

return $this->redirectToAction('restore');
}

$form = $this->getForm('reset');

if ($this->request->has('submit')){
if ($this->request->has('submit')) {

$_profile = $form->parse($this->request, true);

$errors = $form->validate($this, $_profile);

if (!$errors){
if (!$errors) {

$result = $users_model->updateUser($profile['id'], $_profile);
$result = $this->model_users->updateUser($profile['id'], $_profile);

if ($result['success']){
if ($result['success']) {

cmsUser::addSessionMessage(LANG_PASS_CHANGED, 'success');

$users_model->clearUserPassToken($profile['id']);
$this->model_users->clearUserPassToken($profile['id']);

$this->redirectTo('users', $profile['id']);
return $this->redirectTo('users', $profile['id']);

} else {

$errors = $result['errors'];
}

}

if ($errors){
if ($errors) {
cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error');
}

}

return $this->cms_template->render('reset', array(
return $this->cms_template->render('reset', [
'profile' => $profile,
'form' => $form,
'errors' => isset($errors) ? $errors : false
));

]);
}

}
9 changes: 8 additions & 1 deletion system/controllers/auth/actions/restore.php
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
<?php

/**
* @property \modelUsers $model_users
* @property \messages $controller_messages
*/
class actionAuthRestore extends cmsAction {

public function run() {

if (!empty($this->options['disable_restore'])) {
return cmsCore::error404();
}

if ($this->cms_user->is_logged && !$this->cms_user->is_admin) {
return $this->redirectToHome();
}
Expand Down
Loading

0 comments on commit 7752cdd

Please sign in to comment.