From c6f481ffcb6357f2a18868a20b07dc48cdac80af Mon Sep 17 00:00:00 2001 From: Joshua Ramon Enslin Date: Mon, 18 Jun 2018 15:07:38 +0200 Subject: [PATCH] Added checks for admin permissions to settings / users. Added welcome message and start page contents in input interface (iss0000160). --- edit/editHTMLPage.php | 6 +++- edit/inc/standardHTML.php | 5 +++- edit/index.php | 29 +++++++++++++++++++ edit/settings.php | 4 +++ .../themes/default/{default.css => theme.css} | 10 +++++++ edit/translations/en.php | 9 +++++- edit/users.php | 4 +++ inc/standardHTML.php | 2 +- 8 files changed, 65 insertions(+), 4 deletions(-) rename edit/themes/default/{default.css => theme.css} (97%) diff --git a/edit/editHTMLPage.php b/edit/editHTMLPage.php index fbd7870..ccc9bc6 100644 --- a/edit/editHTMLPage.php +++ b/edit/editHTMLPage.php @@ -23,10 +23,14 @@ loadHttpToGlobals(["id", "task", "content"]); define("targetFile", __DIR__ . "/../data/$id.htm"); -if (!isset($id) or !in_array($id, ['footer', 'aside', 'banner'])) { +if (!isset($id) or !in_array($id, ['footer', 'aside', 'banner', 'welcomeMsg'])) { echo printErrorPage($translations['specifyToEdit']); return; } +if ($id == 'welcomeMsg' and !$_SESSION['admin']) { + echo printErrorPage($translations['accessDenied']); return; +} + // Read file contents if there is no new content sent by $_POST. if (!isset($content)) { diff --git a/edit/inc/standardHTML.php b/edit/inc/standardHTML.php index 4e985d2..23568c0 100644 --- a/edit/inc/standardHTML.php +++ b/edit/inc/standardHTML.php @@ -35,7 +35,7 @@ function printBackendHead(array $settings, string $page = "home", string $title ' . $title . ' - + '; if ($icon) { @@ -171,6 +171,9 @@ function printBackendNav(array $translations):string {
' . $translations['settings'] . '
+
+ ' . $translations['welcomeMsg'] . ' +
'; } diff --git a/edit/index.php b/edit/index.php index 6038241..326b458 100644 --- a/edit/index.php +++ b/edit/index.php @@ -37,7 +37,36 @@ echo printBackendNav($translations); echo '
'; +echo printStaticPagePart("welcomeMsg", "section"); // Print aside (if need be) +echo ' +
+ +
+

' . $translations['aboutThisSite'] . '

+ + + + + + + + + + + + + +
' . $translations['numberOfPages'] . '' . (string)count($pages) . '
' . $translations['numberOfPublicPages'] . '' . (string)count(loadPublicPages()) . '
' . $translations['phpVersion'] . 'PHP ' . (string)phpversion() . '
+
+ +
+

' . $translations['aboutMDCMS'] . '

+ ' . $translations['aboutMDCMS_content'] . ' +
+ +
+'; echo '
diff --git a/edit/settings.php b/edit/settings.php index 835325a..657ff37 100644 --- a/edit/settings.php +++ b/edit/settings.php @@ -17,6 +17,10 @@ $translations = loadLanguage(); // Load translations. ensureBackendEnv(); // Ensure session is started etc. $pages = loadPages(); // Load overview of pages. +if (!$_SESSION['admin']) { + echo printErrorPage($translations['accessDenied']); return; +} + /* * Load data. */ diff --git a/edit/themes/default/default.css b/edit/themes/default/theme.css similarity index 97% rename from edit/themes/default/default.css rename to edit/themes/default/theme.css index 7533558..e0b319b 100644 --- a/edit/themes/default/default.css +++ b/edit/themes/default/theme.css @@ -248,6 +248,16 @@ main { padding: .5em 5em 3em 3em; } .labelLine > * { display: table-cell; } .labelLine label { font-weight: bold; } +/************ + * Start Page + */ + +@media screen and (min-width:75em) { + section + .startPgTiles { border-top: 1px solid #D6D6D6; } + .startPgTiles { display: flex; } + .startPgTiles > * { flex: 1; display: inline-block; } +} + /************ * Login Page */ diff --git a/edit/translations/en.php b/edit/translations/en.php index 9ba98c3..7ed1c07 100644 --- a/edit/translations/en.php +++ b/edit/translations/en.php @@ -18,6 +18,12 @@ $translations = [ "delete" => "Delete", "general" => "General Settings", "security" => "Security", + "aboutThisSite" => "About this page", + "numberOfPages" => "Number of pages (overall)", + "numberOfPublicPages" => "Number of pages (public)", + "phpVersion" => "PHP Version", + "aboutMDCMS" => "About md:cms", + "aboutMDCMS_content" => "

md:cms is a content management system for museum-related websites. It offers many functions for embedding contents from museum-digital. The only requirements are a web server running PHP7 and SSL encryption for the domain.

", "integrationWithMD" => "Integration with Museum-Digital", "languageUnavailable" => "This language is not available.", "settingsUpdated" => "Updated settings.", @@ -93,9 +99,10 @@ $translations = [ "helpfooter" => "

On this page, you can edit the footer. To not display a footer, simply empty this page.

", "banner" => "Banner", "helpbanner" => "

On this page, you can edit the banner.

", - "aside" => "Sidebar", "helpaside" => "

On this page, you can edit the sidebar. To not display a sidebar at all, simply empty this page.

", + "welcomeMsg" => "Welcome Message", + "helpwelcomeMsg" => "

On this page, you can edit the welcome message appearing on the start page of the input interface (what people see, when they log in).

", "urlAbbr" => "URL", "url" => "URL", diff --git a/edit/users.php b/edit/users.php index bdfbeed..d6a1f82 100644 --- a/edit/users.php +++ b/edit/users.php @@ -17,6 +17,10 @@ $translations = loadLanguage(); // Load translations. ensureBackendEnv(); // Ensure session is started etc. $pages = loadPages(); // Load overview of pages. +if (!$_SESSION['admin']) { + echo printErrorPage($translations['accessDenied']); return; +} + /* * Load data. */ diff --git a/inc/standardHTML.php b/inc/standardHTML.php index f9c9a8a..bdc7fa6 100644 --- a/inc/standardHTML.php +++ b/inc/standardHTML.php @@ -115,7 +115,7 @@ function printPublicEnd():string { */ function printStaticPagePart(string $file, string $elem):string { - if (!in_array($file, ['footer', 'aside', 'banner'])) { + if (!in_array($file, ['footer', 'aside', 'banner', 'welcomeMsg'])) { echo "Trying to access disallowed file."; }