Added checks for admin permissions to settings / users.
Added welcome message and start page contents in input interface (iss0000160).
This commit is contained in:
parent
067beedf29
commit
c6f481ffcb
|
@ -23,10 +23,14 @@ loadHttpToGlobals(["id", "task", "content"]);
|
||||||
|
|
||||||
define("targetFile", __DIR__ . "/../data/$id.htm");
|
define("targetFile", __DIR__ . "/../data/$id.htm");
|
||||||
|
|
||||||
if (!isset($id) or !in_array($id, ['footer', 'aside', 'banner'])) {
|
if (!isset($id) or !in_array($id, ['footer', 'aside', 'banner', 'welcomeMsg'])) {
|
||||||
echo printErrorPage($translations['specifyToEdit']); return;
|
echo printErrorPage($translations['specifyToEdit']); return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($id == 'welcomeMsg' and !$_SESSION['admin']) {
|
||||||
|
echo printErrorPage($translations['accessDenied']); return;
|
||||||
|
}
|
||||||
|
|
||||||
// Read file contents if there is no new content sent by $_POST.
|
// Read file contents if there is no new content sent by $_POST.
|
||||||
|
|
||||||
if (!isset($content)) {
|
if (!isset($content)) {
|
||||||
|
|
|
@ -35,7 +35,7 @@ function printBackendHead(array $settings, string $page = "home", string $title
|
||||||
|
|
||||||
<title>' . $title . '</title>
|
<title>' . $title . '</title>
|
||||||
<link rel="stylesheet" type="text/css" href="themes/imports.css">
|
<link rel="stylesheet" type="text/css" href="themes/imports.css">
|
||||||
<link rel="stylesheet" type="text/css" href="themes/default/default.css">
|
<link rel="stylesheet" type="text/css" href="themes/default/theme.css">
|
||||||
<meta http-equiv="content-type" content="text/html;charset=utf-8">';
|
<meta http-equiv="content-type" content="text/html;charset=utf-8">';
|
||||||
|
|
||||||
if ($icon) {
|
if ($icon) {
|
||||||
|
@ -171,6 +171,9 @@ function printBackendNav(array $translations):string {
|
||||||
<div>
|
<div>
|
||||||
<a href="settings.php">' . $translations['settings'] . '</a>
|
<a href="settings.php">' . $translations['settings'] . '</a>
|
||||||
</div>
|
</div>
|
||||||
|
<div>
|
||||||
|
<a href="editHTMLPage.php?id=welcomeMsg">' . $translations['welcomeMsg'] . '</a>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
';
|
';
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,36 @@ echo printBackendNav($translations);
|
||||||
echo '
|
echo '
|
||||||
<main>';
|
<main>';
|
||||||
|
|
||||||
|
echo printStaticPagePart("welcomeMsg", "section"); // Print aside (if need be)
|
||||||
|
|
||||||
|
echo '
|
||||||
|
<section class="startPgTiles">
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<h3>' . $translations['aboutThisSite'] . '</h3>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>' . $translations['numberOfPages'] . '</th>
|
||||||
|
<td>' . (string)count($pages) . '</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<th>' . $translations['numberOfPublicPages'] . '</th>
|
||||||
|
<td>' . (string)count(loadPublicPages()) . '</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<th>' . $translations['phpVersion'] . '</th>
|
||||||
|
<td>PHP ' . (string)phpversion() . '</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<h3>' . $translations['aboutMDCMS'] . '</h3>
|
||||||
|
' . $translations['aboutMDCMS_content'] . '
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
';
|
||||||
|
|
||||||
echo '
|
echo '
|
||||||
</main>
|
</main>
|
||||||
|
|
|
@ -17,6 +17,10 @@ $translations = loadLanguage(); // Load translations.
|
||||||
ensureBackendEnv(); // Ensure session is started etc.
|
ensureBackendEnv(); // Ensure session is started etc.
|
||||||
$pages = loadPages(); // Load overview of pages.
|
$pages = loadPages(); // Load overview of pages.
|
||||||
|
|
||||||
|
if (!$_SESSION['admin']) {
|
||||||
|
echo printErrorPage($translations['accessDenied']); return;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Load data.
|
* Load data.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -248,6 +248,16 @@ main { padding: .5em 5em 3em 3em; }
|
||||||
.labelLine > * { display: table-cell; }
|
.labelLine > * { display: table-cell; }
|
||||||
.labelLine label { font-weight: bold; }
|
.labelLine label { font-weight: bold; }
|
||||||
|
|
||||||
|
/************
|
||||||
|
* Start Page
|
||||||
|
*/
|
||||||
|
|
||||||
|
@media screen and (min-width:75em) {
|
||||||
|
section + .startPgTiles { border-top: 1px solid #D6D6D6; }
|
||||||
|
.startPgTiles { display: flex; }
|
||||||
|
.startPgTiles > * { flex: 1; display: inline-block; }
|
||||||
|
}
|
||||||
|
|
||||||
/************
|
/************
|
||||||
* Login Page
|
* Login Page
|
||||||
*/
|
*/
|
|
@ -18,6 +18,12 @@ $translations = [
|
||||||
"delete" => "Delete",
|
"delete" => "Delete",
|
||||||
"general" => "General Settings",
|
"general" => "General Settings",
|
||||||
"security" => "Security",
|
"security" => "Security",
|
||||||
|
"aboutThisSite" => "About this page",
|
||||||
|
"numberOfPages" => "Number of pages (overall)",
|
||||||
|
"numberOfPublicPages" => "Number of pages (public)",
|
||||||
|
"phpVersion" => "PHP Version",
|
||||||
|
"aboutMDCMS" => "About md:cms",
|
||||||
|
"aboutMDCMS_content" => "<p>md:cms is a content management system for museum-related websites. It offers many functions for embedding contents from museum-digital. The only requirements are a web server running PHP7 and SSL encryption for the domain.</p>",
|
||||||
"integrationWithMD" => "Integration with Museum-Digital",
|
"integrationWithMD" => "Integration with Museum-Digital",
|
||||||
"languageUnavailable" => "This language is not available.",
|
"languageUnavailable" => "This language is not available.",
|
||||||
"settingsUpdated" => "Updated settings.",
|
"settingsUpdated" => "Updated settings.",
|
||||||
|
@ -93,9 +99,10 @@ $translations = [
|
||||||
"helpfooter" => "<p>On this page, you can edit the footer. To not display a footer, simply empty this page.</p>",
|
"helpfooter" => "<p>On this page, you can edit the footer. To not display a footer, simply empty this page.</p>",
|
||||||
"banner" => "Banner",
|
"banner" => "Banner",
|
||||||
"helpbanner" => "<p>On this page, you can edit the banner.</p>",
|
"helpbanner" => "<p>On this page, you can edit the banner.</p>",
|
||||||
|
|
||||||
"aside" => "Sidebar",
|
"aside" => "Sidebar",
|
||||||
"helpaside" => "<p>On this page, you can edit the sidebar. To not display a sidebar at all, simply empty this page.</p>",
|
"helpaside" => "<p>On this page, you can edit the sidebar. To not display a sidebar at all, simply empty this page.</p>",
|
||||||
|
"welcomeMsg" => "Welcome Message",
|
||||||
|
"helpwelcomeMsg" => "<p>On this page, you can edit the welcome message appearing on the start page of the input interface (what people see, when they log in).</p>",
|
||||||
|
|
||||||
"urlAbbr" => "<abbr title=\"Uniform Resource Locator\">URL</abbr>",
|
"urlAbbr" => "<abbr title=\"Uniform Resource Locator\">URL</abbr>",
|
||||||
"url" => "URL",
|
"url" => "URL",
|
||||||
|
|
|
@ -17,6 +17,10 @@ $translations = loadLanguage(); // Load translations.
|
||||||
ensureBackendEnv(); // Ensure session is started etc.
|
ensureBackendEnv(); // Ensure session is started etc.
|
||||||
$pages = loadPages(); // Load overview of pages.
|
$pages = loadPages(); // Load overview of pages.
|
||||||
|
|
||||||
|
if (!$_SESSION['admin']) {
|
||||||
|
echo printErrorPage($translations['accessDenied']); return;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Load data.
|
* Load data.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -115,7 +115,7 @@ function printPublicEnd():string {
|
||||||
*/
|
*/
|
||||||
function printStaticPagePart(string $file, string $elem):string {
|
function printStaticPagePart(string $file, string $elem):string {
|
||||||
|
|
||||||
if (!in_array($file, ['footer', 'aside', 'banner'])) {
|
if (!in_array($file, ['footer', 'aside', 'banner', 'welcomeMsg'])) {
|
||||||
echo "Trying to access disallowed file.";
|
echo "Trying to access disallowed file.";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in New Issue
Block a user