Added warn when try do download an invalid config

This commit is contained in:
Sergio Brighenti 2018-11-15 17:10:43 +01:00
parent 332ef074be
commit 0444705121
14 changed files with 37 additions and 70 deletions

View file

@ -7,7 +7,6 @@ use League\Flysystem\Adapter\Local;
use League\Flysystem\FileNotFoundException;
use League\Flysystem\Filesystem;
use Slim\Container;
use Slim\Http\Response;
abstract class Controller
{
@ -57,6 +56,7 @@ abstract class Controller
try {
$totalSize += $filesystem->getSize($media->storage_path);
} catch (FileNotFoundException $e) {
$this->logger->error('Error calculating file size', [$e->getTraceAsString()]);
}
}

View file

@ -57,7 +57,7 @@ class LoginController extends Controller
return $response->withRedirect(Session::get('redirectTo'));
}
return redirect($response,'/home');
return redirect($response, '/home');
}
/**
@ -70,7 +70,7 @@ class LoginController extends Controller
Session::clear();
Session::set('logged', false);
Session::alert('Goodbye!', 'warning');
return redirect($response,'/login');
return redirect($response, '/login');
}
}

View file

@ -58,22 +58,22 @@ class UserController extends Controller
{
if ($request->getParam('email') === null) {
Session::alert('The email is required.', 'danger');
return redirect($response,'/user/create');
return redirect($response, '/user/create');
}
if ($request->getParam('username') === null) {
Session::alert('The username is required.', 'danger');
return redirect($response,'/user/create');
return redirect($response, '/user/create');
}
if ($request->getParam('password') === null) {
Session::alert('The password is required.', 'danger');
return redirect($response,'/user/create');
return redirect($response, '/user/create');
}
if ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ?', $request->getParam('username'))->fetch()->count > 0) {
Session::alert('The username already taken.', 'danger');
return redirect($response,'/user/create');
return redirect($response, '/user/create');
}
do {
@ -89,13 +89,13 @@ class UserController extends Controller
$request->getParam('is_admin') !== null,
$request->getParam('is_active') !== null,
$userCode,
$token
$token,
]);
Session::alert("User '{$request->getParam('username')}' created!", 'success');
$this->logger->info('User ' . Session::get('username') . ' created a new user.', [array_diff($request->getParams(), ['password'])]);
return redirect($response,'/users');
return redirect($response, '/users');
}
/**
@ -115,7 +115,7 @@ class UserController extends Controller
return $this->view->render($response, 'user/edit.twig', [
'profile' => false,
'user' => $user
'user' => $user,
]);
}
@ -136,22 +136,22 @@ class UserController extends Controller
if ($request->getParam('email') === null) {
Session::alert('The email is required.', 'danger');
return redirect($response,'/user/' . $args['id'] . '/edit');
return redirect($response, '/user/' . $args['id'] . '/edit');
}
if ($request->getParam('username') === null) {
Session::alert('The username is required.', 'danger');
return redirect($response,'/user/' . $args['id'] . '/edit');
return redirect($response, '/user/' . $args['id'] . '/edit');
}
if ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ? AND `username` <> ?', [$request->getParam('username'), $user->username])->fetch()->count > 0) {
Session::alert('The username already taken.', 'danger');
return redirect($response,'/user/' . $args['id'] . '/edit');
return redirect($response, '/user/' . $args['id'] . '/edit');
}
if ($user->id === Session::get('user_id') && $request->getParam('is_admin') === null) {
Session::alert('You cannot demote yourself.', 'danger');
return redirect($response,'/user/' . $args['id'] . '/edit');
return redirect($response, '/user/' . $args['id'] . '/edit');
}
if ($request->getParam('password') !== null && !empty($request->getParam('password'))) {
@ -161,7 +161,7 @@ class UserController extends Controller
password_hash($request->getParam('password'), PASSWORD_DEFAULT),
$request->getParam('is_admin') !== null,
$request->getParam('is_active') !== null,
$user->id
$user->id,
]);
} else {
$this->database->query('UPDATE `users` SET `email`=?, `username`=?, `is_admin`=?, `active`=? WHERE `id` = ?', [
@ -169,14 +169,14 @@ class UserController extends Controller
$request->getParam('username'),
$request->getParam('is_admin') !== null,
$request->getParam('is_active') !== null,
$user->id
$user->id,
]);
}
Session::alert("User '{$request->getParam('username')}' updated!", 'success');
$this->logger->info('User ' . Session::get('username') . " updated $user->id.", [$user, array_diff($request->getParams(), ['password'])]);
return redirect($response,'/users');
return redirect($response, '/users');
}
@ -197,7 +197,7 @@ class UserController extends Controller
if ($user->id === Session::get('user_id')) {
Session::alert('You cannot delete yourself.', 'danger');
return redirect($response,'/users');
return redirect($response, '/users');
}
$this->database->query('DELETE FROM `users` WHERE `id` = ?', $user->id);
@ -205,7 +205,7 @@ class UserController extends Controller
Session::alert('User deleted.', 'success');
$this->logger->info('User ' . Session::get('username') . " deleted $user->id.");
return redirect($response,'/users');
return redirect($response, '/users');
}
/**
@ -229,7 +229,7 @@ class UserController extends Controller
return $this->view->render($response, 'user/edit.twig', [
'profile' => true,
'user' => $user
'user' => $user,
]);
}
@ -255,26 +255,26 @@ class UserController extends Controller
if ($request->getParam('email') === null) {
Session::alert('The email is required.', 'danger');
return redirect($response,'/profile');
return redirect($response, '/profile');
}
if ($request->getParam('password') !== null && !empty($request->getParam('password'))) {
$this->database->query('UPDATE `users` SET `email`=?, `password`=? WHERE `id` = ?', [
$request->getParam('email'),
password_hash($request->getParam('password'), PASSWORD_DEFAULT),
$user->id
$user->id,
]);
} else {
$this->database->query('UPDATE `users` SET `email`=? WHERE `id` = ?', [
$request->getParam('email'),
$user->id
$user->id,
]);
}
Session::alert('Profile updated successfully!', 'success');
$this->logger->info('User ' . Session::get('username') . " updated profile of $user->id.");
return redirect($response,'/profile');
return redirect($response, '/profile');
}
/**
@ -301,7 +301,7 @@ class UserController extends Controller
$this->database->query('UPDATE `users` SET `token`=? WHERE `id` = ?', [
$token,
$user->id
$user->id,
]);
$this->logger->info('User ' . Session::get('username') . " refreshed token of user $user->id.");
@ -331,6 +331,11 @@ class UserController extends Controller
throw new UnauthorizedException();
}
if ($user->token === null || $user->token === '') {
Session::alert('You don\'t have a personal upload token. (Click the update token button and try again)', 'danger');
return $response->withRedirect($request->getHeaderLine('HTTP_REFERER'));
}
$base_url = $this->settings['base_url'];
$json = [
'DestinationType' => 'ImageUploader, TextUploader, FileUploader',
@ -343,6 +348,7 @@ class UserController extends Controller
],
'URL' => '$json:url$',
'ThumbnailURL' => '$json:url$/raw',
'DeletionURL' => '$json:url$/delete',
];
return $response

View file

@ -1,7 +1,7 @@
<!doctype html>
<html lang="en">
<head>
<title>Installing XBackBone | XBackBone</title>
<title>Installing XBackBone</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="A lightweight PHP backend for ShareX">
@ -16,27 +16,6 @@
<script src="{{ request.uri }}../static/highlightjs/highlight.pack.min.js"></script>
<script src="{{ request.uri }}../static/clipboardjs/clipboard.min.js"></script>
<script src="{{ request.uri }}../static/app/app.js"></script>
<style>
html,
body {
height: 100%;
}
body {
display: -ms-flexbox;
display: -webkit-box;
display: flex;
-ms-flex-align: center;
-ms-flex-pack: center;
-webkit-box-align: center;
align-items: center;
-webkit-box-pack: center;
justify-content: center;
padding-bottom: 40px;
background-color: #f5f5f5;
margin-bottom: 0;
}
</style>
</head>
<body>
<div class="container">

View file

@ -5,12 +5,10 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="A lightweight PHP backend for ShareX">
<link href="{{ config.base_url }}/static/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="{{ config.base_url }}/static/highlightjs/styles/monokai.css" rel="stylesheet">
<link href="{{ config.base_url }}/static/videojs/video-js.min.css" rel="stylesheet">
<link href="{{ config.base_url }}/static/app/app.css" rel="stylesheet">
<script src="{{ config.base_url }}/static/jquery/jquery.min.js"></script>
<script src="{{ config.base_url }}/static/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="{{ config.base_url }}/static/fontawesome/js/all.min.js"></script>
@ -19,11 +17,7 @@
<script src="{{ config.base_url }}/static/videojs/video.min.js"></script>
<script src="{{ config.base_url }}/static/app/app.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<script>
window.AppConfig = {
'base_url': '{{ config.base_url }}'
}
</script>
<script>window.AppConfig = {'base_url': '{{ config.base_url }}'}</script>
{% block head %}{% endblock %}
</head>
<body>

View file

@ -1,7 +1,5 @@
<footer class="footer">
<div class="container-fluid">
<div class="text-muted">Proudly powered by
<a href="https://github.com/SergiX44/XBackBone">XBackBone{% if session.logged %} v{{ PLATFORM_VERSION }}{% endif %}</a>
</div>
<div class="text-muted">Proudly powered by <a href="https://github.com/SergiX44/XBackBone">XBackBone{% if session.logged %} v{{ PLATFORM_VERSION }}{% endif %}</a></div>
</div>
</footer>

View file

@ -3,9 +3,7 @@
{% block title %}Admin Home{% endblock %}
{% block content %}
{% include 'comp/navbar.twig' %}
<div class="container">
{% include 'comp/alert.twig' %}
{% if medias|length > 0 %}

View file

@ -3,9 +3,7 @@
{% block title %}Home{% endblock %}
{% block content %}
{% include 'comp/navbar.twig' %}
<div class="container">
{% include 'comp/alert.twig' %}
{% if medias|length > 0 %}

View file

@ -3,9 +3,7 @@
{% block title %}System{% endblock %}
{% block content %}
{% include 'comp/navbar.twig' %}
<div class="container">
<div class="row">
<div class="col-xl-3 col-sm-6 mb-3">

View file

@ -13,7 +13,6 @@
</div>
</div>
{% if config.displayErrorDetails %}
<div class="row">
<div class="col-md-12">
<div class="card">
@ -27,5 +26,4 @@
</div>
{% endif %}
</div>
{% endblock %}

View file

@ -4,7 +4,6 @@
{% block content %}
{% include 'comp/navbar.twig' %}
<div class="container">
{% include 'comp/alert.twig' %}
<div class="row justify-content-center">

View file

@ -4,7 +4,6 @@
{% block content %}
{% include 'comp/navbar.twig' %}
<div class="container">
{% include 'comp/alert.twig' %}
<div class="row justify-content-center">

View file

@ -9,7 +9,7 @@
<div class="card box-shadow">
<div class="card-body">
<div class="text-right">
<a href="{{ config.base_url }}/user/create" class="btn btn-outline-success mb-3"><i class="fas fa-plus"></i>Add User</a>
<a href="{{ config.base_url }}/user/create" class="btn btn-outline-success mb-3"><i class="fas fa-plus"></i> Add User</a>
</div>
<div class="table-responsive">
<table class="table table-hover">

View file

@ -9,7 +9,7 @@ var app = {
$('.refresh-token').click(app.refreshToken);
$('#themes').mousedown(app.loadThemes);
$('.alert').fadeTo(2000, 500).slideUp(500, function () {
$('.alert').fadeTo(4000, 500).slideUp(500, function () {
$('.alert').slideUp(500);
});
@ -82,7 +82,7 @@ var app = {
$themes.unbind('mousedown');
},
telegramShare: function () {
$("<a>").attr("href", $('#telegram-share-button').data('url') + $('#telegram-share-text').val()).attr("target", "_blank")[0].click();
window.open($('#telegram-share-button').data('url') + $('#telegram-share-text').val(), '_blank');
}
};