public function crudAction() { // multi select! if (!$this->isAJAX()) { if (Security::getUserRole() === 'ROLE_ADMIN') { $categories = $this->loadModel('Category')->findAll(); $item_per_page = 10; $news_count = $this->getNewsCount('all'); $pages_count = ceil($news_count / $item_per_page); $css = [STYLES . 'grid.css', STYLES . 'file-browser-btn.css', STYLES . 'news.css']; $js = [BOWER . 'jquery-form/jquery.form.js', SCRIPTS . 'file-validator.js', SCRIPTS . 'file-browser-btn.js', SCRIPTS . 'news-grid.js', SCRIPTS . 'news-crud.js']; $this->loadView(LAYOUT, 'News/Admin/index', 'News', $css, $js, ['csrf_token_news' => Security::generateCSRFToken('csrf_token_news'), 'news_count' => $news_count, 'pages_count' => $pages_count, 'item_per_page' => $item_per_page, 'category' => 'all', 'categories' => $categories]); } else { Helper::redirectTo(WEB . 'categories'); } } }
public function deleteAction() { if ($this->isAJAX() && $this->isRequestMethod('DELETE') && Security::getUserRole() === 'ROLE_ADMIN') { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT)) { $csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES); if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) { $id = htmlspecialchars($request->{'_id'}, ENT_QUOTES); $comment = $this->loadModel('Comment'); $comment->Id = $id; if ($comment->delete() == 1) { $status = 204; } } } http_response_code($status); echo json_encode($data); } }
function isAdmin($isUserLoggedIn) { return $isUserLoggedIn && Security::getUserRole() === 'ROLE_ADMIN' ? 'block' : 'none'; }
public function updateAction() { if ($this->isAJAX() && $this->isRequestMethod('PUT') && Security::getUserRole() === 'ROLE_ADMIN') { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_category'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_title'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9_.öçşiğüÖÇŞİĞÜ-]{3,50}$/')))) { $status = 400; $data = array("error" => 'bad_request'); $csrf_token_category = htmlspecialchars($request->{'_csrf_token_category'}, ENT_QUOTES); if ($csrf_token_category == hash('sha256', Security::getCSRFToken('csrf_token_category'))) { $id = htmlspecialchars($request->{'_id'}, ENT_QUOTES); $title = htmlspecialchars($request->{'_title'}, ENT_QUOTES); $category = $this->loadModel('Category'); $category->Id = $id; $status = 200; $data = array('id' => $category->save(array('title' => $title))); } } http_response_code($status); echo json_encode($data); } }