public function crudAction()
{
// multi select!
if (!$this->isAJAX()) {
if (Security::getUserRole() === 'ROLE_ADMIN') {
$categories = $this->loadModel('Category')->findAll();
$item_per_page = 10;
$news_count = $this->getNewsCount('all');
$pages_count = ceil($news_count / $item_per_page);
$css = [STYLES . 'grid.css', STYLES . 'file-browser-btn.css', STYLES . 'news.css'];
$js = [BOWER . 'jquery-form/jquery.form.js', SCRIPTS . 'file-validator.js', SCRIPTS . 'file-browser-btn.js', SCRIPTS . 'news-grid.js', SCRIPTS . 'news-crud.js'];
$this->loadView(LAYOUT, 'News/Admin/index', 'News', $css, $js, ['csrf_token_news' => Security::generateCSRFToken('csrf_token_news'), 'news_count' => $news_count, 'pages_count' => $pages_count, 'item_per_page' => $item_per_page, 'category' => 'all', 'categories' => $categories]);
} else {
Helper::redirectTo(WEB . 'categories');
}
}
}
public function deleteAction()
{
if ($this->isAJAX() && $this->isRequestMethod('DELETE') && Security::getUserRole() === 'ROLE_ADMIN') {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT)) {
$csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES);
if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) {
$id = htmlspecialchars($request->{'_id'}, ENT_QUOTES);
$comment = $this->loadModel('Comment');
$comment->Id = $id;
if ($comment->delete() == 1) {
$status = 204;
}
}
}
http_response_code($status);
echo json_encode($data);
}
}
function isAdmin($isUserLoggedIn)
{
return $isUserLoggedIn && Security::getUserRole() === 'ROLE_ADMIN' ? 'block' : 'none';
}
public function updateAction()
{
if ($this->isAJAX() && $this->isRequestMethod('PUT') && Security::getUserRole() === 'ROLE_ADMIN') {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_category'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_title'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9_.öçşiğüÖÇŞİĞÜ-]{3,50}$/')))) {
$status = 400;
$data = array("error" => 'bad_request');
$csrf_token_category = htmlspecialchars($request->{'_csrf_token_category'}, ENT_QUOTES);
if ($csrf_token_category == hash('sha256', Security::getCSRFToken('csrf_token_category'))) {
$id = htmlspecialchars($request->{'_id'}, ENT_QUOTES);
$title = htmlspecialchars($request->{'_title'}, ENT_QUOTES);
$category = $this->loadModel('Category');
$category->Id = $id;
$status = 200;
$data = array('id' => $category->save(array('title' => $title)));
}
}
http_response_code($status);
echo json_encode($data);
}
}
