Merge pull request #2 from dignajar/master

Update to v0.6 beta1

README.md

@@ -1,9 +1,10 @@
 [Bludit](http://www.bludit.com/) — Flat file CMS
 ================================================
+Create your own Blog in seconds.
 
-Bludit is a fast, simple, extensible and Flat file CMS.
+Fast, simple, extensible and Flat file CMS.
 
-- [Documentation](http://docs.bludit.com/en/)
+- [Documentation](http://docs.bludit.com)
 - [Help and Support](http://forum.bludit.com)
 - [Plugins](https://github.com/dignajar/bludit-plugins)
 - [Themes](https://github.com/dignajar/bludit-themes)
@@ -16,23 +17,26 @@ Social
 - [Facebook](https://www.facebook.com/bluditcms)
 - [Google+](https://plus.google.com/+Bluditcms)
 
+[![Join the chat at https://gitter.im/dignajar/bludit](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/dignajar/bludit?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
 Requirements
 ------------
 
-You only need a Webserver with PHP support.
+You only need a web server with PHP support.
 
 - PHP 5.3 or higher.
-- PHP module [mbstring](http://php.net/manual/en/book.mbstring.php) for full UTF-8 support.
+- PHP [mbstring](http://php.net/manual/en/book.mbstring.php) module for full UTF-8 support.
 - Webserver:
-  * Apache with module [mod_rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html)
-  * Ngnix with module [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html)
+  * Apache with [mod_rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) module.
+  * Lighttpd with [mod_rewrite](http://redmine.lighttpd.net/projects/1/wiki/docs_modrewrite) module.
+  * Nginx with [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html) module.
 
 Installation guide
 ------------------
 
 1. Download the latest version from http://www.bludit.com/bludit_latest.zip
 2. Extract the zip file into a directory like `bludit`.
-3. Upload the directory `bludit` on your hosting.
+3. Upload the directory `bludit` to your hosting server.
 4. Done!
 
 License

admin/controllers/about.php

@@ -0,0 +1,26 @@
+<?php defined('BLUDIT') or die('Bludit CMS.');
+
+// ============================================================================
+// Check role
+// ============================================================================
+
+if($Login->role()!=='admin') {
+	Alert::set($Language->g('you-do-not-have-sufficient-permissions'));
+	Redirect::page('admin', 'dashboard');
+}
+
+// ============================================================================
+// Functions
+// ============================================================================
+
+// ============================================================================
+// Main before POST
+// ============================================================================
+
+// ============================================================================
+// POST Method
+// ============================================================================
+
+// ============================================================================
+// Main after POST
+// ============================================================================

admin/controllers/dashboard.php

@@ -16,17 +16,16 @@
 // Main after POST
 // ============================================================================
 
-//$_newPosts = $dbPosts->regenerateCli();
-$_newPages = $dbPages->regenerateCli();
-
-$_newPages = $_newPosts = array();
-
 $_draftPosts = array();
+$_scheduledPosts = array();
 foreach($posts as $Post)
 {
 	if($Post->draft()) {
 		array_push($_draftPosts, $Post);
 	}
+	elseif($Post->scheduled()) {
+		array_push($_scheduledPosts, $Post);
+	}
 }
 
 $_draftPages = array();

admin/controllers/edit-page.php

@@ -9,14 +9,6 @@ function editPage($args)
 	global $dbPages;
 	global $Language;
 
-	// Page status, published or draft.
-	if( isset($args['publish']) ) {
-		$args['status'] = "published";
-	}
-	else {
-		$args['status'] = "draft";
-	}
-
 	if(!isset($args['parent'])) {
 		$args['parent'] = NO_PARENT_CHAR;
 	}
@@ -27,7 +19,7 @@ function editPage($args)
 		$dbPages->regenerateCli();
 
 		Alert::set($Language->g('The changes have been saved'));
-		Redirect::page('admin', 'edit-page/'.$args['key']);
+		Redirect::page('admin', 'edit-page/'.$args['slug']);
 	}
 	else
 	{
@@ -61,7 +53,7 @@ function deletePage($key)
 
 if( $_SERVER['REQUEST_METHOD'] == 'POST' )
 {
-	if( isset($_POST['delete']) ) {
+	if( isset($_POST['delete-page']) ) {
 		deletePage($_POST['key']);
 	}
 	else {

admin/controllers/edit-post.php

@@ -13,22 +13,14 @@ function editPost($args)
 	global $dbPosts;
 	global $Language;
 
-	// Post status, published or draft.
-	if( isset($args['publish']) ) {
-		$args['status'] = "published";
-	}
-	else {
-		$args['status'] = "draft";
-	}
-
 	// Edit the post.
 	if( $dbPosts->edit($args) )
 	{
 		// Reindex tags, this function is in 70.posts.php
 		reIndexTagsPosts();
 
 		Alert::set($Language->g('The changes have been saved'));
-		Redirect::page('admin', 'edit-post/'.$args['key']);
+		Redirect::page('admin', 'edit-post/'.$args['slug']);
 	}
 	else
 	{
@@ -67,7 +59,7 @@ function deletePost($key)
 
 if( $_SERVER['REQUEST_METHOD'] == 'POST' )
 {
-	if( isset($_POST['delete']) ) {
+	if( isset($_POST['delete-post']) ) {
 		deletePost($_POST['key']);
 	}
 	else {

admin/controllers/edit-user.php

@@ -17,14 +17,14 @@ function editUser($args)
 	}
 }
 
-function setPassword($args)
+function setPassword($username, $new_password, $confirm_password)
 {
 	global $dbUsers;
 	global $Language;
 
-	if( ($args['password']===$args['confirm-password']) && !Text::isEmpty($args['password']) )
+	if( ($new_password===$confirm_password) && !Text::isEmpty($new_password) )
 	{
-		if( $dbUsers->setPassword($args) ) {
+		if( $dbUsers->setPassword($username, $new_password) ) {
 			Alert::set($Language->g('The changes have been saved'));
 		}
 		else {
@@ -42,12 +42,18 @@ function deleteUser($args, $deleteContent=false)
 	global $dbUsers;
 	global $dbPosts;
 	global $Language;
+	global $Login;
 
 	// The user admin cannot be deleted.
 	if($args['username']=='admin') {
 		return false;
 	}
 
+	// The editors cannot delete users.
+	if($Login->role()!=='admin') {
+		return false;
+	}
+
 	if($deleteContent) {
 		$dbPosts->deletePostsByUser($args['username']);
 	}
@@ -73,7 +79,7 @@ function deleteUser($args, $deleteContent=false)
 
 if( $_SERVER['REQUEST_METHOD'] == 'POST' )
 {
-	// Prevent editors users to administrate other users.
+	// Prevent editors to administrate other users.
 	if($Login->role()!=='admin')
 	{
 		$_POST['username'] = $Login->username();
@@ -86,10 +92,11 @@ function deleteUser($args, $deleteContent=false)
 	elseif(isset($_POST['delete-user-associate'])) {
 		deleteUser($_POST, false);
 	}
-	elseif(isset($_POST['change-password'])) {
-		setPassword($_POST);
+	elseif( !empty($_POST['new-password']) && !empty($_POST['confirm-password']) ) {
+		setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']);
+		editUser($_POST);
 	}
-	elseif(isset($_POST['edit-user'])) {
+	else {
 		editUser($_POST);
 	}
 }

admin/controllers/login-email.php

@@ -0,0 +1,122 @@
+<?php defined('BLUDIT') or die('Bludit CMS.');
+
+// ============================================================================
+// Check role
+// ============================================================================
+
+// ============================================================================
+// Functions
+// ============================================================================
+
+function checkPost($args)
+{
+	global $Security;
+	global $Language;
+	global $dbUsers;
+	global $Site;
+
+	if($Security->isBlocked()) {
+		Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
+		return false;
+	}
+
+	// Remove illegal characters from email
+	$email = Sanitize::email($args['email']);
+
+	if(Valid::email($email))
+	{
+		// Get username associated to an email.
+		$username = $dbUsers->getByEmail($email);
+		if($username!=false)
+		{
+			// Generate the token and the token expiration date.
+			$token = $dbUsers->generateTokenEmail($username);
+
+			// ---- EMAIL ----
+			$link = $Site->url().'admin/login-email?tokenEmail='.$token.'&username='.$username;
+			$subject = $Language->g('BLUDIT Login access code');
+			$message = Text::replaceAssoc(
+					array(
+						'{{WEBSITE_NAME}}'=>$Site->title(),
+						'{{LINK}}'=>'<a href="'.$link.'">'.$link.'</a>'
+					),
+					$Language->g('email-notification-login-access-code')
+			);
+
+			$sent = Email::send(array(
+						'from'=>$Site->emailFrom(),
+						'to'=>$email,
+						'subject'=>$subject,
+						'message'=>$message
+			));
+
+			if($sent) {
+				Alert::set($Language->g('check-your-inbox-for-your-login-access-code'));
+				return true;
+			}
+			else {
+				Alert::set($Language->g('There was a problem sending the email'));
+				return false;
+			}
+		}
+	}
+
+	// Bruteforce protection, add IP to blacklist.
+	$Security->addLoginFail();
+	Alert::set($Language->g('check-your-inbox-for-your-login-access-code'));
+
+	return false;
+}
+
+function checkGet($args)
+{
+	global $Security;
+	global $Language;
+	global $Login;
+
+	if($Security->isBlocked()) {
+		Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
+		return false;
+	}
+
+	// Verify User sanitize the input
+	if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
+	{
+		// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
+		$Security->generateToken();
+
+		Redirect::page('admin', 'dashboard');
+		return true;
+	}
+
+	// Bruteforce protection, add IP to blacklist.
+	$Security->addLoginFail();
+	return false;
+}
+
+// ============================================================================
+// Main before POST
+// ============================================================================
+
+// ============================================================================
+// GET Method
+// ============================================================================
+
+if( !empty($_GET['tokenEmail']) && !empty($_GET['username']) )
+{
+	checkGet($_GET);
+}
+
+
+// ============================================================================
+// POST Method
+// ============================================================================
+
+if( $_SERVER['REQUEST_METHOD'] == 'POST' )
+{
+	checkPost($_POST);
+}
+
+// ============================================================================
+// Main after POST
+// ============================================================================

admin/controllers/new-page.php

@@ -13,14 +13,6 @@ function addPage($args)
 	global $dbPages;
 	global $Language;
 
-	// Page status, published or draft.
-	if( isset($args['publish']) ) {
-		$args['status'] = "published";
-	}
-	else {
-		$args['status'] = "draft";
-	}
-
 	// Add the page.
 	if( $dbPages->add($args) )
 	{

admin/controllers/new-post.php

@@ -13,14 +13,6 @@ function addPost($args)
 	global $dbPosts;
 	global $Language;
 
-	// Page status, published or draft.
-	if( isset($args['publish']) ) {
-		$args['status'] = "published";
-	}
-	else {
-		$args['status'] = "draft";
-	}
-
 	// Add the page.
 	if( $dbPosts->add($args) )
 	{