shimmie2/ext/admin/main.php

<?php

declare(strict_types=1);

namespace Shimmie2;

/**
 * Sent when the admin page is ready to be added to
 */
class AdminBuildingEvent extends Event
{
    public Page $page;

    public function __construct(Page $page)
    {
        parent::__construct();
        $this->page = $page;
    }
}

class AdminActionEvent extends Event
{
    public string $action;
    public bool $redirect = true;

    public function __construct(string $action)
    {
        parent::__construct();
        $this->action = $action;
    }
}

class AdminPage extends Extension
{
    /** @var AdminPageTheme */
    protected Themelet $theme;

    public function onPageRequest(PageRequestEvent $event)
    {
        global $database, $page, $user;

        if ($event->page_matches("admin")) {
            if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
                $this->theme->display_permission_denied();
            } else {
                if ($event->count_args() == 0) {
                    send_event(new AdminBuildingEvent($page));
                } else {
                    $action = $event->get_arg(0);
                    $aae = new AdminActionEvent($action);

                    if ($user->check_auth_token()) {
                        log_info("admin", "Util: $action");
                        shm_set_timeout(null);
                        $database->set_timeout(null);
                        send_event($aae);
                    }

                    if ($aae->redirect) {
                        $page->set_mode(PageMode::REDIRECT);
                        $page->set_redirect(make_link("admin"));
                    }
                }
            }
        }
    }

    public function onCommand(CommandEvent $event)
    {
        if ($event->cmd == "help") {
            print "\tget-page <query string>\n";
            print "\t\teg 'get-page post/list'\n\n";
            print "\tpost-page <query string> <urlencoded params>\n";
            print "\t\teg 'post-page ip_ban/delete id=1'\n\n";
            print "\tget-token\n";
            print "\t\tget a CSRF auth token\n\n";
            print "\tregen-thumb <id / hash>\n";
            print "\t\tregenerate a thumbnail\n\n";
            print "\tcache [get|set|del] [key] <value>\n";
            print "\t\teg 'cache get config'\n\n";
        }
        if ($event->cmd == "get-page") {
            global $page;
            $_SERVER['REQUEST_URI'] = $event->args[0];
            if (isset($event->args[1])) {
                parse_str($event->args[1], $_GET);
                $_SERVER['REQUEST_URI'] .= "?" . $event->args[1];
            }
            send_event(new PageRequestEvent("GET", $event->args[0]));
            $page->display();
        }
        if ($event->cmd == "post-page") {
            global $page;
            if (isset($event->args[1])) {
                parse_str($event->args[1], $_POST);
            }
            send_event(new PageRequestEvent("POST", $event->args[0]));
            $page->display();
        }
        if ($event->cmd == "get-token") {
            global $user;
            print($user->get_auth_token());
        }
        if ($event->cmd == "regen-thumb") {
            $uid = $event->args[0];
            $image = Image::by_id_or_hash($uid);
            if ($image) {
                send_event(new ThumbnailGenerationEvent($image->hash, $image->get_mime(), true));
            } else {
                print("No post with ID '$uid'\n");
            }
        }
        if ($event->cmd == "cache") {
            global $cache;
            $cmd = $event->args[0];
            $key = $event->args[1];
            switch ($cmd) {
                case "get":
                    var_export($cache->get($key));
                    break;
                case "set":
                    $cache->set($key, $event->args[2], 60);
                    break;
                case "del":
                    $cache->delete($key);
                    break;
            }
        }
    }

    public function onAdminBuilding(AdminBuildingEvent $event)
    {
        $this->theme->display_page();
    }

    public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)
    {
        global $user;
        if ($event->parent === "system") {
            if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
                $event->add_nav_link("admin", new Link('admin'), "Board Admin");
            }
        }
    }

    public function onUserBlockBuilding(UserBlockBuildingEvent $event)
    {
        global $user;
        if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
            $event->add_link("Board Admin", make_link("admin"));
        }
    }
}
new php-cs-fixer 2021-12-14 18:32:47 +00:00			`<?php`

			`declare(strict_types=1);`
lots of extension docs 2010-01-05 10:11:53 +00:00
Namespaces are one honking great idea—let's do more of those! 2023-01-10 22:44:09 +00:00			`namespace Shimmie2;`

docs 2009-07-21 03:18:40 +00:00			`/**`
Initial import, 2.0rc1 git-svn-id: file:///home/shish/svn/shimmie2/trunk@1 7f39781d-f577-437e-ae19-be835c7a54ca 2007-04-16 11:58:25 +00:00			`* Sent when the admin page is ready to be added to`
			`*/`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`class AdminBuildingEvent extends Event`
			`{`
drop php7.3 support, make use of 7.4 features 2021-03-14 23:43:50 +00:00			`public Page $page;`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00
			`public function __construct(Page $page)`
			`{`
use strict types 2020-01-26 13:19:35 +00:00			`parent::__construct();`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`$this->page = $page;`
			`}`
Initial import, 2.0rc1 git-svn-id: file:///home/shish/svn/shimmie2/trunk@1 7f39781d-f577-437e-ae19-be835c7a54ca 2007-04-16 11:58:25 +00:00			`}`
admin page themed git-svn-id: file:///home/shish/svn/shimmie2/trunk@323 7f39781d-f577-437e-ae19-be835c7a54ca 2007-07-19 12:08:42 +00:00
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`class AdminActionEvent extends Event`
			`{`
drop php7.3 support, make use of 7.4 features 2021-03-14 23:43:50 +00:00			`public string $action;`
			`public bool $redirect = true;`
Fixing more PHP Doc related issues. 2014-04-27 23:29:36 +00:00
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`public function __construct(string $action)`
			`{`
use strict types 2020-01-26 13:19:35 +00:00			`parent::__construct();`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`$this->action = $action;`
			`}`
admin wibbles 2012-03-10 12:57:13 +00:00			`}`

PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`class AdminPage extends Extension`
			`{`
use strict types 2020-01-26 13:19:35 +00:00			`/** @var AdminPageTheme */`
always have a Themelet, never null 2023-06-27 14:56:49 +00:00			`protected Themelet $theme;`
use strict types 2020-01-26 13:19:35 +00:00
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`public function onPageRequest(PageRequestEvent $event)`
			`{`
manual timeouts 2023-06-25 13:19:02 +00:00			`global $database, $page, $user;`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00
			`if ($event->page_matches("admin")) {`
Permissions to constants 2019-07-09 14:10:21 +00:00			`if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`$this->theme->display_permission_denied();`
			`} else {`
			`if ($event->count_args() == 0) {`
			`send_event(new AdminBuildingEvent($page));`
			`} else {`
			`$action = $event->get_arg(0);`
			`$aae = new AdminActionEvent($action);`

			`if ($user->check_auth_token()) {`
			`log_info("admin", "Util: $action");`
manual timeouts 2023-06-25 13:19:02 +00:00			`shm_set_timeout(null);`
Allow db->set_timeout(null) to disable DB timeouts, see #874 2021-09-22 14:42:41 +00:00			`$database->set_timeout(null);`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`send_event($aae);`
			`}`

			`if ($aae->redirect) {`
PageMode constants 2019-06-19 01:58:28 +00:00			`$page->set_mode(PageMode::REDIRECT);`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`$page->set_redirect(make_link("admin"));`
			`}`
			`}`
			`}`
			`}`
			`}`

			`public function onCommand(CommandEvent $event)`
			`{`
			`if ($event->cmd == "help") {`
by_id_or_hash for more elegant CLI use 2019-10-04 19:48:21 +00:00			`print "\tget-page <query string>\n";`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`print "\t\teg 'get-page post/list'\n\n";`
get-token and post-page 2019-11-27 16:10:12 +00:00			`print "\tpost-page <query string> <urlencoded params>\n";`
			`print "\t\teg 'post-page ip_ban/delete id=1'\n\n";`
			`print "\tget-token\n";`
			`print "\t\tget a CSRF auth token\n\n";`
by_id_or_hash for more elegant CLI use 2019-10-04 19:48:21 +00:00			`print "\tregen-thumb <id / hash>\n";`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`print "\t\tregenerate a thumbnail\n\n";`
cache CLI 2020-01-30 21:05:59 +00:00			`print "\tcache [get\|set\|del] [key] <value>\n";`
			`print "\t\teg 'cache get config'\n\n";`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`}`
			`if ($event->cmd == "get-page") {`
			`global $page;`
argh args 2020-10-26 17:33:40 +00:00			`$_SERVER['REQUEST_URI'] = $event->args[0];`
formatting 2019-12-15 15:31:44 +00:00			`if (isset($event->args[1])) {`
			`parse_str($event->args[1], $_GET);`
argh args 2020-10-26 17:33:40 +00:00			`$_SERVER['REQUEST_URI'] .= "?" . $event->args[1];`
formatting 2019-12-15 15:31:44 +00:00			`}`
Separate out GET and POST more explicitly - No longer allow uploading directly via GET, that is terrible for security. Instead, use the GET parameters to pre-fill the upload form. - PageRequestEvent has a `method` property that can be checked in extensions 2024-01-01 02:32:13 +00:00			`send_event(new PageRequestEvent("GET", $event->args[0]));`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`$page->display();`
			`}`
get-token and post-page 2019-11-27 16:10:12 +00:00			`if ($event->cmd == "post-page") {`
			`global $page;`
formatting 2019-12-15 15:31:44 +00:00			`if (isset($event->args[1])) {`
			`parse_str($event->args[1], $_POST);`
			`}`
Separate out GET and POST more explicitly - No longer allow uploading directly via GET, that is terrible for security. Instead, use the GET parameters to pre-fill the upload form. - PageRequestEvent has a `method` property that can be checked in extensions 2024-01-01 02:32:13 +00:00			`send_event(new PageRequestEvent("POST", $event->args[0]));`
get-token and post-page 2019-11-27 16:10:12 +00:00			`$page->display();`
			`}`
			`if ($event->cmd == "get-token") {`
			`global $user;`
			`print($user->get_auth_token());`
			`}`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`if ($event->cmd == "regen-thumb") {`
by_id_or_hash for more elegant CLI use 2019-10-04 19:48:21 +00:00			`$uid = $event->args[0];`
			`$image = Image::by_id_or_hash($uid);`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`if ($image) {`
The great MIMEing 2020-06-14 16:05:55 +00:00			`send_event(new ThumbnailGenerationEvent($image->hash, $image->get_mime(), true));`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`} else {`
by_id_or_hash for more elegant CLI use 2019-10-04 19:48:21 +00:00			`print("No post with ID '$uid'\n");`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`}`
			`}`
cache CLI 2020-01-30 21:05:59 +00:00			`if ($event->cmd == "cache") {`
			`global $cache;`
			`$cmd = $event->args[0];`
			`$key = $event->args[1];`
			`switch ($cmd) {`
			`case "get":`
var_export is nicer than print_r 2023-02-08 00:54:13 +00:00			`var_export($cache->get($key));`
cache CLI 2020-01-30 21:05:59 +00:00			`break;`
			`case "set":`
			`$cache->set($key, $event->args[2], 60);`
			`break;`
			`case "del":`
			`$cache->delete($key);`
			`break;`
			`}`
			`}`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`}`

			`public function onAdminBuilding(AdminBuildingEvent $event)`
			`{`
			`$this->theme->display_page();`
			`}`

Implemented a nav link generating system so that extension power what shows up in the menus rather than being hard-coded in the themes. 2019-08-02 19:54:48 +00:00			`public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)`
			`{`
			`global $user;`
bumps 2023-11-11 21:49:12 +00:00			`if ($event->parent === "system") {`
Implemented a nav link generating system so that extension power what shows up in the menus rather than being hard-coded in the themes. 2019-08-02 19:54:48 +00:00			`if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {`
			`$event->add_nav_link("admin", new Link('admin'), "Board Admin");`
			`}`
			`}`
			`}`

PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`public function onUserBlockBuilding(UserBlockBuildingEvent $event)`
			`{`
			`global $user;`
Permissions to constants 2019-07-09 14:10:21 +00:00			`if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`$event->add_link("Board Admin", make_link("admin"));`
			`}`
			`}`
Initial import, 2.0rc1 git-svn-id: file:///home/shish/svn/shimmie2/trunk@1 7f39781d-f577-437e-ae19-be835c7a54ca 2007-04-16 11:58:25 +00:00			`}`