SiteEditor.php

1. <?php
2.  
3. class SiteEditor {
4.     private $userPasswordHash;
5.     private $contentPath;
6.     private $post = array();
7.  
8.     public function __construct($userPasswordHash, $contentPath) {
9.         $this->userPasswordHash = strtolower($userPasswordHash);
10.         $this->contentPath = $contentPath;
11.         session_start();
12.     }
13.  
14.     public function handleRequest(array $post) {
15.         $this->post = $post;
16.         $this->assertLoggedIn();
17.         if($this->isRequestChangeContent()) {
18.             $this->changeContent();
19.         } elseif ($this->isRequestTypeChanges()) {
20.             $this->typeChanges();
21.         }
22.         $this->echoChooseSite();
23.     }
24.  
25.     private function getTxtFilesAsOptions() {
26.         $sites = '';
27.         foreach (glob($this->contentPath . '*.txt') as $site) {
28.             $site = substr($site, strrpos($site, '/') + 1);
29.             $sites.= '<option value="' . $site . '">' . $site . '</option>';
30.         }
31.         return $sites;
32.     }
33.  
34.     private function typeChanges() {
35.         $file = $this->contentPath . $this->form('file');
36.         $this->assertValidTxtFile($file);
37.         $content = $this->decodeContent($this->readFile($file));
38.         $this->echoTypeChangesPage($file, $content);
39.     }
40.  
41.     private function readFile($file) {
42.         if (($result = file_get_contents($file)) === false) {
43.             throw new RuntimeException('Error while reading file: ' . $file);
44.         }
45.         return $result;
46.     }
47.  
48.     private function decodeContent($content) {
49.         return str_replace('<br>', "\n", $content);
50.     }
51.  
52.     private function isRequestTypeChanges() {
53.         return $this->form('chooseSite') && $this->form('file');
54.     }
55.  
56.     private function changeContent() {
57.         $file = $this->contentPath . $this->form('file');
58.         $this->assertValidTxtFile($file);
59.         $content = $this->encodeContent($this->form('content'));
60.         $this->writeToFile($file, $content);
61.     }
62.  
63.     private function writeToFile($file, $content) {
64.         if (@file_put_contents($file, $content) === false) {
65.             throw new RuntimeException('Error while writing file: ' . $file);
66.         }
67.     }
68.  
69.     private function encodeContent($content) {
70.         $content = html_entity_decode($content, ENT_QUOTES);
71.         return str_replace(array("\r\n", "\n", "\r"), '<br>', $content);
72.     }
73.  
74.     private function assertValidTxtFile($file) {
75.         $file = str_replace('/', '_', $file);
76.         if ($this->isInvalidFile($file)) {
77.             throw new RuntimeException('Invalid file:' . $file);
78.         }
79.     }
80.  
81.     private function isInvalidFile($file) {
82.         return substr($file, -4) == '.txt' && is_file($file) && is_writable($file) && is_readable($file);
83.     }
84.  
85.     private function isRequestChangeContent() {
86.         return $this->form('changeContent') && $this->form('file') && $this->form('content');
87.     }
88.  
89.     private function assertLoggedIn() {
90.         if ($this->isLoggedIn()) {
91.             return;
92.         }
93.         if ($this->form('login')) {
94.             if ($this->validateLoginForm()) {
95.                 $this->login();
96.                 $this->post = array();
97.             } else {
98.                 throw new Exception('Invalid login data provided');
99.             }
100.         }
101.         $this->echoLoginPage();
102.     }
103.  
104.     private function login() {
105.         $_SESSION['login'] = true;
106.     }
107.  
108.     private function isLoggedIn() {
109.         return isset($_SESSION['login']);
110.     }
111.  
112.     private function validateLoginForm() {
113.         return
114.             $this->form('user') && $this->form('password') &&
115.             $this->validateHash($this->form('user'), $this->form('password'))
116.             ;
117.     }
118.  
119.     private function validateHash($user, $password) {
120.         return hash('sha512', $user . 'XX' . $password) == $this->userPasswordHash;
121.     }
122.  
123.     private function form($index) {
124.         return isset($this->post[$index]) ? $this->post[$index] : null;
125.     }
126.  
127.     private function echoLoginPage() {
128.         ?>
129.             <!-- I am a login page-->
130.             <form action="fsb.php" method="post"><input type="text" name="user"> <input type="password" name="password"><input type="submit" name="login" value="login"></form>
131.         <?php
132.         exit(0);
133.     }
134.  
135.     private function echoTypeChangesPage($file, $content) {
136.         ?>
137.             <!-- I am a site-editing page-->
138.             <form action="fsb.php" method="post">site: <?php echo $file ?> <input type="hidden" name="file" value="<?php echo $_POST['file'] ?>"><textarea name="content"><?php echo $content ?></textarea><input type="submit" name="changeContent" value="edit"></form>
139.         <?php
140.         exit(0);
141.     }
142.  
143.     private function echoChooseSite() {
144.         $sites = $this->getTxtFilesAsOptions();
145.         ?>
146.             <!-- I am a site-choosing page-->
147.             <form action="fsb.php" method="post"><select name="file"><?php echo $sites ?></select><input type="submit" name="chooseSite" value="next"></form>
148.         <?php
149.         exit(0);
150.     }
151. }