Update admin_posts.php
This commit is contained in:
@@ -5,9 +5,17 @@ session_start();
|
||||
Admin Posts Panel for Mediakor
|
||||
------------------------------
|
||||
- Protect this file (admin password below, and ideally via IP/HTTP auth).
|
||||
- Requires the `posts` table as described in index.php:
|
||||
- Uses database from your Docker stack:
|
||||
|
||||
CREATE TABLE posts (
|
||||
DB:
|
||||
host: mariadb
|
||||
name: appdb
|
||||
user: appuser
|
||||
pass: apppass
|
||||
|
||||
- On first successful connection it will ensure the "posts" table exists:
|
||||
|
||||
CREATE TABLE IF NOT EXISTS posts (
|
||||
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
|
||||
title VARCHAR(255) NOT NULL,
|
||||
meta VARCHAR(255) DEFAULT NULL,
|
||||
@@ -18,16 +26,16 @@ session_start();
|
||||
*/
|
||||
|
||||
// --- ADMIN CONFIG ---
|
||||
// !! CHANGE THIS PASSWORD !!
|
||||
// !! CHANGE THIS PASSWORD OR SET MK_ADMIN_PASSWORD IN ENV !!
|
||||
$adminPassword = $_ENV['MK_ADMIN_PASSWORD'] ?? 'change_this_password';
|
||||
|
||||
// --- DB CONFIG (match index.php) ---
|
||||
// --- DB CONFIG (matches your docker-compose) ---
|
||||
$dbHost = $_ENV['DB_HOST'] ?? 'mariadb';
|
||||
$dbName = $_ENV['DB_NAME'] ?? 'appdb';
|
||||
$dbUser = $_ENV['DB_USER'] ?? 'appuser';
|
||||
$dbPass = $_ENV['DB_PASS'] ?? 'apppass';
|
||||
|
||||
$pdo = null;
|
||||
$pdo = null;
|
||||
$dbError = null;
|
||||
$message = null;
|
||||
|
||||
@@ -48,6 +56,39 @@ function h($v) {
|
||||
return htmlspecialchars((string)$v, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
|
||||
}
|
||||
|
||||
/**
|
||||
* Connect to appdb and ensure the posts table exists.
|
||||
*/
|
||||
function mk_get_pdo_and_bootstrap_admin(&$dbErrorOut = null) {
|
||||
global $dbHost, $dbName, $dbUser, $dbPass;
|
||||
|
||||
try {
|
||||
// Connect directly to the DB you set in MYSQL_DATABASE (appdb)
|
||||
$dsn = "mysql:host={$dbHost};dbname={$dbName};charset=utf8mb4";
|
||||
$pdo = new PDO($dsn, $dbUser, $dbPass, [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
]);
|
||||
|
||||
// Ensure posts table exists
|
||||
$pdo->exec("
|
||||
CREATE TABLE IF NOT EXISTS posts (
|
||||
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
|
||||
title VARCHAR(255) NOT NULL,
|
||||
meta VARCHAR(255) DEFAULT NULL,
|
||||
body TEXT NOT NULL,
|
||||
is_published TINYINT(1) NOT NULL DEFAULT 1,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
");
|
||||
|
||||
return $pdo;
|
||||
} catch (PDOException $e) {
|
||||
$dbErrorOut = $e->getMessage();
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// --- Handle login / logout ---
|
||||
if (isset($_GET['logout'])) {
|
||||
unset($_SESSION['mk_admin_logged_in']);
|
||||
@@ -67,17 +108,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login_password'])) {
|
||||
|
||||
$loggedIn = !empty($_SESSION['mk_admin_logged_in']);
|
||||
|
||||
// Connect to DB once logged in
|
||||
// Connect once logged in and ensure table exists
|
||||
if ($loggedIn) {
|
||||
try {
|
||||
$dsn = "mysql:host={$dbHost};dbname={$dbName};charset=utf8mb4";
|
||||
$pdo = new PDO($dsn, $dbUser, $dbPass, [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
]);
|
||||
} catch (PDOException $e) {
|
||||
$dbError = $e->getMessage();
|
||||
}
|
||||
$pdo = mk_get_pdo_and_bootstrap_admin($dbError);
|
||||
}
|
||||
|
||||
// --- Handle CRUD actions ---
|
||||
@@ -157,7 +190,7 @@ if ($loggedIn && $pdo && isset($_GET['delete'], $_GET['token'])) {
|
||||
}
|
||||
|
||||
// Fetch posts + maybe a single post to edit
|
||||
$posts = [];
|
||||
$posts = [];
|
||||
$editPost = null;
|
||||
|
||||
if ($loggedIn && $pdo) {
|
||||
@@ -331,6 +364,7 @@ if ($loggedIn && $pdo) {
|
||||
}
|
||||
|
||||
input[type="text"],
|
||||
input[type="password"],
|
||||
textarea{
|
||||
width:100%;
|
||||
border-radius:10px;
|
||||
|
||||
Reference in New Issue
Block a user