diff --git a/admin/links.php b/admin/links.php index 10272b0..c6a3295 100644 --- a/admin/links.php +++ b/admin/links.php @@ -9,6 +9,98 @@ if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'admin') { require_once __DIR__ . '/../db/config.php'; $pdo = db(); +// CSRF Protection +if (empty($_SESSION['csrf_token'])) { + $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); +} + +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + header('Content-Type: application/json'); + $response = ['success' => false, 'message' => 'Invalid request.']; + + if (!isset($_POST['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { + $response['message'] = 'CSRF token validation failed.'; + echo json_encode($response); + exit; + } + + $action = $_POST['action'] ?? ''; + $link_id = $_POST['link_id'] ?? null; + + if (!$link_id || !is_numeric($link_id)) { + $response['message'] = 'Invalid Link ID.'; + echo json_encode($response); + exit; + } + + switch ($action) { + case 'delete': + try { + $stmt = $pdo->prepare("DELETE FROM links WHERE id = ?"); + $stmt->execute([$link_id]); + if ($stmt->rowCount()) { + $response = ['success' => true, 'message' => 'Link deleted successfully.']; + } else { + $response['message'] = 'Link not found or could not be deleted.'; + } + } catch (PDOException $e) { + $response['message'] = 'Database error: ' . $e->getMessage(); + } + break; + + case 'toggle_status': + $current_status = $_POST['current_status'] ?? ''; + $new_status = ($current_status === 'paused') ? 'approved' : 'paused'; // Toggle between paused and approved + + try { + $stmt = $pdo->prepare("UPDATE links SET status = ? WHERE id = ?"); + $stmt->execute([$new_status, $link_id]); + if ($stmt->rowCount()) { + $response = ['success' => true, 'message' => 'Link status updated successfully to ' . $new_status . '.', 'new_status' => $new_status]; + } else { + $response['message'] = 'Link not found or status could not be updated.'; + } + } catch (PDOException $e) { + $response['message'] = 'Database error: ' . $e->getMessage(); + } + break; + + // Add 'edit' case later + case 'edit': + $title = trim($_POST['title'] ?? ''); + $url = trim($_POST['url'] ?? ''); + $description = trim($_POST['description'] ?? ''); + $subcategory_id = $_POST['subcategory_id'] ?? null; + $status = $_POST['status'] ?? 'pending'; + + if (empty($title) || empty($url) || !filter_var($url, FILTER_VALIDATE_URL) || !is_numeric($subcategory_id)) { + $response['message'] = 'Invalid input for editing link.'; + echo json_encode($response); + exit; + } + + try { + $stmt = $pdo->prepare("UPDATE links SET title = ?, url = ?, description = ?, subcategory_id = ?, status = ? WHERE id = ?"); + $stmt->execute([$title, $url, $description, $subcategory_id, $status, $link_id]); + if ($stmt->rowCount()) { + $response = ['success' => true, 'message' => 'Link updated successfully.']; + } else { + $response['message'] = 'Link not found or no changes made.'; + } + } catch (PDOException $e) { + $response['message'] = 'Database error: ' . $e->getMessage(); + } + break; + + default: + $response['message'] = 'Unknown action.'; + break; + } + + echo json_encode($response); + exit; +} + $links = $pdo->query("SELECT l.*, u.username, s.name as subcategory_name, c.name as category_name FROM links l JOIN users u ON l.user_id = u.id @@ -16,6 +108,8 @@ $links = $pdo->query("SELECT l.*, u.username, s.name as subcategory_name, c.name JOIN categories c ON s.category_id = c.id ORDER BY l.created_at DESC")->fetchAll(); +// Fetch subcategories for the edit form +$subcategories = $pdo->query("SELECT sc.id, sc.name AS subcategory_name, c.name AS category_name FROM subcategories sc JOIN categories c ON sc.category_id = c.id ORDER BY c.name, sc.name")->fetchAll(); ?> @@ -70,15 +164,17 @@ $links = $pdo->query("SELECT l.*, u.username, s.name as subcategory_name, c.name No links submitted yet. - - - ... - > + + + ... + > - + - + + + @@ -91,9 +187,149 @@ $links = $pdo->query("SELECT l.*, u.username, s.name as subcategory_name, c.name + + + + + + diff --git a/assets/css/custom.css b/assets/css/custom.css index 7f2a119..f3006f0 100644 --- a/assets/css/custom.css +++ b/assets/css/custom.css @@ -1,73 +1,87 @@ -/* --- Modern Japanese Retro Theme --- */ +/* --- Modern Japanese Retro Theme with more Pizazz --- */ :root { - --primary-color: #5A8D8D; /* Deep Teal */ - --accent-color: #D65A5A; /* Muted Red */ - --bg-light: #F8F8F8; /* Off-white background */ - --text-dark: #333333; - --text-light: #666666; - --border-color: #E0E0E0; - --shadow-light: rgba(0, 0, 0, 0.05); + --primary-color: #007bff; /* Vibrant Blue */ + --secondary-color: #ff4081; /* Pink Accent */ + --tertiary-color: #f0f2f5; /* Light Gray Background */ + --text-dark: #212529; + --text-medium: #495057; + --text-light: #ced4da; + --border-color: #dee2e6; + --shadow-light: rgba(0, 0, 0, 0.1); + --white: #ffffff; + --gradient-start: #e0f2f7; /* Light blue for gradient */ + --gradient-end: #f0f8ff; /* Lighter blue for gradient */ } body { font-family: 'Noto Sans JP', sans-serif; - background-color: var(--bg-light); + background: linear-gradient(to bottom right, var(--gradient-start), var(--gradient-end)); color: var(--text-dark); line-height: 1.6; + margin: 0; + padding: 0; + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; } .header { - background: var(--primary-color); - color: var(--bg-light); - padding: 20px 25px; + background: var(--white); + color: var(--primary-color); + padding: 10px 25px; display: flex; justify-content: space-between; align-items: center; - border-bottom: none; - box-shadow: 0 2px 4px var(--shadow-light); + border-bottom: 1px solid var(--border-color); + box-shadow: 0 2px 8px var(--shadow-light); } .header h1 { font-family: 'Zen Old Mincho', serif; - font-size: 2.8em; - color: var(--bg-light); + font-size: 2.5em; + color: var(--primary-color); margin: 0; - text-shadow: 1px 1px 2px rgba(0, 0, 0, 0.2); + text-shadow: 2px 2px 4px rgba(0,0,0,0.1); } .auth-links a { margin-left: 20px; - color: var(--bg-light); + color: var(--primary-color); text-decoration: none; - font-weight: 300; - transition: color 0.3s ease; + font-weight: 500; + transition: color 0.3s ease, transform 0.2s ease; } .auth-links a:hover { - color: var(--accent-color); + color: var(--secondary-color); + transform: translateY(-2px); } -.container { - background-color: #FFFFFF; - border: 1px solid var(--border-color); - box-shadow: 0 5px 15px var(--shadow-light); - border-radius: 8px; - overflow: hidden; /* For inner elements like category-list and content */ +.main-wrapper { + padding-top: 25px; /* Increased space below the header */ +} + +.content-section { + background-color: var(--white); + border-radius: 12px; + overflow: hidden; + margin-bottom: 30px; /* Increased space between sections */ + box-shadow: 0 4px 15px var(--shadow-light); + transition: all 0.3s ease; } .category-list { - background-color: #FAFAFA; - border-right: 1px solid var(--border-color); - padding: 20px; + background-color: var(--white); + padding: 25px; + border-bottom: 1px solid var(--border-color); } .category-list h3 { font-family: 'Zen Old Mincho', serif; - font-size: 1.8rem; + font-size: 1.7rem; color: var(--primary-color); - border-bottom: 2px solid var(--accent-color); - padding-bottom: 10px; + border-bottom: 3px solid var(--secondary-color); + padding-bottom: 12px; margin-bottom: 20px; } @@ -80,52 +94,56 @@ body { } .category-list .nav-link:hover { - color: var(--primary-color); + color: var(--secondary-color); transform: translateX(5px); } .content { padding: 25px; + background-color: var(--white); } .content h2 { font-family: 'Zen Old Mincho', serif; color: var(--primary-color); - border-bottom: 2px solid var(--border-color); - padding-bottom: 12px; + font-size: 2rem; + padding-bottom: 15px; margin-bottom: 25px; + border-bottom: 1px solid var(--border-color); } .link-item { margin-bottom: 20px; border: 1px solid var(--border-color); padding: 15px; - border-radius: 6px; - background-color: #FFFFFF; - transition: box-shadow 0.3s ease, transform 0.2s ease; + border-radius: 8px; + background-color: var(--white); + display: flex; + align-items: flex-start; + transition: box-shadow 0.3s ease, transform 0.3s ease; } .link-item:hover { - box-shadow: 0 8px 20px var(--shadow-light); - transform: translateY(-3px); + box-shadow: 0 8px 25px rgba(0, 0, 0, 0.15); + transform: translateY(-5px); } .link-item .thumbnail { - width: 150px; /* Slightly larger thumbnail */ - height: 100px; + width: 140px; + height: 90px; object-fit: cover; - border: 1px solid var(--border-color); + border-radius: 4px; margin-right: 20px; - float: left; + flex-shrink: 0; } .link-item-body { - overflow: hidden; + flex-grow: 1; } .link-item-title { - font-size: 1.3rem; + font-size: 1.25rem; font-weight: 700; margin-bottom: 5px; } @@ -137,13 +155,13 @@ body { } .link-item-title a:hover { - color: var(--accent-color); + color: var(--secondary-color); text-decoration: underline; } .link-item-url { font-size: 0.9rem; - color: var(--text-light); + color: var(--text-medium); margin-bottom: 8px; display: block; } @@ -157,8 +175,79 @@ body { text-align: center; padding: 25px 0; background-color: var(--primary-color); - color: var(--bg-light); + color: var(--white); font-size: 0.9rem; margin-top: 40px; - box-shadow: 0 -2px 4px var(--shadow-light); + box-shadow: 0 -2px 8px var(--shadow-light); +} + +/* Featured Section Styles */ +.featured-section { + background: linear-gradient(to bottom, #fff5e6, #ffe0b3); /* Warm gradient background */ + border-radius: 12px; + padding: 25px; + box-shadow: 0 4px 15px rgba(255, 160, 0, 0.1); + border: 1px solid #ffcc80; +} + +.featured-section h3 { + font-family: 'Zen Old Mincho', serif; + color: #e65100; /* Darker orange for heading */ + font-size: 1.6rem; + border-bottom: 3px solid #ff9800; /* Orange underline */ + padding-bottom: 10px; + margin-bottom: 20px; +} + +.featured-item { + background-color: var(--white); + border: 1px solid #ffecb3; + border-radius: 8px; + padding: 15px; + margin-bottom: 15px; + box-shadow: 0 2px 10px rgba(0, 0, 0, 0.05); + transition: transform 0.2s ease; +} + +.featured-item:hover { + transform: translateY(-3px); +} + +.featured-item h4 { + color: var(--primary-color); + font-size: 1.1rem; + margin-bottom: 8px; +} + +.featured-item p { + font-size: 0.9rem; + color: var(--text-medium); + margin-bottom: 12px; +} + +.featured-item .btn { + font-size: 0.85rem; + padding: 8px 15px; + border-radius: 5px; + transition: all 0.3s ease; +} + +.featured-item .btn-primary { + background-color: var(--primary-color); + border-color: var(--primary-color); +} + +.featured-item .btn-primary:hover { + background-color: #0056b3; + border-color: #0056b3; +} + +.featured-item .btn-secondary { + background-color: var(--secondary-color); + border-color: var(--secondary-color); +} + +.featured-item .btn-secondary:hover { + background-color: #c00c4e; + border-color: #c00c4e; } \ No newline at end of file diff --git a/db/apply_migrations.php b/db/apply_migrations.php new file mode 100644 index 0000000..48f0ac8 --- /dev/null +++ b/db/apply_migrations.php @@ -0,0 +1,58 @@ +exec(" + CREATE TABLE IF NOT EXISTS `migrations` ( + `id` INT AUTO_INCREMENT PRIMARY KEY, + `migration_name` VARCHAR(255) NOT NULL UNIQUE, + `applied_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP + ); + "); + + $migrationsDir = __DIR__ . '/migrations/'; + $migrationFiles = glob($migrationsDir . '*.sql'); + sort($migrationFiles); + + foreach ($migrationFiles as $file) { + $migrationName = basename($file); + + // Check if migration has already been applied + $stmt = $pdo->prepare("SELECT COUNT(*) FROM `migrations` WHERE `migration_name` = ?"); + $stmt->execute([$migrationName]); + if ($stmt->fetchColumn() > 0) { + echo "Skipping already applied migration: $migrationName +"; + continue; + } + + echo "Applying migration: $migrationName +"; + $sql = file_get_contents($file); + $pdo->exec($sql); + + // Record the applied migration + $stmt = $pdo->prepare("INSERT INTO `migrations` (`migration_name`) VALUES (?)"); + $stmt->execute([$migrationName]); + echo "Successfully applied migration: $migrationName +"; + } + + echo "All migrations applied. +"; + +} catch (PDOException $e) { + echo "Database error: " . $e->getMessage() . " +"; + exit(1); +} catch (Exception $e) { + echo "Error: " . $e->getMessage() . " +"; + exit(1); +} diff --git a/db/migrations/002_add_paused_status_to_links.sql b/db/migrations/002_add_paused_status_to_links.sql new file mode 100644 index 0000000..2948944 --- /dev/null +++ b/db/migrations/002_add_paused_status_to_links.sql @@ -0,0 +1 @@ +ALTER TABLE `links` MODIFY COLUMN `status` ENUM('pending', 'approved', 'rejected', 'paused') NOT NULL DEFAULT 'pending'; \ No newline at end of file diff --git a/index.php b/index.php index 4667bfe..c6479fa 100644 --- a/index.php +++ b/index.php @@ -92,9 +92,9 @@ $current_links = $link_stmt->fetchAll(); -
+
- +
- -
+ +

@@ -151,8 +151,25 @@ $current_links = $link_stmt->fetchAll();
+ + +
+ +
-
+