E.Noorlander/CodePress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restructure project for security and offline capability

Browse Source 
- Move content outside public web root for security
- Consolidate all code and assets in engine/ directory
- Download Bootstrap locally for offline functionality
- Update public/ to contain only entry point files
- Add router.php for PHP development server security
- Update README.md with new structure and setup instructions
- Block direct access to content files via URL
- Maintain clean separation between content and code
This commit is contained in:
Edwin Noorlander 2025-11-19 17:05:25 +01:00
parent 277f86346d
commit 494ae7dc3b
28 changed files with 2707 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@ -33,21 +33,30 @@ CodePress is a modern, secure CMS that manages content through files instead of
```
3. **Start server**:
```bash
php -S localhost:8000 -t public
# For Apache: Set DocumentRoot to public/
# For Development:
php -S localhost:8080 -t public router.php
```
4. **Visit**: `http://localhost:8000`
4. **Visit**: `http://localhost:8080`
## Project Structure
```
codepress/
├── public/ # Web-accessible directory
│ ├── content/ # Content files (MD/PHP/HTML)
│ ├── assets/ # Static assets (images, icons)
│ └── .htaccess # Security and routing
├── templates/ # HTML templates
├── config.php # Site configuration
├── index.php # Main application logic
├── public/ # Web-accessible directory (DocumentRoot)
│ ├── index.php # Main entry point
│ ├── .htaccess # Apache security and routing
│ └── router.php # PHP development server router
├── content/ # Content files (MD/PHP/HTML) - outside web root
├── engine/ # CMS engine and assets
│ ├── core/ # PHP application logic
│ │ ├── index.php # CMS class and logic
│ │ └── config.php # Site configuration
│ ├── templates/ # HTML templates
│ └── assets/ # Static assets (CSS, JS, fonts)
│ ├── css/ # Bootstrap and custom CSS
│ ├── js/ # JavaScript files
│ └── fonts/ # Font files
├── .htaccess # Root security
└── README.md # This documentation
```
@ -55,11 +64,13 @@ codepress/
## Security
CodePress includes built-in security features:
- **.htaccess protection** for sensitive files
- **PHP file blocking** in content directory
- **Content isolation** - Content files stored outside web root
- **.htaccess protection** for sensitive files and directories
- **Direct access blocking** - Content files not accessible via URL
- **Security headers** for XSS protection
- **PHP file blocking** in content directory
- **Offline capable** - All assets (Bootstrap) stored locally
- **Directory access control**
- **Public directory isolation**
## Content Management
@ -95,7 +106,7 @@ $date = date('Y-m-d');
### Directory Structure
```
public/content/
content/
├── home.md # Homepage
├── about/
│ └── company.md # About page
@ -115,7 +126,8 @@ Edit `config.php` to customize:
return [
'site_title' => 'Your Site Name',
'site_description' => 'Your site description',
'content_dir' => __DIR__ . '/public/content',
'content_dir' => __DIR__ . '/../../content',
'templates_dir' => __DIR__ . '/../templates',
'default_page' => 'home',
'markdown_enabled' => true,
'php_enabled' => true,
@ -148,7 +160,7 @@ This project is developed for specific use cases. Contact the maintainer for lic
## Support
- **Documentation**: See `public/content/home.md`
- **Documentation**: See `content/home.md`
- **Issues**: Report on GitLab
- **Community**: Join discussions

23
assets/favicon.svg
View File

@ -1,23 +0,0 @@
<svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
<defs>
<linearGradient id="codepress-gradient-small" x1="0%" y1="0%" x2="100%" y2="100%">
<stop offset="0%" style="stop-color:#0d6efd;stop-opacity:1" />
<stop offset="100%" style="stop-color:#6610f2;stop-opacity:1" />
</linearGradient>
</defs>
<!-- Background circle -->
<circle cx="8" cy="8" r="7.5" fill="url(#codepress-gradient-small)" stroke="#ffffff" stroke-width="0.5"/>
<!-- Code brackets -->
<path d="M4 5 L3 6 L3 10 L4 11" stroke="#ffffff" stroke-width="1" fill="none" stroke-linecap="round"/>
<path d="M12 5 L13 6 L13 10 L12 11" stroke="#ffffff" stroke-width="1" fill="none" stroke-linecap="round"/>
<!-- Code slash -->
<path d="M7 4 L9 12" stroke="#ffffff" stroke-width="1" stroke-linecap="round"/>
<!-- Press dots -->
<circle cx="6" cy="13" r="0.75" fill="#ffffff"/>
<circle cx="8" cy="13" r="0.75" fill="#ffffff"/>
<circle cx="10" cy="13" r="0.75" fill="#ffffff"/>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.0 KiB

23
assets/icon.svg
View File

@ -1,23 +0,0 @@
<svg width="32" height="32" viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg">
<defs>
<linearGradient id="codepress-gradient" x1="0%" y1="0%" x2="100%" y2="100%">
<stop offset="0%" style="stop-color:#0d6efd;stop-opacity:1" />
<stop offset="100%" style="stop-color:#6610f2;stop-opacity:1" />
</linearGradient>
</defs>
<!-- Background circle -->
<circle cx="16" cy="16" r="15" fill="url(#codepress-gradient)" stroke="#ffffff" stroke-width="1"/>
<!-- Code brackets -->
<path d="M8 10 L6 12 L6 20 L8 22" stroke="#ffffff" stroke-width="2" fill="none" stroke-linecap="round"/>
<path d="M24 10 L26 12 L26 20 L24 22" stroke="#ffffff" stroke-width="2" fill="none" stroke-linecap="round"/>
<!-- Code slash -->
<path d="M14 8 L18 24" stroke="#ffffff" stroke-width="2" stroke-linecap="round"/>
<!-- Press dots -->
<circle cx="12" cy="26" r="1.5" fill="#ffffff"/>
<circle cx="16" cy="26" r="1.5" fill="#ffffff"/>
<circle cx="20" cy="26" r="1.5" fill="#ffffff"/>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1018 B

0
public/content/blog/hardware/de-ware-aard-van-ict.md → content/blog/hardware/de-ware-aard-van-ict.md
View File

0
public/content/blog/ict/excel-als-database.md → content/blog/ict/excel-als-database.md
View File

0
public/content/blog/leren/kennis-boven-aantallen.md → content/blog/leren/kennis-boven-aantallen.md
View File

0
public/content/blog/linux/open-source-voorbeelden.md → content/blog/linux/open-source-voorbeelden.md
View File

0
public/content/blog/micro-electronica/leren-gaat-niet-over-perfectie.md → content/blog/micro-electronica/leren-gaat-niet-over-perfectie.md
View File

0
public/content/blog/micro-electronica/wat-is-arduino.md → content/blog/micro-electronica/wat-is-arduino.md
View File

0
public/content/blog/open-source/de-toekomst-van-ict.md → content/blog/open-source/de-toekomst-van-ict.md
View File

0
public/content/blog/open-source/standaardisatie.md → content/blog/open-source/standaardisatie.md
View File

0
public/content/blog/over-mij/welkom.md → content/blog/over-mij/welkom.md
View File

0
public/content/blog/retro-gaming/commodore-64.md → content/blog/retro-gaming/commodore-64.md
View File

0
public/content/home.md → content/home.md
View File

2078
engine/assets/css/bootstrap-icons.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

6
engine/assets/css/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

0
public/assets/favicon.svg → engine/assets/favicon.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 442 B

After

Width:  |  Height:  |  Size: 442 B

BIN
engine/assets/fonts/fonts/bootstrap-icons.woff Normal file
View File

Binary file not shown.

BIN
engine/assets/fonts/fonts/bootstrap-icons.woff2 Normal file
View File

Binary file not shown.

0
public/assets/icon.svg → engine/assets/icon.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 442 B

After

Width:  |  Height:  |  Size: 442 B

7
engine/assets/js/bootstrap.bundle.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

6
public/config.php → engine/core/config.php
View File

@ -4,9 +4,9 @@ return [
'site_title' => 'CodePress',
'site_description' => 'A simple PHP CMS',
'base_url' => '/',
'content_dir' => __DIR__ . '/content',
'templates_dir' => __DIR__ . '/templates',
'cache_dir' => __DIR__ . '/cache',
'content_dir' => __DIR__ . '/../../content',
'templates_dir' => __DIR__ . '/../templates',
'cache_dir' => __DIR__ . '/../../cache',
'default_page' => 'home',
'error_404' => '404',
'markdown_enabled' => true,

455
engine/core/index.php Normal file
View File

@ -0,0 +1,455 @@
<?php
require_once 'config.php';
$config = include 'config.php';
class CodePressCMS {
private $config;
private $menu = [];
private $searchResults = [];
public function __construct($config) {
$this->config = $config;
$this->buildMenu();
if (isset($_GET['search'])) {
$this->performSearch($_GET['search']);
}
}
private function buildMenu() {
$this->menu = $this->scanDirectory($this->config['content_dir'], '');
}
private function scanDirectory($dir, $prefix) {
if (!is_dir($dir)) return [];
$items = scandir($dir);
sort($items);
$result = [];
foreach ($items as $item) {
if ($item[0] === '.') continue;
$path = $dir . '/' . $item;
$relativePath = $prefix ? $prefix . '/' . $item : $item;
if (is_dir($path)) {
$result[] = [
'type' => 'folder',
'title' => ucfirst($item),
'path' => $relativePath,
'children' => $this->scanDirectory($path, $relativePath)
];
} elseif (preg_match('/\.(md|php|html)$/', $item)) {
$title = ucfirst(pathinfo($item, PATHINFO_FILENAME));
$result[] = [
'type' => 'file',
'title' => $title,
'path' => $relativePath,
'url' => '?page=' . $relativePath
];
}
}
return $result;
}
private function performSearch($query) {
$this->searchResults = [];
$this->searchInDirectory($this->config['content_dir'], '', $query);
}
private function searchInDirectory($dir, $prefix, $query) {
if (!is_dir($dir)) return;
$items = scandir($dir);
foreach ($items as $item) {
if ($item[0] === '.') continue;
$path = $dir . '/' . $item;
$relativePath = $prefix ? $prefix . '/' . $item : $item;
if (is_dir($path)) {
$this->searchInDirectory($path, $relativePath, $query);
} elseif (preg_match('/\.(md|php|html)$/', $item)) {
$content = file_get_contents($path);
if (stripos($content, $query) !== false || stripos($item, $query) !== false) {
$title = ucfirst(pathinfo($item, PATHINFO_FILENAME));
$this->searchResults[] = [
'title' => $title,
'path' => $relativePath,
'url' => '?page=' . $relativePath,
'snippet' => $this->createSnippet($content, $query)
];
}
}
}
}
private function createSnippet($content, $query) {
$content = strip_tags($content);
$pos = stripos($content, $query);
if ($pos === false) return substr($content, 0, 100) . '...';
$start = max(0, $pos - 50);
$snippet = substr($content, $start, 150);
return '...' . $snippet . '...';
}
public function getPage() {
if (isset($_GET['search'])) {
return $this->getSearchResults();
}
$page = $_GET['page'] ?? $this->config['default_page'];
$page = preg_replace('/\.[^.]+$/', '', $page);
$filePath = $this->config['content_dir'] . '/' . $page;
$actualFilePath = null;
if (file_exists($filePath . '.md')) {
$actualFilePath = $filePath . '.md';
$result = $this->parseMarkdown(file_get_contents($actualFilePath));
} elseif (file_exists($filePath . '.php')) {
$actualFilePath = $filePath . '.php';
$result = $this->parsePHP($actualFilePath);
} elseif (file_exists($filePath . '.html')) {
$actualFilePath = $filePath . '.html';
$result = $this->parseHTML(file_get_contents($actualFilePath));
} elseif (file_exists($filePath)) {
$actualFilePath = $filePath;
$extension = pathinfo($filePath, PATHINFO_EXTENSION);
if ($extension === 'md') {
$result = $this->parseMarkdown(file_get_contents($actualFilePath));
} elseif ($extension === 'php') {
$result = $this->parsePHP($actualFilePath);
} elseif ($extension === 'html') {
$result = $this->parseHTML(file_get_contents($actualFilePath));
}
}
if (isset($result) && $actualFilePath) {
$result['file_info'] = $this->getFileInfo($actualFilePath);
return $result;
}
return $this->getError404();
}
private function getFileInfo($filePath) {
if (!file_exists($filePath)) {
return null;
}
$stats = stat($filePath);
$created = date('d-m-Y H:i', $stats['ctime']);
$modified = date('d-m-Y H:i', $stats['mtime']);
return [
'created' => $created,
'modified' => $modified,
'size' => $this->formatFileSize($stats['size'])
];
}
private function formatFileSize($bytes) {
$units = ['B', 'KB', 'MB', 'GB'];
$bytes = max($bytes, 0);
$pow = floor(($bytes ? log($bytes) : 0) / log(1024));
$pow = min($pow, count($units) - 1);
$bytes /= pow(1024, $pow);
return round($bytes, 2) . ' ' . $units[$pow];
}
private function getSearchResults() {
$query = $_GET['search'];
$content = '<h2>Search Results for: "' . htmlspecialchars($query) . '"</h2>';
if (empty($this->searchResults)) {
$content .= '<p>No results found.</p>';
} else {
$content .= '<p>Found ' . count($this->searchResults) . ' results:</p>';
foreach ($this->searchResults as $result) {
$content .= '<div class="card mb-3">';
$content .= '<div class="card-body">';
$content .= '<h5 class="card-title"><a href="' . htmlspecialchars($result['url']) . '">' . htmlspecialchars($result['title']) . '</a></h5>';
$content .= '<p class="card-text text-muted">' . htmlspecialchars($result['path']) . '</p>';
$content .= '<p class="card-text">' . htmlspecialchars($result['snippet']) . '</p>';
$content .= '</div></div>';
}
}
return [
'title' => 'Search Results',
'content' => $content
];
}
private function parseMarkdown($content) {
$lines = explode("\n", $content);
$title = '';
$body = '';
$inBody = false;
foreach ($lines as $line) {
if (!$inBody && preg_match('/^#\s+(.+)$/', $line, $matches)) {
$title = $matches[1];
$inBody = true;
} elseif ($inBody || trim($line) !== '') {
$body .= $line . "\n";
$inBody = true;
}
}
$body = preg_replace('/### (.+)/', '<h3>$1</h3>', $body);
$body = preg_replace('/## (.+)/', '<h2>$1</h2>', $body);
$body = preg_replace('/# (.+)/', '<h1>$1</h1>', $body);
$body = preg_replace('/\*\*(.+?)\*\*/', '<strong>$1</strong>', $body);
$body = preg_replace('/\*(.+?)\*/', '<em>$1</em>', $body);
// Auto-link page titles to existing content pages (before markdown link processing)
$body = $this->autoLinkPageTitles($body);
// Convert Markdown links to HTML links
$body = preg_replace('/\[([^\]]+)\]\(([^)]+)\)/', '<a href="$2">$1</a>', $body);
// Convert relative internal links to CMS format
$body = preg_replace('/href="\/blog\/([^"]+)"/', 'href="?page=blog/$1"', $body);
$body = preg_replace('/href="\/([^"]+)"/', 'href="?page=$1"', $body);
$body = preg_replace('/\n\n/', '</p><p>', $body);
$body = '<p>' . $body . '</p>';
$body = preg_replace('/<p><\/p>/', '', $body);
$body = preg_replace('/<p>(<h[1-6]>)/', '$1', $body);
$body = preg_replace('/(<\/h[1-6]>)<\/p>/', '$1', $body);
return [
'title' => $title ?: 'Untitled',
'content' => $body
];
}
private function autoLinkPageTitles($content) {
// Get all available pages with their titles
$pages = $this->getAllPageTitles();
foreach ($pages as $pagePath => $pageTitle) {
// Create a pattern that matches the exact page title (case-insensitive)
// Use word boundaries to avoid partial matches
$pattern = '/\b' . preg_quote($pageTitle, '/') . '\b/i';
// Replace with link, but avoid linking inside existing links, headings, or markdown
$replacement = function($matches) use ($pageTitle, $pagePath) {
$text = $matches[0];
// Check if we're inside an existing link or markdown syntax
if (preg_match('/\[.*?\]\(.*?\)/', $text) ||
preg_match('/\[.*?\]:/', $text) ||
preg_match('/<a[^>]*>/', $text) ||
preg_match('/href=/', $text)) {
return $text; // Don't link existing links
}
return '<a href="?page=' . $pagePath . '" class="auto-link" title="Ga naar ' . htmlspecialchars($pageTitle) . '">' . $text . '</a>';
};
$content = preg_replace_callback($pattern, $replacement, $content);
}
return $content;
}
private function getAllPageTitles() {
$pages = [];
$this->scanForPageTitles($this->config['content_dir'], '', $pages);
return $pages;
}
private function scanForPageTitles($dir, $prefix, &$pages) {
if (!is_dir($dir)) return;
$items = scandir($dir);
sort($items);
foreach ($items as $item) {
if ($item[0] === '.') continue;
$path = $dir . '/' . $item;
$relativePath = $prefix ? $prefix . '/' . $item : $item;
if (is_dir($path)) {
$this->scanForPageTitles($path, $relativePath, $pages);
} elseif (preg_match('/\.(md|php|html)$/', $item)) {
$title = $this->extractPageTitle($path);
if ($title && !empty(trim($title))) {
$pagePath = preg_replace('/\.[^.]+$/', '', $relativePath);
$pages[$pagePath] = $title;
}
}
}
}
private function extractPageTitle($filePath) {
$content = file_get_contents($filePath);
$extension = pathinfo($filePath, PATHINFO_EXTENSION);
if ($extension === 'md') {
// Extract first H1 from Markdown
if (preg_match('/^#\s+(.+)$/m', $content, $matches)) {
return trim($matches[1]);
}
} elseif ($extension === 'php') {
// Extract title from PHP file
if (preg_match('/\$title\s*=\s*["\']([^"\']+)["\']/', $content, $matches)) {
return trim($matches[1]);
}
} elseif ($extension === 'html') {
// Extract title from HTML file
if (preg_match('/<title>(.*?)<\/title>/i', $content, $matches)) {
return trim(strip_tags($matches[1]));
}
if (preg_match('/<h1[^>]*>(.*?)<\/h1>/i', $content, $matches)) {
return trim(strip_tags($matches[1]));
}
}
return null;
}
private function parsePHP($filePath) {
ob_start();
$title = 'Untitled';
include $filePath;
$content = ob_get_clean();
return [
'title' => $title,
'content' => $content
];
}
private function parseHTML($content) {
$title = 'Untitled';
if (preg_match('/<title>(.*?)<\/title>/i', $content, $matches)) {
$title = strip_tags($matches[1]);
} elseif (preg_match('/<h1[^>]*>(.*?)<\/h1>/i', $content, $matches)) {
$title = strip_tags($matches[1]);
}
return [
'title' => $title,
'content' => $content
];
}
private function getError404() {
return [
'title' => 'Page Not Found',
'content' => '<h1>404 - Page Not Found</h1><p>The page you are looking for does not exist.</p>'
];
}
public function getMenu() {
return $this->menu;
}
public function render() {
$page = $this->getPage();
$menu = $this->getMenu();
$breadcrumb = $this->getBreadcrumb();
$template = file_get_contents($this->config['templates_dir'] . '/layout.html');
$template = str_replace('{{site_title}}', $this->config['site_title'], $template);
$template = str_replace('{{page_title}}', $page['title'], $template);
$template = str_replace('{{content}}', $page['content'], $template);
$template = str_replace('{{search_query}}', isset($_GET['search']) ? htmlspecialchars($_GET['search']) : '', $template);
$template = str_replace('{{breadcrumb}}', $breadcrumb, $template);
// File info for footer
$fileInfo = '';
if (isset($page['file_info'])) {
$fileInfo = '<i class="bi bi-file-text"></i> Created: ' . htmlspecialchars($page['file_info']['created']) .
' | Modified: ' . htmlspecialchars($page['file_info']['modified']);
}
$template = str_replace('{{file_info}}', $fileInfo, $template);
$menuHtml = $this->renderMenu($menu);
$template = str_replace('{{menu}}', $menuHtml, $template);
echo $template;
}
private function getBreadcrumb() {
if (isset($_GET['search'])) {
return '<nav aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item"><a href="?page=' . $this->config['default_page'] . '">Home</a></li><li class="breadcrumb-item active">Search</li></ol></nav>';
}
$page = $_GET['page'] ?? $this->config['default_page'];
$page = preg_replace('/\.[^.]+$/', '', $page);
if ($page === $this->config['default_page']) {
return '<nav aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item active">Home</li></ol></nav>';
}
$parts = explode('/', $page);
$breadcrumb = '<nav aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item"><a href="?page=' . $this->config['default_page'] . '">Home</a></li>';
$path = '';
foreach ($parts as $i => $part) {
$path .= ($path ? '/' : '') . $part;
$title = ucfirst($part);
if ($i === count($parts) - 1) {
$breadcrumb .= '<li class="breadcrumb-item active">' . $title . '</li>';
} else {
$breadcrumb .= '<li class="breadcrumb-item"><a href="?page=' . $path . '">' . $title . '</a></li>';
}
}
$breadcrumb .= '</ol></nav>';
return $breadcrumb;
}
private function renderMenu($items, $level = 0) {
$html = '';
foreach ($items as $item) {
if ($item['type'] === 'folder') {
$hasChildren = !empty($item['children']);
$html .= '<li class="nav-item">';
if ($hasChildren) {
$folderId = 'folder-' . str_replace('/', '-', $item['path']);
$html .= '<span class="nav-link folder-toggle" data-bs-toggle="collapse" data-bs-target="#' . $folderId . '" aria-expanded="false">';
$html .= '<i class="arrow bi bi-chevron-right"></i> ' . htmlspecialchars($item['title']);
$html .= '</span>';
$html .= '<ul class="nav flex-column ms-2 collapse" id="' . $folderId . '">';
$html .= $this->renderMenu($item['children'], $level + 1);
$html .= '</ul>';
} else {
$html .= '<span class="nav-link folder-disabled" disabled>';
$html .= '<i class="arrow bi bi-chevron-right"></i> ' . htmlspecialchars($item['title']);
$html .= '</span>';
}
$html .= '</li>';
} else {
$active = (isset($_GET['page']) && $_GET['page'] === $item['path']) ? 'active' : '';
$html .= '<li class="nav-item">';
$html .= '<a class="nav-link page-link ' . $active . '" href="' . htmlspecialchars($item['url']) . '">' . htmlspecialchars($item['title']) . '</a>';
$html .= '</li>';
}
}
return $html;
}
}
$cms = new CodePressCMS($config);
$cms->render();

107
public/templates/layout.html → engine/templates/layout.html
View File

@ -4,9 +4,9 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{{page_title}} - {{site_title}}</title>
<link rel="icon" type="image/svg+xml" href="assets/favicon.svg">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css" rel="stylesheet">
<link rel="icon" type="image/svg+xml" href="../engine/assets/favicon.svg">
<link href="../engine/assets/css/bootstrap.min.css" rel="stylesheet">
<link href="../engine/assets/css/bootstrap-icons.css" rel="stylesheet">
<style>
* {
margin: 0;
@ -21,27 +21,19 @@
body {
display: flex;
flex-direction: column;
height: 100vh;
overflow: hidden;
}
header {
flex-shrink: 0;
z-index: 1020;
min-height: 100vh;
}
.main-wrapper {
flex: 1;
display: flex;
overflow: hidden;
position: relative;
flex-direction: column;
}
.content-wrapper {
flex: 1;
display: flex;
overflow: hidden;
width: 100%;
}
.sidebar {
@ -50,25 +42,43 @@
border-right: 1px solid #dee2e6;
overflow-y: auto;
flex-shrink: 0;
transition: margin-left 0.3s ease;
height: 100%;
transition: transform 0.3s ease;
position: relative;
z-index: 1000;
}
.sidebar.collapsed {
margin-left: -250px;
transform: translateX(-250px);
}
.sidebar-toggle {
position: fixed;
top: 80px;
left: 10px;
z-index: 1001;
background-color: #0d6efd;
color: white;
border: none;
border-radius: 5px;
padding: 8px 12px;
cursor: pointer;
box-shadow: 0 2px 5px rgba(0,0,0,0.2);
transition: all 0.3s ease;
}
.sidebar-toggle:hover {
background-color: #0a58ca;
transform: scale(1.05);
}
.sidebar-toggle.shifted {
left: 270px;
}
.main-content.shifted {
margin-left: 0;
}
.main-content {
flex: 1;
overflow-y: auto;
padding: 20px;
height: 100%;
}
footer {
flex-shrink: 0;
z-index: 1020;
background-color: #f8f9fa;
transition: margin-left 0.3s ease;
}
.folder-toggle {
@ -176,6 +186,26 @@
font-size: 0.9rem;
color: #6c757d;
}
.site-info a {
color: #0d6efd;
text-decoration: none;
}
.site-info a:hover {
text-decoration: underline;
}
.auto-link {
color: #0d6efd;
text-decoration: none;
border-bottom: 2px dashed #0d6efd;
font-weight: 500;
transition: all 0.2s ease;
}
.auto-link:hover {
color: #0a58ca;
text-decoration: none;
border-bottom-style: solid;
border-bottom-color: #0a58ca;
}
.search-form {
max-width: 300px;
}
@ -211,16 +241,13 @@
</style>
</head>
<body>
<header class="bg-primary text-white py-3">
<header class="bg-primary text-white py-3">
<div class="container-fluid">
<div class="row align-items-center">
<div class="col">
<div class="d-flex align-items-center">
<button class="btn btn-link text-white p-0 me-3" id="sidebarToggle">
<i class="bi bi-list fs-4"></i>
</button>
<img src="assets/icon.svg" alt="CodePress Logo" width="32" height="32" class="me-2">
<h1 class="h3 mb-0">CodePress</h1>
<img src="../engine/assets/icon.svg" alt="CodePress Logo" width="32" height="32" class="me-2">
<h1 class="h3 mb-0">{{site_title}}</h1>
</div>
</div>
<div class="col-auto">
@ -235,6 +262,9 @@
<div class="main-wrapper">
<div class="content-wrapper">
<button class="sidebar-toggle" id="sidebarToggle">
<i class="bi bi-list"></i>
</button>
<nav class="sidebar" id="sidebar">
<div class="pt-3">
<ul class="nav flex-column">
@ -266,7 +296,7 @@
{{file_info}}
</div>
<div class="site-info">
<small class="text-muted">Powered by <a href="https://git.noorlander.info/E.Noorlander/CodePress" target="_blank" rel="noopener">CodePress CMS</a> / <a href="https://noorlander.info" target="_blank" rel="noopener">E.Noorlander</a></small>
<small class="text-muted">Powered by <a href="https://git.noorlander.info/E.Noorlander/CodePress.git" target="_blank" rel="noopener">CodePress CMS</a></small>
</div>
</div>
</div>
@ -274,15 +304,28 @@
</div>
</footer>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
<script src="../engine/assets/js/bootstrap.bundle.min.js"></script>
<script>
document.addEventListener('DOMContentLoaded', function() {
// Sidebar toggle functionality
const sidebarToggle = document.getElementById('sidebarToggle');
const sidebar = document.getElementById('sidebar');
const mainContent = document.querySelector('.main-content');
sidebarToggle.addEventListener('click', function() {
sidebar.classList.toggle('collapsed');
mainContent.classList.toggle('shifted');
sidebarToggle.classList.toggle('shifted');
// Change icon
const icon = this.querySelector('i');
if (sidebar.classList.contains('collapsed')) {
icon.classList.remove('bi-list');
icon.classList.add('bi-chevron-right');
} else {
icon.classList.remove('bi-chevron-right');
icon.classList.add('bi-list');
}
});
// Open folders that contain the current active page

6
public/.htaccess
View File

@ -44,10 +44,8 @@
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^assets/.*$ - [L]
# Allow access to content files (except PHP)
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} !\.php$
RewriteRule ^content/.*$ - [L]
# Block direct access to all content files
RewriteRule ^content/.*$ - [F,L]
</IfModule>
# Security headers

12
public/index.php
View File

@ -1,8 +1,8 @@
<?php
require_once 'config.php';
require_once __DIR__ . '/../engine/core/config.php';
$config = include 'config.php';
$config = include __DIR__ . '/../engine/core/config.php';
class CodePressCMS {
private $config;
@ -437,5 +437,13 @@ class CodePressCMS {
}
}
// Block direct access to content files
$requestUri = $_SERVER['REQUEST_URI'];
if (strpos($requestUri, '/content/') !== false) {
http_response_code(403);
echo '<h1>403 - Forbidden</h1><p>Direct access to content files is not allowed.</p>';
exit;
}
$cms = new CodePressCMS($config);
$cms->render();

31
public/router.php Normal file
View File

@ -0,0 +1,31 @@
<?php
// Router file for PHP development server to handle security
$requestUri = $_SERVER['REQUEST_URI'];
$parsedUrl = parse_url($requestUri);
$path = $parsedUrl['path'];
// Block direct access to content directory
if (strpos($path, '/content/') === 0) {
http_response_code(403);
echo '<h1>403 - Forbidden</h1><p>Direct access to content files is not allowed.</p>';
return true;
}
// Block access to sensitive files
$sensitiveFiles = ['.htaccess', 'config.php'];
foreach ($sensitiveFiles as $file) {
if (basename($path) === $file && dirname($path) === '/') {
http_response_code(403);
echo '<h1>403 - Forbidden</h1><p>Access to this file is not allowed.</p>';
return true;
}
}
// Serve static files from engine/assets
if (strpos($path, '/engine/') === 0 && file_exists(__DIR__ . $path)) {
return false; // Let PHP server serve the file
}
// Route all other requests to index.php
return false; // Let PHP server handle routing to index.php

13
server.log Normal file
View File

@ -0,0 +1,13 @@
[Wed Nov 19 16:58:13 2025] PHP 8.4.14 Development Server (http://localhost:8080) started
[Wed Nov 19 16:58:22 2025] [::1]:43444 Accepted
[Wed Nov 19 16:58:22 2025] [::1]:43444 [200]: GET /
[Wed Nov 19 16:58:22 2025] [::1]:43444 Closing
[Wed Nov 19 16:58:26 2025] [::1]:59122 Accepted
[Wed Nov 19 16:58:26 2025] [::1]:59122 [200]: GET /content/home.md
[Wed Nov 19 16:58:26 2025] [::1]:59122 Closing
[Wed Nov 19 16:58:30 2025] [::1]:59138 Accepted
[Wed Nov 19 16:58:30 2025] [::1]:59138 [200]: GET /content/home.md
[Wed Nov 19 16:58:30 2025] [::1]:59138 Closing
[Wed Nov 19 16:59:06 2025] [::1]:38150 Accepted
[Wed Nov 19 16:59:06 2025] [::1]:38150 [200]: GET /content/home.md
[Wed Nov 19 16:59:06 2025] [::1]:38150 Closing