1 (edited by tovic 2014-02-21 08:38:24)

Topic: Admin Plugin for Morfy CMS


This plugin actually doesn’t do anything much, but I think it’s needed to simplify all of the other possible plugins that is related to administration. Like this one. Thinking that it would be easier to users if they can have a “one-time login authentication for all required login pages and plugins” related to administration things.


1. Download and extract this file, put the admin folder with its contents in plugins folder.

2. Update your config.php file:

    return array(
        'plugins' => array(
            'admin' // <= Activation
        'admin_config' => array( // <= Configuration
            'username' => 'admin', // <= Change with your username
            'password' => 'test123', // <= Change with your password
            'classes' => array( // <= List of item's HTML classes
                'page_login' => 'page-login',
                'page_logout' => 'page-logout',
                'page_wrapper' => 'page-wrapper',
                'message' => 'message',
                'error' => 'error',
                'success' => 'success'
            'labels' => array( // <= List of item's readable text or labels
                'username' => 'Username',
                'password' => 'Password',
                'login' => 'Login',
                'logout' => 'Logout',
                'title_login' => 'Administrator',
                'title_logout' => 'Administrator',
                'message_logged_in' => 'You are logged in.',
                'message_logged_out' => 'You are logged out.',
                'message_error_invalid' => 'Invalid username or password.',
                'message_error_required' => 'Please fill out the login form.',
                'message_error_token' => 'Invalid token.'

Change the value of username and password as you wish. Finish. You can access the login and logout page via this URL:


If the login is success, then this plugin will automatically insert new global variable called Morfy::$config['logged_in']

You can use it as a conditional check to display something that can only be viewed by the administrator:

if(Morfy::$config['logged_in']) {
    echo '<p>You are logged in.</p>';

I’ve checked the possibility of security holes in the system as I can. Please tell me if there is any problem with the security.

XSS Testing <script>alert('HIYAA!!!');</script>

tovic's Website

Re: Admin Plugin for Morfy CMS

Nice plugin tovic i can use to make panel like kirby panel  or something,

Note: In developer mode i obtain undefined index but i solve the problem width.

    $foo  = isset($config['labels']['foo']) ?  $config['labels']['foo'] : null;
..::: Moncho Varela ::::..   ..::: @Nakome ::::..   ..::: Github ::::..

nakome's Website

Re: Admin Plugin for Morfy CMS

Do you think… it would be better if I make a fallback option with particular value inside the plugin if some options is not defined? If so, maybe I’ll need a little extra work to make an error-free plugin. I don’t know, but sometimes I feel this is too excessive to be implemented into a simple CMS.

PS: Please update your plugin in this line to solve this problem → https://github.com/Awilum/morfy-cms/issues/9

Morfy::factory()->addAction('before_render', function() {
    header($_SERVER['SERVER_PROTOCOL'].' 200 OK'); // <= add this
    // Configuration data
    $config = Morfy::$config['admin_config'];
XSS Testing <script>alert('HIYAA!!!');</script>

tovic's Website

Re: Admin Plugin for Morfy CMS

With this plugin i see many  posibilities, with

    // Go to admin
    if((rtrim(Morfy::factory()->getUrl(), '/') == 'admin') or (Morfy::$config['logged_in'])) {
        include PLUGINS_PATH . '/admin/views/index.php';

And in header.php  include.

        // or header('location:''.Morfy::$config['site_url'].'/admin/login');
    $redirect = '<script>location.href="'.Morfy::$config['site_url'].'/admin/login"</script>';
    if ( ! Morfy::$config['logged_in']) exit($redirect); 

Nice job bro wink

..::: Moncho Varela ::::..   ..::: @Nakome ::::..   ..::: Github ::::..

nakome's Website

Re: Admin Plugin for Morfy CMS


XSS Testing <script>alert('HIYAA!!!');</script>

tovic's Website