Build shared-hosting news site with ad flow and themes#30
Build shared-hosting news site with ad flow and themes#30
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if ($article['status'] !== 'public' && $_POST['status'] === 'public') { | ||
| require_once __DIR__ . '/../app/lib/telegram.php'; | ||
| sendTelegramMessage('Bài mới: '.$_POST['title'].' - '.BASE_URL.'/'.$slug); |
There was a problem hiding this comment.
When changing a draft to public, the code attempts to require_once __DIR__ . '/../app/lib/telegram.php', but that path does not exist (only public_html/lib/telegram.php is present). PHP will raise a fatal error before redirecting or sending notifications, so saving an edit that promotes a post to public currently 500s instead of completing.
Useful? React with 👍 / 👎.
| if (!rate_limit($event, $slug, $window)) { echo json_encode(['ok'=>false,'rate_limited'=>true]); exit; } | ||
| log_event($event, $slug, $token); | ||
| if ($event==='ad_click') { require_once __DIR__ . '/../app/lib/telegram.php'; queue_click_notify(1); flush_telegram_queue(); } |
There was a problem hiding this comment.
The ad click endpoint pulls in ../app/lib/telegram.php, but that file is not in the repo (the Telegram helpers live at public_html/lib/telegram.php). Any ad_click request will hit a fatal require error, so the sendBeacon/fetch calls from the overlay return 500 and clicks are neither recorded nor queued for Telegram notification.
Useful? React with 👍 / 👎.
| <?php | ||
| require_once __DIR__ . '/../config.php'; | ||
| require_once __DIR__ . '/../lib/auth.php'; | ||
| admin_logout(); | ||
| header('Location: ' . BASE_URL . '/admin/login.php'); |
There was a problem hiding this comment.
The logout endpoint calls admin_logout() (which just wraps session_destroy()) without first starting the session. Without session_start(), PHP will not destroy the active session or clear the cookie, so hitting /admin/logout.php leaves the admin session intact and the user remains logged in on the next request.
Useful? React with 👍 / 👎.
1 participant
Summary
Testing
Codex Task