Create PHP news site with admin dashboard and Shopee ad flow

[huzely]

Summary

• Build public news site with slug-based routing, multi-theme UI, Shopee overlay ad flow, and caching
• Add Vietnamese admin panel for login, CRUD bài viết, cài đặt, thống kê, copy link, và đổi theme/logo/banner
• Implement PDO database schema, tracking API với rate-limit, Telegram queue, và cơ chế lỗi/log thân thiện
• Refine Shopee overlay theo đặc tả (bypass ?ad=0, giữ affiliate, chạy trên click slug và truy cập trực tiếp) và gộp thông báo click qua Telegram
• Bổ sung thống kê ngày/tháng + reset, API stats mở rộng, và cập nhật README hướng dẫn chi tiết

Testing

• php -l public_html/config.php
• php -l public_html/lib/csrf.php
• php -l public_html/lib/slugify.php
• php -l public_html/lib/rate_limit.php
• php -l public_html/lib/db.php
• php -l public_html/lib/error_handler.php
• php -l public_html/lib/telegram.php
• php -l public_html/lib/auth.php
• php -l public_html/lib/helpers.php
• php -l public_html/lib/cache.php
• php -l public_html/api/track.php
• php -l public_html/api/stats.php
• php -l public_html/includes/footer.php
• php -l public_html/includes/menu.php
• php -l public_html/includes/header.php
• php -l public_html/index.php
• php -l public_html/post.php
• php -l public_html/error.php
• php -l public_html/admin/post_copy.php
• php -l public_html/admin/login.php
• php -l public_html/admin/settings.php
• php -l public_html/admin/post_add.php
• php -l public_html/admin/includes/footer.php
• php -l public_html/admin/includes/auth_check.php
• php -l public_html/admin/includes/header.php
• php -l public_html/admin/logout.php
• php -l public_html/admin/posts.php
• php -l public_html/admin/dashboard.php
• php -l public_html/admin/stats.php
• php -l public_html/admin/post_edit.php
• php -l public_html/admin/post_delete.php
• php -l public_html/bots/telegram/webhook.php

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid double session start in admin boot

auth.php requires csrf.php (which calls session_start() on load) and then immediately calls session_start() again. With the global error handler turning notices/warnings into a 500 error page, every admin request that loads auth.php will emit a session-start notice and render the error page before any logic or redirects run. Guard the call with session_status() or remove the duplicate start.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Filter post lookup to public content

post.php fetches an article solely by slug and renders it even when its status is still draft. Anyone who guesses or receives the slug (or follows the rewrite /slug) can read unpublished content, and the draft is cached for 45s. The SELECT should constrain to status='public' (or enforce auth) before rendering/caching.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Add CSRF protection to delete endpoint

post_delete.php performs the DELETE directly from a GET id without verifying a CSRF token. A malicious page loaded by a logged-in admin can fire a GET to this URL (e.g., via an image tag) and delete posts without server-side verification. This endpoint should require POST and call verify_csrf before executing the deletion.

Useful? React with 👍 / 👎.