public function change_password() { $this->cut_notlogged(); $this->user = new UsersModel(); if (!empty($_POST)) { // Check for CSRF first. Secure::csrf_checknredir($_POST['csrf_tkn']); $in = new In(); $validation = $in->validate_input($_POST, array('password' => array('required' => 'true', 'min' => '6', 'max' => '16'), 'password2' => array('required' => 'true', 'equal_field' => 'password'))); if ($validation) { $salt = Secure::salt(32); $upd_user['password'] = Secure::do_hash($_POST['password'], $salt); $upd_user['salt'] = $salt; $upd_user['id'] = $_SESSION['user']['id']; $this->user->update($upd_user); // Out::flash('Password updated.'); header("Location: " . ROOT_URI . '/admin/users'); exit; } else { // output errors $ers = ''; foreach ($in->errors as $er) { $ers .= $er . "<br />"; } Out::flash($ers); header("Location: " . ROOT_URI . "/admin/users/change_password"); exit; } } // end if POST // which user to edit $id = $_SESSION['user']['id']; $user2edit = $this->user->get_user($id); $this->set_view_var($user2edit); }
/** * Configure everything, then call controller, then call view. * * @return void */ public function run() { session_start(); /* BASIC CONSTANTS */ // Root path on the server filesystem. $root_path = rtrim(pathinfo($_SERVER['SCRIPT_FILENAME'], PATHINFO_DIRNAME), '/'); // Root URI for the site. $proto = 'http://'; if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { $proto = 'https://'; } $scr_dir = substr($_SERVER['SCRIPT_NAME'], 0, strrpos($_SERVER['SCRIPT_NAME'], '/')); $scr_uri = $proto . $_SERVER['HTTP_HOST'] . $scr_dir; $root_uri = rtrim($scr_uri, '/'); // Have those three available everywhere. define('ROOT_PATH', $root_path); define('DS', DIRECTORY_SEPARATOR); define('ROOT_URI', $root_uri); /* ROUTE IT */ $this->routes = new Routes(); // array url_elements is the main routing container. See bellow. $url_info = substr($_SERVER['REQUEST_URI'], strlen($scr_dir)); // check for defined static routes if (array_key_exists($url_info, $this->routes->static_routes)) { $url_info = $this->routes->static_routes[$url_info]; } $url_info = trim($url_info, '/'); $url_elements = explode('/', $url_info); if ('index' == $url_elements[0] || 'index.php' == $url_elements[0]) { array_shift($url_elements); } // Prefixed routes. Always lowercase. $prefx = ''; if (!empty($url_elements[0])) { if (in_array($url_elements[0], $this->routes->prefixes)) { $prefx = array_shift($url_elements); } } define('PREFIX', strtolower($prefx)); // Static pages // No url parameters $ctlr_name = !empty($url_elements[0]) ? $url_elements[0] : ''; // url parameter is among static pages if (PREFIX == '') { if (in_array($ctlr_name, $this->routes->static_pages)) { array_unshift($url_elements, 'pages'); $ctlr_name = 'pages'; } } else { // static page in prefixed routes if (array_key_exists(PREFIX, $this->routes->prefixes_with_stpages)) { if (in_array($ctlr_name, $this->routes->prefixes_with_stpages[PREFIX]) || $ctlr_name == '') { array_unshift($url_elements, 'pages'); $ctlr_name = 'pages'; } } } $compl_ctlr_name = ucfirst($ctlr_name . 'Controller'); // default action is index $action = isset($url_elements[1]) ? $url_elements[1] : 'index'; // ErrorController require_once ROOT_PATH . DS . 'controllers' . DS . 'ErrorController.php'; $controller_path = DS . 'controllers' . DS; if (PREFIX != '') { $controller_path = DS . 'controllers' . DS . PREFIX . DS; } if (is_file(ROOT_PATH . $controller_path . $compl_ctlr_name . '.php')) { require_once ROOT_PATH . $controller_path . $compl_ctlr_name . '.php'; } else { $controller_path = DS . 'controllers' . DS; $compl_ctlr_name = 'ErrorController'; $ctlr_name = 'error'; Out::flash('Controller not found'); } // Accept json and xml extensions. Call _json, _xml. if (strtolower(substr($action, -5)) == '.json') { $action = str_replace('.json', '_json', $action); } if (strtolower(substr($action, -4)) == '.xml') { $action = str_replace('.xml', '_xml', $action); } /* CONTROLLER */ // Start action $ctlr = $compl_ctlr_name; $this->controller = new $ctlr($this); if (method_exists($this->controller, $action)) { // Call method. Everything after method name, becomes a parameter. call_user_func_array(array($this->controller, $action), array_slice($url_elements, 2)); } else { $error_controller = new ErrorController($this); $error_controller->index(); Out::flash('Action not found'); } /* VIEW */ $this->view = new BaseView($this); // Set default pg_name to be rendered. if (empty($this->pg_name)) { $this->pg_name = strtolower($ctlr_name) . DS . strtolower($action); if (PREFIX != '') { $this->pg_name = PREFIX . DS . $this->pg_name; } } // If pg_name set to 'no_view' it gives output from the controller. // Use it to output json, xml, ... // // $this->app->pg_name = 'pages/override'; in the controller // overrides the default page if (!($this->pg_name == 'no_view')) { $this->view->render($this->pg_name); } }
<div class="panel panel-default"> <div class="panel"> <?php if (!empty($_SESSION['flash'])) { echo Out::flash(); } ?> </div> <div class="panel panel-body"> <?php echo "pages/home.php in views"; ?> </div> </div>
public function logout() { unset($_SESSION['user']); if (strtolower($_SESSION['user_group']['descr']) == 'user') { unset($_SESSION['user_group']); Out::flash("You've been logged out."); header("Location: " . ROOT_URI); exit; } unset($_SESSION['user_group']); Out::flash("You've been logged out."); header("Location: " . ROOT_URI . '/admin/users/login'); exit; }