/** * @return void */ public function createAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_register'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_username'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{3,15}$/'))) && filter_var($request->{'_password'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{6,20}$/')))) { $status = 400; $data = array("error" => 'bad_request'); $csrf_token_register = htmlspecialchars($request->{'_csrf_token_register'}, ENT_QUOTES); if ($csrf_token_register == hash('sha256', Security::getCSRFToken('csrf_token_register'))) { $username = htmlspecialchars($request->{'_username'}, ENT_QUOTES); $password = htmlspecialchars($request->{'_password'}, ENT_QUOTES); $user = $this->loadModel('User'); $user->Username = $username; $user->Password = $password; $status = 409; $data = array('error' => 'username_is_taken'); if (!$user->isUsernameTaken()) { $id = $user->Save(array('username' => $username, 'password' => $user->Password)); if ($id > 0) { $role = $this->loadModel('Role'); $role->Save(array('user_id' => $id, 'role_id' => 1)); $status = 201; $data = array('id' => $id); } } } } http_response_code($status); echo json_encode($data); } else { Helper::redirectTo(WEB . 'register'); } }
/** * @return void */ public function indexAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { $status = 400; $data = array('error' => 'bad_request'); if (filter_has_var(INPUT_POST, "_csrf_token_login") && filter_has_var(INPUT_POST, "_username") && filter_has_var(INPUT_POST, "_password")) { $status = 403; $data = array('error' => 'bad_request'); $csrf_token_login = htmlspecialchars($_POST['_csrf_token_login'], ENT_QUOTES); if ($csrf_token_login == hash('sha256', Security::getCSRFToken('csrf_token_login'))) { $status = 204; $data = array('error' => 'no_content'); $username = htmlspecialchars($_POST['_username'], ENT_QUOTES); $password = htmlspecialchars($_POST['_password'], ENT_QUOTES); $user = $this->loadModel('User'); $user->Username = $username; $user->Password = $password; $id = $user->isAuthorized(); if ($id > 0) { Security::loggedIn($id, $user->Role); Security::destroyCSRFToken('csrf_token_login'); $status = 200; $data = array('id' => $id, 'role' => $user->Role); } } } http_response_code($status); echo json_encode($data); } else { Helper::redirectTo(WEB . 'register'); } }
public function indexAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { Security::loggedOut(); http_response_code(200); echo json_encode(array('success' => true)); } else { Helper::redirectTo(WEB . DEFAULT_ROUTE); } }
/** * @access public * @return void */ public function run() { $bootstrap = new Bootstrap(); $bootstrap->setCurrentController(DEFAULT_CONTROLLER); $bootstrap->setCurrentAction(DEFAULT_ACTION); $bootstrap->parseUrl(); $route = $bootstrap->getRoute(); if (!empty($this->routes[$route]['isOauthRequired']) && !Security::isUserLoggedIn()) { Helper::redirectTo(WEB . DEFAULT_ROUTE); } else { if (!empty($this->routes[$route]['controller'])) { $controller = $this->routes[$route]['controller']; $bootstrap->setController($controller); } $bootstrap->loadControllerFile(); $bootstrap->initControllerClass(); $bootstrap->runControllerAction($bootstrap->getAction(), $bootstrap->getParams()); } }
public function deleteAction() { if ($this->isAJAX() && $this->isRequestMethod('DELETE') && Security::getUserRole() === 'ROLE_ADMIN') { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT)) { $csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES); if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) { $id = htmlspecialchars($request->{'_id'}, ENT_QUOTES); $comment = $this->loadModel('Comment'); $comment->Id = $id; if ($comment->delete() == 1) { $status = 204; } } } http_response_code($status); echo json_encode($data); } }
function isTokenGenerated($isUserLoggedIn) { return $isUserLoggedIn ? 0 : Security::generateCSRFToken('csrf_token_login'); }
/** * @access public * @param int */ public function deleteAction($id) { if ($this->isAJAX() && $this->isRequestMethod('DELETE')) { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_news'}, FILTER_SANITIZE_STRING)) { $csrf_token_news = htmlspecialchars($request->{'_csrf_token_news'}, ENT_QUOTES); if ($csrf_token_news == hash('sha256', Security::getCSRFToken('csrf_token_news'))) { if (is_numeric($id)) { $status = $this->delete($id) == 1 ? 204 : 400; } } } http_response_code($status); echo json_encode($data); } }
public function updateAction() { if ($this->isAJAX() && $this->isRequestMethod('PUT') && Security::getUserRole() === 'ROLE_ADMIN') { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_category'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_title'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9_.öçşiğüÖÇŞİĞÜ-]{3,50}$/')))) { $status = 400; $data = array("error" => 'bad_request'); $csrf_token_category = htmlspecialchars($request->{'_csrf_token_category'}, ENT_QUOTES); if ($csrf_token_category == hash('sha256', Security::getCSRFToken('csrf_token_category'))) { $id = htmlspecialchars($request->{'_id'}, ENT_QUOTES); $title = htmlspecialchars($request->{'_title'}, ENT_QUOTES); $category = $this->loadModel('Category'); $category->Id = $id; $status = 200; $data = array('id' => $category->save(array('title' => $title))); } } http_response_code($status); echo json_encode($data); } }