/**
* Bootstrap the session.
*
* @param Config $config The session config
*/
public static function bootstrap(Config $config)
{
if (!$config->cookie_name) {
$config->cookie_name = 'session_id';
}
if (!$config->id_format) {
$config->id_format = Handler::DEFAULT_ID_FORMAT;
}
// Create and set the session save handler
static::$handler = new Handler($config);
session_set_save_handler(static::$handler, true);
// Set the session name
session_name($config->cookie_name);
// Set the cookie parameters
$app = Application::instance();
$path = $app->config->base_uri ?: '/';
$domain = $app->config->domain ?: $_SERVER['HTTP_HOST'];
$secure = $app->request->isSecure();
$lifetime = $config->lifetime ?: 2592000;
session_set_cookie_params($lifetime, $path, $domain, $secure, true);
// Start the session
session_start();
// Register session_write_close() as a shutdown function
session_register_shutdown();
}
public static function set($key, $value, $expiry = 2592000)
{
$app = Application::instance();
$path = $app->config->app->base_uri ?: '/';
$domain = $app->config->app->domain ?: $_SERVER['HTTP_HOST'];
$secure = $app->request->isSecure();
$expires = time() + $expiry;
setcookie($key, $value, $expires, $path, $domain, $secure, true);
}
/**
* Check that the posted CSRF token matches the value stored in the session.
*
* @throws CSRFMismatchException Thrown if CSRF tokens do not match.
*
* @return bool
*/
public static function check()
{
$request = Application::instance()->request;
$key = $request->input->{self::POST_KEY};
$stored = Session::get(self::SESSION_KEY);
if ($request->isPost() && $key !== $stored) {
throw new CSRFMismatchException('CSRF token is invalid');
}
return true;
}
/**
* Initialise the controller.
*
* @param Request $request The current request
* @param Response $response The current response
*/
public function __construct(Request $request, Response $response)
{
$this->request = $request;
$this->response = $response;
foreach ($this->middleware as $middleware) {
if (!new $middleware() instanceof Middleware) {
throw new InvalidMiddlewareException($middleware . ' is not a valid middleware class');
}
if (!$middleware::check()) {
// Most middleware classes will throw an exception
Application::instance()->error(404);
}
}
}
/**
* Check that the honeypot field has not been filled in, and that the form
* was not filled in quicker than possible by a human.
*
* @throws SuspectedBotException Thrown if we suspect a bot has posted.
*
* @return bool
*/
public static function check()
{
$request = Application::instance()->request;
// If the honeypot is filled in, throw an exception
$honey = $request->input->{static::encode(self::POST_KEY)};
if ($honey) {
throw new SuspectedBotException();
}
$time = $request->input->{static::encode(self::POST_TIME_KEY)};
if (time() < base64_decode($time) + self::MIN_POST_TIME) {
throw new SuspectedBotException();
}
return true;
}
function resource($route, $controller)
{
$application = Application::instance();
if (!is_array($route)) {
$route = [$route, Str::snakeCase(str_replace('Controller', '', $controller))];
}
list($route, $name) = $route;
get([$route, $name], $controller . '@index');
post([$route, $name . '.create'], $controller . '@create');
get([$route . '/{id:int}', $name . '.show'], $controller . '@show');
post([$route . '/{id:int}', $name . '.update'], $controller . '@update');
get([$route . '/{id:int}/edit', $name . '.edit'], $controller . '@edit');
delete([$route . '/{id:int}', $name . '.delete'], $controller . '@destroy');
post([$route . '/{id:int}/destroy', $name . '.destroy'], $controller . '@destroy');
}
/**
* Get all the input arguments from the array.
*
* @return array
*/
public static function all($escaped = true)
{
$request = Application::instance()->request;
$input = $escaped ? $request->input : $request->rawInput;
return $input->toArray();
}
/**
* Construct the application.
*/
public function __construct()
{
// Spoof the request method
$_SERVER['REQUEST_METHOD'] = Router::GET;
parent::__construct();
}
/**
* Set a config value.
*
* @param string $path The path of the value to set
*
* @return mixed The value
*/
public static function set($key)
{
return Application::instance()->config->setValueForPath($key);
}
/**
* Get the previous URL.
*
* @return string|null The URL
*/
public static function previous()
{
$app = Application::instance();
return $app->request->previousUri;
}
/**
* Refresh the current page.
*/
public static function refresh()
{
$app = Application::instance();
$app->response->redirect(Url::current());
}
