public function profile() { if (!$this->isLogged()) { header("Location: " . Helpers::url() . 'editor/login'); exit; } $userModel = new Editor(self::DB_INSTANCE); $viewModel = new ProfileInformation(); $userRow = $userModel->getInfo($_SESSION['id']); $user = new EditorViewModel($userRow['username'], $userRow['password'], $userRow['id'], $userRow['email']); $viewModel->setUser($user); if (isset($_POST['edit'])) { try { $bm = new UserEditBindingModel(); if ($_POST['password'] != $_POST['confirm'] || empty($_POST['password'])) { throw new \Exception('Empty password or passwords do not match'); } $acsrf = new \Hyper\Core\Csrf(); if ($acsrf->validateToken()) { $user = new EditorViewModel($bm->getUsername(), $bm->getPassword(), $_SESSION['id'], $bm->getEmail()); if ($userModel->edit($user)) { $viewModel->getUser()->setUsername($user->getUsername()); $viewModel->success = 'Edit successful'; } } else { throw new \Exception('Anti-CSRF token does not match'); } } catch (\Exception $e) { $viewModel->error = $e->getMessage(); return new View($viewModel); } } return new View($viewModel); }
public function addCategory() { $viewModel = new CategoryAddInformation(); if (isset($_POST['categoryText'])) { $bm = new CategoryAddBindingModel(); try { $acsrf = new \Hyper\Core\Csrf(); if ($acsrf->validateToken()) { $user = $bm->getCategoryText(); //$_POST['username']; $categoryModel = new Category(self::DB_INSTANCE); $categoryModel->add($categoryText); } else { throw new \Exception('Anti-CSRF token does not match'); } } catch (\Exception $e) { $viewModel->error = $e->getMessage(); return new View($viewModel); } } return new View($viewModel); }
<?php include_once 'Application/Areas/Editor/Views/header.php'; ?> <form action="" method="post"> <div class="form-group"> <label for="categoryText">Category text</label> <input type="text" class="form-control" name="categoryText" id="categoryText" Placeholder="Category"> </div> <input type='hidden' value= <?php $acsrf = new \Hyper\Core\Csrf(); $acsrf->generate(); echo $acsrf->getToken(); ?> name='acsrf'/> <button type="submit" class="btn btn-success">Login</button> </form> <?php echo $model->error ? $model->error : ''; ?> <?php include_once 'Application/Areas/Editor/Views/footer.php';