public function change_password()
{
$this->cut_notlogged();
$this->user = new UsersModel();
if (!empty($_POST)) {
// Check for CSRF first.
Secure::csrf_checknredir($_POST['csrf_tkn']);
$in = new In();
$validation = $in->validate_input($_POST, array('password' => array('required' => 'true', 'min' => '6', 'max' => '16'), 'password2' => array('required' => 'true', 'equal_field' => 'password')));
if ($validation) {
$salt = Secure::salt(32);
$upd_user['password'] = Secure::do_hash($_POST['password'], $salt);
$upd_user['salt'] = $salt;
$upd_user['id'] = $_SESSION['user']['id'];
$this->user->update($upd_user);
//
Out::flash('Password updated.');
header("Location: " . ROOT_URI . '/admin/users');
exit;
} else {
// output errors
$ers = '';
foreach ($in->errors as $er) {
$ers .= $er . "<br />";
}
Out::flash($ers);
header("Location: " . ROOT_URI . "/admin/users/change_password");
exit;
}
}
// end if POST
// which user to edit
$id = $_SESSION['user']['id'];
$user2edit = $this->user->get_user($id);
$this->set_view_var($user2edit);
}
/**
* Configure everything, then call controller, then call view.
*
* @return void
*/
public function run()
{
session_start();
/* BASIC CONSTANTS */
// Root path on the server filesystem.
$root_path = rtrim(pathinfo($_SERVER['SCRIPT_FILENAME'], PATHINFO_DIRNAME), '/');
// Root URI for the site.
$proto = 'http://';
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$proto = 'https://';
}
$scr_dir = substr($_SERVER['SCRIPT_NAME'], 0, strrpos($_SERVER['SCRIPT_NAME'], '/'));
$scr_uri = $proto . $_SERVER['HTTP_HOST'] . $scr_dir;
$root_uri = rtrim($scr_uri, '/');
// Have those three available everywhere.
define('ROOT_PATH', $root_path);
define('DS', DIRECTORY_SEPARATOR);
define('ROOT_URI', $root_uri);
/* ROUTE IT */
$this->routes = new Routes();
// array url_elements is the main routing container. See bellow.
$url_info = substr($_SERVER['REQUEST_URI'], strlen($scr_dir));
// check for defined static routes
if (array_key_exists($url_info, $this->routes->static_routes)) {
$url_info = $this->routes->static_routes[$url_info];
}
$url_info = trim($url_info, '/');
$url_elements = explode('/', $url_info);
if ('index' == $url_elements[0] || 'index.php' == $url_elements[0]) {
array_shift($url_elements);
}
// Prefixed routes. Always lowercase.
$prefx = '';
if (!empty($url_elements[0])) {
if (in_array($url_elements[0], $this->routes->prefixes)) {
$prefx = array_shift($url_elements);
}
}
define('PREFIX', strtolower($prefx));
// Static pages
// No url parameters
$ctlr_name = !empty($url_elements[0]) ? $url_elements[0] : '';
// url parameter is among static pages
if (PREFIX == '') {
if (in_array($ctlr_name, $this->routes->static_pages)) {
array_unshift($url_elements, 'pages');
$ctlr_name = 'pages';
}
} else {
// static page in prefixed routes
if (array_key_exists(PREFIX, $this->routes->prefixes_with_stpages)) {
if (in_array($ctlr_name, $this->routes->prefixes_with_stpages[PREFIX]) || $ctlr_name == '') {
array_unshift($url_elements, 'pages');
$ctlr_name = 'pages';
}
}
}
$compl_ctlr_name = ucfirst($ctlr_name . 'Controller');
// default action is index
$action = isset($url_elements[1]) ? $url_elements[1] : 'index';
// ErrorController
require_once ROOT_PATH . DS . 'controllers' . DS . 'ErrorController.php';
$controller_path = DS . 'controllers' . DS;
if (PREFIX != '') {
$controller_path = DS . 'controllers' . DS . PREFIX . DS;
}
if (is_file(ROOT_PATH . $controller_path . $compl_ctlr_name . '.php')) {
require_once ROOT_PATH . $controller_path . $compl_ctlr_name . '.php';
} else {
$controller_path = DS . 'controllers' . DS;
$compl_ctlr_name = 'ErrorController';
$ctlr_name = 'error';
Out::flash('Controller not found');
}
// Accept json and xml extensions. Call _json, _xml.
if (strtolower(substr($action, -5)) == '.json') {
$action = str_replace('.json', '_json', $action);
}
if (strtolower(substr($action, -4)) == '.xml') {
$action = str_replace('.xml', '_xml', $action);
}
/* CONTROLLER */
// Start action
$ctlr = $compl_ctlr_name;
$this->controller = new $ctlr($this);
if (method_exists($this->controller, $action)) {
// Call method. Everything after method name, becomes a parameter.
call_user_func_array(array($this->controller, $action), array_slice($url_elements, 2));
} else {
$error_controller = new ErrorController($this);
$error_controller->index();
Out::flash('Action not found');
}
/* VIEW */
$this->view = new BaseView($this);
// Set default pg_name to be rendered.
if (empty($this->pg_name)) {
$this->pg_name = strtolower($ctlr_name) . DS . strtolower($action);
if (PREFIX != '') {
$this->pg_name = PREFIX . DS . $this->pg_name;
}
}
// If pg_name set to 'no_view' it gives output from the controller.
// Use it to output json, xml, ...
//
// $this->app->pg_name = 'pages/override'; in the controller
// overrides the default page
if (!($this->pg_name == 'no_view')) {
$this->view->render($this->pg_name);
}
}
<div class="panel panel-default">
<div class="panel">
<?php
if (!empty($_SESSION['flash'])) {
echo Out::flash();
}
?>
</div>
<div class="panel panel-body">
<?php
echo "pages/home.php in views";
?>
</div>
</div>
public function logout()
{
unset($_SESSION['user']);
if (strtolower($_SESSION['user_group']['descr']) == 'user') {
unset($_SESSION['user_group']);
Out::flash("You've been logged out.");
header("Location: " . ROOT_URI);
exit;
}
unset($_SESSION['user_group']);
Out::flash("You've been logged out.");
header("Location: " . ROOT_URI . '/admin/users/login');
exit;
}
