public function __construct()
{
$this->request = RequestModel::currentRequest();
// provide all controllers with access to the request data
$this->session = SessionModel::currentSession();
// provide all controllers with access to the session data
}
public static function redirect($url, $query_parameters = array())
{
$request = RequestModel::currentRequest();
$redirect_host = parse_url($url, PHP_URL_HOST);
// Check that we're redirecting to our own domain, avoids potential security issues...
if (!isValidURL($url)) {
$url = '/';
// fallback
} else {
if ($redirect_host !== HOSTNAME) {
// Remote Domain!
(new Log(SECURITY_LOG))->logMessage("Attempted redirect to external URL: {$url}");
$url = '/';
// fallback
} else {
// URL is OK, modify the existing URL if parameters were specified...
if (!empty($query_parameters)) {
$url = addQueryParams($url, $query_parameters);
}
}
}
// OK to Redirect User?
if (headers_sent($file, $line)) {
// Log Error
(new Log(ERROR_LOG))->logMessage("Unable to redirect, headers already sent in {$file} on line {$line}");
// Ask user for manual redirection...
echo "Unable to redirect automatically, please click this link: <a href=\"{$url}\">{$url}</a>";
} else {
// We're OK to Redirect
header("Location: {$url}");
}
exit;
// terminate
}
public function __construct()
{
$this->request = RequestModel::currentRequest();
// Cookie Provided?
if (!empty($_COOKIE[self::COOKIE_NAME])) {
$this->cookie_token = $_COOKIE[self::COOKIE_NAME];
}
// Make sure the cookie is good, generate a new token if not (or missing)...
$this->cookie_token = $this->token();
}
public function isUserAuthenticated($auth_required = true)
{
// Cached Result... (if checked before, return the result)
if ($this->authentication != self::AUTH_UNKNOWN) {
return $this->authentication == self::AUTH_PASSED;
}
// Check Token Validity -- Avoid DB Overhead
if (self::isSessionIDValid($this->id)) {
$db = Database::getConnection();
$query = $db->query("SELECT user_id, update_timestamp, persistent FROM " . self::TABLE_NAME . " WHERE (id=:id) AND (expiry_timestamp > :now)", array(":id" => $this->id, ":now" => Carbon::now()));
} else {
if (!$auth_required) {
return false;
}
}
// Check Query Result (and that it was executed)
if (isset($query) && $query && $query->rowCount()) {
$db_row = $query->fetch(PDO::FETCH_ASSOC);
$this->user_id = $db_row['user_id'];
// only set here, force people to call this function first before being allowed to look at the ID
// We need to renew sessions on a regular basis in order for us to determine when sessions become inactive...
if (Carbon::parse($db_row['update_timestamp'])->diffInSeconds(Carbon::now()) > self::SESSION_RENEWAL_PERIOD_SECONDS) {
$this->create($db_row['user_id'], isTrue($db_row['persistent']));
}
// renew
$this->authentication = self::AUTH_PASSED;
return true;
} else {
if ($auth_required) {
// Determine the Current Target/Action
$request = RequestModel::currentRequest();
$router = RouteController::getController();
$route = $router->findRouteForURL($request->url());
// Add Query Params?
$url = $router->urlForAction($route->action(), $route->extractArgs($request->url()));
if (count($request->queryArgArray())) {
$url = addQueryParams($url, $request->queryArgArray());
}
// Request a Login
AppController::requestUserLogin($url);
// we need to extract and re-inject any args or we lose context...
} else {
$this->authentication = self::AUTH_FAILED;
return false;
}
}
}
public static function assetURL($asset)
{
return RequestModel::currentRequest()->protocol() . "://" . HOSTNAME . '/assets/' . $asset;
}
