public function __construct() { $this->app = App::getInstance(); $this->view = View::getInstance(); $this->config = $this->app->getConfig(); $this->input = InputData::getInstance(); $this->session = $this->app->getSession(); $this->db = new SimpleDB(); }
private function ValidateAuthorization($doc) { $doc = strtolower($doc); $notLoggedRegex = '/@notlogged/'; preg_match($notLoggedRegex, $doc, $matches); if ($matches) { if (App::getInstance()->getSession()->_login) { throw new \Exception("Already logged in!", 400); } } $authorizeRegex = '/@authorize(?:\\s+error:\\("(.+)"\\))?/'; preg_match($authorizeRegex, $doc, $matches); if ($matches) { $error = 'Unauthorized!'; if ($matches[1]) { $error = ucfirst($matches[1]); } if (!App::getInstance()->getSession()->_login) { throw new \Exception($error, 401); } } $adminRegex = '/@admin/'; preg_match($adminRegex, $doc, $matches); if ($matches) { if (!SimpleDB::isAdmin()) { throw new \Exception("Admin access only!", 401); } } $roleRegex = '/@role\\s*\\("(.+)"\\)/'; preg_match($roleRegex, $doc, $matches); if ($matches[1]) { $role = $matches[1]; if (!SimpleDB::hasRole($role) && !SimpleDB::isAdmin()) { $role = ucfirst($role); throw new \Exception("{$role} access only!", 401); } } }
/** * @return array Found routes */ private function findAllRoutesInApp() { $foundRoutes = array(); // Config routes $configRoutes = App::getInstance()->getConfig()->routes; foreach ($configRoutes as $area => $namespace) { if ($namespace['controllers']) { foreach ($namespace['controllers'] as $controller => $methods) { foreach ($methods['methods'] as $newFunctionRoute => $originalFunction) { $file = App::getInstance()->getConfig()->app['namespaces']['Controllers']; if ($area !== '*') { $file .= $area; $file = $file . '\\' . ucfirst($methods['goesTo']) . 'Controller'; } else { $file = $file . ucfirst($methods['goesTo']) . 'Controller'; } $file = str_replace('../', '', $file); $file = str_replace('/', '\\', $file); $reflection = new \ReflectionMethod($file, $originalFunction); $doc = $reflection->getDocComment(); $params = $this->findBindingModels($doc); $requestMethod = null; if ($methods['requestMethod'][$newFunctionRoute]) { $requestMethod = $methods['requestMethod'][$newFunctionRoute]; } else { // Methods without config request - checking controller for annotation if ($methods['goesTo'] && $originalFunction) { preg_match('/@(post|get|put|delete)/', strtolower($doc), $requestMethods); $requestMethod = 'Get'; if ($requestMethods[1]) { $requestMethod = $requestMethods[1]; } } } if ($area === '*') { $route = '@' . strtoupper($requestMethod) . ' ' . strtolower($controller . '/' . $newFunctionRoute); } else { $route = '@' . strtoupper($requestMethod) . ' ' . strtolower($area . '/' . $controller . '/' . $newFunctionRoute); } $foundRoutes[$route] = $params; } } } } // Custom routes and not listed ones $controllersFolder = App::getInstance()->getConfig()->app['namespaces']['Controllers']; $allFiles = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($controllersFolder)); $phpFiles = new \RegexIterator($allFiles, '/\\.php$/'); foreach ($phpFiles as $file) { $controllerPath = str_replace('../', '', $file->getPathName()); $controllerPath = str_replace('.php', '', $controllerPath); $normalizedPath = str_replace('/', '\\', $controllerPath); $reflectionController = new \ReflectionClass(new $normalizedPath()); $methods = $reflectionController->getMethods(); foreach ($methods as $method) { $doc = $method->getDocComment(); @($params = $this->findBindingModels($doc)); $doc = strtolower($doc); preg_match('/@route\\("(.*)"\\)/', $doc, $matches); preg_match('/@(post|get|put|delete)/', $doc, $requestMethods); $route = $matches[1]; $requestMethod = 'Get'; if ($requestMethods[1]) { $requestMethod = $requestMethods[1]; } if ($route) { $fullRoute = '@' . strtoupper($requestMethod) . ' ' . strtolower($route); $foundRoutes[$fullRoute] = $params; } } } return $foundRoutes; }
public static function hasRole($role) { $col = 'is' . ucfirst($role); try { $statement = self::$database->prepare("SELECT {$col}\n FROM users\n WHERE username = ? AND id = ?"); $statement->bindColumn(1, $col); $statement->bindParam(1, App::getInstance()->getSession()->_username); $statement->bindParam(2, App::getInstance()->getSession()->_login); $statement->execute(); $response = $statement->fetch(\PDO::FETCH_ASSOC); $response = $response['is' . ucfirst($role)]; } catch (\PDOException $ex) { throw new \Exception("Check your db, missing role '{$col}'"); } if ($response) { return Normalizer::normalize($response, 'bool'); } return false; }
<span class="label label-danger">Admin</span> <?php } ?> <?php if ($this->_viewBag['body']->getIsEditor()) { ?> <span class="label label-info">Editor</span> <?php } ?> <?php if ($this->_viewBag['body']->getIsModerator()) { ?> <span class="label label-success">Moderator</span> <?php } ?> </h2> <?php if (strtolower($this->_viewBag['body']->getUsername()) === strtolower(\FTS\App::getInstance()->getUsername())) { ?> <div class="panel panel-heading">Your balance: <?php echo $this->_viewBag['body']->getBalance(); ?> lv</div> <?php \FTS\FormViewHelper::init()->initForm('/user/changePass', ['class' => 'form-group'], 'put')->initLabel()->setValue("Old Password")->setAttribute('for', 'oldPassword')->create()->initPasswordBox()->setAttribute('id', 'oldPassword')->setName('oldPassword')->setAttribute('class', 'form-control input-md')->create()->initLabel()->setValue("New Password")->setAttribute('for', 'newPassword')->create()->initPasswordBox()->setAttribute('id', 'newPassword')->setName('newPassword')->setAttribute('class', 'form-control input-md')->create()->initLabel()->setValue("Confirm Password")->setAttribute('for', 'conPassword')->create()->initPasswordBox()->setAttribute('id', 'conPassword')->setName('confirm')->setAttribute('class', 'form-control input-md')->create()->initSubmit()->setAttribute('value', 'Change password')->setAttribute('class', 'btn btn-default')->create()->render(); } ?> </div>
?> <?php if (\FTS\App::getInstance()->isAdmin() || \FTS\App::getInstance()->isEditor()) { ?> <a href="/product/<?php echo $product->getId(); ?> /edit" class="panel panel-primary btn btn-default">Edit</a> <?php \FTS\FormViewHelper::init()->initForm('/product/' . $product->getId() . '/delete', ['style' => 'display: inline;'], 'delete')->initSubmit()->setAttribute('value', 'Delete')->setAttribute('class', 'panel panel-primary btn btn-default')->create()->render(true); ?> <?php } ?> <?php if (\FTS\App::getInstance()->isLogged()) { \FTS\FormViewHelper::init()->initForm('/review/add/' . $product->getId(), ['class' => 'form-group', 'style' => 'display: none', 'id' => $product->getId()])->initLabel()->setAttribute('for', 'message')->setValue('Message')->create()->initTextArea()->setAttribute('name', 'message')->setAttribute('class', 'form-control input-md')->setAttribute('id', 'message')->create()->initSubmit()->setAttribute('value', 'Send')->setAttribute('class', 'btn btn-primary btn-sm col-sm-1 col-sm-offset-5')->create()->render(true); } ?> </div> </div> <?php } ?> <ul class="pager"> <li><a href="/products/<?php $start = $this->_viewBag['body']->getStart(); if ($start - 3 >= 0) { echo $start -= 3; } else {
if ($review->getIsEditor()) { ?> <span class="label label-info">Editor</span> <?php } ?> <?php if ($review->getIsModerator()) { ?> <span class="label label-success">Moderator</span> <?php } ?> </div> <?php if (\FTS\App::getInstance()->isAdmin() || \FTS\App::getInstance()->isModerator()) { ?> <div class="col-sm-2 text-right"> <button class="btn btn-sm btn-default" onclick="enableReviewForm('<?php echo $review->getId() . 'r'; ?> ')">Edit</button> <?php \FTS\FormViewHelper::init()->initForm('/review/' . $review->getId() . '/delete', ['style' => 'display: inline;'], 'delete')->initSubmit()->setAttribute('value', 'Delete')->setAttribute('class', 'btn btn-sm btn-default')->create()->render(true); ?> </div> <?php \FTS\FormViewHelper::init()->initForm('/review/' . $review->getId() . '/edit', ['class' => 'form-group', 'style' => 'display: none', 'id' => $review->getId() . 'r'], 'put')->initLabel()->setAttribute('for', 'message')->setValue('Edit Message')->create()->initTextArea($review->getMessage())->setAttribute('name', 'message')->setAttribute('class', 'form-control input-md')->setAttribute('id', 'message')->create()->initSubmit()->setAttribute('value', 'Edit')->setAttribute('class', 'btn btn-primary btn-sm col-sm-1 col-sm-offset-5')->create()->render(true); ?> <?php }
\FTS\FormViewHelper::init()->initLink()->setAttribute('href', "/user/" . \FTS\App::getInstance()->getUsername() . "/profile")->setValue('Profile')->create()->render(); ?> </li> <li><?php \FTS\FormViewHelper::init()->initLink()->setAttribute('href', "/users/all/0/10")->setValue('All users')->create()->render(); ?> </li> <?php if (\FTS\App::getInstance()->isAdmin()) { ?> <li><a href="/admin">Admin</a></li> <?php } ?> <?php if (\FTS\App::getInstance()->isAdmin() || \FTS\App::getInstance()->isEditor()) { ?> <li><a href="/editor">Editor</a></li> <?php } ?> <li role="separator" class="divider"></li> <li> <?php FTS\FormViewHelper::init()->initLink()->setAttribute('href', '/user/logout')->setValue('Logout')->create()->render(); ?> </li> </ul> </li> </ul> <?php
<?php ini_set('display_startup_errors', 1); ini_set('display_errors', 1); error_reporting(E_ALL ^ E_NOTICE); use FTS\App; use Routers\DummyRouter; include '../../FTS-Framework/App.php'; include '../Routers/DummyRouter.php'; $app = App::getInstance(); $app->run();