// authentication and token handling
$Authentication = new User_controller($Database, $Tools, $params, $Response);
$Authentication->check_auth();
}
}
/* verify request ---------- */
// check if the request is valid by checking if it's an array and looking for the controller and action
if ($params == false || isset($params->controller) == false) {
$Response->throw_exception(400, 'Request is not valid');
}
// verify permissions for delete/create/edit
if (($_SERVER['REQUEST_METHOD'] == "POST" || $_SERVER['REQUEST_METHOD'] == "PATCH" || $_SERVER['REQUEST_METHOD'] == "PUT" || $_SERVER['REQUEST_METHOD'] == "DELETE") && $app->app_permissions < 2) {
$Response->throw_exception(401, 'invalid permissions');
}
// verify content type
$Response->validate_content_type();
/* Initialize controller ---------- */
//get the controller and format it correctly
$controller = ucfirst(strtolower($params->controller)) . "_controller";
$controller_file = ucfirst(strtolower($params->controller));
//check if the controller exists. if not, throw an exception
if (file_exists(dirname(__FILE__) . "/controllers/{$controller_file}.php")) {
require dirname(__FILE__) . "/controllers/{$controller_file}.php";
} else {
$Response->throw_exception(400, 'invalid controller');
}
//create a new instance of the controller, and pass
//it the parameters from the request and Database object
$controller = new $controller($Database, $Tools, $params, $Response);
//check if the action exists in the controller. if not, throw an exception.
if (method_exists($controller, strtolower($_SERVER['REQUEST_METHOD'])) === false) {
