// authentication and token handling $Authentication = new User_controller($Database, $Tools, $params, $Response); $Authentication->check_auth(); } } /* verify request ---------- */ // check if the request is valid by checking if it's an array and looking for the controller and action if ($params == false || isset($params->controller) == false) { $Response->throw_exception(400, 'Request is not valid'); } // verify permissions for delete/create/edit if (($_SERVER['REQUEST_METHOD'] == "POST" || $_SERVER['REQUEST_METHOD'] == "PATCH" || $_SERVER['REQUEST_METHOD'] == "PUT" || $_SERVER['REQUEST_METHOD'] == "DELETE") && $app->app_permissions < 2) { $Response->throw_exception(401, 'invalid permissions'); } // verify content type $Response->validate_content_type(); /* Initialize controller ---------- */ //get the controller and format it correctly $controller = ucfirst(strtolower($params->controller)) . "_controller"; $controller_file = ucfirst(strtolower($params->controller)); //check if the controller exists. if not, throw an exception if (file_exists(dirname(__FILE__) . "/controllers/{$controller_file}.php")) { require dirname(__FILE__) . "/controllers/{$controller_file}.php"; } else { $Response->throw_exception(400, 'invalid controller'); } //create a new instance of the controller, and pass //it the parameters from the request and Database object $controller = new $controller($Database, $Tools, $params, $Response); //check if the action exists in the controller. if not, throw an exception. if (method_exists($controller, strtolower($_SERVER['REQUEST_METHOD'])) === false) {