/**
* @return void
*/
public function createAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_register'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_username'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{3,15}$/'))) && filter_var($request->{'_password'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{6,20}$/')))) {
$status = 400;
$data = array("error" => 'bad_request');
$csrf_token_register = htmlspecialchars($request->{'_csrf_token_register'}, ENT_QUOTES);
if ($csrf_token_register == hash('sha256', Security::getCSRFToken('csrf_token_register'))) {
$username = htmlspecialchars($request->{'_username'}, ENT_QUOTES);
$password = htmlspecialchars($request->{'_password'}, ENT_QUOTES);
$user = $this->loadModel('User');
$user->Username = $username;
$user->Password = $password;
$status = 409;
$data = array('error' => 'username_is_taken');
if (!$user->isUsernameTaken()) {
$id = $user->Save(array('username' => $username, 'password' => $user->Password));
if ($id > 0) {
$role = $this->loadModel('Role');
$role->Save(array('user_id' => $id, 'role_id' => 1));
$status = 201;
$data = array('id' => $id);
}
}
}
}
http_response_code($status);
echo json_encode($data);
} else {
Helper::redirectTo(WEB . 'register');
}
}
/**
* @return void
*/
public function indexAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
$status = 400;
$data = array('error' => 'bad_request');
if (filter_has_var(INPUT_POST, "_csrf_token_login") && filter_has_var(INPUT_POST, "_username") && filter_has_var(INPUT_POST, "_password")) {
$status = 403;
$data = array('error' => 'bad_request');
$csrf_token_login = htmlspecialchars($_POST['_csrf_token_login'], ENT_QUOTES);
if ($csrf_token_login == hash('sha256', Security::getCSRFToken('csrf_token_login'))) {
$status = 204;
$data = array('error' => 'no_content');
$username = htmlspecialchars($_POST['_username'], ENT_QUOTES);
$password = htmlspecialchars($_POST['_password'], ENT_QUOTES);
$user = $this->loadModel('User');
$user->Username = $username;
$user->Password = $password;
$id = $user->isAuthorized();
if ($id > 0) {
Security::loggedIn($id, $user->Role);
Security::destroyCSRFToken('csrf_token_login');
$status = 200;
$data = array('id' => $id, 'role' => $user->Role);
}
}
}
http_response_code($status);
echo json_encode($data);
} else {
Helper::redirectTo(WEB . 'register');
}
}
public function indexAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST')) {
Security::loggedOut();
http_response_code(200);
echo json_encode(array('success' => true));
} else {
Helper::redirectTo(WEB . DEFAULT_ROUTE);
}
}
/**
* @access public
* @return void
*/
public function run()
{
$bootstrap = new Bootstrap();
$bootstrap->setCurrentController(DEFAULT_CONTROLLER);
$bootstrap->setCurrentAction(DEFAULT_ACTION);
$bootstrap->parseUrl();
$route = $bootstrap->getRoute();
if (!empty($this->routes[$route]['isOauthRequired']) && !Security::isUserLoggedIn()) {
Helper::redirectTo(WEB . DEFAULT_ROUTE);
} else {
if (!empty($this->routes[$route]['controller'])) {
$controller = $this->routes[$route]['controller'];
$bootstrap->setController($controller);
}
$bootstrap->loadControllerFile();
$bootstrap->initControllerClass();
$bootstrap->runControllerAction($bootstrap->getAction(), $bootstrap->getParams());
}
}
public function deleteAction()
{
if ($this->isAJAX() && $this->isRequestMethod('DELETE') && Security::getUserRole() === 'ROLE_ADMIN') {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT)) {
$csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES);
if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) {
$id = htmlspecialchars($request->{'_id'}, ENT_QUOTES);
$comment = $this->loadModel('Comment');
$comment->Id = $id;
if ($comment->delete() == 1) {
$status = 204;
}
}
}
http_response_code($status);
echo json_encode($data);
}
}
function isTokenGenerated($isUserLoggedIn)
{
return $isUserLoggedIn ? 0 : Security::generateCSRFToken('csrf_token_login');
}
/**
* @access public
* @param int
*/
public function deleteAction($id)
{
if ($this->isAJAX() && $this->isRequestMethod('DELETE')) {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_news'}, FILTER_SANITIZE_STRING)) {
$csrf_token_news = htmlspecialchars($request->{'_csrf_token_news'}, ENT_QUOTES);
if ($csrf_token_news == hash('sha256', Security::getCSRFToken('csrf_token_news'))) {
if (is_numeric($id)) {
$status = $this->delete($id) == 1 ? 204 : 400;
}
}
}
http_response_code($status);
echo json_encode($data);
}
}
public function updateAction()
{
if ($this->isAJAX() && $this->isRequestMethod('PUT') && Security::getUserRole() === 'ROLE_ADMIN') {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_category'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_title'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9_.öçşiğüÖÇŞİĞÜ-]{3,50}$/')))) {
$status = 400;
$data = array("error" => 'bad_request');
$csrf_token_category = htmlspecialchars($request->{'_csrf_token_category'}, ENT_QUOTES);
if ($csrf_token_category == hash('sha256', Security::getCSRFToken('csrf_token_category'))) {
$id = htmlspecialchars($request->{'_id'}, ENT_QUOTES);
$title = htmlspecialchars($request->{'_title'}, ENT_QUOTES);
$category = $this->loadModel('Category');
$category->Id = $id;
$status = 200;
$data = array('id' => $category->save(array('title' => $title)));
}
}
http_response_code($status);
echo json_encode($data);
}
}
