/**
  * @return void
  */
 public function createAction()
 {
     if ($this->isAJAX() && $this->isRequestMethod('POST')) {
         $status = 400;
         $data = array("error" => 'bad_request');
         $request = json_decode(file_get_contents('php://input'));
         if (filter_var($request->{'_csrf_token_register'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_username'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{3,15}$/'))) && filter_var($request->{'_password'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{6,20}$/')))) {
             $status = 400;
             $data = array("error" => 'bad_request');
             $csrf_token_register = htmlspecialchars($request->{'_csrf_token_register'}, ENT_QUOTES);
             if ($csrf_token_register == hash('sha256', Security::getCSRFToken('csrf_token_register'))) {
                 $username = htmlspecialchars($request->{'_username'}, ENT_QUOTES);
                 $password = htmlspecialchars($request->{'_password'}, ENT_QUOTES);
                 $user = $this->loadModel('User');
                 $user->Username = $username;
                 $user->Password = $password;
                 $status = 409;
                 $data = array('error' => 'username_is_taken');
                 if (!$user->isUsernameTaken()) {
                     $id = $user->Save(array('username' => $username, 'password' => $user->Password));
                     if ($id > 0) {
                         $role = $this->loadModel('Role');
                         $role->Save(array('user_id' => $id, 'role_id' => 1));
                         $status = 201;
                         $data = array('id' => $id);
                     }
                 }
             }
         }
         http_response_code($status);
         echo json_encode($data);
     } else {
         Helper::redirectTo(WEB . 'register');
     }
 }
 /**
  * @return void
  */
 public function indexAction()
 {
     if ($this->isAJAX() && $this->isRequestMethod('POST')) {
         $status = 400;
         $data = array('error' => 'bad_request');
         if (filter_has_var(INPUT_POST, "_csrf_token_login") && filter_has_var(INPUT_POST, "_username") && filter_has_var(INPUT_POST, "_password")) {
             $status = 403;
             $data = array('error' => 'bad_request');
             $csrf_token_login = htmlspecialchars($_POST['_csrf_token_login'], ENT_QUOTES);
             if ($csrf_token_login == hash('sha256', Security::getCSRFToken('csrf_token_login'))) {
                 $status = 204;
                 $data = array('error' => 'no_content');
                 $username = htmlspecialchars($_POST['_username'], ENT_QUOTES);
                 $password = htmlspecialchars($_POST['_password'], ENT_QUOTES);
                 $user = $this->loadModel('User');
                 $user->Username = $username;
                 $user->Password = $password;
                 $id = $user->isAuthorized();
                 if ($id > 0) {
                     Security::loggedIn($id, $user->Role);
                     Security::destroyCSRFToken('csrf_token_login');
                     $status = 200;
                     $data = array('id' => $id, 'role' => $user->Role);
                 }
             }
         }
         http_response_code($status);
         echo json_encode($data);
     } else {
         Helper::redirectTo(WEB . 'register');
     }
 }
 public function deleteAction()
 {
     if ($this->isAJAX() && $this->isRequestMethod('DELETE') && Security::getUserRole() === 'ROLE_ADMIN') {
         $status = 400;
         $data = array("error" => 'bad_request');
         $request = json_decode(file_get_contents('php://input'));
         if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT)) {
             $csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES);
             if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) {
                 $id = htmlspecialchars($request->{'_id'}, ENT_QUOTES);
                 $comment = $this->loadModel('Comment');
                 $comment->Id = $id;
                 if ($comment->delete() == 1) {
                     $status = 204;
                 }
             }
         }
         http_response_code($status);
         echo json_encode($data);
     }
 }
 /**
  * @access public
  * @param int
  */
 public function deleteAction($id)
 {
     if ($this->isAJAX() && $this->isRequestMethod('DELETE')) {
         $status = 400;
         $data = array("error" => 'bad_request');
         $request = json_decode(file_get_contents('php://input'));
         if (filter_var($request->{'_csrf_token_news'}, FILTER_SANITIZE_STRING)) {
             $csrf_token_news = htmlspecialchars($request->{'_csrf_token_news'}, ENT_QUOTES);
             if ($csrf_token_news == hash('sha256', Security::getCSRFToken('csrf_token_news'))) {
                 if (is_numeric($id)) {
                     $status = $this->delete($id) == 1 ? 204 : 400;
                 }
             }
         }
         http_response_code($status);
         echo json_encode($data);
     }
 }
 public function updateAction()
 {
     if ($this->isAJAX() && $this->isRequestMethod('PUT') && Security::getUserRole() === 'ROLE_ADMIN') {
         $status = 400;
         $data = array("error" => 'bad_request');
         $request = json_decode(file_get_contents('php://input'));
         if (filter_var($request->{'_csrf_token_category'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_title'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9_.öçşiğüÖÇŞİĞÜ-]{3,50}$/')))) {
             $status = 400;
             $data = array("error" => 'bad_request');
             $csrf_token_category = htmlspecialchars($request->{'_csrf_token_category'}, ENT_QUOTES);
             if ($csrf_token_category == hash('sha256', Security::getCSRFToken('csrf_token_category'))) {
                 $id = htmlspecialchars($request->{'_id'}, ENT_QUOTES);
                 $title = htmlspecialchars($request->{'_title'}, ENT_QUOTES);
                 $category = $this->loadModel('Category');
                 $category->Id = $id;
                 $status = 200;
                 $data = array('id' => $category->save(array('title' => $title)));
             }
         }
         http_response_code($status);
         echo json_encode($data);
     }
 }