public function __construct()
{
parent::__construct('register');
if (Security::isUserLoggedIn()) {
Helper::redirectTo(WEB . DEFAULT_ROUTE);
}
}
/**
* @return void
*/
public function saveAction()
{
if ($this->isAJAX() && $this->isRequestMethod('POST') && Security::isUserLoggedIn()) {
$status = 400;
$data = array("error" => 'bad_request');
$request = json_decode(file_get_contents('php://input'));
if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_news_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_content'}, FILTER_SANITIZE_STRING)) {
$status = 400;
$data = array("error" => 'bad_request');
$csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES);
if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) {
$content = htmlspecialchars($request->{'_content'}, ENT_QUOTES);
$news_id = htmlspecialchars($request->{'_news_id'}, ENT_QUOTES);
$user_id = Security::getUserId();
$comment = $this->loadModel('Comment');
$id = $comment->save(['news_id' => $news_id, 'user_id' => $user_id, 'content' => $content]);
if ($id > 0) {
$status = 201;
$comment->Id = $id;
$data = $comment->getUsernameAndDate();
}
}
}
http_response_code($status);
echo json_encode($data);
}
}
/**
* @access public
* @return void
*/
public function run()
{
$bootstrap = new Bootstrap();
$bootstrap->setCurrentController(DEFAULT_CONTROLLER);
$bootstrap->setCurrentAction(DEFAULT_ACTION);
$bootstrap->parseUrl();
$route = $bootstrap->getRoute();
if (!empty($this->routes[$route]['isOauthRequired']) && !Security::isUserLoggedIn()) {
Helper::redirectTo(WEB . DEFAULT_ROUTE);
} else {
if (!empty($this->routes[$route]['controller'])) {
$controller = $this->routes[$route]['controller'];
$bootstrap->setController($controller);
}
$bootstrap->loadControllerFile();
$bootstrap->initControllerClass();
$bootstrap->runControllerAction($bootstrap->getAction(), $bootstrap->getParams());
}
}
<?php
use app\core\Security;
$isUserLoggedIn = Security::isUserLoggedIn();
function isGuest($isUserLoggedIn)
{
return $isUserLoggedIn ? 'none' : 'block';
}
function isAuthorized($isUserLoggedIn)
{
return $isUserLoggedIn ? 'block' : 'none';
}
function isAdmin($isUserLoggedIn)
{
return $isUserLoggedIn && Security::getUserRole() === 'ROLE_ADMIN' ? 'block' : 'none';
}
function isTokenGenerated($isUserLoggedIn)
{
return $isUserLoggedIn ? 0 : Security::generateCSRFToken('csrf_token_login');
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo $title;
?>
</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="<?php
/**
* @access public
* @param int
*/
public function readAction($id)
{
if (filter_var($id, FILTER_VALIDATE_INT)) {
if ($this->isAJAX()) {
if ($this->isRequestMethod('GET')) {
$news = $this->read($id);
if (sizeof($this->read($id)) == 1) {
$categories = $this->loadModel('LOC')->findByNewsId($id);
http_response_code(200);
echo json_encode(array('news' => $news, 'categories' => $categories));
} else {
http_response_code(204);
}
}
} else {
$news = $this->read($id);
if (sizeof($this->read($id)) == 1) {
$comments = $this->loadModel('Comment')->findByNewsId($id);
$css = ['news.css'];
$js = [SCRIPTS . 'comment.js', SCRIPTS . 'comments.js'];
$this->loadView(LAYOUT, 'News/User/detail', 'News', $css, $js, ['news' => $news[0], 'comments' => $comments, 'isUserLoggedIn' => Security::isUserLoggedIn(), 'csrf_token_comment' => Security::generateCSRFToken('csrf_token_comment')]);
} else {
Helper::redirectTo(WEB . 'news/category/all');
}
}
}
}
