public function start() { if (!isset($_SESSION['formToken'])) { TokenHelper::setCSRFToken(); } try { $this->frontController->dispatch(); } catch (InvalidCredentialsException $credError) { echo $credError->getMessage(); } catch (InvalidUserInputException $inputError) { echo $inputError->getMessage(); } catch (InvalidUserOperationException $userOperError) { echo $userOperError->getMessage(); } catch (UnauthorizedException $unathourError) { echo $unathourError->getMessage(); } // TODO TRY CATCH ERRORS BEFORE DISPATCH }
public static function validateBindingModel($model) { if ($_POST['formToken'] != TokenHelper::getCSRFToken()) { throw new UnauthorizedException("Invalid BindingModel "); } if (!$model instanceof IBindingModel) { throw new InvalidUserInputException("Invalid BindingModel [Your BindingModel does not implemented IBindingModel]"); } $reflection = new \ReflectionClass($model); $bindingModelProperties = $reflection->getProperties(\ReflectionProperty::IS_PRIVATE); $postKeys = array_keys($_POST); foreach ($bindingModelProperties as $property) { if (startsWith($property->getName(), '_')) { $property = substr($property->getName(), 1, strlen($property->getName())); } if (!in_array($property, $postKeys) || empty($_POST[$property])) { throw new InvalidUserInputException("Invalid BindingModel [Required parameters are empty/missing]"); } } }
public static function render() { self::$attributes["class"] = implode(" ", self::$classes); $attributesString = ""; $innerAttribute = ""; foreach (self::$attributes as $attribute => $value) { $attributesString .= " {$attribute} = " . "\"{$value}\""; } $result = "<form" . $attributesString . ">"; foreach (self::$elements as $element) { $result .= "<{$element->elementName}"; $attributesString = ""; foreach ($element->attributes as $attribute => $value) { if ($element->innerValue === false) { $attributesString .= " {$attribute} = " . "\"{$value}\""; } } $result .= $attributesString . ">"; if ($element->innerValue === true) { $result .= $element->attributes['value'] != null ? $element->attributes['value'] : ""; $result .= "</{$element->elementName}>"; } if ($element->innerElements) { foreach ($element->innerElements as $innerElement) { $result .= "<{$innerElement->elementName}"; $innerAttribute = ""; foreach ($innerElement->attributes as $a => $v) { if ($a != 'text') { $innerAttribute .= " {$a} = " . "\"{$v}\""; } } $result .= $innerAttribute . ">"; $result .= $innerElement->attributes['text'] != null ? $innerElement->attributes['text'] : ""; $result .= "</{$innerElement->elementName}>"; } } } $result .= '<input type="hidden" name="formToken" value="' . TokenHelper::getCSRFToken() . '" />'; $result .= "</form>"; echo $result; }
?> account/login" method="post" class="form-horizontal"> <fieldset> <legend>Login</legend> <div class="form-group"> <label for="inputUsername" class="col-lg-2 control-label">Username</label> <div class="col-lg-6"> <input type="text" class="form-control" name="username" id="inputUsername" placeholder="Username"> </div> </div> <div class="form-group"> <label for="inputPassword" class="col-lg-2 control-label">Password</label> <div class="col-lg-6"> <input type="password" class="form-control" name="password" id="inputPassword" placeholder="Password"> </div> </div> <input type="hidden" name="formToken" value="<?php echo \EShop\Helpers\TokenHelper::getCSRFToken(); ?> " /> <div class="form-group"> <div class="col-lg-10 col-lg-offset-2"> <a href="register" class="btn btn-default">Go to register</a> <button type="submit" class="btn btn-primary">Login</button> </div> </div> </fieldset> </form> </div> </div> </div>