private function validateToken() { if (strtolower($_SERVER['REQUEST_METHOD']) == 'get') { return true; } else { if (isset($_POST['_method'])) { if (!isset($_POST['_token'])) { $this->viewProviderContract->render('errors.401'); } if (Csrf::validate($_POST['_token'])) { return true; } http_response_code(401); $this->viewProviderContract->render('errors.401'); } } $this->throw404(); }
private function injectBindingModelIfAny() { $bindingModel = $this->getBindingModelIfAny(); if ($bindingModel) { if (class_exists($bindingModel)) { if (isset($_POST['_token']) && Csrf::validate($_POST['_token'])) { unset($_POST['_token']); $bindingModel = new $bindingModel(); $reflector = new \ReflectionClass($bindingModel); $classProperties = $reflector->getProperties(); if (!$this->isPassedDataValid($classProperties)) { throw new \Exception("Binding model cannot be processed with the data you passed."); } foreach ($classProperties as $property) { $propertyName = $property->getName(); $bindingModel->{$propertyName} = $_POST[$propertyName]; } } } else { throw new \Exception("The provided binding model does not exist: {$bindingModel}"); } } $this->controller->binding = $bindingModel; }
private function performRouteMatchingAlgorithm() { $this->parseUrl(); $routesArray = $this->routes; $isAreaRoute = false; if ($this->areaExists()) { $routesArray = $this->areas[$this->urlSegments[0]]['routes']; $isAreaRoute = true; } $requestMethod = strtolower($_SERVER['REQUEST_METHOD']); if (!in_array($requestMethod, $this->allowedRequestMethods)) { throw new \Exception("HTTP method {$requestMethod} not allowed."); } // Token check if ($requestMethod != 'get') { if (isset($_POST['_method'])) { if (!isset($_POST['_token'])) { $this->viewProviderContract->render('errors.401'); } if (Csrf::validate($_POST['_token'])) { $requestMethod = strtolower($_POST['_method']); } } } foreach ($routesArray[$requestMethod] as $route => $target) { // var_dump($route); if ($isAreaRoute) { $route = $this->urlSegments[0] . '/' . $route; } $routeSegments = $route == '/' ? ['/'] : preg_split('#/#', $route, null, PREG_SPLIT_NO_EMPTY); $urlSegmentsCount = count($this->urlSegments); $routeSegmentsCount = count($routeSegments); $routeMatches = true; // try with || $urlSegments > $routeSegments + 1 if ($urlSegmentsCount > $routeSegmentsCount) { continue; } for ($i = 0; $i < $routeSegmentsCount; $i++) { $currentRouteSegment = $routeSegments[$i]; $currentUrlSegment = isset($this->urlSegments[$i]) ? $this->urlSegments[$i] : null; if ($this->isRouteSegmentParameter($currentRouteSegment)) { if ($currentUrlSegment == null && !$this->isRouteSegmentOptional($currentRouteSegment)) { $routeMatches = false; break; } // match regexes preg_match('#(?:{)(.*?)(:[a-z])*?(?:}|\\?)#', $currentRouteSegment, $routeSegmentPartials); $routeSegmentName = isset($routeSegmentPartials[1]) ? $routeSegmentPartials[1] : null; $routeSegmentType = isset($routeSegmentPartials[2]) ? $routeSegmentPartials[2] : null; if (!array_key_exists($routeSegmentType, $this->patterns)) { throw new \Exception("Invalid segment type in route: {$route}"); } $routeSegmentRegex = $this->patterns[$routeSegmentType]; preg_match($routeSegmentRegex, $currentUrlSegment, $urlSegmentMatchesRegex); if (empty($urlSegmentMatchesRegex)) { $routeMatches = false; break; } else { if ($urlSegmentMatchesRegex[0] != $currentUrlSegment) { $routeMatches = false; break; } } // everything's fine // put the url value in the extracted values $this->extractedVariables[$routeSegmentName] = $urlSegmentMatchesRegex[0]; } else { if (0 != strcasecmp($currentRouteSegment, $currentUrlSegment)) { $routeMatches = false; break; } } // is this the last element // if everythings fine - we have a match. $optionalSegments = $this->getOptionalSegmentsForRoute($routeSegments); $isLastRouteSegment = $i == $routeSegmentsCount - 1 - $optionalSegments; if ($urlSegmentsCount == $routeSegmentsCount) { $isLastRouteSegment = $i == $routeSegmentsCount - 1; } if ($isLastRouteSegment && $routeMatches) { $this->matchedRoutes[] = $route; } } } // Automatic routing. if (empty($this->matchedRoutes)) { $this->autoRoutingProviderContract->invoke($this->routes, $this->areas); } // Check for area route and match it. if (!empty($this->matchedRoutes)) { // The target of the first matched route. if ($isAreaRoute) { $matched = $this->matchedRoutes[0] != $this->urlSegments[0] . '//' ? ltrim(substr($this->matchedRoutes[0], strlen($this->urlSegments[0])), '/') : '/'; if (isset($this->areas[$this->urlSegments[0]]['folder'])) { $areaFolderPrefix = $this->areas[$this->urlSegments[0]]['folder']; } else { throw new \Exception('No such area. Did you missed to initiate the area before adding a route to it? Use $router->area() function.'); } $target = $areaFolderPrefix . '|' . $this->areas[$this->urlSegments[0]]['routes'][$requestMethod][$matched]; } else { $target = $this->routes[$requestMethod][$this->matchedRoutes[0]]; } return $target; } return false; }