/** * @return void */ public function indexAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { $status = 400; $data = array('error' => 'bad_request'); if (filter_has_var(INPUT_POST, "_csrf_token_login") && filter_has_var(INPUT_POST, "_username") && filter_has_var(INPUT_POST, "_password")) { $status = 403; $data = array('error' => 'bad_request'); $csrf_token_login = htmlspecialchars($_POST['_csrf_token_login'], ENT_QUOTES); if ($csrf_token_login == hash('sha256', Security::getCSRFToken('csrf_token_login'))) { $status = 204; $data = array('error' => 'no_content'); $username = htmlspecialchars($_POST['_username'], ENT_QUOTES); $password = htmlspecialchars($_POST['_password'], ENT_QUOTES); $user = $this->loadModel('User'); $user->Username = $username; $user->Password = $password; $id = $user->isAuthorized(); if ($id > 0) { Security::loggedIn($id, $user->Role); Security::destroyCSRFToken('csrf_token_login'); $status = 200; $data = array('id' => $id, 'role' => $user->Role); } } } http_response_code($status); echo json_encode($data); } else { Helper::redirectTo(WEB . 'register'); } }
/** * @return void */ public function createAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_register'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_username'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{3,15}$/'))) && filter_var($request->{'_password'}, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[a-zA-Z0-9]{6,20}$/')))) { $status = 400; $data = array("error" => 'bad_request'); $csrf_token_register = htmlspecialchars($request->{'_csrf_token_register'}, ENT_QUOTES); if ($csrf_token_register == hash('sha256', Security::getCSRFToken('csrf_token_register'))) { $username = htmlspecialchars($request->{'_username'}, ENT_QUOTES); $password = htmlspecialchars($request->{'_password'}, ENT_QUOTES); $user = $this->loadModel('User'); $user->Username = $username; $user->Password = $password; $status = 409; $data = array('error' => 'username_is_taken'); if (!$user->isUsernameTaken()) { $id = $user->Save(array('username' => $username, 'password' => $user->Password)); if ($id > 0) { $role = $this->loadModel('Role'); $role->Save(array('user_id' => $id, 'role_id' => 1)); $status = 201; $data = array('id' => $id); } } } } http_response_code($status); echo json_encode($data); } else { Helper::redirectTo(WEB . 'register'); } }
public function indexAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { Security::loggedOut(); http_response_code(200); echo json_encode(array('success' => true)); } else { Helper::redirectTo(WEB . DEFAULT_ROUTE); } }
public function crudAction() { if (Security::getUserRole() === 'ROLE_ADMIN') { $css = [STYLES . 'grid.css']; $js = [SCRIPTS . 'category.js', SCRIPTS . 'category-crud.js', SCRIPTS . 'categories.js']; $this->loadView(LAYOUT, 'Category/Admin/index', 'Categories', $css, $js, ['csrf_token_category' => Security::generateCSRFToken('csrf_token_category')]); } else { Helper::redirectTo(WEB . 'categories'); } }
public function crudAction() { if (Security::getUserRole() === 'ROLE_ADMIN') { $comments = $this->loadModel('Comment')->loadAll(); $css = [STYLES . 'comments.css']; $js = [SCRIPTS . 'comment.js', SCRIPTS . 'comment-crud.js']; $this->loadView(LAYOUT, 'Comments/Admin/index', 'Comments', $css, $js, ['comments' => $comments, 'csrf_token_comment' => Security::generateCSRFToken('csrf_token_comment')]); } else { Helper::redirectTo(WEB . 'comments'); } }
/** * @access public * @return void */ public function run() { $bootstrap = new Bootstrap(); $bootstrap->setCurrentController(DEFAULT_CONTROLLER); $bootstrap->setCurrentAction(DEFAULT_ACTION); $bootstrap->parseUrl(); $route = $bootstrap->getRoute(); if (!empty($this->routes[$route]['isOauthRequired']) && !Security::isUserLoggedIn()) { Helper::redirectTo(WEB . DEFAULT_ROUTE); } else { if (!empty($this->routes[$route]['controller'])) { $controller = $this->routes[$route]['controller']; $bootstrap->setController($controller); } $bootstrap->loadControllerFile(); $bootstrap->initControllerClass(); $bootstrap->runControllerAction($bootstrap->getAction(), $bootstrap->getParams()); } }
public function saveAction() { if ($this->isAJAX() && $this->isRequestMethod('POST')) { $this->status = 400; $this->data = array("error" => 'bad_request'); if (filter_has_var(INPUT_POST, '_csrf_token_news')) { $csrf_token_news = htmlspecialchars($_POST['_csrf_token_news'], ENT_QUOTES); if ($csrf_token_news == hash('sha256', Security::getCSRFToken('csrf_token_news'))) { if (filter_has_var(INPUT_POST, '_id')) { if (is_numeric($_POST['_id'])) { $id = $_POST['_id']; if ($id == 0) { $this->create(); } else { $this->update($id); } } } } } http_response_code($this->status); echo json_encode($this->data); } else { if (!$this->isAJAX()) { Helper::redirectTo(WEB . 'news/category'); } } }