public function securePost()
{
if ($this->isPost()) {
$csrf = Session::get('skankydev.form.csrf');
$this->data = (object) $_POST;
if ($csrf) {
$token = $_POST['_token'];
if (!$csrf->checkValue($token) || !$csrf->checkTime()) {
throw new Exception("CRSF error", 500);
//dont throw exeption in construct;
} else {
unset($this->data->_token);
}
}
}
}
/**
* display flash message;
* @return string the html;
*/
public function display()
{
$retour = '';
if (!empty($this->messages)) {
foreach ($this->messages as $message) {
$tag = $this->default['tags'][1];
if (isset($message['attr']['class'])) {
$message['attr']['class'] .= ' flash-message';
} else {
$message['attr']['class'] = 'flash-message';
}
$retour .= $this->surround($message['messages'], $tag, $message['attr']);
}
$retour = $this->surround($retour, $this->default['tags'][0]);
unset($this->messages);
}
Session::delete('FlashMessage');
return $retour;
}
public function __construct()
{
try {
Config::getConf();
Auth::loadClass();
//we c'est un peux de la triche
Session::start();
EventManager::init();
$this->request = Request::getInstance();
$this->router = Router::getInstance();
$this->auth = Auth::getInstance();
include_once APP_FOLDER . DS . 'config' . DS . 'bootstrap.php';
$this->request->securePost();
$view = $this->router->execute();
$view->render();
} catch (Exception $e) {
$this->controller = new ErrorController($e);
}
}
/**
* create the form balise
* @param string $action the url for valide form
* @param array $attr the attribute
* @param string $method the method of form (default POST)
* @param string $csrf active CSRF protection
* @return string the balise form
*/
public function start($action, $attr = [], $method = 'POST', $csrf = true)
{
$retour = '<form action="' . $action . '" ';
$attr = array_merge($this->formAttr, $attr);
$retour .= $this->createAttr($attr);
$retour .= 'method="' . $method . '">';
if ($csrf) {
$token = new Token();
Session::set('skankydev.form.csrf', $token);
$retour .= $this->input('_token', ['type' => 'hidden', 'value' => $token->value]);
}
return $retour;
}
public function set($message, $attr = [])
{
$this->messages[] = ['messages' => $message, 'attr' => $attr];
Session::set('FlashMessage', $this->messages);
}
public function setBackLink()
{
if (!Session::get('skankydev.backlink')) {
Session::set('skankydev.backlink', $this->historique->comeFrom());
}
}
/**
* set the last
* @return [type] [description]
*/
function notDirect()
{
$this->history[0]['direct'] = false;
Session::set('skankydev.historique.0.direct', false);
}
