/** * Bootstrap the session. * * @param Config $config The session config */ public static function bootstrap(Config $config) { if (!$config->cookie_name) { $config->cookie_name = 'session_id'; } if (!$config->id_format) { $config->id_format = Handler::DEFAULT_ID_FORMAT; } // Create and set the session save handler static::$handler = new Handler($config); session_set_save_handler(static::$handler, true); // Set the session name session_name($config->cookie_name); // Set the cookie parameters $app = Application::instance(); $path = $app->config->base_uri ?: '/'; $domain = $app->config->domain ?: $_SERVER['HTTP_HOST']; $secure = $app->request->isSecure(); $lifetime = $config->lifetime ?: 2592000; session_set_cookie_params($lifetime, $path, $domain, $secure, true); // Start the session session_start(); // Register session_write_close() as a shutdown function session_register_shutdown(); }
public static function set($key, $value, $expiry = 2592000) { $app = Application::instance(); $path = $app->config->app->base_uri ?: '/'; $domain = $app->config->app->domain ?: $_SERVER['HTTP_HOST']; $secure = $app->request->isSecure(); $expires = time() + $expiry; setcookie($key, $value, $expires, $path, $domain, $secure, true); }
/** * Check that the posted CSRF token matches the value stored in the session. * * @throws CSRFMismatchException Thrown if CSRF tokens do not match. * * @return bool */ public static function check() { $request = Application::instance()->request; $key = $request->input->{self::POST_KEY}; $stored = Session::get(self::SESSION_KEY); if ($request->isPost() && $key !== $stored) { throw new CSRFMismatchException('CSRF token is invalid'); } return true; }
/** * Initialise the controller. * * @param Request $request The current request * @param Response $response The current response */ public function __construct(Request $request, Response $response) { $this->request = $request; $this->response = $response; foreach ($this->middleware as $middleware) { if (!new $middleware() instanceof Middleware) { throw new InvalidMiddlewareException($middleware . ' is not a valid middleware class'); } if (!$middleware::check()) { // Most middleware classes will throw an exception Application::instance()->error(404); } } }
/** * Check that the honeypot field has not been filled in, and that the form * was not filled in quicker than possible by a human. * * @throws SuspectedBotException Thrown if we suspect a bot has posted. * * @return bool */ public static function check() { $request = Application::instance()->request; // If the honeypot is filled in, throw an exception $honey = $request->input->{static::encode(self::POST_KEY)}; if ($honey) { throw new SuspectedBotException(); } $time = $request->input->{static::encode(self::POST_TIME_KEY)}; if (time() < base64_decode($time) + self::MIN_POST_TIME) { throw new SuspectedBotException(); } return true; }
function resource($route, $controller) { $application = Application::instance(); if (!is_array($route)) { $route = [$route, Str::snakeCase(str_replace('Controller', '', $controller))]; } list($route, $name) = $route; get([$route, $name], $controller . '@index'); post([$route, $name . '.create'], $controller . '@create'); get([$route . '/{id:int}', $name . '.show'], $controller . '@show'); post([$route . '/{id:int}', $name . '.update'], $controller . '@update'); get([$route . '/{id:int}/edit', $name . '.edit'], $controller . '@edit'); delete([$route . '/{id:int}', $name . '.delete'], $controller . '@destroy'); post([$route . '/{id:int}/destroy', $name . '.destroy'], $controller . '@destroy'); }
/** * Get all the input arguments from the array. * * @return array */ public static function all($escaped = true) { $request = Application::instance()->request; $input = $escaped ? $request->input : $request->rawInput; return $input->toArray(); }
/** * Construct the application. */ public function __construct() { // Spoof the request method $_SERVER['REQUEST_METHOD'] = Router::GET; parent::__construct(); }
/** * Set a config value. * * @param string $path The path of the value to set * * @return mixed The value */ public static function set($key) { return Application::instance()->config->setValueForPath($key); }
/** * Get the previous URL. * * @return string|null The URL */ public static function previous() { $app = Application::instance(); return $app->request->previousUri; }
/** * Refresh the current page. */ public static function refresh() { $app = Application::instance(); $app->response->redirect(Url::current()); }