public function store() { if (!checked_token($_POST['_token'])) { $this->redirect(url('cart')); } //if(empty($_SESSION)) session_start(); if (!empty($_SESSION['old'])) { $_SESSION['old'] = []; } if (!empty($_SESSION['error'])) { $_SESSION['error'] = []; } $rules = ['email' => FILTER_VALIDATE_EMAIL, 'number' => ['filter' => FILTER_CALLBACK, 'options' => function ($nb) { if (preg_match('/[0-9]{16}/', $nb)) { return $nb; } return false; }], 'adresse' => FILTER_SANITIZE_STRING]; $sanitize = filter_input_array(INPUT_POST, $rules); //var_dump($sanitize); $error = false; if (!$sanitize['email']) { $error = true; $_SESSION['error']['email'] = 'your email is invalid'; } if (!$sanitize['number']) { $error = true; $_SESSION['error']['number'] = 'your blue card number is invalid'; } if (!empty($sanitize['adresse'])) { $error = true; $_SESSION['error']['adresse'] = 'you must give your address'; } if ($error) { $_SESSION['old']['email'] = $sanitize['email']; $_SESSION['old']['adresse'] = $sanitize['adresse']; $this->redirect(url('cart')); } //transactionnelle PDO try { \Connect::$pdo->beginTransaction(); $history = new History(); $customer = new Customer(); $customer->create(['email' => $sanitize['email'], 'number' => $sanitize['number'], 'adresse' => $sanitize['adresse']]); $customer_id = \Connect::$pdo->lastInsertId(); $storage = $this->cart->all(); foreach ($storage as $id => $total) { $p = new Product(); // product du Model pas du Cart $stmt = $p->find($id); $history->create(['product_id' => $id, 'customer_id' => $customer_id, 'price' => (double) $stmt->price, 'total' => $total, 'quantity' => $total / $stmt->price, 'commanded_at' => date('Y-m-d h:i:s')]); } \Connect::$pdo->commit(); $this->cart->reset(); $this->redirect(url()); } catch (\PDOException $e) { \Connect::$pdo->rollBack(); } }
private function validToken($path, $tokenName = '_token') { if (!checked_token($_POST[$tokenName])) { $this->redirect($path); } }
public function login() { view('front.login', []); if (!empty($_POST)) { var_dump($_POST); $token = $_POST['_token']; if (checked_token($token) == true) { $rules = ['login' => FILTER_SANITIZE_STRING, 'password' => FILTER_SANITIZE_STRING]; $sanitize = filter_input_array(INPUT_POST, $rules); var_dump($_POST); $users = new User(); $user = $users->getUser($sanitize['login']); if ($user == false) { $_SESSION['error']['login'] = '******'est pas valide'; $_SESSION['error']['password'] = '******'est pas valide'; header('Location: /login'); exit; } $user = compact('user'); $error = false; foreach ($user as $value) { if ($sanitize['login'] != $value->username) { $_SESSION['error']['login'] = '******'est pas valide'; $error = true; } if (!password_verify($sanitize['password'], $value->password)) { $_SESSION['error']['password'] = '******'est pas valide'; $error = true; } } if ($error) { header('Location: /login'); exit; } $_SESSION['users']['username'] = $_POST['login']; $_SESSION['users']['password'] = $_POST['password']; header('Location: /dashboard'); exit; } } }
/** * @post update */ function update_post_controller($id) { __is_guest(); if (!empty($_POST)) { if (checked_token($_POST['_token'])) { __session_start(); $_SESSION['old'] = []; $_SESSION['errors'] = []; $rules = ['title' => FILTER_SANITIZE_STRING, 'content' => FILTER_SANITIZE_STRING, 'status' => ['filter' => FILTER_CALLBACK, 'options' => function ($s) { if (in_array($s, ['published', 'unpublished'])) { return $s; } else { return 'unpublished'; } }], 'published_at' => ['filter' => FILTER_CALLBACK, 'options' => function ($checkbox) { if ($checkbox == 'yes') { return new DateTime('now'); } }]]; $sanitize = filter_input_array(INPUT_POST, $rules); $id = (int) $id; // test if errors if (empty($_POST['title'])) { $_SESSION['errors']['title'] = 'title is required'; } if (!empty($_SESSION['errors'])) { $_SESSION['old'] = $sanitize; redirect('post/create'); // exit } if (!empty($_FILES['file']) && is_uploaded_file($_FILES['file']['tmp_name'])) { try { $dateFile = upload($_FILES['file']); beginTransaction(); update_post_model($id, $sanitize); create_media_model(['filename' => $dateFile['filename'], 'post_id' => $id, 'size' => $dateFile['size']]); commit(); setFlashMessage("success stored"); redirect('dashboard'); } catch (Exception $e) { if ($e instanceof RuntimeException) { $_SESSION['old'] = $sanitize; $_SESSION['errors']['upload'] = $e->getMessage(); redirect('post/create'); } rollback(); $_SESSION['old'] = $sanitize; $_SESSION['errors']['file'] = $e->getMessage(); redirect('post/create'); } } else { try { beginTransaction(); update_post_model($id, $sanitize); $media_id = (int) $_POST['m_id']; if (!empty($_POST['m_id']) && !empty($_POST['delete_filename'])) { $media = find_model($media_id, 'medias'); $m = $media->fetch(); destroy_model($media_id, 'medias'); } commit(); if (!empty($m)) { unlink(getEnv('UPLOAD_DIRECTORY') . '/' . htmlentities($m['m_filename'])); } setFlashMessage(trans('success_updated_post', $sanitize['title'])); redirect('dashboard'); } catch (Exception $e) { rollback(); $_SESSION['old'] = $sanitize; $_SESSION['errors']['file'] = $e->getMessage(); redirect('post/create'); } throw new RuntimeException('418'); } } } }