public function __construct() { $this->request = RequestModel::currentRequest(); // provide all controllers with access to the request data $this->session = SessionModel::currentSession(); // provide all controllers with access to the session data }
public static function redirect($url, $query_parameters = array()) { $request = RequestModel::currentRequest(); $redirect_host = parse_url($url, PHP_URL_HOST); // Check that we're redirecting to our own domain, avoids potential security issues... if (!isValidURL($url)) { $url = '/'; // fallback } else { if ($redirect_host !== HOSTNAME) { // Remote Domain! (new Log(SECURITY_LOG))->logMessage("Attempted redirect to external URL: {$url}"); $url = '/'; // fallback } else { // URL is OK, modify the existing URL if parameters were specified... if (!empty($query_parameters)) { $url = addQueryParams($url, $query_parameters); } } } // OK to Redirect User? if (headers_sent($file, $line)) { // Log Error (new Log(ERROR_LOG))->logMessage("Unable to redirect, headers already sent in {$file} on line {$line}"); // Ask user for manual redirection... echo "Unable to redirect automatically, please click this link: <a href=\"{$url}\">{$url}</a>"; } else { // We're OK to Redirect header("Location: {$url}"); } exit; // terminate }
public function __construct() { $this->request = RequestModel::currentRequest(); // Cookie Provided? if (!empty($_COOKIE[self::COOKIE_NAME])) { $this->cookie_token = $_COOKIE[self::COOKIE_NAME]; } // Make sure the cookie is good, generate a new token if not (or missing)... $this->cookie_token = $this->token(); }
public function isUserAuthenticated($auth_required = true) { // Cached Result... (if checked before, return the result) if ($this->authentication != self::AUTH_UNKNOWN) { return $this->authentication == self::AUTH_PASSED; } // Check Token Validity -- Avoid DB Overhead if (self::isSessionIDValid($this->id)) { $db = Database::getConnection(); $query = $db->query("SELECT user_id, update_timestamp, persistent FROM " . self::TABLE_NAME . " WHERE (id=:id) AND (expiry_timestamp > :now)", array(":id" => $this->id, ":now" => Carbon::now())); } else { if (!$auth_required) { return false; } } // Check Query Result (and that it was executed) if (isset($query) && $query && $query->rowCount()) { $db_row = $query->fetch(PDO::FETCH_ASSOC); $this->user_id = $db_row['user_id']; // only set here, force people to call this function first before being allowed to look at the ID // We need to renew sessions on a regular basis in order for us to determine when sessions become inactive... if (Carbon::parse($db_row['update_timestamp'])->diffInSeconds(Carbon::now()) > self::SESSION_RENEWAL_PERIOD_SECONDS) { $this->create($db_row['user_id'], isTrue($db_row['persistent'])); } // renew $this->authentication = self::AUTH_PASSED; return true; } else { if ($auth_required) { // Determine the Current Target/Action $request = RequestModel::currentRequest(); $router = RouteController::getController(); $route = $router->findRouteForURL($request->url()); // Add Query Params? $url = $router->urlForAction($route->action(), $route->extractArgs($request->url())); if (count($request->queryArgArray())) { $url = addQueryParams($url, $request->queryArgArray()); } // Request a Login AppController::requestUserLogin($url); // we need to extract and re-inject any args or we lose context... } else { $this->authentication = self::AUTH_FAILED; return false; } } }
public static function assetURL($asset) { return RequestModel::currentRequest()->protocol() . "://" . HOSTNAME . '/assets/' . $asset; }