public function __construct() { parent::__construct('register'); if (Security::isUserLoggedIn()) { Helper::redirectTo(WEB . DEFAULT_ROUTE); } }
/** * @return void */ public function saveAction() { if ($this->isAJAX() && $this->isRequestMethod('POST') && Security::isUserLoggedIn()) { $status = 400; $data = array("error" => 'bad_request'); $request = json_decode(file_get_contents('php://input')); if (filter_var($request->{'_csrf_token_comment'}, FILTER_SANITIZE_STRING) && filter_var($request->{'_news_id'}, FILTER_VALIDATE_INT) && filter_var($request->{'_content'}, FILTER_SANITIZE_STRING)) { $status = 400; $data = array("error" => 'bad_request'); $csrf_token_comment = htmlspecialchars($request->{'_csrf_token_comment'}, ENT_QUOTES); if ($csrf_token_comment == hash('sha256', Security::getCSRFToken('csrf_token_comment'))) { $content = htmlspecialchars($request->{'_content'}, ENT_QUOTES); $news_id = htmlspecialchars($request->{'_news_id'}, ENT_QUOTES); $user_id = Security::getUserId(); $comment = $this->loadModel('Comment'); $id = $comment->save(['news_id' => $news_id, 'user_id' => $user_id, 'content' => $content]); if ($id > 0) { $status = 201; $comment->Id = $id; $data = $comment->getUsernameAndDate(); } } } http_response_code($status); echo json_encode($data); } }
/** * @access public * @return void */ public function run() { $bootstrap = new Bootstrap(); $bootstrap->setCurrentController(DEFAULT_CONTROLLER); $bootstrap->setCurrentAction(DEFAULT_ACTION); $bootstrap->parseUrl(); $route = $bootstrap->getRoute(); if (!empty($this->routes[$route]['isOauthRequired']) && !Security::isUserLoggedIn()) { Helper::redirectTo(WEB . DEFAULT_ROUTE); } else { if (!empty($this->routes[$route]['controller'])) { $controller = $this->routes[$route]['controller']; $bootstrap->setController($controller); } $bootstrap->loadControllerFile(); $bootstrap->initControllerClass(); $bootstrap->runControllerAction($bootstrap->getAction(), $bootstrap->getParams()); } }
<?php use app\core\Security; $isUserLoggedIn = Security::isUserLoggedIn(); function isGuest($isUserLoggedIn) { return $isUserLoggedIn ? 'none' : 'block'; } function isAuthorized($isUserLoggedIn) { return $isUserLoggedIn ? 'block' : 'none'; } function isAdmin($isUserLoggedIn) { return $isUserLoggedIn && Security::getUserRole() === 'ROLE_ADMIN' ? 'block' : 'none'; } function isTokenGenerated($isUserLoggedIn) { return $isUserLoggedIn ? 0 : Security::generateCSRFToken('csrf_token_login'); } ?> <!DOCTYPE html> <html> <head> <title><?php echo $title; ?> </title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="<?php
/** * @access public * @param int */ public function readAction($id) { if (filter_var($id, FILTER_VALIDATE_INT)) { if ($this->isAJAX()) { if ($this->isRequestMethod('GET')) { $news = $this->read($id); if (sizeof($this->read($id)) == 1) { $categories = $this->loadModel('LOC')->findByNewsId($id); http_response_code(200); echo json_encode(array('news' => $news, 'categories' => $categories)); } else { http_response_code(204); } } } else { $news = $this->read($id); if (sizeof($this->read($id)) == 1) { $comments = $this->loadModel('Comment')->findByNewsId($id); $css = ['news.css']; $js = [SCRIPTS . 'comment.js', SCRIPTS . 'comments.js']; $this->loadView(LAYOUT, 'News/User/detail', 'News', $css, $js, ['news' => $news[0], 'comments' => $comments, 'isUserLoggedIn' => Security::isUserLoggedIn(), 'csrf_token_comment' => Security::generateCSRFToken('csrf_token_comment')]); } else { Helper::redirectTo(WEB . 'news/category/all'); } } } }