Compare commits

...

1 commit
master ... MVC

Author SHA1 Message Date
Miroslav Šedivý
cf64c88f27 Initial MVC 2017-02-09 22:05:46 +01:00
11 changed files with 119 additions and 60 deletions

View file

@ -1,4 +1,5 @@
<?php
namespace Core;
class Ajax
{
@ -16,16 +17,16 @@ class Ajax
public function token(){
if(empty($_SESSION['token'])){
throw new Exception("Direct access violation.");
throw new \Exception("Direct access violation.");
}
$headers = apache_request_headers();
if(!isset($headers['Csrf-Token']) || empty($_SESSION['token'])){
throw new Exception("No CSRF token.");
throw new \Exception("No CSRF token.");
}
if($headers['Csrf-Token'] !== $_SESSION['token']){
throw new Exception("Wrong CSRF token.");
throw new \Exception("Wrong CSRF token.");
}
}

View file

@ -1,4 +1,5 @@
<?php
namespace Core;
class Config
{
@ -45,4 +46,4 @@ class Config
}
}
class ConfigException extends Exception {}
class ConfigException extends \Exception {}

View file

@ -1,6 +1,6 @@
<?php
namespace Core;
// v3.43 (+ query counter)
class DB
{
private static $_instance = null;
@ -8,7 +8,8 @@ class DB
private $_PDO;
private $_query;
private $_query_counter;
private $_query_counter = 0;
public $_escape_output = false;
// Handle instances
public final static function get_instance(){
@ -46,7 +47,7 @@ class DB
Config::get_safe('mysql_pass', '')
);
$this->_PDO->exec('SET NAMES utf8');
} catch (PDOException $e) {
} catch (\PDOException $e) {
throw new DBException($e->getMessage());
}
@ -99,7 +100,7 @@ class DB
// Execute
$this->_query->execute();
} catch (PDOException $e) {
} catch (\PDOException $e) {
throw new DBException($e->getMessage());
}
@ -229,7 +230,17 @@ class DB
// Get all rows
public final function all($type = \PDO::FETCH_ASSOC){
return $this->_query->fetchAll($type);
$rows = $this->_query->fetchAll($type);
if($this->_escape_output){
foreach($rows as &$row){
foreach($row as &$col){
$col = htmlspecialchars($col);
}
}
}
return $rows;
}
// Get all values to one dimensional array
@ -258,7 +269,7 @@ class DB
// Try to execute MySQL
try {
$this->_PDO->exec($sql);
} catch (PDOException $e) {
} catch (\PDOException $e) {
throw new DBException($e->getMessage());
}
@ -271,4 +282,4 @@ class DB
}
// Handle DB errors
class DBException extends Exception{}
class DBException extends \Exception{}

View file

@ -1,4 +1,5 @@
<?php
namespace Core;
class Log
{

View file

@ -0,0 +1,30 @@
<?php
namespace Core;
abstract class Model
{
protected $_DB;
protected $_safe_input;
private static $_instance = null;
public final static function get_instance(){
if(self::$_instance == null){
self::$_instance = new static();
}
return self::$_instance;
}
protected function __construct(){
$this->_DB = DB::get_instance();
}
protected function input(&$data){
foreach($data as $key => &$value){
if(!array_key_exists($key, $this->_safe_input)){
unset($value);
}
}
}
}

View file

@ -1,4 +1,6 @@
<?php
namespace Core;
/**
* SplClassLoader implementation that implements the technical interoperability
* standards for PHP 5.3 namespaces and class names.
@ -134,7 +136,7 @@ class SplClassLoader
$full = ($this->_includePath !== null ? $this->_includePath . DIRECTORY_SEPARATOR : '') . $fileName;
if (!file_exists($full)) {
throw new Exception("Class file for '".$className."' not found");
throw new \Exception("Class file for '".$className."' not found");
}
require $full;

View file

@ -0,0 +1,57 @@
<?php
namespace Model;
class User extends \Core\Model
{
const SESSION_NAME = "logged_in";
private $_force_login;
private $_nick;
private $_pass;
public function __construct(){
if($this->_force_login = \Core\Config::get_safe("force_login", false)){
$this->_nick = \Core\Config::get("nick");
$this->_pass = \Core\Config::get_safe("pass", "");
}
}
private function make_hash($nick, $pass){
return md5($nick.$pass);
}
public function is_logged_in(){
return !$this->_force_login || (!empty($_SESSION[User::SESSION_NAME]) && $_SESSION[User::SESSION_NAME] == $this->make_hash($this->_nick, $this->_pass));
}
public function login($nick, $pass){
if(!$this->_force_login){
return true;
}
if($this->is_logged_in()){
throw new Exception("You are already logged in.");
}
if($this->_nick == $nick && $this->_pass == $pass){
$_SESSION[User::SESSION_NAME] = $this->make_hash($nick, $pass);
return true;
}
\Core\Log::put("login_fails", $nick);
throw new Exception("The nick or password is incorrect.");
}
public function logout(){
if(!$this->_force_login){
throw new Exception("You can't log out. There is no account.");
}
if(!$this->is_logged_in()){
throw new Exception("You are not even logged in.");
}
$_SESSION[User::SESSION_NAME] = false;
return true;
}
}

View file

@ -2,10 +2,11 @@
// Define PROJECT PATH
define('PROJECT_PATH', dirname(__FILE__));
define('APP_PATH', PROJECT_PATH.'/application');
// Load Autoloader
require "lib/splclassloader.class.php";
$classLoader = new SplClassLoader(null, PROJECT_PATH.'/lib');
require APP_PATH."core/splclassloader.class.php";
$classLoader = new \Core\SplClassLoader(null, APP_PATH);
$classLoader->setFileExtension('.class.php');
$classLoader->register();

View file

@ -1,45 +0,0 @@
<?php
class user
{
const SESSION_NAME = "logged_in";
public static function is_logged_in(){
if(!Config::get_safe("force_login", false)){
return true;
}
return !empty($_SESSION[User::SESSION_NAME]) && $_SESSION[User::SESSION_NAME] == md5(Config::get("nick").Config::get_safe("pass", ""));
}
public static function login($nick, $pass){
if(!Config::get_safe("force_login", false)){
return true;
}
if(self::is_logged_in()){
throw new Exception("You are already logged in.");
}
if(Config::get("nick") == $nick && Config::get_safe("pass", "") == $pass){
$_SESSION[User::SESSION_NAME] = md5($nick.$pass);
return true;
}
Log::put("login_fails", $nick);
throw new Exception("The nick or password is incorrect.");
}
public static function logout(){
if(!Config::get_safe("force_login", false)){
throw new Exception("You can't log out. There is no account.");
}
if(!self::is_logged_in()){
throw new Exception("You are not even logged in.");
}
$_SESSION[User::SESSION_NAME] = false;
return true;
}
}