Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
|
cf64c88f27 |
11 changed files with 119 additions and 60 deletions
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
namespace Core;
|
||||
|
||||
class Ajax
|
||||
{
|
||||
|
@ -16,16 +17,16 @@ class Ajax
|
|||
|
||||
public function token(){
|
||||
if(empty($_SESSION['token'])){
|
||||
throw new Exception("Direct access violation.");
|
||||
throw new \Exception("Direct access violation.");
|
||||
}
|
||||
|
||||
$headers = apache_request_headers();
|
||||
if(!isset($headers['Csrf-Token']) || empty($_SESSION['token'])){
|
||||
throw new Exception("No CSRF token.");
|
||||
throw new \Exception("No CSRF token.");
|
||||
}
|
||||
|
||||
if($headers['Csrf-Token'] !== $_SESSION['token']){
|
||||
throw new Exception("Wrong CSRF token.");
|
||||
throw new \Exception("Wrong CSRF token.");
|
||||
}
|
||||
}
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
namespace Core;
|
||||
|
||||
class Config
|
||||
{
|
||||
|
@ -45,4 +46,4 @@ class Config
|
|||
}
|
||||
}
|
||||
|
||||
class ConfigException extends Exception {}
|
||||
class ConfigException extends \Exception {}
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
namespace Core;
|
||||
|
||||
// v3.43 (+ query counter)
|
||||
class DB
|
||||
{
|
||||
private static $_instance = null;
|
||||
|
@ -8,7 +8,8 @@ class DB
|
|||
private $_PDO;
|
||||
private $_query;
|
||||
|
||||
private $_query_counter;
|
||||
private $_query_counter = 0;
|
||||
public $_escape_output = false;
|
||||
|
||||
// Handle instances
|
||||
public final static function get_instance(){
|
||||
|
@ -46,7 +47,7 @@ class DB
|
|||
Config::get_safe('mysql_pass', '')
|
||||
);
|
||||
$this->_PDO->exec('SET NAMES utf8');
|
||||
} catch (PDOException $e) {
|
||||
} catch (\PDOException $e) {
|
||||
throw new DBException($e->getMessage());
|
||||
}
|
||||
|
||||
|
@ -99,7 +100,7 @@ class DB
|
|||
|
||||
// Execute
|
||||
$this->_query->execute();
|
||||
} catch (PDOException $e) {
|
||||
} catch (\PDOException $e) {
|
||||
throw new DBException($e->getMessage());
|
||||
}
|
||||
|
||||
|
@ -229,7 +230,17 @@ class DB
|
|||
|
||||
// Get all rows
|
||||
public final function all($type = \PDO::FETCH_ASSOC){
|
||||
return $this->_query->fetchAll($type);
|
||||
$rows = $this->_query->fetchAll($type);
|
||||
|
||||
if($this->_escape_output){
|
||||
foreach($rows as &$row){
|
||||
foreach($row as &$col){
|
||||
$col = htmlspecialchars($col);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $rows;
|
||||
}
|
||||
|
||||
// Get all values to one dimensional array
|
||||
|
@ -258,7 +269,7 @@ class DB
|
|||
// Try to execute MySQL
|
||||
try {
|
||||
$this->_PDO->exec($sql);
|
||||
} catch (PDOException $e) {
|
||||
} catch (\PDOException $e) {
|
||||
throw new DBException($e->getMessage());
|
||||
}
|
||||
|
||||
|
@ -271,4 +282,4 @@ class DB
|
|||
}
|
||||
|
||||
// Handle DB errors
|
||||
class DBException extends Exception{}
|
||||
class DBException extends \Exception{}
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
namespace Core;
|
||||
|
||||
class Log
|
||||
{
|
30
application/core/model.php
Normal file
30
application/core/model.php
Normal file
|
@ -0,0 +1,30 @@
|
|||
<?php
|
||||
namespace Core;
|
||||
|
||||
abstract class Model
|
||||
{
|
||||
protected $_DB;
|
||||
protected $_safe_input;
|
||||
|
||||
private static $_instance = null;
|
||||
|
||||
public final static function get_instance(){
|
||||
if(self::$_instance == null){
|
||||
self::$_instance = new static();
|
||||
}
|
||||
|
||||
return self::$_instance;
|
||||
}
|
||||
|
||||
protected function __construct(){
|
||||
$this->_DB = DB::get_instance();
|
||||
}
|
||||
|
||||
protected function input(&$data){
|
||||
foreach($data as $key => &$value){
|
||||
if(!array_key_exists($key, $this->_safe_input)){
|
||||
unset($value);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,4 +1,6 @@
|
|||
<?php
|
||||
namespace Core;
|
||||
|
||||
/**
|
||||
* SplClassLoader implementation that implements the technical interoperability
|
||||
* standards for PHP 5.3 namespaces and class names.
|
||||
|
@ -134,7 +136,7 @@ class SplClassLoader
|
|||
$full = ($this->_includePath !== null ? $this->_includePath . DIRECTORY_SEPARATOR : '') . $fileName;
|
||||
|
||||
if (!file_exists($full)) {
|
||||
throw new Exception("Class file for '".$className."' not found");
|
||||
throw new \Exception("Class file for '".$className."' not found");
|
||||
}
|
||||
|
||||
require $full;
|
57
application/model/user.php
Normal file
57
application/model/user.php
Normal file
|
@ -0,0 +1,57 @@
|
|||
<?php
|
||||
namespace Model;
|
||||
|
||||
class User extends \Core\Model
|
||||
{
|
||||
const SESSION_NAME = "logged_in";
|
||||
|
||||
private $_force_login;
|
||||
private $_nick;
|
||||
private $_pass;
|
||||
|
||||
public function __construct(){
|
||||
if($this->_force_login = \Core\Config::get_safe("force_login", false)){
|
||||
$this->_nick = \Core\Config::get("nick");
|
||||
$this->_pass = \Core\Config::get_safe("pass", "");
|
||||
}
|
||||
}
|
||||
|
||||
private function make_hash($nick, $pass){
|
||||
return md5($nick.$pass);
|
||||
}
|
||||
|
||||
public function is_logged_in(){
|
||||
return !$this->_force_login || (!empty($_SESSION[User::SESSION_NAME]) && $_SESSION[User::SESSION_NAME] == $this->make_hash($this->_nick, $this->_pass));
|
||||
}
|
||||
|
||||
public function login($nick, $pass){
|
||||
if(!$this->_force_login){
|
||||
return true;
|
||||
}
|
||||
|
||||
if($this->is_logged_in()){
|
||||
throw new Exception("You are already logged in.");
|
||||
}
|
||||
|
||||
if($this->_nick == $nick && $this->_pass == $pass){
|
||||
$_SESSION[User::SESSION_NAME] = $this->make_hash($nick, $pass);
|
||||
return true;
|
||||
}
|
||||
|
||||
\Core\Log::put("login_fails", $nick);
|
||||
throw new Exception("The nick or password is incorrect.");
|
||||
}
|
||||
|
||||
public function logout(){
|
||||
if(!$this->_force_login){
|
||||
throw new Exception("You can't log out. There is no account.");
|
||||
}
|
||||
|
||||
if(!$this->is_logged_in()){
|
||||
throw new Exception("You are not even logged in.");
|
||||
}
|
||||
|
||||
$_SESSION[User::SESSION_NAME] = false;
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -2,10 +2,11 @@
|
|||
|
||||
// Define PROJECT PATH
|
||||
define('PROJECT_PATH', dirname(__FILE__));
|
||||
define('APP_PATH', PROJECT_PATH.'/application');
|
||||
|
||||
// Load Autoloader
|
||||
require "lib/splclassloader.class.php";
|
||||
$classLoader = new SplClassLoader(null, PROJECT_PATH.'/lib');
|
||||
require APP_PATH."core/splclassloader.class.php";
|
||||
$classLoader = new \Core\SplClassLoader(null, APP_PATH);
|
||||
$classLoader->setFileExtension('.class.php');
|
||||
$classLoader->register();
|
||||
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
<?php
|
||||
|
||||
class user
|
||||
{
|
||||
const SESSION_NAME = "logged_in";
|
||||
|
||||
public static function is_logged_in(){
|
||||
if(!Config::get_safe("force_login", false)){
|
||||
return true;
|
||||
}
|
||||
|
||||
return !empty($_SESSION[User::SESSION_NAME]) && $_SESSION[User::SESSION_NAME] == md5(Config::get("nick").Config::get_safe("pass", ""));
|
||||
}
|
||||
|
||||
public static function login($nick, $pass){
|
||||
if(!Config::get_safe("force_login", false)){
|
||||
return true;
|
||||
}
|
||||
|
||||
if(self::is_logged_in()){
|
||||
throw new Exception("You are already logged in.");
|
||||
}
|
||||
|
||||
if(Config::get("nick") == $nick && Config::get_safe("pass", "") == $pass){
|
||||
$_SESSION[User::SESSION_NAME] = md5($nick.$pass);
|
||||
return true;
|
||||
}
|
||||
|
||||
Log::put("login_fails", $nick);
|
||||
throw new Exception("The nick or password is incorrect.");
|
||||
}
|
||||
|
||||
public static function logout(){
|
||||
if(!Config::get_safe("force_login", false)){
|
||||
throw new Exception("You can't log out. There is no account.");
|
||||
}
|
||||
|
||||
if(!self::is_logged_in()){
|
||||
throw new Exception("You are not even logged in.");
|
||||
}
|
||||
|
||||
$_SESSION[User::SESSION_NAME] = false;
|
||||
return true;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue