jordyvanzeeland/sealandia-framework
jordyvanzeeland
/
sealandia-framework
1
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Template class + CSRF security

This commit is contained in:
Jordy van Zeeland 2024-08-13 09:06:11 +02:00
parent 238ed149ec
commit 8fc7f4e3a8
3 changed files with 47 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
auth.php
View File

@ -57,6 +57,7 @@ class Auth{
if($user && password_verify($password, $user['password'])){ if($user && password_verify($password, $user['password'])){
$_SESSION['user_id'] = $user['id']; $_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username']; $_SESSION['username'] = $user['username'];
$_SESSION['token'] = bin2hex(random_bytes(32));
return true; return true;
} }
@ -66,4 +67,12 @@ class Auth{
} }
/**
* Example CSRF token in a form:
* <input type="hidden" name="csrf" value="<?php echo $_SESSION["csrf_token"]; ?>">
*
* Possible check for CSRF in a request:
* if (!empty($_REQUEST["csrf"]) && hash_equals($_REQUEST["csrf_token"], $_SESSION["csrf_token"])) {
*/
?> ?>

18
router.php
View File

@ -8,7 +8,6 @@ class Router{
*/ */
public function __construct(){ public function __construct(){
/* Parse the URL from the request and extract the path part (e.g., "/home" from "http://example.com/home") */
$uri = parse_url($_SERVER['REQUEST_URI'])['path']; $uri = parse_url($_SERVER['REQUEST_URI'])['path'];
} }
@ -18,12 +17,15 @@ class Router{
*/ */
public function routeToController($routes){ public function routeToController($routes){
// Check if the requested URI exists in the routes array /**
* Check if the requested URI exists in the routes array.
* If it exists, require (include and execute) the file corresponding to the route.
* If the route doesn't exist, call the abort method to handle the error
*/
if(array_key_exists($this->uri, $routes)){ if(array_key_exists($this->uri, $routes)){
// If it exists, require (include and execute) the file corresponding to the route
require $routes[$uri]; require $routes[$uri];
}else{ }else{
// If the route doesn't exist, call the abort method to handle the error
$this->abort(); $this->abort();
} }
} }
@ -34,11 +36,13 @@ class Router{
*/ */
public function abort($code = 404){ public function abort($code = 404){
// Set the HTTP response code to the specified value /**
* Set the HTTP response code to the specified value.
* Then include and execute the corresponding error view (e.g., "views/404.php") and Terminate the script execution
*/
http_response_code($code); http_response_code($code);
// Include and execute the corresponding error view (e.g., "views/404.php")
require "views/{$code}.php"; require "views/{$code}.php";
// Terminate the script execution
die(); die();
} }
} }

25
template.php Normal file
View File

@ -0,0 +1,25 @@
<?php
class Template{
/**
* Method to render the template file with additional data
*/
public function render($tmpname, $args){
/**
* Extracts variables from the associative array $args, making each key a variable in the current scope.
* EXTR_SKIP ensures that existing variables with the same name are not overwritten.
* Then Include the specified view file for rendering.
*/
extract($args, EXTR_SKIP);
require "views/{$code}.view.php";
}
}
// $templ = (new Template)->render('about', '['title' => 'About']');
?>