Template class + CSRF security
This commit is contained in:
parent
238ed149ec
commit
8fc7f4e3a8
11
auth.php
11
auth.php
|
@ -44,7 +44,7 @@ class Auth{
|
||||||
":username" => $username,
|
":username" => $username,
|
||||||
":password" => $password
|
":password" => $password
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$user = $query->fetch();
|
$user = $query->fetch();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -57,6 +57,7 @@ class Auth{
|
||||||
if($user && password_verify($password, $user['password'])){
|
if($user && password_verify($password, $user['password'])){
|
||||||
$_SESSION['user_id'] = $user['id'];
|
$_SESSION['user_id'] = $user['id'];
|
||||||
$_SESSION['username'] = $user['username'];
|
$_SESSION['username'] = $user['username'];
|
||||||
|
$_SESSION['token'] = bin2hex(random_bytes(32));
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -66,4 +67,12 @@ class Auth{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Example CSRF token in a form:
|
||||||
|
* <input type="hidden" name="csrf" value="<?php echo $_SESSION["csrf_token"]; ?>">
|
||||||
|
*
|
||||||
|
* Possible check for CSRF in a request:
|
||||||
|
* if (!empty($_REQUEST["csrf"]) && hash_equals($_REQUEST["csrf_token"], $_SESSION["csrf_token"])) {
|
||||||
|
*/
|
||||||
|
|
||||||
?>
|
?>
|
20
router.php
20
router.php
|
@ -8,8 +8,7 @@ class Router{
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function __construct(){
|
public function __construct(){
|
||||||
/* Parse the URL from the request and extract the path part (e.g., "/home" from "http://example.com/home") */
|
$uri = parse_url($_SERVER['REQUEST_URI'])['path'];
|
||||||
$uri = parse_url($_SERVER['REQUEST_URI'])['path'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -18,12 +17,15 @@ class Router{
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function routeToController($routes){
|
public function routeToController($routes){
|
||||||
// Check if the requested URI exists in the routes array
|
/**
|
||||||
|
* Check if the requested URI exists in the routes array.
|
||||||
|
* If it exists, require (include and execute) the file corresponding to the route.
|
||||||
|
* If the route doesn't exist, call the abort method to handle the error
|
||||||
|
*/
|
||||||
|
|
||||||
if(array_key_exists($this->uri, $routes)){
|
if(array_key_exists($this->uri, $routes)){
|
||||||
// If it exists, require (include and execute) the file corresponding to the route
|
|
||||||
require $routes[$uri];
|
require $routes[$uri];
|
||||||
}else{
|
}else{
|
||||||
// If the route doesn't exist, call the abort method to handle the error
|
|
||||||
$this->abort();
|
$this->abort();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -34,11 +36,13 @@ class Router{
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function abort($code = 404){
|
public function abort($code = 404){
|
||||||
// Set the HTTP response code to the specified value
|
/**
|
||||||
|
* Set the HTTP response code to the specified value.
|
||||||
|
* Then include and execute the corresponding error view (e.g., "views/404.php") and Terminate the script execution
|
||||||
|
*/
|
||||||
|
|
||||||
http_response_code($code);
|
http_response_code($code);
|
||||||
// Include and execute the corresponding error view (e.g., "views/404.php")
|
|
||||||
require "views/{$code}.php";
|
require "views/{$code}.php";
|
||||||
// Terminate the script execution
|
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
class Template{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to render the template file with additional data
|
||||||
|
*/
|
||||||
|
|
||||||
|
public function render($tmpname, $args){
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extracts variables from the associative array $args, making each key a variable in the current scope.
|
||||||
|
* EXTR_SKIP ensures that existing variables with the same name are not overwritten.
|
||||||
|
* Then Include the specified view file for rendering.
|
||||||
|
*/
|
||||||
|
|
||||||
|
extract($args, EXTR_SKIP);
|
||||||
|
require "views/{$code}.view.php";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// $templ = (new Template)->render('about', '['title' => 'About']');
|
||||||
|
|
||||||
|
?>
|
Loading…
Reference in New Issue