Template class + CSRF security
This commit is contained in:
parent
238ed149ec
commit
8fc7f4e3a8
11
auth.php
11
auth.php
|
@ -44,7 +44,7 @@ class Auth{
|
|||
":username" => $username,
|
||||
":password" => $password
|
||||
]);
|
||||
|
||||
|
||||
$user = $query->fetch();
|
||||
|
||||
/**
|
||||
|
@ -57,6 +57,7 @@ class Auth{
|
|||
if($user && password_verify($password, $user['password'])){
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['username'] = $user['username'];
|
||||
$_SESSION['token'] = bin2hex(random_bytes(32));
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -66,4 +67,12 @@ class Auth{
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* Example CSRF token in a form:
|
||||
* <input type="hidden" name="csrf" value="<?php echo $_SESSION["csrf_token"]; ?>">
|
||||
*
|
||||
* Possible check for CSRF in a request:
|
||||
* if (!empty($_REQUEST["csrf"]) && hash_equals($_REQUEST["csrf_token"], $_SESSION["csrf_token"])) {
|
||||
*/
|
||||
|
||||
?>
|
20
router.php
20
router.php
|
@ -8,8 +8,7 @@ class Router{
|
|||
*/
|
||||
|
||||
public function __construct(){
|
||||
/* Parse the URL from the request and extract the path part (e.g., "/home" from "http://example.com/home") */
|
||||
$uri = parse_url($_SERVER['REQUEST_URI'])['path'];
|
||||
$uri = parse_url($_SERVER['REQUEST_URI'])['path'];
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -18,12 +17,15 @@ class Router{
|
|||
*/
|
||||
|
||||
public function routeToController($routes){
|
||||
// Check if the requested URI exists in the routes array
|
||||
/**
|
||||
* Check if the requested URI exists in the routes array.
|
||||
* If it exists, require (include and execute) the file corresponding to the route.
|
||||
* If the route doesn't exist, call the abort method to handle the error
|
||||
*/
|
||||
|
||||
if(array_key_exists($this->uri, $routes)){
|
||||
// If it exists, require (include and execute) the file corresponding to the route
|
||||
require $routes[$uri];
|
||||
}else{
|
||||
// If the route doesn't exist, call the abort method to handle the error
|
||||
$this->abort();
|
||||
}
|
||||
}
|
||||
|
@ -34,11 +36,13 @@ class Router{
|
|||
*/
|
||||
|
||||
public function abort($code = 404){
|
||||
// Set the HTTP response code to the specified value
|
||||
/**
|
||||
* Set the HTTP response code to the specified value.
|
||||
* Then include and execute the corresponding error view (e.g., "views/404.php") and Terminate the script execution
|
||||
*/
|
||||
|
||||
http_response_code($code);
|
||||
// Include and execute the corresponding error view (e.g., "views/404.php")
|
||||
require "views/{$code}.php";
|
||||
// Terminate the script execution
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
|
||||
class Template{
|
||||
|
||||
/**
|
||||
* Method to render the template file with additional data
|
||||
*/
|
||||
|
||||
public function render($tmpname, $args){
|
||||
|
||||
/**
|
||||
* Extracts variables from the associative array $args, making each key a variable in the current scope.
|
||||
* EXTR_SKIP ensures that existing variables with the same name are not overwritten.
|
||||
* Then Include the specified view file for rendering.
|
||||
*/
|
||||
|
||||
extract($args, EXTR_SKIP);
|
||||
require "views/{$code}.view.php";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// $templ = (new Template)->render('about', '['title' => 'About']');
|
||||
|
||||
?>
|
Loading…
Reference in New Issue