summaryrefslogblamecommitdiffstats
path: root/examples/class/controller.class.php
blob: 0ab1a696f8cbc09b5906042f160dae2e757dfa7e (plain) (tree) 
adade14


ec7186e














adade14












2dd0900




















a68db47















adade14



1
2

3
4
5
6
7
8
9
10
11
12
13
14
15
16

17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

64
65
66


     













                                                                     











                                                                                  



















                                                                                         














                                                                                                               


  
<?php

/*
 * SCROTT Copyright (C) 2016 Malf Furious
 *
 * Scrott is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published
 * by the Free Software Foundation, either version 3 of the License,
 * or (at your option) any later version.
 *
 * Scrott is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 * License for more details.
 */

require_once "class/framework.class.php";

/*
 * Abstract controller -- Contains app security constraints and provides access to
 * framework internals from concrete controllers
 */
abstract class Controller extends Framework
{
    /*
     * Abstract function for concrete controller to handle the page request
     */
    abstract function handle($argv);

    /*
     * Security check
     * Assert that the current connection to this server is secure. Redirects if not.
     */
    function sec_require_https()
    {
        if (!isset($_SERVER['HTTPS']))
            $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap());
    }

    /*
     * Security check
     * Assert that the current connection to this server is NOT secure. Redirects if not.
     */
    function sec_forbid_https()
    {
        if (isset($_SERVER['HTTPS']))
            $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap());
    }

    /*
     * Security check
     * Assert that the client's IP address does not change during its session. If a change is detected, logout.
     */
    function sec_verify_ip()
    {
        $addr = $_SERVER['REMOTE_ADDR'];

        if ($this->getCurrentUser() && $addr != $this->getOriginIP())
        {
            $this->setCurrentUser();
            $this->redirectTo($this->ar() . "/");
        }
    }
}

?>
cgit-1.2.3-r5 | srcnode v0.4.0