summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorMalf Furious <m@lfurio.us>2016-02-22 22:57:23 -0500
committerMalf Furious <m@lfurio.us>2016-02-22 22:57:23 -0500
commitc235d4bda46d4adcd71b35e1fa3c8a88ac8eae4f (patch)
treedc14a93df468303a588a930a5a1302544ecc0238 /app
parent79cf60764b5033edcf2962ccf3ee6d1706b41230 (diff)
downloadscrott-c235d4bda46d4adcd71b35e1fa3c8a88ac8eae4f.tar.gz
scrott-c235d4bda46d4adcd71b35e1fa3c8a88ac8eae4f.zip
Create a basic flow for the application Root controller
This applies the rules for requiring or forbiding the use of SSL/HTTPS and reorganizes the rest of root's handle() function (that is, the check for displaying sysconf, auth, or a placeholder message).
Diffstat (limited to 'app')
-rw-r--r--app/controller/root.control.php33
1 files changed, 22 insertions, 11 deletions
diff --git a/app/controller/root.control.php b/app/controller/root.control.php
index 2c60faf..5b5dd8f 100644
--- a/app/controller/root.control.php
+++ b/app/controller/root.control.php
@@ -1,6 +1,7 @@
<?php
require_once "class/controller.class.php";
+require_once "class/setting.class.php";
require_once "controller/sysconf.control.php";
require_once "controller/except.control.php";
require_once "controller/auth.control.php";
@@ -18,32 +19,42 @@ class Root extends Controller
{
/* TODO -- Authentication (login / logout / register) MVC */
+ global $_SCROTT;
$argv = $this->normalizeArgv($argv);
try
{
- /* First, make sure the system configuration file has been included */
+ /* Assert that the system config file exists and has been included */
if (!$this->scrottConfExists())
{
$ctrl = new Sysconf();
$ctrl->handle($argv);
+ return;
}
- /* TODO */
- /* TODO -- only auth if logged out */
- else if (!$this->getCurrentUser())
+ /* Assert we are running over HTTP(S), whichever is desired */
+ switch ($_SCROTT['settSSL'])
{
- $ctrl = new Auth();
- $ctrl->handle($argv);
+ case "force": $this->sec_require_https(); break;
+ case "forbid": $this->sec_forbid_https(); break;
+ default:
+ switch (Setting::settSSL())
+ {
+ case "force": $this->sec_require_https(); break;
+ case "forbid": $this->sec_forbid_https(); break;
+ }
}
- else
+ /* Assert that a user is logged in */
+ if (!$this->getCurrentUser())
{
- echo "logged in as:!";
- echo "<pre>";
- var_dump($this->getCurrentUser());
- echo "</pre>";
+ $ctrl = new Auth();
+ $ctrl->handle($argv);
+ return;
}
+
+ /* TODO */
+ echo "ALL GOOD!<br />";
}
catch (Exception $e)