diff options
| author | Malf Furious <m@lfurio.us> | 2016-10-22 00:29:30 -0400 |
|---|---|---|
| committer | Malf Furious <m@lfurio.us> | 2016-10-22 00:29:30 -0400 |
| commit | ed99654d2e139a847a63e9295bf976d17462ee34 (patch) | |
| tree | 23ab0c9d3b813da85e08d4008dbf98b7f0c9fd01 /examples/app/class/controller.class.php | |
| parent | 9d0ff6546fb03489bbd127aeec6ee161e204a139 (diff) | |
| download | scrott-ed99654d2e139a847a63e9295bf976d17462ee34.tar.gz scrott-ed99654d2e139a847a63e9295bf976d17462ee34.zip | |
Deprecate application code
Setup to perform an iteration of development focused on a simpler
implementation and eliminating redundancy in design.
Diffstat (limited to 'examples/app/class/controller.class.php')
| -rw-r--r-- | examples/app/class/controller.class.php | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/examples/app/class/controller.class.php b/examples/app/class/controller.class.php new file mode 100644 index 0000000..0ab1a69 --- /dev/null +++ b/examples/app/class/controller.class.php @@ -0,0 +1,66 @@ +<?php + +/* + * SCROTT Copyright (C) 2016 Malf Furious + * + * Scrott is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation, either version 3 of the License, + * or (at your option) any later version. + * + * Scrott is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + */ + +require_once "class/framework.class.php"; + +/* + * Abstract controller -- Contains app security constraints and provides access to + * framework internals from concrete controllers + */ +abstract class Controller extends Framework +{ + /* + * Abstract function for concrete controller to handle the page request + */ + abstract function handle($argv); + + /* + * Security check + * Assert that the current connection to this server is secure. Redirects if not. + */ + function sec_require_https() + { + if (!isset($_SERVER['HTTPS'])) + $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap()); + } + + /* + * Security check + * Assert that the current connection to this server is NOT secure. Redirects if not. + */ + function sec_forbid_https() + { + if (isset($_SERVER['HTTPS'])) + $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); + } + + /* + * Security check + * Assert that the client's IP address does not change during its session. If a change is detected, logout. + */ + function sec_verify_ip() + { + $addr = $_SERVER['REMOTE_ADDR']; + + if ($this->getCurrentUser() && $addr != $this->getOriginIP()) + { + $this->setCurrentUser(); + $this->redirectTo($this->ar() . "/"); + } + } +} + +?> |