diff options
Diffstat (limited to 'examples/root.control.php')
| -rw-r--r-- | examples/root.control.php | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/examples/root.control.php b/examples/root.control.php new file mode 100644 index 0000000..7e4d1ab --- /dev/null +++ b/examples/root.control.php @@ -0,0 +1,145 @@ +<?php + +/* + * SCROTT Copyright (C) 2016 Malf Furious + * + * Scrott is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation, either version 3 of the License, + * or (at your option) any later version. + * + * Scrott is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + */ + +require_once "class/controller.class.php"; +require_once "class/object.class.php"; +require_once "class/setting.class.php"; +require_once "controller/sysconf.control.php"; +require_once "controller/except.control.php"; +require_once "controller/auth.control.php"; +require_once "controller/deauth.control.php"; +require_once "controller/dashboard.control.php"; +require_once "controller/obj.control.php"; +require_once "controller/deleteacct.control.php"; + +/* + * Root-level controller for Scrott app. This object will delegate the page request to the + * appropriate controller or handle it with an error message page. + */ +class Root extends Controller +{ + /* + * Controller implementation + */ + function handle($argv) + { + global $_SCROTT; + $argv = $this->normalizeArgv($argv); + + try + { + /* Assert that the system config file exists and has been included */ + if (!$this->scrottConfExists()) + { + $ctrl = new Sysconf(); + $ctrl->handle($argv); + return; + } + + /* Assert we are running over HTTP(S), whichever is desired */ + switch ($_SCROTT['settSSL']) + { + case "force": $this->sec_require_https(); break; + case "forbid": $this->sec_forbid_https(); break; + default: + switch (Setting::settSSL()) + { + case "force": $this->sec_require_https(); break; + case "forbid": $this->sec_forbid_https(); break; + } + } + + /* Assert session IP */ + $this->sec_verify_ip(); + + /* Assert that a user is logged in */ + if (!$this->getCurrentUser()) + { + $ctrl = new Auth(); + $ctrl->handle($argv); + return; + } + + /* Handle page request */ + if (count($argv) == 0) + $ctrl = new Dashboard(); + + else + { + switch ($argv[0]) + { + case "logout": $ctrl = new Deauth(); break; + case "deleteaccount": $ctrl = new Deleteacct(); break; + default: + /* Check if arg is an object guid */ + $obj = new DBObject(); + + if ($obj->isGUID($argv[0])) + { + $ctrl = new Obj(); + break; + } + + /* No page to show for requested path */ + throw new Exception("The requested path is not valid."); + break; + } + } + + $ctrl->handle($argv); + } + + catch (Exception $e) + { + $ctrl = new Except(); + $ctrl->handle($e->getMessage()); + } + } + + /* + * Get a useful path string by normalizeing the $argv array received from the main function. + * This will remove directory names that appear in the $this->ar() string and the initial + * and trailing (if present) empty strings + */ + function normalizeArgv($argv) + { + $argv = array_values(array_filter($argv)); + $ar = array_values(array_filter(explode("/", $this->ar()))); + $i = 0; + $trunc = true; + + if (count($ar) == 0) + return $argv; + + foreach ($ar as $elem) + { + if ($elem != $argv[$i]) + { + $trunc = false; + break; + } + + $i++; + } + + if (!$trunc) + return $argv; + + return array_values(array_slice($argv, count($ar))); + } +} + +?> |