From adade14d9e386797a65f1beb405c21ebbff1ca37 Mon Sep 17 00:00:00 2001
From: M <m@lfurio.us>
Date: Sat, 21 Nov 2015 18:25:28 -0500
Subject: + Adding abstract controller class

---
 app/class/controller.class.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 app/class/controller.class.php

(limited to 'app/class/controller.class.php')

diff --git a/app/class/controller.class.php b/app/class/controller.class.php
new file mode 100644
index 0000000..4ea40d1
--- /dev/null
+++ b/app/class/controller.class.php
@@ -0,0 +1,17 @@
+<?php
+
+require_once "class/framework.class.php";
+
+/*
+ * Abstract controller -- Contains app security constraints and provides access to
+ * framework internals from concrete controllers
+ */
+abstract class Controller extends Framework
+{
+    /*
+     * Abstract function for concrete controller to handle the page request
+     */
+    abstract function handle($argv);
+}
+
+?>
-- 
cgit v1.2.3


From 2dd0900cd5c2adb610fd35e10133dd9fc10ca0f9 Mon Sep 17 00:00:00 2001
From: M <m@lfurio.us>
Date: Tue, 8 Dec 2015 19:21:46 -0500
Subject: + Added controller security assertions: require_https and
 forbid_https

---
 app/class/controller.class.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'app/class/controller.class.php')

diff --git a/app/class/controller.class.php b/app/class/controller.class.php
index 4ea40d1..fabd7e7 100644
--- a/app/class/controller.class.php
+++ b/app/class/controller.class.php
@@ -12,6 +12,26 @@ abstract class Controller extends Framework
      * Abstract function for concrete controller to handle the page request
      */
     abstract function handle($argv);
+
+    /*
+     * Security check
+     * Assert that the current connection to this server is secure. Redirects if not.
+     */
+    function sec_require_https()
+    {
+        if (!isset($_SERVER['HTTPS']))
+            $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap());
+    }
+
+    /*
+     * Security check
+     * Assert that the current connection to this server is NOT secure. Redirects if not.
+     */
+    function sec_forbid_https()
+    {
+        if (isset($_SERVER['HTTPS']))
+            $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap());
+    }
 }
 
 ?>
-- 
cgit v1.2.3