From ed99654d2e139a847a63e9295bf976d17462ee34 Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sat, 22 Oct 2016 00:29:30 -0400
Subject: Deprecate application code

Setup to perform an iteration of development focused on a simpler
implementation and eliminating redundancy in design.
---
 examples/app/class/controller.class.php | 66 +++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 examples/app/class/controller.class.php

(limited to 'examples/app/class/controller.class.php')

diff --git a/examples/app/class/controller.class.php b/examples/app/class/controller.class.php
new file mode 100644
index 0000000..0ab1a69
--- /dev/null
+++ b/examples/app/class/controller.class.php
@@ -0,0 +1,66 @@
+<?php
+
+/*
+ * SCROTT Copyright (C) 2016 Malf Furious
+ *
+ * Scrott is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation, either version 3 of the License,
+ * or (at your option) any later version.
+ *
+ * Scrott is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+ * License for more details.
+ */
+
+require_once "class/framework.class.php";
+
+/*
+ * Abstract controller -- Contains app security constraints and provides access to
+ * framework internals from concrete controllers
+ */
+abstract class Controller extends Framework
+{
+    /*
+     * Abstract function for concrete controller to handle the page request
+     */
+    abstract function handle($argv);
+
+    /*
+     * Security check
+     * Assert that the current connection to this server is secure. Redirects if not.
+     */
+    function sec_require_https()
+    {
+        if (!isset($_SERVER['HTTPS']))
+            $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap());
+    }
+
+    /*
+     * Security check
+     * Assert that the current connection to this server is NOT secure. Redirects if not.
+     */
+    function sec_forbid_https()
+    {
+        if (isset($_SERVER['HTTPS']))
+            $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap());
+    }
+
+    /*
+     * Security check
+     * Assert that the client's IP address does not change during its session. If a change is detected, logout.
+     */
+    function sec_verify_ip()
+    {
+        $addr = $_SERVER['REMOTE_ADDR'];
+
+        if ($this->getCurrentUser() && $addr != $this->getOriginIP())
+        {
+            $this->setCurrentUser();
+            $this->redirectTo($this->ar() . "/");
+        }
+    }
+}
+
+?>
-- 
cgit v1.2.3