<?php /* * SCROTT Copyright (C) 2016 Malf Furious * * Scrott is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published * by the Free Software Foundation, either version 3 of the License, * or (at your option) any later version. * * Scrott is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public * License for more details. */ require_once "class/framework.class.php"; /* * Abstract controller -- Contains app security constraints and provides access to * framework internals from concrete controllers */ abstract class Controller extends Framework { /* * Abstract function for concrete controller to handle the page request */ abstract function handle($argv); /* * Security check * Assert that the current connection to this server is secure. Redirects if not. */ function sec_require_https() { if (!isset($_SERVER['HTTPS'])) $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap()); } /* * Security check * Assert that the current connection to this server is NOT secure. Redirects if not. */ function sec_forbid_https() { if (isset($_SERVER['HTTPS'])) $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); } /* * Security check * Assert that the client's IP address does not change during its session. If a change is detected, logout. */ function sec_verify_ip() { $addr = $_SERVER['REMOTE_ADDR']; if ($this->getCurrentUser() && $addr != $this->getOriginIP()) { $this->setCurrentUser(); $this->redirectTo($this->ar() . "/"); } } } ?>