<?php

require_once "class/framework.class.php";

/*
 * Abstract controller -- Contains app security constraints and provides access to
 * framework internals from concrete controllers
 */
abstract class Controller extends Framework
{
    /*
     * Abstract function for concrete controller to handle the page request
     */
    abstract function handle($argv);

    /*
     * Security check
     * Assert that the current connection to this server is secure. Redirects if not.
     */
    function sec_require_https()
    {
        if (!isset($_SERVER['HTTPS']))
            $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap());
    }

    /*
     * Security check
     * Assert that the current connection to this server is NOT secure. Redirects if not.
     */
    function sec_forbid_https()
    {
        if (isset($_SERVER['HTTPS']))
            $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap());
    }

    /*
     * Security check
     * Assert that the client's IP address does not change during its session. If a change is detected, logout.
     */
    function sec_verify_ip()
    {
        $addr = $_SERVER['REMOTE_ADDR'];

        if ($this->getCurrentUser() && $addr != $this->getOriginIP())
        {
            $this->setCurrentUser();
            $this->redirectTo($this->ar() . "/");
        }
    }
}

?>