joshtronic/pickles
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

More refactoring, ditching old code

Browse source 
Added a new 404 system which checks for templates/__shared/404.phtml (module-less bare in mind) and falls back to a generic Apache-ish Not found page with PICKLES shout out. Added some more assumptions (login page is always /login a/k/a the login.php module) also there's no way to customize which template is used for the 404. Removed some code that was no longer used in the Security class.
This commit is contained in:
Joshua Sherman 2013-12-29 12:52:13 -05:00
parent 09d1744910
commit 19a211cf6a
3 changed files with 55 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

127
classes/Controller.php
View file

@ -81,9 +81,9 @@ class Controller extends Object
// Loads the module's information // Loads the module's information
$module_class = strtr($request, '/', '_'); $module_class = strtr($request, '/', '_');
$module_filename = SITE_MODULE_PATH . $request . '.php'; $module_filename = SITE_MODULE_PATH . $request . '.php';
$module_exists = isset($module_filename) && $module_filename != null && file_exists($module_filename); $module_exists = file_exists($module_filename);
// Attempts to instantiate a module instance // Instantiates the requested module or a generic object
if ($module_exists) if ($module_exists)
{ {
// @todo Is this redundant because of our autoloader? // @todo Is this redundant because of our autoloader?
@ -93,10 +93,12 @@ class Controller extends Object
{ {
$module = new $module_class; $module = new $module_class;
} }
else
{
$module = new Module();
}
} }
else
// If a new module object wasn't created, create a generic one
if (!isset($module))
{ {
$module = new Module(); $module = new Module();
} }
@ -156,11 +158,11 @@ class Controller extends Object
// Assume everything left in the array is a level and add it to the array // Assume everything left in the array is a level and add it to the array
array_merge($module_security_levels, $module_security); array_merge($module_security_levels, $module_security);
$security_level_count = count($module_security_levels); $security_level_count = count($module_security_levels);
switch ($security_check_class) switch ($security_check_class)
{ {
// @todo Thinking of removing this?
case 'BETWEEN': case 'BETWEEN':
if ($security_level_count >= 2) if ($security_level_count >= 2)
{ {
@ -192,6 +194,7 @@ class Controller extends Object
{ {
if ($_SERVER['REQUEST_METHOD'] == 'POST') if ($_SERVER['REQUEST_METHOD'] == 'POST')
{ {
// @todo Perhaps I could force a logout / redirect to the login page
exit('{"status": "error", "message": "You are not properly authenticated, try logging out and back in."}'); exit('{"status": "error", "message": "You are not properly authenticated, try logging out and back in."}');
} }
else else
@ -199,8 +202,8 @@ class Controller extends Object
// Sets variable for the destination // Sets variable for the destination
$_SESSION['__pickles']['login']['destination'] = $_REQUEST['request'] ? $_REQUEST['request'] : '/'; $_SESSION['__pickles']['login']['destination'] = $_REQUEST['request'] ? $_REQUEST['request'] : '/';
// Redirect to login page, potentially configured in the config, else /login // Redirect to login page
Browser::redirect('/' . (isset($this->config->security['login']) ? $this->config->security['login'] : 'login')); Browser::redirect('/login');
} }
} }
} }
@ -231,9 +234,8 @@ class Controller extends Object
Profiler::timer('module ' . $default_method); Profiler::timer('module ' . $default_method);
} }
$valid_request = false; $valid_request = false;
$valid_security_hash = false; $error_message = 'An unexpected error has occurred.';
$error_message = 'An unexpected error has occurred.';
// Determines if the request method is valid for this request // Determines if the request method is valid for this request
if ($module->method) if ($module->method)
@ -264,36 +266,9 @@ class Controller extends Object
$valid_request = true; $valid_request = true;
} }
// Validates the hash if applicable
if ($valid_request && $module->hash)
{
if (isset($_REQUEST['security_hash']))
{
// @todo Does this need to be === ?
$hash_value = $module->hash === true ? get_class($module) : $module->hash;
if (Security::generateHash($hash_value) == $_REQUEST['security_hash'])
{
$valid_security_hash = true;
}
else
{
$error_message = 'Invalid security hash.';
}
}
else
{
$error_message = 'Missing security hash';
}
}
else
{
$valid_security_hash = true;
}
$valid_form_input = true; $valid_form_input = true;
if ($valid_request && $valid_security_hash && $module->validate) if ($valid_request && $module->validate)
{ {
$validation_errors = $module->__validate(); $validation_errors = $module->__validate();
@ -309,7 +284,7 @@ class Controller extends Object
* module know to use the cache, either passing in a variable * module know to use the cache, either passing in a variable
* or setting it on the object * or setting it on the object
*/ */
if ($valid_request && $valid_security_hash && $valid_form_input) if ($valid_request && $valid_form_input)
{ {
$module_return = $module->$default_method(); $module_return = $module->$default_method();
@ -333,44 +308,24 @@ class Controller extends Object
$module->return = ['template', 'json']; $module->return = ['template', 'json'];
// Checks if we have any templates // Checks if we have any templates
$templates = [ $parent_template = $module->template;
SITE_TEMPLATE_PATH . '__shared/' . $module->template . '.phtml', $template_exists = $this->validateTemplates($module, $parent_template);
SITE_TEMPLATE_PATH . $_REQUEST['request'] . '.phtml',
];
$module->template = [];
$child_exists = file_exists($templates[1]);
$template_exists = false;
if (file_exists($templates[0]) && $child_exists)
{
$module->template = $templates;
$template_exists = true;
}
elseif ($child_exists)
{
$module->template = $templates[1];
$template_exists = true;
}
// No templates? 404 that shit
if (!$module_exists && !$template_exists) if (!$module_exists && !$template_exists)
{ {
if (!$_REQUEST['request']) Browser::status(404);
{ $_REQUEST['request'] = '__shared/404';
Error::fatal('Way to go, you\'ve successfully created an infinite redirect loop. Good thing I was here or you would have been served with a pretty ugly browser error.<br><br>So here\'s the deal, no templates were able to be loaded. Make sure your parent and child templates actually exist and if you\'re using non-default values, make sure they\'re defined correctly in your config.');
}
else
{
$redirect_url = '/';
if (isset($this->config->pickles['404']) && $_REQUEST['request'] != $this->config->pickles['404']) if (!$this->validateTemplates($module, $parent_template))
{ {
$redirect_url .= $this->config->pickles['404']; exit('
} <h1>Not Found</h1>
<p>The requested URL /' . $request . ' was not found on this server.</p>
// @todo Add redirect(url, code) and clean this up <p>Additionally, a custom error template was not found.</p>
header('Location: ' . $redirect_url, 404); <hr>
exit; <em>Powered by <a href="https://github.com/joshtronic/pickles">PICKLES</a></em>
');
} }
} }
@ -420,6 +375,30 @@ class Controller extends Object
Profiler::report(); Profiler::report();
} }
} }
private function validateTemplates(&$module, $parent_template)
{
$templates = [
SITE_TEMPLATE_PATH . '__shared/' . $parent_template . '.phtml',
SITE_TEMPLATE_PATH . $_REQUEST['request'] . '.phtml',
];
$module->template = [];
$child_exists = file_exists($templates[1]);
if (file_exists($templates[0]) && $child_exists)
{
$module->template = $templates;
return true;
}
elseif ($child_exists)
{
$module->template = $templates[1];
return true;
}
return false;
}
} }
?> ?>

13
classes/Module.php
View file

@ -123,19 +123,6 @@ class Module extends Object
*/ */
protected $validate = null; protected $validate = null;
/**
* Hash
*
* Whether or not to validate the security hash. Boolean true will indicate
* using the name of the module as the hash, a string value will use the
* value instead.
*
* @access protected
* @var string or boolean, null by default
* @todo Move to public scope
*/
protected $hash = null;
/** /**
* Template * Template
* *

16
classes/Security.php
View file

@ -45,6 +45,7 @@ class Security
* @param string $source value to hash * @param string $source value to hash
* @param mixed $salts optional salt or salts * @param mixed $salts optional salt or salts
* @return string SHA1 hash * @return string SHA1 hash
* @todo Transition away from this
*/ */
public static function generateHash($source, $salts = null) public static function generateHash($source, $salts = null)
{ {
@ -80,19 +81,6 @@ class Security
return $hash; return $hash;
} }
/**
* SHA-256
*
* Generates an SHA-256 hash from the provided string.
*
* @param string $source value to hash
* @return string SHA1 hash
*/
public static function sha256($source)
{
return hash('sha256', $source);
}
/** /**
* Generate SHA-256 Hash * Generate SHA-256 Hash
* *
@ -111,7 +99,7 @@ class Security
for ($i = 0; $i < 1000; $i++) for ($i = 0; $i < 1000; $i++)
{ {
$sha256 = Security::sha256($sha256 . (($i % 2 == 0) ? $source : $salt)); $sha256 = hash('sha256', $sha256 . (($i % 2 == 0) ? $source : $salt));
} }
return $sha256; return $sha256;