Change mandatory folder locations & remove obsolete masks
This commit is contained in:
76
inc/Main.php
76
inc/Main.php
@@ -20,9 +20,6 @@ abstract class Main extends PhpObject
|
||||
const ACTIVE = 1;
|
||||
const INACTIVE = 0;
|
||||
|
||||
//Folders
|
||||
const MASKS_FOLDER = 'masks/';
|
||||
|
||||
/**
|
||||
* DB Handle
|
||||
* @var Db
|
||||
@@ -36,10 +33,7 @@ abstract class Main extends PhpObject
|
||||
const LAYOUT_TIME_FORMAT = 'G:i';
|
||||
|
||||
//Variables
|
||||
protected $asMasks;
|
||||
protected $asContext;
|
||||
protected string $sCsrfToken = '';
|
||||
|
||||
/**
|
||||
* Language Translator
|
||||
* @var Translator
|
||||
@@ -93,8 +87,6 @@ abstract class Main extends PhpObject
|
||||
$sScheme = $_SERVER['HTTP_X_FORWARDED_PROTO'] ?? $_SERVER['REQUEST_SCHEME'] ?? 'https';
|
||||
$sAppPath = $sScheme.'://'.str_replace(array('http://', 'https://'), '', $sServerName.dirname($_SERVER['SCRIPT_NAME']));
|
||||
$this->asContext['serv_name'] = $sAppPath.(mb_substr($sAppPath, -1)!='/'?'/':'');
|
||||
|
||||
$this->setMasks();
|
||||
}
|
||||
|
||||
public static function addTimestampToFilePath($sFilePath)
|
||||
@@ -106,46 +98,6 @@ abstract class Main extends PhpObject
|
||||
return file_exists($sCleanedFilePath)?$sCleanedFilePath.'?'.date("YmdHis", filemtime($sCleanedFilePath)):$sFilePath;
|
||||
}
|
||||
|
||||
protected function getCsrfToken() {
|
||||
if($this->sCsrfToken === '') $this->initCsrfToken();
|
||||
return $this->sCsrfToken;
|
||||
}
|
||||
|
||||
protected function setCsrfToken() {
|
||||
if(empty($_SESSION['csrf_token'])) $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
$this->sCsrfToken = $_SESSION['csrf_token'];
|
||||
}
|
||||
|
||||
private function initCsrfToken() {
|
||||
if(PHP_SAPI === 'cli') return;
|
||||
|
||||
$bCloseSession = false;
|
||||
if(session_status() !== PHP_SESSION_ACTIVE) {
|
||||
$bSecure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || (($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '') === 'https');
|
||||
session_set_cookie_params(array('httponly' => true, 'secure' => $bSecure, 'samesite' => 'Lax'));
|
||||
session_start();
|
||||
$bCloseSession = true;
|
||||
}
|
||||
|
||||
$this->setCsrfToken();
|
||||
if($bCloseSession) session_write_close();
|
||||
}
|
||||
|
||||
public function checkCsrfToken(string $sClientToken) {
|
||||
$sServerToken = $this->getCsrfToken();
|
||||
return PHP_SAPI === 'cli' || ($sServerToken !== '' && is_string($sClientToken) && hash_equals($sServerToken, $sClientToken));
|
||||
}
|
||||
|
||||
public function validateMutationRequest($sAction, $sCsrfToken='') {
|
||||
return
|
||||
PHP_SAPI === 'cli' //Ignore internal cron job
|
||||
||
|
||||
!in_array($sAction, static::MUTATING_ACTIONS, true) //Ignore non-sensitive requests
|
||||
||
|
||||
($_SERVER['REQUEST_METHOD'] ?? '') === 'POST' && $this->checkCsrfToken($sCsrfToken) //Only accept POST requests and valid CSRF token
|
||||
;
|
||||
}
|
||||
|
||||
public function addUncaughtError($sError)
|
||||
{
|
||||
$this->addError('Uncaught errors:'."\n".$sError);
|
||||
@@ -161,7 +113,7 @@ abstract class Main extends PhpObject
|
||||
* @param array $asCachePages Pages to cache in constants
|
||||
* @return string HTML Mask
|
||||
*/
|
||||
public function getMainPage($asGlobalVars=array(), $sMainPage='index', $asMainPageInfo=array(), $asCachePages=array())
|
||||
public function getMainPage($asGlobalVars=array(), $sMainPage='index', $asMainPageInfo=array())
|
||||
{
|
||||
$asDefaultConsts = array(
|
||||
'success' => self::SUCCESS,
|
||||
@@ -171,16 +123,6 @@ abstract class Main extends PhpObject
|
||||
);
|
||||
$asGlobalVars['consts'] = array_merge($asDefaultConsts, array_key_exists('consts', $asGlobalVars)?$asGlobalVars['consts']:array());
|
||||
|
||||
//Masks
|
||||
if(empty($asCachePages)) $asCachePages = array_values($this->asMasks);
|
||||
foreach($asCachePages as $sPage) {
|
||||
if($sPage != $sMainPage) {
|
||||
$oMask = new Mask($sPage, $this->oLang);
|
||||
$oMask->setTags($asDefaultConsts);
|
||||
$asGlobalVars['consts']['pages'][$sPage] = $oMask->getMask();
|
||||
}
|
||||
}
|
||||
|
||||
if(!is_null($this->oLang)) {
|
||||
$asGlobalVars['consts']['lang_prefix'] = Mask::LANG_PREFIX;
|
||||
$asGlobalVars['consts']['lang'] = $this->oLang->getTranslations();
|
||||
@@ -200,22 +142,10 @@ abstract class Main extends PhpObject
|
||||
return $oMainMask->getMask();
|
||||
}
|
||||
|
||||
protected function getPageContent($sPage)
|
||||
{
|
||||
return ToolBox::fixEOL(file_get_contents(self::MASKS_FOLDER.$sPage.'.html'));
|
||||
}
|
||||
|
||||
/* DB structure. See Db::__construct */
|
||||
|
||||
protected abstract function getSqlOptions();
|
||||
|
||||
private function setMasks()
|
||||
{
|
||||
//List all available masks
|
||||
$asMaskPaths = glob(Mask::getMaskFile('*'));
|
||||
$this->asMasks = array_map('basename', $asMaskPaths, array_fill(1, count($asMaskPaths), Mask::MASK_EXT));
|
||||
}
|
||||
|
||||
public static function getJsonResult($bSuccess, $sDesc, $asVars=array())
|
||||
{
|
||||
header('Content-type: application/json');
|
||||
@@ -237,8 +167,4 @@ abstract class Main extends PhpObject
|
||||
http_response_code(404);
|
||||
exit;
|
||||
}
|
||||
|
||||
public static function validatePositiveInt($oValue=0) {
|
||||
return filter_var($oValue, FILTER_VALIDATE_INT, array('options' => array('default' => 0, 'min_range' => 0)));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user