I would like to know that if there is a method in the controller which require arguments and the user changes the argument in the URL by hand, and presses enter it should display the default page. Below is my bootstrap, then I have already created a error controller for URL error. So please give some coding guide or if there is some thing in my code, change it. Thanks in advance.
<?php
class App
{
protected $controller = 'indexController';
protected $method = 'index';
protected $params = array();
public function __construct()
{
$url = $this->parseUrl();
//print_r($url);
if (isset($url[0]))
{
if (file_exists('app/controllers/'.$url[0].'.php'))
{
$this->controller = $url[0];
unset($url[0]);
}
require_once('app/controllers/'.$this->controller.'.php');
$this->controller = new $this->controller;
}
else
{
$error = new errorController();
$error->setError("Page Not Found");
echo $error->getError();
}
if (isset($url[1]))
{
if (method_exists($this->controller,$url[1]))
{
$this->method = $url[1];
unset($url[1]);
}
else
{
$error = new errorController();
$error->setError("Page Not Found");
echo $error->getError();
}
}
else
{
$error = new errorController();
$error->setError("Page Not Found");
echo $error->getError();
}
$this->params = $url ? array_values($url) : array();
call_user_func_array(array($this->controller,$this->method),$this->params);
}
public function parseUrl()
{
if (isset($_GET['url']))
{
return $url =explode('/',filter_var(rtrim($_GET['url'],'/'),FILTER_SANITIZE_URL));
}
}
}
The method itself must check if the parameters provided are valid and throw an exception if not. Afterwards just catch the exception and trigger and error page to be displayed.
Seems like you could use POST and $_POST, instead of GET. Then it won't matter if the user includes or alters parameters because your PHP will ignore them.
Related
I have a class with contact form validation and a trait with a function which creates a token which is used for the validation.
I have tried to follow some advice from other stackoverflow posts but still can't figure out how to pass that token to the validation class. If I remove the token from the validation process it works fine.
My trait:
trait TokenTrait
{
public $token;
function __construct ()
{
if (!isset($token)) {
return $this->token = bin2hex(random_bytes(64));
}
}
}
which is used in a class:
class Token
{
use TokenTrait;
}
Below a class with contact form validation. I have included only validation of the 'name' field for sake of simplicity. Also, I'm not including code for the function test_input() which is used here as it is irrelevant.
class ContactForm
{
use TokenTrait;
public $name;
public $name_error;
public $token;
function __construct()
{
$this->name = isset($_POST['name']) ? $_POST['name'] : null;
$this->name_error = isset($_POST['name_error']) ? $_POST['name_error'] : null;
$this->token = isset($_POST['token']) ? $_POST['token'] : null;
}
function validateContactForm()
{
if (!empty($this->token)) {
// Validate the token.
if (hash_equals($_SESSION['token'], $_POST['token'])) {
// If the token is valid proceed.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['submit'])) {
// Rest of the validating code which works if I remove above token
// or if I validate $_SESSION['token'] against itself.
}
}
}
}
}
}
And this is what i have in my view file:
$token_obj = new Token();
$token = $token_obj->token; // Variable used in a hidden input field in the contact `<form>` .
//The same token is stored in two different superglobals: POST and SESSION, which are validated against each other and if they don't match no message is not sent.
$_SESSION['token'] = $token;
// Declare variables used in the contact form.
$name = $email = $message = '';
$name_error = $email_error = $message_error = $result = '';
$contact_form_obj = new ContactForm();
$contact_form_obj->validateContactForm();
When I do var_dump($contact_form_obj), name is NULL, token is NULL.
When I press SUBMIT in my contact form nothing happens bacuse $_POST['token'] = NULL .
Like the comments pointed out, I think there are some problems with the approach that would likely rectify your issues. Try this:
trait TokenTrait
{
public $token = null;
function setToken()
{
if ($this->token === null) {
$this->token = bin2hex(random_bytes(64));
}
return $this->token;
}
}
class Token
{
use TokenTrait;
public function __construct() {
$this->setToken();
}
}
class ContactForm
{
use TokenTrait;
public $name;
public $name_error;
public $token;
public function __construct()
{
$this->name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING) ?: null;
$this->name_error = filter_input(INPUT_POST, 'name_error', FILTER_SANITIZE_STRING) ?: null;
$this->token = filter_input(INPUT_POST, 'token', FILTER_UNSAFE_RAW) ?: null;
}
public function validateContactForm()
{
if (!empty($this->token)) {
// Validate the token. No need to pull from post since you did that in construct
if (hash_equals($_SESSION['token'], $this->token)) {
// If the token is valid proceed.
if (getenv('REQUEST_METHOD') == 'POST') {
if (filter_input(INPUT_POST, 'submit') !== null) {
// Rest of the validating code which works if I remove above token
// or if I validate $_SESSION['token'] against itself.
}
}
}
}
}
}
Granted, I can't see where all the pieces, such as your TokenTrait, fit into your larger Web App, but I'd question it's usefulness in the ContactForm class.
I think I may have found the answer.
class Token
{
public $token;
function __construct()
{
$this->token = bin2hex(random_bytes(64));
}
}
$token_obj = new Token();
if (empty($_SESSION['token'])) {
$_SESSION['token'] = $token_obj->token;
}
$token = $_SESSION['token'];
If you don't validate $_SESSION['token'] first, it won't work.
Thank you guys for clarifying all this for me.
So in my application, suppose http://localhost:8888/mvc/user/login this is a URL.
so in this url user is my controller and login is the method in user controller and this is coded in my core files like this:
<?php
/**
*
*/
class Bootstrap
{
function __construct()
{
$url = isset($_GET['url'])?$_GET['url']:null;
$url = rtrim($url,'/');
$url = explode('/', $url);
//print_r($url);
if (empty($url[0])) {
require 'controllers/welcome.php';
$controller = new Welcome();
$controller->index();
return false;
}
$file = 'controllers/'.$url[0].'.php';
if (file_exists($file)) {
require $file;
} else {
$this->showError();
}
$controller = new $url[0];
//calling methods
if (isset($url[2])) {
if (method_exists($controller, $url[2])) {
$controller->{$url[1]}($url[2]);
} else {
$this->showError();
}
} else {
if(isset($url[1])){
if (method_exists($controller, $url[1])) {
$controller->{$url[1]}();
} else {
$this->showError();
}
} else {
$controller->index();
}
}
}
public function showError() {
require 'controllers/CustomError.php';
$controller = new CustomError();
$controller->index();
return false;
}
}
Now my issue is when i try to load css files in views my URL becomes like this:
http://localhost:8888/mvc/public/css/style.css
So now according to above code, it is assuming that public is a controller and CSS is a method. and it is giving an error.
So how can I solve this problem?
I hope you guys understood what is the problem.
Thanks.
try the following for your CSS file in head section of your view:
<link rel="stylesheet" type="text/css" href="http://localhost:8888/mvc/public/css/style.css">
I'm new to PHP. I'll like to check the scope of the variables I've used. In particular $model.
$model = new LoginModel();
$controller = new LoginController($model);
$view = new LoginView($controller, $model);
Attached below are codes I have written for logging in. A user would visit the page via GET /login.php then submits the form to POST /login.php?action=login. In this process the LoginModel is updated accordingly by LoginController.
I would like to use the $model that I have updated in later parts of the execution of the page. However, I noticed that $model is "reset" once the call returns from LoginController.login().
I'm not sure if it is because $model was passed by value in my case. Or if there is something else I'm doing wrong but I'm not aware of. Can anyone enlighten me on this?
<?php
class LoginModel {
public $username = "";
public $password = "";
public $message = "";
public $loginSuccess = false;
public function __construct() {
}
}
class LoginView {
private $model;
private $controller;
public function __construct($controller, $model) {
$this->controller = $controller;
$this->model = $model;
}
public function getUsernameField() {
return $this->makeInput("text", "username", "");
}
public function getPasswordField() {
return $this->makeInput("password", "password", "");
}
private function makeInput($type, $name, $value) {
$html = "<input type=\"$type\" name=\"$name\" value=\"$value\" />";
return $html;
}
}
class LoginController {
const HOME_URL = "http://localhost/";
private $model;
public function __construct($model) {
$this->model = $model;
}
public function login() {
$username = $_POST['username'];
$password = $_POST['password'];
if ($username === $password) {
$_SESSION['username'] = $username;
$model->username = $username;
$model->password = "";
$model->message = "Hello, $username!";
$model->loginSuccess = true;
header("Refresh: 3; URL=" + LoginController::HOME_URL);
} else {
$model->message = "Sorry, you have entered an invalid username-password pair.";
$model->loginSuccess = false;
}
}
public function handleHttpPost() {
if (isset($_GET['action'])) {
if ($_GET['action'] === 'login') {
$this->login();
}
} else {
// invalid request.
http_response_code(400);
die();
}
}
public function handleHttpGet() {
if (isset($_GET['action'])) {
// request for controller action
// No controller actions for HTTP GET
} else {
// display login page
}
}
public function redirectToHome() {
header("Location: " + LoginController::HOME_URL);
die();
}
}
$model = new LoginModel();
$controller = new LoginController($model);
$view = new LoginView($controller, $model);
if (isset($_SESSION['username'])) {
$controller->redirectToHome();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$controller->handleHttpPost();
} else if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$controller->handleHttpGet();
}
?>
<html>
<body>
<?php if ($model->loginSuccess) { ?>
<h1>Login Successful, Redirecting...</h1>
<p><?= $model->message; ?></p>
<?php
} else { ?>
<form action="login.php?action=login" method="POST">
Username: <br />
<?php echo $view->getUsernameField(); ?> <br/><br/>
Password: <br />
<?php echo $view->getPasswordField(); ?><br/><br/>
<input type="submit" value="Log In"/>
</form>
<p><?= $model->message; ?></p>
<?php
}?>
</body>
</html>
Update: Solved. Thanks #RiggsFolly for pointing it out.
Well, I got the wrong$model.
public function login() {
....
$model->username = $username; //referenced the wrong variable
$this->model->username = $username //should have done this.
}
Also, Thanks #Fred -ii-
(sorry I left you out)
public function login() {
....
header("Refresh: 3; URL=" + LoginController::HOME_URL); //not the right way to concat
header("Refresh: 3; URL=" . LoginController::HOME_URL); //should have been this.
}
Only a simple statement
for because $model was passed by value
We have an object in $model and pass it to the constructor
$controller = new LoginController($model);
it will be bound as reference to
$controller->model = $model.
Now we have an reference of the model in the controller.
If you know do (if possible, lets say yes) this: unset($controller->model);
you dont have killed the $model instance, you have just removed the reference to $model that was set before.
But now the other way around:
#create an object
$model = new stdClass();
#create the holder
$b=new stdClass();
#bind the first obj
$b->model=$model;
#unset the first object
$model=null;
unset($model);
#oooh, what it is still there
print_r($b->model);
Here we have not unset($model) for real, because php knows that the instance is used later. So php goes and kills the reference between $model and the real object, but not the reference between $b->model and the real object.
In a way the reference has moved vom one ref-pointer to the next.
Last thing about
By default, function arguments are passed by value (so that if the value of the argument within the function is changed, it does not get changed outside of the function).
that comes from php documentaion.
When here is written passed by value it means, how it will work.
But in the real process, it will copied in the moment when it is manipulated.
so it is passed by ref but act like passed by value and only objects will be always an reference until clone.
To keep the most important Infos in this answer:
For one thing, header("Refresh: 3; URL=" + LoginController::HOME_URL);
you're trying to concatenate with a + which in PHP it's a dot that
needs to be used. You seem to be coming from a C background, hence the
error.
Thanks to Fred -ii-
I'm trying to pass multiple parameters in a url that looks like this...
http://somedomain.com/lessons/lessondetails/5/3
... to a function in the controller that looks like this ...
class LessonsController extends Controller
{
public function lessonDetails($studentId, $editRow=NULL)
{
try {
$studentData = new StudentsModel();
$student = $studentData->getStudentById((int)$studentId);
$lessons = $studentData->getLessonsByStudentId((int)$studentId);
if ($lessons)
{
$this->_view->set('lessons', $lessons);
}
else
{
$this->_view->set('noLessons', 'There are no lessons currently scheduled.');
}
$this->_view->set('title', $student['first_name']);
$this->_view->set('student', $student);
return $this->_view->output();
} catch (Exception $e) {
echo "Application error: " . $e->getMessage();
}
}
}
But only the first parameter seems to pass successfully.
Not sure what to copy and paste here but here's the bootstrap.php...
$controller = "students";
$action = "index";
$query = null;
if (isset($_GET['load']))
{
$params = array();
$params = explode("/", $_GET['load']);
$controller = ucwords($params[0]);
if (isset($params[1]) && !empty($params[1]))
{
$action = $params[1];
}
if (isset($params[2]) && !empty($params[2]))
{
$query = $params[2];
}
}
$modelName = $controller;
$controller .= 'Controller';
$load = new $controller($modelName, $action);
if (method_exists($load, $action))
{
$load->{$action}($query);
}
else
{
die('Invalid method. Please check the URL.');
}
Thanks in advance!
Call $this->getRequest()->getParams() from your action controller and check if both parameters are there.
If NO, the problem lies with your routing.
If YES, the problem lies with passing the parameters to your controller method lessonDetails.
Also, lessondetailsAction is missing. (this will be the method called if you visit the url you posted)
Here is a code:
public function loginAction()
{
$form = new Application_Form_Login();
$this->view->form = $form;
if($this->_request->isPost())
{
self::$dataForm = $this->_request->getPost();
if($this->form->isValid(self::$dataForm))
{
return $this->_forward('authorization');
} else
{
$this->form->populate(self::$form);
}
}
}
public function authorizationAction()
{
if($this->_request->isPost())
{
$auth = Zend_Auth::getInstance();
$authAdapter = new Application_Model_User($this->user->getAdapter(),'user');
$authAdapter->setIdentityColumn('USERNAME')
->setCredentialColumn('PASSWORD');
$password = md5(self::$dataForm['password']);
$authAdapter->setIdentity(self::$dataForm['username']);
$authAdapter->setCredental($password);
$result = $auth->authenticate($authAdapter);
echo 'ok';
/*
if($result->isValid())
{
//$this->_forward('authorized', 'user');
echo 'ok';
}*/
}
}
Any idea why it does not work? I didn't get any error just blank page.
Shouldn't you be calling if($form->isValid(self::$dataForm)) ?
As far as I understand it is a bad idea to use the $this->_forward() as it calls the dispatch loop again.
Personally I would place the authorization code into a model class and pass it the username & password from the form.