mapguesser/public/index.php

<?php

require '../web.php';

$method = strtolower($_SERVER['REQUEST_METHOD']);
$url = substr($_SERVER['REQUEST_URI'], strlen('/'));
if (($pos = strpos($url, '?')) !== false) {
    $url = substr($url, 0, $pos);
}
$url = rawurldecode($url);

$match = Container::$routeCollection->match($method, explode('/', $url));

if ($match !== null) {
    list($route, $params) = $match;

    Container::$request->setParsedRouteParams($params);

    $handler = $route->getHandler();
    $controller = new $handler[0](Container::$request);

    if ($controller instanceof MapGuesser\Interfaces\Authorization\ISecured) {
        $authorized = $controller->authorize();
    } else {
        $authorized = true;
    }

    if ($method === 'post' && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
        header('Content-Type: text/html; charset=UTF-8', true, 403);
        echo json_encode(['error' => 'no_valid_anti_csrf_token']);
        return;
    }

    if ($authorized) {
        $response = call_user_func([$controller, $handler[1]]);

        if ($response instanceof MapGuesser\Interfaces\Response\IContent) {
            header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
            echo $response->render();

            return;
        } elseif ($response instanceof MapGuesser\Interfaces\Response\IRedirect) {
            header('Location: ' . $response->getUrl(), true, $response->getHttpCode());

            return;
        }
    }
}

header('Content-Type: text/html; charset=UTF-8', true, 404);
require ROOT . '/views/error/404.php';
MAPG-3 create basic contoller functionality 2020-05-17 22:30:22 +02:00			`<?php`

MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00			`require '../web.php';`
MAPG-3 create basic contoller functionality 2020-05-17 22:30:22 +02:00
MAPG-86 adapt index.php to the new routing structure 2020-05-31 20:44:45 +02:00			`$method = strtolower($_SERVER['REQUEST_METHOD']);`
			`$url = substr($_SERVER['REQUEST_URI'], strlen('/'));`
MAPG-47 make possible to pass GET parameters to URL 2020-05-25 18:52:31 +02:00			`if (($pos = strpos($url, '?')) !== false) {`
			`$url = substr($url, 0, $pos);`
			`}`
MAPG-86 adapt index.php to the new routing structure 2020-05-31 20:44:45 +02:00			`$url = rawurldecode($url);`

			`$match = Container::$routeCollection->match($method, explode('/', $url));`
MAPG-10 adapt index.php to the new view-controller concept add GetNewPosition's route to index.php 2020-05-19 03:19:23 +02:00
MAPG-86 adapt index.php to the new routing structure 2020-05-31 20:44:45 +02:00			`if ($match !== null) {`
			`list($route, $params) = $match;`
MAPG-10 adapt index.php to the new view-controller concept add GetNewPosition's route to index.php 2020-05-19 03:19:23 +02:00
MAPG-69 initialize Request earlier add Request to global Container add base URL to Request 2020-06-14 17:11:48 +02:00			`Container::$request->setParsedRouteParams($params);`
MAPG-86 adapt index.php to the new routing structure 2020-05-31 20:44:45 +02:00
MAPG-115 adapt existing controllers to the new request classes 2020-06-09 00:56:00 +02:00			`$handler = $route->getHandler();`
MAPG-69 initialize Request earlier add Request to global Container add base URL to Request 2020-06-14 17:11:48 +02:00			`$controller = new $handler[0](Container::$request);`
MAPG-115 make possible to secure controllers 2020-06-07 23:37:01 +02:00
			`if ($controller instanceof MapGuesser\Interfaces\Authorization\ISecured) {`
			`$authorized = $controller->authorize();`
			`} else {`
			`$authorized = true;`
			`}`

MAPG-69 initialize Request earlier add Request to global Container add base URL to Request 2020-06-14 17:11:48 +02:00			`if ($method === 'post' && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {`
MAPG-133 add basic CSRF protection to server side 2020-06-13 22:38:30 +02:00			`header('Content-Type: text/html; charset=UTF-8', true, 403);`
			`echo json_encode(['error' => 'no_valid_anti_csrf_token']);`
			`return;`
			`}`

MAPG-115 make possible to secure controllers 2020-06-07 23:37:01 +02:00			`if ($authorized) {`
MAPG-115 adapt existing controllers to the new request classes 2020-06-09 00:56:00 +02:00			`$response = call_user_func([$controller, $handler[1]]);`
MAPG-115 make possible to secure controllers 2020-06-07 23:37:01 +02:00
			`if ($response instanceof MapGuesser\Interfaces\Response\IContent) {`
			`header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');`
			`echo $response->render();`

			`return;`
			`} elseif ($response instanceof MapGuesser\Interfaces\Response\IRedirect) {`
MAPG-69 make Redirect able to redirect to external sources 2020-06-21 01:27:37 +02:00			`header('Location: ' . $response->getUrl(), true, $response->getHttpCode());`
MAPG-115 make possible to secure controllers 2020-06-07 23:37:01 +02:00
			`return;`
			`}`
MAPG-86 adapt index.php to the new routing structure 2020-05-31 20:44:45 +02:00			`}`
			`}`
MAPG-115 make possible to secure controllers 2020-06-07 23:37:01 +02:00
			`header('Content-Type: text/html; charset=UTF-8', true, 404);`
			`require ROOT . '/views/error/404.php';`