diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/.htaccess | 1 | ||||
| -rw-r--r-- | core/event.php | 124 | ||||
| -rw-r--r-- | core/helper.php | 242 | ||||
| -rw-r--r-- | core/registry.php | 79 | ||||
| -rw-r--r-- | core/request.php | 46 | ||||
| -rw-r--r-- | core/response.php | 139 | ||||
| -rw-r--r-- | core/router.php | 59 | ||||
| -rw-r--r-- | core/session.php | 56 | ||||
| -rw-r--r-- | core/template.php | 40 | ||||
| -rw-r--r-- | core/translator.php | 122 |
10 files changed, 908 insertions, 0 deletions
diff --git a/core/.htaccess b/core/.htaccess new file mode 100644 index 00000000..14249c50 --- /dev/null +++ b/core/.htaccess @@ -0,0 +1 @@ +Deny from all
\ No newline at end of file diff --git a/core/event.php b/core/event.php new file mode 100644 index 00000000..7addb41d --- /dev/null +++ b/core/event.php @@ -0,0 +1,124 @@ +<?php + +namespace Core; + +/** + * Event listener interface + * + * @package core + * @author Frederic Guillot + */ +interface Listener { + public function execute(array $data); +} + +/** + * Event dispatcher class + * + * @package core + * @author Frederic Guillot + */ +class Event +{ + /** + * Contains all listeners + * + * @access private + * @var array + */ + private $listeners = array(); + + /** + * The last triggered event + * + * @access private + * @var string + */ + private $lastEvent = ''; + + /** + * Triggered events list + * + * @access private + * @var array + */ + private $events = array(); + + /** + * Attach a listener object to an event + * + * @access public + * @param string $eventName Event name + * @param Listener $listener Object that implements the Listener interface + */ + public function attach($eventName, Listener $listener) + { + if (! isset($this->listeners[$eventName])) { + $this->listeners[$eventName] = array(); + } + + $this->listeners[$eventName][] = $listener; + } + + /** + * Trigger an event + * + * @access public + * @param string $eventName Event name + * @param array $data Event data + */ + public function trigger($eventName, array $data) + { + $this->lastEvent = $eventName; + $this->events[] = $eventName; + + if (isset($this->listeners[$eventName])) { + foreach ($this->listeners[$eventName] as $listener) { + $listener->execute($data); // TODO: keep an history of executed actions for unit test + } + } + } + + /** + * Get the last fired event + * + * @access public + * @return string Event name + */ + public function getLastTriggeredEvent() + { + return $this->lastEvent; + } + + /** + * Get a list of triggered events + * + * @access public + * @return array + */ + public function getTriggeredEvents() + { + return $this->events; + } + + /** + * Check if a listener bind to an event + * + * @access public + * @param string $eventName Event name + * @param mixed $instance Instance name or object itself + * @return bool Yes or no + */ + public function hasListener($eventName, $instance) + { + if (isset($this->listeners[$eventName])) { + foreach ($this->listeners[$eventName] as $listener) { + if ($listener instanceof $instance) { + return true; + } + } + } + + return false; + } +} diff --git a/core/helper.php b/core/helper.php new file mode 100644 index 00000000..e4ad26f1 --- /dev/null +++ b/core/helper.php @@ -0,0 +1,242 @@ +<?php + +namespace Helper; + +function is_current_user($user_id) +{ + return $_SESSION['user']['id'] == $user_id; +} + +function is_admin() +{ + return $_SESSION['user']['is_admin'] == 1; +} + +function markdown($text) +{ + require_once __DIR__.'/../vendor/Michelf/MarkdownExtra.inc.php'; + + $parser = new \Michelf\MarkdownExtra; + $parser->no_markup = true; + $parser->no_entities = true; + + return $parser->transform($text); +} + +function get_current_base_url() +{ + $url = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; + $url .= $_SERVER['SERVER_NAME']; + $url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT']; + $url .= dirname($_SERVER['PHP_SELF']) !== '/' ? dirname($_SERVER['PHP_SELF']).'/' : '/'; + + return $url; +} + +function escape($value) +{ + return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false); +} + +function flash($html) +{ + $data = ''; + + if (isset($_SESSION['flash_message'])) { + $data = sprintf($html, escape($_SESSION['flash_message'])); + unset($_SESSION['flash_message']); + } + + return $data; +} + +function flash_error($html) +{ + $data = ''; + + if (isset($_SESSION['flash_error_message'])) { + $data = sprintf($html, escape($_SESSION['flash_error_message'])); + unset($_SESSION['flash_error_message']); + } + + return $data; +} + +function format_bytes($size, $precision = 2) +{ + $base = log($size) / log(1024); + $suffixes = array('', 'k', 'M', 'G', 'T'); + + return round(pow(1024, $base - floor($base)), $precision).$suffixes[floor($base)]; +} + +function get_host_from_url($url) +{ + return escape(parse_url($url, PHP_URL_HOST)) ?: $url; +} + +function summary($value, $min_length = 5, $max_length = 120, $end = '[...]') +{ + $length = strlen($value); + + if ($length > $max_length) { + return substr($value, 0, strpos($value, ' ', $max_length)).' '.$end; + } + else if ($length < $min_length) { + return ''; + } + + return $value; +} + +function contains($haystack, $needle) +{ + return strpos($haystack, $needle) !== false; +} + +function in_list($id, array $listing) +{ + if (isset($listing[$id])) { + return escape($listing[$id]); + } + + return '?'; +} + +function error_class(array $errors, $name) +{ + return ! isset($errors[$name]) ? '' : ' form-error'; +} + +function error_list(array $errors, $name) +{ + $html = ''; + + if (isset($errors[$name])) { + + $html .= '<ul class="form-errors">'; + + foreach ($errors[$name] as $error) { + $html .= '<li>'.escape($error).'</li>'; + } + + $html .= '</ul>'; + } + + return $html; +} + +function form_value($values, $name) +{ + if (isset($values->$name)) { + return 'value="'.escape($values->$name).'"'; + } + + return isset($values[$name]) ? 'value="'.escape($values[$name]).'"' : ''; +} + +function form_hidden($name, $values = array()) +{ + return '<input type="hidden" name="'.$name.'" id="form-'.$name.'" '.form_value($values, $name).'/>'; +} + +function form_default_select($name, array $options, $values = array(), array $errors = array(), $class = '') +{ + $options = array('' => '?') + $options; + return form_select($name, $options, $values, $errors, $class); +} + +function form_select($name, array $options, $values = array(), array $errors = array(), $class = '') +{ + $html = '<select name="'.$name.'" id="form-'.$name.'" class="'.$class.'">'; + + foreach ($options as $id => $value) { + + $html .= '<option value="'.escape($id).'"'; + + if (isset($values->$name) && $id == $values->$name) $html .= ' selected="selected"'; + if (isset($values[$name]) && $id == $values[$name]) $html .= ' selected="selected"'; + + $html .= '>'.escape($value).'</option>'; + } + + $html .= '</select>'; + $html .= error_list($errors, $name); + + return $html; +} + +function form_radios($name, array $options, array $values = array()) +{ + $html = ''; + + foreach ($options as $value => $label) { + $html .= form_radio($name, $label, $value, isset($values[$name]) && $values[$name] == $value); + } + + return $html; +} + +function form_radio($name, $label, $value, $selected = false, $class = '') +{ + return '<label><input type="radio" name="'.$name.'" class="'.$class.'" value="'.escape($value).'" '.($selected ? 'selected="selected"' : '').'>'.escape($label).'</label>'; +} + +function form_checkbox($name, $label, $value, $checked = false, $class = '') +{ + return '<label><input type="checkbox" name="'.$name.'" class="'.$class.'" value="'.escape($value).'" '.($checked ? 'checked="checked"' : '').'> '.escape($label).'</label>'; +} + +function form_label($label, $name, $class = '') +{ + return '<label for="form-'.$name.'" class="'.$class.'">'.escape($label).'</label>'; +} + +function form_textarea($name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + $class .= error_class($errors, $name); + + $html = '<textarea name="'.$name.'" id="form-'.$name.'" class="'.$class.'" '; + $html .= implode(' ', $attributes).'>'; + $html .= isset($values->$name) ? escape($values->$name) : isset($values[$name]) ? $values[$name] : ''; + $html .= '</textarea>'; + $html .= error_list($errors, $name); + + return $html; +} + +function form_input($type, $name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + $class .= error_class($errors, $name); + + $html = '<input type="'.$type.'" name="'.$name.'" id="form-'.$name.'" '.form_value($values, $name).' class="'.$class.'" '; + $html .= implode(' ', $attributes).'/>'; + $html .= error_list($errors, $name); + + return $html; +} + +function form_text($name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + return form_input('text', $name, $values, $errors, $attributes, $class); +} + +function form_password($name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + return form_input('password', $name, $values, $errors, $attributes, $class); +} + +function form_email($name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + return form_input('email', $name, $values, $errors, $attributes, $class); +} + +function form_date($name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + return form_input('date', $name, $values, $errors, $attributes, $class); +} + +function form_number($name, $values = array(), array $errors = array(), array $attributes = array(), $class = '') +{ + return form_input('number', $name, $values, $errors, $attributes, $class); +} diff --git a/core/registry.php b/core/registry.php new file mode 100644 index 00000000..f11d427c --- /dev/null +++ b/core/registry.php @@ -0,0 +1,79 @@ +<?php + +namespace Core; + +/** + * The registry class is a dependency injection container + * + * @package core + * @author Frederic Guillot + */ +class Registry +{ + /** + * Contains all dependencies + * + * @access private + * @var array + */ + private $container = array(); + + /** + * Contains all instances + * + * @access private + * @var array + */ + private $instances = array(); + + /** + * Set a dependency + * + * @access public + * @param string $name Unique identifier for the service/parameter + * @param mixed $value The value of the parameter or a closure to define an object + */ + public function __set($name, $value) + { + $this->container[$name] = $value; + } + + /** + * Get a dependency + * + * @access public + * @param string $name Unique identifier for the service/parameter + * @return mixed The value of the parameter or an object + * @throws RuntimeException If the identifier is not found + */ + public function __get($name) + { + if (isset($this->container[$name])) { + + if (is_callable($this->container[$name])) { + return $this->container[$name](); + } + else { + return $this->container[$name]; + } + } + + throw new \RuntimeException('Identifier not found in the registry: '.$name); + } + + /** + * Return a shared instance of a dependency + * + * @access public + * @param string $name Unique identifier for the service/parameter + * @return mixed Same object instance of the dependency + */ + public function shared($name) + { + if (! isset($this->instances[$name])) { + $this->instances[$name] = $this->$name; + } + + return $this->instances[$name]; + } +} diff --git a/core/request.php b/core/request.php new file mode 100644 index 00000000..b2c3e12e --- /dev/null +++ b/core/request.php @@ -0,0 +1,46 @@ +<?php + +namespace Core; + +class Request +{ + public function getStringParam($name, $default_value = '') + { + return isset($_GET[$name]) ? $_GET[$name] : $default_value; + } + + public function getIntegerParam($name, $default_value = 0) + { + return isset($_GET[$name]) && ctype_digit($_GET[$name]) ? (int) $_GET[$name] : $default_value; + } + + public function getValue($name) + { + $values = $this->getValues(); + return isset($values[$name]) ? $values[$name] : null; + } + + public function getValues() + { + if (! empty($_POST)) return $_POST; + + $result = json_decode($this->getBody(), true); + if ($result) return $result; + + return array(); + } + + public function getBody() + { + return file_get_contents('php://input'); + } + + public function getFileContent($name) + { + if (isset($_FILES[$name])) { + return file_get_contents($_FILES[$name]['tmp_name']); + } + + return ''; + } +} diff --git a/core/response.php b/core/response.php new file mode 100644 index 00000000..4a00ed79 --- /dev/null +++ b/core/response.php @@ -0,0 +1,139 @@ +<?php + +namespace Core; + +class Response +{ + public function forceDownload($filename) + { + header('Content-Disposition: attachment; filename="'.$filename.'"'); + } + + public function status($status_code) + { + if (strpos(php_sapi_name(), 'apache') !== false) { + header('HTTP/1.0 '.$status_code); + } + else { + header('Status: '.$status_code); + } + } + + public function redirect($url) + { + header('Location: '.$url); + exit; + } + + public function json(array $data, $status_code = 200) + { + $this->status($status_code); + + header('Content-Type: application/json'); + echo json_encode($data); + + exit; + } + + public function text($data, $status_code = 200) + { + $this->status($status_code); + + header('Content-Type: text/plain; charset=utf-8'); + echo $data; + + exit; + } + + public function html($data, $status_code = 200) + { + $this->status($status_code); + + header('Content-Type: text/html; charset=utf-8'); + echo $data; + + exit; + } + + public function xml($data, $status_code = 200) + { + $this->status($status_code); + + header('Content-Type: text/xml; charset=utf-8'); + echo $data; + + exit; + } + + public function js($data, $status_code = 200) + { + $this->status($status_code); + + header('Content-Type: text/javascript; charset=utf-8'); + echo $data; + + exit; + } + + public function binary($data, $status_code = 200) + { + $this->status($status_code); + + header('Content-Transfer-Encoding: binary'); + header('Content-Type: application/octet-stream'); + echo $data; + + exit; + } + + public function csp(array $policies = array()) + { + $policies['default-src'] = "'self'"; + $values = ''; + + foreach ($policies as $policy => $hosts) { + + if (is_array($hosts)) { + + $acl = ''; + + foreach ($hosts as &$host) { + + if ($host === '*' || $host === 'self' || strpos($host, 'http') === 0) { + $acl .= $host.' '; + } + } + } + else { + + $acl = $hosts; + } + + $values .= $policy.' '.trim($acl).'; '; + } + + header('Content-Security-Policy: '.$values); + } + + public function nosniff() + { + header('X-Content-Type-Options: nosniff'); + } + + public function xss() + { + header('X-XSS-Protection: 1; mode=block'); + } + + public function hsts() + { + if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { + header('Strict-Transport-Security: max-age=31536000'); + } + } + + public function xframe($mode = 'DENY', array $urls = array()) + { + header('X-Frame-Options: '.$mode.' '.implode(' ', $urls)); + } +} diff --git a/core/router.php b/core/router.php new file mode 100644 index 00000000..5a27276c --- /dev/null +++ b/core/router.php @@ -0,0 +1,59 @@ +<?php + +namespace Core; + +require __DIR__.'/request.php'; +require __DIR__.'/response.php'; +require __DIR__.'/session.php'; +require __DIR__.'/template.php'; + +class Router +{ + private $controller = ''; + private $action = ''; + private $registry; + + public function __construct(Registry $registry, $controller = '', $action = '') + { + $this->registry = $registry; + $this->controller = empty($_GET['controller']) ? $controller : $_GET['controller']; + $this->action = empty($_GET['action']) ? $controller : $_GET['action']; + } + + public function sanitize($value, $default_value) + { + return ! ctype_alpha($value) || empty($value) ? $default_value : strtolower($value); + } + + public function load($filename, $class, $method) + { + if (file_exists($filename)) { + + require $filename; + + if (! method_exists($class, $method)) return false; + + $instance = new $class($this->registry); + $instance->request = new Request; + $instance->response = new Response; + $instance->session = new Session; + $instance->template = new Template; + $instance->beforeAction($this->controller, $this->action); + $instance->$method(); + + return true; + } + + return false; + } + + public function execute() + { + $this->controller = $this->sanitize($this->controller, 'app'); + $this->action = $this->sanitize($this->action, 'index'); + + if (! $this->load('controllers/'.$this->controller.'.php', '\Controller\\'.$this->controller, $this->action)) { + die('Page not found!'); + } + } +} diff --git a/core/session.php b/core/session.php new file mode 100644 index 00000000..7fe8e0c1 --- /dev/null +++ b/core/session.php @@ -0,0 +1,56 @@ +<?php + +namespace Core; + +class Session +{ + const SESSION_LIFETIME = 2678400; // 31 days + + public function open($base_path = '/', $save_path = '') + { + if ($save_path !== '') session_save_path($save_path); + + // HttpOnly and secure flags for session cookie + session_set_cookie_params( + self::SESSION_LIFETIME, + $base_path ?: '/', + null, + isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on', + true + ); + + // Avoid session id in the URL + ini_set('session.use_only_cookies', true); + + // Ensure session ID integrity + ini_set('session.entropy_file', '/dev/urandom'); + ini_set('session.entropy_length', '32'); + ini_set('session.hash_bits_per_character', 6); + + // Custom session name + session_name('__S'); + + session_start(); + + // Regenerate the session id to avoid session fixation issue + if (empty($_SESSION['__validated'])) { + session_regenerate_id(true); + $_SESSION['__validated'] = 1; + } + } + + public function close() + { + session_destroy(); + } + + public function flash($message) + { + $_SESSION['flash_message'] = $message; + } + + public function flashError($message) + { + $_SESSION['flash_error_message'] = $message; + } +} diff --git a/core/template.php b/core/template.php new file mode 100644 index 00000000..ad31ffb7 --- /dev/null +++ b/core/template.php @@ -0,0 +1,40 @@ +<?php + +namespace Core; + +class Template +{ + const PATH = 'templates/'; + + // Template\load('template_name', ['bla' => 'value']); + public function load() + { + if (func_num_args() < 1 || func_num_args() > 2) { + die('Invalid template arguments'); + } + + if (! file_exists(self::PATH.func_get_arg(0).'.php')) { + die('Unable to load the template: "'.func_get_arg(0).'"'); + } + + if (func_num_args() === 2) { + + if (! is_array(func_get_arg(1))) { + die('Template variables must be an array'); + } + + extract(func_get_arg(1)); + } + + ob_start(); + + include self::PATH.func_get_arg(0).'.php'; + + return ob_get_clean(); + } + + public function layout($template_name, array $template_args = array(), $layout_name = 'layout') + { + return $this->load($layout_name, $template_args + array('content_for_layout' => $this->load($template_name, $template_args))); + } +} diff --git a/core/translator.php b/core/translator.php new file mode 100644 index 00000000..75d40a23 --- /dev/null +++ b/core/translator.php @@ -0,0 +1,122 @@ +<?php + +namespace Translator { + + const PATH = 'locales/'; + + function translate($identifier) + { + $args = \func_get_args(); + + \array_shift($args); + \array_unshift($args, get($identifier, $identifier)); + + foreach ($args as &$arg) { + $arg = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8', false); + } + + return \call_user_func_array( + 'sprintf', + $args + ); + } + + function number($number) + { + return number_format( + $number, + get('number.decimals', 2), + get('number.decimals_separator', '.'), + get('number.thousands_separator', ',') + ); + } + + function currency($amount) + { + $position = get('currency.position', 'before'); + $symbol = get('currency.symbol', '$'); + $str = ''; + + if ($position === 'before') { + $str .= $symbol; + } + + $str .= number($amount); + + if ($position === 'after') { + $str .= ' '.$symbol; + } + + return $str; + } + + function datetime($format, $timestamp) + { + return strftime(get($format, $format), (int) $timestamp); + } + + function get($identifier, $default = '') + { + $locales = container(); + + if (isset($locales[$identifier])) { + return $locales[$identifier]; + } + else { + return $default; + } + } + + function load($language) + { + setlocale(LC_TIME, $language.'.UTF-8'); + + $path = PATH.$language; + $locales = array(); + + if (is_dir($path)) { + + $dir = new \DirectoryIterator($path); + + foreach ($dir as $fileinfo) { + + if (strpos($fileinfo->getFilename(), '.php') !== false) { + $locales = array_merge($locales, include $fileinfo->getPathname()); + } + } + } + + container($locales); + } + + function container($locales = null) + { + static $values = array(); + + if ($locales !== null) { + $values = $locales; + } + + return $values; + } +} + + +namespace { + + function t() { + return call_user_func_array('\Translator\translate', func_get_args()); + } + + function c() { + return call_user_func_array('\Translator\currency', func_get_args()); + } + + function n() { + return call_user_func_array('\Translator\number', func_get_args()); + } + + function dt() { + return call_user_func_array('\Translator\datetime', func_get_args()); + } +} |