zanex/ITL-Huge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Elias F.
2025-11-24 14:06:57 +01:00
commit 4fce91b055
81 changed files with 7718 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
application/controller/AdminController.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
class AdminController extends Controller
{
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
// special authentication check for the entire controller: Note the check-ADMIN-authentication!
// All methods inside this controller are only accessible for admins (= users that have role type 7)
Auth::checkAdminAuthentication();
}
/**
* This method controls what happens when you move to /admin or /admin/index in your app.
*/
public function index()
{
$this->View->render('admin/index', array(
'users' => UserModel::getPublicProfilesOfAllUsers())
);
}
public function actionAccountSettings()
{
AdminModel::setAccountSuspensionAndDeletionStatus(
Request::post('suspension'), Request::post('softDelete'), Request::post('user_id')
);
Redirect::to("admin");
}
}

26
application/controller/DashboardController.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
/**
* This controller shows an area that's only visible for logged in users (because of Auth::checkAuthentication(); in line 16)
*/
class DashboardController extends Controller
{
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
// this entire controller should only be visible/usable by logged in users, so we put authentication-check here
Auth::checkAuthentication();
}
/**
* This method controls what happens when you move to /dashboard/index in your app.
*/
public function index()
{
$this->View->render('dashboard/index');
}
}

28
application/controller/ErrorController.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
/**
* Class Error
* This controller simply contains some methods that can be used to give proper feedback in certain error scenarios,
* like a proper 404 response with an additional HTML page behind when something does not exist.
*/
class ErrorController extends Controller
{
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
}
/**
* Use this when something is not found. Gives back a proper 404 header response plus a normal page (where you could
* show a well-designed error message or something more useful for your users).
* You can see this in action in action in /core/Application.php -> __construct
*/
public function error404()
{
header('HTTP/1.0 404 Not Found', true, 404);
$this->View->render('error/404');
}
}

21
application/controller/IndexController.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
class IndexController extends Controller
{
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
}
/**
* Handles what happens when user moves to URL/index/index - or - as this is the default controller, also
* when user moves to /index or enter your application at base level
*/
public function index()
{
$this->View->render('index/index');
}
}

148
application/controller/LoginController.php Normal file
View File

@@ -0,0 +1,148 @@
<?php
/**
* LoginController
* Controls everything that is authentication-related
*/
class LoginController extends Controller
{
/**
* Construct this object by extending the basic Controller class. The parent::__construct thing is necessary to
* put checkAuthentication in here to make an entire controller only usable for logged-in users (for sure not
* needed in the LoginController).
*/
public function __construct()
{
parent::__construct();
}
/**
* Index, default action (shows the login form), when you do login/index
*/
public function index()
{
// if user is logged in redirect to main-page, if not show the view
if (LoginModel::isUserLoggedIn()) {
Redirect::home();
} else {
$data = array('redirect' => Request::get('redirect') ? Request::get('redirect') : null);
$this->View->render('login/index', $data);
}
}
/**
* The login action, when you do login/login
*/
public function login()
{
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
LoginModel::logout();
Redirect::home();
exit();
}
// perform the login method, put result (true or false) into $login_successful
$login_successful = LoginModel::login(
Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie')
);
// check login status: if true, then redirect user to user/index, if false, then to login form again
if ($login_successful) {
if (Request::post('redirect')) {
Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));
} else {
Redirect::to('user/index');
}
} else {
if (Request::post('redirect')) {
Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/'));
} else {
Redirect::to('login/index');
}
}
}
/**
* The logout action
* Perform logout, redirect user to main-page
*/
public function logout()
{
LoginModel::logout();
Redirect::home();
exit();
}
/**
* Login with cookie
*/
public function loginWithCookie()
{
// run the loginWithCookie() method in the login-model, put the result in $login_successful (true or false)
$login_successful = LoginModel::loginWithCookie(Request::cookie('remember_me'));
// if login successful, redirect to dashboard/index ...
if ($login_successful) {
Redirect::to('dashboard/index');
} else {
// if not, delete cookie (outdated? attack?) and route user to login form to prevent infinite login loops
LoginModel::deleteCookie();
Redirect::to('login/index');
}
}
/**
* Show the request-password-reset page
*/
public function requestPasswordReset()
{
$this->View->render('login/requestPasswordReset');
}
/**
* The request-password-reset action
* POST-request after form submit
*/
public function requestPasswordReset_action()
{
PasswordResetModel::requestPasswordReset(Request::post('user_name_or_email'), Request::post('captcha'));
Redirect::to('login/index');
}
/**
* Verify the verification token of that user (to show the user the password editing view or not)
* @param string $user_name username
* @param string $verification_code password reset verification token
*/
public function verifyPasswordReset($user_name, $verification_code)
{
// check if this the provided verification code fits the user's verification code
if (PasswordResetModel::verifyPasswordReset($user_name, $verification_code)) {
// pass URL-provided variable to view to display them
$this->View->render('login/resetPassword', array(
'user_name' => $user_name,
'user_password_reset_hash' => $verification_code
));
} else {
Redirect::to('login/index');
}
}
/**
* Set the new password
* Please note that this happens while the user is not logged in. The user identifies via the data provided by the
* password reset link from the email, automatically filled into the <form> fields. See verifyPasswordReset()
* for more. Then (regardless of result) route user to index page (user will get success/error via feedback message)
* POST request !
* TODO this is an _action
*/
public function setNewPassword()
{
PasswordResetModel::setNewPassword(
Request::post('user_name'), Request::post('user_password_reset_hash'),
Request::post('user_password_new'), Request::post('user_password_repeat')
);
Redirect::to('login/index');
}
}

77
application/controller/NoteController.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
/**
* The note controller: Just an example of simple create, read, update and delete (CRUD) actions.
*/
class NoteController extends Controller
{
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
// VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users
// need this line! Otherwise not-logged in users could do actions. If all of your pages should only
// be usable by logged-in users: Put this line into libs/Controller->__construct
Auth::checkAuthentication();
}
/**
* This method controls what happens when you move to /note/index in your app.
* Gets all notes (of the user).
*/
public function index()
{
$this->View->render('note/index', array(
'notes' => NoteModel::getAllNotes()
));
}
/**
* This method controls what happens when you move to /dashboard/create in your app.
* Creates a new note. This is usually the target of form submit actions.
* POST request.
*/
public function create()
{
NoteModel::createNote(Request::post('note_text'));
Redirect::to('note');
}
/**
* This method controls what happens when you move to /note/edit(/XX) in your app.
* Shows the current content of the note and an editing form.
* @param $note_id int id of the note
*/
public function edit($note_id)
{
$this->View->render('note/edit', array(
'note' => NoteModel::getNote($note_id)
));
}
/**
* This method controls what happens when you move to /note/editSave in your app.
* Edits a note (performs the editing after form submit).
* POST request.
*/
public function editSave()
{
NoteModel::updateNote(Request::post('note_id'), Request::post('note_text'));
Redirect::to('note');
}
/**
* This method controls what happens when you move to /note/delete(/XX) in your app.
* Deletes a note. In a real application a deletion via GET/URL is not recommended, but for demo purposes it's
* totally okay.
* @param int $note_id id of the note
*/
public function delete($note_id)
{
NoteModel::deleteNote($note_id);
Redirect::to('note');
}
}

39
application/controller/ProfileController.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
class ProfileController extends Controller
{
/**
* Construct this object by extending the basic Controller class
*/
public function __construct()
{
parent::__construct();
}
/**
* This method controls what happens when you move to /overview/index in your app.
* Shows a list of all users.
*/
public function index()
{
$this->View->render('profile/index', array(
'users' => UserModel::getPublicProfilesOfAllUsers())
);
}
/**
* This method controls what happens when you move to /overview/showProfile in your app.
* Shows the (public) details of the selected user.
* @param $user_id int id the the user
*/
public function showProfile($user_id)
{
if (isset($user_id)) {
$this->View->render('profile/showProfile', array(
'user' => UserModel::getPublicProfileOfUser($user_id))
);
} else {
Redirect::home();
}
}
}

74
application/controller/RegisterController.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
/**
* RegisterController
* Register new user
*/
class RegisterController extends Controller
{
/**
* Construct this object by extending the basic Controller class. The parent::__construct thing is necessary to
* put checkAuthentication in here to make an entire controller only usable for logged-in users (for sure not
* needed in the RegisterController).
*/
public function __construct()
{
parent::__construct();
}
/**
* Register page
* Show the register form, but redirect to main-page if user is already logged-in
*/
public function index()
{
if (LoginModel::isUserLoggedIn()) {
Redirect::home();
} else {
$this->View->render('register/index');
}
}
/**
* Register page action
* POST-request after form submit
*/
public function register_action()
{
$registration_successful = RegistrationModel::registerNewUser();
if ($registration_successful) {
Redirect::to('login/index');
} else {
Redirect::to('register/index');
}
}
/**
* Verify user after activation mail link opened
* @param int $user_id user's id
* @param string $user_activation_verification_code user's verification token
*/
public function verify($user_id, $user_activation_verification_code)
{
if (isset($user_id) && isset($user_activation_verification_code)) {
RegistrationModel::verifyNewUser($user_id, $user_activation_verification_code);
$this->View->render('register/verify');
} else {
Redirect::to('login/index');
}
}
/**
* Generate a captcha, write the characters into $_SESSION['captcha'] and returns a real image which will be used
* like this: <img src="......./login/showCaptcha" />
* IMPORTANT: As this action is called via <img ...> AFTER the real application has finished executing (!), the
* SESSION["captcha"] has no content when the application is loaded. The SESSION["captcha"] gets filled at the
* moment the end-user requests the <img .. >
* Maybe refactor this sometime.
*/
public function showCaptcha()
{
CaptchaModel::generateAndShowCaptcha();
}
}

157
application/controller/UserController.php Normal file
View File

@@ -0,0 +1,157 @@
<?php
/**
* UserController
* Controls everything that is user-related
*/
class UserController extends Controller
{
/**
* Construct this object by extending the basic Controller class.
*/
public function __construct()
{
parent::__construct();
// VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users
// need this line! Otherwise not-logged in users could do actions.
Auth::checkAuthentication();
}
/**
* Show user's PRIVATE profile
*/
public function index()
{
$this->View->render('user/index', array(
'user_name' => Session::get('user_name'),
'user_email' => Session::get('user_email'),
'user_gravatar_image_url' => Session::get('user_gravatar_image_url'),
'user_avatar_file' => Session::get('user_avatar_file'),
'user_account_type' => Session::get('user_account_type')
));
}
/**
* Show edit-my-username page
*/
public function editUsername()
{
$this->View->render('user/editUsername');
}
/**
* Edit user name (perform the real action after form has been submitted)
*/
public function editUsername_action()
{
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
LoginModel::logout();
Redirect::home();
exit();
}
UserModel::editUserName(Request::post('user_name'));
Redirect::to('user/editUsername');
}
/**
* Show edit-my-user-email page
*/
public function editUserEmail()
{
$this->View->render('user/editUserEmail');
}
/**
* Edit user email (perform the real action after form has been submitted)
*/
// make this POST
public function editUserEmail_action()
{
UserModel::editUserEmail(Request::post('user_email'));
Redirect::to('user/editUserEmail');
}
/**
* Edit avatar
*/
public function editAvatar()
{
$this->View->render('user/editAvatar', array(
'avatar_file_path' => AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))
));
}
/**
* Perform the upload of the avatar
* POST-request
*/
public function uploadAvatar_action()
{
AvatarModel::createAvatar();
Redirect::to('user/editAvatar');
}
/**
* Delete the current user's avatar
*/
public function deleteAvatar_action()
{
AvatarModel::deleteAvatar(Session::get("user_id"));
Redirect::to('user/editAvatar');
}
/**
* Show the change-account-type page
*/
public function changeUserRole()
{
$this->View->render('user/changeUserRole');
}
/**
* Perform the account-type changing
* POST-request
*/
public function changeUserRole_action()
{
if (Request::post('user_account_upgrade')) {
// "2" is quick & dirty account type 2, something like "premium user" maybe. you got the idea :)
UserRoleModel::changeUserRole(2);
}
if (Request::post('user_account_downgrade')) {
// "1" is quick & dirty account type 1, something like "basic user" maybe.
UserRoleModel::changeUserRole(1);
}
Redirect::to('user/changeUserRole');
}
/**
* Password Change Page
*/
public function changePassword()
{
$this->View->render('user/changePassword');
}
/**
* Password Change Action
* Submit form, if retured positive redirect to index, otherwise show the changePassword page again
*/
public function changePassword_action()
{
$result = PasswordResetModel::changePassword(
Session::get('user_name'), Request::post('user_password_current'),
Request::post('user_password_new'), Request::post('user_password_repeat')
);
if($result)
Redirect::to('user/index');
else
Redirect::to('user/changePassword');
}
}