Amélioration de la classe Forms() et de son utilisation. + Persistanc…

…e sécurité (Ip bannies)
fkeloks · Aug 7, 2017 · b1a8619 · b1a8619
1 parent c6639a2
commit b1a8619
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 33 deletions.
diff --git a/config/security.php b/config/security.php
@@ -8,7 +8,6 @@
     'authPage'     => 'login.twig',
     'authAccounts' => [],
 
-    'checkPermissions' => true,
-    'ipBan'            => []
+    'checkPermissions' => false
 
 ];
diff --git a/core/Application/App.php → core/Application/app.php b/core/Application/App.php → core/Application/app.php
@@ -120,7 +120,7 @@ public function debug($item): bool {
     }
 
     public function pushToDebugBar() {
-        \BDSCore\Debug\debugBar::pushElement('DebugInFile', ($this->globalConfig['debugFile']) ? 'true' : 'false');
+        \BDSCore\Debug\debugBar::pushElement('showExceptions', ($this->globalConfig['showExceptions']) ? 'true' : 'false');
         \BDSCore\Debug\debugBar::pushElement('Locale', $this->globalConfig['locale']);
         \BDSCore\Debug\debugBar::pushElement('Timezone', $this->globalConfig['timezone']);
     }

diff --git a/core/Forms/forms.php b/core/Forms/forms.php
@@ -87,19 +87,34 @@ private function checkLength(string $element, array $method, string $item, array
         return true;
     }
 
+    /**
+     * @param string $method
+     * @return string
+     * @throws FormsException
+     */
+    private function convertAndGetMethod(string $method) {
+        $method = strtolower($method);
+        if ($this->method == 'get') {
+            $method = $_GET;
+        } elseif ($this->method == 'post') {
+            $method = $_POST;
+        } else {
+            throw new FormsException('The form method is invalid or unsupported.');
+        }
+
+        return $method;
+    }
+
     /**
      * @return bool
      * @throws FormsException
      */
     public function validate(): bool {
         if (!empty($this->method) && !empty($this->configuration)) {
-            ($this->method == 'get' || $this->method == 'GET') ? $method = $_GET : null;
-            ($this->method == 'post' || $this->method == 'POST') ? $method = $_POST : null;
+            $method = $this->convertAndGetMethod($this->method);
             $i = 0;
             foreach ($this->configuration as $c => $r) {
-                if ($c === $i) {
-                    $c = $r;
-                }
+                ($c === $i) ? $c = $r : null;
                 if (!isset($method[$c])) {
                     return false;
                 } else {
@@ -116,33 +131,28 @@ public function validate(): bool {
                                 if (!$this->checkType($method[$c], $r['type'])) {
                                     return false;
                                 }
-                                $this->results[$c] = $method[$c];
                             }
                             if (isset($r['min-length']) || isset($r['max-length'])) {
                                 if (!$this->checkLength($c, $method, $method[$c], $r)) {
                                     return false;
                                 }
-                                $this->results[$c] = $method[$c];
                             }
                             if (isset($r['value'])) {
                                 if ($method[$c] !== $r['value']) {
                                     return false;
                                 }
-                                $this->results[$c] = $method[$c];
                             }
                             if (isset($r['keyIncludedIn'])) {
                                 if (!array_key_exists($method[$c], $r['keyIncludedIn'])) {
                                     return false;
                                 }
-                                $this->results[$c] = $method[$c];
                             }
                             if (isset($r['filter'])) {
                                 ($r['filter'] == 'email') ? $r['filter'] = FILTER_VALIDATE_EMAIL : null;
                                 ($r['filter'] == 'url') ? $r['filter'] = FILTER_VALIDATE_URL : null;
                                 if (!filter_var($method[$c], $r['filter'])) {
                                     return false;
                                 }
-                                $this->results[$c] = $method[$c];
                             }
                             $changes = array_diff(array_keys($r), [
                                 'type',
@@ -155,6 +165,7 @@ public function validate(): bool {
                             if (!empty($changes)) {
                                 throw new FormsException('A bad parameter was passed to the instantiation of the Form() class: "' . current($changes) . '".');
                             }
+                            $this->results[$c] = $method[$c];
                         }
                     }
                 }
@@ -170,10 +181,20 @@ public function validate(): bool {
     }
 
     /**
+     * @param bool $convertHtmlSpecialChars
      * @return array
      */
-    public function getResults(): array {
-        return $this->results;
+    public function getResults($convertHtmlSpecialChars = true): array {
+        if ($convertHtmlSpecialChars) {
+            $results = [];
+            foreach ($this->results as $result) {
+                (is_string($result)) ? array_push($results, htmlspecialchars($result)) : null;
+            }
+
+            return $results;
+        } else {
+            return $this->results;
+        }
     }
 
 }
diff --git a/core/Security/security.php b/core/Security/security.php
@@ -9,35 +9,42 @@
 class Security
 {
 
-
-    /**
-     * @var array
-     */
-    private $ipBan = [];
-
-    public function __construct() {
-        $this->ipBan = \BDSCore\Config\Config::getSecurityConfig('ipBan');
-    }
-
     /**
+     * @param string|null $ip
      * @return bool
      */
-    public function checkIp(): bool {
-        if (in_array($_SERVER['REMOTE_ADDR'], $this->ipBan)) {
+    public function checkIp(string $ip = null): bool {
+        $ip = (!is_null($ip)) ? $ip : $_SERVER['REMOTE_ADDR'];
+        $ipBan = json_decode(file_get_contents('./storage/framework/IPBanners.json'));
+        if (in_array($ip, $ipBan)) {
             return true;
         }
 
         return false;
     }
 
-    public function banIp() {
-        array_push($this->ipBan, $_SERVER['REMOTE_ADDR']);
+    /**
+     * @param string $ip
+     */
+    public function banIp(string $ip = null) {
+        $ip = (!is_null($ip)) ? $ip : $_SERVER['REMOTE_ADDR'];
+        $ipBan = json_decode(file_get_contents('./storage/framework/IPBanners.json'));
+        if (!in_array($ip, $ipBan)) {
+            array_push($ipBan, $ip);
+        }
+        file_put_contents('./storage/framework/IPBanners.json', json_encode($ipBan));
     }
 
-    public function allowIp() {
-        $key = array_search($_SERVER['REMOTE_ADDR'], $this->ipBan);
+    /**
+     * @param string|null $ip
+     */
+    public function allowIp(string $ip = null) {
+        $ip = (!is_null($ip)) ? $ip : $_SERVER['REMOTE_ADDR'];
+        $ipBan = json_decode(file_get_contents('./storage/framework/IPBanners.json'));
+        $key = array_search($ip, $ipBan);
         if ($key !== false) {
-            unset($this->ipBan[$key]);
+            unset($ipBan[$key]);
+            file_put_contents('./storage/framework/IPBanners.json', json_encode($ipBan));
         }
     }
 
@@ -46,7 +53,7 @@ public function allowIp() {
      */
     private function returnError(int $errorCode) {
         try {
-            \BDSCore\Errors::returnError($errorCode);
+            \BDSCore\Errors\Errors::returnError($errorCode);
         } catch (\Exception $e) {
             die('-[ Not allowed -]');
         }

diff --git a/storage/framework/IPBanners.json b/storage/framework/IPBanners.json
@@ -0,0 +1 @@
+[]