diff --git a/config/security.php b/config/security.php index dee32dc..6d30d59 100644 --- a/config/security.php +++ b/config/security.php @@ -8,7 +8,6 @@ 'authPage' => 'login.twig', 'authAccounts' => [], - 'checkPermissions' => true, - 'ipBan' => [] + 'checkPermissions' => false ]; \ No newline at end of file diff --git a/core/Application/App.php b/core/Application/app.php similarity index 97% rename from core/Application/App.php rename to core/Application/app.php index 8ffb684..2d34c10 100644 --- a/core/Application/App.php +++ b/core/Application/app.php @@ -120,7 +120,7 @@ public function debug($item): bool { } public function pushToDebugBar() { - \BDSCore\Debug\debugBar::pushElement('DebugInFile', ($this->globalConfig['debugFile']) ? 'true' : 'false'); + \BDSCore\Debug\debugBar::pushElement('showExceptions', ($this->globalConfig['showExceptions']) ? 'true' : 'false'); \BDSCore\Debug\debugBar::pushElement('Locale', $this->globalConfig['locale']); \BDSCore\Debug\debugBar::pushElement('Timezone', $this->globalConfig['timezone']); } diff --git a/core/Forms/forms.php b/core/Forms/forms.php index fd1661a..d77dda2 100644 --- a/core/Forms/forms.php +++ b/core/Forms/forms.php @@ -87,19 +87,34 @@ private function checkLength(string $element, array $method, string $item, array return true; } + /** + * @param string $method + * @return string + * @throws FormsException + */ + private function convertAndGetMethod(string $method) { + $method = strtolower($method); + if ($this->method == 'get') { + $method = $_GET; + } elseif ($this->method == 'post') { + $method = $_POST; + } else { + throw new FormsException('The form method is invalid or unsupported.'); + } + + return $method; + } + /** * @return bool * @throws FormsException */ public function validate(): bool { if (!empty($this->method) && !empty($this->configuration)) { - ($this->method == 'get' || $this->method == 'GET') ? $method = $_GET : null; - ($this->method == 'post' || $this->method == 'POST') ? $method = $_POST : null; + $method = $this->convertAndGetMethod($this->method); $i = 0; foreach ($this->configuration as $c => $r) { - if ($c === $i) { - $c = $r; - } + ($c === $i) ? $c = $r : null; if (!isset($method[$c])) { return false; } else { @@ -116,25 +131,21 @@ public function validate(): bool { if (!$this->checkType($method[$c], $r['type'])) { return false; } - $this->results[$c] = $method[$c]; } if (isset($r['min-length']) || isset($r['max-length'])) { if (!$this->checkLength($c, $method, $method[$c], $r)) { return false; } - $this->results[$c] = $method[$c]; } if (isset($r['value'])) { if ($method[$c] !== $r['value']) { return false; } - $this->results[$c] = $method[$c]; } if (isset($r['keyIncludedIn'])) { if (!array_key_exists($method[$c], $r['keyIncludedIn'])) { return false; } - $this->results[$c] = $method[$c]; } if (isset($r['filter'])) { ($r['filter'] == 'email') ? $r['filter'] = FILTER_VALIDATE_EMAIL : null; @@ -142,7 +153,6 @@ public function validate(): bool { if (!filter_var($method[$c], $r['filter'])) { return false; } - $this->results[$c] = $method[$c]; } $changes = array_diff(array_keys($r), [ 'type', @@ -155,6 +165,7 @@ public function validate(): bool { if (!empty($changes)) { throw new FormsException('A bad parameter was passed to the instantiation of the Form() class: "' . current($changes) . '".'); } + $this->results[$c] = $method[$c]; } } } @@ -170,10 +181,20 @@ public function validate(): bool { } /** + * @param bool $convertHtmlSpecialChars * @return array */ - public function getResults(): array { - return $this->results; + public function getResults($convertHtmlSpecialChars = true): array { + if ($convertHtmlSpecialChars) { + $results = []; + foreach ($this->results as $result) { + (is_string($result)) ? array_push($results, htmlspecialchars($result)) : null; + } + + return $results; + } else { + return $this->results; + } } } \ No newline at end of file diff --git a/core/Security/security.php b/core/Security/security.php index bfc9020..7cb1d75 100644 --- a/core/Security/security.php +++ b/core/Security/security.php @@ -9,35 +9,42 @@ class Security { - - /** - * @var array - */ - private $ipBan = []; - - public function __construct() { - $this->ipBan = \BDSCore\Config\Config::getSecurityConfig('ipBan'); - } - /** + * @param string|null $ip * @return bool */ - public function checkIp(): bool { - if (in_array($_SERVER['REMOTE_ADDR'], $this->ipBan)) { + public function checkIp(string $ip = null): bool { + $ip = (!is_null($ip)) ? $ip : $_SERVER['REMOTE_ADDR']; + $ipBan = json_decode(file_get_contents('./storage/framework/IPBanners.json')); + if (in_array($ip, $ipBan)) { return true; } return false; } - public function banIp() { - array_push($this->ipBan, $_SERVER['REMOTE_ADDR']); + /** + * @param string $ip + */ + public function banIp(string $ip = null) { + $ip = (!is_null($ip)) ? $ip : $_SERVER['REMOTE_ADDR']; + $ipBan = json_decode(file_get_contents('./storage/framework/IPBanners.json')); + if (!in_array($ip, $ipBan)) { + array_push($ipBan, $ip); + } + file_put_contents('./storage/framework/IPBanners.json', json_encode($ipBan)); } - public function allowIp() { - $key = array_search($_SERVER['REMOTE_ADDR'], $this->ipBan); + /** + * @param string|null $ip + */ + public function allowIp(string $ip = null) { + $ip = (!is_null($ip)) ? $ip : $_SERVER['REMOTE_ADDR']; + $ipBan = json_decode(file_get_contents('./storage/framework/IPBanners.json')); + $key = array_search($ip, $ipBan); if ($key !== false) { - unset($this->ipBan[$key]); + unset($ipBan[$key]); + file_put_contents('./storage/framework/IPBanners.json', json_encode($ipBan)); } } @@ -46,7 +53,7 @@ public function allowIp() { */ private function returnError(int $errorCode) { try { - \BDSCore\Errors::returnError($errorCode); + \BDSCore\Errors\Errors::returnError($errorCode); } catch (\Exception $e) { die('-[ Not allowed -]'); } diff --git a/storage/framework/IPBanners.json b/storage/framework/IPBanners.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/storage/framework/IPBanners.json @@ -0,0 +1 @@ +[] \ No newline at end of file