bobs
/
IOcornerstone
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

...

Browse Source
main
Robert 4 days ago
parent 9b2d9f9390
commit 14b5a48bed
28 changed files with 889 additions and 1241 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      src/Bootstrap.php
  2. 34
      src/Framework/Assets.php
  3. 5
      src/Framework/Common.php
  4. 56
      src/Framework/Enum/FieldFilter.php
  5. 25
      src/Framework/Enum/Flags.php
  6. 40
      src/Framework/ErrorHandler.php
  7. 65
      src/Framework/HtmlDocument.php
  8. 10
      src/Framework/Http/App/App.php
  9. 1
      src/Framework/Http/Kernel.php
  10. 5
      src/Framework/Http/Request.php
  11. 2
      src/Framework/LoadAll.php
  12. 14
      src/Framework/Middleware/ErrorMiddleware.php
  13. 2
      src/Framework/ParagonCrypto/Crypto.php
  14. 6
      src/Framework/ParagonCrypto/PasswordStorage.php
  15. 4
      src/Framework/ParagonCrypto/SodiumStorage.php
  16. 109
      src/Framework/Playground/HttpContainer.php
  17. 79
      src/Framework/Playground/JunkForNow.php
  18. 77
      src/Framework/Playground/RouteServiceProvider.php
  19. 492
      src/Framework/Playground/Router.php
  20. 46
      src/Framework/Playground/ServiceProvider.php
  21. 32
      src/Framework/Playground/pipeOp.php
  22. 156
      src/Framework/SaferOutput.php
  23. 135
      src/Framework/Security.php
  24. 8
      src/Framework/Services/Sessions/CookieSessionHandler.php
  25. 137
      src/Framework/Trait/Security/CsrfTokenFunctions.php
  26. 199
      src/Framework/Trait/Security/SessionHijackingFunctions.php
  27. 6
      src/Framework/View.php
  28. 351
      src/Psr4AutoloaderClass.php

2
src/Bootstrap.php
Unescape View File

@ -59,7 +59,7 @@ function dump($var = 'nothing', endDump $end = endDump::KEEP_WORKING)
Common::dump($var, $end); Common::dump($var, $end);
} }
$debug = true; // <------------------- make false in production $debug = false; // <------------------- make false in production
$myErrorHandler = new ErrorHandler($debug); $myErrorHandler = new ErrorHandler($debug);
$myErrorHandler->register(); $myErrorHandler->register();

34
src/Framework/Assets.php
Unescape View File

@ -14,8 +14,11 @@ use IOcornerstone\Framework\{
Security, Security,
Common, Common,
String\StringFacade, String\StringFacade,
Http\HttpFactory,
}; };
use Psr\Http\Message\ResponseInterface;
class Assets class Assets
{ {
private static $files = []; private static $files = [];
@ -278,30 +281,29 @@ class Assets
return (file_exists($safe_path . $safe_file)) ? $safe_file : false; return (file_exists($safe_path . $safe_file)) ? $safe_file : false;
} }
/**
* meta redirect when headers are already sent...
* @param string url - site to do redirect on
* @reval none
*/
public static function gotoUrl(string $url): void
{
echo '<META http-equiv="refresh" content="0;URL=' . $url . '">';
exit;
}
/** /**
* Rediect to url and attempt to send via header. * Rediect to url and attempt to send via header.
* @param string $url - site to do redirect for * @param string $url - site to do redirect for
* @retval none - exits once done * @param HttpFactory or $this->html...in controllers...
* @return ResponseInterface for Controllers to return...
*/ */
public static function redirectUrl(string $url): void public static function redirectUrl(string $url, HttpFactory $http): ResponseInterface
{ {
$url = str_replace(array('&amp;', "\n", "\r"), array('&', '', ''), $url); $url = str_replace(array('&amp;', "\n", "\r"), array('&', '', ''), $url);
if (!headers_sent()) { if (!headers_sent()) {
header('Location: ' . $url); return $http->createResponse(403, ['Location' => $url], "");
} else { } else {
self::goto_url($url); return $http->returnResponse(403, [], self::gotoUrl($url));
} }
exit;
} }
/**
* meta redirect when headers are already sent...
* @param string url - site to do redirect on
*/
private static function gotoUrl(string $url): string
{
return '<META http-equiv="refresh" content="0;URL=' . $url . '">';
}
} }

5
src/Framework/Common.php
Unescape View File

@ -27,6 +27,11 @@ final class Common
return (is_array($i) || is_object($i)) ? count($i) : 0; return (is_array($i) || is_object($i)) ? count($i) : 0;
} }
public static function hasKeys(array $array): bool
{
return array_keys($array) !== range(0, count($array) - 1);
}
public static function stringSubPart(string $string, int $offset = 0, ?int $length = null, $encoding = null) { public static function stringSubPart(string $string, int $offset = 0, ?int $length = null, $encoding = null) {
if ($length === null) { if ($length === null) {
return F::substr($string, $offset, strlen($string)); return F::substr($string, $offset, strlen($string));

56
src/Framework/Enum/FieldFilter.php
Unescape View File

@ -0,0 +1,56 @@
<?php
declare(strict_types=1);
/*
* @author Robert Strutts
* @copyright (c) 2026, Robert Strutts
* @license MIT
*/
namespace IOcornerstone\Framework\Enum;
/**
*
* @author Robert Strutts
*/
enum FieldFilter: string {
case raw_string = "string";
case array_of_strings = "strings";
case email = "email-address";
case url = "site-url";
case raw = "unfiltered-non-sanitized";
case integer_number = "integer";
case array_of_ints = "integers";
case floating_point = "float";
case array_of_floats = "floats";
public function resolve() {
return match($this) {
self::raw_string => FILTER_UNSAFE_RAW,
self::array_of_strings => [
'filter' => FILTER_UNSAFE_RAW,
'flags' => FILTER_REQUIRE_ARRAY
],
self::email => FILTER_SANITIZE_EMAIL,
self::url => FILTER_SANITIZE_URL,
self::raw => FILTER_DEFAULT, // Unfiltered, non-sanitized!!!
self::integer_number => [
'filter' => FILTER_SANITIZE_NUMBER_INT,
'flags' => FILTER_REQUIRE_SCALAR
],
self::array_of_ints => [
'filter' => FILTER_SANITIZE_NUMBER_INT,
'flags' => FILTER_REQUIRE_ARRAY
],
self::floating_point => [
'filter' => FILTER_SANITIZE_NUMBER_FLOAT,
'flags' => FILTER_FLAG_ALLOW_FRACTION
],
self::array_of_floats => [
'filter' => FILTER_SANITIZE_NUMBER_FLOAT,
'flags' => FILTER_REQUIRE_ARRAY
],
};
}
}

25
src/Framework/Enum/Flags.php
Unescape View File

@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
/*
* @author Robert Strutts
* @copyright (c) 2026, Robert Strutts
* @license MIT
*/
namespace IOcornerstone\Framework\Enum;
/**
*
* @author Robert Strutts
*/
enum Flags
{
case RAW;
case TRIM;
case HTML_STIP_TAGS;
case HTML_ESCAPE;
case HTML_PURIFY;
CASE JSON_ENCODE;
}

40
src/Framework/ErrorHandler.php
Unescape View File

@ -109,7 +109,7 @@ final class ErrorHandler
if ($this->debug) { if ($this->debug) {
$this->renderConsole($e); $this->renderConsole($e);
} else { } else {
$this->renderProductionConsole(); $this->renderProductionConsole($e);
$this->logException($e); $this->logException($e);
} }
return true; return true;
@ -122,7 +122,7 @@ final class ErrorHandler
if ($this->debug) { if ($this->debug) {
$this->renderDebug($e); $this->renderDebug($e);
} else { } else {
$this->renderProduction(); $this->renderProduction($e);
$this->logException($e); $this->logException($e);
} }
// Don't execute PHP's internal error handler // Don't execute PHP's internal error handler
@ -248,8 +248,16 @@ final class ErrorHandler
{ {
$this->setJsonHeaders(); $this->setJsonHeaders();
$dCode = $e->getCode() ?? 0;
if ($dCode > 0) {
$aCode = ['code' => $dCode];
} else {
$aCode = [];
}
return json_encode([ return json_encode([
'error' => [ 'error' => [
$aCode,
'type' => $this->getErrorType($e), 'type' => $this->getErrorType($e),
'message' => $e->getMessage(), 'message' => $e->getMessage(),
'file' => $e->getFile(), 'file' => $e->getFile(),
@ -259,12 +267,13 @@ final class ErrorHandler
], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); ], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
} }
private function renderJsonProduction(): void private function renderJsonProduction(Throwable $e): void
{ {
$this->setJsonHeaders(); $this->setJsonHeaders();
echo json_encode([ echo json_encode([
'error' => [ 'error' => [
'code' => $this->getCodeNumber($e),
'message' => 'Internal Server Error' 'message' => 'Internal Server Error'
] ]
]); ]);
@ -304,6 +313,12 @@ final class ErrorHandler
echo $color . $out . PHP_EOL; echo $color . $out . PHP_EOL;
} }
public function getCodeNumber(Throwable $e): string
{
$dCode = $e->getCode() ?? 0;
return "(Code #{$dCode}); ";
}
public function formatWebMessage(Throwable $e): string public function formatWebMessage(Throwable $e): string
{ {
$styles = [ $styles = [
@ -315,8 +330,8 @@ final class ErrorHandler
$style = $styles[$type] ?? $styles['error']; $style = $styles[$type] ?? $styles['error'];
$content = htmlspecialchars((string) $e); $content = htmlspecialchars((string) $e);
$message = $this->getCodeNumber($e);
$message = wordwrap($content, WORD_WRAP_CHRS, "<br>\n"); $message .= wordwrap($content, WORD_WRAP_CHRS, "<br>\n");
$assets = "/assets/uikit/css/uikit.gradient.min.css"; $assets = "/assets/uikit/css/uikit.gradient.min.css";
if (defined("BaseDir") && if (defined("BaseDir") &&
@ -332,21 +347,22 @@ final class ErrorHandler
return $msg; return $msg;
} }
public function getProdMessage(): string public function getProdMessage(Throwable $e): string
{ {
if (Console::isConsole()) { if (Console::isConsole()) {
return $this->myErr; return $this->getCodeNumber($e) . $this->myErr;
} }
if ($this->isJsonRequest()) { if ($this->isJsonRequest()) {
$this->setJsonHeaders(); $this->setJsonHeaders();
return json_encode([ return json_encode([
'error' => [ 'error' => [
'code' => $this->getCodeNumber($e),
'message' => 'Internal Server Error' 'message' => 'Internal Server Error'
] ]
]); ]);
} }
return "<h1 style=\"color: red;\">" . $this->myErr . "</h1>"; return "<h1 style=\"color: red;\">" . $this->getCodeNumber($e) . $this->myErr . "</h1>";
} }
private function renderDebug(Throwable $e): void private function renderDebug(Throwable $e): void
@ -355,17 +371,17 @@ final class ErrorHandler
echo $this->formatWebMessage($e); echo $this->formatWebMessage($e);
} }
private function renderProductionConsole(): void private function renderProductionConsole(Throwable $e): void
{ {
echo $this->myErr; echo $this->getCodeNumber($e) . $this->myErr;
} }
/** /**
* @todo Make error page red, etc... * @todo Make error page red, etc...
*/ */
private function renderProduction(): void private function renderProduction(Throwable $e): void
{ {
echo "<h1 style=\"color: red;\">" . $this->myErr . "</h1>"; echo "<h1 style=\"color: red;\">" . $this->getCodeNumber($e) . $this->myErr . "</h1>";
} }
private function setLoggerByLevel(Throwable $e): void private function setLoggerByLevel(Throwable $e): void

65
src/Framework/HtmlDocument.php
Unescape View File

@ -116,6 +116,16 @@ class HtmlDocument
$this->author = $author; $this->author = $author;
} }
public function addToTitle(string $title): void
{
$this->title .= $title;
}
public function beforeTitle(string $title): void
{
$this->title = $title . $this->title;
}
/** /**
* Set Title for HTML * Set Title for HTML
* @param string $title * @param string $title
@ -199,22 +209,33 @@ class HtmlDocument
$this->breadcrumb = $crumbs; $this->breadcrumb = $crumbs;
} }
public function setAssetsFromArray(array $files, string $which, string $scope = 'project'): void private function doAction(string $file, string $which, string $scope, array $a): void
{ {
foreach ($files as $file => $a) { switch ($which) {
switch ($which) { case 'main_css':
case 'main_css': $this->addMainCss($file, $scope, $a);
$this->addMainCss($file, $scope, $a); break;
break; case 'css':
case 'css': $this->addCss($file, $scope, $a);
$this->addCss($file, $scope, $a); break;
break; case 'main_js':
case 'main_js': $this->addMainJs($file, $scope, $a);
$this->addMainJs($file, $scope, $a); break;
break; case 'js':
case 'js': $this->addJs($file, $scope, $a);
$this->addJs($file, $scope, $a); break;
break; }
}
public function setAssetsFromArray(array $files, string $which, string $scope = 'project', array $options = []): void
{
if (Common::hasKeys($files)) {
foreach ($files as $file => $a) {
$this->doAction($file, $which, $scope, $a);
}
} else {
foreach ($files as $file) {
$this->doAction($file, $which, $scope, $options);
} }
} }
} }
@ -476,18 +497,22 @@ class HtmlDocument
return $this->head; return $this->head;
} }
public function getBreadcrumbsAuto(): string public function getBreadcrumbsAuto(bool $showHomeSVG = false): string
{ {
if (! count($this->breadcrumb) && empty($this->activeCrumb)) { if (!count($this->breadcrumb) && empty($this->activeCrumb)) {
return ""; return "";
} }
$out = "<nav><ul class=\"breadcrumb\">" . PHP_EOL; $out = "<nav><ul class=\"breadcrumb\">" . PHP_EOL;
foreach($this->breadcrumb as $link => $crumb) { if ($showHomeSVG) {
$out .= '<svg class="homecrumb" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M10.707 2.293a1 1 0 00-1.414 0l-7 7a1 1 0 001.414 1.414L4 10.414V17a1 1 0 001 1h2a1 1 0 001-1v-2a1 1 0 011-1h2a1 1 0 011 1v2a1 1 0 001 1h2a1 1 0 001-1v-6.586l.293.293a1 1 0 001.414-1.414l-7-7z"></path></svg>';
}
foreach ($this->breadcrumb as $link => $crumb) {
$out .= "<li><a href=\"$link\">$crumb</a></li>" . PHP_EOL; $out .= "<li><a href=\"$link\">$crumb</a></li>" . PHP_EOL;
} }
if (! empty($this->activeCrumb)) { if (!empty($this->activeCrumb)) {
$out .= "<li>" . $this->activeCrumb . "</li>" . PHP_EOL; $out .= "<li>" . $this->activeCrumb . "</li>" . PHP_EOL;
} }
$out .= "</ul></nav>" . PHP_EOL; $out .= "</ul></nav>" . PHP_EOL;

10
src/Framework/Http/App/App.php
Unescape View File

@ -22,7 +22,8 @@ use IOcornerstone\Framework\{
Configure, Configure,
Common, Common,
Console, Console,
Security Security,
View,
}; };
use Exception; use Exception;
@ -111,7 +112,7 @@ class App implements MiddlewareAwareInterface
private function getCtrlDir(): string private function getCtrlDir(): string
{ {
$ctrl = (Console::isConsole()) ? "cli_" : ""; $ctrl = (Console::isConsole()) ? "CLI_" : "";
return ($this->testing) ? "test_" : $ctrl; return ($this->testing) ? "test_" : $ctrl;
} }
@ -193,7 +194,10 @@ class App implements MiddlewareAwareInterface
private function local404(): ResponseInterface private function local404(): ResponseInterface
{ {
return (new HttpFactory())->createResponse(404, [], '404 Page - Not Found'); $view = new View();
$view->addView("OnError/404Page");
$myView = $view->fetch($this);
return (new HttpFactory())->createResponse(404, [], $myView);
} }
/** /**

1
src/Framework/Http/Kernel.php
Unescape View File

@ -124,6 +124,7 @@ class Kernel {
http_response_code($response->getStatusCode()); http_response_code($response->getStatusCode());
foreach ($response->getHeaders() as $name => $values) { foreach ($response->getHeaders() as $name => $values) {
if (! is_array($values) && ! is_object($values)) { if (! is_array($values) && ! is_object($values)) {
header("$name: $values", false);
continue; continue;
} }
foreach ($values as $value) { foreach ($values as $value) {

5
src/Framework/Http/Request.php
Unescape View File

@ -29,6 +29,11 @@ final class Request implements ServerRequestInterface
private string $protocol = '1.1' private string $protocol = '1.1'
) {} ) {}
public function JSON_PostVar(): ParameterBag
{
return new ParameterBag((array) json_decode($this->getBody(), true));
}
/** /**
* Parameter Bags [has and get - methods] * Parameter Bags [has and get - methods]
*/ */

2
src/Framework/LoadAll.php
Unescape View File

@ -24,7 +24,7 @@ final class LoadAll
self::doLoop($cdir, $config_path); self::doLoop($cdir, $config_path);
} }
} }
$service_path = $path . "Services"; $service_path = $path . "LoadServices";
if (is_dir($service_path)) { if (is_dir($service_path)) {
$sdir = scandir($service_path); $sdir = scandir($service_path);
if ($sdir !== false) { if ($sdir !== false) {

14
src/Framework/Middleware/ErrorMiddleware.php
Unescape View File

@ -21,7 +21,7 @@ final class ErrorMiddleware implements MiddlewareInterface
{ {
public function __construct( public function __construct(
private LoggerInterface $logger, private LoggerInterface $logger,
private bool $displayErrors = false private bool $hideErrors = false
) {} ) {}
public function process( public function process(
@ -31,12 +31,14 @@ final class ErrorMiddleware implements MiddlewareInterface
try { try {
return $handler->handle($request); return $handler->handle($request);
} catch (\Throwable $e) { } catch (\Throwable $e) {
$codeNumber = Reg::get('error_handler')->getCodeNumber($e);
$message = $codeNumber . $e->getMessage();
$this->logger->error( $this->logger->error(
$e->getMessage(), $message,
['exception' => $e] ['exception' => $e]
); );
$bodyString = $this->displayErrors $bodyString = $this->hideErrors
? $this->formatException($e) ? $this->formatException($e)
: 'Internal Server Error'; : 'Internal Server Error';
@ -55,12 +57,14 @@ final class ErrorMiddleware implements MiddlewareInterface
} }
if ($live) { if ($live) {
return Reg::get('error_handler')->getProdMessage(); return Reg::get('error_handler')->getProdMessage($e);
} }
if (Console::isConsole()) { if (Console::isConsole()) {
$codeNumber = $e->getCode() ?? 0;
return sprintf( return sprintf(
"%s\n\n%s", "Code# %d; %s\n\n%s",
$codeNumber,
$e->getMessage(), $e->getMessage(),
$e->getTraceAsString() $e->getTraceAsString()
); );

2
src/Framework/ParagonCrypto/Crypto.php
Unescape View File

@ -53,7 +53,7 @@ class Crypto {
): string { ): string {
$key = $this->key; $key = $this->key;
$nonce = $this->rnd->get_bytes( $nonce = $this->rnd->getBytes(
SODIUM_CRYPTO_SECRETBOX_NONCEBYTES SODIUM_CRYPTO_SECRETBOX_NONCEBYTES
); );
$fn = ($key_usage == self::singleKey) ? "sodium_crypto_secretbox" : "sodium_crypto_box"; $fn = ($key_usage == self::singleKey) ? "sodium_crypto_secretbox" : "sodium_crypto_box";

6
src/Framework/ParagonCrypto/PasswordStorage.php
Unescape View File

@ -21,7 +21,7 @@ class PasswordStorage {
} }
public function generateKey(): string { public function generateKey(): string {
return sodium_bin2hex($this->random_engine->get_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES)); return sodium_bin2hex($this->random_engine->getBytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES));
} }
/** /**
@ -38,11 +38,11 @@ class PasswordStorage {
SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE
); );
$salt = $this->random_engine->get_bytes(self::SALT_SIZE_IN_BYTES); $salt = $this->random_engine->getBytes(self::SALT_SIZE_IN_BYTES);
list ($enc_key, $auth_key) = $this->splitKeys($secret_key, sodium_bin2hex($salt)); list ($enc_key, $auth_key) = $this->splitKeys($secret_key, sodium_bin2hex($salt));
sodium_memzero($secret_key); sodium_memzero($secret_key);
sodium_memzero($password); sodium_memzero($password);
$nonce = $this->random_engine->get_bytes( $nonce = $this->random_engine->getBytes(
SODIUM_CRYPTO_STREAM_NONCEBYTES SODIUM_CRYPTO_STREAM_NONCEBYTES
); );
$cipher_text = sodium_crypto_stream_xor( $cipher_text = sodium_crypto_stream_xor(

4
src/Framework/ParagonCrypto/SodiumStorage.php
Unescape View File

@ -35,10 +35,10 @@ class SodiumStorage {
} }
public function encrypt(#[\SensitiveParameter] string $plain_text, string $item_name = ""): string { public function encrypt(#[\SensitiveParameter] string $plain_text, string $item_name = ""): string {
$nonce = $this->randomEngine->get_bytes( $nonce = $this->randomEngine->getBytes(
SODIUM_CRYPTO_STREAM_NONCEBYTES SODIUM_CRYPTO_STREAM_NONCEBYTES
); );
$salt = $this->randomEngine->get_bytes(self::SALT_SIZE_IN_BYTES); $salt = $this->randomEngine->getBytes(self::SALT_SIZE_IN_BYTES);
list ($enc_key, $auth_key) = $this->splitKeys($item_name, sodium_bin2hex($salt)); list ($enc_key, $auth_key) = $this->splitKeys($item_name, sodium_bin2hex($salt));
$cipher_text = sodium_crypto_stream_xor( $cipher_text = sodium_crypto_stream_xor(
$plain_text, $plain_text,

109
src/Framework/Playground/HttpContainer.php
Unescape View File

@ -1,109 +0,0 @@
<?php
declare(strict_types = 1);
/**
* @author Robert Strutts
* @copyright (c) 2025, Robert Strutts
* @license MIT
*/
namespace IOcornerstone\Framework\Http;
class HttpContainer {
protected array $bindings = [];
protected array $instances = [];
public function bind(string $abstract, $concrete = null, bool $shared = false): void
{
if ($concrete === null) {
$concrete = $abstract;
}
$this->bindings[$abstract] = [
'concrete' => $concrete,
'shared' => $shared
];
}
public function singleton(string $abstract, $concrete = null): void
{
$this->bind($abstract, $concrete, true);
}
public function make(string $abstract, array $parameters = [])
{
// Return if already resolved as singleton
if (isset($this->instances[$abstract])) {
return $this->instances[$abstract];
}
// Get the concrete implementation
$concrete = $this->bindings[$abstract]['concrete'] ?? $abstract;
// If it's a closure, resolve it
if ($concrete instanceof \Closure) {
$object = $concrete($this, $parameters);
} elseif (is_string($concrete)) {
// If it's a class name, instantiate it
$object = $this->build($concrete, $parameters);
} else { // Otherwise use as-is
$object = $concrete;
}
// Store if singleton
if (($this->bindings[$abstract]['shared'] ?? false) === true) {
$this->instances[$abstract] = $object;
}
return $object;
}
protected function build(string $class, array $parameters = [])
{
$reflector = new \ReflectionClass($class);
// Check if class is instantiable
if (!$reflector->isInstantiable()) {
throw new \Exception("Class {$class} is not instantiable");
}
// Get the constructor
$constructor = $reflector->getConstructor();
// If no constructor, instantiate without arguments
if ($constructor === null) {
return new $class();
}
// Get constructor parameters
$dependencies = $constructor->getParameters();
$instances = $this->resolveDependencies($dependencies, $parameters);
return $reflector->newInstanceArgs($instances);
}
protected function resolveDependencies(array $dependencies, array $parameters = [])
{
$results = [];
foreach ($dependencies as $dependency) {
// Check if parameter was provided
if (array_key_exists($dependency->name, $parameters)) {
$results[] = $parameters[$dependency->name];
continue;
}
// Get the type hinted class
$type = $dependency->getType();
if ($type && !$type->isBuiltin()) {
$results[] = $this->make($type->getName());
} elseif ($dependency->isDefaultValueAvailable()) {
$results[] = $dependency->getDefaultValue();
} else {
throw new \Exception("Cannot resolve dependency {$dependency->name}");
}
}
return $results;
}
}

79
src/Framework/Playground/JunkForNow.php
Unescape View File

@ -1,79 +0,0 @@
<?php
declare(strict_types=1);
namespace IOcornerstone\Framework;
// https://www.php-fig.org/psr/psr-12/
final class JunkForNow {
/**
* @url https://php.watch/versions/8.5/filter-validation-throw-exception
*/
public static function main(): void {
// filter_var('foobar', FILTER_VALIDATE_EMAIL, FILTER_THROW_ON_FAILURE);
// throws a Filter\FilterFailedException
$data = [
'myNumber' => '15',
];
$filters = [
'component' => [
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_THROW_ON_FAILURE,
'options' => [
'min_range' => 1,
'max_range' => 10,
],
],
];
filter_var_array($data, $filters);
$login = "val1dL0gin";
$filtered_login = filter_var($login, FILTER_CALLBACK, ['options' => 'validate_login']);
var_dump($filtered_login);
}
/**
* @todo Remove from MISC.php
*/
public static function post_var(
string $var,
int $filter = FILTER_UNSAFE_RAW,
array|int $options = FILTER_NULL_ON_FAILURE
): mixed {
return filter_input(INPUT_POST, $var, $filter, $options);
}
public static function get_var(
string $var,
int $filter = FILTER_UNSAFE_RAW,
array|int $options = FILTER_NULL_ON_FAILURE
): mixed {
return filter_input(INPUT_GET, $var, $filter, $options);
}
public static function request_var(
string $var,
int $filter = FILTER_UNSAFE_RAW,
array|int $options = FILTER_NULL_ON_FAILURE
): mixed {
if (filter_has_var(INPUT_POST, $var)) {
return self::post_var($var, $filter, $options);
}
if (filter_has_var(INPUT_GET, $var)) {
return self::get_var($var, $filter, $options);
}
return "";
}
function validate_login(string $value): ?string {
if (strlen($value) >= 5 && ctype_alnum($value)) {
return $value;
}
return null;
}
}

77
src/Framework/Playground/RouteServiceProvider.php
Unescape View File

@ -1,77 +0,0 @@
<?php
declare(strict_types=1);
/**
* @author Robert Strutts
* @copyright (c) 2025, Robert Strutts
* @license MIT
*/
namespace IOcornerstone\Framework\Http;
use \IOcornerstone\Framework\{
Http\ServiceProvider,
Http\Kernel,
Http\Request,
Http\Response,
Router,
App,
};
/**
* Description of RouteServiceProvider
* Setup Router and Controllers
*
*/
class RouteServiceProvider extends ServiceProvider
{
public function __construct(protected Kernel $kernel)
{}
private function build($handler, $response, $request, $next, $controllerMiddleware)
{
// Build middleware stack
$middleware_stack = array_reduce(
array_reverse($controllerMiddleware),
function ($next, $middleware) {
return function ($request, $response) use ($next, $middleware) {
if ($middleware !== null ) {
$instance = new $middleware();
return $instance($request, $response, $next);
}
};
},
function ($request, $response) use ($handler) {
try {
$data = $handler->getContent();
} catch (\Throwable $e) {
throw new \Exception("No Response from [Controller]?");
}
if (! empty($data)) {
$response->setContent($data);
}
return $response;
}
);
return $middleware_stack($request, $response);
}
public function register(): void
{
// Add router middleware
$this->kernel->addMiddleware(function (Request $request, Response $response, $next) {
$returned_route = Router::execute($request, $response);
if ($returned_route["found"] === false) {
$app = new App($request, $response);
$returned = $app->loadController();
$a_middleware = $returned['middleware'] ?? [];
$data = $returned['data'] ?? "";
return $this->build($data, $response, $request, $next, $a_middleware);
} else {
return $this->build($returned_route['returned'], $response, $request, $next, $returned_route['middleware']);
}
});
}
}

492
src/Framework/Playground/Router.php
Unescape View File

@ -1,492 +0,0 @@
<?php
declare(strict_types=1);
/**
* @license MIT
* @copyright (c) 2018, Patrik Mokrý
* @author Patrik Mokrý
* @link https://github.com/MokryPatrik/PHP-Router
*/
namespace IOcornerstone\Framework;
use IOcornerstone\Framework\Http\Request;
use IOcornerstone\Framework\Http\Response;
class router
{
private static $instance = null;
public static $URL = null;
public static $REQUEST = null;
public static $params = [];
private static $queryParams = [];
private static $routes = []; // All routes
public static $route = ""; // Return current route
private static $last = null; // Last route added
private static $prefix = null;
private static $name = null;
private static $doNotIncludeInParams = [];
private static $shortcuts = [
'i' => '(\d+)', // Any Number
's' => '(\w+)', // Any Word
'locale' => '(sk|en)->en'
];
/**
* Init new self instance
*/
public static function init() {
self::$instance = new self();
}
/**
* Assign name to route
*
* @param $name
*/
public static function name($name)
{
$route = self::$routes[self::$last];
unset(self::$routes[self::$last]);
self::$routes[self::$name . $name] = $route;
}
/**
* Add custom shortcut
* shortcut with default value -> $regex = (val1|val2)->val1;
*
* @param $shortcut
* @param $regex
*/
public static function addShortcut($shortcut, $regex)
{
self::$shortcuts[$shortcut] = $regex;
}
/**
* Get link from route name and params
*
* @param $route
* @param array $params
* @param $absolute
* @return null
*/
public static function link($route, $params = [], $absolute = true)
{
if (!isset(self::$routes[$route])) return null;
$route = self::$routes[$route];
$link = "";
foreach ($route['params'] as $key => $param) {
if (isset($param['real'])) {
$link .= $param['pattern'] . '/';
} else if (isset($params[$param['name']])) {
// Chcek if param has default
if (isset($param['default']) && $param['default'] !== $params[$param['name']]) {
$link .= $params[$param['name']] . '/';
}
}
}
// Add absolute path
if ($absolute) {
$link = self::$URL . $link;
}
// Cut slash at the end
return rtrim($link, '/');
}
/**
* Redirect to specific route or defined location
*
* @param $route
* @param array $params
*/
public static function redirect($route, $params = [])
{
if (isset(self::$routes[$route])) {
$route = self::link($route, $params);
}
header('Location: ' . $route, true);
die();
}
/**
* Create prefixed routes
*
* @param $prefix
* @param $callback
* @param string $name
* @param array $doNotIncludeInParams
*/
public static function prefix($prefix, $callBack, $name = '', $doNotIncludeInParams = [])
{
self::$prefix = $prefix;
self::$name = $name;
self::$doNotIncludeInParams = $doNotIncludeInParams;
call_user_func($callBack);
self::$prefix = null;
self::$name = null;
self::$doNotIncludeInParams = [];
}
/**
* Create route
*
* @param $route
* @param $action
* @param array $method
* @return Router
*/
public static function route($route, $action, $method = ["POST", "GET"])
{
$prefix = self::$prefix;
if (empty($route) && !empty(self::$prefix)) {
$prefix = rtrim(self::$prefix, '/');
}
$explodedRoute = explode("/", $prefix . $route);
$params = [];
$pattern = "";
// create route
foreach ($explodedRoute as $key => $r) {
if (strpos($r, '}?') !== false) {
$r = self::dynamic($r, $params, true);
$pattern = substr($pattern, 0, -1);
$dyn = true;
} else if (strpos($r, '}') !== false) {
$r = self::dynamic($r, $params, false);
$pattern = substr($pattern, 0, -1);
$dyn = true;
} else {
$params[] = [
'pattern' => $r,
'real' => false
];
}
$pattern .= ($key == 0 && !isset($dyn) ? '/' : '') . $r . '/';
}
// Create pattern
$pattern = substr($pattern, 0, -1) . '/?';
$pattern = '~^' . str_replace('/', '\/', $pattern) . '$~';
// Save data to static property
$name = uniqid();
self::$routes[$name] = [
'route' => $route,
'pattern' => $pattern,
'params' => $params,
'action' => $action,
'method' => $method,
'doNotIncludeInParams' => self::$doNotIncludeInParams
];
// Set last added
self::$last = $name;
// return self instance
if (self::$instance == null) {
self::init();
}
return self::$instance;
}
public static function get($route, $action) {
return self::route($route, $action, ['GET']);
}
public static function post($route, $action) {
return self::route($route, $action, ['POST']);
}
public static function put($route, $action) {
return self::route($route, $action, ['PUT']);
}
public static function delete($route, $action) {
return self::route($route, $action, ['DELETE']);
}
public static function any($route, $action) {
return self::route($route, $action, ['GET', 'POST', 'PUT', 'DELETE']);
}
/**
* Create all routes for resource (CRUD)
*
* @param $route
* @param $controller
* @param string $name
* @param string $shortcut
*/
public static function resource($route, $controller, $name = null, $shortcut = 's')
{
self::$name = self::$name . $name;
self::get($route . '/{page::paginator}?', $controller . "@index")->name('index');
self::get($route . "/create", $controller . "@create")->name('create');
self::post($route, $controller . "@store")->name('store');
self::get($route . "/{id::" . $shortcut . "}", $controller . "@show")->name('show');
self::get($route . "/{id::" . $shortcut . "}/edit", $controller . "@edit")->name('edit');
self::put($route . "/{id::" . $shortcut . "}", $controller . "@update")->name('update');
self::delete($route . "/{id::" . $shortcut . "}", $controller . "@destroy")->name('destroy');
self::get($route . "/{id::" . $shortcut . "}/delete", $controller . "@destroy")->name('destroy_');
self::$name = str_replace($name, '', self::$name);
}
/**
* Handle dynamic parameter in route
*
* @param string $route
* @param array $params
* @param boolean $optional
* @return mixed
*/
private static function dynamic($route, &$params, $optional = false)
{
$shortcut = self::rules($route);
$name = str_replace('{', '', $route);
if (!$optional) {
$name = str_replace('}', '', $name);
} else {
$name = str_replace('}?', '', $name);
}
if (strpos($name, '::')) {
$name = substr($name, 0, strpos($name, "::"));
}
if (array_search($name, array_column($params, 'name')) === false) {
$pattern = str_replace('(', '(/', $shortcut['shortcut']);
$pattern = str_replace('|', '|/', $pattern);
// If is optional add ? at the end of pattern
if ($optional) {
$pattern .= '?';
}
$params[] = [
'name' => $name,
'pattern' => $pattern,
'default' => $shortcut['default']
];
} else {
throw new \Exception('Parameter with name ' . $name . ' has been already defined');
}
return $pattern;
}
/**
* Dynamic route rules
*
* @param $route
* @return mixed
*/
private static function rules($route)
{
if (preg_match('~::(.*?)}~', $route, $match)) {
list(, $shortcut) = $match;
if (isset(self::$shortcuts[$shortcut])) {
// Try to get default value from shortcut
$default = false;
$shortcut = self::$shortcuts[$shortcut];
if (preg_match('~->(.*?)$~', $shortcut, $match)) {
$default = $match[1];
$shortcut = str_replace($match[0], '', $shortcut);
}
// Return shortcut and default value
return [
'shortcut' => $shortcut,
'default' => $default
];
}
}
return [
'shortcut' => self::$shortcuts['s'],
'default' => false
];
}
/**
* get_all_routes -> Added by Robert Strutts to auto load routes
* Namespace must start with Project
* Needs a routes folder, then
* either an routes.php or test_routes.php files must exists
* with a method called get!
*/
private static function get_all_routes(bool $testing = false) {
$route_name = (console_app::is_cli()) ? "cli_routes" : "routes";
$routes = ($testing) ? "test_routes" : $route_name;
$routes_class = "\\Project\\routes\\{$routes}";
if (class_exists($routes_class)) {
if (method_exists($routes_class, "get")) {
$callback = "{$routes_class}::get";
call_user_func($callback);
}
}
}
/**
* Execute router
*/
public static function execute(Request $my_request, Response $my_response) {
$ROOT = bootstrap\site_helper::get_root();
$request_uri = bootstrap\site_helper::get_uri();
$request_method = bootstrap\site_helper::get_method();
$testing = bootstrap\site_helper::get_testing();
// Generate request and absolute path
self::generateURL($ROOT, $request_uri);
// Fecth all Routes from the Project
self::get_all_routes($testing);
// Get query string
$request = explode('?', $request_uri);
$queryParams = [];
if (isset($request[1])) {
$queryParams = $request[1];
parse_str($queryParams, $queryParams);
self::$queryParams = $queryParams;
}
// Modify request
$request = '/' . trim(self::$REQUEST, '/');
// Find route
foreach (self::$routes as $routeKey => $route) {
$post_method = misc::post_var("_method");
$matchMethod = in_array($request_method, $route['method']) || ($post_method !== null
&& in_array($post_method, $route['method']));
if (preg_match($route['pattern'], $request, $match) && $matchMethod) {
// Default variables
$explodedRequest = explode('/', ltrim($request, '/'));
$routeParams = $route['params'];
// Match request params with params in array - static params
foreach ($explodedRequest as $key => $value) {
foreach ($routeParams as $k => $routeParam) {
// Go to the next request part
if (isset($routeParam['real']) && $routeParam['pattern'] == $value) {
unset($routeParams[$k]);
unset($explodedRequest[$key]);
break;
}
}
}
$number = "(/\d+)";
$params = [];
// Match request params with params in array - dynamic params
foreach ($routeParams as $k => $routeParam) {
$value = $explodedRequest[$k] ?? false;
$default = $routeParam['default'] ?? true;
$pattern = $routeParam['pattern'] ?? "";
$wild = str_contains($pattern, "?");
if (! $wild && ($value === false && $default)) {
$params[$routeParam['name']] = null;
} else if ($wild && ($value === false && ! $default)) {
// Let the default function params be used by not setting anything here!
} else if (preg_match('~' . $pattern . '~', '/' . $value, $match)) {
if (str_contains($pattern, $number)) {
$params[$routeParam['name']] = (int) $value;
} else {
$params[$routeParam['name']] = $value;
}
unset($routeParams[$k]);
}
}
// Merge with query params
self::$params = array_merge($params, $queryParams);
// Setup default route and url
self::$route = $route;
foreach ($params as $key => $value) {
if (in_array($key, $route['doNotIncludeInParams']) && !is_numeric($key)) {
unset($params[$key]);
}
}
// Call action
if (is_callable($route['action'])) {
$returned = call_user_func_array($route['action'], $params);
return ["found"=> true, "returned"=> $returned];
} else if (strpos($route['action'], '@') !== false) {
// call controller
list($controller, $method) = explode('@', $route['action']);
// init new controller
$controller = new $controller($my_request, $my_response);
// Collect controller-level middleware
$controller_middleware = $controller::$middleware ?? [];
// Check if class has parent
$parentControllers = class_parents($controller);
if (!empty($parentControllers)) {
end($parentControllers);
$parentController = $parentControllers[key($parentControllers)];
$parentController = new $parentController($my_request, $my_response);
// Add properties to parent class
foreach ($params as $key => $value) {
$parentController::$params[$key] = $value;
}
}
//Call method
if (method_exists($controller, $method)) {
$returned = call_user_func_array([$controller, $method], $params);
return ["found"=> true, "returned"=> $returned, "middleware"=>$controller_middleware];
}
}
}
}
return ["found"=>false];
}
/**
* Generate URL
*
* @param $ROOT
*/
private static function generateURL(string $ROOT, string $request_uri)
{
$https = bootstrap\safer_io::get_clean_server_var('HTTPS');
$baseLink = ($https === 'on') ? "https" : "http";
$server_name = bootstrap\safer_io::get_clean_server_var('SERVER_NAME');
$baseLink .= "://" . $server_name;
$port = bootstrap\safer_io::get_clean_server_var('SERVER_PORT');
$baseLink .= ($port !== '80') ? ':' . $port : ':';
$baseRequest = '';
$request = $request_uri;
foreach (explode('/', $ROOT) as $key => $value) {
if ($value == '') continue;
if (preg_match('~/' . $value . '~', $request)) {
$baseRequest .= $value . '/';
}
$request = preg_replace('~/' . $value . '~', '', $request, 1);
}
self::$URL = $baseLink . '/' . $baseRequest;
self::$REQUEST = explode('?', $request)[0];
}
}

46
src/Framework/Playground/ServiceProvider.php
Unescape View File

@ -1,46 +0,0 @@
<?php
declare(strict_types=1);
/**
* @author Robert Strutts
* @copyright (c) 2025, Robert Strutts
* @license MIT
*/
namespace IOcornerstone\Framework\Http;
abstract class ServiceProvider {
protected kernel $kernel;
public function __construct(kernel $kernel)
{
$this->kernel = $kernel;
}
abstract public function register(): void;
}
/**
* Example Useage:
namespace App\Providers;
use IOcornerstone\Framework\Http\kernel;
use IOcornerstone\Framework\Http\service_provider;
use App\Services\Database;
class app_service_provider extends service_provider
{
public function register(): void
{
$this->kernel->getContainer()->singleton(Database::class, function() {
return new Database(
getenv('DB_HOST'),
getenv('DB_USER'),
getenv('DB_PASS'),
getenv('DB_NAME')
);
});
}
}
*/

32
src/Framework/Playground/pipeOp.php
Unescape View File

@ -1,32 +0,0 @@
<?php
//echo trim(strtoupper(str_rot13(str_shuffle("Hello, World!"))));
/**
* yonks: noun, A long time (especially a longer time than expected); ages.
* Here its a lot of useless data passed
*/
function yonks(string $x): string
{
return hash('sha256', $x);
}
/**
* PHP 8.5 adds a new operator, the pipe operator (|>)
* to chain multiple callables from left to right,
* taking the return value of the left callable and
* passing it to the right.
*
* They are suitable when all of the functions in the
* chain require only one parameter, have return values,
* and do not accept by-reference parameters.
echo trim("Hello, World!")
|> strtoupper(...)
|> str_shuffle(...)
|> str_rot13(...)
|> yonks(...);
*
*/

156
src/Framework/SaferOutput.php
Unescape View File

@ -0,0 +1,156 @@
<?php
declare(strict_types=1);
/**
* @author Robert Strutts
* @copyright (c) 2026, Robert Strutts
* @license MIT
*/
namespace IOcornerstone\Framework;
use IOcornerstone\Framework\Enum\Flags;
/**
* Description of SaferOutput
*
* @author Robert Strutts
*/
class SaferOutput
{
public static function get(
string $input,
string $default = '',
array $flags = [Flags::TRIM, Flags::HTML_ESCAPE]
): string
{
$value = $input ?? $default;
if (!is_string($value)) {
return $default;
}
foreach ($flags as $flag) {
$value = match ($flag) {
Flags::TRIM =>
trim($value),
Flags::HTML_STIP_TAGS =>
strip_tags($value),
Flags::HTML_ESCAPE =>
self::h($value),
Flags::HTML_PURIFY =>
self::p($value),
Flags::JSON_ENCODE =>
self::j($value),
};
}
return $value;
}
public static function convertToUTF8(string $in_str): string
{
if (!extension_loaded('mbstring')) {
return $in_str;
}
$cur_encoding = mb_detect_encoding($in_str);
if ($cur_encoding == "UTF-8" && mb_check_encoding($in_str, "UTF-8")) {
return $in_str;
} else {
return mb_convert_encoding($in_str, 'UTF-8', $cur_encoding);
}
}
// Escape HTML output
public static function h(string $string): string
{
$utf8 = self::convertToUTF8($string);
return htmlspecialchars($utf8, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
}
// Reverse encode of HTML
public static function htmlDecode(string $string): string
{
return htmlspecialchars_decode($string, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5);
}
/**
* @todo FIX ME to use IOConerstone....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
// HTML Purify library
public static function p(string $string): string
{
$purifer = \main_tts\registry::get('di')->get_service('html_filter');
if (!$purifer->has_loaded()) {
$purifer->set_defaults();
}
return $purifer->purify($string);
}
// Escape JavaScript output
public static function j($input, int $levels_deep = 512): mixed
{
try {
return json_encode($input, JSON_PRETTY_PRINT | JSON_THROW_ON_ERROR, $levels_deep);
} catch (\JsonException $ex) {
return $ex;
}
}
public static function jsonDecode(string $string, bool $return_as_an_array = true, int $levels_deep = 512): mixed
{
try {
return json_decode($string, $return_as_an_array, $levels_deep, JSON_THROW_ON_ERROR);
} catch (\JsonException $ex) {
return $ex;
}
}
public static function hasJsonError($object): bool
{
return ($object instanceof \JsonException);
}
// Escape URL output
public static function u(string $string): string
{
return urlencode($string);
}
/*
* Encode HTML kindof... The problem with htmlentities() is that it is not
* very powerful, in fact, it does not escape single quotes, cannot detect
* the character set and does not validate HTML as well.
*/
public static function e(string $string): string
{
$utf8 = self::convertToUTF8($string);
return htmlentities($utf8, ENT_QUOTES, 'UTF-8');
}
public static function de(string $data): string
{
return html_entity_decode($data);
}
/**
* As PHP uses the underlying C functions for file system related operations,
* it may handle null bytes in a quite unexpected way.
* As null bytes denote the end of a string in C, strings
* containing them won't be considered entirely but rather
* only until a null byte occurs. So, clean it out to
* avoid vulnerable code.
*/
public static function removeNullByte(string $input): string
{
return str_replace(chr(0), '', $input);
}
}

135
src/Framework/Security.php
Unescape View File

@ -1,17 +1,19 @@
<?php <?php
declare(strict_types = 1); declare(strict_types=1);
/** /**
* @author Robert Strutts * @author Robert Strutts
* @copyright (c) 2026, Robert Strutts * @copyright (c) 2026, Robert Strutts
* @license MIT * @license MIT
*/ */
namespace IOcornerstone\Framework; namespace IOcornerstone\Framework;
use IOcornerstone\Framework\{ use IOcornerstone\Framework\{
Configure, Configure,
Requires Requires,
RandomEngine,
}; };
/** /**
@ -21,14 +23,32 @@ use IOcornerstone\Framework\{
*/ */
class Security class Security
{ {
use \IOcornerstone\Framework\Trait\Security\CsrfTokenFunctions; use \IOcornerstone\Framework\Trait\Security\CsrfTokenFunctions;
use \IOcornerstone\Framework\Trait\Security\SessionHijackingFunctions; use \IOcornerstone\Framework\Trait\Security\SessionHijackingFunctions;
public static function hexPWD(int $bytes = 16): string
{
$r = new RandomEngine();
return sodium_bin2hex($r->getBytes($bytes));
}
public static function base64PWD(int $bytes = 16): string
{
$r = new RandomEngine();
return rtrim(strtr(
base64_encode($r->getBytes($bytes)),
'+/',
'-_'
), '=');
}
/** /**
* Get unique IDs for database * Get unique IDs for database
* @return int * @return int
*/ */
public static function getUniqueNumber(): int { public static function getUniqueNumber(): int
{
return abs(crc32(microtime())); return abs(crc32(microtime()));
} }
@ -36,13 +56,15 @@ class Security
* Get token * Get token
* @return string * @return string
*/ */
public static function getUniqueId(): string { public static function getUniqueId(): string
{
$moreEntropy = true; $moreEntropy = true;
$prefix = ""; // Blank is a rand string $prefix = ""; // Blank is a rand string
return md5(uniqid($prefix, $moreEntropy)); return md5(uniqid($prefix, $moreEntropy));
} }
public static function useHmac(string $algo, string $pepper) { public static function useHmac(string $algo, string $pepper)
{
if (!function_exists("hash_hmac_algos")) { if (!function_exists("hash_hmac_algos")) {
throw new \Exception("hash_hmac not installed!"); throw new \Exception("hash_hmac not installed!");
} }
@ -73,7 +95,8 @@ class Security
* or Argon2 should be used. * or Argon2 should be used.
*/ */
public static function findDefaultHashAlgo() { public static function findDefaultHashAlgo()
{
if (defined("PASSWORD_ARGON2ID")) if (defined("PASSWORD_ARGON2ID"))
return PASSWORD_ARGON2ID; return PASSWORD_ARGON2ID;
if (defined("PASSWORD_ARGON2")) if (defined("PASSWORD_ARGON2"))
@ -85,7 +108,8 @@ class Security
return false; return false;
} }
private static function isValidHashAlgo($algo): bool { private static function isValidHashAlgo($algo): bool
{
return (in_array($algo, password_algos())); return (in_array($algo, password_algos()));
} }
@ -95,24 +119,26 @@ class Security
* salt and prevents time based side-channel attacks. * salt and prevents time based side-channel attacks.
*/ */
public static function do_password_hash(#[\SensitiveParameter] string $password): bool | string { public static function do_password_hash(#[\SensitiveParameter] string $password): bool|string
{
$pwdPeppered = self::makeHash($password); $pwdPeppered = self::makeHash($password);
$hashAlgo = Configure::get( $hashAlgo = Configure::get(
"security", "security",
"hash_algo" "hash_algo"
) ?? false; ) ?? false;
if ($hashAlgo === false) { if ($hashAlgo === false) {
throw new \Exception("Security Hash Algo not set!"); throw new \Exception("Security Hash Algo not set!");
} }
if (! self::isValidHashAlgo($hashAlgo)) { if (!self::isValidHashAlgo($hashAlgo)) {
throw new \Exception("Invalid Security Hash Alogo set"); throw new \Exception("Invalid Security Hash Alogo set");
} }
return password_hash($pwdPeppered, $hashAlgo); return password_hash($pwdPeppered, $hashAlgo);
} }
public static function doPasswordVerify( public static function doPasswordVerify(
#[\SensitiveParameter] string $inputPwd, #[\SensitiveParameter] $dbPassword #[\SensitiveParameter] string $inputPwd, #[\SensitiveParameter] $dbPassword
): bool { ): bool
{
$pwdPeppered = self::makeHash($inputPwd); $pwdPeppered = self::makeHash($inputPwd);
return password_verify($pwdPeppered, $dbPassword); return password_verify($pwdPeppered, $dbPassword);
} }
@ -123,7 +149,8 @@ class Security
* @param string $level (weak, low, high, max) * @param string $level (weak, low, high, max)
* @return string new Hashed * @return string new Hashed
*/ */
public static function makeHash(#[\SensitiveParameter] string $text): string { public static function makeHash(#[\SensitiveParameter] string $text): string
{
$level = Configure::get('security', 'hash_level'); $level = Configure::get('security', 'hash_level');
if (empty($level)) { if (empty($level)) {
$level = "normal"; $level = "normal";
@ -168,18 +195,19 @@ class Security
return self::useHmac($level, $pepper); return self::useHmac($level, $pepper);
} }
/** /**
* @method filter_class * @method filter_class
* @param type $class * @param type $class
* Please NEVER add a period or SLASH as it will allow BAD things! * Please NEVER add a period or SLASH as it will allow BAD things!
* IT should be a-zA-Z0-9_ and that's it. * IT should be a-zA-Z0-9_ and that's it.
* @retval string of safe class name * @retval string of safe class name
*/ */
public static function filterClass(string $class): string { public static function filterClass(string $class): string
if (Requires::isDangerous($class)) { {
throw new \Exception("Dangerious URI!"); if (Requires::isDangerous($class)) {
} throw new \Exception("Dangerious URI!");
return preg_replace('/[^a-zA-Z0-9_]/', '', $class); }
return preg_replace('/[^a-zA-Z0-9_]/', '', $class);
} }
/** /**
@ -187,28 +215,31 @@ class Security
* @param string $uri * @param string $uri
* @return string Safe URI * @return string Safe URI
*/ */
public static function filterUri(string $uri): string { public static function filterUri(string $uri): string
{
if (Requires::isDangerous($uri) === true) { if (Requires::isDangerous($uri) === true) {
throw new \Exception("Dangerious URI!"); throw new \Exception("Dangerious URI!");
} }
return Requires::filterFileName($uri); return Requires::filterFileName($uri);
} }
public static function idHash(): string { public static function idHash(): string
{
return crc32($_SESSION['user_id']); return crc32($_SESSION['user_id']);
} }
public static function isPrivateOrLocalIPSimple(string $ip): bool { public static function isPrivateOrLocalIPSimple(string $ip): bool
if (! self::getValidIp($ip)) { {
if (!self::getValidIp($ip)) {
return false; // Invalid return false; // Invalid
} }
return ( return (
$ip === '::1' || // IPv6 localhost $ip === '::1' || // IPv6 localhost
preg_match('/^127\./', $ip) || // IPv4 localhost preg_match('/^127\./', $ip) || // IPv4 localhost
preg_match('/^10\./', $ip) || // 10.0.0.0/8 preg_match('/^10\./', $ip) || // 10.0.0.0/8
preg_match('/^172\.(1[6-9]|2[0-9]|3[0-1])\./', $ip) || // 172.16.0.0/12 preg_match('/^172\.(1[6-9]|2[0-9]|3[0-1])\./', $ip) || // 172.16.0.0/12
preg_match('/^192\.168\./', $ip) || // 192.168.0.0/16 preg_match('/^192\.168\./', $ip) || // 192.168.0.0/16
preg_match('/^fd[0-9a-f]{2}:/i', $ip) // IPv6 ULA (fc00::/7) preg_match('/^fd[0-9a-f]{2}:/i', $ip) // IPv6 ULA (fc00::/7)
); );
} }
@ -217,18 +248,22 @@ class Security
* @param string $ip * @param string $ip
* @return string | false * @return string | false
*/ */
public static function getValidIp(string $ip) { public static function getValidIp(string $ip)
return (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4|FILTER_FLAG_IPV6)); {
return (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6));
} }
public static function getValidPublicIp(string $ip) {
return (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4|FILTER_FLAG_IPV6|FILTER_FLAG_NO_PRIV_RANGE)); public static function getValidPublicIp(string $ip)
{
return (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE));
} }
/** /**
* Is the server on the local test domain name * Is the server on the local test domain name
* @return bool SERVER Domain name is on whitelist * @return bool SERVER Domain name is on whitelist
*/ */
public static function isServerNameOnDomainList(array $whitelist): bool { public static function isServerNameOnDomainList(array $whitelist): bool
{
if (!isset($_SERVER['SERVER_NAME'])) { if (!isset($_SERVER['SERVER_NAME'])) {
return false; return false;
} }
@ -239,7 +274,8 @@ class Security
* Check if same Domain as Server * Check if same Domain as Server
* @return bool * @return bool
*/ */
public static function requestIsSameDomain(): bool { public static function requestIsSameDomain(): bool
{
if (!isset($_SERVER['HTTP_REFERER'])) { if (!isset($_SERVER['HTTP_REFERER'])) {
// No referer send, so can't be same domain! // No referer send, so can't be same domain!
return false; return false;
@ -255,14 +291,15 @@ class Security
} }
} }
public static function safeForEval(string $s): string { public static function safeForEval(string $s): string
{
//new line check //new line check
$nl = chr(10); $nl = chr(10);
if (strpos($s, $nl)) { if (strpos($s, $nl)) {
throw new \Exception("String CR/LF not permitted"); throw new \Exception("String CR/LF not permitted");
} }
$meta = ['$','{','}','[',']','`',';']; $meta = ['$', '{', '}', '[', ']', '`', ';'];
$escaped = ['&#36','&#123','&#125','&#91','&#96','&#59']; $escaped = ['&#36', '&#123', '&#125', '&#91', '&#96', '&#59'];
// add slashed for quotes and blackslashes // add slashed for quotes and blackslashes
$out = addslashes($s); $out = addslashes($s);
// replace php meta chrs // replace php meta chrs
@ -270,7 +307,8 @@ class Security
return $out; return $out;
} }
public static function getClientIpAddress() { public static function getClientIpAddress(): string
{
$ipaddress = ''; $ipaddress = '';
if (isset($_SERVER['HTTP_CLIENT_IP'])) { if (isset($_SERVER['HTTP_CLIENT_IP'])) {
$ipaddress = $_SERVER['HTTP_CLIENT_IP']; $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
@ -296,7 +334,8 @@ class Security
* @param string $file * @param string $file
* @return bool true if PHP was found * @return bool true if PHP was found
*/ */
public static function fileContainsPhp(string $file): bool { public static function fileContainsPhp(string $file): bool
{
$file_handle = fopen($file, "r"); $file_handle = fopen($file, "r");
while (!feof($file_handle)) { while (!feof($file_handle)) {
$line = fgets($file_handle); $line = fgets($file_handle);

8
src/Framework/Services/Sessions/CookieSessionHandler.php
Unescape View File

@ -6,6 +6,7 @@ namespace IOcornerstone\Framework\Services\Sessions;
use IOcornerstone\Framework\GzCompression; use IOcornerstone\Framework\GzCompression;
use IOcornerstone\Framework\Enum\CompressionMethod as Method; use IOcornerstone\Framework\Enum\CompressionMethod as Method;
use IOcornerstone\ErrorCodes;
/** /**
* @author Robert Strutts * @author Robert Strutts
@ -93,7 +94,12 @@ class CookieSessionHandler implements \SessionHandlerInterface {
$data = $de; // data is now decrypted $data = $de; // data is now decrypted
} }
} }
$gd = $this->compression->decompress($data); try {
$gd = $this->compression->decompress($data);
} catch (\Exception $ex) {
echo ErrorCodes::getErrorCodeFor(ErrorCodes::GZ_Inflate_Cookie_Data_Tampered_With, $ex, throwMe: true);
return "";
}
return ($gd !== false) ? $gd : $data; return ($gd !== false) ? $gd : $data;
} }

137
src/Framework/Trait/Security/CsrfTokenFunctions.php
Unescape View File

@ -14,67 +14,109 @@ use IOcornerstone\Framework\Configure;
trait CsrfTokenFunctions trait CsrfTokenFunctions
{ {
/**
* Get an Cross-Site Request Forge - Prevention Token
* @return string
*/
public static function csrfToken(): string {
return self::get_unique_id();
}
/** /**
* Set Session to use CSRF Token * Set Session to use CSRF Token
* Useful for JSON data...
* @return string CSRF Token * @return string CSRF Token
*/ */
public static function createCsrfToken(): string { public static function createCsrfToken(): string
$token = self::csrfToken(); {
$_SESSION['csrf_token'] = $token; self::setup();
$_SESSION['csrf_token_time'] = time();
return $token; $newToken = self::csrfToken();
$_SESSION['csrf_pool'][$newToken] = time();
return $newToken;
} }
/** /**
* Destroy CSRF Token from Session * Keep only last 15 tokens to prevent memory issues.
* @return bool success
*/ */
public static function destroyCsrfToken(): bool { public static function cleanUp(){
$_SESSION['csrf_token'] = null; $keepOnly = 15;
$_SESSION['csrf_token_time'] = null; if (count($_SESSION['csrf_pool']) > $keepOnly) {
return true; $_SESSION['csrf_pool'] = array_slice($_SESSION['csrf_pool'], -$keepOnly, null, true);
}
} }
/** /**
* Get CSRF Token for use with HTML Form * Get CSRF Token for use with HTML Form
* @return string Hidden Form with token set * @return string Hidden Form with token set
*/ */
public static function csrfTokenTag(): string { public static function csrfTokenTag(): string
{
$token = self::createCsrfToken(); $token = self::createCsrfToken();
return "<input type=\"hidden\" name=\"csrf_token\" value=\"" . $token . "\">"; return "<input type=\"hidden\" id=\"csrf_token\" name=\"csrf_token\" value=\"" . $token . "\">";
} }
/** public static function csrfTokenStillValid(string $csrfTokenKeyName = ""): bool
* Check if POST data CSRF Token is Valid {
* @return bool is valid if (empty($csrfTokenKeyName)) {
*/ $csrfTokenKeyName = $_POST['csrf_token'] ?? "";
public static function csrfTokenIsValid(int $filter = FILTER_UNSAFE_RAW): bool { }
$isCsrf = filter_has_var(INPUT_POST, 'csrf_token');
if ($isCsrf) { $validTimeStamp = self::csrfTokenIsValid($csrfTokenKeyName);
$userToken = filter_input(INPUT_POST, 'csrf_token', $filter); if ($validTimeStamp === false) {
$storedToken = $_SESSION['csrf_token'] ?? '';
if (empty($storedToken)) {
return false;
}
return ($user_token === $stored_token);
} else {
return false; return false;
} }
$recent = self::csrfTokenIsRecent($validTimeStamp);
self::destroyCsrfToken($csrfTokenKeyName); // Done, so clean up Consume token
return $recent;
} }
/** /**
* Optional check to see if token is also recent * Get an Cross-Site Request Forge - Prevention Token
* @return bool * @return string
*/ */
public static function csrfTokenIsRecent(): bool { private static function csrfToken(): string
{
return self::getUniqueId();
}
private static function setup(): void
{
$clean_ts = intval(Configure::get(
'security',
'token_life'
));
if ($clean_ts < 60) {
$clean_ts = 3600;
}
if (!isset($_SESSION['csrf_pool'])) {
$_SESSION['csrf_pool'] = [];
}
// Clean old tokens by useage time token_life
foreach ($_SESSION['csrf_pool'] as $key => $timestamp) {
if ($timestamp < (time() - $clean_ts)) {
unset($_SESSION['csrf_pool'][$key]);
}
}
}
private static function csrfTokenIsValid(string $csrfTokenKeyName = ""): false|int
{
if (empty($csrfTokenKeyName)) {
$csrfTokenKeyName = $_POST['csrf_token'] ?? "";
}
if (!isset($_SESSION['csrf_pool'][$csrfTokenKeyName])) {
return false;
}
$tsToken = $_SESSION['csrf_pool'][$csrfTokenKeyName];
if (is_int($tsToken)){
return $tsToken;
}
return false;
}
private static function csrfTokenIsRecent($tokenTimeStored): bool
{
$max_elapsed = intval(Configure::get( $max_elapsed = intval(Configure::get(
'security', 'security',
'max_token_age' 'max_token_age'
@ -83,13 +125,22 @@ trait CsrfTokenFunctions
$max_elapsed = 60 * 60 * 24; // 1 day $max_elapsed = 60 * 60 * 24; // 1 day
} }
if (isset($_SESSION['csrf_token_time'])) { return ($tokenTimeStored + $max_elapsed) >= time();
$stored_time = $_SESSION['csrf_token_time']; }
return ($stored_time + $max_elapsed) >= time();
} else { /**
// Remove expired token * Destroy CSRF Token from Session
self::destroyCsrfToken(); * @return bool success
*/
private static function destroyCsrfToken(string $csrfTokenKeyName = ""): bool
{
if (empty($csrfTokenKeyName)) {
$csrfTokenKeyName = $_POST['csrf_token'] ?? "";
}
if (!isset($_SESSION['csrf_pool'][$csrfTokenKeyName])) {
return false; return false;
} }
unset($_SESSION['csrf_pool'][$csrfTokenKeyName]); // Consume token
return true;
} }
} }

199
src/Framework/Trait/Security/SessionHijackingFunctions.php
Unescape View File

@ -18,13 +18,18 @@ use IOcornerstone\Framework\Registry;
*/ */
trait SessionHijackingFunctions trait SessionHijackingFunctions
{ {
/**
* Begin Sessions
*/
public static function initSessions() { public static function initSessions() {
if (Registry::get('di')->has('sessions')) { if (Registry::get('di')->has('sessions')) {
Registry::get('di')->get_service('sessions'); Registry::get('di')->get_service('sessions');
} }
} }
// Function to forcibly end the session /**
* Function to forcibly end the session
*/
public static function endSession() { public static function endSession() {
// Use both for compatibility with all browsers // Use both for compatibility with all browsers
// and all versions of PHP. // and all versions of PHP.
@ -32,59 +37,18 @@ trait SessionHijackingFunctions
session_destroy(); session_destroy();
} }
// Does the request IP match the stored value? /**
public static function requestIpMatchesSession() { *
// return false if either value is not set * @param bool $check_ip
if (!isset($_SESSION['ip']) || !isset($_SERVER['REMOTE_ADDR'])) { * @param bool $check_user_agent
return false; * @param bool $check_last_login
} * @return bool Should the session be considered valid?
if ($_SESSION['ip'] === $_SERVER['REMOTE_ADDR']) { */
return true; public static function isSessionValid(
} else { bool $check_ip = true,
return false; bool $check_user_agent = true,
} bool $check_last_login = true,
} ) {
// Does the request user agent match the stored value?
public static function requestUserAgentMatchesSession() {
// return false if either value is not set
if (!isset($_SESSION['user_agent']) || !isset($_SERVER['HTTP_USER_AGENT'])) {
return false;
}
if ($_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT']) {
return true;
} else {
return false;
}
}
// Has too much time passed since the last login?
public static function lastLoginIsRecent() {
$max_elapsed = intval(Configure::get(
'security',
'max_last_login_age'
));
if ($max_elapsed < 30) {
$max_elapsed = 60 * 60 * 24; // 1 day
}
// return false if value is not set
if (!isset($_SESSION['last_login'])) {
return false;
}
if (($_SESSION['last_login'] + $max_elapsed) >= time()) {
return true;
} else {
return false;
}
}
// Should the session be considered valid?
public static function isSessionValid() {
$check_ip = true;
$check_user_agent = true;
$check_last_login = true;
if ($check_ip && !self::requestIpMatchesSession()) { if ($check_ip && !self::requestIpMatchesSession()) {
return false; return false;
} }
@ -97,28 +61,20 @@ trait SessionHijackingFunctions
return true; return true;
} }
// If session is not valid, end and redirect to login page. /**
public static function confirmSessionIsValid( *
string $login = "login.php" * @return bool Is user logged in already?
) { */
if (!self::isSessionValid()) { public static function isLoggedIn(): bool {
self::endSession();
// Note that header redirection requires output buffering
// to be turned on or requires nothing has been output
// (not even whitespace).
header("Location: " . $login );
exit;
}
}
// Is user logged in already?
public static function isLoggedIn() {
return (isset($_SESSION['logged_in']) && $_SESSION['logged_in']); return (isset($_SESSION['logged_in']) && $_SESSION['logged_in']);
} }
// If user is not logged in, end and redirect to login page. /**
* If user is not logged in, end and redirect to login page.
* @param string $login
*/
public static function confirmUserLoggedIn( public static function confirmUserLoggedIn(
string $login = "login.php" string $login = "/App/Home/Login.html"
) { ) {
if (!self::isLoggedIn()) { if (!self::isLoggedIn()) {
self::endSession(); self::endSession();
@ -130,7 +86,9 @@ trait SessionHijackingFunctions
} }
} }
// Actions to preform after every successful login /**
* Actions to preform after every successful login
*/
public static function afterSuccessfulLogin() { public static function afterSuccessfulLogin() {
// Regenerate session ID to invalidate the old one. // Regenerate session ID to invalidate the old one.
// Super important to prevent session hijacking/fixation. // Super important to prevent session hijacking/fixation.
@ -144,18 +102,103 @@ trait SessionHijackingFunctions
$_SESSION['last_login'] = time(); $_SESSION['last_login'] = time();
} }
// Actions to preform after every successful logout /**
* Actions to preform after every successful logout
*/
public static function afterSuccessfulLogout() { public static function afterSuccessfulLogout() {
$_SESSION['logged_in'] = false; $_SESSION['logged_in'] = false;
self::endSession(); self::endSession();
} }
// Actions to preform before giving access to any /**
// access-restricted page. * Actions to preform before giving access to any
* access-restricted page.
*/
public static function beforeEveryProtectedPage( public static function beforeEveryProtectedPage(
string $login = "login.php" string $login = "/App/Home/Login.html",
array $options = []
) { ) {
self::confirmUserLoggedIn($login); self::confirmUserLoggedIn($login);
self::confirmSessionIsValid(); self::confirmSessionIsValid($login, $options);
}
/**
* If session is not valid, end and redirect to login page.
* @param string $login
* @param array $options
*/
private static function confirmSessionIsValid(
string $login = "/App/Home/Login.html",
array $options = []
) {
if (!self::isSessionValid(
$options['check_ip'] ?? true,
$options['check_agent'] ?? true,
$options['check_is_recent_login'] ?? true
)) {
self::endSession();
// Note that header redirection requires output buffering
// to be turned on or requires nothing has been output
// (not even whitespace).
header("Location: " . $login );
exit;
}
}
/**
*
* @return bool Does the request IP match the stored value?
*/
private static function requestIpMatchesSession() {
// return false if either value is not set
if (!isset($_SESSION['ip']) || !isset($_SERVER['REMOTE_ADDR'])) {
return false;
}
if ($_SESSION['ip'] === $_SERVER['REMOTE_ADDR']) {
return true;
} else {
return false;
}
}
/**
*
* @return bool Does the request user agent match the stored value?
*/
private static function requestUserAgentMatchesSession() {
// return false if either value is not set
if (!isset($_SESSION['user_agent']) || !isset($_SERVER['HTTP_USER_AGENT'])) {
return false;
}
if ($_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT']) {
return true;
} else {
return false;
}
} }
/**
*
* @return bool Has too much time passed since the last login?
*/
private static function lastLoginIsRecent() {
$max_elapsed = intval(Configure::get(
'security',
'max_last_login_age'
));
if ($max_elapsed < 30) {
$max_elapsed = 60 * 60 * 24; // 1 day
}
// return false if value is not set
if (!isset($_SESSION['last_login'])) {
return false;
}
if (($_SESSION['last_login'] + $max_elapsed) >= time()) {
return true;
} else {
return false;
}
}
} }

6
src/Framework/View.php
Unescape View File

@ -173,7 +173,7 @@ final class View
* @param mixed $name Name of the variable to set in the view, or an array of key/value pairs where each key is the variable and each value is the value to set. * @param mixed $name Name of the variable to set in the view, or an array of key/value pairs where each key is the variable and each value is the value to set.
* @param mixed $value Value of the variable to set in the view. * @param mixed $value Value of the variable to set in the view.
*/ */
public function set($name, mixed $value = null): void public function set(array|string $name, mixed $value = null): void
{ {
if (is_array($name)) { if (is_array($name)) {
foreach ($name as $var_name => $value) { foreach ($name as $var_name => $value) {
@ -212,6 +212,10 @@ final class View
$local = $this; // FALL Back, please use fetch($this); $local = $this; // FALL Back, please use fetch($this);
} }
if (isset($local->html)) {
$this->vars['html'] = $local->html;
}
if ($this->useTemplateEngineLiquid) { if ($this->useTemplateEngineLiquid) {
$this->tempalteEngineLiquid = Registry::get('di')->get_service('liquid', [$this->templateType]); $this->tempalteEngineLiquid = Registry::get('di')->get_service('liquid', [$this->templateType]);
if ($this->whiteSpaceControl) { if ($this->whiteSpaceControl) {

351
src/Psr4AutoloaderClass.php
Unescape View File

@ -10,171 +10,212 @@ namespace IOcornerstone;
* @license MIT * @license MIT
* @site https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader-examples.md * @site https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader-examples.md
*/ */
final class Psr4AutoloaderClass { final class Psr4AutoloaderClass
{
/** /*
* An associative array where the key is a namespace prefix and the value * log, and sql do not contian PHP files, so they are fine...
* is an array of base directories for classes in that namespace. * a correct NameSpace must be set in the files, so this is not a bug issue...
* */
* @var array
*/ private $blockListOfDirs = [
protected $prefixes = []; "vendor", // Stop Entry into Vendor folder
protected $loadedFiles = []; ];
/** /**
* Register loader with SPL autoloader stack. * An associative array where the key is a namespace prefix and the value
* * is an array of base directories for classes in that namespace.
* @return void *
*/ * @var array
public function register() { */
spl_autoload_register(array($this, 'loadClass')); protected $prefixes = [];
} protected $loadedFiles = [];
public function isLoaded(string $prefix): bool { /**
$prefix = trim($prefix, '\\') . '\\'; * Register loader with SPL autoloader stack.
return (isset($this->prefixes[$prefix])) ? true : false; */
} public function register(): void
{
public function getList(): array { /**
return $this->prefixes; * use [[[ var_dump ]]] in this file or enable dd & Dumps here...
} */
// $this->enableDumps();
public function getFilesList(): array { spl_autoload_register(array($this, 'loadClass'));
return $this->loadedFiles;
}
/**
* Adds a base directory for a namespace prefix.
*
* @param string $prefix The namespace prefix.
* @param string|array $base_dir A base directory for class files in the
* namespace.
* @param bool $prepend If true, prepend the base directory to the stack
* instead of appending it; this causes it to be searched first rather
* than last.
* @return void
*/
public function addNamespace(string $prefix, string|array $baseDir, bool $prepend = false): void {
$prefix = trim($prefix, '\\') . '\\';
// Normalize baseDir to always be an array
if (!is_array($baseDir)) {
$baseDir = [$baseDir];
} }
// Normalize each directory path public function enableDumps(): void
$baseDir = array_map(function($dir) { {
return rtrim($dir, DIRECTORY_SEPARATOR) . '/'; include IO_CORNERSTONE_FRAMEWORK . "Framework" . DIRECTORY_SEPARATOR . "Enum" . DIRECTORY_SEPARATOR . "ExitOnDump.php";
}, $baseDir); include IO_CORNERSTONE_FRAMEWORK . "Framework" . DIRECTORY_SEPARATOR . "Common.php";
include IO_CORNERSTONE_FRAMEWORK . "Framework" . DIRECTORY_SEPARATOR . "Configure.php";
// Initialize array if prefix doesn't exist
if (!isset($this->prefixes[$prefix])) {
$this->prefixes[$prefix] = [];
} }
// Add directories public function isLoaded(string $prefix): bool
if ($prepend) { {
// Merge and prepend new directories $prefix = trim($prefix, '\\') . '\\';
$this->prefixes[$prefix] = array_merge($baseDir, $this->prefixes[$prefix]); return (isset($this->prefixes[$prefix])) ? true : false;
} else {
// Merge and append new directories
$this->prefixes[$prefix] = array_merge($this->prefixes[$prefix], $baseDir);
} }
// Optional: Remove duplicates while preserving order public function getList(): array
$this->prefixes[$prefix] = array_values(array_unique($this->prefixes[$prefix])); {
} return $this->prefixes;
}
/**
* Loads the class file for a given class name.
*
* @param string $class The fully-qualified class name.
* @return mixed The mapped file name on success, or boolean false on
* failure.
*/
protected function loadClass(string $class): false|string {
if (!strrpos($class, '\\')) {
$ret = $this->loadMappedFile($class . '\\', $class);
if ($ret !== false) {
return $ret;
}
}
$prefix = $class;
while (false !== $pos = strrpos($prefix, '\\')) {
// retain the trailing namespace separator in the prefix
$prefix = substr($class, 0, $pos + 1);
$relativeClass = substr($class, $pos + 1);
$mappedFile = $this->loadMappedFile($prefix, $relativeClass);
if ($mappedFile) {
return $mappedFile;
}
// remove the trailing namespace separator for the next iteration
$prefix = rtrim($prefix, '\\');
}
// never found a mapped file
return false;
}
/** public function getFilesList(): array
* Load the mapped file for a namespace prefix and relative class. {
* return $this->loadedFiles;
* @param string $prefix The namespace prefix }
* @param string $relativeClass The relative class name
* @return false|string Boolean false if no mapped file can be loaded,
* or the name of the mapped file that was loaded
*/
protected function loadMappedFile(string $prefix, string $relativeClass): false|string {
// Check if there are any base directories for this namespace prefix
if (!isset($this->prefixes[$prefix])) {
return false;
}
// Iterate through all base directories for this prefix
foreach ($this->prefixes[$prefix] as $baseDir) {
// Replace namespace separators with directory separators
$file = str_replace('\\', '/', $relativeClass) . '.php';
// If the mapped file exists, require it
if ($this->requireFile($baseDir, $file)) {
return $file;
}
}
// None of the directories contained the file
return false;
}
/** /**
* If a file exists, require it from the file system. * Adds a base directory for a namespace prefix.
* *
* @param string $file The file to require. * @param string $prefix The namespace prefix.
* @return bool True if the file exists, false if not. * @param string|array $base_dir A base directory for class files in the
*/ * namespace.
private function requireFile(string $path, string $file): bool { * @param bool $prepend If true, prepend the base directory to the stack
if ($file === "Framework/Requires.php") { * instead of appending it; this causes it to be searched first rather
return true; // Already used... * than last.
* @return void
*/
public function addNamespace(
string $prefix, string|array $baseDir,
bool $prepend = false
): void
{
$prefix = trim($prefix, '\\') . '\\';
// Normalize baseDir to always be an array
if (!is_array($baseDir)) {
$baseDir = [$baseDir];
}
// Normalize each directory path
$baseDir = array_map(function ($dir) {
return rtrim($dir, DIRECTORY_SEPARATOR) . '/';
}, $baseDir);
// Initialize array if prefix doesn't exist
if (!isset($this->prefixes[$prefix])) {
$this->prefixes[$prefix] = [];
}
// Add directories
if ($prepend) {
// Merge and prepend new directories
$this->prefixes[$prefix] = array_merge($baseDir, $this->prefixes[$prefix]);
} else {
// Merge and append new directories
$this->prefixes[$prefix] = array_merge($this->prefixes[$prefix], $baseDir);
}
// Optional: Remove duplicates while preserving order
$this->prefixes[$prefix] = array_values(array_unique($this->prefixes[$prefix]));
} }
$req_class = \IOcornerstone\Framework\Requires::class;
if (! method_exists($req_class, "saferFileExists")) { /**
require_once IO_CORNERSTONE_FRAMEWORK . DIRECTORY_SEPARATOR . "Framework" . DIRECTORY_SEPARATOR . "Requires.php"; * Loads the class file for a given class name.
*
* @param string $class The fully-qualified class name.
* @return mixed The mapped file name on success, or boolean false on
* failure.
*/
protected function loadClass(string $class): false|string
{
if (!strrpos($class, '\\')) {
$ret = $this->loadMappedFile($class . '\\', $class);
if ($ret !== false) {
return $ret;
}
}
$prefix = $class;
while (false !== $pos = strrpos($prefix, '\\')) {
// retain the trailing namespace separator in the prefix
$prefix = substr($class, 0, $pos + 1);
$relativeClass = substr($class, $pos + 1);
$mappedFile = $this->loadMappedFile($prefix, $relativeClass);
if ($mappedFile) {
return $mappedFile;
}
// remove the trailing namespace separator for the next iteration
$prefix = rtrim($prefix, '\\');
}
// never found a mapped file
return false;
} }
$saferFile = $req_class::saferFileExists($file, $path);
if ($saferFile !== false) { /**
if (defined('CountFiles') && CountFiles) { * Load the mapped file for a namespace prefix and relative class.
if (! isset($this->loadedFiles[$saferFile])) { *
require $saferFile; * @param string $prefix The namespace prefix
$this->loadedFiles[$saferFile] = true; * @param string $relativeClass The relative class name
} * @return false|string Boolean false if no mapped file can be loaded,
} else { * or the name of the mapped file that was loaded
require_once $saferFile; */
} protected function loadMappedFile(
return true; string $prefix,
string $relativeClass
): false|string
{
// Check if there are any base directories for this namespace prefix
if (!isset($this->prefixes[$prefix])) {
return false;
}
// Iterate through all base directories for this prefix
foreach ($this->prefixes[$prefix] as $baseDir) {
// Replace namespace separators with directory separators
$file = str_replace('\\', '/', $relativeClass);
/**
* Lock Down our NameSpaces More...
*/
if ($prefix === "IOcornerstone\\" || $prefix === "Project\\") {
foreach ($this->blockListOfDirs as $blockedDir) {
$sDir = "/" . $blockedDir . "/";
if (str_contains($file, $sDir)) {
return false; // Return false = Deny
}
}
}
$file .= ".php"; // Make sure we ONLY work with PHP!!!!
// If the mapped file exists, require it
if ($this->requireFile($baseDir, $file)) {
return $file;
}
}
// None of the directories contained the file
return false;
} }
return false;
}
/**
* If a file exists, require it from the file system.
*
* @param string $file The file to require.
* @return bool True if the file exists, false if not.
*/
private function requireFile(string $path, string $file): bool
{
if ($file === "Framework/Requires.php") {
return true; // Already used...
}
$req_class = \IOcornerstone\Framework\Requires::class;
if (!method_exists($req_class, "saferFileExists")) {
require_once IO_CORNERSTONE_FRAMEWORK . DIRECTORY_SEPARATOR . "Framework" . DIRECTORY_SEPARATOR . "Requires.php";
}
$saferFile = $req_class::saferFileExists($file, $path);
if ($saferFile !== false) {
if (defined('CountFiles') && CountFiles) {
if (!isset($this->loadedFiles[$saferFile])) {
require $saferFile;
$this->loadedFiles[$saferFile] = true;
}
} else {
require_once $saferFile;
}
return true;
}
return false;
}
} }

Write Preview
Loading…
Cancel
Save