more php8 standard code; created login & register page template; fixed register & login process; include database bootstrap export; fixed css/js includes; added automatic css/js includes w/ same name as controller

Author: Merijn

index.php

@@ -1,8 +1,10 @@
 <?php
+declare(strict_types=1);
+
 define('DOCROOT', str_replace('/public', '', getcwd()));
-define('NOCACHE', (isset($_GET['nocache']) || isset($_GET['NOCACHE']) ? TRUE : FALSE));
-define('CLEARCACHE', (isset($_GET['clearcache']) || isset($_GET['CLEARCACHE']) ? TRUE : FALSE));
+define('NOCACHE', isset($_GET['nocache']) || isset($_GET['NOCACHE']));
+define('CLEARCACHE', isset($_GET['clearcache']) || isset($_GET['CLEARCACHE']));
 
-$url = (!empty($_GET['url']) ? $_GET['url'] : '');
+$url = filter_input(INPUT_GET, 'url') ?? '';
 
-require_once(DOCROOT . '/lib/bootstrap.php');
+require_once(DOCROOT . '/lib/bootstrap.php');

lib/shared.php

@@ -89,9 +89,9 @@ function redirectNotFound(string $requestUri, ?string $httpReferrer): void
         base64_encode($requestUri),
         base64_encode($httpReferrer)
     ));
-    return;
+    exit();
 }
 
 define('TIMER_START', microtime(true));
 setReporting();
-callHook($url, $routing, $default);
+callHook($url ?? '', $routing ?? [], $default ?? []);

mvc.sql

@@ -0,0 +1,61 @@
+-- phpMyAdmin SQL Dump
+-- version 5.2.0
+-- https://www.phpmyadmin.net/
+--
+-- Host: 127.0.0.1
+-- Generation Time: Sep 27, 2022 at 02:55 PM
+-- Server version: 10.4.24-MariaDB
+-- PHP Version: 8.0.19
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `mvc`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `user`
+--
+
+CREATE TABLE `user` (
+  `id` int(11) NOT NULL,
+  `username` varchar(64) NOT NULL,
+  `email` varchar(128) DEFAULT NULL,
+  `passwordhash` varchar(128) NOT NULL,
+  `enabled` tinyint(1) NOT NULL DEFAULT 1,
+  `roles` text DEFAULT NULL,
+  `registered_date` datetime NOT NULL,
+  `last_login` datetime DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Indexes for table `user`
+--
+ALTER TABLE `user`
+  ADD PRIMARY KEY (`id`),
+  ADD UNIQUE KEY `username` (`username`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `user`
+--
+ALTER TABLE `user`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

public/css/login.css

@@ -0,0 +1 @@
+/* place custom css for Login controller pages here */

public/css/mvc.css

@@ -7,10 +7,9 @@
 
 class Login extends Controller {
 
-    public function index() {
-
-        if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST')
-        {
+    public function index()
+    {
+        if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
             $username = filter_input(INPUT_POST, 'username');
             $password = filter_input(INPUT_POST, 'password');
 

public/js/mvc.js

@@ -13,19 +13,21 @@ public function index() {
         if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
             try {
                 $username = filter_input(INPUT_POST, 'username');
+                $email = filter_input(INPUT_POST, 'email');
                 $password = filter_input(INPUT_POST, 'password');
                 $passwordVerify = filter_input(INPUT_POST, 'passwordVerify');
                 $admin = filter_input(INPUT_POST, 'admin');
 
-                if ($this->model->validate($username, $password, $passwordVerify)) {
-                    if ($this->model->registerAndLogin($username, $password, $admin)) {
+                if ($this->model->validate($username, $email, $password, $passwordVerify)) {
+                    if ($this->model->registerAndLogin($username, $email, $password, $admin)) {
 
                         $this->setDelayedInfo('Registration successful.');
                         $this->redirect('/');
                     } else {
                         $this->setError('Registration failed.');
                         $this->set('post', [
                             'username' => $username,
+                            'email' => $email,
                             'password' => $password,
                             'passwordVerify' => $passwordVerify,
                         ]);
@@ -35,6 +37,7 @@ public function index() {
                 $this->setError($e->getMessage());
                 $this->set('post', [
                     'username' => $username,
+                    'email' => $email,
                     'password' => $password,
                     'passwordVerify' => $passwordVerify,
                 ]);

src/Controller/Login.php

@@ -123,7 +123,7 @@ public function setDelayedMessage($sType, $sMessage): void
     }
 
     //wrapper call for including css
-    public function includeCss($content): void
+    public function includeCss(string $content): void
     {
         $this->_template->includeExternal('css', $content);
     }

src/Controller/Register.php

@@ -1,4 +1,6 @@
 <?php
+declare(strict_types=1);
+
 namespace MVC\Lib;
 
 use Twig\Loader\FilesystemLoader;
@@ -12,23 +14,24 @@ class Template {
 
     protected $twig;
 
-    protected $variables = array();
-    private $includes = array('css' => array(), 'js' => array());
+    protected $variables = [];
+    private $includes = ['css' => [], 'js' => []];
 
-    public function __construct($controller, $action) {
+    public function __construct($controller, $action)
+    {
         $this->_controller = $controller;
         $this->_action = $action;
 
         $twig_loader = new FilesystemLoader(DOCROOT . '/view');
         $this->twig = new Environment($twig_loader, [
-            'cache' => (defined('ENV') && ENV == 'prod' ? DOCROOT . '/cache' : FALSE),
+            'cache' => (defined('ENV') && ENV == 'prod' ? DOCROOT . '/cache' : false),
             'debug' => !(defined('ENV') && ENV == 'prod'),
         ]);
         $this->twig->addExtension(new DebugExtension());
     }
 
-    public function set($name, $value = FALSE) {
-
+    public function set($name, $value = false)
+    {
         if (is_array($name)) {
             foreach ($name as $key => $value) {
                 $this->variables[$key] = $value;
@@ -38,12 +41,12 @@ public function set($name, $value = FALSE) {
         }
     }
 
-    public function get($name) {
-
+    public function get($name)
+    {
         if (!empty($this->variables[$name])) {
             return $this->variables[$name];
         } else {
-            return FALSE;
+            return false;
         }
     }
 
@@ -52,13 +55,15 @@ public function get($name) {
      * @param string $type either 'css' or 'js'
      * @param string $content either a filename (relative path to /public), an url (js only) or inline content
      */
-    public function includeExternal($type, $content) {
+    public function includeExternal(string $type, string $content)
+    {
         $this->includes[$type][] = $content;
     }
 
     //called in template
-    private function getCss() {
-        $return = array();
+    private function getCss(): string
+    {
+        $return = [];
         foreach ($this->includes['css'] as $content) {
             if (is_file(DOCROOT . '/public' . $content)) {
                 //content is a file, create <link> tag
@@ -72,8 +77,9 @@ private function getCss() {
     }
 
     //called in template
-    private function getJs() {
-        $return = array();
+    private function getJs(): string
+    {
+        $return = [];
         foreach ($this->includes['js'] as $content) {
             if (is_file(DOCROOT . '/public' . $content)) {
                 //content is a local file, create <script src="./.."> tag
@@ -90,21 +96,32 @@ private function getJs() {
     }
 
     //render the page
-    public function fetch() {
-
+    public function fetch(): string
+    {
         if (!is_file(DOCROOT . '/view/' . $this->_controller . '/' . $this->_action . '.twig')) {
+            die('view not found: ' . DOCROOT . "/view/{$this->_controller}/{$this->_action}.twig");
             Controller::redirect(sprintf('/errorpage/error500/%s/%s',
                 base64_encode(sprintf('/%s/%s', $this->_controller, $this->_action)),
                 base64_encode($_SERVER['HTTP_REFERER'] ?? '')
             ));
         }
 
+        //auto-include css and js for this controller
+        if (is_file(DOCROOT . '/public/css/' . $this->_controller . '.css')) {
+            $this->includeExternal('css', '/css/' . $this->_controller . '.css');
+        }
+        if (is_file(DOCROOT . '/public/js/' . $this->_controller . '.js')) {
+            $this->includeExternal('js', '/js/' . $this->_controller . '.js');
+        }
+
+        $this->variables['included_css'] = $this->getCss();
+        $this->variables['included_js'] = $this->getJs();
         return $this->twig->render($this->_controller . '/' . $this->_action . '.twig', $this->variables);
     }
 
     //display the page
-    public function render() {
-
+    public function render(): void
+    {
         echo $this->fetch();
     }
 }

src/Lib/Controller.php

@@ -18,14 +18,11 @@ public function login(string $username, string $password) {
             FROM user
             WHERE username = :username
             AND enabled = 1
-            AND locked = 0
-            AND expired = 0
-            AND credentials_expired = 0
             LIMIT 1',
             [':username' => $username]
         );
 
-        if ($user && password_verify($password, $user['password'])) {
+        if ($user && password_verify($password, $user['passwordhash'])) {
 
             $this->sql->fquery('
                 UPDATE user

src/Lib/Template.php

@@ -3,17 +3,17 @@
 
 namespace MVC\Model;
 
-use MVC\Lib\Model;
 use Exception;
+use MVC\Lib\Model;
 
 class Register extends Model {
 
-    public function validate(string $username, string $password, string $passwordVerify) {
+    public function validate(string $username, string $email, string $password, string $passwordVerify) {
 
-        if ($this->userExists($username) && !$_SESSION['user']['username'] == $username) {
-            throw new Exception('This email address is already taken.');
+        if ($this->userExists($username, $email) && isset($_SESSION['user']) && $_SESSION['user']['username'] !== $username) {
+            throw new Exception('This username or email address is already taken.');
 
-        } elseif (!validEmailSyntax($username)) {
+        } elseif (!$this->validateEmailSyntax($email)) {
             throw new Exception('Email adress is invalid.');
 
         } elseif (empty($password) || empty($passwordVerify)) {
@@ -26,21 +26,31 @@ public function validate(string $username, string $password, string $passwordVer
         return true;
     }
 
-    private function userExists($sUsername) {
+    private function validateEmailSyntax($email): bool
+    {
+        return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
+    }
 
-        return $this->sql->fetch_single('
+    private function userExists(string $username, string $email): bool
+    {
+        $result = $this->sql->fetch_single('
             SELECT *
             FROM user
             WHERE username = :username
-            OR email = :username
+            OR email = :email
             LIMIT 1',
-            [':username' => $sUsername]
+            [
+                ':username' => $username,
+                ':email' => $email
+            ]
         );
-    }
 
-    public function registerAndLogin(string $username, string $password, string $admin) {
+        return is_countable($result) && count($result) > 0;
+    }
 
-        $userId = $this->register($username, $password, !empty($admin));
+    public function registerAndLogin(string $username, string $email, string $password, ?string $admin): bool
+    {
+        $userId = $this->register($username, $email, $password, !empty($admin));
 
         if ($userId) {
             return $this->login($username, $password);
@@ -49,27 +59,22 @@ public function registerAndLogin(string $username, string $password, string $adm
         return false;
     }
 
-    private function register(string $username, string $password, $bAdmin = false)
+    private function register(string $username, string $email, string $password, bool $isAdmin = false)
     {
-        $sUsername = $username;
-        $sPassword = $password;
-
-        $sHash = password_hash($sPassword, PASSWORD_BCRYPT, ['cost' => 12]);
+        $hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);
 
         $roles = ['ROLE_USER'];
-        if ($bAdmin) {
+        if ($isAdmin) {
             $roles[] = 'ROLE_SUPER_ADMIN';
         }
 
         return $this->sql->fquery('
-            INSERT INTO user
-                (username, email, enabled, salt, password, locked, expired, roles, credentials_expired)
-            VALUES
-                (:username, :email, 1, "", :password, 0, 0, :roles, 0)',
+            INSERT INTO user (username, email, passwordHash, enabled, roles, registered_date)
+            VALUES (:username, :email, :password, 1, :roles, NOW())',
             [
-                ':username' => $sUsername,
-                ':email' => $sUsername,
-                ':password' => $sHash,
+                ':username' => $username,
+                ':email' => $email,
+                ':password' => $hash,
                 ':roles' => serialize($roles),
             ]
         );