150 lines
3.2 KiB
PHP
150 lines
3.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Return the path to a view file.
|
|
*/
|
|
function template(string $name): string
|
|
{
|
|
return __DIR__ . "/../templates/$name.php";
|
|
}
|
|
|
|
/**
|
|
* Render a view with the given data. Looks for `$view` through `template()`.
|
|
*/
|
|
function render(string $pathToBaseView, array $data = []): string|false
|
|
{
|
|
ob_start();
|
|
extract($data);
|
|
require template($pathToBaseView);
|
|
return ob_get_clean();
|
|
}
|
|
|
|
/**
|
|
* Generate a pretty dope token.
|
|
*/
|
|
function token(int $length = 32): string
|
|
{
|
|
return bin2hex(random_bytes($length));
|
|
}
|
|
|
|
/**
|
|
* Redirect to a new location.
|
|
*/
|
|
function redirect(string $location): void
|
|
{
|
|
header("Location: $location");
|
|
exit;
|
|
}
|
|
|
|
/**
|
|
* Flash a message to the session, or retrieve an existing flash value.
|
|
*/
|
|
function flash(string $key, mixed $value = ''): mixed
|
|
{
|
|
if ($value === '') return $_SESSION["flash_$key"] ?? false;
|
|
$_SESSION["flash_$key"] = $value;
|
|
return $value;
|
|
}
|
|
|
|
/**
|
|
* Clear all flash messages.
|
|
*/
|
|
function clear_flashes(): void
|
|
{
|
|
foreach ($_SESSION as $key => $_) {
|
|
if (str_starts_with($key, 'flash_')) unset($_SESSION[$key]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create a CSRF token.
|
|
*/
|
|
function csrf(): string
|
|
{
|
|
if (empty($_SESSION['csrf'])) $_SESSION['csrf'] = token();
|
|
return $_SESSION['csrf'];
|
|
}
|
|
|
|
/**
|
|
* Verify a CSRF token.
|
|
*/
|
|
function csrf_verify(string $token): bool
|
|
{
|
|
if (hash_equals($_SESSION['csrf'] ?? '', $token)) {
|
|
$_SESSION['csrf'] = token();
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Create a hidden input field for CSRF tokens.
|
|
*/
|
|
function csrf_field(): string
|
|
{
|
|
return '<input type="hidden" name="csrf" value="' . csrf() . '">';
|
|
}
|
|
|
|
/**
|
|
* Kill the current request with a 418 error, if $_POST['csrf'] is invalid.
|
|
*/
|
|
function csrf_ensure(): void
|
|
{
|
|
if (!csrf_verify($_POST['csrf'] ?? '')) router_error(418);
|
|
}
|
|
|
|
/**
|
|
* Set a cookie with secure and HTTP-only flags.
|
|
*/
|
|
function set_cookie(string $name, string $value, int $expires): void
|
|
{
|
|
setcookie($name, $value, [
|
|
'expires' => $expires,
|
|
'path' => '/',
|
|
'domain' => '', // Defaults to the current domain
|
|
'secure' => true, // Ensure the cookie is only sent over HTTPS
|
|
'httponly' => true, // Prevent access to cookie via JavaScript
|
|
'samesite' => 'Strict' // Enforce SameSite=Strict
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Get the current user's array from SESSION if it exists. Specify a key to get a specific value.
|
|
*/
|
|
function user(string $field = ''): mixed
|
|
{
|
|
if (empty($_SESSION['user'])) return false;
|
|
if ($field === '') return $_SESSION['user'];
|
|
return $_SESSION['user'][$field] ?? false;
|
|
}
|
|
|
|
/**
|
|
* Check whether the user has selected a character. If so, return the character's ID.
|
|
*/
|
|
function user_selected_char(): int
|
|
{
|
|
return (int) $_SESSION['user']['char_id'];
|
|
}
|
|
|
|
/**
|
|
* If the current user has a selected char and the data is in the session, retrieve either the full array of data
|
|
* or a specific field.
|
|
*/
|
|
function char(string $field = ''): mixed
|
|
{
|
|
if (empty($_SESSION['char'])) return false;
|
|
if ($field === '') return $_SESSION['char'];
|
|
return $_SESSION['char'][$field] ?? false;
|
|
}
|
|
|
|
/**
|
|
* Shorthand to update the user's selected character.
|
|
*/
|
|
function change_user_character(int $char_id): void
|
|
{
|
|
$_SESSION['user']['char_id'] = $char_id;
|
|
db_query(db_auth(), "UPDATE users SET char_id = :c WHERE id = :u", [':c' => $char_id, ':u' => user('id')]);
|
|
$_SESSION['char'] = char_find($char_id);
|
|
}
|