-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathsecplus.lib.php
More file actions
executable file
·137 lines (118 loc) · 3.56 KB
/
secplus.lib.php
File metadata and controls
executable file
·137 lines (118 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php
/**
* secplus.lib.php
*
* SEC+ WebFramework
* License: GNU GPL v2.0
* Light MVC PHP Framework designed for security.
*
* @author i4k - Tiago Natel de Moura <tiago4orion@gmail.com>
*
* @version 1.0
* @package secplus-php
*/
namespace SecPlus;
require_once "lib/cfg/config.php";
require_once "lib/core/controller.php";
require_once "lib/core/model.php";
require_once "lib/core/valueobject.php";
/**
* Main class
*/
class WebFramework {
protected $config;
protected $controller;
public function __construct($conf) {
$this->config = $conf;
spl_autoload_register(array($this, 'autoload'));
$this->handleController();
}
/**
* Loader for the SecPlus classes.
*/
private function autoload($classname) {
$filename = "";
/**
* First, we attempt to discover if the class is part of SecPlus-PHP
* framework.
*/
$cfg = Config::getInstance();
$class_files = $cfg->getLibrary();
$classname = str_replace(__NAMESPACE__ . '\\', '', $classname);
if (!empty($class_files[$classname])) {
$filename = dirname(__FILE__) . DIRECTORY_SEPARATOR . strtolower($class_files[$classname]);
if (file_exists($filename)) {
require_once $filename;
} else {
print "Something went wrong here! <br>The file $classname of SecPlus-PHP library was not found ... check your library package.<br>";
die();
}
} else {
$filename = "";
if (preg_match('/Controller$/', $classname)) {
$filename = $this->config->getControllerDir();
} else if (preg_match('/DAO$/', $classname)) {
$filename = $this->config->getDaoDir();
} else if (preg_match('/View$/', $classname)) {
$filename = $this->config->getViewDir();
} else if (file_exists($this->config->getVoDir() . DIRECTORY_SEPARATOR . $classname . '.php')) {
$filename = $this->config->getVoDir();
} else {
$filename = DIRECTORY_SEPARATOR . $classname . '.php';
}
if (!empty($filename)) {
$filename .= DIRECTORY_SEPARATOR . $classname . '.php';
/**
* Security against LFI/LFD
* Each file that needs to be dynamically included, *MUST* be defined in the configuration class.
*/
if (file_exists($filename) && in_array($filename, $this->config->getSafeFiles()))
require $filename;
else {
Helper::throwPermissionDeniedInclude($filename);
}
} else {
Helper::throwPermissionDeniedInclude($filename);
}
}
}
/**
* Controller manager.
* Identify the controller and execute.
*/
protected function handleController() {
$c = Config::getInstance();
$controllerName = $c->getControllerName();
$action_name = $c->getActionName();
if (!empty($_GET[$controllerName])) {
$controller = $_GET[$controllerName];
} else {
$controller = $c->getDefaultController(); // If any controller, this is the default.
}
$class = ucfirst($controller) . 'Controller';
$c = new $class();
$c->_setupController();
$c->setup();
}
public static function getRootDir() {
return dirname(__FILE__);
}
}
if (php_sapi_name() == "cli") {
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'lib/cmd/shell.php';
secplus_cmd();
}
function secplus_cmd() {
global $argc;
global $argv;
$config_file = 'config.php';
for ($i = 0; $i < $argc; $i++) {
if ($argv[$i] == "-c") {
if ($i < ($argc - 1)) {
$config_file = $argv[$i+1];
}
}
}
$secshell = new Shell($config_file);
$secshell->loopExecute();
}