name = $name; $this->resetCsrf(); $tpl = new Html($path, $extention, $folder); $tpl->set($name, $this) ->sets($sets) ->run('buffer'); return $this; } public function resetCsrf(){ if(session_status() == PHP_SESSION_NONE) session_start(); //TODO: create Krutsh\Session if(isset($_SESSION[static::$csrfSession][$this->name])){ $this->csrfToken = $_SESSION[static::$csrfSession][$this->name]; }else{ $this->csrfToken = base64_encode(random_bytes(6)); $_SESSION[static::$csrfSession][$this->name] = $this->csrfToken; } } public static function sanitize(array $data) : array{ $return = array(); foreach($data as $key => $value){ if(is_string($value)) $return[$key] = strip_tags(trim($value)); } return $return; } public function valid(array $data) : bool{ $data = static::sanitize($data); $this->set = true; if(!isset($_SESSION[static::$csrfSession][$this->name]) || !isset($data[static::$csrfInput]) || $_SESSION[static::$csrfSession][$this->name] != $data[static::$csrfInput]){ $this->error('Formulaire expiré'); return false; } $valid = true; foreach($this->elements as $element){ $value = isset($data[$element->name()]) ? $data[$element->name()] : null; $return = $element->valid($value); if($return !== true){ $this->error('Le champ '.$element->name().' est '.$return.'.', false); $valid = false; }else{ $element->value($value); } } if($valid) unset($_SESSION[static::$csrfSession][$this->name]); return $valid; } public function error(string $error, bool $reset = true){ $this->errors[] = $error; if($reset) $this->resetCsrf(); } public function name() : string{ return $this->name; } public function _start(string $more = '', string $method = 'post', string $url = null) : string{ if(!in_array($method, array('post', 'get'))) $method = 'post'; if($this->set == false){ $this->method = $method; $this->url = $url; } $html = '
'; } public function _errors(string $more = '') : string{ if(empty($this->errors)) return ''; $html = ''.$error.'
'; } return $html.'