2025-10-08 14:23:07 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Core;
|
|
|
|
|
|
|
|
|
|
abstract class Controller
|
|
|
|
|
{
|
|
|
|
|
protected function view(string $view, array $data = []): void
|
|
|
|
|
{
|
2026-03-04 11:16:56 +02:00
|
|
|
$twig = TwigService::getInstance();
|
|
|
|
|
echo $twig->render("$view.twig", $data);
|
2025-10-08 14:23:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function json($data, int $status = 200): void
|
|
|
|
|
{
|
|
|
|
|
http_response_code($status);
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode($data);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function redirect(string $path): void
|
|
|
|
|
{
|
|
|
|
|
header("Location: $path");
|
|
|
|
|
exit;
|
|
|
|
|
}
|
Add CSRF, CAPTCHA, and input validation improvements
Introduces CSRF protection to all sensitive controller actions, integrates configurable CAPTCHA (reCAPTCHA v2/v3, Turnstile) for authentication and registration flows, and centralizes input validation via a new InputValidator helper. Adds new helpers and services for CSRF and CAPTCHA, updates settings and migration for CAPTCHA configuration, and enhances logging and error handling in TLD registry import processes. Also improves validation for user, domain, group, and profile inputs throughout the application.
2025-10-10 00:04:12 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Verify CSRF token and redirect with error if invalid
|
|
|
|
|
*
|
|
|
|
|
* @param string $redirectUrl URL to redirect to on failure
|
|
|
|
|
* @return bool True if valid, redirects on failure
|
|
|
|
|
*/
|
|
|
|
|
protected function verifyCsrf(string $redirectUrl = '/'): bool
|
|
|
|
|
{
|
|
|
|
|
return Csrf::verifyOrFail($redirectUrl);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get CSRF token for forms
|
|
|
|
|
*
|
|
|
|
|
* @return string The CSRF token
|
|
|
|
|
*/
|
|
|
|
|
protected function getCsrfToken(): string
|
|
|
|
|
{
|
|
|
|
|
return Csrf::getToken();
|
|
|
|
|
}
|
2025-10-08 14:23:07 +03:00
|
|
|
}
|
|
|
|
|
|
