omarelgabry / miniphp Goto Github PK
View Code? Open in Web Editor NEWA small, simple PHP MVC framework skeleton that encapsulates a lot of features surrounded with powerful security layers.
Home Page: https://miniphp.ga/
License: MIT License
A small, simple PHP MVC framework skeleton that encapsulates a lot of features surrounded with powerful security layers.
Home Page: https://miniphp.ga/
License: MIT License
Stack after page 7
Routing to public/ affects the complete frame work under IIS or Azure, you can only get login page.
miniPHP/app/models/Validation.php
Line 165 in 7ddf0c9
"Test" => [ "hello today", inArray('hello today','hello tomorrow' ],
// hellotoday,hellotomorrow
If there are strings with spaces in the array, the spaces are removed and the inArray check fails
For each trigger there also has to be a increment on update or at least a decrement after deleted!
After insert;
DROP TRIGGER IF EXISTS `increment_notifications_post_inserted`;
DELIMITER //
CREATE TRIGGER `increment_notifications_post_inserted` AFTER INSERT ON `posts`
FOR EACH ROW UPDATE notifications SET count = count+1
WHERE notifications.user_id != NEW.user_id
AND notifications.target = "posts"
//
DELIMITER ;
After update;
DROP TRIGGER IF EXISTS `increment_notifications_post_updated`;
DELIMITER //
CREATE TRIGGER `increment_notifications_post_updated` AFTER UPDATE ON `posts`
FOR EACH ROW UPDATE notifications SET count = count+1
WHERE notifications.user_id != NEW.user_id
AND notifications.target = "posts"
//
DELIMITER ;
After delete;
DROP TRIGGER IF EXISTS `decrement_notification_post_deleted`;
DELIMITER //
CREATE TRIGGER `decrement_notification_post_deleted` AFTER DELETE ON `posts`
FOR EACH ROW UPDATE notifications SET count = count-1
WHERE notifications.user_id != OLD.user_id
AND notifications.target = "posts"
//
DELIMITER ;
Add access to the site to guests, did as below, but writes an error in the logs
TodoController
public function initialize()
{
$this->loadComponents([
'Auth' => [
'authorize' => ['Controller']
],
'Security'
]);
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = (!empty(Session::getUserRole()) ? Session::getUserRole() : 'guest');
$resource = "todo";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('guest', $resource, ['index','getList']);
// only for normal users
Permission::allow('user', $resource, ['index','getList', 'create']);
Permission::allow('user', $resource, ['getMain'], 'owner');
}
writes in logs (not always): guest is not allowed to perform getmain action on todo (
miniPHP/app/models/Permission.php
Line 72 in 7ddf0c9
after num 255 it stops working
consider change to alphaID: http://kvz.io/blog/2009/06/10/create-short-ids-with-php-like-youtube-or-tinyurl/
In php7, Request.php has two element (function and member) same name.
I am looking at miniPHP to possibly use for a small site, You documented very well.
[email protected] password = 12345
[email protected] password = 12345
both above demo ID's are not working
There might be an issue with :
Controller.php
public function loadModel($model){
return $this->{$model} = new $model();
}
I get class not found when validating login form and the class name the app is looking for is "login" instead of "Login" (the model class).
I made some change in the framwork to match my needs so it may as well be my own fault.
But just in case I think it's better to report this. So you can double check.
The fix for me was just to add the uc_words() to force an uppercase like this:
public function loadModel($model){
$uc_model = ucwords($model);
return $this->{$model} = new $uc_model();
}
And I get past the login form to the dashboard as expected now.
The README.md
is missign a section about routing
, and how one fully example on how to use it all together routing -> controller -> view
.
When i installed this Mvc in my local Xampp it work correctly ,but when i migrate project in my server it give me this issue :
Fatal error: Class 'AuthComponent' not found in /home/dfpdevshopify/public_html/app/core/Controller.php on line 119.
plz if you have any idea share it with me
Hello, we noticed a couple of things in your Encryption class.
encryptId()
is a misnomer; you aren't encrypting anything (there is no key involved). You're merely transforming it in a deterministic way.
encrypt()
is using the 256-bit version of Rijndael in CBC mode without authenticating the ciphertext. Unauthenticated ciphertexts can be tampered with by an active attacker. (Aside: If you want the standard AES cipher in 256-bit mode, use MCRYPT_RIJNDAEL_128
with a 32-byte key. Mcrypt is pretty terrible, however, so you might want to just switch to OpenSSL.)
Also refer to How to Encrypt Data in PHP by Defuse Security.
Can you just include the vendor folder, it would be so much easier than having to do Composer!
I hate to post issues, when in fact it's a request. But pull request look a hell of work for this.
Currently your Database class extending PDO state that prepare don't return anything.
I had to prepare several include in several tables and be sure to cancel all these insert if at least one failed. It's usually done by commit/rollback. But to do this you have to store each action in several variables like so : Way easier to organize and readable.
$database->openConnection();
$database->begintransaction();
$action1 = $database->prepare("STUFF");
$action1->bindValue(:stuff, stuff);
$action1->execute();
$action2 = $satabase->prepare("OTHER STUFF");
$action2->bindValue(:stuff, stuff);
$action2->execute();
if(all good){
$database->commit();
} else {
$database->rollback()
}
What do you think ?
I just add (return $this) in Database prepare method and we good.
The issue comes when invoking view renderWithLayout several times on the same view files.
view->render ob_start + require_once make it empty for the next calls of renderWithLayout supposedly because require_once avoid reloading the files previously loaded in memory. Ob_start don't catch any output, and the final output is empty.
It's mainly used when using renderWithLayout for mail templates.
So you may consider changing require_once by simple require, or include.
Unless you find a better fix.
Cheers.
Hi,
Hope you are doing great!
My current Ajax post requests are being denied by the server. How can it be resolved?
Tell me how to implement cron tasks execution
Old
Hi Omar, how are you ?
I'm trying your framework , I like it very much.
But I have problems with csrf ... at beggining it works, but after some minutes it doesnt work anymore.
When I create post it said error 400 and in logs appear "invalid CSRF token", I added Session::getCsrfToken() to the same debug line, and it appears empty.
What could be happening ?
Best regards !
anyone tested in php7?
Uncaught TypeError: Argument 1 passed to Handler::render() must be an instance of Exception, instance of Error given
Didn't have time to track this issue on a general way but it's on line 78
Is it possible to do custom routes?
Thanks
Hi Omar. Great job!
Tell me please. How to open part of the content for non-registered users.
For example Feed List or Post List
Thank you in advance!
Hi https://miniphp.ga Not working
Since update "register"-tab on loginpage doesnt work.
anyone the same problem ?
/app/core/Encryption.php | 81 | ErrorException
A non-numeric value encountered
*************************************************
public static function decryptId($id){
if(empty($id)){
throw new Exception("the id to decrypt can't be empty");
}
$decryptId = "";
$chars = self::getCharacters();
$base = strlen($chars);
$len = strlen($id) - 1;
for ($t = $len; $t >= 0; $t--) {
$bcp = bcpow($base, $len - $t);
$decryptId += strpos($chars, substr($id, $t, 1)) * $bcp;
}
return ((int)$decryptId - 1142) / 9518436;
}
I found a secure issue, in index.php line 35 'http://' . Environment::get('HTTP_HOST')
better would be 'http://' . Environment::get('SERVER_NAME') to prevent host header attack
http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
Hi,
First of all i'd like to say thank you for your work and your generosity to make this code public and free.
I have just installed it on my localhost and i have tried the demo accounts and everything works as they should. However, when i tried to create new account there is no error message displayed only empty registration form. When everything ok with the registration then you get successful message but when error occurs you can't see what the error is.
It might be just on my system because nobody has come up with this issue yet.
My system mac 10.11.4 mamp php 5.6
Would you please help me to resolve this issue?
Thanks
https://miniphp.ga/Posts/View/n5PVR?action=update
It just takes forever and then eventually timeouts!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.