omarelgabry / miniphp Goto Github PK

Hi,
Hope you are doing great!
My current Ajax post requests are being denied by the server. How can it be resolved?

anyone tested in php7?

Stack after page 7

The README.md is missign a section about routing, and how one fully example on how to use it all together routing -> controller -> view.

after num 255 it stops working
consider change to alphaID: http://kvz.io/blog/2009/06/10/create-short-ids-with-php-like-youtube-or-tinyurl/

https://miniphp.ga/Posts/View/n5PVR?action=update

It just takes forever and then eventually timeouts!

When i installed this Mvc in my local Xampp it work correctly ,but when i migrate project in my server it give me this issue :

Fatal error: Class 'AuthComponent' not found in /home/dfpdevshopify/public_html/app/core/Controller.php on line 119.

plz if you have any idea share it with me

There might be an issue with :
Controller.php

public function loadModel($model){
        return $this->{$model} = new $model();
}

I get class not found when validating login form and the class name the app is looking for is "login" instead of "Login" (the model class).

I made some change in the framwork to match my needs so it may as well be my own fault.
But just in case I think it's better to report this. So you can double check.

The fix for me was just to add the uc_words() to force an uppercase like this:

public function loadModel($model){
        $uc_model = ucwords($model);
        return $this->{$model} = new $uc_model();
}

And I get past the login form to the dashboard as expected now.

Add access to the site to guests, did as below, but writes an error in the logs
TodoController

public function initialize()
 {
     $this->loadComponents([
         'Auth' => [
         'authorize'    => ['Controller']
         ],
        'Security'
   ]);
}

  public function isAuthorized()
     {
          $action = $this->request->param('action');
         $role = (!empty(Session::getUserRole()) ? Session::getUserRole() : 'guest');
          $resource = "todo";
         // only for admins
         Permission::allow('admin', $resource, ['*']);
        // only for normal users
         Permission::allow('guest', $resource, ['index','getList']);
         // only for normal users
        Permission::allow('user', $resource, ['index','getList', 'create']);
         Permission::allow('user', $resource, ['getMain'], 'owner');
 }

writes in logs (not always): guest is not allowed to perform getmain action on todo (

Hi,
First of all i'd like to say thank you for your work and your generosity to make this code public and free.
I have just installed it on my localhost and i have tried the demo accounts and everything works as they should. However, when i tried to create new account there is no error message displayed only empty registration form. When everything ok with the registration then you get successful message but when error occurs you can't see what the error is.
It might be just on my system because nobody has come up with this issue yet.
My system mac 10.11.4 mamp php 5.6
Would you please help me to resolve this issue?
Thanks

Uncaught TypeError: Argument 1 passed to Handler::render() must be an instance of Exception, instance of Error given

Didn't have time to track this issue on a general way but it's on line 78

I hate to post issues, when in fact it's a request. But pull request look a hell of work for this.

Currently your Database class extending PDO state that prepare don't return anything.
I had to prepare several include in several tables and be sure to cancel all these insert if at least one failed. It's usually done by commit/rollback. But to do this you have to store each action in several variables like so : Way easier to organize and readable.

$database->openConnection();
$database->begintransaction();

$action1 = $database->prepare("STUFF");
$action1->bindValue(:stuff, stuff);
$action1->execute();

$action2 = $satabase->prepare("OTHER STUFF");
$action2->bindValue(:stuff, stuff);
$action2->execute();

if(all good){
$database->commit();
} else {
$database->rollback()
}

What do you think ?
I just add (return $this) in Database prepare method and we good.

The issue comes when invoking view renderWithLayout several times on the same view files.
view->render ob_start + require_once make it empty for the next calls of renderWithLayout supposedly because require_once avoid reloading the files previously loaded in memory. Ob_start don't catch any output, and the final output is empty.

It's mainly used when using renderWithLayout for mail templates.
So you may consider changing require_once by simple require, or include.
Unless you find a better fix.

Cheers.

I am looking at miniPHP to possibly use for a small site, You documented very well.

Hi Omar, how are you ?
I'm trying your framework , I like it very much.
But I have problems with csrf ... at beggining it works, but after some minutes it doesnt work anymore.
When I create post it said error 400 and in logs appear "invalid CSRF token", I added Session::getCsrfToken() to the same debug line, and it appears empty.

What could be happening ?

Best regards !

Old

For each trigger there also has to be a increment on update or at least a decrement after deleted!

After insert;

DROP TRIGGER IF EXISTS `increment_notifications_post_inserted`;
DELIMITER //
CREATE TRIGGER `increment_notifications_post_inserted` AFTER INSERT ON `posts`
 FOR EACH ROW UPDATE notifications SET count = count+1 
WHERE notifications.user_id != NEW.user_id 
AND   notifications.target = "posts"
//
DELIMITER ;

After update;

DROP TRIGGER IF EXISTS `increment_notifications_post_updated`;
DELIMITER //
CREATE TRIGGER `increment_notifications_post_updated` AFTER UPDATE ON `posts`
 FOR EACH ROW UPDATE notifications SET count = count+1 
WHERE notifications.user_id != NEW.user_id 
AND   notifications.target = "posts"
//
DELIMITER ;

After delete;

DROP TRIGGER IF EXISTS `decrement_notification_post_deleted`;
DELIMITER //
CREATE TRIGGER `decrement_notification_post_deleted` AFTER DELETE ON `posts`
 FOR EACH ROW UPDATE notifications SET count = count-1 
WHERE notifications.user_id != OLD.user_id 
AND   notifications.target = "posts"
//
DELIMITER ;

Hi Omar. Great job!
Tell me please. How to open part of the content for non-registered users.
For example Feed List or Post List
Thank you in advance!

In php7, Request.php has two element (function and member) same name.

Hello, we noticed a couple of things in your Encryption class.

encryptId() is a misnomer; you aren't encrypting anything (there is no key involved). You're merely transforming it in a deterministic way.

encrypt() is using the 256-bit version of Rijndael in CBC mode without authenticating the ciphertext. Unauthenticated ciphertexts can be tampered with by an active attacker. (Aside: If you want the standard AES cipher in 256-bit mode, use MCRYPT_RIJNDAEL_128 with a 32-byte key. Mcrypt is pretty terrible, however, so you might want to just switch to OpenSSL.)

Also refer to How to Encrypt Data in PHP by Defuse Security.

Tell me how to implement cron tasks execution

Hi https://miniphp.ga Not working

Is it possible to do custom routes?

Thanks

[email protected] password = 12345
[email protected] password = 12345

both above demo ID's are not working

Routing to public/ affects the complete frame work under IIS or Azure, you can only get login page.

"Test" => [ "hello today", inArray('hello today','hello tomorrow' ], // hellotoday,hellotomorrow

If there are strings with spaces in the array, the spaces are removed and the inArray check fails

I found a secure issue, in index.php line 35 'http://' . Environment::get('HTTP_HOST')
better would be 'http://' . Environment::get('SERVER_NAME') to prevent host header attack

http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

Since update "register"-tab on loginpage doesnt work.

anyone the same problem ?

Can you just include the vendor folder, it would be so much easier than having to do Composer!