xssbook2/web/_model/main.php

<?php /* Copyright (c) 2024 Freya Murphy */
class Main_model {

	// the website database
	public $db;

	// the current user session (can be NULL)
	public $session;

	// current loaded users
	private $users;

	// stores the current request info
	public $info;

	/**
	 * Loads the main model
	 * @param Loader $load - the main loader object
	 */
	function __construct($load) {
		/// load the database helper
		$this->db = new DatabaseHelper();
		/// load the current session
		if (array_key_exists('jwt', $_SESSION)) {
			$this->get_session($_SESSION['jwt']);
		} else {
			$this->session = NULL;
		};
		/// init other vars
		$this->users = array();
	}

	/**
	 * Loads current session
	 * @param string $jwt - the user provided JWT
	 */
	private function get_session($jwt) {
		$query = $this->db
			->select("_api.verify_jwt('" . $jwt . "') AS user_id;");
		$result = $query->row();
		$user_id = $result['user_id'];
		if ($user_id) {
			$this->session = array(
				'id' => $user_id,
				'jwt' => $jwt
			);
		}
	}

	/**
	 * Gets the stamp for a asset path
	 * @param string $path
	 */
	private function asset_stamp($path): int {
		$root = $GLOBALS['webroot'];
		$path = $root . '/public/' . $path;
		return filemtime($path);
	}

	/**
	 * Loads a css html link
	 * @param string $path - the path to the css file
	 */
	public function link_css($path) {
		$stamp = $this->asset_stamp($path);
		return '<link rel="stylesheet" href="/public/' . $path . '?stamp=' . $stamp . '">';
	}

	/**
	 * Loads a js html link
	 * @param string $path - the path to the js file
	 */
	public function link_js($path) {
		$stamp = $this->asset_stamp($path);
		return '<script src="/public/'. $path . '?stamp=' . $stamp . '"></script>';
	}

	/**
	 * Gets the current user
	 */
	public function user() {
		if ($this->session) {
			return $this->db
				->select('*')
				->from('api.user')
				->where('id')
				->eq($this->session['id'])
				->row();
		} else {
			return NULL;
		}
	}

}

?>