<?php /** * MileageLog Pro - Front Controller */ require __DIR__ . '/../bootstrap.php'; // Check if installer lock exists, if not redirect to installer (except for install routes) $requestUri = $_SERVER['REQUEST_URI'] ?? '/'; $installLockFile = BASE_PATH . '/install.lock'; if (!file_exists($installLockFile) && strpos($requestUri, '/install') === false) { header('Location: /install'); exit; } // Simple router $page = $_GET['page'] ?? ''; $action = $_GET['action'] ?? 'index'; // Route mapping $routes = [ '' => ['controller' => 'Dashboard', 'action' => 'index', 'auth' => true], 'dashboard' => ['controller' => 'Dashboard', 'action' => 'index', 'auth' => true], 'login' => ['controller' => 'Auth', 'action' => 'showLogin', 'guest' => true], 'logout' => ['controller' => 'Auth', 'action' => 'logout', 'auth' => true], 'install' => ['controller' => 'Install', 'action' => 'wizard', 'public' => true], 'install/success' => ['controller' => 'Install', 'action' => 'success', 'public' => true], ]; // Handle POST requests if ($_SERVER['REQUEST_METHOD'] === 'POST') { // CSRF check for all POST requests except public routes if (!isset($routes[$page]['public']) && $page !== 'install') { verifyCsrf(); } // Map common POST actions if ($page === 'login') { $routes[$page]['action'] = 'login'; } elseif ($page === 'install' && $action === 'process') { $routes[$page]['action'] = 'process'; } } // Handle install success page if ($page === 'install' && $action === 'success') { $routes['install']['action'] = 'success'; } // Get route or use dynamic routing if (isset($routes[$page])) { $route = $routes[$page]; $controllerName = $route['controller']; $actionName = $route['action'] ?? $action; } else { // Dynamic routing: page = controller name (sanitized) $controllerName = ucfirst(preg_replace('/[^a-zA-Z0-9]/', '', $page)); $actionName = preg_replace('/[^a-zA-Z0-9]/', '', $action); $route = ['auth' => true]; // Default to require auth } // Check authentication requirements if (isset($route['auth']) && $route['auth']) { requireAuth(); } if (isset($route['guest']) && $route['guest']) { requireGuest(); } if (isset($route['admin']) && $route['admin']) { requireAdmin(); } // Load and execute controller $controllerClass = "App\\Controllers\\{$controllerName}Controller"; if (!class_exists($controllerClass)) { http_response_code(404); die('Page not found'); } $controller = new $controllerClass(); if (!method_exists($controller, $actionName)) { http_response_code(404); die('Action not found'); } // Clear old input and errors if not from a redirect with errors if (!isset($_SESSION['_redirect_with_errors'])) { clearOld(); clearErrors(); } else { unset($_SESSION['_redirect_with_errors']); } // Execute controller action $controller->$actionName();