Version 3.3.1

.gitignore

@@ -16,7 +16,7 @@ build/
 
 # Configuration files
 config/*
-!config/config_sample.php
+!config/*_sample.*
 .env
 *.local
 

config/config_sample.php

@@ -5,15 +5,17 @@
 FileRouter
 A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
 
+https://github.com/Friedinger/FileRouter
+
 by Friedinger (friedinger.org)
 
-Version: 2.1.4
+Version: 3.3.1
 
 */
 
 namespace FileRouter;
 
-final class Config
+class Config
 {
 	// Paths (relative to the server root)
 	const PATH_PUBLIC = "/../public/"; // Path to the public folder
@@ -35,11 +37,25 @@ final class Config
 		"samesite" => "Strict",
 	];
 
+	// Security
+	const CSRF_TEMPLATE = "csrf-token"; // CSRF token template variable name, also used as session key
+	const CSRF_PARAMETER = "token"; // CSRF token parameter name for get and post requests
+	const CSRF_LENGTH = 64; // Length of the CSRF token, set to 0 to disable CSRF protection
+
 	// Page titles
 	const TITLE_PREFIX = "FileRouter";
 	const TITLE_SUFFIX = "";
 	const TITLE_SEPARATOR = " | ";
 
+	// Error handling and logging
+	const DEBUG = true; // Enable debug mode (shows errors and warnings, disables error logging)
+	const LOG = true; // Enable logging
+	const LOG_MAX_FILE_SIZE = 1048576; // Maximum file size of log files before a new file is created (in bytes)
+	const LOG_PATH = [ // Paths to log files (relative to the server root, {date} will be replaced with the current date)
+		"error" => "/../logs/error_{date}.log", // Error log file required if logging is enabled
+		"additional" => "/../logs/additional.log", // Additional log files, can be used for custom logging by Logger::log("message", "additional")
+	];
+
 	// Other
 	const ALLOW_PAGE_PHP = true; // Allow to execute php code in pages. Warning: This can be a security risk if not handled carefully.
 	const IMAGE_RESIZE_QUERY = "res"; // Query parameter to specify the width of an image to resize it

function/ControllerDefault.php

@@ -5,6 +5,8 @@
 FileRouter
 A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
 
+https://github.com/Friedinger/FileRouter
+
 by Friedinger (friedinger.org)
 
 */

function/ControllerHtml.php

@@ -5,6 +5,8 @@
 FileRouter
 A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
 
+https://github.com/Friedinger/FileRouter
+
 by Friedinger (friedinger.org)
 
 */
@@ -57,6 +59,11 @@ public static function handleHtml(Output $content): Output
 		$content = self::handleHeader($content);
 		$content = self::handleFooter($content);
 
+		// Output CSRF token if enabled
+		if (Config::SESSION && Config::CSRF_LENGTH > 0) {
+			$content->replaceAllSafe(Config::CSRF_TEMPLATE, Misc::generateCsrfToken());
+		}
+
 		return $content;
 	}
 

function/ControllerImage.php

@@ -5,6 +5,8 @@
 FileRouter
 A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
 
+https://github.com/Friedinger/FileRouter
+
 by Friedinger (friedinger.org)
 
 */

function/Error.php → function/ErrorPage.php

@@ -5,6 +5,8 @@
 FileRouter
 A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
 
+https://github.com/Friedinger/FileRouter
+
 by Friedinger (friedinger.org)
 
 */
@@ -16,7 +18,7 @@
  *
  * Represents an error with an error code and an error message.
  */
-class Error extends \Exception
+class ErrorPage extends \Exception
 {
 
 	/**
@@ -34,7 +36,10 @@ public function __construct(int $errorCode, string $errorMessage = null)
 		http_response_code($errorCode); // Set HTTP status code based on error code
 
 		$pathErrorPage = $_SERVER["DOCUMENT_ROOT"] . Config::PATH_ERROR;
-		if (!file_exists($pathErrorPage)) die(Config::ERROR_FATAL); // Fatal error if error page does not exist
+		if (!file_exists($pathErrorPage)) {
+			// Fatal error if error page does not exist
+			throw new \ValueError("Error page (Config::PATH_ERROR) not found in {$pathErrorPage}", E_USER_ERROR);
+		}
 		$output = new Output($pathErrorPage); // Load error page to output handler
 
 		$settings = $output->getNodeContentArray("settings"); // Get error messages from error page
@@ -48,6 +53,5 @@ public function __construct(int $errorCode, string $errorMessage = null)
 		$output->replaceAll("error-message", $errorMessage); // Replace error message placeholder
 		$output = ControllerHtml::handleHtml($output); // Handle html content (e.g. add head, header and footer)
 		$output->print(); // Print output
-		exit; // Stop further execution
 	}
 }

function/FileRouter.php

@@ -5,36 +5,98 @@
 FileRouter
 A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
 
+https://github.com/Friedinger/FileRouter
+
 by Friedinger (friedinger.org)
 
-Version: 2.1.4
+Version: 3.3.1
 
 */
 
 namespace FileRouter;
 
-// Autoload classes
-spl_autoload_register(function ($class) {
-	if (str_starts_with($class, __NAMESPACE__ . "\\")) {
-		$class = str_replace(__NAMESPACE__ . "\\", "", $class);
-		require_once "{$class}.php";
+class FileRouter
+{
+	public function __construct()
+	{
+		try {
+			$this->autoload(); // Autoload classes
+			$this->setup(); // Setup environment
+			$this->handle(); // Handle request
+		} catch (ErrorPage) {
+			// Error page was displayed in ErrorPage exception
+		} catch (Redirect) {
+			// Redirect was handled in Redirect exception
+		} catch (\Throwable $exception) {
+			$this->handleException($exception); // Handle unhandled exceptions
+		}
 	}
-});
 
-// Start session if enabled in config
-if (Config::SESSION) {
-	Misc::session();
-}
+	private function handle(): void
+	{
+		// Handle route file as proxy of request
+		$proxy = new Proxy();
+		$proxyHandled = $proxy->handle();
+		if ($proxyHandled) return; // Stop handling if request was handled by proxy
+
+		// Handle request with router
+		$router = new Router();
+		$routerHandled = $router->handle();
+		if ($routerHandled) return; // Stop handling if request was handled by router
 
-// Handle route file as proxy of request
-$proxy = new Proxy();
-$proxyHandled = $proxy->handle();
-if ($proxyHandled) exit; // Stop handling if request was handled by proxy
+		// Error 404 if request was not handled before
+		throw new ErrorPage(404);
+	}
+
+	private function setup(): void
+	{
+		// Set error log file if enabled
+		if (Config::LOG) {
+			ini_set("log_errors", 1); // Enable error logging
+			ini_set("error_log", Logger::logPath("error")); // Set error log file
+		}
 
-// Handle request with router
-$router = new Router();
-$routerHandled = $router->handle();
-if ($routerHandled) exit; // Stop handling if request was handled by router
+		// Set error reporting and display errors
+		if (Config::DEBUG) {
+			error_reporting(E_ALL); // Report all errors
+			ini_set("display_errors", 1); // Display errors
+			ini_set("log_errors", 0); // Disable error log
+		} else {
+			error_reporting(0); // Report no errors
+			ini_set("display_errors", 0); // Hide errors
+		}
 
-// Error 404 if request was not handled before
-throw new Error(404);
+		// Start session if enabled in config
+		if (Config::SESSION) {
+			Misc::session();
+		}
+	}
+
+	private function handleException(\Throwable $exception): void
+	{
+		if (CONFIG::DEBUG) {
+			throw $exception; // Rethrow exception if debug mode is enabled
+		}
+		try {
+			ob_end_clean(); // Clear output buffer
+			Logger::logError("{$exception->getMessage()} in {$exception->getFile()}({$exception->getLine()})", E_USER_ERROR); // Log unhandled exceptions
+			throw new ErrorPage(500); // Internal server error if unhandled exception occurred
+		} catch (\Throwable $e) {
+			if ($e instanceof ErrorPage) return;
+			if (Config::LOG) {
+				error_log("ERROR {$e->getMessage()} in exception handling"); // Log error message
+			}
+			die(Config::ERROR_FATAL ?? "<h1>Error</h1><p>An error occurred in the request.</p><p>Please contact the webmaster</p>");
+		}
+	}
+
+	private function autoload()
+	{
+		spl_autoload_register(function ($class) {
+			if (str_starts_with($class, __NAMESPACE__ . "\\")) {
+				$class = str_replace(__NAMESPACE__ . "\\", "", $class);
+				require_once "{$class}.php";
+			}
+		});
+	}
+}

function/Logger.php

@@ -0,0 +1,75 @@
+<?php
+
+/*
+
+FileRouter
+A simple php router that allows to run code before accessing a file while keeping the file structure as the url structure.
+
+https://github.com/Friedinger/FileRouter
+
+by Friedinger (friedinger.org)
+
+*/
+
+
+namespace FileRouter;
+
+class Logger
+{
+	public static function log(string $message, string $type): void
+	{
+		if (!Config::LOG) return;
+
+		$date = date("Y-m-d H:i:s");
+		$file = self::logPath($type);
+
+		$message = str_replace("\n", "\n\t", $message);
+		$message = str_replace("\r", "", $message);
+		$log = "[$date] $message" . PHP_EOL;
+
+		file_put_contents($file, $log, FILE_APPEND);
+	}
+
+	public static function logError(string $message, int $level): void
+	{
+		if (!Config::LOG) return;
+
+		$levelName = match ($level) {
+			E_NOTICE => "NOTICE",
+			E_USER_NOTICE => "NOTICE",
+			E_WARNING => "WARNING",
+			E_USER_DEPRECATED => "DEPRECATED",
+			E_DEPRECATED => "DEPRECATED",
+			E_USER_WARNING => "WARNING",
+			E_ERROR => "ERROR",
+			E_USER_ERROR => "ERROR",
+			default => "UNKNOWN",
+		};
+		error_log("$levelName: $message");
+	}
+
+	public static function logPath(string $type): string
+	{
+		$path = Config::LOG_PATH[$type] ?? "filerouter_{date}.log";
+		$path = str_replace("{date}", date("Y-m-d"), $path);
+		$file = $_SERVER["DOCUMENT_ROOT"] . $path;
+		if (file_exists($file) && filesize($file) >= Config::LOG_MAX_FILE_SIZE) {
+			$file = self::getNewLogFile($file);
+		}
+		return $file;
+	}
+
+	private static function getNewLogFile($file)
+	{
+		$logDir = dirname($file);
+		$baseName = basename($file, '.log');
+		$index = 1;
+
+		do {
+			$newFile = $logDir . DIRECTORY_SEPARATOR . $baseName . '_' . $index . '.log';
+			$index++;
+		} while (file_exists($newFile));
+
+		return $newFile;
+	}
+}