I need to use MVC on the system and I want to know if the validations in the file.php with $ _SESSION ['token'] must be in UserModel. Who can help ... I do not handle much
cadastro.php
<?php
$sessao = 'cadastro';
session_name($sessao);
session_start();
// Segurança contra CSRF (formularios de login,etc)
$_SESSION['token'] = (!isset($_SESSION['token'])) ? hash('sha512', rand(100, 1000)) : $_SESSION['token'];
?>
<!DOCTYPE html>
<html lang="br">
<head>
<title>Cadastro</title>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<meta name="robots" content="nofollow">
<meta name="googlebot" content="noindex">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<link href="www/cliente/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="www/cliente/css/bootstrap-responsive.min.css" rel="stylesheet" type="text/css" />
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,400,600" rel="stylesheet">
<link href="www/style.css" rel="stylesheet" type="text/css">
<link href="www/cliente/css/pages/signin.css" rel="stylesheet" type="text/css">
<script src="www/js/jquery.js"></script>
<link href="www/cliente/css/jquery-confirm.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="www/js/jquery-confirm.js"></script>
<script type="text/javascript">
function verificaNumero(e){
if (e.which != 8 && e.which != 0 && (e.which < 48 || e.which > 57)){
return false;
}
}
$(document).ready(function() {
$("#cpf").keypress(verificaNumero);
});
function FormataCpf(evt){
vr = (navigator.appName == 'Netscape') ?evt.target.value : evt.srcElement.value;
if(vr.length == 3) vr = vr+".";
if(vr.length == 7) vr = vr+".";
if(vr.length == 11) vr = vr+"-";
return vr;
}
</script>
<style>
h2 {
font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;
}
</style>
</head>
<body id="cadastroClientes">
<div class="main-inner">
<div class="container">
<?php
// USAR VALIDAÇÕES NO UserModel
if(isset($_POST['cadastro']) && $_POST['cadastro'] != $_SESSION['token']){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Detectado uso de token inválido, a página será atualizada!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
confirm: function () {
location.href='index.php';
}
});
</script>";
}
if(isset($_POST['cadastro']) && $_POST['cadastro'] == $_SESSION['token']){
$nome = strip_tags(filter_input(INPUT_POST, 'nome'));
$cpf = html_entity_decode(strip_tags(filter_input(INPUT_POST, 'cpf')), ENT_QUOTES);
$cpf2 = preg_replace('/[^0-9]/', '', $cpf);
$login = strip_tags(filter_input(INPUT_POST, 'login'));
$senhaAtual = strip_tags(filter_input(INPUT_POST, 'senhaAtual'));
$atual = sha1(md5($senhaAtual));
$senha = strip_tags(filter_input(INPUT_POST, 'senha'));
$pass = sha1(md5($senha));
$conta_caracteres_nome = strlen($nome);
$conta_caracteres_login = strlen($login);
$conta_caracteres_senha = strlen($atual);
$val->set($cpf2, 'CPF')->isCpf();
$verificarUsuarioLogin = BD::conn()->prepare("SELECT id_cliente FROM 'loja_clientes' WHERE login = ?");
$verificarUsuarioLogin->execute(array($login));
$verificarUsuarioCPF = BD::conn()->prepare("SELECT id_cliente FROM 'loja_clientes' WHERE cpf = ?");
$verificarUsuarioCPF->execute(array($cpf2));
if(!$val->validar()){
$erros = $val->getErro();
echo '<div class="erros">'.$erros[0].'</div>';
}elseif(empty($_POST["nome"]) || empty($_POST["email"]) || empty($_POST["cpf"]) || empty($_POST["login"]) || empty($_POST["senhaAtual"])){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Preencha todos os campos!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif(empty($_POST["senha"])){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Repita a senha!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif(!is_numeric($cpf2)){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'O campo CPF deve conter apenas números!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif($verificarUsuarioLogin->rowCount() > 0){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Já existe um cliente com este nome de usuário!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif($verificarUsuarioCPF->rowCount() > 0){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Já existe um cliente com este CPF!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif($conta_caracteres_nome < 10){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Informe o seu nome completo!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif($conta_caracteres_login < 5){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'O nome de usuário informado é muito curto!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}elseif($conta_caracteres_senha < 8){
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'A senha deve conter no mínimo 8 caracteres. Utilize letras, números e símbolos!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}else{
if($atual == $pass){
$dados3 = array($nome, $cpf2, $login, $pass);
if($site->cadastrarCliente($dados3)){
$_SESSION['token'] = hash('sha512', rand(100, 1000));
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Cadastrado com sucesso!',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
confirm: function (){
location.href='index.php';
}
});
</script>";
die();
}else{
echo '<div class="alert alert-danger" style="padding:8px 14px 8px 14px; border-radius:0px;">
<strong><h3>Erro ao cadastrar!</h3></strong>
</div>';
}
}else{
echo "<script type='text/javascript'>
$.alert({
theme: 'black',
title: 'Informe a mesma senha nos campos: Senha e Repita a senha!',
content: '',
icon: '',
confirmButton: 'OK',
confirmButtonClass: 'btn-primary',
animation: 'scale',
animationClose: 'top',
opacity: 0.5,
});
</script>";
}
}
}
UserModel.php
<?php
namespace Application\Models;
use Application\Models\Model;
class UserModel extends Model
{
public static function cadastrar(array $dados)
{
$sql = "INSERT INTO 'loja_clientes' (nome, cpf, email, login, senha) VALUES (:nome, :cpf, :email, :login, :senha)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':nome', $nome);
$stmt->bindParam(':cpf', $cpf);
$stmt->bindParam(':login', $login);
$stmt->bindParam(':senha', $senha);
if ($stmt->execute())
{
return true;
} else {
echo "Erro ao cadastrar";
return false;
}
}
}