refactor(pages): replace superglobals with request/session abstractions

This commit is contained in:
2026-03-06 11:28:22 +01:00
parent ebf15081e1
commit 205da203cc
87 changed files with 368 additions and 127 deletions

View File

@@ -1,5 +1,7 @@
<?php
use MintyPHP\Http\RequestRuntimeInterface;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\Security\SecurityServicesFactory;
@@ -8,7 +10,11 @@ use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
if (!empty($_SESSION['user']['id'])) {
$requestRuntime = app(RequestRuntimeInterface::class);
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
if (!empty($session['user']['id'])) {
if (Flash::has()) {
Flash::keep();
}
@@ -146,7 +152,7 @@ if (requestInput()->method() === 'POST') {
} else {
$postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email'));
$email = trim((string) (requestInput()->bodyAll()['email'] ?? ''));
$clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? ''));
$clientIp = trim((string) ($requestRuntime->ip()));
if ($clientIp === '') {
$clientIp = 'unknown';
}
@@ -253,7 +259,7 @@ if (requestInput()->method() === 'POST') {
$result = $authService->login($email, $password);
if (!($result['ok'] ?? false)) {
if (!empty($result['needs_verification'])) {
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
$sessionStore->set('email_verification_email', $result['email'] ?? $email);
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
Router::redirect('verify-email');
return;
@@ -270,7 +276,8 @@ if (requestInput()->method() === 'POST') {
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
}
} else {
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$authenticatedUser = $sessionStore->get('user', []);
$userId = (int) (is_array($authenticatedUser) ? ($authenticatedUser['id'] ?? 0) : 0);
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
$authService->logout();
$setLoginWarning(t('No access to this tenant'));