[
  {
    "path": ".htaccess",
    "content": "RewriteEngine On\nRewriteCond %{REQUEST_URI}  !(\\.png|\\.jpg|\\.webp|\\.gif|\\.jpeg|\\.zip|\\.css|\\.svg|\\.js|\\.pdf)$\nRewriteRule (.*) routes.php [QSA,L]\n"
  },
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2021 <info@phprouter.com>\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "# PHP ROUTER\n\nSecure router with XSS and CSRF\n\n1. Download the file \".htaccess\" and place it under the root directory (html, htdocs, or www) of your web server\n\n2. Download the file \"router.php\" and place it under the root directory (html, htdocs, or www) of your web server\n\n3. Download the file \"routes.php\" and place it under the root directory (html, htdocs, or www) of your web server\n\nIn the browser go to \"localhost\" or \"127.0.0.1\" and you should see the word \"Index\" displayed in the website.\n\nFeel free to delete all the routes in the \"routes.php\" file and create your own. Most likely you want to keep the last route for \"Page not found\".\n\nFor details about routing, visit https://phprouter.com\n"
  },
  {
    "path": "api/save_user.php",
    "content": "<?php\r\necho $_POST['user_name'];\r\necho 'user saved';"
  },
  {
    "path": "router.php",
    "content": "<?php\r\n\r\nfunction get($route, $path_to_include)\r\n{\r\n\tif ($_SERVER['REQUEST_METHOD'] == 'GET') {\r\n\t\troute($route, $path_to_include);\r\n\t}\r\n}\r\nfunction post($route, $path_to_include)\r\n{\r\n\tif ($_SERVER['REQUEST_METHOD'] == 'POST') {\r\n\t\troute($route, $path_to_include);\r\n\t}\r\n}\r\nfunction put($route, $path_to_include)\r\n{\r\n\tif ($_SERVER['REQUEST_METHOD'] == 'PUT') {\r\n\t\troute($route, $path_to_include);\r\n\t}\r\n}\r\nfunction patch($route, $path_to_include)\r\n{\r\n\tif ($_SERVER['REQUEST_METHOD'] == 'PATCH') {\r\n\t\troute($route, $path_to_include);\r\n\t}\r\n}\r\nfunction delete($route, $path_to_include)\r\n{\r\n\tif ($_SERVER['REQUEST_METHOD'] == 'DELETE') {\r\n\t\troute($route, $path_to_include);\r\n\t}\r\n}\r\nfunction any($route, $path_to_include)\r\n{\r\n\troute($route, $path_to_include);\r\n}\r\nfunction route($route, $path_to_include)\r\n{\r\n\t$callback = $path_to_include;\r\n\tif (!is_callable($callback)) {\r\n\t\tif (!strpos($path_to_include, '.php')) {\r\n\t\t\t$path_to_include .= '.php';\r\n\t\t}\r\n\t}\r\n\tif ($route == \"/404\") {\r\n\t\tinclude_once __DIR__ . \"/$path_to_include\";\r\n\t\texit();\r\n\t}\r\n\t$request_url = filter_var($_SERVER['REQUEST_URI'], FILTER_SANITIZE_URL);\r\n\t$request_url = rtrim($request_url, '/');\r\n\t$request_url = strtok($request_url, '?');\r\n\t$route_parts = explode('/', $route);\r\n\t$request_url_parts = explode('/', $request_url);\r\n\tarray_shift($route_parts);\r\n\tarray_shift($request_url_parts);\r\n\tif ($route_parts[0] == '' && count($request_url_parts) == 0) {\r\n\t\t// Callback function\r\n\t\tif (is_callable($callback)) {\r\n\t\t\tcall_user_func_array($callback, []);\r\n\t\t\texit();\r\n\t\t}\r\n\t\tinclude_once __DIR__ . \"/$path_to_include\";\r\n\t\texit();\r\n\t}\r\n\tif (count($route_parts) != count($request_url_parts)) {\r\n\t\treturn;\r\n\t}\r\n\t$parameters = [];\r\n\tfor ($__i__ = 0; $__i__ < count($route_parts); $__i__++) {\r\n\t\t$route_part = $route_parts[$__i__];\r\n\t\tif (preg_match(\"/^[$]/\", $route_part)) {\r\n\t\t\t$route_part = ltrim($route_part, '$');\r\n\t\t\tarray_push($parameters, $request_url_parts[$__i__]);\r\n\t\t\t$$route_part = $request_url_parts[$__i__];\r\n\t\t} else if ($route_parts[$__i__] != $request_url_parts[$__i__]) {\r\n\t\t\treturn;\r\n\t\t}\r\n\t}\r\n\t// Callback function\r\n\tif (is_callable($callback)) {\r\n\t\tcall_user_func_array($callback, $parameters);\r\n\t\texit();\r\n\t}\r\n\tinclude_once __DIR__ . \"/$path_to_include\";\r\n\texit();\r\n}\r\nfunction out($text)\r\n{\r\n\techo htmlspecialchars($text);\r\n}\r\n\r\nfunction set_csrf()\r\n{\r\n\tsession_start();\r\n\tif (!isset($_SESSION[\"csrf\"])) {\r\n\t\t$_SESSION[\"csrf\"] = bin2hex(random_bytes(50));\r\n\t}\r\n\techo '<input type=\"hidden\" name=\"csrf\" value=\"' . $_SESSION[\"csrf\"] . '\">';\r\n}\r\n\r\nfunction is_csrf_valid()\r\n{\r\n\tsession_start();\r\n\tif (!isset($_SESSION['csrf']) || !isset($_POST['csrf'])) {\r\n\t\treturn false;\r\n\t}\r\n\tif ($_SESSION['csrf'] != $_POST['csrf']) {\r\n\t\treturn false;\r\n\t}\r\n\treturn true;\r\n}\r\n"
  },
  {
    "path": "routes.php",
    "content": "<?php\r\n\r\nrequire_once __DIR__.'/router.php';\r\n\r\n// ##################################################\r\n// ##################################################\r\n// ##################################################\r\n\r\n// Static GET\r\n// In the URL -> http://localhost\r\n// The output -> Index\r\nget('/', 'views/index.php');\r\n\r\n// Dynamic GET. Example with 1 variable\r\n// The $id will be available in user.php\r\nget('/user/$id', 'views/user');\r\n\r\n// Dynamic GET. Example with 2 variables\r\n// The $name will be available in full_name.php\r\n// The $last_name will be available in full_name.php\r\n// In the browser point to: localhost/user/X/Y\r\nget('/user/$name/$last_name', 'views/full_name.php');\r\n\r\n// Dynamic GET. Example with 2 variables with static\r\n// In the URL -> http://localhost/product/shoes/color/blue\r\n// The $type will be available in product.php\r\n// The $color will be available in product.php\r\nget('/product/$type/color/$color', 'product.php');\r\n\r\n// A route with a callback\r\nget('/callback', function(){\r\n  echo 'Callback executed';\r\n});\r\n\r\n// A route with a callback passing a variable\r\n// To run this route, in the browser type:\r\n// http://localhost/user/A\r\nget('/callback/$name', function($name){\r\n  echo \"Callback executed. The name is $name\";\r\n});\r\n\r\n// Route where the query string happends right after a forward slash\r\nget('/product', '');\r\n\r\n// A route with a callback passing 2 variables\r\n// To run this route, in the browser type:\r\n// http://localhost/callback/A/B\r\nget('/callback/$name/$last_name', function($name, $last_name){\r\n  echo \"Callback executed. The full name is $name $last_name\";\r\n});\r\n\r\n// ##################################################\r\n// ##################################################\r\n// ##################################################\r\n// Route that will use POST data\r\npost('/user', '/api/save_user');\r\n\r\n\r\n\r\n// ##################################################\r\n// ##################################################\r\n// ##################################################\r\n// any can be used for GETs or POSTs\r\n\r\n// For GET or POST\r\n// The 404.php which is inside the views folder will be called\r\n// The 404.php has access to $_GET and $_POST\r\nany('/404','views/404.php');\r\n"
  },
  {
    "path": "views/404.php",
    "content": "<?php\r\n// To call this page, in the browser type a route that doesn't exist like:\r\n// http://localhost/test/route\r\n\r\necho 'PAGE NOT FOUND';"
  },
  {
    "path": "views/full_name.php",
    "content": "<?php\r\n// To call this page, in the browser type:\r\n// http://localhost/user/A/B\r\n\r\necho \"USER IN VIEWS: $name $last_name\";"
  },
  {
    "path": "views/index.php",
    "content": "<?php\r\n// To call this page, in the browser type:\r\n// http://localhost/\r\n\r\necho 'INDEX';"
  },
  {
    "path": "views/user.php",
    "content": "<?php\r\n// To call this page, in the browser type:\r\n// http://localhost/user/1\r\n\r\necho \"USER IN VIEWS WITH ID: $id\";"
  }
]