Release 4.0.0-alpha.3

README.md

@@ -1,2 +1,58 @@
-# appstarter
-CodeIgniter 4 app starter
+# CodeIgniter 4 Application Starter
+
+## What is CodeIgniter?
+CodeIgniter is a PHP full-stack web framework that is light, fast, flexible, and secure. 
+More information can be found at the [official site](http://codeigniter.com).
+
+This repository holds a composer-installable app starter.
+It has been built from the 
+[development repository](https://github.com/codeigniter4/CodeIgniter4).
+
+**This is pre-release code and should not be used in production sites.**
+
+--- 
+
+**CAUTION: This app starter is EXPERIMENTAL, and likely to change before
+the framework release. We are looking for feedback and suggestions!**  
+
+---
+
+More information about the plans for version 4 can be found in [the announcement](http://forum.codeigniter.com/thread-62615.html) on the forums.
+
+The user guide corresponding to this version of the framework can be found
+[here](https://codeigniter4.github.io/userguide/). 
+
+##Installation & updates
+
+`composer create-project codeigniter4/appstarter` then `composer update` whenever
+there is a new release of the framework.
+
+##Setup
+
+Copy `env` to `.env` and tailor for your app, specifically the baseURL
+and any database settings.
+
+## Important Change with index.php
+
+`index.php` is no longer in the root of the project! It has been moved inside the *public* folder,
+for better security and separation of components.
+
+This means that you should configure your web server to "point" to your project's *public* folder, and
+not to the project root. A better practice would be to configure a virtual host to point there. A poor practice would be to point your web server to the project root and expect to enter *public/...*, as the rest of your logic and the
+framework are exposed.
+
+**Please** read the user guide for a better explanation of how CI4 works!
+The user guide updating and deployment is a bit awkward at the moment, but we are working on it!
+
+## Server Requirements
+PHP version 7.1 or higher is required, with the following extensions installed: 
+
+- [intl](http://php.net/manual/en/intl.requirements.php)
+- [libcurl](http://php.net/manual/en/curl.requirements.php) if you plan to use the HTTP\CURLRequest library
+
+Additionally, make sure that the following extensions are enabled in your PHP:
+
+- json (enabled by default - don't turn it off)
+- [mbstring](http://php.net/manual/en/mbstring.installation.php)
+- [mysqlnd](http://php.net/manual/en/mysqlnd.install.php)
+- xml (enabled by default - don't turn it off)

application/.htaccess

@@ -0,0 +1,6 @@
+<IfModule authz_core_module>
+    Require all denied
+</IfModule>
+<IfModule !authz_core_module>
+    Deny from all
+</IfModule>

application/Config/App.php

@@ -0,0 +1,306 @@
+<?php namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class App extends BaseConfig
+{
+
+	/*
+	|--------------------------------------------------------------------------
+	| Base Site URL
+	|--------------------------------------------------------------------------
+	|
+	| URL to your CodeIgniter root. Typically this will be your base URL,
+	| WITH a trailing slash:
+	|
+	|	http://example.com/
+	|
+	| If this is not set then CodeIgniter will try guess the protocol, domain
+	| and path to your installation. However, you should always configure this
+	| explicitly and never rely on auto-guessing, especially in production
+	| environments.
+	|
+	*/
+	public $baseURL = '';
+
+	/*
+	|--------------------------------------------------------------------------
+	| Index File
+	|--------------------------------------------------------------------------
+	|
+	| Typically this will be your index.php file, unless you've renamed it to
+	| something else. If you are using mod_rewrite to remove the page set this
+	| variable so that it is blank.
+	|
+	*/
+	public $indexPage = 'index.php';
+
+	/*
+	|--------------------------------------------------------------------------
+	| URI PROTOCOL
+	|--------------------------------------------------------------------------
+	|
+	| This item determines which getServer global should be used to retrieve the
+	| URI string.  The default setting of 'REQUEST_URI' works for most servers.
+	| If your links do not seem to work, try one of the other delicious flavors:
+	|
+	| 'REQUEST_URI'    Uses $_SERVER['REQUEST_URI']
+	| 'QUERY_STRING'   Uses $_SERVER['QUERY_STRING']
+	| 'PATH_INFO'      Uses $_SERVER['PATH_INFO']
+	|
+	| WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
+	*/
+	public $uriProtocol = 'REQUEST_URI';
+
+	/*
+	|--------------------------------------------------------------------------
+	| Default Locale
+	|--------------------------------------------------------------------------
+	|
+	| The Locale roughly represents the language and location that your visitor
+	| is viewing the site from. It affects the language strings and other
+	| strings (like currency markers, numbers, etc), that your program
+	| should run under for this request.
+	|
+	*/
+	public $defaultLocale = 'en';
+
+	/*
+	|--------------------------------------------------------------------------
+	| Negotiate Locale
+	|--------------------------------------------------------------------------
+	|
+	| If true, the current Request object will automatically determine the
+	| language to use based on the value of the Accept-Language header.
+	|
+	| If false, no automatic detection will be performed.
+	|
+	*/
+	public $negotiateLocale = false;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Supported Locales
+	|--------------------------------------------------------------------------
+	|
+	| If $negotiateLocale is true, this array lists the locales supported
+	| by the application in descending order of priority. If no match is
+	| found, the first locale will be used.
+	|
+	*/
+	public $supportedLocales = ['en'];
+
+	/*
+	|--------------------------------------------------------------------------
+	| Application Timezone
+	|--------------------------------------------------------------------------
+	|
+	| The default timezone that will be used in your application to display
+	| dates with the date helper, and can be retrieved through app_timezone()
+	|
+	*/
+	public $appTimezone = 'America/Chicago';
+
+	/*
+	|--------------------------------------------------------------------------
+	| Default Character Set
+	|--------------------------------------------------------------------------
+	|
+	| This determines which character set is used by default in various methods
+	| that require a character set to be provided.
+	|
+	| See http://php.net/htmlspecialchars for a list of supported charsets.
+	|
+	*/
+	public $charset = 'UTF-8';
+
+	/*
+	|--------------------------------------------------------------------------
+	| URI PROTOCOL
+	|--------------------------------------------------------------------------
+	|
+	| If true, this will force every request made to this application to be
+	| made via a secure connection (HTTPS). If the incoming request is not
+	| secure, the user will be redirected to a secure version of the page
+	| and the HTTP Strict Transport Security header will be set.
+	*/
+	public $forceGlobalSecureRequests = false;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Session Variables
+	|--------------------------------------------------------------------------
+	|
+	| 'sessionDriver'
+	|
+	|	The storage driver to use: files, database, redis, memcached
+	|       - CodeIgniter\Session\Handlers\FileHandler
+	|       - CodeIgniter\Session\Handlers\DatabaseHandler
+	|       - CodeIgniter\Session\Handlers\MemcachedHandler
+	|       - CodeIgniter\Session\Handlers\RedisHandler
+	|
+	| 'sessionCookieName'
+	|
+	|	The session cookie name, must contain only [0-9a-z_-] characters
+	|
+	| 'sessionExpiration'
+	|
+	|	The number of SECONDS you want the session to last.
+	|	Setting to 0 (zero) means expire when the browser is closed.
+	|
+	| 'sessionSavePath'
+	|
+	|	The location to save sessions to, driver dependent.
+	|
+	|	For the 'files' driver, it's a path to a writable directory.
+	|	WARNING: Only absolute paths are supported!
+	|
+	|	For the 'database' driver, it's a table name.
+	|	Please read up the manual for the format with other session drivers.
+	|
+	|	IMPORTANT: You are REQUIRED to set a valid save path!
+	|
+	| 'sessionMatchIP'
+	|
+	|	Whether to match the user's IP address when reading the session data.
+	|
+	|	WARNING: If you're using the database driver, don't forget to update
+	|	         your session table's PRIMARY KEY when changing this setting.
+	|
+	| 'sessionTimeToUpdate'
+	|
+	|	How many seconds between CI regenerating the session ID.
+	|
+	| 'sessionRegenerateDestroy'
+	|
+	|	Whether to destroy session data associated with the old session ID
+	|	when auto-regenerating the session ID. When set to FALSE, the data
+	|	will be later deleted by the garbage collector.
+	|
+	| Other session cookie settings are shared with the rest of the application,
+	| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
+	|
+	*/
+	public $sessionDriver            = 'CodeIgniter\Session\Handlers\FileHandler';
+	public $sessionCookieName        = 'ci_session';
+	public $sessionExpiration        = 7200;
+	public $sessionSavePath          = WRITEPATH . 'session';
+	public $sessionMatchIP           = false;
+	public $sessionTimeToUpdate      = 300;
+	public $sessionRegenerateDestroy = false;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Cookie Related Variables
+	|--------------------------------------------------------------------------
+	|
+	| 'cookiePrefix'   = Set a cookie name prefix if you need to avoid collisions
+	| 'cookieDomain'   = Set to .your-domain.com for site-wide cookies
+	| 'cookiePath'     = Typically will be a forward slash
+	| 'cookieSecure'   = Cookie will only be set if a secure HTTPS connection exists.
+	| 'cookieHTTPOnly' = Cookie will only be accessible via HTTP(S) (no javascript)
+	|
+	| Note: These settings (with the exception of 'cookie_prefix' and
+	|       'cookie_httponly') will also affect sessions.
+	|
+	*/
+	public $cookiePrefix   = '';
+	public $cookieDomain   = '';
+	public $cookiePath     = '/';
+	public $cookieSecure   = false;
+	public $cookieHTTPOnly = false;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Reverse Proxy IPs
+	|--------------------------------------------------------------------------
+	|
+	| If your server is behind a reverse proxy, you must whitelist the proxy
+	| IP addresses from which CodeIgniter should trust headers such as
+	| HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify
+	| the visitor's IP address.
+	|
+	| You can use both an array or a comma-separated list of proxy addresses,
+	| as well as specifying whole subnets. Here are a few examples:
+	|
+	| Comma-separated:	'10.0.1.200,192.168.5.0/24'
+	| Array:		array('10.0.1.200', '192.168.5.0/24')
+	*/
+	public $proxyIPs = '';
+
+	/*
+	|--------------------------------------------------------------------------
+	| Cross Site Request Forgery
+	|--------------------------------------------------------------------------
+	| Enables a CSRF cookie token to be set. When set to TRUE, token will be
+	| checked on a submitted form. If you are accepting user data, it is strongly
+	| recommended CSRF protection be enabled.
+	|
+	| CSRFTokenName   = The token name
+	| CSRFCookieName  = The cookie name
+	| CSRFExpire      = The number in seconds the token should expire.
+	| CSRFRegenerate  = Regenerate token on every submission
+	| CSRFRedirect    = Redirect to previous page with error on failure
+	*/
+	public $CSRFTokenName  = 'csrf_test_name';
+	public $CSRFCookieName = 'csrf_cookie_name';
+	public $CSRFExpire     = 7200;
+	public $CSRFRegenerate = true;
+	public $CSRFRedirect   = true;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Content Security Policy
+	|--------------------------------------------------------------------------
+	| Enables the Response's Content Secure Policy to restrict the sources that
+	| can be used for images, scripts, CSS files, audio, video, etc. If enabled,
+	| the Response object will populate default values for the policy from the
+	| ContentSecurityPolicy.php file. Controllers can always add to those
+	| restrictions at run time.
+	|
+	| For a better understanding of CSP, see these documents:
+	|   - http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+	|   - http://www.w3.org/TR/CSP/
+	*/
+	public $CSPEnabled = false;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Debug Toolbar
+	|--------------------------------------------------------------------------
+	| The Debug Toolbar provides a way to see information about the performance
+	| and state of your application during that page display. By default it will
+	| NOT be displayed under production environments, and will only display if
+	| CI_DEBUG is true, since if it's not, there's not much to display anyway.
+	|
+	| toolbarMaxHistory = Number of history files, 0 for none or -1 for unlimited
+	|
+	*/
+	public $toolbarCollectors = [
+		'CodeIgniter\Debug\Toolbar\Collectors\Timers',
+		'CodeIgniter\Debug\Toolbar\Collectors\Database',
+		'CodeIgniter\Debug\Toolbar\Collectors\Logs',
+		'CodeIgniter\Debug\Toolbar\Collectors\Views',
+		// 'CodeIgniter\Debug\Toolbar\Collectors\Cache',
+		'CodeIgniter\Debug\Toolbar\Collectors\Files',
+		'CodeIgniter\Debug\Toolbar\Collectors\Routes',
+		'CodeIgniter\Debug\Toolbar\Collectors\Events',
+	];
+	public $toolbarMaxHistory = 20;
+
+	/*
+	|--------------------------------------------------------------------------
+	| Application Salt
+	|--------------------------------------------------------------------------
+	|
+	| The $salt can be used anywhere within the application that you need
+	| to provide secure data. It should be different for every application
+	| and can be of any length, though the more random the characters
+	| the better.
+	|
+	*/
+	public $salt = '';
+
+	//--------------------------------------------------------------------
+
+}