Complete Phase 1: MVC, DB migrations, Auth, RBAC, Security, and Views

app/Controllers/Controller.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Core\App;
+use App\Core\Session;
+
+abstract class Controller
+{
+    protected Session $session;
+
+    public function __construct()
+    {
+        $this->session = App::$app->session;
+    }
+
+    /**
+     * Render a view within a layout.
+     */
+    protected function render(string $view, array $data = [], string $layout = 'app'): string
+    {
+        $viewFile = __DIR__ . "/../../resources/views/{$view}.php";
+        if (!file_exists($viewFile)) {
+            throw new \Exception("View template {$view} not found.");
+        }
+
+        // Extract variables to local scope
+        extract($data);
+
+        // Capture inner view content
+        ob_start();
+        include $viewFile;
+        $content = ob_get_clean();
+
+        // Capture layout content wrapping the inner view
+        $layoutFile = __DIR__ . "/../../resources/views/layouts/{$layout}.php";
+        if (!file_exists($layoutFile)) {
+            return $content;
+        }
+
+        ob_start();
+        include $layoutFile;
+        return ob_get_clean();
+    }
+
+    /**
+     * Escape string values for rendering safely.
+     */
+    protected function escape(mixed $data): string
+    {
+        return htmlspecialchars((string)$data, ENT_QUOTES, 'UTF-8');
+    }
+}