Ejemplo n.º 1
0
 /**
  * Decompress RAW LZS
  *
  * @access 		private
  * @internal
  *
  */
 public static function decompressRawLZS($compressed)
 {
     //--
     $unarch = trim(self::RawInflate((string) $compressed));
     //-- checksum verification
     $arr = explode('#CHECKSUM-SHA1#', $unarch);
     $unarch = trim($arr[0]);
     $checksum = trim($arr[1]);
     //--
     if ((string) SmartHashCrypto::sha1($unarch) != (string) $checksum) {
         Smart::log_warning('SmartArchiverLZS/decompressRawLZS: Checksum Failed');
         return '';
         // string is corrupted, avoid to return
     }
     //end if
     //--
     return @hex2bin(strtolower($unarch));
     //--
 }
 public static function save_debug_info($y_area, $y_debug_token, $is_main)
 {
     //-- {{{SYNC-DEBUG-DATA}}}
     if ((string) SMART_FRAMEWORK_DEBUG_MODE != 'yes') {
         return false;
     }
     //end if
     //--
     if ((string) $y_area != 'idx' and (string) $y_area != 'adm') {
         return false;
     }
     //end if
     //--
     $y_debug_token = trim((string) $y_debug_token);
     if ((string) $y_debug_token == '') {
         return false;
     }
     //end if
     //--
     $the_dir = 'tmp/logs/' . Smart::safe_filename($y_area) . '/' . date('Y-m-d@H') . '-debug-data/' . Smart::safe_filename($y_debug_token) . '/';
     //-- #END# SYNC
     //--
     if ($is_main) {
         $the_file = $the_dir . 'debug-main.log';
     } else {
         $the_file = $the_dir . 'debug-sub-req-' . time() . '-' . SmartHashCrypto::sha1($_SERVER['REQUEST_URI']) . '.log';
     }
     //end if else
     //--
     //--
     if (!is_dir($the_dir)) {
         SmartFileSystem::dir_recursive_create($the_dir);
     }
     //end if
     //--
     if (is_dir($the_dir)) {
         if (is_writable($the_dir)) {
             //--
             $arr = array();
             //-- generate debug info if set to show optimizations
             SmartMarkersTemplating::registerOptimizationHintsToDebugLog();
             //-- generate debug info if set to show internals
             if (defined('SMART_FRAMEWORK_INTERNAL_DEBUG')) {
                 Smart::registerInternalCacheToDebugLog();
                 SmartFrameworkRegistry::registerInternalCacheToDebugLog();
                 SmartAuth::registerInternalCacheToDebugLog();
                 SmartHashCrypto::registerInternalCacheToDebugLog();
                 SmartUtils::registerInternalCacheToDebugLog();
                 SmartMarkersTemplating::registerInternalCacheToDebugLog();
             }
             //end if
             //--
             $dbg_stats = (array) SmartFrameworkRegistry::getDebugMsgs('stats');
             //--
             $arr['date-time'] = date('Y-m-d H:i:s O');
             $arr['debug-token'] = (string) $y_debug_token;
             $arr['is-request-main'] = $is_main;
             $arr['request-hash'] = SmartHashCrypto::sha1($_SERVER['REQUEST_URI']);
             $arr['request-uri'] = (string) $_SERVER['REQUEST_URI'];
             $arr['resources-time'] = $dbg_stats['time'];
             $arr['resources-memory'] = $dbg_stats['memory'];
             $arr['response-code'] = (int) http_response_code();
             $arr['response-headers'] = base64_encode(Smart::seryalize((array) headers_list()));
             if (function_exists('getallheaders')) {
                 $arr['request-headers'] = base64_encode(Smart::seryalize((array) getallheaders()));
             } else {
                 $arr['request-headers'] = base64_encode(Smart::seryalize(''));
             }
             //end if else
             $arr['env-req-filtered'] = base64_encode(Smart::seryalize((array) SmartFrameworkRegistry::getRequestVars()));
             $arr['env-get'] = base64_encode(Smart::seryalize((array) $_GET));
             $arr['env-post'] = base64_encode(Smart::seryalize((array) $_POST));
             $arr['env-cookies'] = base64_encode(Smart::seryalize((array) $_COOKIE));
             $arr['env-server'] = base64_encode(Smart::seryalize((array) $_SERVER));
             if (@session_status() === PHP_SESSION_ACTIVE) {
                 $arr['php-session'] = base64_encode(Smart::seryalize((array) $_SESSION));
             } else {
                 $arr['php-session'] = base64_encode(Smart::seryalize(''));
             }
             //end if else
             if (SmartAuth::check_login() === true) {
                 $arr['auth-data'] = array('is_auth' => true, 'login_data' => (array) SmartAuth::get_login_data(), '#login-pass#', SmartAuth::get_login_password());
             } else {
                 $arr['auth-data'] = array('is_auth' => false, 'login_data' => array());
             }
             //end if else
             foreach ((array) SmartFrameworkRegistry::getDebugMsgs('optimizations') as $key => $val) {
                 $arr['log-optimizations'][(string) $key] = base64_encode(Smart::seryalize((array) $val));
             }
             //end foreach
             foreach ((array) SmartFrameworkRegistry::getDebugMsgs('extra') as $key => $val) {
                 $arr['log-extra'][(string) $key] = base64_encode(Smart::seryalize((array) $val));
             }
             //end foreach
             foreach ((array) SmartFrameworkRegistry::getDebugMsgs('db') as $key => $val) {
                 $arr['log-db'][(string) $key] = base64_encode(Smart::seryalize((array) $val));
             }
             //end foreach
             $arr['log-mail'] = base64_encode(Smart::seryalize((array) SmartFrameworkRegistry::getDebugMsgs('mail')));
             foreach ((array) SmartFrameworkRegistry::getDebugMsgs('modules') as $key => $val) {
                 $arr['log-modules'][(string) $key] = base64_encode(Smart::seryalize((array) $val));
             }
             //end foreach
             //--
             SmartFileSystem::write($the_file, Smart::seryalize($arr));
             //--
         }
         //end if
     }
     //end if
     //--
     //--
     return true;
     //--
 }
Ejemplo n.º 3
0
 public static final function DownloadsHandler($encrypted_download_pack, $controller_key)
 {
     //--
     $encrypted_download_pack = (string) $encrypted_download_pack;
     $controller_key = (string) $controller_key;
     //--
     $client_signature = SmartUtils::get_visitor_signature();
     //--
     if ((string) SMART_APP_VISITOR_COOKIE == '') {
         Smart::log_info('File Download', 'Failed: 400 / Invalid Visitor Cookie' . ' on Client: ' . $client_signature);
         self::Raise400Error('ERROR: Invalid Visitor UUID. Cookies must be enabled to enable this feature !');
         return '';
     }
     //end if
     //--
     $downloaded_file = '';
     // init
     //--
     $decoded_download_packet = (string) trim((string) SmartUtils::crypto_decrypt((string) $encrypted_download_pack, 'SmartFramework//DownloadLink' . SMART_FRAMEWORK_SECURITY_KEY));
     //--
     if ((string) $decoded_download_packet != '') {
         // if data is corrupted, decrypt checksum does not match, will return an empty string
         //--
         if (SMART_FRAMEWORK_ADMIN_AREA === true) {
             // {{{SYNC-DWN-CTRL-PREFIX}}}
             $controller_key = (string) 'AdminArea/' . $controller_key;
         } else {
             $controller_key = (string) 'IndexArea/' . $controller_key;
         }
         //end if
         //-- {{{SYNC-DOWNLOAD-ENCRYPT-ARR}}}
         $arr_metadata = explode("\n", (string) $decoded_download_packet, 6);
         // only need first 5 parts
         //print_r($arr_metadata);
         // #PACKET-STRUCTURE# [we will have an array like below, according with the: SmartUtils::create_download_link()]
         // [TimedAccess]\n
         // [FilePath]\n
         // [AccessKey]\n
         // [UniqueKey]\n
         // [SFR.UA]\n
         // #END#
         //--
         $crrtime = (string) trim((string) $arr_metadata[0]);
         $filepath = (string) trim((string) $arr_metadata[1]);
         $access_key = (string) trim((string) $arr_metadata[2]);
         $unique_key = (string) trim((string) $arr_metadata[3]);
         //--
         unset($arr_metadata);
         //--
         $timed_hours = 1;
         // default expire in 1 hour
         if (defined('SMART_FRAMEWORK_DOWNLOAD_EXPIRE')) {
             if ((int) SMART_FRAMEWORK_DOWNLOAD_EXPIRE > 0) {
                 if ((int) SMART_FRAMEWORK_DOWNLOAD_EXPIRE <= 24) {
                     // max is 24 hours (since download link is bind to unique browser signature + unique cookie ... make non-sense to keep more)
                     $timed_hours = (int) SMART_FRAMEWORK_DOWNLOAD_EXPIRE;
                 }
                 //end if
             }
             //end if
         }
         //end if
         //--
         if ((int) $timed_hours > 0) {
             if ((int) $crrtime < (int) (time() - 60 * 60 * $timed_hours)) {
                 Smart::log_info('File Download', 'Failed: 403 / Download expired at: ' . date('Y-m-d H:i:s O', (int) $crrtime) . ' for: ' . $filepath . ' on Client: ' . $client_signature);
                 self::Raise403Error('ERROR: The Access Key for this Download is Expired !');
                 return '';
             }
             //end if
         }
         //end if
         //--
         if ((string) $access_key != (string) sha1('DownloadLink:' . SMART_SOFTWARE_NAMESPACE . '-' . SMART_FRAMEWORK_SECURITY_KEY . '-' . SMART_APP_VISITOR_COOKIE . ':' . $filepath . '^' . $controller_key)) {
             Smart::log_info('File Download', 'Failed: 403 / Invalid Access Key for: ' . $filepath . ' on Client: ' . $client_signature);
             self::Raise403Error('ERROR: Invalid Access Key for this Download !');
             return '';
         }
         //end if
         //--
         if ((string) $unique_key != (string) SmartHashCrypto::sha1('Time=' . $crrtime . '#' . SMART_SOFTWARE_NAMESPACE . '-' . SMART_FRAMEWORK_SECURITY_KEY . '-' . $access_key . '-' . SmartUtils::unique_auth_client_private_key() . ':' . $filepath . '+' . $controller_key)) {
             Smart::log_info('File Download', 'Failed: 403 / Invalid Client (Unique) Key for: ' . $filepath . ' on Client: ' . $client_signature);
             self::Raise403Error('ERROR: Invalid Client Key to Access this Download !');
             return '';
         }
         //end if
         //--
         if (SmartFileSysUtils::check_file_or_dir_name($filepath)) {
             //--
             $skip_log = 'no';
             // default log
             if (defined('SMART_FRAMEWORK_DOWNLOAD_SKIP_LOG')) {
                 $skip_log = 'yes';
                 // do not log if accessed via admin area and user is authenticated
             }
             //end if
             //--
             $tmp_file_ext = (string) strtolower(SmartFileSysUtils::get_file_extension_from_path($filepath));
             // [OK]
             $tmp_file_name = (string) strtolower(SmartFileSysUtils::get_file_name_from_path($filepath));
             //--
             $tmp_eval = SmartFileSysUtils::mime_eval($tmp_file_name);
             $mime_type = (string) $tmp_eval[0];
             $mime_disp = (string) $tmp_eval[1];
             //-- the path must not start with / but this is tested below
             $tmp_arr_paths = (array) explode('/', $filepath, 2);
             // only need 1st part for testing
             //-- allow file downloads just from specific folders like wpub/ or wsys/ (this is a very important security fix to dissalow any downloads that are not in the specific folders)
             if (substr((string) $filepath, 0, 1) != '/' and strpos((string) SMART_FRAMEWORK_DOWNLOAD_FOLDERS, '<' . trim((string) $tmp_arr_paths[0]) . '>') !== false and stripos((string) SMART_FRAMEWORK_DENY_UPLOAD_EXTENSIONS, '<' . $tmp_file_ext . '>') === false) {
                 //--
                 SmartFileSysUtils::raise_error_if_unsafe_path($filepath);
                 // re-test finally
                 //--
                 @clearstatcache();
                 //--
                 if (is_file($filepath)) {
                     //--
                     if (!headers_sent()) {
                         //--
                         $fp = @fopen($filepath, 'rb');
                         $fsize = @filesize($filepath);
                         //--
                         if (!$fp || $fsize <= 0) {
                             //--
                             Smart::log_info('File Download', 'Failed: 404 / The requested File is Empty or Not Readable: ' . $filepath . ' on Client: ' . $client_signature);
                             self::Raise404Error('WARNING: The requested File is Empty or Not Readable !');
                             return '';
                             //--
                         }
                         //end if
                         //-- set max execution time to zero
                         ini_set('max_execution_time', 0);
                         // we can expect a long time if file is big, but this will be anyway overriden by the WebServer Timeout Directive
                         //--
                         // cache headers are presumed to be sent by runtime before of this step
                         //--
                         header('Content-Type: ' . $mime_type);
                         header('Content-Disposition: ' . $mime_disp);
                         header('Content-Length: ' . $fsize);
                         //--
                         @fpassthru($fp);
                         // output without reading all in memory
                         //--
                         @fclose($fp);
                         //--
                     } else {
                         //--
                         Smart::log_info('File Download', 'Failed: 500 / Headers Already Sent: ' . $filepath . ' on Client: ' . $client_signature);
                         self::Raise500Error('ERROR: Download Failed, Headers Already Sent !');
                         return '';
                         //--
                     }
                     //end if else
                     //--
                     if ((string) $skip_log != 'yes') {
                         //--
                         $downloaded_file = (string) $filepath;
                         // return the file name to be logged
                         //--
                     }
                     //end if
                     //--
                 } else {
                     //--
                     Smart::log_info('File Download', 'Failed: 404 / The requested File does not Exists: ' . $filepath . ' on Client: ' . $client_signature);
                     self::Raise404Error('WARNING: The requested File for Download does not Exists !');
                     return '';
                     //--
                 }
                 //end if else
             } else {
                 //--
                 Smart::log_info('File Download', 'Failed: 403 / Access to this File is Denied: ' . $filepath . ' on Client: ' . $client_signature);
                 self::Raise403Error('ERROR: Download Access to this File is Denied !');
                 return '';
                 //--
             }
             //end if else
             //--
         } else {
             //--
             Smart::log_info('File Download', 'Failed: 400 / Unsafe File Path: ' . $filepath . ' on Client: ' . $client_signature);
             self::Raise400Error('ERROR: Unsafe Download File Path !');
             return '';
             //--
         }
         //end if else
         //--
     } else {
         //--
         Smart::log_info('File Download', 'Failed: 400 / Invalid Data Packet' . ' on Client: ' . $client_signature);
         self::Raise400Error('ERROR: Invalid Download Data Packet !');
         return '';
         //--
     }
     //end if else
     //--
     return (string) $downloaded_file;
     //--
 }
 /**
  * Generate a PDF Document on the fly from a piece of HTML code.
  *
  * Notice: this is using a secured cache folder, unique per visitor ID
  *
  * @param STRING $y_html_content				:: The HTML Code
  * @param ENUM $y_orientation					:: Page Orientation: 'normal' | 'wide'
  * @param STRING $y_runtime_script 				:: The allowed Runtime Script to allow send credentials for sub-downloads. Ex: admin.php
  * @param STRING $y_runtime_url					:: The allowed Runtime URL ended by '/' to allow send credentials for sub-downloads. Ex: http(s)://some-server/some_path/ ; normally this should be set in config to enforce https:// and a single URL only
  * @param BOOLEAN $y_allow_send_credentials 	:: Set to TRUE to allow or set to FALSE to dissalow sending the auth credentials for sub-downloads: in the case there are embedded pictures generated by admin.php which may need authentication before to work, the credentials need to be set automatically in this case
  *
  * @returns STRING 							:: The PDF Document Contents
  *
  */
 public static function generate($y_html_content, $y_orientation = 'normal', $y_runtime_script = '', $y_runtime_url = '', $y_allow_send_credentials = false)
 {
     //--
     $pdfdata = '';
     //--
     $htmldoc = self::is_active();
     //--
     if ((string) $htmldoc != '') {
         //--
         if ((string) $y_orientation == 'wide') {
             $orientation = self::tag_page_wide();
         } else {
             $orientation = self::tag_page_normal();
         }
         //end if else
         //--
         $tmp_prefix_dir = 'tmp/cache/pdf/';
         $protect_file = $tmp_prefix_dir . '.htaccess';
         $dir = $tmp_prefix_dir . SMART_FRAMEWORK_SESSION_PREFIX . '/';
         // we use different for index / admin / @
         //--
         $uniquifier = SmartUtils::unique_auth_client_private_key() . SMART_APP_VISITOR_COOKIE;
         $the_dir = $dir . Smart::safe_varname(Smart::uuid_10_seq() . '_' . Smart::uuid_10_num() . '_' . SmartHashCrypto::sha1($uniquifier)) . '/';
         //--
         $tmp_uuid = Smart::uuid_45($uniquifier) . Smart::uuid_36($uniquifier);
         $file = $the_dir . '__document_' . SmartHashCrypto::sha256('@@PDF#File::Cache@@' . $tmp_uuid) . '.html';
         $logfile = $the_dir . '__headers_' . SmartHashCrypto::sha256('@@PDF#File::Cache@@' . $tmp_uuid) . '.log';
         //--
         if (is_dir($the_dir)) {
             SmartFileSystem::dir_delete($the_dir);
         }
         //end if
         //--
         if (!is_dir($the_dir)) {
             SmartFileSystem::dir_recursive_create($the_dir);
         }
         // end if
         //--
         SmartFileSystem::write_if_not_exists($protect_file, trim(SMART_FRAMEWORK_HTACCESS_FORBIDDEN) . "\n", 'yes');
         //-- process the code
         $y_html_content = (string) self::remove_between_tags((string) $y_html_content);
         $y_html_content = (string) self::safe_charset((string) $y_html_content);
         //-- extract images
         $htmlparser = new SmartHtmlParser((string) $y_html_content);
         $arr_imgs = $htmlparser->get_tags('img');
         $htmlparser = '';
         unset($htmlparser);
         //--
         $chk_duplicates_arr = array();
         //--
         for ($i = 0; $i < Smart::array_size($arr_imgs); $i++) {
             //--
             $tmp_img_src = trim((string) $arr_imgs[$i]['src']);
             //--
             if (strlen($chk_duplicates_arr[$tmp_img_src]) <= 0) {
                 //--
                 $tmp_url_img_src = '';
                 //--
                 if ((string) $y_runtime_script != '' and (string) $y_runtime_url != '') {
                     // replace relative paths
                     if (substr($tmp_img_src, 0, @strlen($y_runtime_script)) == (string) $y_runtime_script) {
                         $tmp_url_img_src = (string) $y_runtime_url . $tmp_img_src;
                         $y_html_content = (string) @str_replace('src="' . $tmp_img_src . '"', 'src="' . $tmp_url_img_src . '"', (string) $y_html_content);
                         $tmp_img_src = (string) $tmp_url_img_src;
                     }
                     //end if
                 }
                 //end if
                 //--
                 $tmp_img_ext = '.' . strtolower(SmartFileSysUtils::get_file_extension_from_path($tmp_img_src));
                 // [OK]
                 $tmp_img_cache = 'pdf_img_' . SmartHashCrypto::sha256('@@PDF#File::Cache::IMG@@' . '#' . $i . '@' . $tmp_img_src . '//' . $tmp_uuid);
                 //--
                 $tmp_arr = array();
                 //--
                 if (substr($tmp_img_src, 0, 7) == 'http://' or substr($tmp_img_src, 0, 8) == 'https://') {
                     //--
                     $tmp_img_ext = '';
                     // we clear the extension as we don't know yet (we will get it from headers)
                     $tmp_img_cache = 'pdf_url_img_' . SmartHashCrypto::sha256('@@PDF#File::Cache::URL::IMG@@' . '#' . $i . '@' . $tmp_img_src . '//' . $tmp_uuid);
                     //--
                 }
                 //end if
                 //--
                 if ($y_allow_send_credentials === true) {
                     $allow_set_credentials = 'yes';
                 } else {
                     $allow_set_credentials = 'no';
                 }
                 //end if else
                 //--
                 $tmp_arr = SmartUtils::load_url_or_file($tmp_img_src, SMART_FRAMEWORK_NETSOCKET_TIMEOUT, 'GET', '', '', '', $allow_set_credentials);
                 // [OK] :: allow set credentials
                 //--
                 $tmp_img_ext = '.noextension';
                 $tmp_where_we_guess = '';
                 //--
                 $guess_arr = array();
                 //--
                 $guess_arr = SmartUtils::guess_image_extension_by_url_head($tmp_arr['headers']);
                 $tmp_img_ext = (string) $guess_arr['extension'];
                 $tmp_where_we_guess = (string) $guess_arr['where-was-detected'];
                 $guess_arr = array();
                 if ((string) $tmp_img_ext == '') {
                     $tmp_img_ext = SmartUtils::guess_image_extension_by_first_bytes(substr($tmp_arr['content'], 0, 256));
                     if ((string) $tmp_img_ext != '') {
                         $tmp_where_we_guess = ' First Bytes ...';
                     }
                     //end if
                 }
                 //end if
                 //--
                 if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') {
                     // if debug, append information to log
                     SmartFileSystem::write($logfile, '####################' . "\n" . '#################### [FILE # ' . $i . ' = \'' . $tmp_img_src . '\']' . "\n\n" . '==== [MODE] :: ' . $tmp_arr['mode'] . "\n" . '==== [LOG] :: ' . "\n" . $tmp_arr['log'] . "\n" . '==== [HEADERS] ::' . "\n" . $tmp_arr['headers'] . "\n" . '########' . "\n" . '==== [GUESS EXTENSION] :: ' . $tmp_where_we_guess . "\n\n" . '###################' . "\n\n\n\n", 'a');
                 }
                 //end if
                 //--
                 if ((string) $tmp_arr['result'] == '1' and (string) $tmp_arr['code'] == '200') {
                     //--
                     SmartFileSystem::write($the_dir . $tmp_img_cache . $tmp_img_ext, $tmp_arr['content']);
                     //-- if empty, it may be a file
                     if ((string) $tmp_img_ext == '' or (string) $tmp_img_ext == '.png' or (string) $tmp_img_ext == '.gif' or (string) $tmp_img_ext == '.jpg') {
                         $y_html_content = (string) @str_replace('src="' . $tmp_img_src . '"', 'src="' . $tmp_img_cache . $tmp_img_ext . '"', (string) $y_html_content);
                     } else {
                         // we want to avoid html code to be loaded as image by mistakes of http browser class or servers
                         $y_html_content = (string) @str_replace('src="' . $tmp_img_src . '"', 'src="' . $y_runtime_url . 'lib/framework/img/sign_warn.png"', (string) $y_html_content);
                     }
                     //end if else
                     //--
                 } else {
                     //--
                     $y_html_content = (string) @str_replace('src="' . $tmp_img_src . '"', 'src="' . $y_runtime_url . 'lib/framework/img/sign_error.png"', (string) $y_html_content);
                     //--
                 }
                 //end if
                 //--
             }
             //end if
             //--
             $chk_duplicates_arr[$tmp_img_src] = 'processed';
             //--
         }
         //end for
         //--
         $chk_duplicates_arr = array();
         unset($chk_duplicates_arr);
         $arr_imgs = array();
         unset($arr_imgs);
         //--
         SmartFileSystem::write($file, $orientation . "\n" . $y_html_content);
         //--
         if (is_file($file)) {
             //--
             ob_start();
             //--
             @passthru($htmldoc . ' ' . self::pdf_options($file));
             //--
             $pdfdata = ob_get_clean();
             //--
         } else {
             //--
             Smart::log_warning('ERROR: PDF Generator Failed to find the PDF Document: ' . $file . "\n" . $y_html_content);
             //--
         }
         //end if else
         //-- cleanup
         if ((string) SMART_FRAMEWORK_DEBUG_MODE != 'yes') {
             // if not debug, cleanup the dir
             if (is_dir($the_dir)) {
                 SmartFileSystem::dir_delete($the_dir);
             }
             //end if
         }
         //end if
         //--
     } else {
         //--
         Smart::log_notice('NOTICE: PDF Generator is INACTIVE ...');
         //--
     }
     //end if
     //--
     return (string) $pdfdata;
     //--
 }
Ejemplo n.º 5
0
 /**
  * Start the Session on request
  *
  */
 public static function start()
 {
     //=====
     //--
     if (self::$started !== false) {
         return;
         // avoid start session if already started ...
     }
     //end if
     self::$started = true;
     // avoid run start again
     //--
     //=====
     //--
     $browser_os_ip_identification = SmartUtils::get_os_browser_ip();
     // get browser and os identification
     //--
     if ((string) $browser_os_ip_identification['bw'] == '@s#' or (string) $browser_os_ip_identification['bw'] == 'bot') {
         return;
         // in this case start no session for robots or the self browser (as they do not need to share info between many visits) ; if the self browser fail to identify will be at least identified as robot in the worst case
     }
     //end if
     //--
     //=====
     //-- no log as the cookies can be dissalowed by the browser
     if ((string) SMART_APP_VISITOR_COOKIE == '') {
         return;
         // session need cookies
     }
     //end if
     //--
     //=====
     //--
     $sf_sess_mode = 'files';
     $sf_sess_area = 'default-sess';
     $sf_sess_ns = 'unknown';
     $sf_sess_dir = 'tmp/sess';
     //--
     //=====
     if (!defined('SMART_FRAMEWORK_SESSION_PREFIX')) {
         Smart::log_warning('FATAL ERROR: Invalid Session Prefix :: SMART_FRAMEWORK_SESSION_PREFIX');
         return;
     }
     //end if
     if (strlen(SMART_FRAMEWORK_SESSION_PREFIX) < 3 or strlen(SMART_FRAMEWORK_SESSION_PREFIX) > 9) {
         Smart::log_warning('WARNING: Session Prefix must have a length between 3 and 9 characters :: SMART_FRAMEWORK_SESSION_PREFIX');
         return;
     }
     //end if
     if (!preg_match('/^[a-z\\-]+$/', (string) SMART_FRAMEWORK_SESSION_PREFIX)) {
         Smart::log_warning('WARNING: Session Prefix contains invalid characters :: SMART_FRAMEWORK_SESSION_PREFIX');
         return;
     }
     //end if
     //--
     if (!defined('SMART_FRAMEWORK_SESSION_NAME')) {
         Smart::log_warning('FATAL ERROR: Invalid Session Name :: SMART_FRAMEWORK_SESSION_NAME');
         return;
     }
     //end if
     if (strlen(SMART_FRAMEWORK_SESSION_NAME) < 10 or strlen(SMART_FRAMEWORK_SESSION_NAME) > 25) {
         Smart::log_warning('WARNING: Session Name must have a length between 10 and 25 characters :: SMART_FRAMEWORK_SESSION_NAME');
         return;
     }
     //end if
     if (!preg_match('/^[_A-Za-z0-9]+$/', (string) SMART_FRAMEWORK_SESSION_NAME)) {
         Smart::log_warning('WARNING: Session Name contains invalid characters :: SMART_FRAMEWORK_SESSION_NAME');
         return;
     }
     //end if
     if (!SmartFrameworkSecurity::ValidateVariableName(strtolower(SMART_FRAMEWORK_SESSION_NAME))) {
         Smart::log_warning('WARNING: Session Name have an invalid value :: SMART_FRAMEWORK_SESSION_NAME');
         return;
     }
     //end if
     //--
     if (!defined('SMART_FRAMEWORK_SESSION_LIFETIME')) {
         Smart::log_warning('FATAL ERROR: Invalid Session GC Lifetime :: SMART_FRAMEWORK_SESSION_LIFETIME');
         return;
     }
     //end if
     if (!is_int(SMART_FRAMEWORK_SESSION_LIFETIME)) {
         Smart::log_warning('Invalid INIT constant value for SMART_FRAMEWORK_SESSION_LIFETIME');
         return;
     }
     //end if
     //--
     if (!is_dir('tmp/sessions/')) {
         Smart::log_warning('FATAL ERROR: The Folder \'tmp/sessions/\' does not exists for use with Session !');
         return;
     }
     //end if
     //--
     $detected_session_mode = (string) ini_get('session.save_handler');
     if ((string) $detected_session_mode === 'files') {
         if ((string) SMART_FRAMEWORK_SESSION_HANDLER !== 'files') {
             Smart::log_warning('FATAL ERROR: The value set for SMART_FRAMEWORK_SESSION_HANDLER is not set to: files / but the value found in session.save_handler is: ' . $detected_session_mode);
             return;
         }
         //end if
     } elseif ((string) $detected_session_mode === 'user') {
         if ((string) SMART_FRAMEWORK_SESSION_HANDLER === 'files') {
             Smart::log_warning('FATAL ERROR: The value set for SMART_FRAMEWORK_SESSION_HANDLER is set to: files / but the value found in session.save_handler is: ' . $detected_session_mode);
             return;
         }
         //end if
     } else {
         Smart::log_warning('FATAL ERROR: The value set for session.save_handler must be set to one of these modes: files or user');
         return;
     }
     //end if
     //--
     //=====
     //--  generate a the client private key based on it's IP and Browser
     $the_sess_client_uuid = SmartUtils::unique_client_private_key();
     // SHA512 key to protect session data agains forgers
     //-- a very secure approach based on a chain, derived with a secret salt from the framework security key:
     // (1) an almost unique client private key lock based on it's IP and Browser
     // (2) an entropy derived from the client random cookie combined with the (1)
     // (3) a unique session name suffix derived from (1) and (2)
     // (4) a unique session id composed from (1) and (2)
     //-- thus the correlation between the random public client cookie, the session name suffix and the session id makes impossible to forge it as it locks to IP+Browser, using a public entropy cookie all encrypted with a secret key and derived and related, finally composed.
     $the_sess_client_lock = SmartHashCrypto::sha1(SMART_FRAMEWORK_SECURITY_KEY . '#' . $the_sess_client_uuid);
     $the_sess_client_entropy = SmartHashCrypto::sha1(SMART_APP_VISITOR_COOKIE . '*' . $the_sess_client_uuid . '%' . SMART_FRAMEWORK_SECURITY_KEY);
     $the_sess_nsuffix = SmartHashCrypto::sha1($the_sess_client_uuid . ':' . SMART_FRAMEWORK_SECURITY_KEY . '^' . $the_sess_client_entropy . '+' . $the_sess_client_lock . '$' . SMART_APP_VISITOR_COOKIE);
     $the_sess_id = $the_sess_client_entropy . '-' . $the_sess_client_lock;
     // session ID combines the secret client key based on it's IP / Browser and the Client Entropy Cookie
     //--
     $sf_sess_area = Smart::safe_filename((string) SMART_FRAMEWORK_SESSION_PREFIX);
     $sf_sess_dpfx = substr($the_sess_client_entropy, 0, 1) . '-' . substr($the_sess_client_lock, 0, 1);
     // this come from hexa so 3 chars are 16x16x16=4096 dirs
     //--
     if ((string) $browser_os_ip_identification['bw'] == '@s#') {
         $sf_sess_ns = '@sr-' . $sf_sess_dpfx;
     } elseif ((string) $browser_os_ip_identification['bw'] == 'bot') {
         $sf_sess_ns = 'r0-' . $sf_sess_dpfx;
         // we just need a short prefix for robots (on disk is costly for GC to keep separate folders, but of course, not so safe)
     } else {
         $sf_sess_ns = 'c-' . substr($browser_os_ip_identification['bw'], 0, 3) . '-' . $sf_sess_dpfx;
         // we just need a short prefix for clients (on disk is costly for GC to keep separate folders, but of course, not so safe)
     }
     //end if else
     $sf_sess_ns = Smart::safe_filename($sf_sess_ns);
     //-- by default set for files
     $sf_sess_mode = 'files';
     $sf_sess_dir = 'tmp/sessions/' . $sf_sess_area . '/' . $sf_sess_ns . '/';
     if ((string) $detected_session_mode === 'user') {
         if (class_exists('SmartCustomSession')) {
             if ((string) get_parent_class('SmartCustomSession') == 'SmartAbstractCustomSession') {
                 $sf_sess_mode = 'user-custom';
                 $sf_sess_dir = 'tmp/sessions/' . $sf_sess_area . '/';
                 // here the NS is saved in DB so we do not need to complicate paths
             } else {
                 Smart::log_warning('SESSION INIT ERROR: Invalid Custom Session Handler. The class SmartCustomSession must be extended from class SmartAbstractCustomSession ...');
                 return;
             }
             //end if else
         } else {
             Smart::log_warning('SESSION INIT ERROR: Custom Session Handler requires the class SmartCustomSession ...');
             return;
         }
         //end if
     }
     //end if
     $sf_sess_dir = Smart::safe_pathname($sf_sess_dir);
     //--
     if (!is_dir($sf_sess_dir)) {
         SmartFileSystem::dir_recursive_create($sf_sess_dir);
     }
     //end if
     SmartFileSystem::write_if_not_exists('tmp/sessions/' . $sf_sess_area . '/' . 'index.html', '');
     //=====
     //--
     @session_save_path($sf_sess_dir);
     @session_cache_limiter('nocache');
     //--
     $the_name_of_session = (string) SMART_FRAMEWORK_SESSION_NAME . '__Key_' . $the_sess_nsuffix;
     // protect session name data agains forgers
     //--
     @session_id((string) $the_sess_id);
     @session_name((string) $the_name_of_session);
     //--
     $tmp_exp_seconds = Smart::format_number_int(SMART_FRAMEWORK_SESSION_LIFETIME, '+');
     if ($tmp_exp_seconds > 0) {
         @session_set_cookie_params((int) $tmp_exp_seconds, '/');
         // session cookie expire and the path
     }
     // end if
     //-- be sure that session_write_close() is executed at the end of script if script if die('') premature and before pgsql shutdown register in the case of DB sessions
     register_shutdown_function('session_write_close');
     //-- handle custom session handler
     if ((string) $sf_sess_mode === 'user-custom') {
         //--
         $sess_obj = new SmartCustomSession();
         $sess_obj->sess_area = (string) $sf_sess_area;
         $sess_obj->sess_ns = (string) $sf_sess_ns;
         $sess_obj->sess_expire = (int) $tmp_exp_seconds;
         //--
         session_set_save_handler(array($sess_obj, 'open'), array($sess_obj, 'close'), array($sess_obj, 'read'), array($sess_obj, 'write'), array($sess_obj, 'destroy'), array($sess_obj, 'gc'));
         //--
     }
     //end if else
     //-- start session
     @session_start();
     //--
     if ((string) $_SESSION['SoftwareFramework_VERSION'] != (string) SMART_FRAMEWORK_VERSION or (string) $_SESSION['website_ID'] != (string) SMART_SOFTWARE_NAMESPACE or strlen($_SESSION['session_ID']) < 32) {
         //--
         $_SESSION['SoftwareFramework_VERSION'] = (string) SMART_FRAMEWORK_VERSION;
         // software version
         $_SESSION['SoftwareFramework_SessionMode'] = (string) $sf_sess_mode;
         // session mode
         $_SESSION['website_ID'] = (string) SMART_SOFTWARE_NAMESPACE;
         // the website ID
         $_SESSION['uniqbrowser_ID'] = (string) $the_sess_client_uuid;
         // a true unique browser ID (this is a protection against sessionID forgers)
         $_SESSION['session_ID'] = (string) @session_id();
         // read current session ID
         $_SESSION['session_STARTED'] = (string) date('Y-m-d H:i:s O');
         // read current session ID
         //--
     }
     //end if
     //--
     if (!isset($_SESSION['visit_COUNTER'])) {
         $_SESSION['visit_COUNTER'] = 1;
     } else {
         $_SESSION['visit_COUNTER'] += 1;
     }
     //end if else
     //--
     $_SESSION['SmartFramework__Browser__Identification__Data'] = (array) $browser_os_ip_identification;
     //--
     if ((string) $_SESSION['uniqbrowser_ID'] != (string) $the_sess_client_uuid) {
         // we need at least a md5 session
         //-- log, then unset old session (these are not well tested ...)
         Smart::log_notice('Session Security Breakpoint :: Session-BrowserUniqueID = ' . $_SESSION['uniqbrowser_ID'] . "\n" . 'SessionSecurityUniqueID = ' . $the_sess_client_uuid . "\n" . 'Browser Ident = ' . $browser_os_ip_identification['bw'] . "\n" . 'Cookies = ' . print_r($_COOKIE, 1) . "\n" . 'SessID = ' . $_SESSION['session_ID'] . "\n" . 'ClientIP = ' . SmartUtils::get_ip_client() . ' @ ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'UserAgent = ' . $_SERVER['HTTP_USER_AGENT']);
         $_SESSION = array();
         // reset it
         //-- unset the cookie (from this below is tested)
         @setcookie($the_name_of_session, 'EXPIRED', 1, '/');
         //-- stop execution with message
         Smart::raise_error('SESSION // SECURITY BREAK POINT: Possible Session Forgery Detected ...', 'SESSION // SECURITY BREAK POINT: Possible Session Forgery Detected ! Please refresh the page ... A new session will be assigned ! If you are not trying to forge another user\' session this situation can occur also if you are behind a proxy and some of your navigation parameters has been changed ! If this problem persist try to restart your browser or use other browser. If still persist, contact the website administrator');
         die('');
         // just in case
         return;
         // or is better to silent discard it ?
         //--
     }
     //end if
     //--
     self::$active = time();
     // successfuly started
     //--
 }
Ejemplo n.º 6
0
 public static function get_visitor_tracking_uid()
 {
     //--
     return (string) SmartHashCrypto::sha1('>' . SMART_SOFTWARE_NAMESPACE . '[' . SMART_FRAMEWORK_SECURITY_KEY . ']' . self::client_ident_private_key() . '>' . SMART_APP_VISITOR_COOKIE);
     //--
 }
Ejemplo n.º 7
0
 private function _hash($string)
 {
     // force use sha1() encryption (unixman)
     //$result = sha1($string);
     //$out ='';
     // Convert hexadecimal hash value to binary string
     //for($c=0;$c<strlen($result);$c+=2) {
     //	$out .= chr(hexdec($result[$c].$result[$c+1]));
     //} //end for
     //return $out;
     switch ((string) $this->mode) {
         // enhancement by unixman
         case 'md5':
             $result = SmartHashCrypto::md5($string);
             break;
         case 'sha1':
             $result = SmartHashCrypto::sha1($string);
             break;
         case 'sha256':
             $result = SmartHashCrypto::sha256($string);
             break;
         case 'sha384':
             $result = SmartHashCrypto::sha384($string);
             break;
         case 'sha512':
             $result = SmartHashCrypto::sha512($string);
             break;
         default:
             Smart::log_warning('ERROR: Invalid mode for: SmartCryptoCipherHash / _hash: ' . $this->mode . ' ; Using sha1()');
             $result = sha1($string);
     }
     //end switch
     return (string) @hex2bin((string) $result);
     // convert hexadecimal hash value to binary string
 }