public function action_index() { // clear buffer helper_ob::clean_all(); // validating do { $options = application::get('flag.numbers.backend.cron.base'); // token if (!empty($options['token']) && request::input('token') != $options['token']) { break; } // ip if (!empty($options['ip']) && !in_array(request::ip(), $options['ip'])) { break; } // get date parts $date_parts = format::now('parts'); print_r($date_parts); echo "GOOD\n"; } while (0); // we need to validate token //$token = request::input('token'); echo "OK\n"; // exit exit; }
/** * Starting session * * @param array $options */ public static function start($options) { // setting default options foreach (self::$default_options as $k => $v) { if (isset($options[$k]) || array_key_exists($k, $options)) { ini_set("session.{$k}", $options[$k]); self::$default_options[$k] = $options[$k]; } else { if (isset(self::$default_options[$k])) { ini_set("session.{$k}", $v); } } } // starting session submodule if we have one $class = application::get('flag.global.session.submodule', ['class' => 1]); if (!empty($class)) { $object = new $class(); $object->init(); self::$object = $object; } // starting session session_start(); // session fixation prevention if (empty($_SESSION['numbers']['flag_generated_by_system'])) { session_regenerate_id(true); $_SESSION = []; $_SESSION['numbers']['flag_generated_by_system'] = true; } // processing IP address $ip = request::ip(); // we need to reset ip address details if we have different ip if (!empty($_SESSION['numbers']['ip']['ip']) && $_SESSION['numbers']['ip']['ip'] != $ip) { $_SESSION['numbers']['ip'] = []; } // we need to try to decode ip address if (!isset($_SESSION['numbers']['ip']['ip'])) { $ip_submodule = application::get('flag.global.ip.submodule', ['class' => 1]); if (!empty($ip_submodule)) { $ip_object = new $ip_submodule(); $ip_data = $ip_object->get($ip); if ($ip_data['success']) { $_SESSION['numbers']['ip'] = $ip_data['data']; } } // we only store ip address if its not set if (!isset($_SESSION['numbers']['ip']['ip'])) { $_SESSION['numbers']['ip'] = ['ip' => $ip]; } } }
/** * see crypt::token_validate(); */ public function token_validate($token, $options = []) { $result = ['id' => null, 'data' => null, 'time' => null, 'ip' => request::ip()]; if ($this->base64) { $token2 = base64_decode($token); } else { $token2 = $token; } $digest = substr($token2, 0, 32); $result['time'] = hexdec(substr($token2, 32, 8)); $temp = explode('!', substr($token2, 40, strlen($token2))); $result['id'] = $temp[0]; $result['data'] = unserialize(base64_decode($temp[2])); $rebuilt = self::token_create($result['id'], $result['data'], ['time' => $result['time'], 'ip' => $result['ip']]); if (urldecode($rebuilt) != $token) { return false; } else { // todo: validate valid_hours return $result; } }
public function write($id, $data) { // Don't run without a database connection if (!$this->db->link()) { return FALSE; } // Only write once... if ($this->written) { return true; } $data = array('session_id' => $id, 'session_ip' => request::ip(), 'session_user_agent' => $_SERVER['HTTP_USER_AGENT'], 'session_last_activity' => time(), 'session_data' => $this->encrypt === NULL ? base64_encode($data) : $this->encrypt->encode($data)); if ($this->session_id === NULL) { // Insert a new session $this->db->use_master(YES); $query = $this->db->insert($this->table, $data); } elseif ($id === $this->session_id) { // Do not update the session_id unset($data['session_id']); // Update the existing session $this->db->use_master(YES); $query = $this->db->update($this->table, $data, array('session_id' => $id)); } else { // Update the session and id $this->db->use_master(YES); $query = $this->db->update($this->table, $data, array('session_id' => $this->session_id)); // Set the new session id $this->session_id = $id; } // Written! $this->written = true; return (bool) $query->count(); }
/** * see crypt::token_validate(); */ public function token_validate($token, $options = []) { do { if (empty($this->base64)) { $token = base64_decode($token); } $decrypted = $this->decrypt($token); if ($decrypted === false) { break; } $result = unserialize($decrypted); if (empty($result['id'])) { break; } // validating valid hours if (empty($options['skip_time_validation']) && $result['time'] + $this->valid_hours * 60 * 60 <= time()) { break; } // ip verification if ($this->check_ip && $result['ip'] != request::ip()) { break; } return $result; } while (0); return false; }
/** * Get a single line of text representing the exception: * * Error [ Code ]: Message ~ File [ Line ] * * @param object Exception * @return string */ public static function text($e, $full_args = FALSE) { // Should we use the full argument length or truncate? $arg_char_limit = $full_args ? 2500 : 50; // Clean up the message a bit $message = str_replace(array("<br>", "<br/>", "<br />", "\r\n", "\n", "\r"), '; ', strip_tags($e->getMessage())); // How was the request made $called = 'Request:' . "\n"; $method = strtoupper(request::method()); if ($method == 'CLI') { $called .= 'CLI - ' . cli::launch_cmd(); } else { $called .= '[' . $method . '] ' . request::ip() . ' - ' . request::protocol() . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; if (is_array($_POST) && count($_POST) > 0) { $called .= "\n\nBody:\n"; $called .= var_export($_POST, TRUE); } } return sprintf('%s [ %s ]: %s ~ %s [ %d ]' . "\n\n" . '%s' . "\n\n" . '%s' . "\n", get_class($e), $e->getCode(), $message, Eight_Exception::debug_path($e->getFile()), $e->getLine(), $called, Eight_Exception::trace_string($e->getTrace(), $arg_char_limit)); }