/** * Load a File or an URL * it may use 3 methods: FileRead, CURL or HTTP-Browser class * * @param STRING $y_url_or_path :: /path/to/file | http(s)://some.url:port/path (port is optional) * @param NUMBER $y_timeout :: timeout in seconds * @param ENUM $y_method :: used only for URLs, the browsing method: GET | POST * @param ENUM $y_ssl_method :: SSL Mode: tls | sslv3 | sslv2 | ssl * @param STRING $y_auth_name :: used only for URLs, the auth user name * @param STRING $y_auth_pass :: used only for URLs, the auth password * @param YES/NO y_allow_set_credentials :: DEFAULT MUST BE set to NO ; if YES must be set just for internal URLs ; if the $y_url_or_path to get is detected to be under current URL will send also the Unique / session IDs ; more if detected that is from admin.php and if this is set to YES will send the HTTP-BASIC Auth credentials if detected (using YES with other URLs than SmartFramework's current URL can be a serious SECURITY ISSUE, so don't !) */ public static function load_url_or_file($y_url_or_path, $y_timeout = 30, $y_method = 'GET', $y_ssl_method = '', $y_auth_name = '', $y_auth_pass = '', $y_allow_set_credentials = 'no') { //-- v.2016-01-15 // fixed sessionID with new Dynamic generated // TODO: use the CURL to browse also FTP and SSH ... //-- $y_url_or_path = (string) $y_url_or_path; //-- if ((string) $y_url_or_path == '') { //-- return array('log' => 'ERROR: FILE Name is Empty ...', 'mode' => 'file', 'result' => '0', 'code' => '400', 'headers' => '', 'content' => '', 'debuglog' => ''); //-- } //end if //-- detect if file or url if (substr($y_url_or_path, 0, 7) == 'http://' or substr($y_url_or_path, 0, 8) == 'https://') { $is_file = 0; // it is a url } else { $is_file = 1; // it is a file } //end if //-- if ($is_file == 1) { //-- $y_url_or_path = trim($y_url_or_path); //-- try to detect if data:image/ :: {{{SYNC-DATA-IMAGE}}} if (strtolower(substr($y_url_or_path, 0, 11)) == 'data:image/' and stripos($y_url_or_path, ';base64,') !== false) { //-- $eimg = explode(';base64,', $y_url_or_path); //-- return array('log' => 'OK ? Not sure, decoded from embedded b64 image: ', 'mode' => 'embedded', 'result' => '1', 'code' => '200', 'headers' => SmartUnicode::sub_str($y_url_or_path, 0, 50) . '...', 'content' => @base64_decode(trim($eimg[1])), 'debuglog' => ''); //-- } elseif (is_file($y_url_or_path)) { //-- return array('log' => 'OK: FILE Exists', 'mode' => 'file', 'result' => '1', 'code' => '200', 'headers' => 'Content-Disposition: inline; filename="' . basename($y_url_or_path) . '"' . "\n", 'content' => SmartFileSystem::read($y_url_or_path), 'debuglog' => ''); //-- } else { //-- return array('log' => 'ERROR: FILE Not Found or Invalid Data ...', 'mode' => 'file', 'result' => '0', 'code' => '404', 'headers' => '', 'content' => '', 'debuglog' => ''); //-- } //end if else //-- } else { //-- if ((string) $y_ssl_method == '') { if (defined('SMART_FRAMEWORK_SSL_MODE')) { $y_ssl_method = (string) SMART_FRAMEWORK_SSL_MODE; } else { Smart::log_notice('NOTICE: LibUtils/Load-URL-or-File // The SSL Method not defined and SMART_FRAMEWORK_SSL_MODE was not defined. Using the `tls` as default ...'); $y_ssl_method = 'tls'; } //end if else } //end if //-- $browser = new SmartHttpClient(); //-- $y_timeout = Smart::format_number_int($y_timeout, '+'); if ($y_timeout <= 0) { $y_timeout = 30; // default value } //end if $browser->connect_timeout = (int) $y_timeout; //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $browser->debug = 1; } //end if //-- if ((string) self::get_server_current_protocol() == 'https://') { $tmp_current_protocol = 'https://'; } else { $tmp_current_protocol = 'http://'; } //end if else //-- $tmp_current_server = self::get_server_current_domain_name(); $tmp_current_port = self::get_server_current_port(); //-- $tmp_current_path = self::get_server_current_request_uri(); $tmp_current_script = self::get_server_current_full_script(); //-- $tmp_test_url_arr = Smart::separe_url_parts($y_url_or_path); $tmp_test_browser_id = self::get_os_browser_ip(); //-- $tmp_extra_log = ''; if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= "\n" . '===== # =====' . "\n"; } //end if //-- $cookies = array(); $auth_name = (string) $y_auth_name; $auth_pass = (string) $y_auth_pass; //-- if ((string) $y_allow_set_credentials == 'yes') { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: I will try to detect if this is my current Domain and I will check if it is safe to send my sessionID COOKIE and my Auth CREDENTIALS ...' . "\n"; } //end if //-- if ((string) $tmp_current_protocol == (string) $tmp_test_url_arr['protocol'] and (string) $tmp_current_server == (string) $tmp_test_url_arr['server'] and (string) $tmp_current_port == (string) $tmp_test_url_arr['port']) { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: OK, Seems that the browsed Domain is identical with my current Domain which is: ' . $tmp_current_protocol . $tmp_current_server . ':' . $tmp_current_port . ' and the browsed one is: ' . $tmp_test_url_arr['protocol'] . $tmp_test_url_arr['server'] . ':' . $tmp_test_url_arr['port'] . "\n"; $tmp_extra_log .= '[EXTRA]: I will also check if my current script and path are identical with the browsed ones ...' . "\n"; } //end if //-- if ((string) $tmp_current_script == (string) $tmp_test_url_arr['scriptname'] and substr($tmp_current_path, 0, strlen($tmp_current_script)) == (string) $tmp_test_url_arr['scriptname']) { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: OK, Seems that the current script is identical with the browsed one :: ' . 'Current Path is: \'' . $tmp_current_script . '\' / Browsed Path is: \'' . $tmp_test_url_arr['scriptname'] . '\' !' . "\n"; $tmp_extra_log .= '[EXTRA]: I will check if I have to send my SessionID so I will check the browserID ...' . "\n"; } //end if //-- $browser->useragent = (string) self::get_selfrobot_useragent_name(); // this must be set just when detected the same path and script ; it is a requirement to detect it as the self-robot [ @s# ] in order to send the credentials or the current //-- {{{SYNC-SMART-UNIQUE-COOKIE}}} if (defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME') and !defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_SKIP')) { if ((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME != '') { if (SmartFrameworkSecurity::ValidateVariableName(strtolower((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME))) { //-- if ((string) SMART_APP_VISITOR_COOKIE != '') { // if set, then forward if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: OK, I will send my current Visitor Unique Cookie ID as it is set and not empty ...' . "\n"; } //end if $cookies[(string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME] = (string) SMART_APP_VISITOR_COOKIE; // this is a requirement } //end if //-- } //end if } //end if } //end if //-- #end# sync if ((string) SmartAuth::get_login_method() == 'HTTP-BASIC' and (string) $auth_name == '' and (string) $auth_pass == '' and strpos($tmp_current_script, '/admin.php') !== false and strpos($tmp_test_url_arr['scriptname'], '/admin.php') !== false) { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: HTTP-BASIC Auth method detected / Allowed to pass the Credentials - as the browsed URL belongs to this ADMIN Server as I run, the Auth credentials are set but passed as empty - everything seems to be safe I will send my credentials: USERNAME = \'' . SmartAuth::get_login_id() . '\' ; PASS = *****' . "\n"; } //end if //-- $auth_name = (string) SmartAuth::get_login_id(); $auth_pass = (string) SmartAuth::get_login_password(); //-- } //end if //-- } else { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: Seems that the scripts are NOT identical :: ' . 'Current Script is: \'' . $tmp_current_script . '\' / Browsed Script is: \'' . $tmp_test_url_arr['scriptname'] . '\' !' . "\n"; $tmp_extra_log .= '[EXTRA]: This is the diff for having a comparation: ' . substr($tmp_current_path, 0, strlen($tmp_current_script)) . "\n"; } //end if //-- } //end if //-- } //end if //-- } //end if //-- $browser->cookies = (array) $cookies; //-- $data = (array) $browser->browse_url($y_url_or_path, $y_method, $y_ssl_method, $auth_name, $auth_pass); // do browse //-- return array('log' => (string) $data['log'] . $tmp_extra_log, 'mode' => (string) $data['mode'], 'result' => (string) $data['result'], 'code' => (string) $data['code'], 'headers' => (string) $data['headers'], 'content' => (string) $data['content'], 'debuglog' => (string) $data['debuglog']); //-- } //end if else //-- }
public static function decode_mime_fileurl($y_enc_msg_file, $y_ctrl_key) { //-- $y_enc_msg_file = (string) trim((string) $y_enc_msg_file); if ((string) $y_enc_msg_file == '') { Smart::log_warning('Mail-Utils / Decode Mime File URL: Empty Message File Path has been provided. This means the URL link will be unavaliable (empty) to assure security protection.'); return ''; } //end if if (!SmartFileSysUtils::check_file_or_dir_name($y_enc_msg_file)) { Smart::log_warning('Mail-Utils / Decode Mime File URL: Invalid Message File Path has been provided. This means the URL link will be unavaliable (empty) to assure security protection. Message File: ' . $y_enc_msg_file); return ''; } //end if //-- $y_ctrl_key = (string) trim((string) $y_ctrl_key); if ((string) $y_ctrl_key == '') { Smart::log_warning('Mail-Utils / Decode Mime File URL: Empty Controller Key has been provided. This means the URL link will be unavaliable (empty) to assure security protection.'); return ''; } //end if if (SMART_FRAMEWORK_ADMIN_AREA === true) { // {{{SYNC-ENCMIMEURL-CTRL-PREFIX}}} $y_ctrl_key = (string) 'AdminMailUtilArea/' . $y_ctrl_key; } else { $y_ctrl_key = (string) 'IndexMailUtilArea/' . $y_ctrl_key; } //end if //-- $the_sep_arr = (array) self::mime_separe_part_link($y_enc_msg_file); $y_enc_msg_file = (string) $the_sep_arr['msg']; $the_msg_part = (string) $the_sep_arr['part']; unset($the_sep_arr); //-- $arr = array(); // {{{SYNC-MIME-ENCRYPT-ARR}}} $arr['error'] = ''; // by default, no error //-- if ((string) SMART_APP_VISITOR_COOKIE == '') { $arr['error'] = 'WARNING: Access Forbidden ... No Visitor ID set ...!'; return (array) $arr; } //end if //-- if ((string) $the_msg_part != '') { $the_msg_part = strtolower(trim((string) SmartUtils::url_hex_decode((string) $the_msg_part))); } //end if //-- $decoded_link = trim((string) SmartUtils::crypto_decrypt((string) $y_enc_msg_file, 'SmartFramework//MimeLink' . SMART_FRAMEWORK_SECURITY_KEY)); $dec_arr = (array) explode("\n", trim((string) $decoded_link)); //print_r($dec_arr); //-- $arr['creation-time'] = trim((string) $dec_arr[0]); $arr['message-file'] = trim((string) $dec_arr[1]); $arr['message-part'] = trim((string) $the_msg_part); $arr['access-key'] = trim((string) $dec_arr[2]); $arr['bw-unique-key'] = trim((string) $dec_arr[3]); $arr['sf-robot-key'] = trim((string) $dec_arr[4]); //-- check if file path is valid if ((string) $arr['message-file'] == '') { $arr = array(); $arr['error'] = 'ERROR: Empty Message Path ...'; return (array) $arr; } //end if if (!SmartFileSysUtils::check_file_or_dir_name($arr['message-file'])) { $arr = array(); $arr['error'] = 'ERROR: Unsafe Message Path Access ...'; return (array) $arr; } //end if //-- $browser_os_ip_identification = SmartUtils::get_os_browser_ip(); // get browser and os identification //-- re-compose the access key $crrtime = (int) $arr['creation-time']; $access_key = sha1('MimeLink:' . SMART_SOFTWARE_NAMESPACE . '-' . SMART_FRAMEWORK_SECURITY_KEY . '-' . SMART_APP_VISITOR_COOKIE . ':' . $arr['message-file'] . '>' . $y_ctrl_key); $uniq_key = sha1('Time=' . $crrtime . '#' . SMART_SOFTWARE_NAMESPACE . '-' . SMART_FRAMEWORK_SECURITY_KEY . '-' . $access_key . '-' . SmartUtils::unique_auth_client_private_key() . ':' . $arr['message-file'] . '>' . $y_ctrl_key); $self_robot_key = sha1('Time=' . $crrtime . '#' . SmartAuth::get_login_id() . '*' . SMART_SOFTWARE_NAMESPACE . '-' . SMART_FRAMEWORK_SECURITY_KEY . '-' . trim($browser_os_ip_identification['signature']) . '$' . $access_key . ':' . $arr['message-file'] . '>' . $y_ctrl_key); //-- check access key if ((string) $arr['error'] == '') { if ((string) $access_key != (string) $arr['access-key']) { $arr = array(); $arr['error'] = 'ERROR: Access Forbidden ... Invalid ACCESS KEY ...'; } //end if } //end if //-- check the client key if ((string) $arr['error'] == '') { //-- $ok_client_key = false; //-- if ((string) $the_msg_part == '' and (string) $arr['bw-unique-key'] == (string) $uniq_key) { // no message part, allow only client browser $ok_client_key = true; } elseif ((string) $the_msg_part != '' and ((string) $arr['bw-unique-key'] == (string) $uniq_key or (string) $browser_os_ip_identification['bw'] == '@s#' and (string) $arr['sf-robot-key'] == (string) $self_robot_key)) { $ok_client_key = true; } else { $ok_client_key = false; } //end if else //-- if ($ok_client_key != true) { $arr = array(); $arr['error'] = 'ERROR: Access Forbidden ... Invalid CLIENT KEY ...'; } //end if //-- } //end if //-- return (array) $arr; //-- }