/**
* Writes $auditName with $auditAttributes as content
* to file name that will be fetched from ini settings by auditNameSettings() for logging.
*
* @param string $auditName
* @param array $auditAttributes
* @return bool
*/
static function writeAudit( $auditName, $auditAttributes = array() )
{
$enabled = eZAudit::isAuditEnabled();
if ( !$enabled )
return false;
$auditNameSettings = eZAudit::auditNameSettings();
if ( !isset( $auditNameSettings[$auditName] ) )
return false;
$ip = eZSys::clientIP();
if ( !$ip )
$ip = eZSys::serverVariable( 'HOSTNAME', true );
$user = eZUser::currentUser();
$userID = $user->attribute( 'contentobject_id' );
$userLogin = $user->attribute( 'login' );
$message = "[$ip] [$userLogin:$userID]\n";
foreach ( array_keys( $auditAttributes ) as $attributeKey )
{
$attributeValue = $auditAttributes[$attributeKey];
$message .= "$attributeKey: $attributeValue\n";
}
$logName = $auditNameSettings[$auditName]['file_name'];
$dir = $auditNameSettings[$auditName]['dir'];
eZLog::write( $message, $logName, $dir );
return true;
}
public function reset()
{
$this->_logData = array(
'guid' => uniqid(),
'cluster' => \ClusterTool::clusterIdentifier(),
'dateGMT' => gmdate('Y-m-d H:i:s'),
'dateLocal' => date('Y-m-d H:i:s'),
'action' => null,
'step' => null,
'uuid' => null,
'esb_status' => null,
'msg' => null,
'referer' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '',
'ip' => \eZSys::clientIP(),
'method' => $_SERVER['REQUEST_METHOD'],
);
}
private static function isAllowedByCurrentIP($allowedIpList)
{
$ipAddress = eZSys::clientIP();
if ($ipAddress) {
foreach ($allowedIpList as $itemToMatch) {
if (preg_match("/^(([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+))(\\/([0-9]+)\$|\$)/", $itemToMatch, $matches)) {
if ($matches[6]) {
if (self::isIPInNet($ipAddress, $matches[1], $matches[7])) {
return true;
}
} else {
if ($matches[1] == $ipAddress) {
return true;
}
}
}
}
return false;
} else {
return eZSys::isShellExecution() && in_array('commandline', $allowedIpList);
}
}
function checkServerIP()
{
$remoteHostIP = eZSys::clientIP();
$serverIPList = $this->ini->variable('ServerSettings', 'ServerIP');
if ($serverIPList === false) {
$this->logger->writeTimedString("Skipped the IP check because ServerIP is not set in the settings. Remote host is: {$remoteHostIP}.", 'checkServerIP');
return true;
}
if (is_array($serverIPList) && in_array($remoteHostIP, $serverIPList)) {
return true;
}
$this->logger->writeTimedString("server with ip = {$remoteHostIP} does not exist.", 'checkServerIP failed');
$this->logger->writeTimedString($serverIPList, 'serverIPList from ini file is');
return false;
}
static function isUserIPInList($ipList)
{
$ipAddress = eZSys::clientIP();
if ($ipAddress) {
$result = false;
foreach ($ipList as $itemToMatch) {
if (preg_match("/^(([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+))(\\/([0-9]+)\$|\$)/", $itemToMatch, $matches)) {
if ($matches[6]) {
if (eZDebug::isIPInNet($ipAddress, $matches[1], $matches[7])) {
$result = true;
break;
}
} else {
if ($matches[1] == $ipAddress) {
$result = true;
break;
}
}
}
}
} else {
$result = in_array('commandline', $ipList) && php_sapi_name() == 'cli';
}
return $result;
}
/**
* This method gets called by self::filter()
*/
public static function doLog($method, array $values, &$output)
{
switch ($method) {
case 'apache':
foreach ($values as $varName => $value) {
/// @todo should remove any " or space chars in the value for proper parsing by updateperfstats.php
apache_note($varName, $value);
}
break;
case 'piwik':
$text = '';
foreach (eZPerfLoggerINI::variable('GeneralSettings', 'TrackVariables') as $i => $var) {
$text .= "\npiwikTracker.setCustomVariable( {$i}, \"{$var}\", \"{$values[$var]}\", \"page\" );";
}
$text .= "\npiwikTracker.trackPageView();";
$output = preg_replace('/piwikTracker\\.trackPageView\\( *\\);?/', $text, $output);
break;
case 'googleanalytics':
$text = '';
foreach (eZPerfLoggerINI::variable('GeneralSettings', 'TrackVariables') as $i => $var) {
$text .= "\n_gaq.push([{$i}, '{$var}', '{$values[$var]}', 3]);";
}
$text .= "\n_gaq.push(['_trackPageview']);";
$output = preg_replace("/_gaq.push\\( *[ *['\"]_trackPageview['\"] *] *\\);?/", $text, $output);
break;
case 'logfile':
case 'syslog':
/// same format as Apache "combined" by default
$size = self::$outputSize;
if ($size == 0) {
$size = '-';
}
$text = eZPerfLoggerApacheLogger::apacheLogLine('combined', $size, self::$returnCode) . ' ';
foreach ($values as $value) {
// do same as apache does: replace nulls with "-"
if ((string) $value === '') {
$text .= "- ";
} else {
/// @todo should remove any " or space chars in the value for proper parsing by updateperfstats.php
$text .= $value . " ";
}
}
if ($method == 'logfile') {
$text .= "\n";
file_put_contents(eZPerfLoggerINI::variable('logfileSettings', 'FileName'), $text, FILE_APPEND);
} else {
// syslog: we use apache log format for lack of a better idea...
openlog("eZPerfLog", LOG_PID, LOG_USER);
syslog(LOG_INFO, $text);
}
break;
case 'headers':
$prefix = eZPerfLoggerINI::variable('HeadersSettings', 'HeaderPrefix');
foreach (eZPerfLoggerINI::variable('GeneralSettings', 'TrackVariables') as $i => $var) {
header($prefix . str_replace(array('(', ')', '<', '>', '@', ',', ';', ':', '\\', '"', '/', '[', ']', '?', '=', '{', '}', ' ', "\t"), '-', $var) . ': ' . $values[$var]);
}
break;
case 'database':
case 'csv':
case 'storage':
if ($method == 'csv') {
$storageClass = 'eZPerfLoggerCSVStorage';
} else {
if ($method == 'database') {
$storageClass = 'eZPerfLoggerDBStorage';
} else {
$storageClass = eZPerfLoggerINI::variable('ParsingSettings', 'StorageClass');
}
}
/// @todo log error if storage class does not implement correct interface
// when we deprecate php 5.2, we will be able to use $storageClass::insertStats...
call_user_func(array($storageClass, 'insertStats'), array(array('url' => isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $_SERVER["PHP_SELF"], 'ip' => is_callable('eZSys::clientIP') ? eZSys::clientIP() : eZSys::serverVariable('REMOTE_ADDR'), 'time' => time(), 'response_status' => self::$returnCode, 'response_size' => self::$outputSize, 'counters' => $values)));
break;
/// @todo !important log a warning for default case (unhandled log format)
}
}
$server->showResponse('unknown_function_name', $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDREQUESTERROR, ggWebservicesServer::INVALIDREQUESTSTRING));
eZExecution::cleanExit();
die;
}
if ($protocol == 'REST') {
// hack! eZ is better at parsing the last path part than the REST request
// on its own (in an eZP context...)
$functionName = $Params['session'];
} else {
$functionName = $request->name();
}
$params = $request->parameters();
$wsINI = eZINI::instance('wsproviders.ini');
// auth: validate incoming IP address first
if ($wsINI->variable('GeneralSettings', 'ValidateClientIPs') == 'enabled') {
$ip = is_callable('eZSys::clientIP') ? eZSys::clientIP() : eZSys::serverVariable('REMOTE_ADDR');
if (!in_array($ip, $wsINI->variable('GeneralSettings', 'ValidClientIPs'))) {
// Error: access denied. We respond using an answer which is correct according
// to the protocol used by the caller, instead of going through the standard
// eZ access denied error handler, which displays in general an html page
// with a 200 OK http return code
$server->showResponse($functionName, $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING));
eZExecution::cleanExit();
die;
// $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
}
}
// if integration with jscore is enabled, look up function there
// NB: ezjscServerRouter::getInstance does internally perms checking, but
// it does not return to us different values for method not found / perms not accorded
if ($wsINI->variable('GeneralSettings', 'JscoreIntegration') == 'enabled' && class_exists('ezjscServerRouter')) {
/**
* If debugging is allowed for the current IP address.
*
* @param array $allowedIpList
* @return bool
*/
private static function isAllowedByCurrentIP($allowedIpList)
{
$ipAddresIPV4Pattern = "/^(([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+))(\\/([0-9]+)\$|\$)/";
$ipAddressIPV6Pattern = "/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))(\\/([0-9]+)\$|\$)\$/";
$ipAddress = eZSys::clientIP();
if ($ipAddress) {
foreach ($allowedIpList as $itemToMatch) {
// Test for IPv6 Addresses first instead of IPv4 addresses as IPv6
// addresses can contain dot separators within them
if (preg_match("/:/", $ipAddress)) {
if (preg_match($ipAddressIPV6Pattern, $itemToMatch, $matches)) {
if ($matches[69]) {
if (self::isIPInNetIPv6($ipAddress, $itemToMatch)) {
return true;
}
} else {
if ($matches[1] == $itemToMatch) {
return true;
}
}
}
} elseif (preg_match("/\\./", $ipAddress)) {
if (preg_match($ipAddresIPV4Pattern, $itemToMatch, $matches)) {
if ($matches[6]) {
if (self::isIPInNet($ipAddress, $matches[1], $matches[7])) {
return true;
}
} else {
if ($matches[1] == $ipAddress) {
return true;
}
}
}
}
}
return false;
} else {
return eZSys::isShellExecution() && in_array('commandline', $allowedIpList);
}
}
