protected function _fixup_dir(\HTRouter\Request $request) { $utils = new \HTRouter\Utils(); // Check if it doesn't end on a slash? $url = $request->getUri(); if (!empty($url) and $url[strlen($url) - 1] != '/') { // We are fixing a directory and we aren't allowed to add a slash. No good. if ($this->getConfig()->get("DirectorySlash") == false) { return \HTRouter::STATUS_DECLINED; } // Add the extra slash to the URL $url = parse_url($url); $url['path'] .= "/"; $url = $utils->unparse_url($url); // Redirect permanently new slashed url ( http://example.org/dir => http://example.org/dir/ ) $request->appendOutHeaders("Location", $url); return \HTRouter::STATUS_HTTP_MOVED_PERMANENTLY; } // In case a subrequest throws an error $error_notfound = false; // We can safely check and match against our directory index now $names = $this->getConfig()->get("DirectoryIndex"); $names[] = self::DEFAULT_DIRECTORY_INDEX_FILE; // @TODO: Seriously wrong. This needs to be placed in config? foreach ($names as $name) { $url = $this->_updateUrl($request->getUri(), $name); $subContainer = $this->_prepareContainerForSubRequest($url); $processor = new \HTRouter\Processor($subContainer); $status = $processor->processRequest(); $subrequest = $subContainer->getRequest(); $subrequest->setStatus($status); if (is_file($subrequest->getDocumentRoot() . $subrequest->getFilename())) { $this->_container->setRequest($subrequest); return \HTRouter::STATUS_OK; } if ($subrequest->getStatus() >= 300 && $subrequest->getStatus() < 400) { $this->_container->setRequest($subrequest); return $subrequest->getStatus(); } if ($subrequest->getStatus() != \HTRouter::STATUS_HTTP_NOT_FOUND && $subrequest->getStatus() != \HTRouter::STATUS_HTTP_OK) { $error_notfound = $subrequest->getStatus(); } } // "error_notfound" is set? return error_notfound if ($error_notfound) { return $error_notfound; } // Nothing to be done. Proceed to next module return \HTRouter::STATUS_DECLINED; }
function findUriOnDisk(\HTRouter\Request $request, $url) { return $request->getUri(); }
/** * Outputs an error message generated from the current request. * * @param HTRouter\Request $request */ protected function _print_error(\HTRouter\Request $request) { echo <<<EOH <html> <head> <title>HTRouter error code: {$request->getStatus()} - {$request->getStatusLine()} </title> </head> <body> <h1>{$request->getStatus()} - {$request->getStatusLine()}</h1> <table> <tr><td>Uri</td><td>:</td><td>{$request->getUri()}<td></tr> <tr><td>DocRoot</td><td>:</td><td>{$request->getDocumentRoot()}<td></tr> <tr><td>Filename</td><td>:</td><td>{$request->getFilename()}<td></tr> </table> </body> </html> EOH; }
/** * @param \HTRouter\Request $request * @return array|int */ public function authenticateBasicUser(\HTRouter\Request $request) { /** * @var $plugin \HTRouter\AuthModule */ $plugin = $this->_container->getConfig()->get("AuthType"); if (!$plugin || !$plugin instanceof \HTRouter\AuthModule || $plugin->getName() != "Basic") { return \HTRouter::STATUS_DECLINED; } // Set our handler type $request->setAuthType($this->getName()); // Check realm if (!$this->getConfig()->get("AuthName")) { $this->getLogger()->log(\HTRouter\Logger::ERRORLEVEL_ERROR, "need authname: " . $request->getUri()); return \HTRouter::STATUS_HTTP_INTERNAL_SERVER_ERROR; } $ret = $this->_getBasicAuth($request); if (!is_array($ret)) { $request->appendOutHeaders("WWW-Authenticate", "Basic realm=\"" . $this->getConfig()->get("AuthName") . "\""); return $ret; } list($user, $pass) = $ret; // By default, we are not found $result = \HTRouter\AuthModule::AUTH_NOT_FOUND; // Iterator through all the registered providers to $providers = $this->getRouter()->getProviders(\HTRouter::PROVIDER_AUTHN_GROUP); foreach ($providers as $provider) { /** * @var $provider \HTRouter\AuthnModule */ $result = $provider->checkPassword($request, $user, $pass); if ($result != \HTRouter\AuthModule::AUTH_NOT_FOUND) { // Found (either denied or granted), we don't need to check any more providers break; } } // Set the authenticated user inside the request if ($result != \HTRouter\AuthModule::AUTH_GRANTED) { if ($this->getConfig()->get("AuthzUserAuthoritative") && $result != \HTRouter\AuthModule::AUTH_DENIED) { // Not authoritative so we decline and goto the next checker return \HTRouter::STATUS_DECLINED; } switch ($result) { case \HTRouter\AuthModule::AUTH_DENIED: $retval = \HTRouter::STATUS_HTTP_UNAUTHORIZED; break; case \HTRouter\AuthModule::AUTH_NOT_FOUND: $retval = \HTRouter::STATUS_HTTP_UNAUTHORIZED; break; default: $retval = \HTRouter::STATUS_HTTP_INTERNAL_SERVER_ERROR; break; } // If we need to send a 403, do it if ($retval == \HTRouter::STATUS_HTTP_UNAUTHORIZED) { $request->appendOutHeaders("WWW-Authenticate", "Basic realm=\"" . $this->getConfig()->get("AuthName") . "\""); } return $result; } return \HTRouter::STATUS_OK; }
function fixUp(\HTRouter\Request $request) { if ($this->getConfig()->get("RewriteEngine") == false) { return \HTRouter::STATUS_DECLINED; } // Temp save $oldFilename = $request->getFilename(); if (!$request->getFilename()) { $request->setFilename($request->getUri()); } $ruleStatus = $this->_applyRewrites(); if ($ruleStatus) { if ($ruleStatus == self::ACTION_STATUS) { $n = $request->getStatus(); $request->setStatus(\HTROUTER::STATUS_HTTP_OK); return $n; } if (($skip = $this->_is_absolute_url($request->getFilename())) > 0) { if ($ruleStatus == self::ACTION_NOESCAPE) { $request->setFilename(urlencode($request->getFilename(), $skip)); } // Add query string if needed if ($request->getArgs()) { if ($ruleStatus == self::ACTION_NOESCAPE) { $request->setFilename($request->getFilename() . "?" . $request->getQueryString()); } else { $request->setFilename($request->getFilename() . "?" . urlencode($request->getQueryString())); } } // Is this a redirect? if ($request->getStatus() >= 300 && $request->getStatus() < 400) { $n = $request->getStatus(); $request->setStatus(\HTRouter::STATUS_HTTP_OK); } else { // No redirect, but we need to redir anyway.. $n = \HTRouter::STATUS_HTTP_MOVED_TEMPORARILY; } // The filename is the URI to redirect.. strange, I know... $request->appendOutHeaders("Location", $request->getFilename()); return $n; } elseif (substr($request->getFilename(), 0, 12) == "passthrough:") { // Starts with passthrough? Let's pass $request->setUri(substr($request->getFilename(), 13)); return \HTRouter::STATUS_DECLINED; } else { // Local path if ($oldFilename == $request->getFilename()) { // Rewrite to the same name. Prevent deadlocks return \HTRouter::STATUS_HTTP_OK; } } } else { $request->getFilename($oldFilename); return \HTRouter::STATUS_DECLINED; } return \HTRouter::STATUS_DECLINED; }
/** * These functions should return true|false or something to make sure we can continue with our stuff? * * @param \HTRouter\Request $request * @return bool * @throws \LogicException */ public function checkAccess(\HTRouter\Request $request) { // The way we parse things depends on the "order" switch ($this->getConfig()->get("AccessOrder")) { case self::ALLOW_THEN_DENY: $result = false; if ($this->_findAllowDeny($this->getConfig()->get("AccessAllow"))) { $result = \HTRouter::STATUS_OK; } if ($this->_findAllowDeny($this->getConfig()->get("AccessDeny"))) { $result = \HTRouter::STATUS_HTTP_FORBIDDEN; } break; case self::DENY_THEN_ALLOW: $result = \HTRouter::STATUS_OK; if ($this->_findAllowDeny($this->getConfig()->get("AccessDeny"))) { $result = \HTRouter::STATUS_HTTP_FORBIDDEN; } if ($this->_findAllowDeny($this->getConfig()->get("AccessAllow"))) { $result = \HTRouter::STATUS_OK; } break; case self::MUTUAL_FAILURE: if ($this->_findAllowDeny($this->getConfig()->get("AccessAllow")) and !$this->_findAllowDeny($this->getConfig()->get("AccessDeny"))) { $result = \HTRouter::STATUS_OK; } else { $result = \HTRouter::STATUS_HTTP_FORBIDDEN; } break; default: throw new \LogicException("Unknown order"); break; } // Not ok. Now we need to check if "satisfy any" already got a satisfaction if ($result == \HTRouter::STATUS_HTTP_FORBIDDEN && ($this->getConfig()->get("Satisfy") == "any" || count($this->getConfig()->get("Requires", array()) == 0))) { // Check if there is at least one require line in the htaccess. If found, it means that // we still have to possibility that we can be authorized $this->getLogger()->log(\HTRouter\Logger::ERRORLEVEL_ERROR, "Access denied for " . $request->getFilename() . " / " . $request->getUri()); } // Return what we need to return return $result; }
/** * @static * @param $string * @param \HTRouter\Request $request * @param array $ruleMatches * @param array $condMatches * @return mixed * @throws \RuntimeException */ public static function expandSubstitutions($string, \HTRouter\Request $request, $ruleMatches = array(), $condMatches = array()) { // Do backref matching on rewriterule ($1-$9) preg_match_all('|\\$([1-9])|', $string, $matches); foreach ($matches[1] as $index) { if (!isset($ruleMatches[$index - 1])) { throw new \RuntimeException("Want to match index {$index}, but nothing found in rule to match"); } $string = str_replace("\${$index}", $ruleMatches[$index - 1], $string); } // Do backref matching on the last rewritecond (%1-%9) preg_match_all('|\\%([1-9])|', $string, $matches); foreach ($matches[1] as $index) { if (!isset($condMatches[$index - 1])) { throw new \RuntimeException("Want to match index {$index}, but nothing found in condition to match"); } $string = str_replace("%{$index}", $condMatches[$index - 1], $string); } // Do variable substitution $string = str_replace("%{HTTP_USER_AGENT}", $request->getServerVar("HTTP_USER_AGENT"), $string); $string = str_replace("%{HTTP_REFERER}", $request->getServerVar("HTTP_REFERER"), $string); $string = str_replace("%{HTTP_COOKIE}", $request->getServerVar("HTTP_COOKIE"), $string); $string = str_replace("%{HTTP_FORWARDED}", $request->getServerVar("HTTP_FORWARDED"), $string); $string = str_replace("%{HTTP_HOST}", $request->getServerVar("HTTP_HOST"), $string); $string = str_replace("%{HTTP_PROXY_CONNECTION}", $request->getServerVar("HTTP_PROXY_CONNECTION"), $string); $string = str_replace("%{HTTP_ACCEPT}", $request->getServerVar("HTTP_ACCEPT"), $string); $string = str_replace("%{REMOTE_ADDR}", $request->getServerVar("REMOTE_ADDR"), $string); $string = str_replace("%{REMOTE_HOST}", $request->getServerVar("REMOTE_HOST"), $string); $string = str_replace("%{REMOTE_PORT}", $request->getServerVar("REMOTE_PORT"), $string); $string = str_replace("%{REMOTE_USER}", $request->getAuthUser(), $string); $string = str_replace("%{REMOTE_IDENT}", "", $string); // We don't support identing! $string = str_replace("%{REQUEST_METHOD}", $request->getMethod(), $string); $string = str_replace("%{SCRIPT_FILENAME}", $request->getFilename(), $string); $string = str_replace("%{PATH_INFO}", $request->getPathInfo(), $string); $string = str_replace("%{QUERY_STRING}", $request->getQueryString(), $string); if ($request->getAuthType()) { $string = str_replace("%{AUTH_TYPE}", $request->getAuthType()->getName(), $string); // Returns either Basic or Digest } else { $string = str_replace("%{AUTH_TYPE}", "", $string); } $string = str_replace("%{DOCUMENT_ROOT}", $request->getDocumentRoot(), $string); $string = str_replace("%{SERVER_ADMIN}", $request->getServerVar("SERVER_ADMIN"), $string); $string = str_replace("%{SERVER_NAME}", $request->getServerVar("SERVER_NAME"), $string); $string = str_replace("%{SERVER_ADDR}", $request->getServerVar("SERVER_ADDR"), $string); $string = str_replace("%{SERVER_PORT}", $request->getServerVar("SERVER_PORT"), $string); $string = str_replace("%{SERVER_PROTOCOL}", $request->getServerVar("SERVER_PROTOCOL"), $string); $router = \HTRouter::getInstance(); $string = str_replace("%{SERVER_SOFTWARE}", $router->getServerSoftware(), $string); // Non-deterministic, but it won't change over the course of a request, even if the seconds have changed! $string = str_replace("%{TIME_YEAR}", date("Y"), $string); // 2011 $string = str_replace("%{TIME_MON}", date("m"), $string); // 01-12 $string = str_replace("%{TIME_DAY}", date("d"), $string); // 01-31 $string = str_replace("%{TIME_HOUR}", date("H"), $string); // 00-23 $string = str_replace("%{TIME_MIN}", date("i"), $string); // 00-59 $string = str_replace("%{TIME_SEC}", date("s"), $string); // 00-59 $string = str_replace("%{TIME_WDAY}", date("w"), $string); // 0-6 (sun-sat) $string = str_replace("%{TIME}", date("YmdHis"), $string); // %04d%02d%02d%02d%02d%02d $string = str_replace("%{API_VERSION}", $router->getServerApi(), $string); //$string = str_replace("%{THE_REQUEST}", $request->getTheRequest(), $string); // "GET /dir HTTP/1.1" $string = str_replace("%{REQUEST_URI}", $request->getUri(), $string); $string = str_replace("%{REQUEST_FILENAME}", $request->getServerVar("SCRIPT_FILENAME"), $string); $string = str_replace("%{IS_SUBREQ}", $request->isSubRequest() ? "true" : "false", $string); $string = str_replace("%{HTTPS}", $request->isHttps() ? "on" : "off", $string); return $string; }
public function translateName(\HTRouter\Request $request) { // Need an (absolute) url $uri = $request->getUri(); if (empty($uri) || $uri[0] != '/') { return \HTRouter::STATUS_DECLINED; } // check if name matches one of the redirects foreach ($this->getConfig()->get("Redirects", array()) as $redirect) { // @TODO: Check if this is OK? $pos = strpos($request->getUri(), $redirect->urlpath); if ($pos === 0) { $url = $redirect->url . substr($request->getUri(), strlen($redirect->urlpath)); $qs = $request->getQueryString(); if (!empty($qs)) { $url .= '?' . $qs; } $request->appendOutHeaders("Location", $url); return $redirect->http_status; } } return \HTRouter::STATUS_DECLINED; }
function coreTranslateName(\HTRouter\Request $request) { $uri = $request->getUri(); if (empty($uri) || $uri[0] != '/' || $uri == "*") { $this->getLogger()->log(\HTRouter\Logger::ERRORLEVEL_ERROR, "Invalid uri in request: " . $uri); return \HTRouter::STATUS_HTTP_BAD_REQUEST; } $filename = $request->getUri(); $request->setFilename($filename); // Remember, filename must be relative from documentroot! return \HTRouter::STATUS_OK; }