/** * Single Sign On (SSO) * * @return bool True : Module handling is necessary in the control path of current request , False : Otherwise */ public function checkSSO() { // pass if it's not GET request or XE is not yet installed if (!config('use_sso') || Rhymix\Framework\UA::isRobot()) { return TRUE; } $checkActList = array('rss' => 1, 'atom' => 1); if (self::getRequestMethod() != 'GET' || !self::isInstalled() || isset($checkActList[self::get('act')])) { return TRUE; } // pass if default URL is not set $default_url = trim($this->db_info->default_url); if (!$default_url) { return TRUE; } if (substr_compare($default_url, '/', -1) !== 0) { $default_url .= '/'; } // Get current site information (only the base URL, not the full URL) $current_site = self::getRequestUri(); // Step 1: if the current site is not the default site, send SSO validation request to the default site if ($default_url !== $current_site && !self::get('sso_response') && $_COOKIE['sso'] !== md5($current_site)) { // Set sso cookie to prevent multiple simultaneous SSO validation requests setcookie('sso', md5($current_site), 0, '/'); // Redirect to the default site $sso_request = Rhymix\Framework\Security::encrypt(Rhymix\Framework\URL::getCurrentURL()); $redirect_url = $default_url . '?sso_request=' . urlencode($sso_request); header('Location:' . $redirect_url); return false; } // Step 2: receive and process SSO validation request at the default site if ($default_url === $current_site && self::get('sso_request')) { // Get the URL of the origin site $sso_request = Rhymix\Framework\Security::decrypt(self::get('sso_request')); if (!$sso_request || !preg_match('!^https?://!', $sso_request)) { self::displayErrorPage('SSO Error', 'Invalid SSO Request', 400); return false; } // Check that the origin site is a valid site in this XE installation (to prevent open redirect vuln) if (!getModel('module')->getSiteInfoByDomain(rtrim($url, '/'))->site_srl) { self::displayErrorPage('SSO Error', 'Invalid SSO Request', 400); return false; } // Redirect back to the origin site $sso_response = Rhymix\Framework\Security::encrypt(session_id()); header('Location: ' . Rhymix\Framework\URL::modifyURL($sso_request, array('sso_response' => $sso_response))); return false; } // Step 3: back at the origin site, set session ID to be the same as the default site if ($default_url !== $current_site && self::get('sso_response')) { // Check SSO response $sso_response = Rhymix\Framework\Security::decrypt(self::get('sso_response')); if ($sso_response === false) { self::displayErrorPage('SSO Error', 'Invalid SSO Response', 400); return false; } // Check that the response was given by the default site (to prevent session fixation CSRF) if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $default_url) !== 0) { self::displayErrorPage('SSO Error', 'Invalid SSO Response', 400); return false; } // Set session ID setcookie(session_name(), $sso_response); // Finally, redirect to the originally requested URL header('Location: ' . Rhymix\Framework\URL::getCurrentURL(array('sso_response' => null))); return false; } // If none of the conditions above apply, proceed normally return TRUE; }
/** * Get is current user crawler * * @param string $agent if set, use this value instead HTTP_USER_AGENT * @return bool */ function isCrawler($agent = NULL) { return Rhymix\Framework\UA::isRobot($agent); }
/** * Initialization. It finds the target module based on module, mid, document_srl, and prepares to execute an action * @return boolean true: OK, false: redirected * */ public function init() { $oModuleModel = getModel('module'); $site_module_info = Context::get('site_module_info'); // if success_return_url and error_return_url is incorrect $urls = array(Context::get('success_return_url'), Context::get('error_return_url')); foreach ($urls as $url) { if (empty($url)) { continue; } if ($host = parse_url($url, PHP_URL_HOST)) { $defaultHost = parse_url(Context::getDefaultUrl(), PHP_URL_HOST); if ($host !== $defaultHost) { $siteModuleHost = $site_module_info->domain; if (strpos($siteModuleHost, '/') !== false) { $siteModuleHost = parse_url($siteModuleHost, PHP_URL_HOST); } if ($host !== $siteModuleHost) { Context::set('success_return_url', null); Context::set('error_return_url', null); } } } } if (!$this->document_srl && $this->mid && $this->entry) { $oDocumentModel = getModel('document'); $this->document_srl = $oDocumentModel->getDocumentSrlByAlias($this->mid, $this->entry); if ($this->document_srl) { Context::set('document_srl', $this->document_srl); } } // Get module's information based on document_srl, if it's specified if ($this->document_srl) { $module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl); // If the document does not exist, remove document_srl if (!$module_info) { if (Context::getRequestMethod() == 'GET') { $this->error = 'The document does not exist'; $this->httpStatusCode = '404'; return true; } else { unset($this->document_srl); } } else { // If it exists, compare mid based on the module information // if mids are not matching, set it as the document's mid if (!$this->mid || $this->mid != $module_info->mid) { if (Context::getRequestMethod() == 'GET') { Context::setCacheControl(0); header('location: ' . getNotEncodedSiteUrl($site_module_info->domain, 'mid', $module_info->mid, 'document_srl', $this->document_srl), true, 301); return false; } else { $this->mid = $module_info->mid; Context::set('mid', $this->mid); } } // if requested module is different from one of the document, remove the module information retrieved based on the document number if ($this->module && $module_info->module != $this->module) { unset($module_info); } // if the secret document permission does not have, specify HTTP 403 if (Context::getRequestMethod() == 'GET') { $oDocumentModel = getModel('document'); $oDocument = $oDocumentModel->getDocument($this->document_srl); if ($oDocument->isSecret() || $oDocument->get('status') === $oDocumentModel->getConfigStatus('temp')) { if (!$oDocument->isGranted() && !$oDocument->isAccessible()) { $this->httpStatusCode = '403'; } } } } } // If module_info is not set yet, and there exists mid information, get module information based on the mid if (!$module_info && $this->mid) { $module_info = $oModuleModel->getModuleInfoByMid($this->mid, $site_module_info->site_srl); //if($this->module && $module_info->module != $this->module) unset($module_info); } // redirect, if module_site_srl and site_srl are different if (!$this->module && !$module_info && $site_module_info->site_srl == 0 && $site_module_info->module_site_srl > 0) { Context::setCacheControl(0); $site_info = $oModuleModel->getSiteInfo($site_module_info->module_site_srl); header('location: ' . getNotEncodedSiteUrl($site_info->domain, 'mid', $site_module_info->mid), true, 301); return false; } // If module_info is not set still, and $module does not exist, find the default module if (!$module_info && !$this->module && !$this->mid) { $module_info = $site_module_info; } if (!$module_info && !$this->module && $site_module_info->module_site_srl) { $module_info = $site_module_info; } // redirect, if site_srl of module_info is different from one of site's module_info if ($module_info && $module_info->site_srl != $site_module_info->site_srl && !Rhymix\Framework\UA::isRobot()) { // If the module is of virtual site if ($module_info->site_srl) { $site_info = $oModuleModel->getSiteInfo($module_info->site_srl); $redirect_url = getNotEncodedSiteUrl($site_info->domain, 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); // If it's called from a virtual site, though it's not a module of the virtual site } else { $redirect_url = getNotEncodedSiteUrl(Context::getDefaultUrl(), 'mid', Context::get('mid'), 'document_srl', Context::get('document_srl'), 'module_srl', Context::get('module_srl'), 'entry', Context::get('entry')); } Context::setCacheControl(0); header("Location: {$redirect_url}", true, 301); return false; } // redirect, if site start module if (Context::getRequestMethod() === 'GET' && isset($_GET['mid']) && $_GET['mid'] === $site_module_info->mid && count($_GET) === 1) { Context::setCacheControl(0); header('location: ' . getNotEncodedSiteUrl($site_module_info->domain), true, 301); return false; } // If module info was set, retrieve variables from the module information if ($module_info) { $this->module = $module_info->module; $this->mid = $module_info->mid; $this->module_info = $module_info; if ($module_info->mid == $site_module_info->mid) { $seo_title = config('seo.main_title') ?: '$SITE_TITLE - $SITE_SUBTITLE'; } else { $seo_title = config('seo.subpage_title') ?: '$SITE_TITLE - $SUBPAGE_TITLE'; } getController('module')->replaceDefinedLangCode($seo_title); Context::setBrowserTitle($seo_title, array('site_title' => Context::getSiteTitle(), 'site_subtitle' => Context::getSiteSubtitle(), 'subpage_title' => $module_info->browser_title, 'page' => Context::get('page') ?: 1)); $module_config = $oModuleModel->getModuleConfig('module'); if ($module_info->meta_keywords) { Context::addMetaTag('keywords', $module_info->meta_keywords); } elseif ($module_config->meta_keywords) { Context::addMetaTag('keywords', $module_config->meta_keywords); } if ($module_info->meta_description) { Context::addMetaTag('description', $module_info->meta_description); } elseif ($module_config->meta_description) { Context::addMetaTag('description', $module_config->meta_description); } $viewType = Mobile::isFromMobilePhone() ? 'M' : 'P'; $targetSrl = Mobile::isFromMobilePhone() ? 'mlayout_srl' : 'layout_srl'; // use the site default layout. if ($module_info->{$targetSrl} == -1) { $oLayoutAdminModel = getAdminModel('layout'); $layoutSrl = $oLayoutAdminModel->getSiteDefaultLayout($viewType, $module_info->site_srl); } else { $layoutSrl = $module_info->{$targetSrl}; } // reset a layout_srl in module_info. $module_info->{$targetSrl} = $layoutSrl; $part_config = $oModuleModel->getModulePartConfig('layout', $layoutSrl); Context::addHtmlHeader($part_config->header_script); } // Set module and mid into module_info if (!isset($this->module_info)) { $this->module_info = new stdClass(); } $this->module_info->module = $this->module; $this->module_info->mid = $this->mid; // Set site_srl add 2011 08 09 $this->module_info->site_srl = $site_module_info->site_srl; // Still no module? it's an error if (!$this->module) { $this->error = 'msg_module_is_not_exists'; $this->httpStatusCode = '404'; return true; } // If mid exists, set mid into context if ($this->mid) { Context::set('mid', $this->mid, TRUE); } // Call a trigger after moduleHandler init $output = self::triggerCall('moduleHandler.init', 'after', $this->module_info); if (!$output->toBool()) { $this->error = $output->getMessage(); return true; } // Set current module info into context Context::set('current_module_info', $this->module_info); return true; }