コード例 #1
0
ファイル: Url.php プロジェクト: aufa/Enproject
 /**
  * Set URI String
  *
  * @param   string  $str    String Uri
  * @return  object  $this   Current class
  */
 protected function setUri($str)
 {
     $this->x_uri_blocked = false;
     // Filter out control characters and trim slashes
     $this->x_uri_string = trim(StringHelper::removeInvisibleCharacters($str, false), '/');
     if ($this->x_uri_string !== '') {
         // Remove the URL suffix, if present
         if (($suffix = $this->x_uri_sufix) !== '') {
             $slen = strlen($suffix);
             if (substr($this->x_uri_string, -$slen) === $suffix) {
                 $this->x_uri_string = substr($this->x_uri_string, 0, -$slen);
             }
         }
         // add first key
         $this->x_segments[0] = null;
         // Populate the x_segments array
         foreach (explode('/', trim($this->x_uri_string, '/')) as $val) {
             $val = trim($val);
             // Filter x_segments for security
             $this->filterUri($val);
             if ($val !== '') {
                 $this->x_segments[] = $val;
             }
         }
         unset($this->x_segments[0]);
     }
     return $this;
 }
コード例 #2
0
ファイル: Security.php プロジェクト: aufa/Enproject
 /**
  * Alternative decryption using Pure PHP Libraries
  * @http://px.sklar.com/code.html/id=1287
  * Fix and added More Secure Method
  *
  * @param  string $str  string to be decode
  * @param  string $pass the hash key
  * @return mixed        decryption value output
  */
 public static function altDecrypt($enc, $pass = '')
 {
     // if has $enc or invalid no value or not as string stop here
     if (!is_string($enc) || strlen(trim($enc)) < 4 || (strlen($enc) > 10 ? strpos($enc, 'aCb') !== 10 : strpos($enc, 'aCb') !== 2)) {
         // check if mcrypt loaded and crypt using mcrypt
         if (is_string($enc) && strlen(trim($enc)) > 3 && extension_loaded('mcrypt') && (strlen($enc) > 10 ? strpos($enc, 'mCb') === 10 : strpos($enc, 'mCb') === 2)) {
             return static::decrypt($enc, $pass);
         }
         return null;
     }
     /**
      * Replace Injection 3 characters sign
      */
     $enc = strlen($enc) > 10 ? substr_replace($enc, '', 10, 3) : substr_replace($enc, '', 2, 3);
     // this is base64 safe encoded?
     if (preg_match('/[^a-z0-9\\+\\/\\=\\-\\_]/i', $enc)) {
         return null;
     }
     /**
      * ------------------------------------
      * Safe Sanitized
      * ------------------------------------
      */
     $pass = !$pass ? Config::get('security_salt', '') : $pass;
     (is_null($pass) || $pass === false) && ($pass = '');
     // safe is use array orobject as hash
     $pass = StringHelper::maybeSerialize($pass);
     if (!$pass) {
         $pass = Sha1::hash($pass);
     }
     /**
      * Doing decode of input encryption
      */
     $enc = Internal::safeBase64Decode($enc);
     /**
      * ------------------------------------
      * Doing convert encrypted string
      * ------------------------------------
      */
     $enc_arr = str_split($enc);
     $pass_arr = str_split($pass);
     $add = 0;
     $div = strlen($enc) / strlen($pass);
     $newpass = '';
     while ($add <= $div) {
         $newpass .= $pass;
         $add++;
     }
     $pass_arr = str_split($newpass);
     $ascii = '';
     foreach ($enc_arr as $key => $asc) {
         $pass_int = ord($pass_arr[$key]);
         $enc_int = ord($asc);
         $str_int = $enc_int - $pass_int;
         $ascii .= chr($str_int - strlen($enc));
     }
     /* --------------------------------
      * reversing
      * ------------------------------ */
     // unpack
     $unpack = unpack('a*', trim($ascii));
     /**
      * if empty return here
      */
     if (!$unpack) {
         return null;
     }
     // implode the unpacking array
     $unpack = implode('', (array) $unpack);
     /**
      * Doing decode of input encryption from unpacked
      */
     $unpack = Internal::safeBase64Decode($unpack);
     /**
      * Reverse Rotate
      */
     $retval = Internal::rotate($unpack, 13);
     /**
      * For some case packing returning invisible characters
      * remove it
      */
     $retval = StringHelper::removeInvisibleCharacters($retval, false);
     // check if string less than 40 && match end of hash
     if (strlen($retval) < 40 || substr($retval, -40) !== Sha1::hash(Sha256::hash($pass))) {
         return;
     }
     // remove last 40 characters
     $retval = substr($retval, 0, strlen($retval) - 40);
     // check if result is not string it will be need to be unserialize
     $retval = StringHelper::maybeUnserialize($retval);
     /**
      * Check if value is array
      */
     if (is_array($retval) && array_key_exists('acb', $retval)) {
         return $retval['acb'];
     }
     // freed the memory
     unset($retval);
     return null;
 }
コード例 #3
0
ファイル: Controller.php プロジェクト: aufa/Enproject
 /**
  * Agregate Display
  *
  * @return void
  */
 private static final function displayRender()
 {
     // set 500 fatal error
     if (static::$x_is_fatal || Route::isFatalError()) {
         static::$x_is_fatal = true;
         // set again
         Route::setFatalError();
         // set fatal error
         Response::setStatus(500);
         // set 500
     } elseif (Route::isNoMatch()) {
         Response::setStatus(404);
         // set 404
     }
     /**
      * check again if not set on boolean
      */
     if (static::$x_is_request_head === null) {
         static::$x_is_request_head = Request::isHead();
     }
     /**
      * Get Request
      * This as cached variable to prevent Being Overide
      */
     $is_head_request = static::$x_is_request_head;
     /**
      * If not in Head request
      * get body content before and prepend it
      */
     if (!$is_head_request) {
         // start buffer if not exists
         ob_get_level() || ob_start();
         $body = ob_get_clean();
         /**
          * Prepend The Body if there's some output before prepend it
          */
         Response::prepend($body);
     } else {
         // if on head request set into empty string
         Response::setBody('');
     }
     /**
      * Fetch status, header, and body
      */
     list($status, $headers, $body) = Response::finalize();
     /**
      * Serialize cookies (with optional encryption)
      * set cookie header into Response
      */
     Response::serializeCookies($headers);
     /**
      * no headers hooks for fatal error
      */
     if (!static::$x_is_fatal && !$is_head_request) {
         /**
          * Set OLD Header And status
          * for safe header request
          */
         $old_headers = $headers->all();
         $old_status = $headers->all();
         /**
          * Doing Headers Hook
          * @var string
          */
         $headers = Hook::apply('x_headers', $headers->all());
         // if on hooks change headers has not array
         if (!is_array($headers)) {
             $headers = $old_headers;
         }
         /**
          * Doing Status Hook
          * @var string
          */
         $status = (int) Hook::apply('x_header_status', $status);
         // if on hooks change status  and that is invalid
         if (!Response::getMessageForCode($status)) {
             $status = $old_status;
         }
         // freed
         unset($old_headers, $old_status);
     }
     /**
      * for safe method, check if headers
      * has not already sent.
      * header will be send into client
      * that if header has been sent , the header set will be
      * thrown an error
      */
     if (!headers_sent()) {
         /**
          * Send status header
          */
         if (strpos(PHP_SAPI, 'cgi') === 0) {
             header(sprintf('Status: %s', Response::getMessageForCode($status)));
         } else {
             header(sprintf('HTTP/%s %s', Config::get('http_version', '1.1'), Response::getMessageForCode($status)));
         }
         /**
          * Send headers, getting all headers and set it
          */
         foreach ($headers as $name => $value) {
             if (!is_string($value)) {
                 continue;
             }
             $hValues = explode("\n", $value);
             foreach ($hValues as $hVal) {
                 header("{$name}: {$hVal}", false);
             }
         }
     }
     /**
      * Hook Body / Output Content
      * @var string
      */
     $body = Hook::apply('x_before_output', $body);
     /**
      * Send body, but only if it isn't a HEAD request
      */
     if (!Request::isHead()) {
         /**
          * Hoks only available if no fatal
          */
         if (!static::$x_is_fatal) {
             /**
              * Force tag Output
              */
             if (Config::get('force_tag', false)) {
                 // force balance the tags
                 $body = Hook::apply('x_force_tag_output', Filter::forceBalanceTags($body), $body);
             }
             /**
              * Safe Output Check
              */
             if (Config::get('safe_output', false)) {
                 // Filtering multibyte entities and set entities into false
                 $body = Hook::apply('x_safe_output', Filter::multibyteEntities($body, false), $body, false);
             }
             /**
              * Inject Error Info if on debug mode
              */
             if (Config::get('debug', false)) {
                 $error = ErrorHandler::HtmlError();
                 /**
                  * Insert Into Body content if exists
                  * if exist data-target='x_data_error' -> will be inserted here
                  * or will  be inserted into after open <body(.?)> tag
                  */
                 if ($error && is_string($error)) {
                     $body = Hook::apply('x_error_output', preg_match('/(<div\\s*(?:data\\-target\\=(\'|\\")([\\w:]*\\s+)?x_data_error(\\s+|$2)*)(?:[^>]*)>)/', $body) ? preg_replace('/(<div\\s*(?:data\\-target\\=(\'|\\")([\\w:]*\\s+)?x_data_error(\\s+|$2)*)(?:[^>]*)>(.*))/', "\$1{$error}\$2", $body) : (stripos($body, '<body') !== false && preg_match('/(<body\\s*(?:[^>]*)>)/i', $body) ? preg_replace('/(<body\\s*(?:[^>]*)>)/i', "\$1\n{$error}", $body) : preg_replace("/^\\s\\s(\\s*)/m", "\$1", $error) . "\n{$body}"), $body);
                 }
             }
         }
         /**
          * set again end of application
          */
         Benchmark::set('app', 'end');
         /**
          * check if contains shortcode here about %[
          * if exists will bereturning replace
          */
         if (strpos($body, "%[") !== false) {
             $body = str_replace(array('%[benchmark]%', '%[memory]%', '%[real_memory]%', '%[\\benchmark\\]%', '%[\\memory\\]%', '%[\\real_memory\\]%'), array(round(Benchmark::get('app'), 6), StringHelper::sizeFormat(Benchmark::getMemory(), 2), StringHelper::sizeFormat(Benchmark::getRealMemory(), 2), '%[benchmark]%', '%[memory]%', '%[real_memory]%'), $body);
             /**
              * fix escaped
              * Above will be replace if only one
              */
             strpos($body, "%[") !== false && ($body = preg_replace('/(\\%\\[)\\\\(\\\\+)(benchmark|memory|real\\_memory)\\\\(\\\\+)(\\]\\%)/', '$1$2$3$4$5', $body));
         }
         /**
          * Clean Body Output from empty non ascii characters
          * set second parameters to false because this is not URL
          */
         $body = StringHelper::removeInvisibleCharacters($body, false);
         /**
          * set response body
          */
         Response::setBody(Hook::apply('x_before_output', $body));
         if (!headers_sent() && in_array('Content-Length', headers_list())) {
             header('Content-Length: ' . Response::getLength(), true);
         }
         /**
          * freed memory
          */
         unset($body, $headers);
         /**
          * starting buffer if buffer has been cleaned before
          */
         ob_get_level() || ob_start();
         /**
          * print output
          */
         echo Response::getBody();
         /**
          * Set Hook after output if not in Fatal
          */
         if (!static::$x_is_fatal) {
             // do after
             Hook::doAction('x_after_output', Response::getBody());
             /**
              * start buffer again if bugger is cleared
              */
             ob_get_level() || ob_start();
             /**
              * doing after all end of system
              */
             Hook::doAction('x_after_all');
         }
         /**
          * set response body to empty freed the memory
          * Reset Body
          */
         Response::setBody('');
     }
     // restore error handler -> end
     restore_error_handler();
 }