public static function SetVisitorEntropyIDCookie() { //-- if (!defined('SMART_FRAMEWORK_VERSION')) { die('Smart Runtime // Set Visitor Entropy ID Cookie :: Requires SmartFramework to be loaded ...'); } //end if //-- if (defined('SMART_APP_VISITOR_COOKIE')) { die('SetVisitorEntropyIDCookie :: SMART_APP_VISITOR_COOKIE must not be re-defined ...'); } //end if //-- $cookie = ''; //-- {{{SYNC-SMART-UNIQUE-COOKIE}}} if (defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME') and !defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_SKIP')) { if ((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME != '') { if (SmartFrameworkSecurity::ValidateVariableName(strtolower((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME))) { //-- $cookie = (string) trim(strtolower(SmartFrameworkSecurity::FilterUnsafeString((string) $_COOKIE[(string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME]))); if ((string) $cookie == '' or strlen((string) $cookie) != 40 or !preg_match('/^[a-f0-9]+$/', (string) $cookie)) { $entropy = (string) sha1((string) Smart::unique_entropy('uuid-cookie')); // generate a random unique key ; cookie was not yet set or is invalid if (defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_DOMAIN') and (string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_DOMAIN != '') { @setcookie((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME, (string) $entropy, 0, '/', (string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_DOMAIN); // set it using domain } else { @setcookie((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME, (string) $entropy, 0, '/'); // set it } //end if else $cookie = (string) $entropy; } //end if //-- } //end if } //end if } //end if //-- #end# sync define('SMART_APP_VISITOR_COOKIE', (string) $cookie); // empty or cookie ID //-- }
public static function Run() { //-- global $configs; //-- //== //-- if (self::$MiddlewareCompleted !== false) { // avoid to execute more than 1 this middleware ! self::Raise500Error('Middleware App Execution already completed ...'); return; } //end if self::$MiddlewareCompleted = true; //-- $the_midmark = '[A]'; //-- if (SMART_FRAMEWORK_ADMIN_AREA !== true) { Smart::raise_error('Admin Middleware ERROR: SMART_FRAMEWORK_ADMIN_AREA is not set to TRUE', 'Invalid Area / This middleware is designed for Admin area and requires to turn ON the Administration flag ...'); return; } //end if //-- if (!defined('SMART_APP_TEMPLATES_DIR')) { self::Raise500Error('The SMART_APP_TEMPLATES_DIR not defined ...'); return; } //end if //-- if (defined('SMART_APP_MODULE_AREA')) { self::Raise500Error('Smart App Area must NOT be Defined outside controllers ...'); return; } //end if if (defined('SMART_APP_MODULE_AUTH')) { self::Raise500Error('Smart App Module Auth must NOT be Defined outside controllers ...'); return; } //end if if (defined('SMART_APP_MODULE_REALM_AUTH')) { self::Raise500Error('Smart App Module Realm Auth must NOT be Defined outside controllers ...'); return; } //end if if (defined('SMART_APP_MODULE_DIRECT_OUTPUT')) { self::Raise500Error('Smart App Module Direct Output must NOT be Defined outside controllers ...'); return; } //end if //-- //== //-- $smartframeworkservice = ''; // special operation if (SmartFrameworkRegistry::issetRequestVar('smartframeworkservice') === true) { $smartframeworkservice = (string) strtolower((string) SmartUnicode::utf8_to_iso((string) SmartFrameworkRegistry::getRequestVar('smartframeworkservice'))); switch ((string) $smartframeworkservice) { case 'status': case 'debug': break; default: // invalid value $smartframeworkservice = ''; } //end switch } //end if //-- //== //-- switch language by cookie (this needs to be before loading the app core) if (strlen(trim((string) $_COOKIE['SmartApp_ADM_LANGUAGE_SET'])) > 0) { SmartTextTranslations::setLanguage(trim((string) $_COOKIE['SmartApp_ADM_LANGUAGE_SET'])); } //end if //-- switch language by print cookie (this needs to be before loading the app core and after language by cookie) if (SmartFrameworkRegistry::issetRequestVar((string) SMART_FRAMEWORK_URL_PARAM_PRINTABLE) === true) { if (strtolower((string) SmartFrameworkRegistry::getRequestVar((string) SMART_FRAMEWORK_URL_PARAM_PRINTABLE)) == strtolower((string) SMART_FRAMEWORK_URL_VALUE_ENABLED)) { if (strlen(trim((string) $_COOKIE['SmartApp_ADM_PRINT_LANGUAGE_SET'])) > 0) { SmartTextTranslations::setLanguage(trim((string) $_COOKIE['SmartApp_ADM_PRINT_LANGUAGE_SET'])); } //end if } //end if } //end if //-- //== RAW OUTPUT FOR STATUS //-- if ((string) $smartframeworkservice == 'status') { //-- if (SMART_SOFTWARE_DISABLE_STATUS_POWERED === true) { $status_powered_info = ''; } else { $status_powered_info = (string) SmartComponents::draw_powered_info('no'); } //end if else //-- self::HeadersNoCache(); // headers: cache control, force no-cache echo SmartComponents::http_status_message('Smart.Framework :: Status :: [OK]', '<script type="text/javascript">setTimeout(function(){ self.location = self.location; }, 60000);</script><img src="lib/core/img/busy_bar.gif"><div><h1>' . date('Y-m-d H:i:s O') . ' // Service Ready :: ' . $the_midmark . '</h1></div>' . $status_powered_info . '<br>'); //-- return; // break stop //-- } //end if //-- //== OVERALL AUTHENTICATION BREAKPOINT //-- SmartAppBootstrap::Authenticate('admin'); // if the auth uses session it may start now //-- //== RAW OUTPUT FOR DEBUG //-- if ((string) $smartframeworkservice == 'debug') { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { self::HeadersNoCache(); // headers: cache control, force no-cache $the_debug_cookie = trim((string) $_COOKIE['SmartFramework__DebugAdmID']); echo SmartDebugProfiler::print_debug_info('adm', $the_debug_cookie); } else { http_response_code(404); echo SmartComponents::http_message_404_notfound('No Debug service has been activated on this server ...'); } //end if //-- return; // break stop //-- } //end if else //-- //== LOAD THE MODULE (OR DEFAULT MODULE) //-- $reserved_controller_names = ['php', 'html', 'stml', 'css', 'js', 'json', 'xml', 'rss', 'txt', 'csv', 'sql', 'png', 'gif', 'jpg', 'pdf', 'svg', 'zip', '7z', 'netarch']; // these are reserved extensions and cannot be used as controller names because they need to be used also with friendly URLs as the 2nd param if module is missing from URL page param //-- $err404 = ''; $arr = array(); //-- $page = (string) SmartUnicode::utf8_to_iso((string) SmartFrameworkRegistry::getRequestVar('page')); $page = trim(str_replace(array('/', '\\', ':', '?', '&', '=', '%'), array('', '', '', '', '', '', ''), $page)); // fix for get as it automatically replaces . with _ (so, reverse), but also fix some invalid characters ... if ((string) $page == '') { $page = (string) $configs['app']['admin-home']; } //end if //-- if (strpos($page, '.') !== false) { // page can be as module.controller / module.controller(.php|html|stml|css|js|json|xml|rss|txt|csv|sql|png|gif|jpg|pdf|svg|zip|7z|netarch) //-- $arr = (array) explode('.', (string) $page, 3); // separe 1st and 2nd from the rest //-- //# //# $arr[0] = trim(strtolower((string) $arr[0])); // module $arr[1] = trim(strtolower((string) $arr[1])); // controller //# //# Admin will NOT integrate with friendly URLs SMART_FRAMEWORK_SEMANTIC_URL_SKIP_MODULE //# that feature is just for Index //# //-- } elseif ((string) $configs['app']['admin-default-module'] != '') { //-- $arr[0] = trim(strtolower((string) $configs['app']['admin-default-module'])); // get default module $arr[1] = trim(strtolower((string) $page)); // controller //-- } else { //-- if ((string) $err404 == '') { $err404 = 'Invalid Page (Invalid URL Page Segments Syntax): ' . $page; } //end if //-- } //end if else //-- if ((string) $arr[0] == '' or (string) $arr[1] == '') { if ((string) $err404 == '') { $err404 = 'Invalid Page (Empty or Missing URL Page Segments): ' . $page; } //end if } //end if if (!preg_match('/^[a-z0-9_\\-]+$/', (string) $arr[0]) or !preg_match('/^[a-z0-9_\\-]+$/', (string) $arr[1])) { if ((string) $err404 == '') { $err404 = 'Invalid Page (Invalid Characters in the URL Page Segments): ' . $page; } //end if } //end if if (in_array((string) $arr[1], (array) $reserved_controller_names)) { if ((string) $err404 == '') { $err404 = 'Invalid Page (Reserved Page Controller Name): [' . $arr[1] . '] in: ' . $page; } //end if } //end if //-- $the_controller_name = (string) $arr[0] . '.' . $arr[1]; $the_path_to_module = Smart::safe_pathname(SmartFileSysUtils::add_dir_last_slash('modules/mod-' . Smart::safe_filename($arr[0]))); $the_module = Smart::safe_pathname($the_path_to_module . Smart::safe_filename($arr[1]) . '.php'); if (!is_file($the_module)) { if ((string) $err404 == '') { $err404 = 'Page does not exist: ' . $page; } //end if } //end if //-- if ((string) $err404 != '') { self::Raise404Error((string) $err404); return; } //end if //-- if (!SmartFileSysUtils::check_file_or_dir_name($the_path_to_module) or !SmartFileSysUtils::check_file_or_dir_name($the_module)) { self::Raise400Error('Insecure Module Access for Page: ' . $page); return; } //end if //-- if (class_exists('SmartAppIndexController') or class_exists('SmartAppAdminController')) { self::Raise500Error('Module Class Runtimes must be defined only in modules ...'); return; } //end if //-- require (string) $the_module; //-- if ((string) SMART_APP_MODULE_AREA !== 'ADMIN' and (string) SMART_APP_MODULE_AREA !== 'SHARED') { self::Raise403Error('Page Access Denied for Admin Area: ' . $page); return; } //end if if (defined('SMART_APP_MODULE_AUTH')) { if (SmartAuth::check_login() !== true) { self::Raise403Error('Page Access Denied ! No Authentication: ' . $page); return; } //end if if (defined('SMART_APP_MODULE_REALM_AUTH')) { if ((string) SmartAuth::get_login_realm() !== (string) SMART_APP_MODULE_REALM_AUTH) { self::Raise403Error('Page Access Denied ! Invalid Login Realm: ' . $page); return; } //end if } //end if } //end if //-- if (!class_exists('SmartAppAdminController')) { self::Raise500Error('Invalid Module Class Runtime for Page: ' . $page); return; } //end if if (!is_subclass_of('SmartAppAdminController', 'SmartAbstractAppController')) { self::Raise500Error('Invalid Module Class Inheritance for Controller Page: ' . $page); return; } //end if //-- //== PATHS //-- $base_script = SmartUtils::get_server_current_script(); $base_full_path = SmartUtils::get_server_current_path(); $base_full_url = SmartUtils::get_server_current_url(); //-- //== RUN THE MODULE //-- $appModule = new SmartAppAdminController($the_path_to_module, $base_script, $base_full_path, $base_full_url, $page, $the_controller_name); //-- if (SMART_APP_MODULE_DIRECT_OUTPUT !== true) { ob_start(); } //end if $appStatusCode = (int) $appModule->Run(); $appModule->ShutDown(); if (SMART_APP_MODULE_DIRECT_OUTPUT !== true) { $ctrl_output = ob_get_contents(); ob_end_clean(); if ((string) $ctrl_output != '') { Smart::log_warning('The middleware service ' . $the_midmark . ' detected an illegal output in the controller: ' . $page . "\n" . 'The result of this output is: ' . $ctrl_output); } //end if $ctrl_output = ''; } else { return; // break stop after the controller has terminated the direct output } //end if else //-- $appSettings = (array) $appModule->PageViewGetCfgs(); //-- //== CACHE CONTROL //-- if ((int) $appSettings['expires'] > 0 and (string) SMART_FRAMEWORK_DEBUG_MODE != 'yes') { self::HeadersCacheExpire((int) $appSettings['expires'], (int) $appSettings['modified']); // headers: cache expiration control } else { self::HeadersNoCache(); // headers: cache control, force no-cache } //end if else //-- //== STATUS CODE //-- switch ((int) $appStatusCode) { //-- client errors case 400: self::Raise400Error((string) $appSettings['error']); return; break; case 401: self::Raise401Error((string) $appSettings['error']); return; break; case 403: self::Raise403Error((string) $appSettings['error']); return; break; case 404: self::Raise404Error((string) $appSettings['error']); return; break; case 429: self::Raise429Error((string) $appSettings['error']); return; break; //-- server errors //-- server errors case 500: self::Raise500Error((string) $appSettings['error']); return; break; case 502: self::Raise502Error((string) $appSettings['error']); return; break; case 503: self::Raise503Error((string) $appSettings['error']); return; break; case 504: self::Raise504Error((string) $appSettings['error']); return; break; //-- extended 2xx statuses: NOTICE / WARNING / ERROR that can be used for REST / API //-- extended 2xx statuses: NOTICE / WARNING / ERROR that can be used for REST / API case 202: // NOTICE if (!headers_sent()) { http_response_code(202); // Accepted (this should be used only as an alternate SUCCESS code instead of 200 for NOTICES) } else { Smart::log_warning('Headers Already Sent before 202 ...'); } //end if else break; case 203: // WARNING if (!headers_sent()) { http_response_code(203); // Non-Authoritative Information (this should be used only as an alternate SUCCESS code instead of 200 for WARNINGS) } else { Smart::log_warning('Headers Already Sent before 203 ...'); } //end if else break; case 208: // ERROR if (!headers_sent()) { http_response_code(208); // Already Reported (this should be used only as an alternate SUCCESS code instead of 200 for ERRORS) } else { Smart::log_warning('Headers Already Sent before 208 ...'); } //end if else break; //-- DEFAULT: OK //-- DEFAULT: OK case 200: default: // any other codes not listed above are not supported and will be interpreted as 200 // nothing to do here ... } //end switch //-- //== PREPARE THE OUTPUT //-- if (stripos((string) $configs['js']['popup-override-mobiles'], '<' . SmartUtils::get_os_browser_ip('os') . '>') !== false) { $configs['js']['popup-mode'] = 'popup'; // particular os settings for mobiles } //end if //-- $rawpage = ''; if (isset($appSettings['rawpage'])) { $rawpage = strtolower((string) $appSettings['rawpage']); if ((string) $rawpage == 'yes') { $rawpage = 'yes'; // standardize the value } //end if } //end if if ((string) $rawpage != 'yes') { $rawpage = ''; } //end if //-- $rawmime = ''; if (isset($appSettings['rawmime'])) { $rawmime = (string) $appSettings['rawmime']; if ((string) $rawmime != '') { $rawmime = SmartValidator::validate_mime_type($rawmime); } //end if } //end if else //-- $rawdisp = ''; if (isset($appSettings['rawdisp'])) { $rawdisp = (string) $appSettings['rawdisp']; if ((string) $rawdisp != '') { $rawdisp = SmartValidator::validate_mime_disposition($rawdisp); } //end if } //end if else //-- $appData = (array) $appModule->PageViewGetVars(); //-- $appData['base-path'] = (string) $base_full_path; $appData['base-url'] = (string) $base_full_url; //-- //== REDIRECTION HANDLER (this can be set only explicit from Controllers) //-- if ((string) $appSettings['redirect-url'] != '') { // expects a valid URL //-- $the_redirect_link = '<a href="' . Smart::escape_html((string) $appSettings['redirect-url']) . '">' . Smart::escape_html((string) $appSettings['redirect-url']) . '</a>'; //-- if (headers_sent()) { Smart::log_warning('Headers Already Sent before Redirection: [' . $appStatusCode . '] ; URL: ' . $appSettings['redirect-url']); self::Raise500Error('The app failed to Redirect to: ' . $the_redirect_link); return; } //end if switch ((int) $appStatusCode) { case 301: http_response_code(301); $the_redirect_text = 'Moved Permanently'; // permanent redirect for HTTP 1.0 / HTTP 1.1 break; case 302: default: // any other code will be interpreted as 302 (the default redirection in PHP) http_response_code(302); $the_redirect_text = 'Found'; // temporary redirect for HTTP 1.0 / HTTP 1.1 break; } //end switch header('Location: ' . SmartFrameworkSecurity::FilterUnsafeString((string) $appSettings['redirect-url'])); echo '<h1>' . Smart::escape_html($the_redirect_text) . '</h1>' . '<br>' . 'If the page redirection fails, click on the below link:' . '<br>' . $the_redirect_link; return; // break stop } //end if //-- //== DOWNLOADS HANDLER (downloads can be set only explicit from Controllers) //-- if ((string) $appSettings['download-packet'] != '' and (string) $appSettings['download-key'] != '') { // expects an encrypted data packet and a key $dwl_result = self::DownloadsHandler((string) $appSettings['download-packet'], (string) $appSettings['download-key']); if ((string) $dwl_result != '') { Smart::log_info('File Download - Client: ' . SmartUtils::get_visitor_signature(), (string) $dwl_result); // log result and mark it as finalized } //end if return; // break stop } //end if //-- //== RAW OUTPUT FOR PAGES //-- if ((string) $rawpage == 'yes') { //-- {{{SYNC-RESOURCES}}} if (function_exists('memory_get_peak_usage')) { $res_memory = @memory_get_peak_usage(false); } else { $res_memory = 'unknown'; } //end if else $res_time = (double) (microtime(true) - (double) SMART_FRAMEWORK_RUNTIME_READY); //-- #END-SYNC if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { //-- {{{SYNC-DEBUG-META-INFO}}} SmartFrameworkRegistry::setDebugMsg('stats', 'memory', $res_memory); // bytes SmartFrameworkRegistry::setDebugMsg('stats', 'time', $res_time); // seconds //-- #END-SYNC $the_debug_cookie = trim((string) $_COOKIE['SmartFramework__DebugAdmID']); SmartDebugProfiler::save_debug_info('adm', $the_debug_cookie, false); } else { $the_debug_cookie = ''; } //end if //-- if (headers_sent()) { Smart::raise_error('Middleware ERROR: Headers already sent', 'ERROR: Headers already sent !'); return; // avoid serve raw pages with errors injections before headers } //end if //-- if ((string) $rawmime != '') { header('Content-Type: ' . $rawmime); } //end if if ((string) $rawdisp != '') { header('Content-Disposition: ' . $rawdisp); } //end if header('Content-Length: ' . (0 + strlen((string) $appData['main']))); // must be strlen NOT SmartUnicode::str_len as it must get number of bytes not characters echo (string) $appData['main']; return; // break stop //-- } //end if else //-- //== DEFAULT OUTPUT //-- if (isset($appSettings['template-path'])) { if ((string) $appSettings['template-path'] == '@') { // if template path is set to self (module) $the_template_path = '@'; // this is a special setting } else { $the_template_path = Smart::safe_pathname(SmartFileSysUtils::add_dir_last_slash(trim((string) $appSettings['template-path']))); } //end if else } else { $the_template_path = Smart::safe_pathname(SmartFileSysUtils::add_dir_last_slash(trim((string) $configs['app']['admin-template-path']))); // use default template path } //end if else //-- if (isset($appSettings['template-file'])) { $the_template_file = Smart::safe_filename(trim((string) $appSettings['template-file'])); } else { $the_template_file = Smart::safe_filename(trim((string) $configs['app']['admin-template-file'])); // use default template } //end if else //-- if ((string) $the_template_path == '@') { $the_template_path = (string) $the_path_to_module . 'templates/'; // must have the dir last slash as above } else { $the_template_path = (string) SMART_APP_TEMPLATES_DIR . $the_template_path; // finally normalize and set the complete template path } //end if else $the_template_file = (string) $the_template_file; // finally normalize //-- if (!SmartFileSysUtils::check_file_or_dir_name($the_template_path)) { Smart::log_warning('Invalid Page Template Path: ' . $the_template_path); self::Raise500Error('Invalid Page Template Path. See the error log !'); return; } //end if if (!is_dir($the_template_path)) { Smart::log_warning('Page Template Path does not Exists: ' . $the_template_path); self::Raise500Error('Page Template Path does not Exists. See the error log !'); return; } //end if if (!SmartFileSysUtils::check_file_or_dir_name($the_template_path . $the_template_file)) { Smart::log_warning('Invalid Page Template File: ' . $the_template_path . $the_template_file); self::Raise500Error('Invalid Page Template File. See the error log !'); return; } //end if if (!is_file($the_template_path . $the_template_file)) { Smart::log_warning('Page Template File does not Exists: ' . $the_template_path . $the_template_file); self::Raise500Error('Page Template File does not Exists. See the error log !'); return; } //end if //-- $the_template_content = trim(SmartMarkersTemplating::read_template_file($the_template_path . $the_template_file)); if ((string) $the_template_content == '') { Smart::log_warning('Page Template File is Empty or cannot be read: ' . $the_template_path . $the_template_file); self::Raise500Error('Page Template File is Empty or cannot be read. See the error log !'); return; } //end if //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $the_template_content = str_ireplace('</head>', "\n" . SmartDebugProfiler::js_headers_debug('admin.php?smartframeworkservice=debug') . "\n" . '</head>', $the_template_content); $the_template_content = str_ireplace('</body>', "\n" . SmartDebugProfiler::div_main_debug() . "\n" . '</body>', $the_template_content); } //end if //-- $appData['app-domain'] = (string) $configs['app']['admin-domain']; $appData['template-file'] = $the_template_path . $the_template_file; $appData['template-path'] = $the_template_path; $appData['js.settings'] = SmartComponents::js_inc_settings((string) $configs['js']['popup-mode'], true, (bool) SMART_APP_VISITOR_COOKIE); $appData['head-meta'] = (string) $appData['head-meta']; if ((string) $appData['head-meta'] == '') { $appData['head-meta'] = '<!-- Head Meta -->'; } //end if $appData['title'] = (string) $appData['title']; $appData['main'] = (string) $appData['main']; $appData['lang'] = SmartTextTranslations::getLanguage(); //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { //-- $the_debug_cookie = 'adm-' . Smart::uuid_10_seq() . '-' . Smart::uuid_10_num() . '-' . Smart::uuid_10_str(); @setcookie('SmartFramework__DebugAdmID', (string) $the_debug_cookie, 0, '/'); // debug token cookie is set just on main request //-- } //end if //-- echo SmartMarkersTemplating::render_mixed_template((string) $the_template_content, (array) $appData, (string) $appData['template-path'], 'no', 'no'); //-- {{{SYNC-RESOURCES}}} if (function_exists('memory_get_peak_usage')) { $res_memory = @memory_get_peak_usage(false); } else { $res_memory = 'unknown'; } //end if else $res_time = (double) (microtime(true) - (double) SMART_FRAMEWORK_RUNTIME_READY); //-- #END-SYNC if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { //-- {{{SYNC-DEBUG-META-INFO}}} SmartFrameworkRegistry::setDebugMsg('stats', 'memory', $res_memory); // bytes SmartFrameworkRegistry::setDebugMsg('stats', 'time', $res_time); // seconds //-- #END-SYNC SmartDebugProfiler::save_debug_info('adm', $the_debug_cookie, true); //-- } //end if else //-- if (SMART_SOFTWARE_DISABLE_STATUS_POWERED !== true) { echo "\n" . '<!-- Smart.Framework スマート.フレームワーク :: ' . SMART_FRAMEWORK_RELEASE_TAGVERSION . ' / ' . SMART_FRAMEWORK_RELEASE_VERSION . ' @ ' . $the_midmark . ' :: ' . SMART_FRAMEWORK_RELEASE_URL . ' -->'; } //end if echo "\n" . '<!-- Resources: [' . Smart::format_number_dec($res_time, 13, '.', '') . ' sec.] / [' . Smart::format_number_dec($res_memory, 0, '.', ' ') . ' by.]' . ' -->' . "\n"; //-- }
/** * Safe Convert UTF-8 to Unicode ISO. * It will remove all invalid characters except latin1. * * NOTICE: It converts the string back to unicode since all the strings in the framework are unicode (UTF-8) to avoid breaking the regex with \u over those strings !!! * Never use just single utf8_decode() when the framework is in UTF-8 mode, else the regex \u will fail over those strings ... * * @param STRING $str :: The string * @param BOOLEAN $normalize :: Normalize (Default is TRUE) - will normalize the string into the default framework charset else the string will be incompatible with the current encoding ... ; Using this to false must be use with very much attention !!! * * @return STRING :: The processed string */ public static function utf8_to_iso($str, $normalize = true) { //-- if ((string) $str == '') { return ''; } //end if //-- $str = (string) SmartFrameworkSecurity::FilterUnsafeString((string) $str); // Fix: remove unsafe characters from original string //-- $str = (string) utf8_decode((string) $str); //-- if ($normalize) { if ((string) $str != '') { // Fix: avoid do utf8 encode on an empty string (some PHP versions have a bug with exhaust memory) $str = (string) utf8_encode($str); } //end if } //end if //-- return (string) $str; //-- }
public static function post__answer__by__ajax($tab, $frm) { //-- global $configs; //-- //-- $tmp_data = '<br><br><hr><pre>' . 'GET:' . '<br>' . Smart::escape_html(print_r(SmartFrameworkSecurity::FilterGetPostCookieVars($_GET), 1)) . '<hr>' . 'POST:' . '<br>' . Smart::escape_html(print_r(SmartFrameworkSecurity::FilterGetPostCookieVars($_POST), 1)) . '</pre>'; //-- //-- if (SmartCaptchaFormCheck::verify(self::captcha_form_name(), self::captcha_mode(), false) == 1) { // verify but do not clear yet $captcha_ok = true; } else { $captcha_ok = false; } //end if else //-- //-- if (strlen($frm['date']) > 0) { //-- if ($captcha_ok !== true) { //-- $code = 'ERROR'; $title = 'CAPTCHA verification FAILED ...'; $desc = 'Please enter a valid captcha value:' . $tmp_data; $redir = ''; $div_id = ''; $div_htm = ''; //-- } else { //-- $code = 'OK'; $title = 'Captcha validation OK ... The page or just the Captcha will be refreshed depending if TextArea is filled or not ...'; $desc = 'Form sent successful:' . $tmp_data; //-- if (strlen($frm['text_area_1']) <= 0) { $redir = SMART_FRAMEWORK_TESTUNIT_BASE_URL . 'testunit.main&time=' . time() . '&tab=' . rawurlencode($tab); $div_id = ''; $div_htm = ''; } else { $redir = ''; $div_id = 'answer_ajax'; $div_htm = '<script>$("#smart__CaptchaFrm__img").attr("src", "' . Smart::escape_js(SMART_FRAMEWORK_TESTUNIT_BASE_URL . 'testunit.captcha&time=' . time()) . '");</script><table border="0" bgcolor="#DDEEFF" width="100%"><tr><td><h1>OK, form sent on: ' . date('Y-m-d H:i:s') . '</h1></td></tr><tr><td><div align="center"><img src="lib/core/img/q_completed.png"></div></td></tr><tr><td><hr><b>Here is the content of the text area:</b><br><pre>' . Smart::escape_html($frm['text_area_1']) . '</pre></td></tr></table>'; } //end if else //-- SmartCaptchaFormCheck::clear(self::captcha_form_name(), self::captcha_mode()); // everything OK, so clear captcha //-- } //end if else //-- } else { //-- $code = 'ERROR'; $title = 'CAPTCHA NOT Checked yet ...'; $desc = 'Please fill the Date field ...' . $tmp_data; //-- if (strlen($frm['text_area_1']) > 0) { $redir = SMART_FRAMEWORK_TESTUNIT_BASE_URL . 'testunit.main&time=' . time() . '&tab=' . rawurlencode($tab); } else { $redir = ''; } //end if else //-- $div_id = ''; $div_htm = ''; //-- } //end if else //-- //-- $out = SmartComponents::post_answer_by_ajax($code, $title, $desc, $redir, $div_id, $div_htm); //-- //-- return $out; //-- }
/** * Start the Session on request * */ public static function start() { //===== //-- if (self::$started !== false) { return; // avoid start session if already started ... } //end if self::$started = true; // avoid run start again //-- //===== //-- $browser_os_ip_identification = SmartUtils::get_os_browser_ip(); // get browser and os identification //-- if ((string) $browser_os_ip_identification['bw'] == '@s#' or (string) $browser_os_ip_identification['bw'] == 'bot') { return; // in this case start no session for robots or the self browser (as they do not need to share info between many visits) ; if the self browser fail to identify will be at least identified as robot in the worst case } //end if //-- //===== //-- no log as the cookies can be dissalowed by the browser if ((string) SMART_APP_VISITOR_COOKIE == '') { return; // session need cookies } //end if //-- //===== //-- $sf_sess_mode = 'files'; $sf_sess_area = 'default-sess'; $sf_sess_ns = 'unknown'; $sf_sess_dir = 'tmp/sess'; //-- //===== if (!defined('SMART_FRAMEWORK_SESSION_PREFIX')) { Smart::log_warning('FATAL ERROR: Invalid Session Prefix :: SMART_FRAMEWORK_SESSION_PREFIX'); return; } //end if if (strlen(SMART_FRAMEWORK_SESSION_PREFIX) < 3 or strlen(SMART_FRAMEWORK_SESSION_PREFIX) > 9) { Smart::log_warning('WARNING: Session Prefix must have a length between 3 and 9 characters :: SMART_FRAMEWORK_SESSION_PREFIX'); return; } //end if if (!preg_match('/^[a-z\\-]+$/', (string) SMART_FRAMEWORK_SESSION_PREFIX)) { Smart::log_warning('WARNING: Session Prefix contains invalid characters :: SMART_FRAMEWORK_SESSION_PREFIX'); return; } //end if //-- if (!defined('SMART_FRAMEWORK_SESSION_NAME')) { Smart::log_warning('FATAL ERROR: Invalid Session Name :: SMART_FRAMEWORK_SESSION_NAME'); return; } //end if if (strlen(SMART_FRAMEWORK_SESSION_NAME) < 10 or strlen(SMART_FRAMEWORK_SESSION_NAME) > 25) { Smart::log_warning('WARNING: Session Name must have a length between 10 and 25 characters :: SMART_FRAMEWORK_SESSION_NAME'); return; } //end if if (!preg_match('/^[_A-Za-z0-9]+$/', (string) SMART_FRAMEWORK_SESSION_NAME)) { Smart::log_warning('WARNING: Session Name contains invalid characters :: SMART_FRAMEWORK_SESSION_NAME'); return; } //end if if (!SmartFrameworkSecurity::ValidateVariableName(strtolower(SMART_FRAMEWORK_SESSION_NAME))) { Smart::log_warning('WARNING: Session Name have an invalid value :: SMART_FRAMEWORK_SESSION_NAME'); return; } //end if //-- if (!defined('SMART_FRAMEWORK_SESSION_LIFETIME')) { Smart::log_warning('FATAL ERROR: Invalid Session GC Lifetime :: SMART_FRAMEWORK_SESSION_LIFETIME'); return; } //end if if (!is_int(SMART_FRAMEWORK_SESSION_LIFETIME)) { Smart::log_warning('Invalid INIT constant value for SMART_FRAMEWORK_SESSION_LIFETIME'); return; } //end if //-- if (!is_dir('tmp/sessions/')) { Smart::log_warning('FATAL ERROR: The Folder \'tmp/sessions/\' does not exists for use with Session !'); return; } //end if //-- $detected_session_mode = (string) ini_get('session.save_handler'); if ((string) $detected_session_mode === 'files') { if ((string) SMART_FRAMEWORK_SESSION_HANDLER !== 'files') { Smart::log_warning('FATAL ERROR: The value set for SMART_FRAMEWORK_SESSION_HANDLER is not set to: files / but the value found in session.save_handler is: ' . $detected_session_mode); return; } //end if } elseif ((string) $detected_session_mode === 'user') { if ((string) SMART_FRAMEWORK_SESSION_HANDLER === 'files') { Smart::log_warning('FATAL ERROR: The value set for SMART_FRAMEWORK_SESSION_HANDLER is set to: files / but the value found in session.save_handler is: ' . $detected_session_mode); return; } //end if } else { Smart::log_warning('FATAL ERROR: The value set for session.save_handler must be set to one of these modes: files or user'); return; } //end if //-- //===== //-- generate a the client private key based on it's IP and Browser $the_sess_client_uuid = SmartUtils::unique_client_private_key(); // SHA512 key to protect session data agains forgers //-- a very secure approach based on a chain, derived with a secret salt from the framework security key: // (1) an almost unique client private key lock based on it's IP and Browser // (2) an entropy derived from the client random cookie combined with the (1) // (3) a unique session name suffix derived from (1) and (2) // (4) a unique session id composed from (1) and (2) //-- thus the correlation between the random public client cookie, the session name suffix and the session id makes impossible to forge it as it locks to IP+Browser, using a public entropy cookie all encrypted with a secret key and derived and related, finally composed. $the_sess_client_lock = SmartHashCrypto::sha1(SMART_FRAMEWORK_SECURITY_KEY . '#' . $the_sess_client_uuid); $the_sess_client_entropy = SmartHashCrypto::sha1(SMART_APP_VISITOR_COOKIE . '*' . $the_sess_client_uuid . '%' . SMART_FRAMEWORK_SECURITY_KEY); $the_sess_nsuffix = SmartHashCrypto::sha1($the_sess_client_uuid . ':' . SMART_FRAMEWORK_SECURITY_KEY . '^' . $the_sess_client_entropy . '+' . $the_sess_client_lock . '$' . SMART_APP_VISITOR_COOKIE); $the_sess_id = $the_sess_client_entropy . '-' . $the_sess_client_lock; // session ID combines the secret client key based on it's IP / Browser and the Client Entropy Cookie //-- $sf_sess_area = Smart::safe_filename((string) SMART_FRAMEWORK_SESSION_PREFIX); $sf_sess_dpfx = substr($the_sess_client_entropy, 0, 1) . '-' . substr($the_sess_client_lock, 0, 1); // this come from hexa so 3 chars are 16x16x16=4096 dirs //-- if ((string) $browser_os_ip_identification['bw'] == '@s#') { $sf_sess_ns = '@sr-' . $sf_sess_dpfx; } elseif ((string) $browser_os_ip_identification['bw'] == 'bot') { $sf_sess_ns = 'r0-' . $sf_sess_dpfx; // we just need a short prefix for robots (on disk is costly for GC to keep separate folders, but of course, not so safe) } else { $sf_sess_ns = 'c-' . substr($browser_os_ip_identification['bw'], 0, 3) . '-' . $sf_sess_dpfx; // we just need a short prefix for clients (on disk is costly for GC to keep separate folders, but of course, not so safe) } //end if else $sf_sess_ns = Smart::safe_filename($sf_sess_ns); //-- by default set for files $sf_sess_mode = 'files'; $sf_sess_dir = 'tmp/sessions/' . $sf_sess_area . '/' . $sf_sess_ns . '/'; if ((string) $detected_session_mode === 'user') { if (class_exists('SmartCustomSession')) { if ((string) get_parent_class('SmartCustomSession') == 'SmartAbstractCustomSession') { $sf_sess_mode = 'user-custom'; $sf_sess_dir = 'tmp/sessions/' . $sf_sess_area . '/'; // here the NS is saved in DB so we do not need to complicate paths } else { Smart::log_warning('SESSION INIT ERROR: Invalid Custom Session Handler. The class SmartCustomSession must be extended from class SmartAbstractCustomSession ...'); return; } //end if else } else { Smart::log_warning('SESSION INIT ERROR: Custom Session Handler requires the class SmartCustomSession ...'); return; } //end if } //end if $sf_sess_dir = Smart::safe_pathname($sf_sess_dir); //-- if (!is_dir($sf_sess_dir)) { SmartFileSystem::dir_recursive_create($sf_sess_dir); } //end if SmartFileSystem::write_if_not_exists('tmp/sessions/' . $sf_sess_area . '/' . 'index.html', ''); //===== //-- @session_save_path($sf_sess_dir); @session_cache_limiter('nocache'); //-- $the_name_of_session = (string) SMART_FRAMEWORK_SESSION_NAME . '__Key_' . $the_sess_nsuffix; // protect session name data agains forgers //-- @session_id((string) $the_sess_id); @session_name((string) $the_name_of_session); //-- $tmp_exp_seconds = Smart::format_number_int(SMART_FRAMEWORK_SESSION_LIFETIME, '+'); if ($tmp_exp_seconds > 0) { @session_set_cookie_params((int) $tmp_exp_seconds, '/'); // session cookie expire and the path } // end if //-- be sure that session_write_close() is executed at the end of script if script if die('') premature and before pgsql shutdown register in the case of DB sessions register_shutdown_function('session_write_close'); //-- handle custom session handler if ((string) $sf_sess_mode === 'user-custom') { //-- $sess_obj = new SmartCustomSession(); $sess_obj->sess_area = (string) $sf_sess_area; $sess_obj->sess_ns = (string) $sf_sess_ns; $sess_obj->sess_expire = (int) $tmp_exp_seconds; //-- session_set_save_handler(array($sess_obj, 'open'), array($sess_obj, 'close'), array($sess_obj, 'read'), array($sess_obj, 'write'), array($sess_obj, 'destroy'), array($sess_obj, 'gc')); //-- } //end if else //-- start session @session_start(); //-- if ((string) $_SESSION['SoftwareFramework_VERSION'] != (string) SMART_FRAMEWORK_VERSION or (string) $_SESSION['website_ID'] != (string) SMART_SOFTWARE_NAMESPACE or strlen($_SESSION['session_ID']) < 32) { //-- $_SESSION['SoftwareFramework_VERSION'] = (string) SMART_FRAMEWORK_VERSION; // software version $_SESSION['SoftwareFramework_SessionMode'] = (string) $sf_sess_mode; // session mode $_SESSION['website_ID'] = (string) SMART_SOFTWARE_NAMESPACE; // the website ID $_SESSION['uniqbrowser_ID'] = (string) $the_sess_client_uuid; // a true unique browser ID (this is a protection against sessionID forgers) $_SESSION['session_ID'] = (string) @session_id(); // read current session ID $_SESSION['session_STARTED'] = (string) date('Y-m-d H:i:s O'); // read current session ID //-- } //end if //-- if (!isset($_SESSION['visit_COUNTER'])) { $_SESSION['visit_COUNTER'] = 1; } else { $_SESSION['visit_COUNTER'] += 1; } //end if else //-- $_SESSION['SmartFramework__Browser__Identification__Data'] = (array) $browser_os_ip_identification; //-- if ((string) $_SESSION['uniqbrowser_ID'] != (string) $the_sess_client_uuid) { // we need at least a md5 session //-- log, then unset old session (these are not well tested ...) Smart::log_notice('Session Security Breakpoint :: Session-BrowserUniqueID = ' . $_SESSION['uniqbrowser_ID'] . "\n" . 'SessionSecurityUniqueID = ' . $the_sess_client_uuid . "\n" . 'Browser Ident = ' . $browser_os_ip_identification['bw'] . "\n" . 'Cookies = ' . print_r($_COOKIE, 1) . "\n" . 'SessID = ' . $_SESSION['session_ID'] . "\n" . 'ClientIP = ' . SmartUtils::get_ip_client() . ' @ ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'UserAgent = ' . $_SERVER['HTTP_USER_AGENT']); $_SESSION = array(); // reset it //-- unset the cookie (from this below is tested) @setcookie($the_name_of_session, 'EXPIRED', 1, '/'); //-- stop execution with message Smart::raise_error('SESSION // SECURITY BREAK POINT: Possible Session Forgery Detected ...', 'SESSION // SECURITY BREAK POINT: Possible Session Forgery Detected ! Please refresh the page ... A new session will be assigned ! If you are not trying to forge another user\' session this situation can occur also if you are behind a proxy and some of your navigation parameters has been changed ! If this problem persist try to restart your browser or use other browser. If still persist, contact the website administrator'); die(''); // just in case return; // or is better to silent discard it ? //-- } //end if //-- self::$active = time(); // successfuly started //-- }
/** * Load a File or an URL * it may use 3 methods: FileRead, CURL or HTTP-Browser class * * @param STRING $y_url_or_path :: /path/to/file | http(s)://some.url:port/path (port is optional) * @param NUMBER $y_timeout :: timeout in seconds * @param ENUM $y_method :: used only for URLs, the browsing method: GET | POST * @param ENUM $y_ssl_method :: SSL Mode: tls | sslv3 | sslv2 | ssl * @param STRING $y_auth_name :: used only for URLs, the auth user name * @param STRING $y_auth_pass :: used only for URLs, the auth password * @param YES/NO y_allow_set_credentials :: DEFAULT MUST BE set to NO ; if YES must be set just for internal URLs ; if the $y_url_or_path to get is detected to be under current URL will send also the Unique / session IDs ; more if detected that is from admin.php and if this is set to YES will send the HTTP-BASIC Auth credentials if detected (using YES with other URLs than SmartFramework's current URL can be a serious SECURITY ISSUE, so don't !) */ public static function load_url_or_file($y_url_or_path, $y_timeout = 30, $y_method = 'GET', $y_ssl_method = '', $y_auth_name = '', $y_auth_pass = '', $y_allow_set_credentials = 'no') { //-- v.2016-01-15 // fixed sessionID with new Dynamic generated // TODO: use the CURL to browse also FTP and SSH ... //-- $y_url_or_path = (string) $y_url_or_path; //-- if ((string) $y_url_or_path == '') { //-- return array('log' => 'ERROR: FILE Name is Empty ...', 'mode' => 'file', 'result' => '0', 'code' => '400', 'headers' => '', 'content' => '', 'debuglog' => ''); //-- } //end if //-- detect if file or url if (substr($y_url_or_path, 0, 7) == 'http://' or substr($y_url_or_path, 0, 8) == 'https://') { $is_file = 0; // it is a url } else { $is_file = 1; // it is a file } //end if //-- if ($is_file == 1) { //-- $y_url_or_path = trim($y_url_or_path); //-- try to detect if data:image/ :: {{{SYNC-DATA-IMAGE}}} if (strtolower(substr($y_url_or_path, 0, 11)) == 'data:image/' and stripos($y_url_or_path, ';base64,') !== false) { //-- $eimg = explode(';base64,', $y_url_or_path); //-- return array('log' => 'OK ? Not sure, decoded from embedded b64 image: ', 'mode' => 'embedded', 'result' => '1', 'code' => '200', 'headers' => SmartUnicode::sub_str($y_url_or_path, 0, 50) . '...', 'content' => @base64_decode(trim($eimg[1])), 'debuglog' => ''); //-- } elseif (is_file($y_url_or_path)) { //-- return array('log' => 'OK: FILE Exists', 'mode' => 'file', 'result' => '1', 'code' => '200', 'headers' => 'Content-Disposition: inline; filename="' . basename($y_url_or_path) . '"' . "\n", 'content' => SmartFileSystem::read($y_url_or_path), 'debuglog' => ''); //-- } else { //-- return array('log' => 'ERROR: FILE Not Found or Invalid Data ...', 'mode' => 'file', 'result' => '0', 'code' => '404', 'headers' => '', 'content' => '', 'debuglog' => ''); //-- } //end if else //-- } else { //-- if ((string) $y_ssl_method == '') { if (defined('SMART_FRAMEWORK_SSL_MODE')) { $y_ssl_method = (string) SMART_FRAMEWORK_SSL_MODE; } else { Smart::log_notice('NOTICE: LibUtils/Load-URL-or-File // The SSL Method not defined and SMART_FRAMEWORK_SSL_MODE was not defined. Using the `tls` as default ...'); $y_ssl_method = 'tls'; } //end if else } //end if //-- $browser = new SmartHttpClient(); //-- $y_timeout = Smart::format_number_int($y_timeout, '+'); if ($y_timeout <= 0) { $y_timeout = 30; // default value } //end if $browser->connect_timeout = (int) $y_timeout; //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $browser->debug = 1; } //end if //-- if ((string) self::get_server_current_protocol() == 'https://') { $tmp_current_protocol = 'https://'; } else { $tmp_current_protocol = 'http://'; } //end if else //-- $tmp_current_server = self::get_server_current_domain_name(); $tmp_current_port = self::get_server_current_port(); //-- $tmp_current_path = self::get_server_current_request_uri(); $tmp_current_script = self::get_server_current_full_script(); //-- $tmp_test_url_arr = Smart::separe_url_parts($y_url_or_path); $tmp_test_browser_id = self::get_os_browser_ip(); //-- $tmp_extra_log = ''; if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= "\n" . '===== # =====' . "\n"; } //end if //-- $cookies = array(); $auth_name = (string) $y_auth_name; $auth_pass = (string) $y_auth_pass; //-- if ((string) $y_allow_set_credentials == 'yes') { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: I will try to detect if this is my current Domain and I will check if it is safe to send my sessionID COOKIE and my Auth CREDENTIALS ...' . "\n"; } //end if //-- if ((string) $tmp_current_protocol == (string) $tmp_test_url_arr['protocol'] and (string) $tmp_current_server == (string) $tmp_test_url_arr['server'] and (string) $tmp_current_port == (string) $tmp_test_url_arr['port']) { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: OK, Seems that the browsed Domain is identical with my current Domain which is: ' . $tmp_current_protocol . $tmp_current_server . ':' . $tmp_current_port . ' and the browsed one is: ' . $tmp_test_url_arr['protocol'] . $tmp_test_url_arr['server'] . ':' . $tmp_test_url_arr['port'] . "\n"; $tmp_extra_log .= '[EXTRA]: I will also check if my current script and path are identical with the browsed ones ...' . "\n"; } //end if //-- if ((string) $tmp_current_script == (string) $tmp_test_url_arr['scriptname'] and substr($tmp_current_path, 0, strlen($tmp_current_script)) == (string) $tmp_test_url_arr['scriptname']) { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: OK, Seems that the current script is identical with the browsed one :: ' . 'Current Path is: \'' . $tmp_current_script . '\' / Browsed Path is: \'' . $tmp_test_url_arr['scriptname'] . '\' !' . "\n"; $tmp_extra_log .= '[EXTRA]: I will check if I have to send my SessionID so I will check the browserID ...' . "\n"; } //end if //-- $browser->useragent = (string) self::get_selfrobot_useragent_name(); // this must be set just when detected the same path and script ; it is a requirement to detect it as the self-robot [ @s# ] in order to send the credentials or the current //-- {{{SYNC-SMART-UNIQUE-COOKIE}}} if (defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME') and !defined('SMART_FRAMEWORK_UNIQUE_ID_COOKIE_SKIP')) { if ((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME != '') { if (SmartFrameworkSecurity::ValidateVariableName(strtolower((string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME))) { //-- if ((string) SMART_APP_VISITOR_COOKIE != '') { // if set, then forward if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: OK, I will send my current Visitor Unique Cookie ID as it is set and not empty ...' . "\n"; } //end if $cookies[(string) SMART_FRAMEWORK_UNIQUE_ID_COOKIE_NAME] = (string) SMART_APP_VISITOR_COOKIE; // this is a requirement } //end if //-- } //end if } //end if } //end if //-- #end# sync if ((string) SmartAuth::get_login_method() == 'HTTP-BASIC' and (string) $auth_name == '' and (string) $auth_pass == '' and strpos($tmp_current_script, '/admin.php') !== false and strpos($tmp_test_url_arr['scriptname'], '/admin.php') !== false) { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: HTTP-BASIC Auth method detected / Allowed to pass the Credentials - as the browsed URL belongs to this ADMIN Server as I run, the Auth credentials are set but passed as empty - everything seems to be safe I will send my credentials: USERNAME = \'' . SmartAuth::get_login_id() . '\' ; PASS = *****' . "\n"; } //end if //-- $auth_name = (string) SmartAuth::get_login_id(); $auth_pass = (string) SmartAuth::get_login_password(); //-- } //end if //-- } else { //-- if ((string) SMART_FRAMEWORK_DEBUG_MODE == 'yes') { $tmp_extra_log .= '[EXTRA]: Seems that the scripts are NOT identical :: ' . 'Current Script is: \'' . $tmp_current_script . '\' / Browsed Script is: \'' . $tmp_test_url_arr['scriptname'] . '\' !' . "\n"; $tmp_extra_log .= '[EXTRA]: This is the diff for having a comparation: ' . substr($tmp_current_path, 0, strlen($tmp_current_script)) . "\n"; } //end if //-- } //end if //-- } //end if //-- } //end if //-- $browser->cookies = (array) $cookies; //-- $data = (array) $browser->browse_url($y_url_or_path, $y_method, $y_ssl_method, $auth_name, $auth_pass); // do browse //-- return array('log' => (string) $data['log'] . $tmp_extra_log, 'mode' => (string) $data['mode'], 'result' => (string) $data['result'], 'code' => (string) $data['code'], 'headers' => (string) $data['headers'], 'content' => (string) $data['content'], 'debuglog' => (string) $data['debuglog']); //-- } //end if else //-- }