public function checkUserAccess(\HTRouter\Request $request) { // Any will do, and we are already authenticated through the "allow/deny" rules. No Need to check this. // @TODO: This code must be moved to HTRouter::_run() if ($this->getConfig()->get("Satisfy") == "any" && $request->getAuthorized()) { return \HTRouter\AuthModule::AUTHZ_GRANTED; } $requires = $this->getConfig()->get("Require"); foreach ($requires as $require) { if (strtolower($require) == "valid-user") { // Set the authorized user inside the request $user = $request->getAuthUser(); $request->setAuthUser($user); $request->setAuthorized(true); return \HTRouter\AuthModule::AUTHZ_GRANTED; } // Check if it starts with 'user' $users = explode(" ", $require); $tmp = array_shift($users); if ($tmp != "user") { continue; } // Parse all users on this line to check if it matches against the currently authenticated user foreach ($users as $user) { if ($user == $request->getAuthUser()) { // Set the authorized user inside the request $request->setAuthUser($user); $request->setAuthorized(true); return \HTRouter\AuthModule::AUTHZ_GRANTED; } } } // If the module is authorative we should deny access. This will stop other modules from trying to match.. if ($this->getConfig()->get("AuthzUserAuthoritative") == "on") { return \HTRouter\AuthModule::AUTHZ_DENIED; } // Nothing that matches found, and w return \HTRouter\AuthModule::AUTHZ_NOT_FOUND; }
/** * @static * @param $string * @param \HTRouter\Request $request * @param array $ruleMatches * @param array $condMatches * @return mixed * @throws \RuntimeException */ public static function expandSubstitutions($string, \HTRouter\Request $request, $ruleMatches = array(), $condMatches = array()) { // Do backref matching on rewriterule ($1-$9) preg_match_all('|\\$([1-9])|', $string, $matches); foreach ($matches[1] as $index) { if (!isset($ruleMatches[$index - 1])) { throw new \RuntimeException("Want to match index {$index}, but nothing found in rule to match"); } $string = str_replace("\${$index}", $ruleMatches[$index - 1], $string); } // Do backref matching on the last rewritecond (%1-%9) preg_match_all('|\\%([1-9])|', $string, $matches); foreach ($matches[1] as $index) { if (!isset($condMatches[$index - 1])) { throw new \RuntimeException("Want to match index {$index}, but nothing found in condition to match"); } $string = str_replace("%{$index}", $condMatches[$index - 1], $string); } // Do variable substitution $string = str_replace("%{HTTP_USER_AGENT}", $request->getServerVar("HTTP_USER_AGENT"), $string); $string = str_replace("%{HTTP_REFERER}", $request->getServerVar("HTTP_REFERER"), $string); $string = str_replace("%{HTTP_COOKIE}", $request->getServerVar("HTTP_COOKIE"), $string); $string = str_replace("%{HTTP_FORWARDED}", $request->getServerVar("HTTP_FORWARDED"), $string); $string = str_replace("%{HTTP_HOST}", $request->getServerVar("HTTP_HOST"), $string); $string = str_replace("%{HTTP_PROXY_CONNECTION}", $request->getServerVar("HTTP_PROXY_CONNECTION"), $string); $string = str_replace("%{HTTP_ACCEPT}", $request->getServerVar("HTTP_ACCEPT"), $string); $string = str_replace("%{REMOTE_ADDR}", $request->getServerVar("REMOTE_ADDR"), $string); $string = str_replace("%{REMOTE_HOST}", $request->getServerVar("REMOTE_HOST"), $string); $string = str_replace("%{REMOTE_PORT}", $request->getServerVar("REMOTE_PORT"), $string); $string = str_replace("%{REMOTE_USER}", $request->getAuthUser(), $string); $string = str_replace("%{REMOTE_IDENT}", "", $string); // We don't support identing! $string = str_replace("%{REQUEST_METHOD}", $request->getMethod(), $string); $string = str_replace("%{SCRIPT_FILENAME}", $request->getFilename(), $string); $string = str_replace("%{PATH_INFO}", $request->getPathInfo(), $string); $string = str_replace("%{QUERY_STRING}", $request->getQueryString(), $string); if ($request->getAuthType()) { $string = str_replace("%{AUTH_TYPE}", $request->getAuthType()->getName(), $string); // Returns either Basic or Digest } else { $string = str_replace("%{AUTH_TYPE}", "", $string); } $string = str_replace("%{DOCUMENT_ROOT}", $request->getDocumentRoot(), $string); $string = str_replace("%{SERVER_ADMIN}", $request->getServerVar("SERVER_ADMIN"), $string); $string = str_replace("%{SERVER_NAME}", $request->getServerVar("SERVER_NAME"), $string); $string = str_replace("%{SERVER_ADDR}", $request->getServerVar("SERVER_ADDR"), $string); $string = str_replace("%{SERVER_PORT}", $request->getServerVar("SERVER_PORT"), $string); $string = str_replace("%{SERVER_PROTOCOL}", $request->getServerVar("SERVER_PROTOCOL"), $string); $router = \HTRouter::getInstance(); $string = str_replace("%{SERVER_SOFTWARE}", $router->getServerSoftware(), $string); // Non-deterministic, but it won't change over the course of a request, even if the seconds have changed! $string = str_replace("%{TIME_YEAR}", date("Y"), $string); // 2011 $string = str_replace("%{TIME_MON}", date("m"), $string); // 01-12 $string = str_replace("%{TIME_DAY}", date("d"), $string); // 01-31 $string = str_replace("%{TIME_HOUR}", date("H"), $string); // 00-23 $string = str_replace("%{TIME_MIN}", date("i"), $string); // 00-59 $string = str_replace("%{TIME_SEC}", date("s"), $string); // 00-59 $string = str_replace("%{TIME_WDAY}", date("w"), $string); // 0-6 (sun-sat) $string = str_replace("%{TIME}", date("YmdHis"), $string); // %04d%02d%02d%02d%02d%02d $string = str_replace("%{API_VERSION}", $router->getServerApi(), $string); //$string = str_replace("%{THE_REQUEST}", $request->getTheRequest(), $string); // "GET /dir HTTP/1.1" $string = str_replace("%{REQUEST_URI}", $request->getUri(), $string); $string = str_replace("%{REQUEST_FILENAME}", $request->getServerVar("SCRIPT_FILENAME"), $string); $string = str_replace("%{IS_SUBREQ}", $request->isSubRequest() ? "true" : "false", $string); $string = str_replace("%{HTTPS}", $request->isHttps() ? "on" : "off", $string); return $string; }