/** * Generates a new `curl` request without going through HTTP connection, * this allow user session can be shared between both request `client` and `server`. * * The request is then set to be the active request. * * Usage: * * <code>\Hybrid\Request::connect('GET controller/method?hello=world');</code> * * @access public * @param string $uri - The URI of the request * @param array $dataset - Set a dataset for GET, POST, PUT or DELETE * @return object \Hybrid\Request instance */ public static function connect($uri, $dataset = array()) { $uri_segments = explode(' ', $uri); $type = Input::method(); if (in_array(strtoupper($uri_segments[0]), array('DELETE', 'POST', 'PUT', 'GET'))) { $uri = $uri_segments[1]; $type = $uri_segments[0]; } $query_dataset = array(); $query_string = parse_url($uri); if (isset($query_string['query'])) { $uri = $query_string['path']; parse_str($query_string['query'], $query_dataset); } $dataset = array_merge($query_dataset, $dataset); logger(Fuel::L_INFO, 'Creating a new Request with URI = "' . $uri . '"', __METHOD__); $request = new static($uri, true, $dataset, $type); if (static::$active) { $request->parent = static::$active; static::$active->children[] = $request; } return $request; }
/** * Requests are not made to methods directly The request will be for an "object". * this simply maps the object and method to the correct Controller method. * * @access public * @param Request $resource * @param array $arguments * @return void */ public function router($resource, $arguments) { $pattern = Restserver::$pattern; // Remove the extension from arguments too $resource = preg_replace($pattern, '', $resource); // If they call user, go to $this->post_user(); $controller_method = strtolower(Input::method()) . '_' . $resource; if (method_exists($this, $controller_method) and true === $this->rest) { return call_user_func(array($this, $controller_method)); } elseif (method_exists($this, 'action_' . $resource)) { if (true === $this->rest) { $this->response->status = $this->no_method_status; return; } return call_user_func_array(array($this, 'action_' . $resource), $arguments); } else { if (true === $this->rest) { $this->response->status = $this->no_method_status; return; } else { throw new HttpNotFoundException(); } } }
/** * Prepare authentication to use Digest auth * * @static * @access protected */ protected static function prepare_digest_auth() { $uniqid = uniqid(""); // Empty argument for backward compatibility // We need to test which server authentication variable to use // because the PHP ISAPI module in IIS acts different from CGI if (Input::server('PHP_AUTH_DIGEST')) { $digest_string = Input::server('PHP_AUTH_DIGEST'); } elseif (Input::server('HTTP_AUTHORIZATION')) { $digest_string = Input::server('HTTP_AUTHORIZATION'); } else { $digest_string = ""; } /* The $_SESSION['error_prompted'] variabile is used to ask the password again if none given or if the user enters a wrong auth. informations. */ if (empty($digest_string)) { static::force_login($uniqid); } // We need to retrieve authentication informations from the $auth_data variable preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches); $digest = array_combine($matches[1], $matches[2]); if (!array_key_exists('username', $digest) or !static::check_login($digest['username'])) { static::force_login($uniqid); } $valid_logins = Config::get('rest.valid_logins'); $valid_pass = $valid_logins[$digest['username']]; // This is the valid response expected $A1 = md5($digest['username'] . ':' . Config::get('rest.realm') . ':' . $valid_pass); $A2 = md5(strtoupper(Input::method()) . ':' . $digest['uri']); $valid_response = md5($A1 . ':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' . $A2); if ($digest['response'] != $valid_response) { header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.1 401 Unauthorized'); exit; } }
/** * Requests are not made to methods directly The request will be for an "object". * this simply maps the object and method to the correct Controller method. * * @param Request $resource * @param array $arguments */ public function router($resource, $arguments) { $pattern = \Hybrid\Restful::$pattern; // Remove the extension from arguments too $resource = preg_replace($pattern, '', $resource); // If they call user, go to $this->post_user(); $controller_method = strtolower(\Hybrid\Input::method()) . '_' . $resource; if (method_exists($this, $controller_method)) { call_user_func(array($this, $controller_method)); } else { $this->response->status = 404; return; } }