public static function getRemoteIp(Zend_Controller_Request_Abstract $request) { if (!self::$_remoteIp) { self::$_remoteIp = $request->getServer('REMOTE_ADDR') ? $request->getServer('REMOTE_ADDR') : ($request->getEnv('REMOTE_ADDR') ? $request->getEnv('REMOTE_ADDR') : $request->getServer('HTTP_X_FORWARDED_FOR')); } return self::$_remoteIp; }
public function postDispatch(Zend_Controller_Request_Abstract $request) { // if (Zend_Registry::isRegistered(Tomato_Core_GlobalKey::LOG_REQUEST) // && Zend_Registry::get(Tomato_Core_GlobalKey::LOG_REQUEST) == false // ) { // return; // } $objRequestLog = new Model_RequestLog(); $uri = $request->getRequestUri(); $agent = $request->getServer('HTTP_USER_AGENT'); $browserInfo = self::_getBrowserInfo($agent); $objRequestLog->insert(array('ip' => $request->getClientIp(), 'agent' => $agent, 'browser' => $browserInfo['browser'], 'version' => $browserInfo['version'], 'platform' => $browserInfo['platform'], 'bot' => self::_getBot($agent), 'uri' => $uri, 'full_url' => $request->getScheme() . '://' . $request->getHttpHost() . '/' . ltrim($uri, '/'), 'refer_url' => $request->getServer('HTTP_REFERER'), 'access_time' => date('Y-m-d H:i:s'))); // $log = new Tomato_Modules_Core_Model_RequestLog( // array( // 'ip' => $request->getClientIp(), // 'agent' => $agent, // 'browser' => $browserInfo['browser'], // 'version' => $browserInfo['version'], // 'platform' => $browserInfo['platform'], // 'bot' => self::_getBot($agent), // 'uri' => $uri, // 'full_url' => $request->getScheme().'://'.$request->getHttpHost().'/'.ltrim($uri, '/'), // 'refer_url' => $request->getServer('HTTP_REFERER'), // 'access_time' => date('Y-m-d H:i:s'), // ) // ); // $conn = Tomato_Core_Db_Connection::getMasterConnection(); // $gateway = new Tomato_Modules_Core_Model_RequestLogGateway(); // $gateway->setDbConnection($conn); // $gateway->create($log); }
/** * routeShutdown * 在 路由器 完成请求的路由后被调用 * @param Zend_Controller_Request_Abstract $request * @return void */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { /** * 检测请求的Content-type类型 */ $pathinfo = $request->getPathInfo(); if (!empty($pathinfo)) { if ($extension = pathinfo($pathinfo, PATHINFO_EXTENSION)) { if (preg_match('/^[-a-z0-9]+$/i', $extension)) { $request->setParam(static::KEY_EXT, strtolower($extension)); } } } /** * 检测是否支持json响应 */ if ($request->getParam(static::KEY_EXT) == '') { $accept = $request->getServer('HTTP_ACCEPT'); if (!empty($accept)) { if (strpos($accept, 'json') !== false) { $request->setParam(static::KEY_EXT, 'json'); } } } /** * 格式化请求目标信息,不允许[-a-zA-Z0-9]以外的字符 */ $pattern = '/[^-a-zA-Z0-9].*/'; $request->setModuleName(preg_replace($pattern, '', $request->getModuleName())); $request->setControllerName(preg_replace($pattern, '', $request->getControllerName())); $request->setActionName(preg_replace($pattern, '', $request->getActionName())); }
public function preDispatch(AbstractRequest $request) { $acceptLanguage = $request->getServer('HTTP_ACCEPT_LANGUAGE'); if ($acceptLanguage) { Locale::setDefault(Locale::acceptFromHttp($acceptLanguage)); } }
/** * Called before Zend_Controller_Front calls on the router to evaluate the * request against the registered routes * * @param Zend_Controller_Request_Abstract $request */ public function routeStartup(Zend_Controller_Request_Abstract $request) { if ($request instanceof Zend_Controller_Request_Http) { if ($request->isPost() || $request->isPut()) { $post = $request->getPost(); if (empty($post) && empty($_FILES)) { // Get maximum size and meassurement unit $max = ini_get('post_max_size'); $unit = substr($max, -1); if (!is_numeric($unit)) { $max = substr($max, 0, -1); } // Convert to bytes switch (strtoupper($unit)) { case 'G': $max *= 1024; case 'M': $max *= 1024; case 'K': $max *= 1024; } $length = $request->getServer('CONTENT_LENGTH'); if ($max < $length) { if (!empty($this->_callback)) { call_user_func($this->_callback, $request); } else { $e = new Zend_Controller_Exception('Maximum content length size (' . $max . ') exceeded', 1000); $this->getResponse()->setException($e); } } } } } }
/** * Check the request to see if it is secure. If it isn't * rebuild a secure url, redirect and exit. * * @param Zend_Controller_Request_Abstract $request * @return void * @author Travis Boudreaux */ protected function _secureUrl(Zend_Controller_Request_Abstract $request) { $server = $request->getServer(); $hostname = $server['HTTP_HOST']; if (!$request->isSecure()) { //url scheme is not secure so we rebuild url with secureScheme $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname . $request->getPathInfo(); $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); $redirector->setGoToUrl($url); $redirector->redirectAndExit(); } }
/** * Validate every call against CSRF if it's a POST call * and there's an available token on the session. * */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { // Avoid error override! :S if (count($this->getResponse()->getException())) { return; } $auth = Zend_Auth::getInstance(); $identity = $auth->getIdentity(); $byPassMethods = array(App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY); $byPassModules = array('async', 'external', 'externalr12', 'thirdparty'); //Bypass some auth methods if (in_array($request->module, $byPassModules) || $identity['authType'] && in_array($identity['authType'], $byPassMethods)) { return; } $session = new Zend_Session_Namespace('csrf'); if (empty($session->token)) { // Generate a new CSRF token and save it on the session \App::log()->info("Session token empty, generating new CSRF token..."); $session->token = $this->_generateToken(); } // Return the token on an HTTP header $resp = $this->getResponse(); $resp->setHeader('X-CSRF-Token', $session->token); // Don't do anything if it's a GET request if ($request->isGet()) { return; } $post = $request->getPost(); if (empty($post) && empty($_FILES)) { $max = ini_get('post_max_size'); $length = $request->getServer('CONTENT_LENGTH'); if ($max < $length) { return; } } // Try to get the CSRF token from frontend if (!($csrfToken = $this->_getFrontendToken($request))) { $message = 'Possible CSRF attack: CSRF token not found on request'; $this->_throwError($request, $message); return; } // Disable plugin for dev environment if (App::config('csrf.disabled', false) && $csrfToken == 'dev') { return true; } // If tokens don't match log a possible CSRF attack a throw an exception if ($session->token != $csrfToken) { $message = 'Possible CSRF attack: BE and FE tokens don\'t match'; $this->_throwError($request, $message); return; } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $aHostName = array('hansa-flex.pro', 'hansa-flex.su', 'hansa-flex.org', 'xn----7sbavhvfm6b0af.xn--p1ai'); if (in_array($request->getServer('HTTP_HOST'), $aHostName)) { $layout = Zend_Layout::getMvcInstance(); $layout->setLayout('plug'); } if ($request->getParam('fullPath')) { $this->validatePath($request->getParam('fullPath')); } if ($request->getModuleName() === 'admin' || $request->getModuleName() === 'utils') { $this->redirectAdmin(); } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { // Avoid error override! :S if (count($this->getResponse()->getException())) { return; } if ($request instanceof Zend_Controller_Request_Http) { if ($request->isPost() || $request->isPut()) { $post = $request->getPost(); if (empty($post) && empty($_FILES)) { // Get maximum size and meassurement unit $max = ini_get('post_max_size'); $unit = substr($max, -1); if (!is_numeric($unit)) { $max = substr($max, 0, -1); } // Convert to bytes switch (strtoupper($unit)) { case 'G': $max *= 1024; case 'M': $max *= 1024; case 'K': $max *= 1024; } $length = $request->getServer('CONTENT_LENGTH'); if ($max < $length) { if (!empty($this->_callback)) { call_user_func($this->_callback, $request); } else { $e = new \Application\Exceptions\InvalidArgumentException('Maximum content length size (' . $max . ') exceeded', ValidationCodes::SYSTEM_POST_SIZE_LIMIT_EXCEESED); $this->getResponse()->setException($e); } } } } } }
/** * Store the profile info * * @param Zend_Db_Adapter_Abstract $db * @return void */ public function saveProfileInfo(Zend_Db_Adapter_Abstract $db = null, Zend_Controller_Request_Abstract $request) { if (($db instanceof Zend_Db_Adapter_Pdo_Mysql || $db instanceof Zend_Db_Adapter_Mysqli) && $this->_enabled) { $values = array(); $values["ip"] = new Zend_Db_Expr('inet_aton("' . $request->getServer('REMOTE_ADDR', '') . '")'); $values["page"] = $request->getServer('REQUEST_URI', ''); $values["user_agent"] = $request->getServer('HTTP_USER_AGENT', ''); $values["referer"] = $request->getServer('HTTP_REFERER', ''); foreach ($this->_tableNames as $key => $value) { $values[$value] = 0; $values[$value . "_comment"] = ""; } foreach ($this->_timerProfiles as $key => $tp) { if ($tp->hasEnded()) { $values[$this->_tableNames[$tp->getTimerType()]] += $tp->getElapsedSecs(); $values[$this->_tableNames[$tp->getTimerType()] . "_comment"] .= $tp->getTimerComment(); } } $dbname = "profiler"; $config = $db->getConfig(); if (isset($config["dbname"])) { $dbname = strpos($config["dbname"], $dbname) !== false ? $config["dbname"] : $config["dbname"] . "_profiler"; } $tableName = $dbname . ".profiler_log_" . date("Ymd"); try { /** * Catch table not exists error * faster then checking if table exists */ $db->insert($tableName, $values); } catch (Zend_Db_Statement_Mysqli_Exception $zdsmex) { if (preg_match("/Mysqli prepare error: Table '(.*)' doesn't exist/", $zdsmex->getMessage())) { $db->query("create table " . $tableName . " like " . $dbname . ".profiler_log_template"); $db->insert($tableName, $values); } else { throw $zdsmex; } } catch (Zend_Db_Statement_Exception $zdsex) { if (preg_match("/SQLSTATE\\[42S02\\]: Base table or view not found: 1146 Table '(.*)' doesn't exist/", $zdsex->getMessage())) { $db->query("create table " . $tableName . " like " . $dbname . ".profiler_log_template"); $db->insert($tableName, $values); } else { throw $zdsex; } } catch (Exception $ex) { throw $ex; } } }
/** * Enter description here... * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { // ziskame instanci redirector helperu, ktery ma starosti presmerovani $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $auth = Zend_Auth::getInstance(); // Stav o autentifikaci uzivatele (prihlaseni) se musi nekde udrzovat, vychozi zpusob je session // u session lze nastavit namespace, vychozi je Zend_Auth //$auth->setStorage(new Zend_Auth_Storage_Session('My_Auth')); if ($request->getParam('logout')) { // detekovano odhlaseni $auth->clearIdentity(); // kvuli bezpecnosti provedeme presmerovani $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController); } if ($request->getPost('login')) { $db = Zend_Db_Table::getDefaultAdapter(); // Vytvarime instance adapteru pro autentifikaci // nastavime parametry podle naseho nazvu tabulky a sloupcu // treatment obsahuje pripadne pouzitou hashovaci funkci pro heslo, napr. SHA1 $adapter = new Zend_Auth_Adapter_DbTable($db, $this->tableName, $this->identityColumn, $this->credentialColumn, $this->treatment); $form = new LoginForm(); // validace se nezdari, napr. prazdny formular if (!$form->isValid($request->getPost())) { // FlashMessenger slouzi k uchovani zprav v session $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); $flash->clearMessages(); $flash->setNamespace("error")->addMessage("Please fill the login form!"); $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController, null, array('login-failed' => 1)); } $username = $form->getValue($this->loginField); $password = $form->getValue($this->passwordField); // jmeno a heslo predame adapteru $adapter->setIdentity($username); $user = My_Model::get('Users')->fetchRow(array("username = ?" => $username)); if ($user == null) { $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController, null, array('login-failed' => 1)); } $salt = $user->getSalt(); $adapter->setCredential($password . $salt); // obecny proces autentifikace s libovolnym adapterem $result = $auth->authenticate($adapter); if ($auth->hasIdentity()) { // Uzivatel byl uspesne overen a je prihlasen $identity = $auth->getIdentity(); // identity obsahuje v nasem pripade ID uzivatele z databaze // muzeme napr. ulozit IP adresu, cas posledniho prihlaseni atd. $db->update($this->tableName, array('lognum' => new Zend_Db_Expr('lognum + 1'), 'ip' => $request->getServer('REMOTE_ADDR'), 'last_login' => new Zend_Db_Expr('NOW()'), 'browser' => $request->getServer('HTTP_USER_AGENT')), $this->identityColumn . " = '{$identity}'"); $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); $flash->clearMessages(); $flash->setNamespace("success")->addMessage("Success! You are logged in!"); // presmerujeme $redirector->gotoSimpleAndExit($this->successAction, $this->successController); } else { // autentifikace byla neuspesna // FlashMessenger slouzi k uchovani zprav v session $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); $flash->clearMessages(); // vlozime do session rovnou chybove hlasky, ktere pak predame do view foreach ($result->getMessages() as $msg) { $flash->setNamespace("error")->addMessage("Login failed, please try again!"); } /* // nicmene muzeme je nastavit podle konkretniho chyboveho kodu if ($result == Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID) { // neplatne heslo } else if ($result == Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS) { // nalezeno vice uzivatelskych identit } else if ($result == Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND) { // identita uzivatele nenalezena } * */ $redirector->gotoSimpleAndExit($this->failedAction, $this->failedController, null, array('login-failed' => 1)); } } }