Exemplo n.º 1
0
 /**
  * load a route
  *
  * @access private
  * @param  \stdClass $oRoute one route
  * @param  string $RequestUri URI
  * @return void
  */
 private function _route(\stdClass $oRoute, string $RequestUri)
 {
     $sCharset = 'UTF-8';
     if (isset($oRoute->route)) {
         $sRoute = str_replace("*", ".*", $oRoute->route);
         $sFinalRoute = preg_replace_callback('|\\[/{0,1}:([a-zA-Z_]+)\\]|', function ($aMatches) use($oRoute) {
             return "/{0,1}(?P<" . $aMatches[1] . ">" . $oRoute->constraints->{$aMatches[1]} . ")";
         }, $sRoute);
     } else {
         $sFinalRoute = '.*';
     }
     $RequestUri = preg_replace('/^([^?]+)\\?.*$/', '$1', $RequestUri);
     $RequestUri = preg_replace('#^' . $this->_sBaseUri . '#', '', $RequestUri);
     if (preg_match('#^' . $sFinalRoute . '$#', $RequestUri, $aMatch)) {
         if (isset($oRoute->location)) {
             $aParamEntries = array();
             foreach ($oRoute->constraints as $sName => $sType) {
                 if (isset($aMatch[$sName])) {
                     $aParamEntries[$sName] = $aMatch[$sName];
                 }
             }
             $oUrlManager = new UrlManager();
             header('Status: 301 Moved Permanently', false, 301);
             header('Location: ' . $oUrlManager->getUrl($oRoute->location, $aParamEntries));
             exit;
         }
         $this->_oSecurity = new Security();
         if (!$this->_oSecurity->checkSecurity() !== null) {
             return 403;
         }
         // create the $_GET by the URL
         foreach ($aMatch as $mKey => $sResults) {
             if (is_string($mKey)) {
                 $_GET[$mKey] = $sResults;
             }
         }
         if (isset($oRoute->methods) && $oRoute->methods != $_SERVER['REQUEST_METHOD']) {
             return false;
         }
         if (isset($oRoute->schemes) && $oRoute->schemes == 'https' && !Request::isHttpsRequest()) {
             return false;
         }
         if (isset($oRoute->cache) && isset($oRoute->cache->max_age) && !isset($_GET['flush'])) {
             $oMobileDetect = new \Mobile_Detect();
             if ($oMobileDetect->isMobile()) {
                 $sCacheExt = '.mobi';
             } else {
                 $sCacheExt = '';
             }
             $mCacheReturn = Cache::get($RequestUri . $sCacheExt, $oRoute->cache->max_age);
             if ($mCacheReturn && count($_POST) < 1) {
                 echo $mCacheReturn;
                 return true;
             }
         }
         if (isset($oRoute->cache)) {
             $this->_checkCache($oRoute->cache);
         }
         if (isset($oRoute->controller)) {
             define('PORTAL', preg_replace('/^\\\\Venus\\\\src\\\\([a-zA-Z0-9_]+)\\\\.+$/', '$1', $oRoute->controller));
             set_include_path(get_include_path() . PATH_SEPARATOR . 'src' . PATH_SEPARATOR . PORTAL . PATH_SEPARATOR . 'public');
             if (isset($oRoute->content_type)) {
                 if ($oRoute->content_type == 'json') {
                     header('Content-type: application/json; charset=' . $sCharset . '');
                 } else {
                     if ($oRoute->content_type == 'html') {
                         header('Content-type: text/html; charset=' . $sCharset . '');
                     } else {
                         if ($oRoute->content_type == 'jpeg') {
                             header('Content-type: image/jpeg');
                         }
                     }
                 }
             } else {
                 header('Content-type: text/html; charset=' . $sCharset . '');
             }
             $sControllerName = $oRoute->controller;
             $sActionName = $oRoute->action;
             $oController = new $sControllerName();
             $aEntries = array();
             if (isset($oRoute->constraints) && is_object($oRoute->constraints)) {
                 $mReturn = null;
                 foreach ($oRoute->constraints as $sName => $sType) {
                     if (isset($_GET[$sName]) && $_GET[$sName] != '') {
                         $aEntries[] = $_GET[$sName];
                     } else {
                         if (isset($oRoute->defaults_constraints) && is_object($oRoute->defaults_constraints) && isset($oRoute->defaults_constraints->{$sName})) {
                             $aEntries[] = $oRoute->defaults_constraints->{$sName};
                         } else {
                             if (isset($_GET[$sName])) {
                                 $aEntries[] = $_GET[$sName];
                             } else {
                                 if (preg_match('/' . $sType . '/', '')) {
                                     $aEntries[] = '';
                                 } else {
                                     $this->_oLogger->warning('Error: Parameter ' . $sName . ' not exists!');
                                     break;
                                 }
                             }
                         }
                     }
                 }
                 if ($mReturn === null) {
                     $mReturn = $this->_loadController($oController, $sActionName, $aEntries);
                 }
             } else {
                 $mReturn = $this->_loadController($oController, $sActionName, $aEntries);
             }
             if (isset($oRoute->content_type)) {
                 if ($oRoute->content_type === 'json') {
                     $mReturn = json_encode($mReturn, JSON_PRETTY_PRINT);
                 }
             }
         } else {
             if (isset($oRoute->template) && isset($oRoute->layout) && $oRoute->layout === true) {
                 define('PORTAL', preg_replace('/^\\\\Venus\\\\src\\\\([a-zA-Z0-9_]+)\\\\.+$/', '$1', $oRoute->template));
                 set_include_path(get_include_path() . PATH_SEPARATOR . 'src' . PATH_SEPARATOR . PORTAL . PATH_SEPARATOR . 'public');
                 $oLayout = Vendor::getVendor('Apollina\\Template', DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . PORTAL . DIRECTORY_SEPARATOR . 'View' . DIRECTORY_SEPARATOR . 'Layout.tpl');
                 if (isset($oRoute->vars)) {
                     foreach ($oRoute->vars as $sKey => $mValue) {
                         $oLayout->assign($sKey, $mValue);
                     }
                 }
                 $mReturn = $oLayout->assign('model', DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . PORTAL . DIRECTORY_SEPARATOR . 'View' . DIRECTORY_SEPARATOR . $oRoute->template . '.tpl')->fetch();
             } else {
                 if (isset($oRoute->template)) {
                     define('PORTAL', preg_replace('/^\\\\Venus\\\\src\\\\([a-zA-Z0-9_]+)\\\\.+$/', '$1', $oRoute->template));
                     set_include_path(get_include_path() . PATH_SEPARATOR . 'src' . PATH_SEPARATOR . PORTAL . PATH_SEPARATOR . 'public');
                     $oTemplate = Vendor::getVendor('Apollina\\Template', DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . PORTAL . DIRECTORY_SEPARATOR . 'View' . DIRECTORY_SEPARATOR . $oRoute->template . '.tpl');
                     if (isset($oRoute->vars)) {
                         foreach ($oRoute->vars as $sKey => $mValue) {
                             $oTemplate->assign($sKey, $mValue);
                         }
                     }
                     $mReturn = $oTemplate->fetch();
                 }
             }
         }
         // management of return or cache of it
         if (isset($oRoute->cache) && isset($oRoute->cache->max_age) && $mReturn) {
             $oMobileDetect = new \Mobile_Detect();
             if ($oMobileDetect->isMobile()) {
                 $sCacheExt = '.mobi';
             } else {
                 $sCacheExt = '';
             }
             if (defined('COMPRESS_HTML') && COMPRESS_HTML) {
                 $mReturn = str_replace(array("\t", "\r", "  "), array("", "", " "), $mReturn);
             }
             Cache::set($RequestUri . $sCacheExt, $mReturn, $oRoute->cache->max_age);
         }
         if ($mReturn) {
             echo $mReturn;
             return true;
         }
     }
 }
Exemplo n.º 2
0
 /**
  * check security of access
  *
  * @access public
  * @return null|boolean
  */
 public function checkSecurity()
 {
     foreach (Config::get('Route') as $sHost => $oHost) {
         if (!strstr($sHost, '/') && $sHost == $_SERVER['HTTP_HOST'] || strstr($sHost, '/') && strstr($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], $sHost)) {
             if (strstr($sHost, '/') && strstr($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], $sHost)) {
                 $this->_sBaseUri = preg_replace('#^[^/]+#', '', $sHost);
             }
             if (isset($oSecurity->firewall)) {
                 $oSecurity = $oHost->firewall;
             }
         }
     }
     if (isset($oSecurity)) {
         if (isset($oSecurity->authentification) && $oSecurity->authentification === 'http_basic') {
             if (!isset($_SERVER['PHP_AUTH_USER'])) {
                 if (!isset($oSecurity->realm)) {
                     $oSecurity->realm = 'Access';
                 }
                 if (!isset($oSecurity->cancelled)) {
                     $oSecurity->cancelled = 'Cancelled';
                 }
                 header('WWW-Authenticate: Basic realm="' . $oSecurity->realm . '"');
                 header('HTTP/1.0 401 Unauthorized');
                 echo $oSecurity->cancelled;
                 exit;
             } else {
                 self::$_sLogin = $_SERVER['PHP_AUTH_USER'];
                 self::$_sPassword = $_SERVER['PHP_AUTH_PW'];
                 if (!$this->_checkPasswordIsGood()) {
                     return false;
                 }
                 if (!$this->_checkAccess()) {
                     return false;
                 }
                 if (!$this->_checkBlackListIps()) {
                     return false;
                 }
             }
         } else {
             if (isset($oSecurity->authentification) && $oSecurity->authentification === 'http_basic_validate_by_controller') {
                 if (!isset($_SERVER['PHP_AUTH_USER'])) {
                     if (!isset($oSecurity->realm)) {
                         $oSecurity->realm = 'Access';
                     }
                     if (!isset($oSecurity->cancelled)) {
                         $oSecurity->cancelled = 'Cancelled';
                     }
                     header('WWW-Authenticate: Basic realm="' . $oSecurity->realm . '"');
                     header('HTTP/1.0 401 Unauthorized');
                     echo $oSecurity->cancelled;
                     exit;
                 } else {
                     self::$_sLogin = $_SERVER['PHP_AUTH_USER'];
                     self::$_sPassword = $_SERVER['PHP_AUTH_PW'];
                     $sControllerName = $oSecurity->controller;
                     $sActionName = $oSecurity->action;
                     $oController = new $sControllerName();
                     if (!$oController->{$sActionName}(self::$_sLogin, self::$_sPassword)) {
                         return false;
                     }
                     if (!$this->_checkAccess()) {
                         return false;
                     }
                     if (!$this->_checkBlackListIps()) {
                         return false;
                     }
                 }
             } else {
                 if (isset($oSecurity->authentification) && $oSecurity->authentification === 'controller') {
                     // it's an action of one controller that it return true or false for the authentification
                     $sControllerName = $oSecurity->controller;
                     $sActionName = $oSecurity->action;
                     $oController = new $sControllerName();
                     if (!$oController->{$sActionName}) {
                         return false;
                     }
                     if (!$this->_checkAccess()) {
                         return false;
                     }
                     if (!$this->_checkBlackListIps()) {
                         return false;
                     }
                 }
             }
         }
         if (isset($oSecurity->ips) && !in_array($_SERVER['REMOTE_ADDR'], $oSecurity->ips)) {
             return false;
         }
         if (isset($oSecurity->requires_channel) && $oSecurity->requires_channel == 'https' && !Request::isHttpsRequest()) {
             return false;
         } else {
             if (isset($oSecurity->requires_channel) && $oSecurity->requires_channel == 'http' && (Request::isHttpRequest() && Request::isHttpsRequest() || !Request::isHttpRequest())) {
                 return false;
             }
         }
     }
     return true;
 }