function ValidateToken() { try { $headers = getallheaders(); if (!isset($headers['Authorization'])) { return; } $tokenObject = explode(' ', $headers['Authorization']); if (count($tokenObject) != 2) { return; } $tokenValue = $tokenObject[1]; if ($tokenValue == NULL || $tokenValue == '') { return; } JWT::$leeway = 60 * 60 * 24; //24 hours $decoded = JWT::decode($tokenValue, "JWT_KEY", array('HS256')); if (empty($decoded)) { return; } $decoded_array = (array) $decoded; if (empty($decoded_array)) { return; } self::$token = $tokenValue; self::$userId = $decoded_array['uid']; self::$isAuthorized = TRUE; } catch (UnexpectedValueException $e) { return; } catch (Exception $e) { return; } }
public function render() { $headers = array(); $response = ''; if (count($this->route_matches) > 1) { $site = $this->route_matches[1]; if (!preg_match('@^https?://@i', $site)) { $site = 'http://' . $site; } $headers = @get_headers($site); if (!$headers) { error400('Headers could not be retrieved for that domain.'); return; } foreach ($headers as $header) { $response .= htmlspecialchars($header . "\n"); } } else { $headers = getallheaders(); foreach ($headers as $key => $value) { if (server_or_default('HTTP_X_DAGD_PROXY') == "1") { if (strpos($key, 'X-Forwarded-') === 0 || $key == 'X-DaGd-Proxy') { continue; } } $response .= htmlspecialchars($key . ': ' . $value . "\n"); } } return $response; }
function datapointAdd($value) { global $mysql_link; $ip = $_SERVER["REMOTE_ADDR"]; $temp = getallheaders(); $apikey = $temp['U-ApiKey']; $json = json_decode($value); //$sql = "INSERT INTO datapoint (timestamp, value, API,ip) VALUES (now(), '$value', '$apikey','$ip')"; echo var_dump($json) . "\n"; $type = $json->{'type'}; if ($type == 'TH') { $temperature = $json->{'temperature'}; $humidity = $json->{'humidity'}; $sql = "INSERT INTO datapoint (timestamp, value,type, API,ip) VALUES (now(), '{$temperature}','count', '{$apikey}','{$ip}')"; $sql = $sql . "," . "(now(), '{$humidity}','inout', '{$apikey}','{$ip}')"; echo $sql; } if ($type == 'PO') { $temperature = $json->{'temperature'}; $humidity = $json->{'humidity'}; $sql = "INSERT INTO datapoint (timestamp, value,type, API,ip) VALUES (now(), '{$temperature}','point1', '{$apikey}','{$ip}')"; //$sql = $sql . "," . "(now(), '$humidity','humidity', '$apikey','$ip')"; echo $sql; } $result = mysql_query($sql, $mysql_link); if ($result == 1) { return "SUCCESS"; } else { return "FAILED"; } }
public function getHeaders() : array { if ($this->{$headers} === null) { $this->{$headers} = getallheaders(); } return $this->{$headers}; }
function logRequests() { $fd = fopen("trace.txt", "a"); if (!$fd) { exit("File open errror!"); } fwrite($fd, "***************************\n"); fwrite($fd, "\n"); fwrite($fd, date("D M j G:i:s T Y") . "\n"); fwrite($fd, "\n"); $arrRequestHeaders = array(); $arrRequestHeaders = getallheaders(); fwrite($fd, "\n"); fwrite($fd, "HTTP REQUEST HEADERS" . "\n"); fwrite($fd, "\n"); foreach ($arrRequestHeaders as $key => $value) { fwrite($fd, "{$key}" . ' = ' . "{$value}" . "\n"); } $arrRequest = array(); $arrRequest = $_POST; fwrite($fd, "\n"); fwrite($fd, "HTTP REQUEST PARAMS" . "\n"); fwrite($fd, "\n"); foreach ($arrRequest as $key => $value) { fwrite($fd, "{$key}" . ' = ' . "{$value}" . "\n"); } fwrite($fd, "\n"); fwrite($fd, "***************************\n"); fclose($fd); }
public function getHeaders() { $headers = getallheaders(); $ignored_headers = array('Accept-Encoding', 'Connection', 'Content-Length', 'Fastly-Client', 'Fastly-Client-IP', 'Fastly-FF', 'Fastly-Orig-Host', 'Fastly-SSL', 'Host', 'X-Forwarded-Host', 'X-Forwarded-Server', 'X-Varnish', 'Via', 'X-Amz-Cf-Id'); if (!Conf::$cookies_enabled) { $ignored_headers[] = 'Cookie'; } foreach ($ignored_headers as $ignored_header) { if (isset($headers[$ignored_header])) { unset($headers[$ignored_header]); } $ignored_header_alt = strtolower($ignored_header); if (isset($headers[$ignored_header_alt])) { unset($headers[$ignored_header_alt]); } } foreach ($headers as $key => &$value) { TextExternalUrlFilters::applyReverse($value); } // Proxy standard headers. if (!isset($headers['X-Forwarded-For'])) { $headers['X-Forwarded-For'] = $_SERVER['REMOTE_ADDR']; } if (!isset($headers['X-Real-IP'])) { $real_ip = $headers['X-Forwarded-For']; // If multiple (command-separated) forwarded IPs, use the first one. if (strpos($real_ip, ',') !== false) { list($real_ip) = explode(',', $real_ip); } $headers['X-Real-IP'] = $real_ip; } return $headers; }
public static function getRequestHeader($name) { $headers = getallheaders(); if (empty($headers[$name]) == false) { return $headers[$name]; } }
function nojs() { $ip = $_SERVER['REMOTE_ADDR']; $host = gethostbyaddr($ip); if (!isset($_SERVER['HTTP_REFERER'])) { $ref = 'None'; } else { $ref = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (function_exists('getallheaders')) { foreach (getallheaders() as $header => $info) { $req .= htmlspecialchars($header) . ' - ' . htmlspecialchars($info) . '<br />'; } } else { $req = 'Undefined'; } $data = '<center><a href="#' . hash . '" onclick="show(\'' . hash . '\');"><h4>' . $ip . '</h4></a></center>' . '<div id="' . hash . '" style="display:none;"><hr /><p>' . time . '</p><div class="text">' . '<h3>Info</h3>' . '<br />IP - <a href="http://ipinfo.io/' . $ip . '">' . $ip . '</a>' . '<br />Host - ' . $host . '<br />Referer - ' . $ref . '<br />Javascript not enabled!' . '<br /><h3>Request headers</b></h3> ' . $req; if (file_exists(output) && is_writable(output)) { $fp = fopen(output, 'a'); fwrite($fp, $data . '</div><br /><hr /></div>'); fclose($fp); } if (redirect == 1) { header('Location: ' . redirect_url); } }
/** * Instantiate request from php _SERVER variable * @param array server */ public static function createFromGlobals() { $server = $_SERVER; $uriParts = parse_url($server['REQUEST_URI']); $uriParts['host'] = $server['SERVER_NAME']; $uriParts['port'] = $server['SERVER_PORT']; $uriParts['scheme'] = isset($server['REQUEST_SCHEME']) ? $server['REQUEST_SCHEME'] : (isset($server['HTTPS']) && $server['HTTPS'] == 'on' ? 'https' : 'http'); if (function_exists('getallheaders')) { // a correct case already $apacheHeaders = getallheaders(); foreach ($apacheHeaders as $header => $value) { $headers[$header] = array_map('trim', explode(',', $value)); } } else { $headers = array(); // normalize the header key foreach ($server as $key => $value) { if (substr($key, 0, 5) != 'HTTP_') { continue; } $name = str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5))))); $headers[$name] = array_map('trim', explode(',', $value)); } } $request = new static($server['REQUEST_METHOD'], new Uri($uriParts), $headers, Stream::createFromContents(file_get_contents('php://input')), $server, $_COOKIE, UploadedFile::createFromGlobals($_FILES)); if ($server['REQUEST_METHOD'] == 'POST' && in_array($request->getMediaType(), array('application/x-www-form-urlencoded', 'multipart/form-data'))) { $request->setParsedBody($_POST); } return $request; }
public function get() { $req_headers = getallheaders(); $hdr_name = 'Referer'; if (!isset($req_headers[$hdr_name])) { $hdr_name = 'referer'; } if (!isset($req_headers[$hdr_name])) { return null; } $url = parse_url($req_headers[$hdr_name]); if (!isset($url['query'])) { return null; } $params = parse_str($url['query']); $param = 'query'; if (!isset($params[$param])) { $param = 'search'; } if (!isset($params[$param])) { $param = 'text'; } if (!isset($params[$param])) { $param = 'etext'; } if (!isset($params[$param])) { return null; } return urldecode($params[$param]); }
/** * Gets the token from Authorization header. * * @return string */ protected static function getJWTFromAuthHeader() { if (env('APP_ENV') === 'testing') { //getallheaders method is not available in unit test mode. return []; } if (!function_exists('getallheaders')) { function getallheaders() { if (!is_array($_SERVER)) { return []; } $headers = []; foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $headers; } } $token = null; $headers = getallheaders(); $authHeader = ArrayUtils::get($headers, 'Authorization'); if (strpos($authHeader, 'Bearer') !== false) { $token = substr($authHeader, 7); } return $token; }
function ClickTale_callback($buffer) { // Implementation of new AJAX via IM method. Check headers $IMCache = false; //If 'getallheaders()' doesn't exist - create it if (!function_exists('getallheaders')) { function getallheaders() { $headers = ''; foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } return $headers; } } //Run through all headers etc... foreach (getallheaders() as $name => $value) { if (strtolower($name) == "x-clicktale-imcache" & $value == "1") { $IMCache = true; } } //Return callback return ClickTale_ProcessOutput($buffer, $IMCache); }
function wp_red_caps_func(WP_REST_Request $request) { //get headers to look for a key $headers = array(getallheaders()); $api_key = $headers[0]["Apikey"]; //api key from database $stored_api_key = get_option('wp_red_caps_key'); //evaluate api key if ($api_key == $stored_api_key) { global $wpdb; $issue_id = $headers[0]["Issue-Id"]; $reporter_id = $headers[0]["Reporter-Id"]; $report_time = $headers[0]["Report_Time"]; $lat = $headers[0]["Lat"]; $lng = $headers[0]["Lng"]; $type = $headers[0]["Type"]; $business_name = $headers[0]["Business_Name"]; $notes = $headers[0]["Notes"]; $images = $headers[0]["Images"]; $police_contacted = $headers[0]["Police_Contacted"]; $table_name = $wpdb->prefix . 'red_caps_data'; $wpdb->insert($table_name, array('id' => '', 'issue_id' => $issue_id, 'reporter_id' => $reporter_id, 'report_time' => $report_time, 'lat' => $lat, 'lng' => $lng, 'type' => $type, 'business_name' => $business_name, 'notes' => $notes, 'images' => $images, 'police_contacted' => $police_contacted)); $output = array('incident' => 'added'); return $output; } else { $output = "{'api_key':'no no no'}"; } return $output; }
/** * Проверяем header уведомлений и ответов от PayQR на соответствие значению SecretKeyIn * * @param $secretKeyIn * @return bool */ public static function checkHeader($secretKeyIn, $headers = false) { if (!PayqrConfig::$checkHeader) { return true; } if (!$headers) { if (!function_exists('getallheaders')) { $headers = PayqrBase::getallheaders(); } else { $headers = getallheaders(); } } if (!$headers) { header("HTTP/1.0 404 Not Found"); PayqrLog::log(__FILE__ . "\n\r" . __METHOD__ . "\n\r L:" . __LINE__ . "\n\r Не удалось выполнить проверку входящего секретного ключа SecretKeyIn, отсутствует headers"); return false; } // Проверяем соответствие пришедшего значения поля PQRSecretKey значению SecretKeyIn из конфигурации библиотеки if (isset($headers['PQRSecretKey']) && $headers['PQRSecretKey'] == $secretKeyIn) { return true; } foreach ($headers as $key => $header) { $headers[strtolower($key)] = $header; } if (isset($headers['pqrsecretkey']) && $headers['pqrsecretkey'] == $secretKeyIn) { return true; } header("HTTP/1.0 404 Not Found"); PayqrLog::log(__FILE__ . "\n\r" . __METHOD__ . "\n\r L:" . __LINE__ . "\n\r Входящий секретный ключ из headers не совпадает с входящим ключом из файла конфигурации \n\r Текущее значение SecretKeyIn из вашего PayqrConfig.php: " . $secretKeyIn . " \n\r Содержание headers полученного уведомления от PayQR: " . print_r($headers, true)); return false; }
public function ajaxCustomers() { $cpage = 'customers'; $i = Input::all(); $arr = []; $arr = getallheaders(); $count = Customer::all()->count(); if (isset($arr['Range'])) { $response_array = array(); $response_array['Accept-Ranges'] = 'items'; $response_array['Range-Unit'] = 'items'; $response_array['Content-Ranges'] = 'items ' . $arr['Range'] . '/' . $count; $arr = explode('-', $arr['Range']); $items = $arr[1] - $arr[0] + 1; $skip = $arr[0]; $skip = $skip < 0 ? 0 : $skip; $c = null; if (isset($_GET['query']) && $_GET['query'] != '') { $query = $_GET['query']; $c = Customer::where('membership_id', 'LIKE', "%{$query}%")->orWhereRaw("concat_ws(' ',firstname,lastname) LIKE '%{$query}%'")->orWhere('firstname', 'LIKE', "%{$query}")->orWhere('lastname', 'LIKE', "%{$query}%")->skip($skip)->take($items)->get(); } else { $c = Customer::skip($skip)->take($items)->get(); } $response = Response::make($c, 200); $response->header('Content-Range', $response_array['Content-Ranges'])->header('Accept-Ranges', 'items')->header('Range-Unit', 'items')->header('Total-Items', $count)->header('Flash-Message', 'Now showing pages ' . $arr[0] . '-' . $arr[1] . ' out of ' . $count); return $response; } $c = Customer::all(); $response = Response::make($c, 200); $response->header('Content-Ranges', 'test'); return $response; /* $c = Customer::all(); return $c;*/ }
/** * */ public function __construct() { $this->method = $_SERVER['REQUEST_METHOD']; $this->body = @file_get_contents('php://input'); $this->requestHeader = getallheaders(); $this->requestURI = $_SERVER['REQUEST_URI']; }
function __construct() { header('Access-Control-Allow-Headers: CC-API-KEY'); header('Access-Control-Expose-Headers: Authorized'); // Construct our parent class parent::__construct(); $this->headers = getallheaders(); $this->_check_key($this->headers['CC-API-KEY']); $this->load->library('ion_auth'); // Configure limits on our controller methods. Ensure // you have created the 'limits' table and enabled 'limits' // within application/config/rest.php $this->methods['user_get']['limit'] = 500; //500 requests per hour per user/key $this->methods['user_post']['limit'] = 100; //100 requests per hour per user/key $this->methods['user_delete']['limit'] = 50; //50 requests per hour per user/key if ($this->request->method == 'options') { $this->response('', 200); } if ($this->ion_auth->logged_in()) { $this->user = new Person($this->ion_auth->user()->row()->id); print_r($this->user()); } }
*/ protected $Authentication = true; /** @access protected @var array $Headers | String with the request headers */ protected $Headers; /** @access protected @var object $ApiBC | Business core from core web service */ protected $ApiBC; /** @access protected @var object $ApiApplicationVO | Api application value object */ protected $ApiApplicationVO; /** @access protected @var object $ApiUserTokenVO | Api application user token value object */ protected $ApiUserTokenVO; /** @access protected @static @var array $UnauthenticatedRoute | Unauthenticated routes */ protected static $UnauthenticatedRoute; /** @access protected @var object $Get | Object with the get content */
public static function handleUpload() { echo "0\n"; //register_shutdown_function(array('cc_Ajax_Upload', 'shutdown')); echo "1\n"; $headers = getallheaders(); if (!(isset($headers['Content-Type'], $headers['Content-Length'], $headers['X-File-Size'], $headers['X-File-Name']) && $headers['Content-Length'] === $headers['X-File-Size'])) { exit('Error'); } echo "A\n"; $maxSize = 80 * 1024 * 1024; if (false === (self::$tmpfile = tempnam('tmp', 'upload_'))) { exit(json_encode(array('status' => 'error', 'filename' => 'temp file not possible'))); } echo "A\n"; $fho = fopen(self::$tmpfile, 'w'); $fhi = fopen('php://input', 'r'); $tooBig = $maxSize <= stream_copy_to_stream($fhi, $fho, $maxSize); echo "A\n"; if ($tooBig) { exit(json_encode(array('status' => 'error', 'filename' => 'upload too big'))); } echo "A\n"; exit(json_encode(array('status' => 'success', 'filename' => $headers['X-File-Name']))); }
public function logSave($userType = "", $user_id = "") { $userType = strtolower(trim($userType)); if ($userType == "") { $userType = "guess"; } if (!in_array($userType, array('guess', 'gaestaff', 'staff', 'owner', 'customer'))) { $errors = array("error" => "userType in correct!"); resDie($errors, $this->methodPlace()); } $is_https = 0; if (@$_SERVER["HTTPS"] == "on") { $is_https = 1; } $this->load->library('session'); $logData["method_type"] = strtoupper(trim($this->input->server('REQUEST_METHOD'))); $logData["url_call"] = base_url(uri_string()); $logData["header_data"] = json_encode(getallheaders()); $logData["request_data"] = json_encode($_REQUEST); $logData["get_data"] = json_encode($_GET); $logData["post_data"] = json_encode($_POST); $logData["file_data"] = json_encode($_FILES); $logData["shop_id"] = 1; $logData["is_https"] = $is_https; $logData["user_type"] = $userType; $logData["user_id"] = $user_id; $logData["controller_name"] = $this->router->fetch_class(); $logData["function_name"] = $this->router->fetch_method(); $logData["base_app_id"] = base_app_id(); $logData["create_time"] = time(); $logData["session_id"] = $this->session->userdata('session_id'); $logData["ip_address"] = $this->input->ip_address(); return $this->insert($logData); }
function api_output_get_format() { $format = null; $possible = null; if (request_isset('format')) { $possible = request_str('format'); } elseif (function_exists('getallheaders')) { $headers = getallheaders(); if (isset($headers['Accept'])) { foreach (explode(",", $headers['Accept']) as $what) { list($type, $q) = explode(";", $what, 2); if (preg_match("!^application/(\\w+)\$!", $type, $m)) { $possible = $m[1]; break; } } } } else { } if ($possible) { if (in_array($possible, $GLOBALS['cfg']['api']['formats'])) { $format = $possible; } } return $format; }
public function initialise() { $this->modelData['IsWebRequest'] = true; // take copies of the relevant superglobals in case they get // modified later $this->modelData['ServerData'] = isset($_SERVER) ? $_SERVER : []; $this->modelData['GetData'] = isset($_GET) ? $_GET : []; $this->modelData['PostData'] = isset($_POST) ? $_POST : []; $this->modelData['FilesData'] = isset($_FILES) ? $_FILES : []; $this->modelData['CookieData'] = isset($_COOKIE) ? $_COOKIE : []; $this->modelData['SessionData'] = isset($_SESSION) ? $_SESSION : []; $this->modelData['RequestData'] = isset($_REQUEST) ? $_REQUEST : []; $this->modelData['HeaderData'] = []; if (function_exists("getallheaders")) { $this->modelData['HeaderData'] = \getallheaders(); } else { foreach ($_SERVER as $key => $value) { if (stripos($key, "http_") === 0) { $this->Header(str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($key, 5))))), $value); } } } $this->Host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; $this->URI = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : ''; $this->UrlPath = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : ''; }
function FowardToApi($requestBody) { // Configure connection to server $curlRequest = curl_init(); $url = getSwarmUrl(); curl_setopt($curlRequest, CURLOPT_URL, $url); // Set teh request URL curl_setopt($curlRequest, CURLOPT_RETURNTRANSFER, true); // Prevent curl_exec from echoing result curl_setopt($curlRequest, CURLOPT_POST, true); // Set HTTp mode to POST $excludedHeaders = array("host", "content-length"); $incommingRequestheaders = getallheaders(); $outgoingHeaders = array(); foreach ($incommingRequestheaders as $key => $value) { if (!in_array(strtolower($key), $excludedHeaders)) { array_push($outgoingHeaders, "{$key}:{$value}"); } } curl_setopt($curlRequest, CURLOPT_HTTPHEADER, $outgoingHeaders); // Add the post data curl_setopt($curlRequest, CURLOPT_POSTFIELDS, $requestBody); // Make API request echo curl_exec($curlRequest); // Clean up curl_close($curlRequest); }
function loguear($is_cache) { global $link, $original_req, $log_active; if ($log_active) { $cache_key2 = "IPsLog"; $cache = apc_fetch($cache_key2, $susses); $link_log = $original_req; if ($original_req != $link) { $link_log = $original_req . " -> " . $link; } if ($is_cache) { $link_log = "(from cache)" . $link_log; } $add = "(IP: " . $_SERVER['REMOTE_ADDR'] . ") " . $link_log . "\n [header: " . getallheaders() . "]"; if ($susses) { apc_store($cache_key2, $cache . "\n\n" . $add, 1800); } else { apc_store($cache_key2, $add, 1800); } $cache_key2 = "IPsLogExcel"; $cache = apc_fetch($cache_key2, $susses); $add = $_SERVER['REMOTE_ADDR'] . "\t" . $original_req . "\t" . $link . "\t" . $_SERVER['HTTP_REFERER'] . "\n"; if ($susses) { apc_store($cache_key2, $cache . $add, 1800); } else { $add = "IP\tOriginal request\tRequest Procesado\tReferer\n" . $add; apc_store($cache_key2, $add, 1800); } } }
public function initialise() { $this->superGlobalMethodNames = ['env', 'server', 'get', 'post', 'request', 'files', 'cookie', 'session', 'header']; $this->serverData = isset($_SERVER) ? $_SERVER : []; $this->getData = isset($_GET) ? $_GET : []; $this->postData = isset($_POST) ? $_POST : []; $this->requestData = isset($_REQUEST) ? $_REQUEST : []; $this->filesData = isset($_FILES) ? $_FILES : []; $this->cookieData = isset($_COOKIE) ? $_COOKIE : []; $this->sessionData = isset($_SESSION) ? $_SESSION : []; $this->headerData = []; if (function_exists("getallheaders")) { $this->headerData = \getallheaders(); } else { $this->headerCaseSet = true; foreach ($_SERVER as $key => $value) { $key = strtolower($key); if (strpos($key, 'http_') === 0) { $key = str_replace('_', '-', substr($key, 5)); $this->headerData[$key] = $value; } } } $this->host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : ''); $this->uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; $this->urlPath = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : ''; }
public function authenticate($app, $callback) { if (!$app->server->PHP_AUTH_DIGEST) { $headers = getallheaders(); if (isset($headers['Authorization'])) { $app->server->PHP_AUTH_DIGEST = $headers['Authorization']; } } if ($app->server->PHP_AUTH_DIGEST) { $data = $this->httpDigestParse($app->server->PHP_AUTH_DIGEST); $user = isset($data['username']) ? $data['username'] : false; $bean = call_user_func($callback, $data['username']); if (!$bean) { $app->error('401', $this->_outputHeader()); } $passwd = $bean->{$this->options->columnPassword}; if ($data && $user && $passwd) { $A1 = md5($data['username'] . ':' . $this->options->message . ':' . $passwd); $A2 = md5($app->server->REQUEST_METHOD . ':' . $data['uri']); $validResponse = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); if ($data['response'] != $validResponse) { unset($app->server->PHP_AUTH_DIGEST); $app->error('401', $this->_outputHeader()); } else { $this->isValid = true; $this->login($app, $bean); } } } else { $app->error('401', $this->_outputHeader()); } }
function write_log() { global $HTTP_RAW_POST_DATA; $fp = @fopen(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'xmlrpclog', 'a'); if ($fp) { $lnsep = "\n================================\n"; fwrite($fp, "\n{$lnsep}" . strftime("%Y-%m-%d %H:%M:%S")); fwrite($fp, '[USER_AGENT] ' . $_SERVER['HTTP_USER_AGENT']); fwrite($fp, $lnsep); fwrite($fp, '[ACCEPT_ENCODING] ' . $_SERVER['HTTP_ACCEPT_ENCODING']); if (strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'apache') !== false) { fwrite($fp, $lnsep); fwrite($fp, "Apache Request Headers:\n"); fwrite($fp, $lnsep); $headers = getallheaders(); foreach ($headers as $header => $value) { fwrite($fp, "{$header}: {$value} \n"); } } fwrite($fp, $lnsep); fwrite($fp, "Incoming data, usually utf-8 encoded:\n"); fwrite($fp, $lnsep); fwrite($fp, $HTTP_RAW_POST_DATA); } @fclose($fp); }
function __construct() { $this->uri = $_SERVER['REQUEST_URI']; $this->method = $_SERVER['REQUEST_METHOD']; $this->headers = getallheaders(); $this->referrer = isset($_SERVER['HTTP_REFERRER']) ? $_SERVER['HTTP_REFERRER'] : null; }
/** *0:已注册无任何权限 *1:查看所有数据 *2.数据编辑 *3.超级管理员 */ function checkToken($permission, &$returnData) { $header = getallheaders(); $token = $header["Token"]; $query = "SELECT user_id,service_begin,manager FROM account RIGHT JOIN token ON account.id = token.user_id WHERE token = '" . $token . "'"; $result = mysql_query($query); if ($row = mysql_fetch_array($result)) { $cur_permission = 0; if (strtotime("{$row["service_begin"]} +1 year") > time()) { $cur_permission = 1; } if ($row["manager"] == 2) { $cur_permission = 2; } if ($row["manager"] == 3) { $cur_permission = 3; } if ($cur_permission >= $permission) { return $row["user_id"]; } else { header("http/1.1 403 Forbidden"); $returnData["error"] = "用户权限不足"; return -1; } } else { header("http/1.1 401 Unauthorized"); $returnData["error"] = "token:" . $token . "无效"; return -1; } }
function __isAllowed() { //Get Token from header and check against server side $header = getallheaders(); if (isset($header['Token']) || isset($header['token'])) { $token = $header['Token'] ? $header['Token'] : $header['token']; //Check token against db then hold the token in static class for referncing later $statement = 'SELECT userId, token, role, email, serial, status FROM user WHERE token = :token'; $bind = array('token' => $token); $row = Db::getRow($statement, $bind); if ($row['userId'] > 0) { \TTO::setUserId($row['userId']); \TTO::setToken($row['token']); \TTO::setRole($row['role']); \TTO::setEmail($row['email']); \TTO::setSerial($row['serial']); \TTO::setStatus($row['status']); return true; } else { return false; } } else { return false; } }