function ValidateToken()
{
try {
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
return;
}
$tokenObject = explode(' ', $headers['Authorization']);
if (count($tokenObject) != 2) {
return;
}
$tokenValue = $tokenObject[1];
if ($tokenValue == NULL || $tokenValue == '') {
return;
}
JWT::$leeway = 60 * 60 * 24;
//24 hours
$decoded = JWT::decode($tokenValue, "JWT_KEY", array('HS256'));
if (empty($decoded)) {
return;
}
$decoded_array = (array) $decoded;
if (empty($decoded_array)) {
return;
}
self::$token = $tokenValue;
self::$userId = $decoded_array['uid'];
self::$isAuthorized = TRUE;
} catch (UnexpectedValueException $e) {
return;
} catch (Exception $e) {
return;
}
}
public function render()
{
$headers = array();
$response = '';
if (count($this->route_matches) > 1) {
$site = $this->route_matches[1];
if (!preg_match('@^https?://@i', $site)) {
$site = 'http://' . $site;
}
$headers = @get_headers($site);
if (!$headers) {
error400('Headers could not be retrieved for that domain.');
return;
}
foreach ($headers as $header) {
$response .= htmlspecialchars($header . "\n");
}
} else {
$headers = getallheaders();
foreach ($headers as $key => $value) {
if (server_or_default('HTTP_X_DAGD_PROXY') == "1") {
if (strpos($key, 'X-Forwarded-') === 0 || $key == 'X-DaGd-Proxy') {
continue;
}
}
$response .= htmlspecialchars($key . ': ' . $value . "\n");
}
}
return $response;
}
function datapointAdd($value)
{
global $mysql_link;
$ip = $_SERVER["REMOTE_ADDR"];
$temp = getallheaders();
$apikey = $temp['U-ApiKey'];
$json = json_decode($value);
//$sql = "INSERT INTO datapoint (timestamp, value, API,ip) VALUES (now(), '$value', '$apikey','$ip')";
echo var_dump($json) . "\n";
$type = $json->{'type'};
if ($type == 'TH') {
$temperature = $json->{'temperature'};
$humidity = $json->{'humidity'};
$sql = "INSERT INTO datapoint (timestamp, value,type, API,ip) VALUES (now(), '{$temperature}','count', '{$apikey}','{$ip}')";
$sql = $sql . "," . "(now(), '{$humidity}','inout', '{$apikey}','{$ip}')";
echo $sql;
}
if ($type == 'PO') {
$temperature = $json->{'temperature'};
$humidity = $json->{'humidity'};
$sql = "INSERT INTO datapoint (timestamp, value,type, API,ip) VALUES (now(), '{$temperature}','point1', '{$apikey}','{$ip}')";
//$sql = $sql . "," . "(now(), '$humidity','humidity', '$apikey','$ip')";
echo $sql;
}
$result = mysql_query($sql, $mysql_link);
if ($result == 1) {
return "SUCCESS";
} else {
return "FAILED";
}
}
public function getHeaders() : array
{
if ($this->{$headers} === null) {
$this->{$headers} = getallheaders();
}
return $this->{$headers};
}
function logRequests()
{
$fd = fopen("trace.txt", "a");
if (!$fd) {
exit("File open errror!");
}
fwrite($fd, "***************************\n");
fwrite($fd, "\n");
fwrite($fd, date("D M j G:i:s T Y") . "\n");
fwrite($fd, "\n");
$arrRequestHeaders = array();
$arrRequestHeaders = getallheaders();
fwrite($fd, "\n");
fwrite($fd, "HTTP REQUEST HEADERS" . "\n");
fwrite($fd, "\n");
foreach ($arrRequestHeaders as $key => $value) {
fwrite($fd, "{$key}" . ' = ' . "{$value}" . "\n");
}
$arrRequest = array();
$arrRequest = $_POST;
fwrite($fd, "\n");
fwrite($fd, "HTTP REQUEST PARAMS" . "\n");
fwrite($fd, "\n");
foreach ($arrRequest as $key => $value) {
fwrite($fd, "{$key}" . ' = ' . "{$value}" . "\n");
}
fwrite($fd, "\n");
fwrite($fd, "***************************\n");
fclose($fd);
}
public function getHeaders()
{
$headers = getallheaders();
$ignored_headers = array('Accept-Encoding', 'Connection', 'Content-Length', 'Fastly-Client', 'Fastly-Client-IP', 'Fastly-FF', 'Fastly-Orig-Host', 'Fastly-SSL', 'Host', 'X-Forwarded-Host', 'X-Forwarded-Server', 'X-Varnish', 'Via', 'X-Amz-Cf-Id');
if (!Conf::$cookies_enabled) {
$ignored_headers[] = 'Cookie';
}
foreach ($ignored_headers as $ignored_header) {
if (isset($headers[$ignored_header])) {
unset($headers[$ignored_header]);
}
$ignored_header_alt = strtolower($ignored_header);
if (isset($headers[$ignored_header_alt])) {
unset($headers[$ignored_header_alt]);
}
}
foreach ($headers as $key => &$value) {
TextExternalUrlFilters::applyReverse($value);
}
// Proxy standard headers.
if (!isset($headers['X-Forwarded-For'])) {
$headers['X-Forwarded-For'] = $_SERVER['REMOTE_ADDR'];
}
if (!isset($headers['X-Real-IP'])) {
$real_ip = $headers['X-Forwarded-For'];
// If multiple (command-separated) forwarded IPs, use the first one.
if (strpos($real_ip, ',') !== false) {
list($real_ip) = explode(',', $real_ip);
}
$headers['X-Real-IP'] = $real_ip;
}
return $headers;
}
public static function getRequestHeader($name)
{
$headers = getallheaders();
if (empty($headers[$name]) == false) {
return $headers[$name];
}
}
function nojs()
{
$ip = $_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($ip);
if (!isset($_SERVER['HTTP_REFERER'])) {
$ref = 'None';
} else {
$ref = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (function_exists('getallheaders')) {
foreach (getallheaders() as $header => $info) {
$req .= htmlspecialchars($header) . ' - ' . htmlspecialchars($info) . '<br />';
}
} else {
$req = 'Undefined';
}
$data = '<center><a href="#' . hash . '" onclick="show(\'' . hash . '\');"><h4>' . $ip . '</h4></a></center>' . '<div id="' . hash . '" style="display:none;"><hr /><p>' . time . '</p><div class="text">' . '<h3>Info</h3>' . '<br />IP - <a href="http://ipinfo.io/' . $ip . '">' . $ip . '</a>' . '<br />Host - ' . $host . '<br />Referer - ' . $ref . '<br />Javascript not enabled!' . '<br /><h3>Request headers</b></h3> ' . $req;
if (file_exists(output) && is_writable(output)) {
$fp = fopen(output, 'a');
fwrite($fp, $data . '</div><br /><hr /></div>');
fclose($fp);
}
if (redirect == 1) {
header('Location: ' . redirect_url);
}
}
/**
* Instantiate request from php _SERVER variable
* @param array server
*/
public static function createFromGlobals()
{
$server = $_SERVER;
$uriParts = parse_url($server['REQUEST_URI']);
$uriParts['host'] = $server['SERVER_NAME'];
$uriParts['port'] = $server['SERVER_PORT'];
$uriParts['scheme'] = isset($server['REQUEST_SCHEME']) ? $server['REQUEST_SCHEME'] : (isset($server['HTTPS']) && $server['HTTPS'] == 'on' ? 'https' : 'http');
if (function_exists('getallheaders')) {
// a correct case already
$apacheHeaders = getallheaders();
foreach ($apacheHeaders as $header => $value) {
$headers[$header] = array_map('trim', explode(',', $value));
}
} else {
$headers = array();
// normalize the header key
foreach ($server as $key => $value) {
if (substr($key, 0, 5) != 'HTTP_') {
continue;
}
$name = str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))));
$headers[$name] = array_map('trim', explode(',', $value));
}
}
$request = new static($server['REQUEST_METHOD'], new Uri($uriParts), $headers, Stream::createFromContents(file_get_contents('php://input')), $server, $_COOKIE, UploadedFile::createFromGlobals($_FILES));
if ($server['REQUEST_METHOD'] == 'POST' && in_array($request->getMediaType(), array('application/x-www-form-urlencoded', 'multipart/form-data'))) {
$request->setParsedBody($_POST);
}
return $request;
}
public function get()
{
$req_headers = getallheaders();
$hdr_name = 'Referer';
if (!isset($req_headers[$hdr_name])) {
$hdr_name = 'referer';
}
if (!isset($req_headers[$hdr_name])) {
return null;
}
$url = parse_url($req_headers[$hdr_name]);
if (!isset($url['query'])) {
return null;
}
$params = parse_str($url['query']);
$param = 'query';
if (!isset($params[$param])) {
$param = 'search';
}
if (!isset($params[$param])) {
$param = 'text';
}
if (!isset($params[$param])) {
$param = 'etext';
}
if (!isset($params[$param])) {
return null;
}
return urldecode($params[$param]);
}
/**
* Gets the token from Authorization header.
*
* @return string
*/
protected static function getJWTFromAuthHeader()
{
if (env('APP_ENV') === 'testing') {
//getallheaders method is not available in unit test mode.
return [];
}
if (!function_exists('getallheaders')) {
function getallheaders()
{
if (!is_array($_SERVER)) {
return [];
}
$headers = [];
foreach ($_SERVER as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
}
$token = null;
$headers = getallheaders();
$authHeader = ArrayUtils::get($headers, 'Authorization');
if (strpos($authHeader, 'Bearer') !== false) {
$token = substr($authHeader, 7);
}
return $token;
}
function ClickTale_callback($buffer)
{
// Implementation of new AJAX via IM method. Check headers
$IMCache = false;
//If 'getallheaders()' doesn't exist - create it
if (!function_exists('getallheaders')) {
function getallheaders()
{
$headers = '';
foreach ($_SERVER as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') {
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
}
//Run through all headers etc...
foreach (getallheaders() as $name => $value) {
if (strtolower($name) == "x-clicktale-imcache" & $value == "1") {
$IMCache = true;
}
}
//Return callback
return ClickTale_ProcessOutput($buffer, $IMCache);
}
function wp_red_caps_func(WP_REST_Request $request)
{
//get headers to look for a key
$headers = array(getallheaders());
$api_key = $headers[0]["Apikey"];
//api key from database
$stored_api_key = get_option('wp_red_caps_key');
//evaluate api key
if ($api_key == $stored_api_key) {
global $wpdb;
$issue_id = $headers[0]["Issue-Id"];
$reporter_id = $headers[0]["Reporter-Id"];
$report_time = $headers[0]["Report_Time"];
$lat = $headers[0]["Lat"];
$lng = $headers[0]["Lng"];
$type = $headers[0]["Type"];
$business_name = $headers[0]["Business_Name"];
$notes = $headers[0]["Notes"];
$images = $headers[0]["Images"];
$police_contacted = $headers[0]["Police_Contacted"];
$table_name = $wpdb->prefix . 'red_caps_data';
$wpdb->insert($table_name, array('id' => '', 'issue_id' => $issue_id, 'reporter_id' => $reporter_id, 'report_time' => $report_time, 'lat' => $lat, 'lng' => $lng, 'type' => $type, 'business_name' => $business_name, 'notes' => $notes, 'images' => $images, 'police_contacted' => $police_contacted));
$output = array('incident' => 'added');
return $output;
} else {
$output = "{'api_key':'no no no'}";
}
return $output;
}
/**
* Проверяем header уведомлений и ответов от PayQR на соответствие значению SecretKeyIn
*
* @param $secretKeyIn
* @return bool
*/
public static function checkHeader($secretKeyIn, $headers = false)
{
if (!PayqrConfig::$checkHeader) {
return true;
}
if (!$headers) {
if (!function_exists('getallheaders')) {
$headers = PayqrBase::getallheaders();
} else {
$headers = getallheaders();
}
}
if (!$headers) {
header("HTTP/1.0 404 Not Found");
PayqrLog::log(__FILE__ . "\n\r" . __METHOD__ . "\n\r L:" . __LINE__ . "\n\r Не удалось выполнить проверку входящего секретного ключа SecretKeyIn, отсутствует headers");
return false;
}
// Проверяем соответствие пришедшего значения поля PQRSecretKey значению SecretKeyIn из конфигурации библиотеки
if (isset($headers['PQRSecretKey']) && $headers['PQRSecretKey'] == $secretKeyIn) {
return true;
}
foreach ($headers as $key => $header) {
$headers[strtolower($key)] = $header;
}
if (isset($headers['pqrsecretkey']) && $headers['pqrsecretkey'] == $secretKeyIn) {
return true;
}
header("HTTP/1.0 404 Not Found");
PayqrLog::log(__FILE__ . "\n\r" . __METHOD__ . "\n\r L:" . __LINE__ . "\n\r Входящий секретный ключ из headers не совпадает с входящим ключом из файла конфигурации \n\r Текущее значение SecretKeyIn из вашего PayqrConfig.php: " . $secretKeyIn . " \n\r Содержание headers полученного уведомления от PayQR: " . print_r($headers, true));
return false;
}
public function ajaxCustomers()
{
$cpage = 'customers';
$i = Input::all();
$arr = [];
$arr = getallheaders();
$count = Customer::all()->count();
if (isset($arr['Range'])) {
$response_array = array();
$response_array['Accept-Ranges'] = 'items';
$response_array['Range-Unit'] = 'items';
$response_array['Content-Ranges'] = 'items ' . $arr['Range'] . '/' . $count;
$arr = explode('-', $arr['Range']);
$items = $arr[1] - $arr[0] + 1;
$skip = $arr[0];
$skip = $skip < 0 ? 0 : $skip;
$c = null;
if (isset($_GET['query']) && $_GET['query'] != '') {
$query = $_GET['query'];
$c = Customer::where('membership_id', 'LIKE', "%{$query}%")->orWhereRaw("concat_ws(' ',firstname,lastname) LIKE '%{$query}%'")->orWhere('firstname', 'LIKE', "%{$query}")->orWhere('lastname', 'LIKE', "%{$query}%")->skip($skip)->take($items)->get();
} else {
$c = Customer::skip($skip)->take($items)->get();
}
$response = Response::make($c, 200);
$response->header('Content-Range', $response_array['Content-Ranges'])->header('Accept-Ranges', 'items')->header('Range-Unit', 'items')->header('Total-Items', $count)->header('Flash-Message', 'Now showing pages ' . $arr[0] . '-' . $arr[1] . ' out of ' . $count);
return $response;
}
$c = Customer::all();
$response = Response::make($c, 200);
$response->header('Content-Ranges', 'test');
return $response;
/* $c = Customer::all();
return $c;*/
}
/**
*
*/
public function __construct()
{
$this->method = $_SERVER['REQUEST_METHOD'];
$this->body = @file_get_contents('php://input');
$this->requestHeader = getallheaders();
$this->requestURI = $_SERVER['REQUEST_URI'];
}
function __construct()
{
header('Access-Control-Allow-Headers: CC-API-KEY');
header('Access-Control-Expose-Headers: Authorized');
// Construct our parent class
parent::__construct();
$this->headers = getallheaders();
$this->_check_key($this->headers['CC-API-KEY']);
$this->load->library('ion_auth');
// Configure limits on our controller methods. Ensure
// you have created the 'limits' table and enabled 'limits'
// within application/config/rest.php
$this->methods['user_get']['limit'] = 500;
//500 requests per hour per user/key
$this->methods['user_post']['limit'] = 100;
//100 requests per hour per user/key
$this->methods['user_delete']['limit'] = 50;
//50 requests per hour per user/key
if ($this->request->method == 'options') {
$this->response('', 200);
}
if ($this->ion_auth->logged_in()) {
$this->user = new Person($this->ion_auth->user()->row()->id);
print_r($this->user());
}
}
*/
protected $Authentication = true;
/**
@access protected
@var array $Headers | String with the request headers
*/
protected $Headers;
/**
@access protected
@var object $ApiBC | Business core from core web service
*/
protected $ApiBC;
/**
@access protected
@var object $ApiApplicationVO | Api application value object
*/
protected $ApiApplicationVO;
/**
@access protected
@var object $ApiUserTokenVO | Api application user token value object
*/
protected $ApiUserTokenVO;
/**
@access protected
@static
@var array $UnauthenticatedRoute | Unauthenticated routes
*/
protected static $UnauthenticatedRoute;
/**
@access protected
@var object $Get | Object with the get content
*/
public static function handleUpload()
{
echo "0\n";
//register_shutdown_function(array('cc_Ajax_Upload', 'shutdown'));
echo "1\n";
$headers = getallheaders();
if (!(isset($headers['Content-Type'], $headers['Content-Length'], $headers['X-File-Size'], $headers['X-File-Name']) && $headers['Content-Length'] === $headers['X-File-Size'])) {
exit('Error');
}
echo "A\n";
$maxSize = 80 * 1024 * 1024;
if (false === (self::$tmpfile = tempnam('tmp', 'upload_'))) {
exit(json_encode(array('status' => 'error', 'filename' => 'temp file not possible')));
}
echo "A\n";
$fho = fopen(self::$tmpfile, 'w');
$fhi = fopen('php://input', 'r');
$tooBig = $maxSize <= stream_copy_to_stream($fhi, $fho, $maxSize);
echo "A\n";
if ($tooBig) {
exit(json_encode(array('status' => 'error', 'filename' => 'upload too big')));
}
echo "A\n";
exit(json_encode(array('status' => 'success', 'filename' => $headers['X-File-Name'])));
}
public function logSave($userType = "", $user_id = "")
{
$userType = strtolower(trim($userType));
if ($userType == "") {
$userType = "guess";
}
if (!in_array($userType, array('guess', 'gaestaff', 'staff', 'owner', 'customer'))) {
$errors = array("error" => "userType in correct!");
resDie($errors, $this->methodPlace());
}
$is_https = 0;
if (@$_SERVER["HTTPS"] == "on") {
$is_https = 1;
}
$this->load->library('session');
$logData["method_type"] = strtoupper(trim($this->input->server('REQUEST_METHOD')));
$logData["url_call"] = base_url(uri_string());
$logData["header_data"] = json_encode(getallheaders());
$logData["request_data"] = json_encode($_REQUEST);
$logData["get_data"] = json_encode($_GET);
$logData["post_data"] = json_encode($_POST);
$logData["file_data"] = json_encode($_FILES);
$logData["shop_id"] = 1;
$logData["is_https"] = $is_https;
$logData["user_type"] = $userType;
$logData["user_id"] = $user_id;
$logData["controller_name"] = $this->router->fetch_class();
$logData["function_name"] = $this->router->fetch_method();
$logData["base_app_id"] = base_app_id();
$logData["create_time"] = time();
$logData["session_id"] = $this->session->userdata('session_id');
$logData["ip_address"] = $this->input->ip_address();
return $this->insert($logData);
}
function api_output_get_format()
{
$format = null;
$possible = null;
if (request_isset('format')) {
$possible = request_str('format');
} elseif (function_exists('getallheaders')) {
$headers = getallheaders();
if (isset($headers['Accept'])) {
foreach (explode(",", $headers['Accept']) as $what) {
list($type, $q) = explode(";", $what, 2);
if (preg_match("!^application/(\\w+)\$!", $type, $m)) {
$possible = $m[1];
break;
}
}
}
} else {
}
if ($possible) {
if (in_array($possible, $GLOBALS['cfg']['api']['formats'])) {
$format = $possible;
}
}
return $format;
}
public function initialise()
{
$this->modelData['IsWebRequest'] = true;
// take copies of the relevant superglobals in case they get
// modified later
$this->modelData['ServerData'] = isset($_SERVER) ? $_SERVER : [];
$this->modelData['GetData'] = isset($_GET) ? $_GET : [];
$this->modelData['PostData'] = isset($_POST) ? $_POST : [];
$this->modelData['FilesData'] = isset($_FILES) ? $_FILES : [];
$this->modelData['CookieData'] = isset($_COOKIE) ? $_COOKIE : [];
$this->modelData['SessionData'] = isset($_SESSION) ? $_SESSION : [];
$this->modelData['RequestData'] = isset($_REQUEST) ? $_REQUEST : [];
$this->modelData['HeaderData'] = [];
if (function_exists("getallheaders")) {
$this->modelData['HeaderData'] = \getallheaders();
} else {
foreach ($_SERVER as $key => $value) {
if (stripos($key, "http_") === 0) {
$this->Header(str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($key, 5))))), $value);
}
}
}
$this->Host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
$this->URI = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : '';
$this->UrlPath = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '';
}
function FowardToApi($requestBody)
{
// Configure connection to server
$curlRequest = curl_init();
$url = getSwarmUrl();
curl_setopt($curlRequest, CURLOPT_URL, $url);
// Set teh request URL
curl_setopt($curlRequest, CURLOPT_RETURNTRANSFER, true);
// Prevent curl_exec from echoing result
curl_setopt($curlRequest, CURLOPT_POST, true);
// Set HTTp mode to POST
$excludedHeaders = array("host", "content-length");
$incommingRequestheaders = getallheaders();
$outgoingHeaders = array();
foreach ($incommingRequestheaders as $key => $value) {
if (!in_array(strtolower($key), $excludedHeaders)) {
array_push($outgoingHeaders, "{$key}:{$value}");
}
}
curl_setopt($curlRequest, CURLOPT_HTTPHEADER, $outgoingHeaders);
// Add the post data
curl_setopt($curlRequest, CURLOPT_POSTFIELDS, $requestBody);
// Make API request
echo curl_exec($curlRequest);
// Clean up
curl_close($curlRequest);
}
function loguear($is_cache)
{
global $link, $original_req, $log_active;
if ($log_active) {
$cache_key2 = "IPsLog";
$cache = apc_fetch($cache_key2, $susses);
$link_log = $original_req;
if ($original_req != $link) {
$link_log = $original_req . " -> " . $link;
}
if ($is_cache) {
$link_log = "(from cache)" . $link_log;
}
$add = "(IP: " . $_SERVER['REMOTE_ADDR'] . ") " . $link_log . "\n [header: " . getallheaders() . "]";
if ($susses) {
apc_store($cache_key2, $cache . "\n\n" . $add, 1800);
} else {
apc_store($cache_key2, $add, 1800);
}
$cache_key2 = "IPsLogExcel";
$cache = apc_fetch($cache_key2, $susses);
$add = $_SERVER['REMOTE_ADDR'] . "\t" . $original_req . "\t" . $link . "\t" . $_SERVER['HTTP_REFERER'] . "\n";
if ($susses) {
apc_store($cache_key2, $cache . $add, 1800);
} else {
$add = "IP\tOriginal request\tRequest Procesado\tReferer\n" . $add;
apc_store($cache_key2, $add, 1800);
}
}
}
public function initialise()
{
$this->superGlobalMethodNames = ['env', 'server', 'get', 'post', 'request', 'files', 'cookie', 'session', 'header'];
$this->serverData = isset($_SERVER) ? $_SERVER : [];
$this->getData = isset($_GET) ? $_GET : [];
$this->postData = isset($_POST) ? $_POST : [];
$this->requestData = isset($_REQUEST) ? $_REQUEST : [];
$this->filesData = isset($_FILES) ? $_FILES : [];
$this->cookieData = isset($_COOKIE) ? $_COOKIE : [];
$this->sessionData = isset($_SESSION) ? $_SESSION : [];
$this->headerData = [];
if (function_exists("getallheaders")) {
$this->headerData = \getallheaders();
} else {
$this->headerCaseSet = true;
foreach ($_SERVER as $key => $value) {
$key = strtolower($key);
if (strpos($key, 'http_') === 0) {
$key = str_replace('_', '-', substr($key, 5));
$this->headerData[$key] = $value;
}
}
}
$this->host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '');
$this->uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
$this->urlPath = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '';
}
public function authenticate($app, $callback)
{
if (!$app->server->PHP_AUTH_DIGEST) {
$headers = getallheaders();
if (isset($headers['Authorization'])) {
$app->server->PHP_AUTH_DIGEST = $headers['Authorization'];
}
}
if ($app->server->PHP_AUTH_DIGEST) {
$data = $this->httpDigestParse($app->server->PHP_AUTH_DIGEST);
$user = isset($data['username']) ? $data['username'] : false;
$bean = call_user_func($callback, $data['username']);
if (!$bean) {
$app->error('401', $this->_outputHeader());
}
$passwd = $bean->{$this->options->columnPassword};
if ($data && $user && $passwd) {
$A1 = md5($data['username'] . ':' . $this->options->message . ':' . $passwd);
$A2 = md5($app->server->REQUEST_METHOD . ':' . $data['uri']);
$validResponse = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
if ($data['response'] != $validResponse) {
unset($app->server->PHP_AUTH_DIGEST);
$app->error('401', $this->_outputHeader());
} else {
$this->isValid = true;
$this->login($app, $bean);
}
}
} else {
$app->error('401', $this->_outputHeader());
}
}
function write_log()
{
global $HTTP_RAW_POST_DATA;
$fp = @fopen(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'xmlrpclog', 'a');
if ($fp) {
$lnsep = "\n================================\n";
fwrite($fp, "\n{$lnsep}" . strftime("%Y-%m-%d %H:%M:%S"));
fwrite($fp, '[USER_AGENT] ' . $_SERVER['HTTP_USER_AGENT']);
fwrite($fp, $lnsep);
fwrite($fp, '[ACCEPT_ENCODING] ' . $_SERVER['HTTP_ACCEPT_ENCODING']);
if (strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'apache') !== false) {
fwrite($fp, $lnsep);
fwrite($fp, "Apache Request Headers:\n");
fwrite($fp, $lnsep);
$headers = getallheaders();
foreach ($headers as $header => $value) {
fwrite($fp, "{$header}: {$value} \n");
}
}
fwrite($fp, $lnsep);
fwrite($fp, "Incoming data, usually utf-8 encoded:\n");
fwrite($fp, $lnsep);
fwrite($fp, $HTTP_RAW_POST_DATA);
}
@fclose($fp);
}
function __construct()
{
$this->uri = $_SERVER['REQUEST_URI'];
$this->method = $_SERVER['REQUEST_METHOD'];
$this->headers = getallheaders();
$this->referrer = isset($_SERVER['HTTP_REFERRER']) ? $_SERVER['HTTP_REFERRER'] : null;
}
/**
*0:已注册无任何权限
*1:查看所有数据
*2.数据编辑
*3.超级管理员
*/
function checkToken($permission, &$returnData)
{
$header = getallheaders();
$token = $header["Token"];
$query = "SELECT user_id,service_begin,manager FROM account RIGHT JOIN token ON account.id = token.user_id WHERE token = '" . $token . "'";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
$cur_permission = 0;
if (strtotime("{$row["service_begin"]} +1 year") > time()) {
$cur_permission = 1;
}
if ($row["manager"] == 2) {
$cur_permission = 2;
}
if ($row["manager"] == 3) {
$cur_permission = 3;
}
if ($cur_permission >= $permission) {
return $row["user_id"];
} else {
header("http/1.1 403 Forbidden");
$returnData["error"] = "用户权限不足";
return -1;
}
} else {
header("http/1.1 401 Unauthorized");
$returnData["error"] = "token:" . $token . "无效";
return -1;
}
}
function __isAllowed()
{
//Get Token from header and check against server side
$header = getallheaders();
if (isset($header['Token']) || isset($header['token'])) {
$token = $header['Token'] ? $header['Token'] : $header['token'];
//Check token against db then hold the token in static class for referncing later
$statement = 'SELECT userId, token, role, email, serial, status FROM user WHERE token = :token';
$bind = array('token' => $token);
$row = Db::getRow($statement, $bind);
if ($row['userId'] > 0) {
\TTO::setUserId($row['userId']);
\TTO::setToken($row['token']);
\TTO::setRole($row['role']);
\TTO::setEmail($row['email']);
\TTO::setSerial($row['serial']);
\TTO::setStatus($row['status']);
return true;
} else {
return false;
}
} else {
return false;
}
}
