Пример #1
0
 public function run()
 {
     // For debugger
     $this->addTimer('<i>Application</i>');
     // Create fresh response
     $timer = $this->addTimer('Create response');
     $response = new Ajde_Http_Response();
     $this->setResponse($response);
     $this->endTimer($timer);
     // Bootstrap init
     $timer = $this->addTimer('Run bootstrap cue');
     $bootstrap = new Ajde_Core_Bootstrap();
     $bootstrap->run();
     $this->endTimer($timer);
     // Get request
     $timer = $this->addTimer('Read in global request');
     $request = Ajde_Http_Request::fromGlobal();
     $this->setRequest($request);
     $this->endTimer($timer);
     // Get route
     $timer = $this->addTimer('Initialize route');
     $route = $request->initRoute();
     $this->setRoute($route);
     $this->endTimer($timer);
     // Load document
     $timer = $this->addTimer('Create document');
     $document = Ajde_Document::fromRoute($route);
     $this->setDocument($document);
     $this->endTimer($timer);
     // Load controller
     $timer = $this->addTimer('Load controller');
     $controller = Ajde_Controller::fromRoute($route);
     $this->setController($controller);
     $this->endTimer($timer);
     // Invoke controller action
     $timer = $this->addTimer('Invoke controller');
     $actionResult = $controller->invoke();
     $document->setBody($actionResult);
     $this->endTimer($timer);
     // Get document contents
     $timer = $this->addTimer('Render document');
     $contents = $document->render();
     $this->endTimer($timer);
     // Let the cache handle the contents and have it saved to the response
     $timer = $this->addTimer('Save to response');
     $cache = Ajde_Cache::getInstance();
     $cache->setContents($contents);
     $cache->saveResponse();
     $this->endTimer($timer);
     // Output the buffer
     $response->send();
 }
Пример #2
0
 public function loadRequest()
 {
     $request = Ajde_Http_Request::fromGlobal();
     $this->setRequest($request);
     return $request;
 }
Пример #3
0
 public function __bootstrap()
 {
     // Session name
     $sessionName = config('app.id') . '_session';
     session_name($sessionName);
     // Session lifetime
     $lifetime = config('session.lifetime');
     // Security garbage collector
     ini_set('session.gc_maxlifetime', $lifetime == 0 ? 180 * 60 : $lifetime * 60);
     // PHP session garbage collection timeout in minutes
     ini_set('session.gc_divisor', 100);
     // Set divisor and probability for cronjob Ubuntu/Debian
     //		ini_set('session.gc_probability', 1);	// @see http://www.php.net/manual/en/function.session-save-path.php#98106
     // Set session save path
     if (config('session.savepath')) {
         ini_set('session.save_path', str_replace('~', LOCAL_ROOT, config('session.savepath')));
     }
     // Set sessions to use cookies
     ini_set('session.use_cookies', 1);
     ini_set('session.use_only_cookies', 1);
     // @see http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies
     // Session cookie parameter
     $path = config('app.path');
     $domain = config('security.cookie.domain');
     $secure = config('security.cookie.secure');
     $httponly = config('security.cookie.httponly');
     // Set cookie lifetime
     session_set_cookie_params($lifetime * 60, $path, $domain, $secure, $httponly);
     session_cache_limiter('private_no_expire');
     // Start the session!
     session_start();
     // Strengthen session security with REMOTE_ADDR and HTTP_USER_AGENT
     // @see http://shiflett.org/articles/session-hijacking
     // Removed REMOTE_ADDR, use HTTP_X_FORWARDED_FOR if available
     $remoteIp = Ajde_Http_Request::getClientIP();
     // Ignore Google Chrome frame as it has a split personality
     // @todo TODO: security issue!!
     // @see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started/understanding-chrome-frame-user-agent
     if (isset($_SERVER['HTTP_USER_AGENT']) && substr_count($_SERVER['HTTP_USER_AGENT'], 'chromeframe/') === 0 && isset($_SESSION['client']) && $_SESSION['client'] !== md5($remoteIp . $_SERVER['HTTP_USER_AGENT'] . config('security.secret'))) {
         // TODO: overhead to call session_regenerate_id? is it not required??
         //session_regenerate_id();
         // thoroughly destroy the current session
         session_destroy();
         unset($_SESSION);
         setcookie(session_name(), session_id(), time() - 3600, $path, $domain, $secure, $httponly);
         // TODO:
         $exception = new Ajde_Core_Exception_Security('Possible session hijacking detected. Bailing out.');
         if (config('app.debug') === true) {
             throw $exception;
         } else {
             // don't redirect/log for resource items, as they should have no side effect
             // this makes it possible for i.e. web crawlers/error pages to view resources
             $request = Ajde_Http_Request::fromGlobal();
             $route = $request->initRoute();
             Ajde::app()->setRequest($request);
             if (!in_array($route->getFormat(), ['css', 'js'])) {
                 Ajde_Exception_Log::logException($exception);
                 Ajde_Cache::getInstance()->disable();
                 // Just destroying the session should be enough
                 //					Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
             }
         }
     } else {
         $_SESSION['client'] = md5($remoteIp . issetor($_SERVER['HTTP_USER_AGENT']) . config('security.secret'));
         if ($lifetime > 0) {
             // Force send new cookie with updated lifetime (forcing keep-alive)
             // @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100672
             //session_regenerate_id();
             // Set cookie manually if session_start didn't just sent a cookie
             // @see http://www.php.net/manual/en/function.session-set-cookie-params.php#100657
             if (isset($_COOKIE[$sessionName])) {
                 setcookie(session_name(), session_id(), time() + $lifetime * 60, $path, $domain, $secure, $httponly);
             }
         }
     }
     // remove cache headers invoked by session_start();
     if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
         header_remove('X-Powered-By');
     }
     return true;
 }