Пример #1
0
 /**
  * 临时授权 / 用户授权 / token 接口 / 回调接口
  *
  * @return array
  */
 public function aGetPara()
 {
     if ('GET' === Ko_Web_Request::SRequestMethod()) {
         return $this->_aReq = Ko_Web_Request::AGet(false, 'UTF-8');
     }
     return $this->_aReq = Ko_Web_Request::APost(false, 'UTF-8');
 }
Пример #2
0
 /**
  * 通过设置 POST 时允许的 ref 域名来保证基本的安全
  *
  * @param array $aPostAllowRefDomain 只允许ref为同样的域名 array(),
  *                                   允许ref为任意域名 array('*'),
  *                                   允许ref为指定某些域名 array('*.test.com', 'www.demo.com'),
  *                                   ref为空被视为可以访问不进行这些检查
  */
 public static function BCheckMethod($aPostAllowRefDomain = array())
 {
     if ('POST' === Ko_Web_Request::SRequestMethod()) {
         $referer = Ko_Web_Request::SHttpReferer();
         if (strlen($referer)) {
             $refinfo = parse_url(strtolower($referer));
             if (empty($aPostAllowRefDomain)) {
                 list($host, $port) = explode(':', Ko_Web_Request::SHttpHost(), 2);
                 if ($refinfo['host'] !== $host) {
                     return false;
                 }
             } else {
                 if (!self::_BCheckDomains($refinfo['host'], $aPostAllowRefDomain)) {
                     return false;
                 }
             }
         }
     }
     return true;
 }
Пример #3
0
 public function run()
 {
     $uri = Ko_Web_Request::SGet('uri');
     $req_method = Ko_Web_Request::SRequestMethod(true);
     if ('POST' === $req_method) {
         $method = Ko_Web_Request::SPost('method');
         if ('PUT' === $method || 'DELETE' === $method) {
             $req_method = $method;
         }
     }
     $input = 'GET' === $req_method ? $_GET : $_POST;
     unset($input['uri']);
     unset($input['method']);
     if (isset($input['jsondata'])) {
         $input = json_decode($input['jsondata'], true);
     }
     $rest = new KRest_Api();
     $data = $rest->aCall($req_method, $uri, $input);
     $render = new KRender_json();
     $render->oSetData($data)->oSend();
 }
Пример #4
0
 public function run($ns = '')
 {
     $uri = Ko_Web_Request::SGet('uri');
     $req_method = Ko_Web_Request::SRequestMethod(true);
     if ('POST' === $req_method) {
         $method = Ko_Web_Request::SPost('method');
         if ('PUT' === $method || 'DELETE' === $method) {
             $req_method = $method;
         }
     }
     $input = 'GET' === $req_method ? $_GET : $_POST;
     unset($input['uri']);
     unset($input['method']);
     if (isset($input['jsondata'])) {
         $input = json_decode($input['jsondata'], true);
     }
     $uri = substr($ns, strlen(KO_APPS_NS) + 1) . '/' . $uri;
     $rest = new self();
     $data = $rest->aCall($req_method, $uri, $input);
     $render = new Ko_View_Render_JSON();
     $render->oSetData($data)->oSend();
 }
Пример #5
0
 /**
  * 授权请求接口
  *
  * @return boolean|exit 返回 true 输出用户确认页,返回 false 输出错误提示页
  */
 public function vMain_Auth($iUid = 0, $bAgree = false, $sScope = '')
 {
     $this->_sClientId = $this->_aReq['client_id'];
     if (!$this->_bCheckAuth($sRedirectUri)) {
         return false;
     }
     if ($iUid && 'POST' === Ko_Web_Request::SRequestMethod()) {
         $this->_vAuthClient($iUid, $bAgree, $sScope, $sRedirectUri);
     }
     return true;
 }
Пример #6
0
 public static function IDispatch(&$phpFilename)
 {
     $scriptFilename = Ko_Web_Request::SScriptFilename();
     $requestMethod = Ko_Web_Request::SRequestMethod(true);
     return self::_IDispatch($scriptFilename, $requestMethod, $phpFilename);
 }
Пример #7
0
 public function vMain($aReq, $vAdmin = '')
 {
     if ($this->_bPageIsGb() != $this->_bIsGb()) {
         if ($this->_bIsGb()) {
             Ko_Tool_Str::VConvert2GB18030($aReq);
         } else {
             Ko_Tool_Str::VConvert2UTF8($aReq);
         }
     }
     if (!isset($aReq['sXSAction'])) {
         $aReq['sXSAction'] = '';
     }
     if (!isset($aReq['sXSOrder'])) {
         $aReq['sXSOrder'] = '';
     }
     if (!isset($aReq['iXSOrder'])) {
         $aReq['iXSOrder'] = 0;
     }
     if (!isset($aReq['iXSPage'])) {
         $aReq['iXSPage'] = 1;
     }
     $this->_vAdmin = $vAdmin;
     if (is_null($this->_oUI)) {
         $this->vAttachUI(new Ko_Mode_XIUI());
     }
     if (!$this->_bIsSingleDB()) {
         $cginame = $this->_sGetFieldCginame($this->_sGetSplitField_Item());
         if (isset($aReq[$cginame])) {
             $this->_sSplitValue = $aReq[$cginame];
         }
     }
     if ('POST' === Ko_Web_Request::SRequestMethod()) {
         $this->_vMain_Post($aReq);
     } else {
         $this->_vMain_Get($aReq);
     }
 }
Пример #8
0
 public static function BCheckRequestMethod($sAllowMethod = 'POST')
 {
     $method = Ko_Web_Request::SRequestMethod();
     return false !== strpos($sAllowMethod, $method);
 }
Пример #9
0
 private static function _AGet($sHost, $sUri)
 {
     self::_VLoadHostRules($sHost, $sUri);
     list($path, $query) = explode('?', $sUri, 2);
     $paths = self::_ASplitPath($path);
     $keys = array();
     if (is_null($matched = self::_VMatchPath($paths, self::$s_aRules, $keys))) {
         return array($sUri, 0);
     }
     $keys = array_reverse($keys);
     list($location, $httpCode) = explode(' ', $matched, 2);
     $slashmismatch = false;
     $keylen = count($keys);
     $pathlen = count($paths);
     if ($keylen === $pathlen + 1 && '' === $keys[$keylen - 1]) {
         //规则: /a/b/   URI: /a/b
         $slashmismatch = true;
         $paths[] = '';
     } elseif ($keylen + 1 === $pathlen && '' === $paths[$pathlen - 1]) {
         //规则: /a/b   URI: /a/b/
         $slashmismatch = true;
         array_pop($paths);
     }
     if ($slashmismatch && 'GET' === Ko_Web_Request::SRequestMethod()) {
         $location = '/' . implode('/', $paths);
         $httpCode = 301;
     } else {
         $matchedPattern = '/^\\/' . implode('\\/', $keys) . '/i';
         $uri = '/' . implode('/', $paths);
         if (!@preg_match($matchedPattern, $uri, $match) || false === ($location = @preg_replace($matchedPattern, $location, $match[0]))) {
             return array($sUri, 0);
         }
     }
     if (isset($query)) {
         $location .= false === strpos($location, '?') ? '?' : '&';
         $location .= $query;
     }
     return array($location, intval($httpCode));
 }
Пример #10
0
 private function _sGetReqMethod()
 {
     return Ko_Web_Request::SRequestMethod();
 }