/** * Set a session cookie * Attempt to use httponly if available * */ public static function cookie($name, $value = '', $expires = false) { global $dirPrefix; $cookiePath = empty($dirPrefix) ? '/' : $dirPrefix; $cookiePath = \gp\tool::HrefEncode($cookiePath, false); $secure = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on'; $domain = \gp\tool::ServerName(true); if (!$domain || strpos($domain, '.') === false) { $domain = ''; } if (strpos($domain, ':') !== false) { $domain = substr($domain, 0, strrpos($domain, ':')); } // expire if value is empty // cookies are set with either www removed from the domain or with an empty string if (empty($value)) { $expires = time() - 2592000; if ($domain) { setcookie($name, $value, $expires, $cookiePath, $domain, $secure, true); setcookie($name, $value, $expires, $cookiePath, $domain, false, true); } setcookie($name, $value, $expires, $cookiePath, '', $secure, true); setcookie($name, $value, $expires, $cookiePath, '', false, true); return; } // get expiration and set if ($expires === false) { $expires = time() + 2592000; //30 days } elseif ($expires === true) { $expires = 0; //expire at end of session } setcookie($name, $value, $expires, $cookiePath, $domain, $secure, true); }
/** * Generate rewrite rules for the apache server * */ public static function Rewrite_RulesApache($hide_index, $home_root, $contents, $www) { // Apache self::StripRules($contents); if (!$hide_index && is_null($www)) { return $contents; } $home_root = rtrim($home_root, '/') . '/'; $new_lines = array(); $server_name = \gp\tool::ServerName(true); // with www if ($www) { $new_lines[] = '# with www'; $new_lines[] = 'RewriteCond %{HTTPS} off'; $new_lines[] = 'RewriteCond %{HTTP_HOST} "^' . $server_name . '"'; $new_lines[] = 'RewriteRule (.*) "http://www.' . $server_name . '/$1" [R=301,L]'; $new_lines[] = ''; $new_lines[] = '# with www and https'; $new_lines[] = 'RewriteCond %{HTTPS} on'; $new_lines[] = 'RewriteCond %{HTTP_HOST} "^' . $server_name . '"'; $new_lines[] = 'RewriteRule (.*) "https://www.' . $server_name . '/$1" [R=301,L]'; // without www } elseif ($www === false) { $new_lines[] = '# without www'; $new_lines[] = 'RewriteCond %{HTTPS} off'; $new_lines[] = 'RewriteCond %{HTTP_HOST} "^www.' . $server_name . '"'; $new_lines[] = 'RewriteRule (.*) "http://' . $server_name . '/$1" [R=301,L]'; $new_lines[] = ''; $new_lines[] = '# without www and https'; $new_lines[] = 'RewriteCond %{HTTPS} on'; $new_lines[] = 'RewriteCond %{HTTP_HOST} "^www.' . $server_name . '"'; $new_lines[] = 'RewriteRule (.*) "https://' . $server_name . '/$1" [R=301,L]'; } $new_lines[] = "\n"; // hide index.php if ($hide_index) { $new_lines[] = 'RewriteBase "' . $home_root . '"'; $new_lines[] = ''; $new_lines[] = '# Don\'t rewrite multiple times'; $new_lines[] = 'RewriteCond %{QUERY_STRING} gp_rewrite'; $new_lines[] = 'RewriteRule .* - [L]'; $new_lines[] = ''; $new_lines[] = '# Redirect away from requests with index.php'; $new_lines[] = 'RewriteRule index\\.php(.*) "' . rtrim($home_root, '/') . '$1" [R=302,L]'; $new_lines[] = ''; $new_lines[] = '# Add gp_rewrite to root requests'; $new_lines[] = 'RewriteRule ^$ "' . $home_root . 'index.php?gp_rewrite" [qsa,L]'; $new_lines[] = ''; $new_lines[] = '# Don\'t rewrite for static files'; $new_lines[] = 'RewriteCond %{REQUEST_FILENAME} -f [OR]'; $new_lines[] = 'RewriteCond %{REQUEST_FILENAME} -d [OR]'; $new_lines[] = 'RewriteCond %{REQUEST_URI} \\.(js|css|jpe?g|jpe|gif|png|ico)$ [NC]'; $new_lines[] = 'RewriteRule .* - [L]'; $new_lines[] = ''; $new_lines[] = '# Send all other requests to index.php'; $new_lines[] = '# Append the gp_rewrite argument to tell cms not to use index.php and to prevent multiple rewrites'; $new_lines[] = 'RewriteRule /?(.*) "' . $home_root . 'index.php?gp_rewrite=$1" [qsa,L]'; $new_lines[] = ''; } return $contents . ' # BEGIN gpEasy <IfModule mod_rewrite.c> RewriteEngine On ' . implode("\n\t", $new_lines) . ' </IfModule> # END gpEasy'; }