/**
* analyse path and return route associated with it
* the first path fragment can be a locale string, which is then skipped for determining the route
*
* @return \vxPHP\Routing\Route
*/
public static function getRouteFromPathInfo()
{
$application = Application::getInstance();
$request = Request::createFromGlobals();
$script = basename($request->getScriptName());
if (!($path = trim($request->getPathInfo(), '/'))) {
$pathSegments = array();
} else {
$pathSegments = explode('/', $path);
}
// skip if pathinfo matches script name
if (count($pathSegments) && $application->hasNiceUris() && basename($script, '.php') === $pathSegments[0]) {
array_shift($pathSegments);
}
// when locale is found, set it as current locale in application and skip it
if (count($pathSegments) && $application->hasLocale($pathSegments[0])) {
$application->setCurrentLocale($application->getLocale($pathSegments[0]));
array_shift($pathSegments);
}
// get page
if (count($pathSegments) && !empty($pathSegments[0])) {
$route = self::getRouteFromConfig($script, $pathSegments);
} else {
$route = self::getRouteFromConfig($script);
}
if (!self::authenticateRoute($route)) {
Session::getSessionDataBag()->set('authViolatingRequest', Request::createFromGlobals());
if ($redirect = $route->getRedirect()) {
return self::getRoute($redirect, $route->getScriptName());
} else {
throw new \RuntimeException(sprintf("No redirect configured for route '%s', which cannot be authenticated.", $route->getRouteId()));
}
}
return $route;
}
/**
* check for spam
*
* @return boolean $spam_detected
*/
public function detectSpam(array $fields = [], $threshold = 3)
{
$verify = $this->requestValues->get('verify');
$timer = Session::getSessionDataBag()->get('antiSpamTimer');
if (!$verify || !isset($timer[$verify]) || microtime(true) - $timer[$verify] < 1) {
return TRUE;
}
$label = md5($verify);
if (is_null($this->requestValues->get('confirm_entry_' . $label)) || $this->requestValues->get('confirm_entry_' . $label) !== '') {
return TRUE;
}
foreach ($fields as $f) {
if (preg_match_all('~<\\s*a\\s+href\\s*\\=\\s*(\\\\*"|\\\\*\'){0,1}http://~i', $this->requestValues->get($f), $tmp) > $threshold) {
return TRUE;
}
if (preg_match('~\\[\\s*url.*?\\]~i', $this->requestValues->get($f))) {
return TRUE;
}
}
return FALSE;
}
/**
* create a CSRF provider by combining session storage with token generation
* when generating new random value for a token
* random bytes of $tokenLength are created
*
* @param integer $tokenLength
*/
public function __construct($tokenLength = 32)
{
$this->storage = new CsrfTokenSessionStorage(Session::getSessionDataBag());
$this->tokenLength = (int) $tokenLength;
}
public function removeFromSession()
{
Session::getSessionDataBag()->remove('user');
self::$userInSession = NULL;
}