Пример #1
0
 /**
  * analyse path and return route associated with it
  * the first path fragment can be a locale string, which is then skipped for determining the route
  *
  * @return \vxPHP\Routing\Route
  */
 public static function getRouteFromPathInfo()
 {
     $application = Application::getInstance();
     $request = Request::createFromGlobals();
     $script = basename($request->getScriptName());
     if (!($path = trim($request->getPathInfo(), '/'))) {
         $pathSegments = array();
     } else {
         $pathSegments = explode('/', $path);
     }
     // skip if pathinfo matches script name
     if (count($pathSegments) && $application->hasNiceUris() && basename($script, '.php') === $pathSegments[0]) {
         array_shift($pathSegments);
     }
     // when locale is found, set it as current locale in application and skip it
     if (count($pathSegments) && $application->hasLocale($pathSegments[0])) {
         $application->setCurrentLocale($application->getLocale($pathSegments[0]));
         array_shift($pathSegments);
     }
     // get page
     if (count($pathSegments) && !empty($pathSegments[0])) {
         $route = self::getRouteFromConfig($script, $pathSegments);
     } else {
         $route = self::getRouteFromConfig($script);
     }
     if (!self::authenticateRoute($route)) {
         Session::getSessionDataBag()->set('authViolatingRequest', Request::createFromGlobals());
         if ($redirect = $route->getRedirect()) {
             return self::getRoute($redirect, $route->getScriptName());
         } else {
             throw new \RuntimeException(sprintf("No redirect configured for route '%s', which cannot be authenticated.", $route->getRouteId()));
         }
     }
     return $route;
 }
Пример #2
0
 /**
  * check for spam
  *
  * @return boolean $spam_detected
  */
 public function detectSpam(array $fields = [], $threshold = 3)
 {
     $verify = $this->requestValues->get('verify');
     $timer = Session::getSessionDataBag()->get('antiSpamTimer');
     if (!$verify || !isset($timer[$verify]) || microtime(true) - $timer[$verify] < 1) {
         return TRUE;
     }
     $label = md5($verify);
     if (is_null($this->requestValues->get('confirm_entry_' . $label)) || $this->requestValues->get('confirm_entry_' . $label) !== '') {
         return TRUE;
     }
     foreach ($fields as $f) {
         if (preg_match_all('~<\\s*a\\s+href\\s*\\=\\s*(\\\\*"|\\\\*\'){0,1}http://~i', $this->requestValues->get($f), $tmp) > $threshold) {
             return TRUE;
         }
         if (preg_match('~\\[\\s*url.*?\\]~i', $this->requestValues->get($f))) {
             return TRUE;
         }
     }
     return FALSE;
 }
Пример #3
0
 /**
  * create a CSRF provider by combining session storage with token generation
  * when generating new random value for a token
  * random bytes of $tokenLength are created
  * 
  * @param integer $tokenLength
  */
 public function __construct($tokenLength = 32)
 {
     $this->storage = new CsrfTokenSessionStorage(Session::getSessionDataBag());
     $this->tokenLength = (int) $tokenLength;
 }
Пример #4
0
 public function removeFromSession()
 {
     Session::getSessionDataBag()->remove('user');
     self::$userInSession = NULL;
 }