/** * Log an action carried out by a person to the ActionLog table. * * @param string $message * * @since 1.1 */ public function action($message) { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); if ($session->get('currentUser') != null) { $action = new ActionLog(); $action->set('client', $this->request->getUserAgent()); $action->set('IP', $this->request->getIP()); $action->set('message', $message); $action->save(); } }
/** * Method to check the validity of the two hidden form security * fields which aim to ensure that a post to the controller is being sent from * the same server that is hosting it. * * @return bool * * @since 1.0 */ public function checkSecurityFields() { self::$logger->debug('>>checkSecurityFields()'); $host = $this->request->getHost(); $ip = $this->request->getIP(); // the server hostname + today's date $var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd'))), '+/', '-_'), '='); // the server's IP plus $var1 $var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '='); if ($this->request->getParam('var1') === null || $this->request->getParam('var2') === null) { self::$logger->warn('The required var1/var2 params where not provided on the HTTP request'); self::$logger->debug('<<checkSecurityFields [false]'); return false; } if ($var1 == $this->request->getParam('var1') && $var2 == $this->request->getParam('var2')) { self::$logger->debug('<<checkSecurityFields [true]'); return true; } else { /* * Here we are implementing a "grace period" of one hour if the time is < 1:00AM, we will accept * a match for yesterday's date in the security fields * */ // the server hostname + today's date less 1 hour (i.e. yesterday where time is < 1:00AM) $var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd', time() - 3600))), '+/', '-_'), '='); // the server's IP plus $var1 $var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '='); if ($var1 == $this->request->getParam('var1') && $var2 == $this->request->getParam('var2')) { self::$logger->debug('<<checkSecurityFields [true]'); return true; } else { self::$logger->warn('The var1/var2 params provided are invalid, values: var1=[' . $this->request->getParam('var1') . '] var2=[' . $this->request->getParam('var2') . ']'); self::$logger->debug('<<checkSecurityFields [false]'); return false; } } }
/** * Generates the two security fields to prevent remote form processing. * * @return array An array containing the two fields * * @since 1.0 */ public static function generateSecurityFields() { if (self::$logger == null) { self::$logger = new Logger('Controller'); } self::$logger->debug('>>generateSecurityFields()'); $request = new Request(array('method' => 'GET')); $host = $request->getHost(); $ip = $request->getIP(); // the server hostname + today's date $var1 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($host . date('Ymd'))), '+/', '-_'), '='); // the server's IP plus $var1 $var2 = rtrim(strtr(base64_encode(SecurityUtils::encrypt($ip . $var1)), '+/', '-_'), '='); self::$logger->debug('<<generateSecurityFields [array(' . $var1 . ', ' . $var2 . ')]'); return array($var1, $var2); }
/** * Testing that the client IP can be set from overrides or super-globals during object construction. */ public function testSetIP() { $request = new Request(array('method' => 'GET', 'IP' => '127.0.0.1')); $this->assertEquals('127.0.0.1', $request->getIP(), 'Testing that the client IP can be set from overrides or super-globals during object construction'); $_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; $request = new Request(); $this->assertEquals('127.0.0.1', $request->getIP(), 'Testing that the client IP can be set from overrides or super-globals during object construction'); }