oxutilsserver.php

Go to the documentation of this file.
00001 <?php
00002 
00006 class oxUtilsServer extends oxSuperCfg
00007 {
00013     private static $_instance = null;
00014 
00020     protected $_aUserCookie = array();
00021 
00027     protected $_sSessionCookiesName = 'aSessionCookies';
00028 
00034     protected $_sSessionCookies = array();
00035 
00043     public static function getInstance()
00044     {
00045         return oxRegistry::get("oxUtilsServer");
00046     }
00047 
00061     public function setOxCookie( $sName, $sValue = "", $iExpire = 0, $sPath = '/', $sDomain = null, $blToSession = true, $blSecure = false )
00062     {
00063         //TODO: since setcookie takes more than just 4 params..
00064         // would be nice to have it sending through https only, if in https mode
00065         // or allowing only http access to cookie [no JS access - reduces XSS attack possibility]
00066         // ref: http://lt.php.net/manual/en/function.setcookie.php
00067 
00068         if ( $blToSession && !$this->isAdmin() ) {
00069            $this->_saveSessionCookie( $sName, $sValue, $iExpire, $sPath, $sDomain );
00070         }
00071 
00072         if ( defined('OXID_PHP_UNIT')) {
00073             // do NOT set cookies in php unit.
00074             return;
00075         }
00076 
00077         return setcookie(
00078             $sName,
00079             $sValue,
00080             $iExpire,
00081             $this->_getCookiePath( $sPath ),
00082             $this->_getCookieDomain( $sDomain ),
00083             $blSecure,
00084             true
00085         );
00086     }
00087 
00088     protected $_blSaveToSession = null;
00089 
00095     protected function _mustSaveToSession()
00096     {
00097         if ( $this->_blSaveToSession === null ) {
00098             $this->_blSaveToSession = false;
00099 
00100             $myConfig = $this->getConfig();
00101             if ( $sSslUrl = $myConfig->getSslShopUrl() ) {
00102                 $sUrl  = $myConfig->getShopUrl();
00103 
00104                 $sHost    = parse_url( $sUrl, PHP_URL_HOST );
00105                 $sSslHost = parse_url( $sSslUrl, PHP_URL_HOST );
00106 
00107                 // testing if domains matches..
00108                 if ( $sHost != $sSslHost ) {
00109                     $oUtils = oxRegistry::getUtils();
00110                     $this->_blSaveToSession = $oUtils->extractDomain( $sHost ) != $oUtils->extractDomain( $sSslHost );
00111                 }
00112             }
00113         }
00114 
00115         return $this->_blSaveToSession;
00116     }
00117 
00125     protected function _getSessionCookieKey( $blGet )
00126     {
00127         $blSsl = $this->getConfig()->isSsl();
00128         $sKey  = $blSsl ? 'nossl' : 'ssl';
00129 
00130         if ( $blGet ) {
00131             $sKey = $blSsl ? 'ssl' : 'nossl';
00132         }
00133 
00134         return $sKey;
00135     }
00136 
00148     protected function _saveSessionCookie( $sName, $sValue, $iExpire, $sPath, $sDomain )
00149     {
00150         if ( $this->_mustSaveToSession() ) {
00151             $aCookieData = array( 'value' => $sValue, 'expire' => $iExpire, 'path' => $sPath, 'domain' => $sDomain );
00152 
00153             $aSessionCookies = ( array ) oxSession::getVar( $this->_sSessionCookiesName );
00154             $aSessionCookies[$this->_getSessionCookieKey( false )][$sName] = $aCookieData;
00155 
00156             oxSession::setVar( $this->_sSessionCookiesName, $aSessionCookies );
00157         }
00158     }
00159 
00165     public function loadSessionCookies()
00166     {
00167         if ( ( $aSessionCookies = oxSession::getVar( $this->_sSessionCookiesName ) ) ) {
00168             $sKey = $this->_getSessionCookieKey( true );
00169             if ( isset( $aSessionCookies[$sKey] ) ) {
00170                 // writing session data to cookies
00171                 foreach ( $aSessionCookies[$sKey] as $sName => $aCookieData ) {
00172                     $this->setOxCookie( $sName, $aCookieData['value'], $aCookieData['expire'], $aCookieData['path'], $aCookieData['domain'], false );
00173                     $this->_sSessionCookies[$sName] = $aCookieData['value'];
00174                 }
00175 
00176                 // cleanup
00177                 unset( $aSessionCookies[$sKey] );
00178                 oxSession::setVar( $this->_sSessionCookiesName, $aSessionCookies );
00179             }
00180         }
00181     }
00182 
00193     protected function _getCookiePath( $sPath )
00194     {
00195         if ( $aCookiePaths = $this->getConfig()->getConfigParam( 'aCookiePaths' ) ) {
00196             // in case user wants to have shop specific setup
00197             $sShopId = $this->getConfig()->getShopId();
00198             $sPath = isset( $aCookiePaths[$sShopId] ) ? $aCookiePaths[$sShopId] : $sPath;
00199         }
00200 
00201         // from php doc: .. You may also replace an argument with an empty string ("") in order to skip that argument..
00202         return $sPath ? $sPath : "";
00203     }
00204 
00215     protected function _getCookieDomain( $sDomain )
00216     {
00217         $sDomain = $sDomain ? $sDomain : "";
00218 
00219         // on special cases, like separate domain for SSL, cookies must be defined on domain specific path
00220         // please have a look at
00221         if ( !$sDomain ) {
00222             if ( $aCookieDomains = $this->getConfig()->getConfigParam( 'aCookieDomains' ) ) {
00223                 // in case user wants to have shop specific setup
00224                 $sShopId = $this->getConfig()->getShopId();
00225                 $sDomain = isset( $aCookieDomains[$sShopId] ) ? $aCookieDomains[$sShopId] : $sDomain;
00226             }
00227         }
00228         return $sDomain;
00229     }
00230 
00239     public function getOxCookie( $sName = null )
00240     {
00241         $sValue = null;
00242         if ( $sName && isset( $_COOKIE[$sName] ) ) {
00243             $sValue = oxRegistry::getConfig()->checkParamSpecialChars($_COOKIE[$sName]);
00244         } elseif ( $sName && !isset( $_COOKIE[$sName] ) ) {
00245             $sValue = isset( $this->_sSessionCookies[$sName] ) ? $this->_sSessionCookies[$sName] : null;
00246         } elseif ( !$sName && isset( $_COOKIE ) ) {
00247             $sValue = $_COOKIE;
00248         }
00249         return $sValue;
00250     }
00251 
00257     public function getRemoteAddress()
00258     {
00259         if ( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
00260             $sIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
00261             $sIP = preg_replace('/,.*$/', '', $sIP);
00262         } elseif ( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
00263             $sIP = $_SERVER["HTTP_CLIENT_IP"];
00264         } else {
00265             $sIP = $_SERVER["REMOTE_ADDR"];
00266         }
00267         return $sIP;
00268     }
00269 
00277     public function getServerVar( $sServVar = null )
00278     {
00279         $sValue = null;
00280         if ( isset( $_SERVER ) ) {
00281             if ( $sServVar && isset( $_SERVER[$sServVar] ) ) {
00282                 $sValue = $_SERVER[$sServVar];
00283             } elseif ( !$sServVar ) {
00284                 $sValue = $_SERVER;
00285             }
00286         }
00287         return $sValue;
00288     }
00289 
00301     public function setUserCookie( $sUser, $sPassword,  $sShopId = null, $iTimeout = 31536000, $sSalt = 'ox' )
00302     {
00303         $myConfig = $this->getConfig();
00304         $sShopId = ( !$sShopId ) ? $myConfig->getShopId() : $sShopId;
00305         $sSslUrl = $myConfig->getSslShopUrl();
00306         if (stripos($sSslUrl, 'https') === 0) {
00307             $blSsl = true;
00308         } else {
00309             $blSsl = false;
00310         }
00311 
00312         $this->_aUserCookie[$sShopId] = $sUser . '@@@' . crypt( $sPassword, $sSalt );
00313         $this->setOxCookie( 'oxid_' . $sShopId, $this->_aUserCookie[$sShopId], oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, $blSsl );
00314         $this->setOxCookie( 'oxid_' . $sShopId.'_autologin', '1', oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, false);
00315     }
00316 
00324     public function deleteUserCookie( $sShopId = null )
00325     {
00326         $myConfig = $this->getConfig();
00327         $sShopId = ( !$sShopId ) ? $this->getConfig()->getShopId() : $sShopId;
00328         $sSslUrl = $myConfig->getSslShopUrl();
00329         if (stripos($sSslUrl, 'https') === 0) {
00330             $blSsl = true;
00331         } else {
00332             $blSsl = false;
00333         }
00334 
00335         $this->_aUserCookie[$sShopId] = '';
00336         $this->setOxCookie( 'oxid_'.$sShopId, '', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, $blSsl );
00337         $this->setOxCookie( 'oxid_' . $sShopId.'_autologin', '0', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, false);
00338     }
00339 
00347     public function getUserCookie( $sShopId = null )
00348     {
00349         $myConfig = parent::getConfig();
00350         $sShopId = ( !$sShopId ) ? $myConfig->getShopId() : $sShopId;
00351         // check for SSL connection
00352         if (!$myConfig->isSsl() && $this->getOxCookie('oxid_'.$sShopId.'_autologin') == '1') {
00353             $sSslUrl = rtrim($myConfig->getSslShopUrl(), '/').$_SERVER['REQUEST_URI'];
00354             if (stripos($sSslUrl, 'https') === 0) {
00355                 oxRegistry::getUtils()->redirect($sSslUrl, true, 302);
00356             }
00357         }
00358 
00359         if ( array_key_exists( $sShopId, $this->_aUserCookie ) && $this->_aUserCookie[$sShopId] !== null ) {
00360             return $this->_aUserCookie[$sShopId] ? $this->_aUserCookie[$sShopId] : null;
00361         }
00362 
00363         return $this->_aUserCookie[$sShopId] = $this->getOxCookie( 'oxid_'.$sShopId );
00364     }
00365 
00372     public function isTrustedClientIp()
00373     {
00374         $blTrusted = false;
00375         $aTrustedIPs = ( array ) $this->getConfig()->getConfigParam( "aTrustedIPs" );
00376         if ( count( $aTrustedIPs ) ) {
00377             $blTrusted = in_array( $this->getRemoteAddress(), $aTrustedIPs );
00378         }
00379 
00380         return $blTrusted;
00381     }
00382 
00390     public function processUserAgentInfo( $sAgent )
00391     {
00392         if ( $sAgent ) {
00393             $sAgent = getStr()->preg_replace( "/MSIE(\s)?(\S)*(\s)/", "", (string) $sAgent );
00394         }
00395         return $sAgent;
00396     }
00397 
00405     public function isCurrentUrl( $sURL )
00406     {
00407         // Missing protocol, cannot proceed, assuming true.
00408         if ( !$sURL || (strpos( $sURL, "http" ) !== 0)) {
00409             return true;
00410         }
00411 
00412         // #4010: force_sid added in https to every link
00413         preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $sURL, $matches);
00414         $sUrlHost = $matches[3];
00415 
00416         // #4010: force_sid added in https to every link
00417         preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $this->getServerVar( 'HTTP_HOST' ), $matches);
00418         $sRealHost = $matches[3];
00419 
00420         $sCurrentHost = preg_replace( '/\/\w*\.php.*/', '', $this->getServerVar( 'HTTP_HOST' ) . $this->getServerVar( 'SCRIPT_NAME' ) );
00421 
00422         //remove double slashes all the way
00423         $sCurrentHost = str_replace( '/', '', $sCurrentHost );
00424         $sURL = str_replace( '/', '', $sURL );
00425 
00426         //var_dump($sURL,$sCurrentHost, $sRealHost);
00427         if ( $sURL && $sCurrentHost && strpos( $sURL, $sCurrentHost ) !== false ) {
00428             //bug fix #0002991
00429             if ( $sUrlHost == $sRealHost ) {
00430                 return true;
00431             }
00432         }
00433 
00434         return false;
00435     }
00436 }
Generated by  doxygen 1.7.1