OXID eShop CE  4.8.11
 All Classes Files Functions Variables Pages
oxutilsserver.php
Go to the documentation of this file.
1 <?php
2 
6 class oxUtilsServer extends oxSuperCfg
7 {
13  private static $_instance = null;
14 
20  protected $_aUserCookie = array();
21 
27  protected $_sSessionCookiesName = 'aSessionCookies';
28 
34  protected $_sSessionCookies = array();
35 
43  public static function getInstance()
44  {
45  return oxRegistry::get("oxUtilsServer");
46  }
47 
61  public function setOxCookie( $sName, $sValue = "", $iExpire = 0, $sPath = '/', $sDomain = null, $blToSession = true, $blSecure = false )
62  {
63  //TODO: since setcookie takes more than just 4 params..
64  // would be nice to have it sending through https only, if in https mode
65  // or allowing only http access to cookie [no JS access - reduces XSS attack possibility]
66  // ref: http://lt.php.net/manual/en/function.setcookie.php
67 
68  if ( $blToSession && !$this->isAdmin() ) {
69  $this->_saveSessionCookie( $sName, $sValue, $iExpire, $sPath, $sDomain );
70  }
71 
72  if ( defined('OXID_PHP_UNIT')) {
73  // do NOT set cookies in php unit.
74  return;
75  }
76 
77  return setcookie(
78  $sName,
79  $sValue,
80  $iExpire,
81  $this->_getCookiePath( $sPath ),
82  $this->_getCookieDomain( $sDomain ),
83  $blSecure,
84  true
85  );
86  }
87 
88  protected $_blSaveToSession = null;
89 
95  protected function _mustSaveToSession()
96  {
97  if ( $this->_blSaveToSession === null ) {
98  $this->_blSaveToSession = false;
99 
100  $myConfig = $this->getConfig();
101  if ( $sSslUrl = $myConfig->getSslShopUrl() ) {
102  $sUrl = $myConfig->getShopUrl();
103 
104  $sHost = parse_url( $sUrl, PHP_URL_HOST );
105  $sSslHost = parse_url( $sSslUrl, PHP_URL_HOST );
106 
107  // testing if domains matches..
108  if ( $sHost != $sSslHost ) {
109  $oUtils = oxRegistry::getUtils();
110  $this->_blSaveToSession = $oUtils->extractDomain( $sHost ) != $oUtils->extractDomain( $sSslHost );
111  }
112  }
113  }
114 
116  }
117 
125  protected function _getSessionCookieKey( $blGet )
126  {
127  $blSsl = $this->getConfig()->isSsl();
128  $sKey = $blSsl ? 'nossl' : 'ssl';
129 
130  if ( $blGet ) {
131  $sKey = $blSsl ? 'ssl' : 'nossl';
132  }
133 
134  return $sKey;
135  }
136 
148  protected function _saveSessionCookie( $sName, $sValue, $iExpire, $sPath, $sDomain )
149  {
150  if ( $this->_mustSaveToSession() ) {
151  $aCookieData = array( 'value' => $sValue, 'expire' => $iExpire, 'path' => $sPath, 'domain' => $sDomain );
152 
153  $aSessionCookies = ( array ) oxSession::getVar( $this->_sSessionCookiesName );
154  $aSessionCookies[$this->_getSessionCookieKey( false )][$sName] = $aCookieData;
155 
156  oxSession::setVar( $this->_sSessionCookiesName, $aSessionCookies );
157  }
158  }
159 
165  public function loadSessionCookies()
166  {
167  if ( ( $aSessionCookies = oxSession::getVar( $this->_sSessionCookiesName ) ) ) {
168  $sKey = $this->_getSessionCookieKey( true );
169  if ( isset( $aSessionCookies[$sKey] ) ) {
170  // writing session data to cookies
171  foreach ( $aSessionCookies[$sKey] as $sName => $aCookieData ) {
172  $this->setOxCookie( $sName, $aCookieData['value'], $aCookieData['expire'], $aCookieData['path'], $aCookieData['domain'], false );
173  $this->_sSessionCookies[$sName] = $aCookieData['value'];
174  }
175 
176  // cleanup
177  unset( $aSessionCookies[$sKey] );
178  oxSession::setVar( $this->_sSessionCookiesName, $aSessionCookies );
179  }
180  }
181  }
182 
193  protected function _getCookiePath( $sPath )
194  {
195  if ( $aCookiePaths = $this->getConfig()->getConfigParam( 'aCookiePaths' ) ) {
196  // in case user wants to have shop specific setup
197  $sShopId = $this->getConfig()->getShopId();
198  $sPath = isset( $aCookiePaths[$sShopId] ) ? $aCookiePaths[$sShopId] : $sPath;
199  }
200 
201  // from php doc: .. You may also replace an argument with an empty string ("") in order to skip that argument..
202  return $sPath ? $sPath : "";
203  }
204 
215  protected function _getCookieDomain( $sDomain )
216  {
217  $sDomain = $sDomain ? $sDomain : "";
218 
219  // on special cases, like separate domain for SSL, cookies must be defined on domain specific path
220  // please have a look at
221  if ( !$sDomain ) {
222  if ( $aCookieDomains = $this->getConfig()->getConfigParam( 'aCookieDomains' ) ) {
223  // in case user wants to have shop specific setup
224  $sShopId = $this->getConfig()->getShopId();
225  $sDomain = isset( $aCookieDomains[$sShopId] ) ? $aCookieDomains[$sShopId] : $sDomain;
226  }
227  }
228  return $sDomain;
229  }
230 
239  public function getOxCookie( $sName = null )
240  {
241  $sValue = null;
242  if ( $sName && isset( $_COOKIE[$sName] ) ) {
243  $sValue = oxRegistry::getConfig()->checkParamSpecialChars($_COOKIE[$sName]);
244  } elseif ( $sName && !isset( $_COOKIE[$sName] ) ) {
245  $sValue = isset( $this->_sSessionCookies[$sName] ) ? $this->_sSessionCookies[$sName] : null;
246  } elseif ( !$sName && isset( $_COOKIE ) ) {
247  $sValue = $_COOKIE;
248  }
249  return $sValue;
250  }
251 
257  public function getRemoteAddress()
258  {
259  if ( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
260  $sIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
261  $sIP = preg_replace('/,.*$/', '', $sIP);
262  } elseif ( isset( $_SERVER["HTTP_CLIENT_IP"] ) ) {
263  $sIP = $_SERVER["HTTP_CLIENT_IP"];
264  } else {
265  $sIP = $_SERVER["REMOTE_ADDR"];
266  }
267  return $sIP;
268  }
269 
277  public function getServerVar( $sServVar = null )
278  {
279  $sValue = null;
280  if ( isset( $_SERVER ) ) {
281  if ( $sServVar && isset( $_SERVER[$sServVar] ) ) {
282  $sValue = $_SERVER[$sServVar];
283  } elseif ( !$sServVar ) {
284  $sValue = $_SERVER;
285  }
286  }
287  return $sValue;
288  }
289 
301  public function setUserCookie( $sUser, $sPassword, $sShopId = null, $iTimeout = 31536000, $sSalt = 'ox' )
302  {
303  $myConfig = $this->getConfig();
304  $sShopId = ( !$sShopId ) ? $myConfig->getShopId() : $sShopId;
305  $sSslUrl = $myConfig->getSslShopUrl();
306  if (stripos($sSslUrl, 'https') === 0) {
307  $blSsl = true;
308  } else {
309  $blSsl = false;
310  }
311 
312  $this->_aUserCookie[$sShopId] = $sUser . '@@@' . crypt( $sPassword, $sSalt );
313  $this->setOxCookie( 'oxid_' . $sShopId, $this->_aUserCookie[$sShopId], oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, $blSsl );
314  $this->setOxCookie( 'oxid_' . $sShopId.'_autologin', '1', oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, false);
315  }
316 
324  public function deleteUserCookie( $sShopId = null )
325  {
326  $myConfig = $this->getConfig();
327  $sShopId = ( !$sShopId ) ? $this->getConfig()->getShopId() : $sShopId;
328  $sSslUrl = $myConfig->getSslShopUrl();
329  if (stripos($sSslUrl, 'https') === 0) {
330  $blSsl = true;
331  } else {
332  $blSsl = false;
333  }
334 
335  $this->_aUserCookie[$sShopId] = '';
336  $this->setOxCookie( 'oxid_'.$sShopId, '', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, $blSsl );
337  $this->setOxCookie( 'oxid_' . $sShopId.'_autologin', '0', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, false);
338  }
339 
347  public function getUserCookie( $sShopId = null )
348  {
350  $sShopId = ( !$sShopId ) ? $myConfig->getShopId() : $sShopId;
351  // check for SSL connection
352  if (!$myConfig->isSsl() && $this->getOxCookie('oxid_'.$sShopId.'_autologin') == '1') {
353  $sSslUrl = rtrim($myConfig->getSslShopUrl(), '/').$_SERVER['REQUEST_URI'];
354  if (stripos($sSslUrl, 'https') === 0) {
355  oxRegistry::getUtils()->redirect($sSslUrl, true, 302);
356  }
357  }
358 
359  if ( array_key_exists( $sShopId, $this->_aUserCookie ) && $this->_aUserCookie[$sShopId] !== null ) {
360  return $this->_aUserCookie[$sShopId] ? $this->_aUserCookie[$sShopId] : null;
361  }
362 
363  return $this->_aUserCookie[$sShopId] = $this->getOxCookie( 'oxid_'.$sShopId );
364  }
365 
372  public function isTrustedClientIp()
373  {
374  $blTrusted = false;
375  $aTrustedIPs = ( array ) $this->getConfig()->getConfigParam( "aTrustedIPs" );
376  if ( count( $aTrustedIPs ) ) {
377  $blTrusted = in_array( $this->getRemoteAddress(), $aTrustedIPs );
378  }
379 
380  return $blTrusted;
381  }
382 
390  public function processUserAgentInfo( $sAgent )
391  {
392  if ( $sAgent ) {
393  $sAgent = getStr()->preg_replace( "/MSIE(\s)?(\S)*(\s)/", "", (string) $sAgent );
394  }
395  return $sAgent;
396  }
397 
405  public function isCurrentUrl( $sURL )
406  {
407  // Missing protocol, cannot proceed, assuming true.
408  if ( !$sURL || (strpos( $sURL, "http" ) !== 0)) {
409  return true;
410  }
411 
412  // #4010: force_sid added in https to every link
413  preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $sURL, $matches);
414  $sUrlHost = $matches[3];
415 
416  // #4010: force_sid added in https to every link
417  preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $this->getServerVar( 'HTTP_HOST' ), $matches);
418  $sRealHost = $matches[3];
419 
420  $sCurrentHost = preg_replace( '/\/\w*\.php.*/', '', $this->getServerVar( 'HTTP_HOST' ) . $this->getServerVar( 'SCRIPT_NAME' ) );
421 
422  //remove double slashes all the way
423  $sCurrentHost = str_replace( '/', '', $sCurrentHost );
424  $sURL = str_replace( '/', '', $sURL );
425 
426  //var_dump($sURL,$sCurrentHost, $sRealHost);
427  if ( $sURL && $sCurrentHost && strpos( $sURL, $sCurrentHost ) !== false ) {
428  //bug fix #0002991
429  if ( $sUrlHost == $sRealHost ) {
430  return true;
431  }
432  }
433 
434  return false;
435  }
436 }