oxutilsserver.php

Go to the documentation of this file.
00001 <?php
00002 
00006 class oxUtilsServer extends oxSuperCfg
00007 {
00008 
00014     protected $_aUserCookie = array();
00015 
00021     protected $_sSessionCookiesName = 'aSessionCookies';
00022 
00028     protected $_sSessionCookies = array();
00029 
00043     public function setOxCookie($sName, $sValue = "", $iExpire = 0, $sPath = '/', $sDomain = null, $blToSession = true, $blSecure = false)
00044     {
00045         //TODO: since setcookie takes more than just 4 params..
00046         // would be nice to have it sending through https only, if in https mode
00047         // or allowing only http access to cookie [no JS access - reduces XSS attack possibility]
00048         // ref: http://lt.php.net/manual/en/function.setcookie.php
00049 
00050         if ($blToSession && !$this->isAdmin()) {
00051             $this->_saveSessionCookie($sName, $sValue, $iExpire, $sPath, $sDomain);
00052         }
00053 
00054         if (defined('OXID_PHP_UNIT')) {
00055             // do NOT set cookies in php unit.
00056             return;
00057         }
00058 
00059         return setcookie(
00060             $sName,
00061             $sValue,
00062             $iExpire,
00063             $this->_getCookiePath($sPath),
00064             $this->_getCookieDomain($sDomain),
00065             $blSecure,
00066             true
00067         );
00068     }
00069 
00070     protected $_blSaveToSession = null;
00071 
00077     protected function _mustSaveToSession()
00078     {
00079         if ($this->_blSaveToSession === null) {
00080             $this->_blSaveToSession = false;
00081 
00082             $myConfig = $this->getConfig();
00083             if ($sSslUrl = $myConfig->getSslShopUrl()) {
00084                 $sUrl = $myConfig->getShopUrl();
00085 
00086                 $sHost = parse_url($sUrl, PHP_URL_HOST);
00087                 $sSslHost = parse_url($sSslUrl, PHP_URL_HOST);
00088 
00089                 // testing if domains matches..
00090                 if ($sHost != $sSslHost) {
00091                     $oUtils = oxRegistry::getUtils();
00092                     $this->_blSaveToSession = $oUtils->extractDomain($sHost) != $oUtils->extractDomain($sSslHost);
00093                 }
00094             }
00095         }
00096 
00097         return $this->_blSaveToSession;
00098     }
00099 
00107     protected function _getSessionCookieKey($blGet)
00108     {
00109         $blSsl = $this->getConfig()->isSsl();
00110         $sKey = $blSsl ? 'nossl' : 'ssl';
00111 
00112         if ($blGet) {
00113             $sKey = $blSsl ? 'ssl' : 'nossl';
00114         }
00115 
00116         return $sKey;
00117     }
00118 
00128     protected function _saveSessionCookie($sName, $sValue, $iExpire, $sPath, $sDomain)
00129     {
00130         if ($this->_mustSaveToSession()) {
00131             $aCookieData = array('value' => $sValue, 'expire' => $iExpire, 'path' => $sPath, 'domain' => $sDomain);
00132 
00133             $aSessionCookies = ( array ) oxRegistry::getSession()->getVariable($this->_sSessionCookiesName);
00134             $aSessionCookies[$this->_getSessionCookieKey(false)][$sName] = $aCookieData;
00135 
00136             oxRegistry::getSession()->setVariable($this->_sSessionCookiesName, $aSessionCookies);
00137         }
00138     }
00139 
00143     public function loadSessionCookies()
00144     {
00145         if (($aSessionCookies = oxRegistry::getSession()->getVariable($this->_sSessionCookiesName))) {
00146             $sKey = $this->_getSessionCookieKey(true);
00147             if (isset($aSessionCookies[$sKey])) {
00148                 // writing session data to cookies
00149                 foreach ($aSessionCookies[$sKey] as $sName => $aCookieData) {
00150                     $this->setOxCookie($sName, $aCookieData['value'], $aCookieData['expire'], $aCookieData['path'], $aCookieData['domain'], false);
00151                     $this->_sSessionCookies[$sName] = $aCookieData['value'];
00152                 }
00153 
00154                 // cleanup
00155                 unset($aSessionCookies[$sKey]);
00156                 oxRegistry::getSession()->setVariable($this->_sSessionCookiesName, $aSessionCookies);
00157             }
00158         }
00159     }
00160 
00171     protected function _getCookiePath($sPath)
00172     {
00173         if ($aCookiePaths = $this->getConfig()->getConfigParam('aCookiePaths')) {
00174             // in case user wants to have shop specific setup
00175             $sShopId = $this->getConfig()->getShopId();
00176             $sPath = isset($aCookiePaths[$sShopId]) ? $aCookiePaths[$sShopId] : $sPath;
00177         }
00178 
00179         // from php doc: .. You may also replace an argument with an empty string ("") in order to skip that argument..
00180         return $sPath ? $sPath : "";
00181     }
00182 
00193     protected function _getCookieDomain($sDomain)
00194     {
00195         $sDomain = $sDomain ? $sDomain : "";
00196 
00197         // on special cases, like separate domain for SSL, cookies must be defined on domain specific path
00198         // please have a look at
00199         if (!$sDomain) {
00200             if ($aCookieDomains = $this->getConfig()->getConfigParam('aCookieDomains')) {
00201                 // in case user wants to have shop specific setup
00202                 $sShopId = $this->getConfig()->getShopId();
00203                 $sDomain = isset($aCookieDomains[$sShopId]) ? $aCookieDomains[$sShopId] : $sDomain;
00204             }
00205         }
00206 
00207         return $sDomain;
00208     }
00209 
00218     public function getOxCookie($sName = null)
00219     {
00220         $sValue = null;
00221         if ($sName && isset($_COOKIE[$sName])) {
00222             $sValue = oxRegistry::getConfig()->checkParamSpecialChars($_COOKIE[$sName]);
00223         } elseif ($sName && !isset($_COOKIE[$sName])) {
00224             $sValue = isset($this->_sSessionCookies[$sName]) ? $this->_sSessionCookies[$sName] : null;
00225         } elseif (!$sName && isset($_COOKIE)) {
00226             $sValue = $_COOKIE;
00227         }
00228 
00229         return $sValue;
00230     }
00231 
00237     public function getRemoteAddress()
00238     {
00239         if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
00240             $sIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
00241             $sIP = preg_replace('/,.*$/', '', $sIP);
00242         } elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
00243             $sIP = $_SERVER["HTTP_CLIENT_IP"];
00244         } else {
00245             $sIP = $_SERVER["REMOTE_ADDR"];
00246         }
00247 
00248         return $sIP;
00249     }
00250 
00258     public function getServerVar($sServVar = null)
00259     {
00260         $sValue = null;
00261         if (isset($_SERVER)) {
00262             if ($sServVar && isset($_SERVER[$sServVar])) {
00263                 $sValue = $_SERVER[$sServVar];
00264             } elseif (!$sServVar) {
00265                 $sValue = $_SERVER;
00266             }
00267         }
00268 
00269         return $sValue;
00270     }
00271 
00281     public function setUserCookie($sUser, $sPassword, $sShopId = null, $iTimeout = 31536000, $sSalt = 'ox')
00282     {
00283         $myConfig = $this->getConfig();
00284         $sShopId = (!$sShopId) ? $myConfig->getShopId() : $sShopId;
00285         $sSslUrl = $myConfig->getSslShopUrl();
00286         if (stripos($sSslUrl, 'https') === 0) {
00287             $blSsl = true;
00288         } else {
00289             $blSsl = false;
00290         }
00291 
00292         $this->_aUserCookie[$sShopId] = $sUser . '@@@' . crypt($sPassword, $sSalt);
00293         $this->setOxCookie('oxid_' . $sShopId, $this->_aUserCookie[$sShopId], oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, $blSsl);
00294         $this->setOxCookie('oxid_' . $sShopId . '_autologin', '1', oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, false);
00295     }
00296 
00302     public function deleteUserCookie($sShopId = null)
00303     {
00304         $myConfig = $this->getConfig();
00305         $sShopId = (!$sShopId) ? $this->getConfig()->getShopId() : $sShopId;
00306         $sSslUrl = $myConfig->getSslShopUrl();
00307         if (stripos($sSslUrl, 'https') === 0) {
00308             $blSsl = true;
00309         } else {
00310             $blSsl = false;
00311         }
00312 
00313         $this->_aUserCookie[$sShopId] = '';
00314         $this->setOxCookie('oxid_' . $sShopId, '', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, $blSsl);
00315         $this->setOxCookie('oxid_' . $sShopId . '_autologin', '0', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, false);
00316     }
00317 
00325     public function getUserCookie($sShopId = null)
00326     {
00327         $myConfig = parent::getConfig();
00328         $sShopId = (!$sShopId) ? $myConfig->getShopId() : $sShopId;
00329         // check for SSL connection
00330         if (!$myConfig->isSsl() && $this->getOxCookie('oxid_' . $sShopId . '_autologin') == '1') {
00331             $sSslUrl = rtrim($myConfig->getSslShopUrl(), '/') . $_SERVER['REQUEST_URI'];
00332             if (stripos($sSslUrl, 'https') === 0) {
00333                 oxRegistry::getUtils()->redirect($sSslUrl, true, 302);
00334             }
00335         }
00336 
00337         if (array_key_exists($sShopId, $this->_aUserCookie) && $this->_aUserCookie[$sShopId] !== null) {
00338             return $this->_aUserCookie[$sShopId] ? $this->_aUserCookie[$sShopId] : null;
00339         }
00340 
00341         return $this->_aUserCookie[$sShopId] = $this->getOxCookie('oxid_' . $sShopId);
00342     }
00343 
00350     public function isTrustedClientIp()
00351     {
00352         $blTrusted = false;
00353         $aTrustedIPs = ( array ) $this->getConfig()->getConfigParam("aTrustedIPs");
00354         if (count($aTrustedIPs)) {
00355             $blTrusted = in_array($this->getRemoteAddress(), $aTrustedIPs);
00356         }
00357 
00358         return $blTrusted;
00359     }
00360 
00368     public function processUserAgentInfo($sAgent)
00369     {
00370         if ($sAgent) {
00371             $sAgent = getStr()->preg_replace("/MSIE(\s)?(\S)*(\s)/", "", (string) $sAgent);
00372         }
00373 
00374         return $sAgent;
00375     }
00376 
00384     public function isCurrentUrl($sURL)
00385     {
00386         // Missing protocol, cannot proceed, assuming true.
00387         if (!$sURL || (strpos($sURL, "http") !== 0)) {
00388             return true;
00389         }
00390 
00391         $sServerHost = $this->getServerVar('HTTP_HOST');
00392         $blIsCurrentUrl = $this->_isCurrentUrl($sURL, $sServerHost);
00393         if (!$blIsCurrentUrl) {
00394             $sServerHost = $this->getServerVar('HTTP_X_FORWARDED_HOST');
00395             if ($sServerHost) {
00396                 $blIsCurrentUrl = $this->_isCurrentUrl($sURL, $sServerHost);
00397             }
00398         }
00399 
00400         return $blIsCurrentUrl;
00401     }
00402 
00411     public function _isCurrentUrl($sURL, $sServerHost)
00412     {
00413         // #4010: force_sid added in https to every link
00414         preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $sURL, $matches);
00415         $sUrlHost = $matches[3];
00416 
00417         preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $sServerHost, $matches);
00418         $sRealHost = $matches[3];
00419 
00420         $sCurrentHost = preg_replace('/\/\w*\.php.*/', '', $sServerHost . $this->getServerVar('SCRIPT_NAME'));
00421 
00422         //remove double slashes all the way
00423         $sCurrentHost = str_replace('/', '', $sCurrentHost);
00424         $sURL = str_replace('/', '', $sURL);
00425 
00426         if ($sURL && $sCurrentHost && strpos($sURL, $sCurrentHost) !== false) {
00427             //bug fix #0002991
00428             if ($sUrlHost == $sRealHost) {
00429                 return true;
00430             }
00431         }
00432 
00433         return false;
00434     }
00435 
00441     public function getServerNodeId()
00442     {
00443         return md5($this->getServerName() . $this->getServerIp());
00444     }
00445 
00451     public function getServerIp()
00452     {
00453         return $this->getServerVar('SERVER_ADDR');
00454     }
00455 
00461     private function getServerName()
00462     {
00463         return php_uname();
00464     }
00465 }
Generated by  doxygen 1.7.1