OXID eShop CE  4.9.7
 All Classes Files Functions Variables Pages
oxutilsserver.php
Go to the documentation of this file.
1 <?php
2 
6 class oxUtilsServer extends oxSuperCfg
7 {
8 
14  protected $_aUserCookie = array();
15 
21  protected $_sSessionCookiesName = 'aSessionCookies';
22 
28  protected $_sSessionCookies = array();
29 
43  public function setOxCookie($sName, $sValue = "", $iExpire = 0, $sPath = '/', $sDomain = null, $blToSession = true, $blSecure = false)
44  {
45  //TODO: since setcookie takes more than just 4 params..
46  // would be nice to have it sending through https only, if in https mode
47  // or allowing only http access to cookie [no JS access - reduces XSS attack possibility]
48  // ref: http://lt.php.net/manual/en/function.setcookie.php
49 
50  if ($blToSession && !$this->isAdmin()) {
51  $this->_saveSessionCookie($sName, $sValue, $iExpire, $sPath, $sDomain);
52  }
53 
54  if (defined('OXID_PHP_UNIT')) {
55  // do NOT set cookies in php unit.
56  return;
57  }
58 
59  return setcookie(
60  $sName,
61  $sValue,
62  $iExpire,
63  $this->_getCookiePath($sPath),
64  $this->_getCookieDomain($sDomain),
65  $blSecure,
66  true
67  );
68  }
69 
70  protected $_blSaveToSession = null;
71 
77  protected function _mustSaveToSession()
78  {
79  if ($this->_blSaveToSession === null) {
80  $this->_blSaveToSession = false;
81 
82  $myConfig = $this->getConfig();
83  if ($sSslUrl = $myConfig->getSslShopUrl()) {
84  $sUrl = $myConfig->getShopUrl();
85 
86  $sHost = parse_url($sUrl, PHP_URL_HOST);
87  $sSslHost = parse_url($sSslUrl, PHP_URL_HOST);
88 
89  // testing if domains matches..
90  if ($sHost != $sSslHost) {
91  $oUtils = oxRegistry::getUtils();
92  $this->_blSaveToSession = $oUtils->extractDomain($sHost) != $oUtils->extractDomain($sSslHost);
93  }
94  }
95  }
96 
97  return $this->_blSaveToSession;
98  }
99 
107  protected function _getSessionCookieKey($blGet)
108  {
109  $blSsl = $this->getConfig()->isSsl();
110  $sKey = $blSsl ? 'nossl' : 'ssl';
111 
112  if ($blGet) {
113  $sKey = $blSsl ? 'ssl' : 'nossl';
114  }
115 
116  return $sKey;
117  }
118 
128  protected function _saveSessionCookie($sName, $sValue, $iExpire, $sPath, $sDomain)
129  {
130  if ($this->_mustSaveToSession()) {
131  $aCookieData = array('value' => $sValue, 'expire' => $iExpire, 'path' => $sPath, 'domain' => $sDomain);
132 
133  $aSessionCookies = ( array ) oxRegistry::getSession()->getVariable($this->_sSessionCookiesName);
134  $aSessionCookies[$this->_getSessionCookieKey(false)][$sName] = $aCookieData;
135 
136  oxRegistry::getSession()->setVariable($this->_sSessionCookiesName, $aSessionCookies);
137  }
138  }
139 
143  public function loadSessionCookies()
144  {
145  if (($aSessionCookies = oxRegistry::getSession()->getVariable($this->_sSessionCookiesName))) {
146  $sKey = $this->_getSessionCookieKey(true);
147  if (isset($aSessionCookies[$sKey])) {
148  // writing session data to cookies
149  foreach ($aSessionCookies[$sKey] as $sName => $aCookieData) {
150  $this->setOxCookie($sName, $aCookieData['value'], $aCookieData['expire'], $aCookieData['path'], $aCookieData['domain'], false);
151  $this->_sSessionCookies[$sName] = $aCookieData['value'];
152  }
153 
154  // cleanup
155  unset($aSessionCookies[$sKey]);
156  oxRegistry::getSession()->setVariable($this->_sSessionCookiesName, $aSessionCookies);
157  }
158  }
159  }
160 
171  protected function _getCookiePath($sPath)
172  {
173  if ($aCookiePaths = $this->getConfig()->getConfigParam('aCookiePaths')) {
174  // in case user wants to have shop specific setup
175  $sShopId = $this->getConfig()->getShopId();
176  $sPath = isset($aCookiePaths[$sShopId]) ? $aCookiePaths[$sShopId] : $sPath;
177  }
178 
179  // from php doc: .. You may also replace an argument with an empty string ("") in order to skip that argument..
180  return $sPath ? $sPath : "";
181  }
182 
193  protected function _getCookieDomain($sDomain)
194  {
195  $sDomain = $sDomain ? $sDomain : "";
196 
197  // on special cases, like separate domain for SSL, cookies must be defined on domain specific path
198  // please have a look at
199  if (!$sDomain) {
200  if ($aCookieDomains = $this->getConfig()->getConfigParam('aCookieDomains')) {
201  // in case user wants to have shop specific setup
202  $sShopId = $this->getConfig()->getShopId();
203  $sDomain = isset($aCookieDomains[$sShopId]) ? $aCookieDomains[$sShopId] : $sDomain;
204  }
205  }
206 
207  return $sDomain;
208  }
209 
218  public function getOxCookie($sName = null)
219  {
220  $sValue = null;
221  if ($sName && isset($_COOKIE[$sName])) {
222  $sValue = oxRegistry::getConfig()->checkParamSpecialChars($_COOKIE[$sName]);
223  } elseif ($sName && !isset($_COOKIE[$sName])) {
224  $sValue = isset($this->_sSessionCookies[$sName]) ? $this->_sSessionCookies[$sName] : null;
225  } elseif (!$sName && isset($_COOKIE)) {
226  $sValue = $_COOKIE;
227  }
228 
229  return $sValue;
230  }
231 
237  public function getRemoteAddress()
238  {
239  if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
240  $sIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
241  $sIP = preg_replace('/,.*$/', '', $sIP);
242  } elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
243  $sIP = $_SERVER["HTTP_CLIENT_IP"];
244  } else {
245  $sIP = $_SERVER["REMOTE_ADDR"];
246  }
247 
248  return $sIP;
249  }
250 
258  public function getServerVar($sServVar = null)
259  {
260  $sValue = null;
261  if (isset($_SERVER)) {
262  if ($sServVar && isset($_SERVER[$sServVar])) {
263  $sValue = $_SERVER[$sServVar];
264  } elseif (!$sServVar) {
265  $sValue = $_SERVER;
266  }
267  }
268 
269  return $sValue;
270  }
271 
281  public function setUserCookie($sUser, $sPassword, $sShopId = null, $iTimeout = 31536000, $sSalt = 'ox')
282  {
283  $myConfig = $this->getConfig();
284  $sShopId = (!$sShopId) ? $myConfig->getShopId() : $sShopId;
285  $sSslUrl = $myConfig->getSslShopUrl();
286  if (stripos($sSslUrl, 'https') === 0) {
287  $blSsl = true;
288  } else {
289  $blSsl = false;
290  }
291 
292  $this->_aUserCookie[$sShopId] = $sUser . '@@@' . crypt($sPassword, $sSalt);
293  $this->setOxCookie('oxid_' . $sShopId, $this->_aUserCookie[$sShopId], oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, $blSsl);
294  $this->setOxCookie('oxid_' . $sShopId . '_autologin', '1', oxRegistry::get("oxUtilsDate")->getTime() + $iTimeout, '/', null, true, false);
295  }
296 
302  public function deleteUserCookie($sShopId = null)
303  {
304  $myConfig = $this->getConfig();
305  $sShopId = (!$sShopId) ? $this->getConfig()->getShopId() : $sShopId;
306  $sSslUrl = $myConfig->getSslShopUrl();
307  if (stripos($sSslUrl, 'https') === 0) {
308  $blSsl = true;
309  } else {
310  $blSsl = false;
311  }
312 
313  $this->_aUserCookie[$sShopId] = '';
314  $this->setOxCookie('oxid_' . $sShopId, '', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, $blSsl);
315  $this->setOxCookie('oxid_' . $sShopId . '_autologin', '0', oxRegistry::get("oxUtilsDate")->getTime() - 3600, '/', null, true, false);
316  }
317 
325  public function getUserCookie($sShopId = null)
326  {
327  $myConfig = parent::getConfig();
328  $sShopId = (!$sShopId) ? $myConfig->getShopId() : $sShopId;
329  // check for SSL connection
330  if (!$myConfig->isSsl() && $this->getOxCookie('oxid_' . $sShopId . '_autologin') == '1') {
331  $sSslUrl = rtrim($myConfig->getSslShopUrl(), '/') . $_SERVER['REQUEST_URI'];
332  if (stripos($sSslUrl, 'https') === 0) {
333  oxRegistry::getUtils()->redirect($sSslUrl, true, 302);
334  }
335  }
336 
337  if (array_key_exists($sShopId, $this->_aUserCookie) && $this->_aUserCookie[$sShopId] !== null) {
338  return $this->_aUserCookie[$sShopId] ? $this->_aUserCookie[$sShopId] : null;
339  }
340 
341  return $this->_aUserCookie[$sShopId] = $this->getOxCookie('oxid_' . $sShopId);
342  }
343 
350  public function isTrustedClientIp()
351  {
352  $blTrusted = false;
353  $aTrustedIPs = ( array ) $this->getConfig()->getConfigParam("aTrustedIPs");
354  if (count($aTrustedIPs)) {
355  $blTrusted = in_array($this->getRemoteAddress(), $aTrustedIPs);
356  }
357 
358  return $blTrusted;
359  }
360 
368  public function processUserAgentInfo($sAgent)
369  {
370  if ($sAgent) {
371  $sAgent = getStr()->preg_replace("/MSIE(\s)?(\S)*(\s)/", "", (string) $sAgent);
372  }
373 
374  return $sAgent;
375  }
376 
384  public function isCurrentUrl($sURL)
385  {
386  // Missing protocol, cannot proceed, assuming true.
387  if (!$sURL || (strpos($sURL, "http") !== 0)) {
388  return true;
389  }
390 
391  $sServerHost = $this->getServerVar('HTTP_HOST');
392  $blIsCurrentUrl = $this->_isCurrentUrl($sURL, $sServerHost);
393  if (!$blIsCurrentUrl) {
394  $sServerHost = $this->getServerVar('HTTP_X_FORWARDED_HOST');
395  if ($sServerHost) {
396  $blIsCurrentUrl = $this->_isCurrentUrl($sURL, $sServerHost);
397  }
398  }
399 
400  return $blIsCurrentUrl;
401  }
402 
411  public function _isCurrentUrl($sURL, $sServerHost)
412  {
413  // #4010: force_sid added in https to every link
414  preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $sURL, $matches);
415  $sUrlHost = $matches[3];
416 
417  preg_match("/^(https?:\/\/)?(www\.)?([^\/]+)/i", $sServerHost, $matches);
418  $sRealHost = $matches[3];
419 
420  $sCurrentHost = preg_replace('/\/\w*\.php.*/', '', $sServerHost . $this->getServerVar('SCRIPT_NAME'));
421 
422  //remove double slashes all the way
423  $sCurrentHost = str_replace('/', '', $sCurrentHost);
424  $sURL = str_replace('/', '', $sURL);
425 
426  if ($sURL && $sCurrentHost && strpos($sURL, $sCurrentHost) !== false) {
427  //bug fix #0002991
428  if ($sUrlHost == $sRealHost) {
429  return true;
430  }
431  }
432 
433  return false;
434  }
435 
441  public function getServerNodeId()
442  {
443  return md5($this->getServerName() . $this->getServerIp());
444  }
445 
451  public function getServerIp()
452  {
453  return $this->getServerVar('SERVER_ADDR');
454  }
455 
461  private function getServerName()
462  {
463  return php_uname();
464  }
465 }