mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-03 15:14:08 +01:00
53aba99af1
* [MOD] Improved import process * [MOD] Improved event logging * [MOD] Code refactoring. Work in progress * [FIX] Several bugfixes. Work in progress
179 lines
5.0 KiB
PHP
179 lines
5.0 KiB
PHP
<?php
|
|
/**
|
|
* sysPass
|
|
*
|
|
* @author nuxsmin
|
|
* @link https://syspass.org
|
|
* @copyright 2012-2018, Rubén Domínguez nuxsmin@$syspass.org
|
|
*
|
|
* This file is part of sysPass.
|
|
*
|
|
* sysPass is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* sysPass is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
namespace SP\Util;
|
|
|
|
use SP\Config\ConfigData;
|
|
use SP\Http\Request;
|
|
|
|
/**
|
|
* Class HttpUtil
|
|
*
|
|
* @package SP\Util
|
|
*/
|
|
class HttpUtil
|
|
{
|
|
/**
|
|
* Comprobar y forzar (si es necesario) la conexión HTTPS
|
|
*
|
|
* @param ConfigData $configData
|
|
*/
|
|
public static function checkHttps(ConfigData $configData)
|
|
{
|
|
if ($configData->isHttpsEnabled() && !Checks::httpsEnabled()) {
|
|
$port = ((int)$_SERVER['SERVER_PORT'] !== 443) ? ':' . $_SERVER['SERVER_PORT'] : '';
|
|
$host = str_replace('http', 'https', self::getHttpHost());
|
|
|
|
header('Location: ' . $host . $port . $_SERVER['REQUEST_URI']);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the URI used by the browser and checks for the protocol used
|
|
*
|
|
* @see https://tools.ietf.org/html/rfc7239#section-7.5
|
|
* @return string
|
|
*/
|
|
public static function getHttpHost()
|
|
{
|
|
$forwarded = self::getForwardedData();
|
|
|
|
// Check in style of RFC 7239
|
|
if (null !== $forwarded) {
|
|
return strtolower($forwarded['proto'] . '://' . $forwarded['host']);
|
|
}
|
|
|
|
$xForward = self::getXForwardedData();
|
|
|
|
// Check (deprecated) de facto standard
|
|
if (null !== $xForward) {
|
|
return strtolower($xForward['proto'] . '://' . $xForward['host']);
|
|
}
|
|
|
|
// We got called directly
|
|
if (Checks::httpsEnabled()) {
|
|
return 'https://' . $_SERVER['HTTP_HOST'];
|
|
}
|
|
|
|
return 'http://' . $_SERVER['HTTP_HOST'];
|
|
}
|
|
|
|
/**
|
|
* Devolver datos de forward RFC 7239
|
|
*
|
|
* @see https://tools.ietf.org/html/rfc7239#section-7.5
|
|
* @return array|null
|
|
*/
|
|
public static function getForwardedData()
|
|
{
|
|
$forwarded = Request::getRequestHeaders('HTTP_FORWARDED');
|
|
|
|
// Check in style of RFC 7239
|
|
if ($forwarded !== ''
|
|
&& preg_match('/proto=(\w+);/i', $forwarded, $matchesProto)
|
|
&& preg_match('/host=(\w+);/i', $forwarded, $matchesHost)
|
|
) {
|
|
$data = [
|
|
'host ' => $matchesHost[0],
|
|
'proto' => $matchesProto[0],
|
|
'for' => self::getForwardedFor()
|
|
];
|
|
|
|
// Check if protocol and host are not empty
|
|
if (!empty($data['proto']) && !empty($data['host'])) {
|
|
return $data;
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Devolver la dirección IP del cliente a través de proxy o directo
|
|
*
|
|
* @return array|string
|
|
*/
|
|
public static function getForwardedFor()
|
|
{
|
|
if (preg_match_all('/for="?\[?([\w.:]+)"?\]?[,;]?/i',
|
|
Request::getRequestHeaders('HTTP_FORWARDED'), $matchesFor)) {
|
|
return $matchesFor[1];
|
|
}
|
|
|
|
$matchesFor = preg_split('/(?<=[\w])+,/i',
|
|
Request::getRequestHeaders('HTTP_X_FORWARDED_FOR'),
|
|
-1,
|
|
PREG_SPLIT_NO_EMPTY);
|
|
|
|
if (count($matchesFor) > 0) {
|
|
return $matchesFor;
|
|
}
|
|
|
|
return $_SERVER['REMOTE_ADDR'];
|
|
}
|
|
|
|
/**
|
|
* Devolver datos de x-forward
|
|
*
|
|
* @return array|null
|
|
*/
|
|
public static function getXForwardedData()
|
|
{
|
|
$forwardedHost = Request::getRequestHeaders('HTTP_X_FORWARDED_HOST');
|
|
$forwardedProto = Request::getRequestHeaders('HTTP_X_FORWARDED_PROTO');
|
|
|
|
// Check (deprecated) de facto standard
|
|
if (!empty($forwardedHost) && !empty($forwardedProto)) {
|
|
$data = [
|
|
'host' => trim(str_replace('"', '', $forwardedHost)),
|
|
'proto' => trim(str_replace('"', '', $forwardedProto)),
|
|
'for' => self::getForwardedFor()
|
|
];
|
|
|
|
// Check if protocol and host are not empty
|
|
if (!empty($data['host']) && !empty($data['proto'])) {
|
|
return $data;
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Devolver la dirección IP del cliente
|
|
*
|
|
* @param bool $fullForwarded Devolver la cadena de forward completa
|
|
* @return string|array
|
|
*/
|
|
public static function getClientAddress($fullForwarded = false)
|
|
{
|
|
$forwarded = self::getForwardedFor();
|
|
|
|
if (is_array($forwarded)) {
|
|
return $fullForwarded ? implode(',', $forwarded) : $forwarded[0];
|
|
}
|
|
|
|
return $forwarded;
|
|
}
|
|
} |