API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 24th, 2016
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 11.65 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. * 2007-2014 PrestaShop
  4. *
  5. * NOTICE OF LICENSE
  6. *
  7. * This source file is subject to the Open Software License (OSL 3.0)
  8. * that is bundled with this package in the file LICENSE.txt.
  9. * It is also available through the world-wide-web at this URL:
  10. * http://opensource.org/licenses/osl-3.0.php
  11. * If you did not receive a copy of the license and are unable to
  12. * obtain it through the world-wide-web, please send an email
  13. * to license@prestashop.com so we can send you a copy immediately.
  14. *
  15. * DISCLAIMER
  16. *
  17. * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
  18. * versions in the future. If you wish to customize PrestaShop for your
  19. * needs please refer to http://www.prestashop.com for more information.
  20. *
  21. *  @author PrestaShop SA <contact@prestashop.com>
  22. *  @copyright  2007-2014 PrestaShop SA
  23. *  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
  24. *  International Registered Trademark & Property of PrestaShop SA
  25. */
  26.  
  27. class CookieCore
  28. {
  29.     /** @var array Contain cookie content in a key => value format */
  30.     protected $_content;
  31.  
  32.     /** @var array Crypted cookie name for setcookie() */
  33.     protected $_name;
  34.  
  35.     /** @var array expiration date for setcookie() */
  36.     protected $_expire;
  37.  
  38.     /** @var array Website domain for setcookie() */
  39.     protected $_domain;
  40.  
  41.     /** @var array Path for setcookie() */
  42.     protected $_path;
  43.  
  44.     /** @var array cipher tool instance */
  45.     protected $_cipherTool;
  46.  
  47.     protected $_modified = false;
  48.    
  49.     protected $_allow_writing;
  50.    
  51.     protected $_salt;
  52.    
  53.     protected $_standalone;
  54.  
  55.     /**
  56.      * Get data if the cookie exists and else initialize an new one
  57.      *
  58.      * @param $name string Cookie name before encrypting
  59.      * @param $path string
  60.      */
  61.     public function __construct($name, $path = '', $expire = null, $shared_urls = null, $standalone = false)
  62.     {
  63.         $this->_content = array();
  64.         $this->_standalone = $standalone;
  65.         $this->_expire = is_null($expire) ? time() + 1728000 : (int)$expire;
  66.         $this->_name = 'PrestaShop-'.md5(($this->_standalone ? '' : _PS_VERSION_).$name);
  67.         $this->_path = trim(($this->_standalone ? '' : Context::getContext()->shop->physical_uri).$path, '/\\').'/';
  68.         if ($this->_path{0} != '/') $this->_path = '/'.$this->_path;
  69.         $this->_path = rawurlencode($this->_path);
  70.         $this->_path = str_replace('%2F', '/', $this->_path);
  71.         $this->_path = str_replace('%7E', '~', $this->_path);
  72.         $this->_domain = $this->getDomain($shared_urls);
  73.         $this->_allow_writing = true;
  74.         $this->_salt = $this->_standalone ? str_pad('', 8, md5('ps'.__FILE__)) : _COOKIE_IV_;
  75.         if ($this->_standalone)
  76.             $this->_cipherTool = new Blowfish(str_pad('', 56, md5('ps'.__FILE__)), str_pad('', 56, md5('iv'.__FILE__)));
  77.         elseif (!Configuration::get('PS_CIPHER_ALGORITHM'))
  78.             $this->_cipherTool = new Blowfish(_COOKIE_KEY_, _COOKIE_IV_);
  79.         else
  80.             $this->_cipherTool = new Rijndael(_RIJNDAEL_KEY_, _RIJNDAEL_IV_);
  81.         $this->update();
  82.     }
  83.  
  84.     public function disallowWriting()
  85.     {
  86.         $this->_allow_writing = false;
  87.     }
  88.  
  89.     protected function getDomain($shared_urls = null)
  90.     {
  91.         $r = '!(?:(\w+)://)?(?:(\w+)\:(\w+)@)?([^/:]+)?(?:\:(\d*))?([^#?]+)?(?:\?([^#]+))?(?:#(.+$))?!i';
  92.  
  93.         if (!preg_match ($r, Tools::getHttpHost(false, false), $out) || !isset($out[4]))
  94.             return false;
  95.  
  96.         if (preg_match('/^(((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]{1}[0-9]|[1-9]).)'.
  97.             '{1}((25[0-5]|2[0-4][0-9]|[1]{1}[0-9]{2}|[1-9]{1}[0-9]|[0-9]).)'.
  98.             '{2}((25[0-5]|2[0-4][0-9]|[1]{1}[0-9]{2}|[1-9]{1}[0-9]|[0-9]){1}))$/', $out[4]))
  99.             return false;
  100.         if (!strstr(Tools::getHttpHost(false, false), '.'))
  101.             return false;
  102.  
  103.         $domain = false;
  104.         if ($shared_urls !== null)
  105.         {
  106.             foreach ($shared_urls as $shared_url)
  107.             {
  108.                 if ($shared_url != $out[4])
  109.                     continue;
  110.                 if (preg_match('/^(?:.*\.)?([^.]*(?:.{2,4})?\..{2,3})$/Ui', $shared_url, $res))
  111.                 {
  112.                     $domain = '.'.$res[1];
  113.                     break;
  114.                 }
  115.             }
  116.         }
  117.         if (!$domain)
  118.             $domain = $out[4];
  119.         return $domain;
  120.     }
  121.  
  122.     /**
  123.      * Set expiration date
  124.      *
  125.      * @param integer $expire Expiration time from now
  126.      */
  127.     public function setExpire($expire)
  128.     {
  129.         $this->_expire = (int)($expire);
  130.     }
  131.  
  132.     /**
  133.      * Magic method wich return cookie data from _content array
  134.      *
  135.      * @param string $key key wanted
  136.      * @return string value corresponding to the key
  137.      */
  138.     public function __get($key)
  139.     {
  140.         return isset($this->_content[$key]) ? $this->_content[$key] : false;
  141.     }
  142.  
  143.     /**
  144.      * Magic method which check if key exists in the cookie
  145.      *
  146.      * @param string $key key wanted
  147.      * @return boolean key existence
  148.      */
  149.     public function __isset($key)
  150.     {
  151.         return isset($this->_content[$key]);
  152.     }
  153.  
  154.     /**
  155.      * Magic method wich add data into _content array
  156.      *
  157.      * @param string $key key desired
  158.      * @param $value value corresponding to the key
  159.      */
  160.     public function __set($key, $value)
  161.     {
  162.         if (is_array($value))
  163.             die(Tools::displayError());
  164.         if (preg_match('/¤|\|/', $key.$value))
  165.             throw new Exception('Forbidden chars in cookie');
  166.         if (!$this->_modified && (!isset($this->_content[$key]) || (isset($this->_content[$key]) && $this->_content[$key] != $value)))
  167.             $this->_modified = true;
  168.         $this->_content[$key] = $value;
  169.     }
  170.  
  171.     /**
  172.      * Magic method wich delete data into _content array
  173.      *
  174.      * @param string $key key wanted
  175.      */
  176.     public function __unset($key)
  177.     {
  178.         if (isset($this->_content[$key]))
  179.             $this->_modified = true;
  180.         unset($this->_content[$key]);
  181.     }
  182.  
  183.     /**
  184.       * Check customer informations saved into cookie and return customer validity
  185.       *
  186.       * @deprecated as of version 1.5 use Customer::isLogged() instead
  187.       * @return boolean customer validity
  188.       */
  189.     public function isLogged($withGuest = false)
  190.     {
  191.         Tools::displayAsDeprecated();
  192.         if (!$withGuest && $this->is_guest == 1)
  193.             return false;
  194.  
  195.         /* Customer is valid only if it can be load and if cookie password is the same as database one */
  196.         if ($this->logged == 1 && $this->id_customer && Validate::isUnsignedId($this->id_customer) && Customer::checkPassword((int)($this->id_customer), $this->passwd))
  197.             return true;
  198.         return false;
  199.     }
  200.  
  201.     /**
  202.      * Check employee informations saved into cookie and return employee validity
  203.      *
  204.      * @deprecated as of version 1.5 use Employee::isLoggedBack() instead
  205.      * @return boolean employee validity
  206.      */
  207.     public function isLoggedBack()
  208.     {
  209.         Tools::displayAsDeprecated();
  210.         /* Employee is valid only if it can be load and if cookie password is the same as database one */
  211.         return ($this->id_employee
  212.             && Validate::isUnsignedId($this->id_employee)
  213.             && Employee::checkPassword((int)$this->id_employee, $this->passwd)
  214.             && (!isset($this->_content['remote_addr']) || $this->_content['remote_addr'] == ip2long(Tools::getRemoteAddr()) || !Configuration::get('PS_COOKIE_CHECKIP'))
  215.         );
  216.     }
  217.  
  218.     /**
  219.      * Delete cookie
  220.      * As of version 1.5 don't call this function, use Customer::logout() or Employee::logout() instead;
  221.      */
  222.     public function logout()
  223.     {
  224.         $this->_content = array();
  225.         $this->_setcookie();
  226.         unset($_COOKIE[$this->_name]);
  227.         $this->_modified = true;
  228.     }
  229.  
  230.     /**
  231.      * Soft logout, delete everything links to the customer
  232.      * but leave there affiliate's informations.
  233.      * As of version 1.5 don't call this function, use Customer::mylogout() instead;
  234.      */
  235.     public function mylogout()
  236.     {
  237.         unset($this->_content['id_compare']);
  238.         unset($this->_content['id_customer']);
  239.         unset($this->_content['id_guest']);
  240.         unset($this->_content['is_guest']);
  241.         unset($this->_content['id_connections']);
  242.         unset($this->_content['customer_lastname']);
  243.         unset($this->_content['customer_firstname']);
  244.         unset($this->_content['passwd']);
  245.         unset($this->_content['logged']);
  246.         unset($this->_content['email']);
  247.         unset($this->_content['id_cart']);
  248.         unset($this->_content['id_address_invoice']);
  249.         unset($this->_content['id_address_delivery']);
  250.         $this->_modified = true;
  251.     }
  252.  
  253.     public function makeNewLog()
  254.     {
  255.         unset($this->_content['id_customer']);
  256.         unset($this->_content['id_guest']);
  257.         Guest::setNewGuest($this);
  258.         $this->_modified = true;
  259.     }
  260.  
  261.     /**
  262.      * Get cookie content
  263.      */
  264.     public function update($nullValues = false)
  265.     {
  266.         if (isset($_COOKIE[$this->_name]))
  267.         {
  268.             /* Decrypt cookie content */
  269.             $content = $this->_cipherTool->decrypt($_COOKIE[$this->_name]);
  270.             //printf("\$content = %s<br />", $content);
  271.            
  272.             /* Get cookie checksum */
  273.             $tmpTab = explode('¤', $content);
  274.             array_pop($tmpTab);
  275.             $content_for_checksum = implode('¤', $tmpTab).'¤';
  276.             $checksum = crc32($this->_salt.$content_for_checksum);
  277.             //printf("\$checksum = %s<br />", $checksum);
  278.            
  279.             /* Unserialize cookie content */
  280.             $tmpTab = explode('¤', $content);
  281.             foreach ($tmpTab as $keyAndValue)
  282.             {
  283.                 $tmpTab2 = explode('|', $keyAndValue);
  284.                 if (count($tmpTab2) == 2)
  285.                     $this->_content[$tmpTab2[0]] = $tmpTab2[1];
  286.             }
  287.             /* Blowfish fix */
  288.             if (isset($this->_content['checksum']))
  289.                 $this->_content['checksum'] = (int)($this->_content['checksum']);
  290.             //printf("\$this->_content['checksum'] = %s<br />", $this->_content['checksum']);
  291.             //die();
  292.             /* Check if cookie has not been modified */
  293.             if (!isset($this->_content['checksum']) || $this->_content['checksum'] != $checksum)
  294.                 $this->logout();
  295.  
  296.             if (!isset($this->_content['date_add']))
  297.                 $this->_content['date_add'] = date('Y-m-d H:i:s');
  298.         }
  299.         else
  300.             $this->_content['date_add'] = date('Y-m-d H:i:s');
  301.  
  302.         //checks if the language exists, if not choose the default language
  303.         if (!$this->_standalone && !Language::getLanguage((int)$this->id_lang))
  304.         {
  305.             $this->id_lang = Configuration::get('PS_LANG_DEFAULT');
  306.             // set detect_language to force going through Tools::setCookieLanguage to figure out browser lang
  307.             // Changed to manage the detect language and avoid 301 redirection
  308.             //$this->detect_language = true;
  309.             $this->detect_language = false;
  310.         }
  311.  
  312.     }
  313.  
  314.     /**
  315.      * Setcookie according to php version
  316.      */
  317.     protected function _setcookie($cookie = null)
  318.     {
  319.         if ($cookie)
  320.         {
  321.             $content = $this->_cipherTool->encrypt($cookie);
  322.             $time = $this->_expire;
  323.         }
  324.         else
  325.         {
  326.             $content = 0;
  327.             $time = 1;
  328.         }
  329.         if (PHP_VERSION_ID <= 50200) /* PHP version > 5.2.0 */
  330.             return setcookie($this->_name, $content, $time, $this->_path, $this->_domain, 0);
  331.         else
  332.             return setcookie($this->_name, $content, $time, $this->_path, $this->_domain, 0, true);
  333.     }
  334.  
  335.     public function __destruct()
  336.     {
  337.         $this->write();
  338.     }
  339.  
  340.     /**
  341.      * Save cookie with setcookie()
  342.      */
  343.     public function write()
  344.     {
  345.         if (!$this->_modified || headers_sent() || !$this->_allow_writing)
  346.             return;
  347.  
  348.         $cookie = '';
  349.  
  350.         /* Serialize cookie content */
  351.         if (isset($this->_content['checksum'])) unset($this->_content['checksum']);
  352.         foreach ($this->_content as $key => $value)
  353.             $cookie .= $key.'|'.$value.'¤';
  354.  
  355.         /* Add checksum to cookie */
  356.         $cookie .= 'checksum|'.crc32($this->_salt.$cookie);
  357.         $this->_modified = false;
  358.         /* Cookies are encrypted for evident security reasons */
  359.         return $this->_setcookie($cookie);
  360.     }
  361.  
  362.     /**
  363.      * Get a family of variables (e.g. "filter_")
  364.      */
  365.     public function getFamily($origin)
  366.     {
  367.         $result = array();
  368.         if (count($this->_content) == 0)
  369.             return $result;
  370.         foreach ($this->_content as $key => $value)
  371.             if (strncmp($key, $origin, strlen($origin)) == 0)
  372.                 $result[$key] = $value;
  373.         return $result;
  374.     }
  375.  
  376.     /**
  377.      *
  378.      */
  379.     public function unsetFamily($origin)
  380.     {
  381.         $family = $this->getFamily($origin);
  382.         foreach (array_keys($family) as $member)
  383.             unset($this->$member);
  384.     }
  385.  
  386.     /**
  387.      * @return String name of cookie
  388.      */
  389.     public function getName()
  390.     {
  391.         return $this->_name;
  392.     }
  393.  
  394.     /**
  395.      * Check if the cookie exists
  396.      *
  397.      * @since 1.5.0
  398.      * @return bool
  399.      */
  400.     public function exists()
  401.     {
  402.         return isset($_COOKIE[$this->_name]);
  403.     }
  404. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!