XOOPS /
XoopsCore25
| Total Complexity | 63 |
| Total Lines | 377 |
| Duplicated Lines | 0 % |
| Changes | 0 | ||
Complex classes like XoopsGTicket often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use XoopsGTicket, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 11 | class XoopsGTicket |
||
| 12 | { |
||
| 13 | public $_errors = []; |
||
| 14 | public $_latest_token = ''; |
||
| 15 | public $messages = []; |
||
| 16 | |||
| 17 | /** |
||
| 18 | * XoopsGTicket constructor. |
||
| 19 | */ |
||
| 20 | public function __construct() |
||
| 21 | { |
||
| 22 | global $xoopsConfig; |
||
| 23 | |||
| 24 | // language file |
||
| 25 | if (defined('XOOPS_ROOT_PATH') && !empty($xoopsConfig['language']) && false === strpos($xoopsConfig['language'], '/')) { |
||
| 26 | if (file_exists(dirname(__DIR__) . '/language/' . $xoopsConfig['language'] . '/gticket_messages.phtml')) { |
||
| 27 | include dirname(__DIR__) . '/language/' . $xoopsConfig['language'] . '/gticket_messages.phtml'; |
||
| 28 | } |
||
| 29 | } |
||
| 30 | |||
| 31 | // default messages |
||
| 32 | if (empty($this->messages)) { |
||
| 33 | $this->messages = [ |
||
| 34 | 'err_general' => 'GTicket Error', |
||
| 35 | 'err_nostubs' => 'No stubs found', |
||
| 36 | 'err_noticket' => 'No ticket found', |
||
| 37 | 'err_nopair' => 'No valid ticket-stub pair found', |
||
| 38 | 'err_timeout' => 'Time out', |
||
| 39 | 'err_areaorref' => 'Invalid area or referer', |
||
| 40 | 'fmt_prompt4repost' => 'error(s) found:<br><span style="background-color:red;font-weight:bold;color:white;">%s</span><br>Confirm it.<br>And do you want to post again?', |
||
| 41 | 'btn_repost' => 'repost', |
||
| 42 | ]; |
||
| 43 | } |
||
| 44 | } |
||
| 45 | |||
| 46 | // render form as plain html |
||
| 47 | /** |
||
| 48 | * @param string $salt |
||
| 49 | * @param int $timeout |
||
| 50 | * @param string $area |
||
| 51 | * |
||
| 52 | * @return string |
||
| 53 | */ |
||
| 54 | public function getTicketHtml($salt = '', $timeout = 1800, $area = '') |
||
| 55 | { |
||
| 56 | return '<input type="hidden" name="XOOPS_G_TICKET" value="' . $this->issue($salt, $timeout, $area) . '" />'; |
||
| 57 | } |
||
| 58 | |||
| 59 | // returns an object of XoopsFormHidden including theh ticket |
||
| 60 | /** |
||
| 61 | * @param string $salt |
||
| 62 | * @param int $timeout |
||
| 63 | * @param string $area |
||
| 64 | * |
||
| 65 | * @return XoopsFormHidden |
||
| 66 | */ |
||
| 67 | public function getTicketXoopsForm($salt = '', $timeout = 1800, $area = '') |
||
| 68 | { |
||
| 69 | return new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area)); |
||
| 70 | } |
||
| 71 | |||
| 72 | // add a ticket as Hidden Element into XoopsForm |
||
| 73 | /** |
||
| 74 | * @param $form |
||
| 75 | * @param string $salt |
||
| 76 | * @param int $timeout |
||
| 77 | * @param string $area |
||
| 78 | */ |
||
| 79 | public function addTicketXoopsFormElement($form, $salt = '', $timeout = 1800, $area = '') |
||
| 80 | { |
||
| 81 | $form->addElement(new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area))); |
||
| 82 | } |
||
| 83 | |||
| 84 | // returns an array for xoops_confirm() ; |
||
| 85 | /** |
||
| 86 | * @param string $salt |
||
| 87 | * @param int $timeout |
||
| 88 | * @param string $area |
||
| 89 | * |
||
| 90 | * @return array |
||
| 91 | */ |
||
| 92 | public function getTicketArray($salt = '', $timeout = 1800, $area = '') |
||
| 93 | { |
||
| 94 | return ['XOOPS_G_TICKET' => $this->issue($salt, $timeout, $area)]; |
||
| 95 | } |
||
| 96 | |||
| 97 | // return GET parameter string. |
||
| 98 | /** |
||
| 99 | * @param string $salt |
||
| 100 | * @param bool $noamp |
||
| 101 | * @param int $timeout |
||
| 102 | * @param string $area |
||
| 103 | * |
||
| 104 | * @return string |
||
| 105 | */ |
||
| 106 | public function getTicketParamString($salt = '', $noamp = false, $timeout = 1800, $area = '') |
||
| 107 | { |
||
| 108 | return ($noamp ? '' : '&') . 'XOOPS_G_TICKET=' . $this->issue($salt, $timeout, $area); |
||
| 109 | } |
||
| 110 | |||
| 111 | // issue a ticket |
||
| 112 | /** |
||
| 113 | * @param string $salt |
||
| 114 | * @param int $timeout |
||
| 115 | * @param string $area |
||
| 116 | * |
||
| 117 | * @return string |
||
| 118 | */ |
||
| 119 | public function issue($salt = '', $timeout = 1800, $area = '') |
||
| 120 | { |
||
| 121 | global $xoopsModule; |
||
| 122 | |||
| 123 | if ('' === $salt) { |
||
| 124 | $salt = '$2y$07$' . str_replace('+', '.', base64_encode(random_bytes(16))); |
||
| 125 | } |
||
| 126 | |||
| 127 | // create a token |
||
| 128 | [$usec, $sec] = explode(' ', microtime()); |
||
| 129 | $appendix_salt = empty($_SERVER['PATH']) ? XOOPS_DB_NAME : $_SERVER['PATH']; |
||
| 130 | $token = crypt($salt . $usec . $appendix_salt . $sec, $salt); |
||
| 131 | $this->_latest_token = $token; |
||
| 132 | |||
| 133 | if (empty($_SESSION['XOOPS_G_STUBS'])) { |
||
| 134 | $_SESSION['XOOPS_G_STUBS'] = []; |
||
| 135 | } |
||
| 136 | |||
| 137 | // limit max stubs 10 |
||
| 138 | if (count($_SESSION['XOOPS_G_STUBS']) > 10) { |
||
| 139 | $_SESSION['XOOPS_G_STUBS'] = array_slice($_SESSION['XOOPS_G_STUBS'], -10); |
||
| 140 | } |
||
| 141 | |||
| 142 | // record referer if browser send it |
||
| 143 | $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['REQUEST_URI']; |
||
| 144 | |||
| 145 | // area as module's dirname |
||
| 146 | if (!$area && isset($xoopsModule) && is_object($xoopsModule)) { |
||
| 147 | $area = $xoopsModule->getVar('dirname'); |
||
| 148 | } |
||
| 149 | |||
| 150 | // store stub |
||
| 151 | $_SESSION['XOOPS_G_STUBS'][] = [ |
||
| 152 | 'expire' => time() + $timeout, |
||
| 153 | 'referer' => $referer, |
||
| 154 | 'area' => $area, |
||
| 155 | 'token' => $token, |
||
| 156 | ]; |
||
| 157 | |||
| 158 | // paid md5ed token as a ticket |
||
| 159 | return md5($token . XOOPS_DB_PREFIX); |
||
| 160 | } |
||
| 161 | |||
| 162 | // check a ticket |
||
| 163 | /** |
||
| 164 | * @param bool $post |
||
| 165 | * @param string $area |
||
| 166 | * @param bool $allow_repost |
||
| 167 | * |
||
| 168 | * @return bool |
||
| 169 | */ |
||
| 170 | public function check($post = true, $area = '', $allow_repost = true) |
||
| 171 | { |
||
| 172 | global $xoopsModule; |
||
| 173 | |||
| 174 | $this->_errors = []; |
||
| 175 | |||
| 176 | // CHECK: stubs are not stored in session |
||
| 177 | if (!isset($_SESSION['XOOPS_G_STUBS']) || !is_array($_SESSION['XOOPS_G_STUBS'])) { |
||
| 178 | $this->_errors[] = $this->messages['err_nostubs']; |
||
| 179 | $_SESSION['XOOPS_G_STUBS'] = []; |
||
| 180 | } |
||
| 181 | |||
| 182 | // get key&val of the ticket from a user's query |
||
| 183 | $ticket = ''; |
||
| 184 | if ($post) { |
||
| 185 | if (isset($_POST['XOOPS_G_TICKET'])) { |
||
| 186 | $ticket = $_POST['XOOPS_G_TICKET']; |
||
| 187 | } |
||
| 188 | } else { |
||
| 189 | if (isset($_GET['XOOPS_G_TICKET'])) { |
||
| 190 | $ticket = $_GET['XOOPS_G_TICKET']; |
||
| 191 | } |
||
| 192 | } |
||
| 193 | |||
| 194 | // CHECK: no tickets found |
||
| 195 | if (empty($ticket)) { |
||
| 196 | $this->_errors[] = $this->messages['err_noticket']; |
||
| 197 | } |
||
| 198 | |||
| 199 | // gargage collection & find a right stub |
||
| 200 | $stubs_tmp = $_SESSION['XOOPS_G_STUBS']; |
||
| 201 | $_SESSION['XOOPS_G_STUBS'] = []; |
||
| 202 | foreach ($stubs_tmp as $stub) { |
||
| 203 | // default lifetime 30min |
||
| 204 | if ($stub['expire'] >= time()) { |
||
| 205 | if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) { |
||
| 206 | $found_stub = $stub; |
||
| 207 | } else { |
||
| 208 | // store the other valid stubs into session |
||
| 209 | $_SESSION['XOOPS_G_STUBS'][] = $stub; |
||
| 210 | } |
||
| 211 | } else { |
||
| 212 | if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) { |
||
| 213 | // not CSRF but Time-Out |
||
| 214 | $timeout_flag = true; |
||
| 215 | } |
||
| 216 | } |
||
| 217 | } |
||
| 218 | |||
| 219 | // CHECK: the right stub found or not |
||
| 220 | if (empty($found_stub)) { |
||
| 221 | if (empty($timeout_flag)) { |
||
| 222 | $this->_errors[] = $this->messages['err_nopair']; |
||
| 223 | } else { |
||
| 224 | $this->_errors[] = $this->messages['err_timeout']; |
||
| 225 | } |
||
| 226 | } else { |
||
| 227 | |||
| 228 | // set area if necessary |
||
| 229 | // area as module's dirname |
||
| 230 | if (!$area && isset($xoopsModule) && is_object($xoopsModule)) { |
||
| 231 | $area = $xoopsModule->getVar('dirname'); |
||
| 232 | } |
||
| 233 | |||
| 234 | // check area or referer |
||
| 235 | if (isset($found_stub['area']) && $found_stub['area'] == $area) { |
||
| 236 | $area_check = true; |
||
| 237 | } |
||
| 238 | |||
| 239 | if (!empty($found_stub['referer']) && isset($_SERVER['HTTP_REFERER']) && false !== strpos($_SERVER['HTTP_REFERER'], (string) $found_stub['referer'])) { |
||
| 240 | $referer_check = true; |
||
| 241 | } |
||
| 242 | |||
| 243 | |||
| 244 | if (empty($area_check) && empty($referer_check)) { // loose |
||
| 245 | $this->_errors[] = $this->messages['err_areaorref']; |
||
| 246 | } |
||
| 247 | } |
||
| 248 | |||
| 249 | if (!empty($this->_errors)) { |
||
| 250 | if ($allow_repost) { |
||
| 251 | // repost form |
||
| 252 | $this->draw_repost_form($area); |
||
| 253 | exit; |
||
|
|
|||
| 254 | } else { |
||
| 255 | // failed |
||
| 256 | $this->clear(); |
||
| 257 | |||
| 258 | return false; |
||
| 259 | } |
||
| 260 | } else { |
||
| 261 | // all green |
||
| 262 | return true; |
||
| 263 | } |
||
| 264 | } |
||
| 265 | |||
| 266 | // draw form for repost |
||
| 267 | /** |
||
| 268 | * @param string $area |
||
| 269 | */ |
||
| 270 | public function draw_repost_form($area = '') |
||
| 271 | { |
||
| 272 | // Notify which file is broken |
||
| 273 | if (headers_sent()) { |
||
| 274 | restore_error_handler(); |
||
| 275 | set_error_handler([&$this, 'errorHandler4FindOutput']); |
||
| 276 | header('Dummy: for warning'); |
||
| 277 | restore_error_handler(); |
||
| 278 | exit; |
||
| 279 | } |
||
| 280 | |||
| 281 | error_reporting(0); |
||
| 282 | while (ob_get_level()) { |
||
| 283 | ob_end_clean(); |
||
| 284 | } |
||
| 285 | |||
| 286 | $table = '<table>'; |
||
| 287 | $form = '<form action="?' . htmlspecialchars($_SERVER['QUERY_STRING'] ?? '', ENT_QUOTES | ENT_HTML5) . '" method="post">'; |
||
| 288 | |||
| 289 | foreach ($_POST as $key => $val) { |
||
| 290 | if ('XOOPS_G_TICKET' === $key) { |
||
| 291 | continue; |
||
| 292 | } |
||
| 293 | |||
| 294 | if (is_array($val)) { |
||
| 295 | [$tmp_table, $tmp_form] = $this->extract_post_recursive(htmlspecialchars($key, ENT_QUOTES | ENT_HTML5), $val); |
||
| 296 | $table .= $tmp_table; |
||
| 297 | $form .= $tmp_form; |
||
| 298 | } else { |
||
| 299 | $table .= '<tr><th>' . htmlspecialchars($key, ENT_QUOTES | ENT_HTML5) . '</th><td>' . htmlspecialchars($val, ENT_QUOTES | ENT_HTML5) . '</td></tr>' . "\n"; |
||
| 300 | $form .= '<input type="hidden" name="' . htmlspecialchars($key, ENT_QUOTES | ENT_HTML5) . '" value="' . htmlspecialchars($val, ENT_QUOTES | ENT_HTML5) . '" />' . "\n"; |
||
| 301 | } |
||
| 302 | } |
||
| 303 | $table .= '</table>'; |
||
| 304 | $form .= $this->getTicketHtml(__LINE__, 300, $area) . '<input type="submit" value="' . $this->messages['btn_repost'] . '" /></form>'; |
||
| 305 | |||
| 306 | echo '<html><head><title>' . $this->messages['err_general'] . '</title><style>table,td,th {border:solid black 1px; border-collapse:collapse;}</style></head><body>' . sprintf($this->messages['fmt_prompt4repost'], $this->getErrors()) . $table . $form . '</body></html>'; |
||
| 307 | } |
||
| 308 | |||
| 309 | /** |
||
| 310 | * @param $key_name |
||
| 311 | * @param $tmp_array |
||
| 312 | * |
||
| 313 | * @return array |
||
| 314 | */ |
||
| 315 | public function extract_post_recursive($key_name, $tmp_array) |
||
| 316 | { |
||
| 317 | $table = ''; |
||
| 318 | $form = ''; |
||
| 319 | foreach ($tmp_array as $key => $val) { |
||
| 320 | if (is_array($val)) { |
||
| 321 | [$tmp_table, $tmp_form] = $this->extract_post_recursive($key_name . '[' . htmlspecialchars($key, ENT_QUOTES | ENT_HTML5) . ']', $val); |
||
| 322 | $table .= $tmp_table; |
||
| 323 | $form .= $tmp_form; |
||
| 324 | } else { |
||
| 325 | $table .= '<tr><th>' . $key_name . '[' . htmlspecialchars($key, ENT_QUOTES | ENT_HTML5) . ']</th><td>' . htmlspecialchars($val, ENT_QUOTES | ENT_HTML5) . '</td></tr>' . "\n"; |
||
| 326 | $form .= '<input type="hidden" name="' . $key_name . '[' . htmlspecialchars($key, ENT_QUOTES | ENT_HTML5) . ']" value="' . htmlspecialchars($val, ENT_QUOTES | ENT_HTML5) . '" />' . "\n"; |
||
| 327 | } |
||
| 328 | } |
||
| 329 | |||
| 330 | return [$table, $form]; |
||
| 331 | } |
||
| 332 | |||
| 333 | // clear all stubs |
||
| 334 | public function clear() |
||
| 335 | { |
||
| 336 | $_SESSION['XOOPS_G_STUBS'] = []; |
||
| 337 | } |
||
| 338 | |||
| 339 | // Ticket Using |
||
| 340 | /** |
||
| 341 | * @return bool |
||
| 342 | */ |
||
| 343 | public function using() |
||
| 344 | { |
||
| 345 | if (!empty($_SESSION['XOOPS_G_STUBS'])) { |
||
| 346 | return true; |
||
| 347 | } else { |
||
| 348 | return false; |
||
| 349 | } |
||
| 350 | } |
||
| 351 | |||
| 352 | // return errors |
||
| 353 | /** |
||
| 354 | * @param bool $ashtml |
||
| 355 | * |
||
| 356 | * @return array|string |
||
| 357 | */ |
||
| 358 | public function getErrors($ashtml = true) |
||
| 370 | } |
||
| 371 | |||
| 372 | /** |
||
| 373 | * @param $errNo |
||
| 374 | * @param $errStr |
||
| 375 | * @param $errFile |
||
| 376 | * @param $errLine |
||
| 377 | * @return null |
||
| 378 | */ |
||
| 379 | public function errorHandler4FindOutput($errNo, $errStr, $errFile, $errLine) |
||
| 388 | } |
||
| 389 | // end of class |
||
| 390 | } |
||
| 391 | |||
| 392 | // create a instance in global scope |
||
| 393 | $GLOBALS['xoopsGTicket'] = new XoopsGTicket(); |
||
| 394 | } |
||
| 395 | |||
| 396 | if (!function_exists('admin_refcheck')) { |
||
| 397 | |||
| 398 | //Admin Referer Check By Marijuana(Rev.011) |
||
| 418 |
Loading history...
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.