2 rcs_id('$Id: Request.php,v 1.75 2004-11-07 18:34:28 rurban Exp $');
4 Copyright (C) 2002,2004 $ThePhpWikiProgrammingTeam
6 This file is part of PhpWiki.
8 PhpWiki is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 PhpWiki is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with PhpWiki; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 // backward compatibility for PHP < 4.2.0
24 if (!function_exists('ob_clean')) {
34 $this->_fix_magic_quotes_gpc();
35 $this->_fix_multipart_form_data();
37 switch($this->get('REQUEST_METHOD')) {
40 $this->args = &$GLOBALS['HTTP_GET_VARS'];
43 $this->args = &$GLOBALS['HTTP_POST_VARS'];
46 $this->args = array();
50 $this->session = new Request_SessionVars;
51 $this->cookies = new Request_CookieVars;
53 if (ACCESS_LOG or ACCESS_LOG_SQL) {
54 $this->_accesslog =& new Request_AccessLog(ACCESS_LOG, ACCESS_LOG_SQL);
57 $GLOBALS['request'] = $this;
61 if (!empty($GLOBALS['HTTP_SERVER_VARS']))
62 $vars = &$GLOBALS['HTTP_SERVER_VARS'];
63 else // cgi or other servers than Apache
64 $vars = &$GLOBALS['HTTP_ENV_VARS'];
66 if (isset($vars[$key]))
71 $addr = $vars['REMOTE_ADDR'];
72 if (defined('ENABLE_REVERSE_DNS') && ENABLE_REVERSE_DNS)
73 return $vars[$key] = gethostbyaddr($addr);
81 function getArg($key) {
82 if (isset($this->args[$key]))
83 return $this->args[$key];
91 function setArg($key, $val) {
93 unset($this->args[$key]);
95 $this->args[$key] = $val;
98 // Well oh well. Do we really want to pass POST params back as GET?
99 function getURLtoSelf($args = false, $exclude = array()) {
100 $get_args = $this->args;
102 $get_args = array_merge($get_args, $args);
104 // Err... good point...
106 if ($this->isPost()) {
107 $exclude = array_merge($exclude, array('action','auth'));
108 //$get_args = $args; // or only the provided
110 trigger_error("Request::getURLtoSelf() should probably not be from POST",
115 foreach ($exclude as $ex) {
116 if (!empty($get_args[$ex])) unset($get_args[$ex]);
119 $pagename = $get_args['pagename'];
120 unset ($get_args['pagename']);
121 if (!empty($get_args['action']) and $get_args['action'] == 'browse')
122 unset($get_args['action']);
124 return WikiURL($pagename, $get_args);
128 return $this->get("REQUEST_METHOD") == "POST";
131 function isGetOrHead () {
132 return in_array($this->get('REQUEST_METHOD'),
133 array('GET', 'HEAD'));
136 function httpVersion() {
137 if (!preg_match('@HTTP\s*/\s*(\d+.\d+)@', $this->get('SERVER_PROTOCOL'), $m))
139 return (float) $m[1];
142 function redirect($url, $noreturn=true) {
143 $bogus = defined('DISABLE_HTTP_REDIRECT') and DISABLE_HTTP_REDIRECT;
146 header("Location: $url");
148 * "302 Found" is not really meant to be sent in response
149 * to a POST. Worse still, according to (both HTTP 1.0
150 * and 1.1) spec, the user, if it is sent, the user agent
151 * is supposed to use the same method to fetch the
152 * redirected URI as the original.
154 * That means if we redirect from a POST, the user-agent
155 * supposed to generate another POST. Not what we want.
156 * (We do this after a page save after all.)
158 * Fortunately, most/all browsers don't do that.
160 * "303 See Other" is what we really want. But it only
163 * FIXME: this is still not spec compliant for HTTP
166 $status = $this->httpVersion() >= 1.1 ? 303 : 302;
167 $this->setStatus($status);
171 include_once('lib/Template.php');
172 $this->discardOutput();
173 $tmpl = new Template('redirect', $this, array('REDIRECT_URL' => $url));
179 function redirect(url) {
180 if (typeof location.replace == 'function')
181 location.replace(url);
182 else if (typeof location.assign == 'function')
183 location.assign(url);
185 window.location = url;
187 redirect('" . addslashes($url) . "')");
191 /** Set validators for this response.
193 * This sets a (possibly incomplete) set of validators
196 * The validator set can be extended using appendValidators().
198 * When you're all done setting and appending validators, you
199 * must call checkValidators() to check them and set the
200 * appropriate headers in the HTTP response.
204 * $request->setValidators(array('pagename' => $pagename,
205 * '%mtime' => $rev->get('mtime')));
207 * // Wups... response content depends on $otherpage, too...
208 * $request->appendValidators(array('otherpage' => $otherpagerev->getPageName(),
209 * '%mtime' => $otherpagerev->get('mtime')));
211 * // After all validators have been set:
212 * $request->checkValidators();
214 function setValidators($validator_set) {
215 if (is_array($validator_set))
216 $validator_set = new HTTP_ValidatorSet($validator_set);
217 $this->_validators = $validator_set;
220 /** Append more validators for this response.
221 * i.e dependencies on other pages mtimes
222 * now it may be called in init also to simplify client code.
224 function appendValidators($validator_set) {
225 if (!isset($this->_validators)) {
226 $this->setValidators($validator_set);
229 $this->_validators->append($validator_set);
232 /** Check validators and set headers in HTTP response
234 * This sets the appropriate "Last-Modified" and "ETag"
235 * headers in the HTTP response.
237 * Additionally, if the validators match any(all) conditional
238 * headers in the HTTP request, this method will not return, but
239 * instead will send "304 Not Modified" or "412 Precondition
240 * Failed" (as appropriate) back to the client.
242 function checkValidators() {
243 $validators = &$this->_validators;
245 // Set validator headers
246 if ($this->_is_buffering_output or !headers_sent()) {
247 if (($etag = $validators->getETag()) !== false)
248 header("ETag: " . $etag->asString());
249 if (($mtime = $validators->getModificationTime()) !== false)
250 header("Last-Modified: " . Rfc1123DateTime($mtime));
252 // Set cache control headers
253 $this->cacheControl();
256 if (CACHE_CONTROL == 'NO_CACHE')
257 return; // don't check conditionals...
259 // Check conditional headers in request
260 $status = $validators->checkConditionalRequest($this);
262 // Return short response due to failed conditionals
263 $this->setStatus($status);
265 $this->discardOutput();
271 /** Set the cache control headers in the HTTP response.
273 function cacheControl($strategy=CACHE_CONTROL, $max_age=CACHE_CONTROL_MAX_AGE) {
274 if ($strategy == 'NO_CACHE') {
275 $cache_control = "no-cache"; // better set private. See Pear HTTP_Header
278 elseif ($strategy == 'ALLOW_STALE' && $max_age > 0) {
279 $cache_control = sprintf("max-age=%d", $max_age);
282 $cache_control = "must-revalidate";
285 header("Cache-Control: $cache_control");
286 header("Expires: " . Rfc1123DateTime(time() + $max_age));
287 header("Vary: Cookie"); // FIXME: add more here?
290 function setStatus($status) {
291 if (preg_match('|^HTTP/.*?\s(\d+)|i', $status, $m)) {
296 $status = (integer) $status;
297 $reason = array('200' => 'OK',
299 '303' => 'See Other',
300 '304' => 'Not Modified',
301 '400' => 'Bad Request',
302 '401' => 'Unauthorized',
303 '403' => 'Forbidden',
304 '404' => 'Not Found',
305 '412' => 'Precondition Failed');
306 // FIXME: is it always okay to send HTTP/1.1 here, even for older clients?
307 header(sprintf("HTTP/1.1 %d %s", $status, $reason[$status]));
310 if (isset($this->_log_entry))
311 $this->_log_entry->setStatus($status);
314 function buffer_output($compress = true) {
315 // USECACHE = false turns off ob buffering also for now. (sf.net)
316 // FIXME: disables sessions (some byte before all headers_sent())
317 /*if (defined('USECACHE') and !USECACHE) {
318 $this->_is_buffering_output = false;
321 if (defined('COMPRESS_OUTPUT')) {
322 if (!COMPRESS_OUTPUT)
325 elseif (!check_php_version(4,2,3))
327 elseif (isCGI()) // necessary?
330 if ($this->getArg('start_debug'))
332 // Should we compress even when apache_note is not available?
333 // sf.net bug #933183 and http://bugs.php.net/17557
334 // This effectively eliminates CGI, but all other servers also. hmm.
336 and (!function_exists('ob_gzhandler')
337 or !function_exists('apache_note')))
339 // http://www.php.net/ob_gzhandler "output handler 'ob_gzhandler' cannot be used twice"
340 if ($compress and ini_get("zlib.output_compression"))
343 // New: we check for the client Accept-Encoding: "gzip" presence also
344 // This should eliminate a lot or reported problems.
346 and (!$this->get("HTTP_ACCEPT_ENCODING")
347 or !strstr($this->get("HTTP_ACCEPT_ENCODING"), "gzip")))
350 // Most RSS clients are NOT(!) application/xml gzip compatible yet.
351 // Even if they are sending the accept-encoding gzip header!
352 // wget is, Mozilla, and MSIE no.
353 // Of the RSS readers only MagpieRSS 0.5.2 is. http://www.rssgov.com/rssparsers.html
354 // See also http://phpwiki.sourceforge.net/phpwiki/KnownBugs
356 and $this->getArg('format')
357 and strstr($this->getArg('format'), 'rss'))
361 ob_start('ob_gzhandler');
363 * Attempt to prevent Apache from doing the dreaded double-gzip.
365 * It would be better if we could detect when apache was going
366 * to zip for us, and then let it ... but I have yet to figure
367 * out how to do that.
369 if (function_exists('apache_note'))
370 @apache_note('no-gzip', 1);
373 // Now we alway buffer output.
374 // This is so we can set HTTP headers (e.g. for redirect)
376 // FIXME: change the name of this method.
379 $this->_is_buffering_output = true;
380 $this->_ob_get_length = 0;
383 function discardOutput() {
384 if (!empty($this->_is_buffering_output)) {
386 $this->_is_buffering_output = false;
388 trigger_error("Not buffering output", E_USER_NOTICE);
393 * Longer texts need too much memory on tiny or memory-limit=8MB systems.
394 * We might want to flush our buffer and restart again.
395 * (This would be fine if php would release its memory)
396 * Note that this must not be called inside Template expansion or other
397 * sections with ob_buffering.
399 function chunkOutput() {
400 if (!empty($this->_is_buffering_output) or
401 (function_exists('ob_get_level') and @ob_get_level())) {
402 $this->_do_chunked_output = true;
403 $this->_ob_get_length += ob_get_length();
404 while (@ob_end_flush());
411 session_write_close();
413 if (!empty($this->_accesslog)) {
414 $this->_accesslog->push($this);
415 if (empty($this->_do_chunked_output))
416 $this->_ob_get_length = ob_get_length();
417 $this->_accesslog->setSize($this->_ob_get_length);
419 if ($RUNTIMER) $this->_accesslog->setDuration($RUNTIMER->getTime());
420 // sql logging must be done before the db is closed.
421 $this->_accesslog->write_sql();
424 if (!empty($this->_is_buffering_output)) {
425 /* This cannot work because it might destroy xml markup */
427 if (0 and $GLOBALS['SearchHighLightQuery'] and check_php_version(4,2)) {
428 $html = str_replace($GLOBALS['SearchHighLightQuery'],
429 '<span class="search-term">'.$GLOBALS['SearchHighLightQuery'].'</span>',
432 header(sprintf("Content-Length: %d", strlen($html)));
436 if (empty($this->_do_chunked_output)) {
437 $this->_ob_get_length = ob_get_length();
439 header(sprintf("Content-Length: %d", $this->_ob_get_length));
441 while (@ob_end_flush());
442 $this->_is_buffering_output = false;
444 if (!empty($this->_dbi)) {
445 $this->_dbi->close();
451 function getSessionVar($key) {
452 return $this->session->get($key);
454 function setSessionVar($key, $val) {
455 return $this->session->set($key, $val);
457 function deleteSessionVar($key) {
458 return $this->session->delete($key);
461 function getCookieVar($key) {
462 return $this->cookies->get($key);
464 function setCookieVar($key, $val, $lifetime_in_days = false, $path = false) {
465 return $this->cookies->set($key, $val, $lifetime_in_days, $path);
467 function deleteCookieVar($key) {
468 return $this->cookies->delete($key);
471 function getUploadedFile($key) {
472 return Request_UploadedFile::getUploadedFile($key);
476 function _fix_magic_quotes_gpc() {
477 $needs_fix = array('HTTP_POST_VARS',
484 if (get_magic_quotes_gpc()) {
485 foreach ($needs_fix as $vars)
486 $this->_stripslashes($GLOBALS[$vars]);
490 function _stripslashes(&$var) {
491 if (is_array($var)) {
492 foreach ($var as $key => $val)
493 $this->_stripslashes($var[$key]);
495 elseif (is_string($var))
496 $var = stripslashes($var);
499 function _fix_multipart_form_data () {
500 if (preg_match('|^multipart/form-data|', $this->get('CONTENT_TYPE')))
501 $this->_strip_leading_nl($GLOBALS['HTTP_POST_VARS']);
504 function _strip_leading_nl(&$var) {
505 if (is_array($var)) {
506 foreach ($var as $key => $val)
507 $this->_strip_leading_nl($var[$key]);
509 elseif (is_string($var))
510 $var = preg_replace('|^\r?\n?|', '', $var);
514 class Request_SessionVars {
515 function Request_SessionVars() {
516 // Prevent cacheing problems with IE 5
517 session_cache_limiter('none');
519 // Avoid to get a notice if session is already started,
520 // for example if session.auto_start is activated
526 $vars = &$GLOBALS['HTTP_SESSION_VARS'];
527 if (isset($vars[$key]))
532 function set($key, $val) {
533 $vars = &$GLOBALS['HTTP_SESSION_VARS'];
534 if (!function_usable('get_cfg_var') or get_cfg_var('register_globals')) {
535 // This is funky but necessary, at least in some PHP's
536 $GLOBALS[$key] = $val;
539 if (isset($_SESSION))
540 $_SESSION[$key] = $val;
541 session_register($key);
544 function delete($key) {
545 $vars = &$GLOBALS['HTTP_SESSION_VARS'];
546 if (!function_usable('ini_get') or ini_get('register_globals'))
547 unset($GLOBALS[$key]);
548 if (DEBUG) trigger_error("delete session $key",E_USER_WARNING);
550 session_unregister($key);
554 class Request_CookieVars {
557 $vars = &$GLOBALS['HTTP_COOKIE_VARS'];
558 if (isset($vars[$key])) {
559 @$val = unserialize(base64_decode($vars[$key]));
562 @$val = urldecode($vars[$key]);
569 function get_old($key) {
570 $vars = &$GLOBALS['HTTP_COOKIE_VARS'];
571 if (isset($vars[$key])) {
572 @$val = unserialize(base64_decode($vars[$key]));
575 @$val = unserialize($vars[$key]);
585 function set($key, $val, $persist_days = false, $path = false) {
586 // if already defined, ignore
587 if (defined('MAIN_setUser') and $key = 'WIKI_ID') return;
588 $vars = &$GLOBALS['HTTP_COOKIE_VARS'];
589 if (is_numeric($persist_days)) {
590 $expires = time() + (24 * 3600) * $persist_days;
595 if (is_array($val) or is_object($val))
596 $packedval = base64_encode(serialize($val));
598 $packedval = urlencode($val);
599 $vars[$key] = $packedval;
601 @setcookie($key, $packedval, $expires, $path);
603 @setcookie($key, $packedval, $expires);
606 function delete($key) {
607 static $deleted = array();
608 if (isset($deleted[$key])) return;
609 $vars = &$GLOBALS['HTTP_COOKIE_VARS'];
610 if (!defined('COOKIE_DOMAIN'))
611 @setcookie($key,'',0);
612 @setcookie($key,'',0,defined('COOKIE_DOMAIN') ? COOKIE_DOMAIN : '/');
614 unset($GLOBALS['HTTP_COOKIE_VARS'][$key]);
621 You must set "upload_tmp_dir" = "/tmp/" or "C:/tmp/"
622 Best on the same drive as apache, with forward slashes
623 and with ending slash!
624 Otherwise "\\" => "" and the uploaded file will not be found.
626 class Request_UploadedFile {
627 function getUploadedFile($postname) {
628 global $HTTP_POST_FILES;
630 if (!isset($HTTP_POST_FILES[$postname]))
633 $fileinfo = &$HTTP_POST_FILES[$postname];
634 if ($fileinfo['error']) {
635 // errmsgs by Shilad Sen
636 switch ($HTTP_POST_FILES['userfile']['error']) {
638 trigger_error(_("Upload error: file too big"), E_USER_ERROR);
641 trigger_error(_("Upload error: file too big"), E_USER_ERROR);
644 trigger_error(_("Upload error: file only partially recieved"), E_USER_ERROR);
647 trigger_error(_("Upload error: no file selected"), E_USER_ERROR);
650 trigger_error(_("Upload error: unknown error #") . $fileinfo['error'], E_USER_ERROR);
656 // With windows/php 4.2.1 is_uploaded_file() always returns false.
657 // Be sure that upload_tmp_dir ends with a slash!
658 if (!is_uploaded_file($fileinfo['tmp_name'])) {
660 if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
661 $tmp_file = dirname(tempnam('', ''));
663 $tmp_file .= '/' . basename($fileinfo['tmp_name']);
664 /* but ending slash in php.ini upload_tmp_dir is required. */
665 if (ereg_replace('/+', '/', $tmp_file) != $fileinfo['tmp_name']) {
666 trigger_error(sprintf("Uploaded tmpfile illegal: %s != %s.",$tmp_file, $fileinfo['tmp_name']).
668 "Probably illegal TEMP environment or upload_tmp_dir setting.",
673 trigger_error(sprintf("Workaround for PHP/Windows is_uploaded_file() problem for %s.",
674 $fileinfo['tmp_name'])."\n".
675 "Probably illegal TEMP environment or upload_tmp_dir setting.",
681 trigger_error(sprintf("Uploaded tmpfile %s not found.",$fileinfo['tmp_name'])."\n".
682 " Probably illegal TEMP environment or upload_tmp_dir setting.",
686 return new Request_UploadedFile($fileinfo);
689 function Request_UploadedFile($fileinfo) {
690 $this->_info = $fileinfo;
694 return $this->_info['size'];
698 return $this->_info['name'];
702 return $this->_info['type'];
705 function getTmpName() {
706 return $this->_info['tmp_name'];
710 if ( ($fd = fopen($this->_info['tmp_name'], "rb")) ) {
711 if ($this->getSize() < filesize($this->_info['tmp_name'])) {
712 // FIXME: Some PHP's (or is it some browsers?) put
713 // HTTP/MIME headers in the file body, some don't.
715 // At least, I think that's the case. I know I used
716 // to need this code, now I don't.
718 // This code is more-or-less untested currently.
720 // Dump HTTP headers.
721 while ( ($header = fgets($fd, 4096)) ) {
722 if (trim($header) == '') {
725 else if (!preg_match('/^content-(length|type):/i', $header)) {
735 function getContents() {
737 $data = fread($fd, $this->getSize());
744 * Create NCSA "combined" log entry for current request.
745 * Also needed for advanced spam prevention.
746 * global object holding global state (sql or file, entries, to dump)
748 class Request_AccessLog {
750 * @param $logfile string Log file name.
752 function Request_AccessLog ($logfile, $do_sql = false) {
755 $this->logfile = $logfile;
756 if ($logfile and !is_writeable($logfile)) {
758 (sprintf(_("%s is not writable."), _("The PhpWiki access log file"))
760 . sprintf(_("Please ensure that %s is writable, or redefine %s in config/config.ini."),
761 sprintf(_("the file '%s'"), ACCESS_LOG),
765 //$request->_accesslog =& $this;
766 if (empty($request->_accesslog->entries))
767 register_shutdown_function("Request_AccessLogEntry_shutdown_function");
771 if (!in_array($DBParams['dbtype'], array('SQL','ADODB')))
772 trigger_error("Unsupported database backend for ACCESS_LOG_SQL.\nNeed DATABASE_TYPE=SQL or ADODB");
773 $this->_dbi =& $request->_dbi;
774 $this->logtable = (!empty($DBParams['prefix']) ? $DBParams['prefix'] : '')."accesslog";
776 $this->entries = array();
777 $this->entries[] = & new Request_AccessLogEntry($this);
780 function _do($cmd, &$arg) {
782 for ($i=0; $i < count($this->entries);$i++)
783 $this->entries[$i]->$cmd($arg);
785 function push(&$request) { $this->_do('push',$request); }
786 function setSize($arg) { $this->_do('setSize',$arg); }
787 function setStatus($arg) { $this->_do('setStatus',$arg); }
788 function setDuration($arg) { $this->_do('setDuration',$arg); }
791 * Read sequentially all previous entries from the beginning.
792 * while ($logentry = Request_AccessLogEntry::read()) ;
793 * For internal log analyzers: RecentReferrers, WikiAccessRestrictions
796 return $this->_dbi ? $this->read_sql() : $this->read_file();
800 * Return iterator of referer items reverse sorted (latest first).
802 function get_referer($limit=15, $external_only=false) {
803 if ($external_only) { // see stdlin.php:isExternalReferrer()
805 $blen = strlen($base);
807 if (!empty($this->_dbi)) {
808 // check same hosts in referer and request and remove them
809 $ext_where = " AND LEFT(referer,$blen) <> '$base'"
810 ." AND LEFT(referer,$blen) <> LEFT(CONCAT('".SERVER_URL."',request_uri),$blen)";
811 return $this->_read_sql_query("(referer <>'' AND NOT(ISNULL(referer)))"
812 .($external_only ? $ext_where : '')
813 ." ORDER BY time_stamp DESC"
814 .($limit ? " LIMIT $limit" : ""));
816 $iter = new WikiDB_Array_generic_iter(0);
817 $logs =& $iter->_array;
818 while ($logentry = $this->read_file()) {
819 if (!empty($logentry->referer)
820 and (!$external_only or (substr($logentry->referer,0,$blen) != $base)))
822 $iter->_array[] = $logentry;
823 if ($limit and count($logs) > $limit)
827 $logs = array_reverse($logs);
828 $logs = array_slice($logs,0,min($limit,count($logs)));
834 * Return iterator of matching host items reverse sorted (latest first).
836 function get_host($host, $since_minutes=20) {
838 // mysql specific only:
839 return $this->read_sql("request_host='".$dbh->quote($host)."' AND time_stamp > ". (time()-$since_minutes*60)
840 ." ORDER BY time_stamp DESC");
842 $iter = new WikiDB_Array_generic_iter();
843 $logs =& $iter->_array;
844 $logentry = new Request_AccessLogEntry($this);
845 while ($logentry->read_file()) {
846 if (!empty($logentry->referer)) {
847 $iter->_array[] = $logentry;
848 if ($limit and count($logs) > $limit)
850 $logentry = new Request_AccessLogEntry($this);
853 $logs = array_reverse($logs);
854 $logs = array_slice($logs,0,min($limit,count($logs)));
860 * Read sequentially all previous entries from log file.
862 function read_file() {
864 if ($this->logfile) $this->logfile = ACCESS_LOG; // support Request_AccessLog::read
866 if (empty($this->reader)) // start at the beginning
867 $this->reader = fopen($this->logfile, "r");
868 if ($s = fgets($this->reader)) {
869 $entry = new Request_AccessLogEntry($this);
870 if (preg_match('/^(\S+)\s(\S+)\s(\S+)\s\[(.+?)\] "([^"]+)" (\d+) (\d+) "([^"]*)" "([^"]*)"$/',$s,$m)) {
871 list(,$entry->host, $entry->ident, $entry->user, $entry->time,
872 $entry->request, $entry->status, $entry->size,
873 $entry->referer, $entry->user_agent) = $m;
876 } else { // until the end
877 fclose($this->reader);
881 function _read_sql_query($where='') {
883 $log_tbl =& $this->logtable;
884 return $dbh->genericSqlIter("SELECT *,request_uri as request,request_time as time,remote_user as user,"
885 ."remote_host as host,agent as user_agent"
887 . ($where ? " WHERE $where" : ""));
889 function read_sql($where='') {
890 if (empty($this->sqliter))
891 $this->sqliter = $this->_read_sql_query($where);
892 return $this->sqliter->next();
895 /* done in request->finish() before the db is closed */
896 function write_sql() {
897 if (isset($this->entries) and $this->_dbi and $this->_dbi->isOpen())
898 foreach ($this->entries as $entry) {
902 /* done in the shutdown callback */
903 function write_file() {
904 if (isset($this->entries) and $this->logfile)
905 foreach ($this->entries as $entry) {
906 $entry->write_file();
908 unset($this->entries);
910 /* in an ideal world... */
912 if ($this->logfile) $this->write_file();
913 if ($this->_dbi) $this->write_sql();
914 unset($this->entries);
918 class Request_AccessLogEntry
923 * The log entry will be automatically appended to the log file or
924 * SQL table when the current request terminates.
926 * If you want to modify a Request_AccessLogEntry before it gets
927 * written (e.g. via the setStatus and setSize methods) you should
928 * use an '&' on the constructor, so that you're working with the
929 * original (rather than a copy) object.
932 * $log_entry = & new Request_AccessLogEntry("/tmp/wiki_access_log");
933 * $log_entry->setStatus(401);
934 * $log_entry->push($request);
939 function Request_AccessLogEntry (&$accesslog) {
940 $this->_accesslog = $accesslog;
941 $this->logfile = $accesslog->logfile;
942 $this->time = time();
943 $this->status = 200; // see setStatus()
944 $this->size = 0; // see setSize()
948 * @param $request object Request object for current request.
950 function push(&$request) {
951 $this->host = $request->get('REMOTE_HOST');
952 $this->ident = $request->get('REMOTE_IDENT');
955 $user = $request->getUser();
956 if ($user->isAuthenticated())
957 $this->user = $user->UserName();
960 $this->request = join(' ', array($request->get('REQUEST_METHOD'),
961 $request->get('REQUEST_URI'),
962 $request->get('SERVER_PROTOCOL')));
963 $this->referer = (string) $request->get('HTTP_REFERER');
964 $this->user_agent = (string) $request->get('HTTP_USER_AGENT');
968 * Set result status code.
970 * @param $status integer HTTP status code.
972 function setStatus ($status) {
973 $this->status = $status;
979 * @param $size integer
981 function setSize ($size=0) {
984 function setDuration ($seconds) {
985 $this->duration = $seconds;
989 * Get time zone offset.
991 * This is a static member function.
993 * @param $time integer Unix timestamp (defaults to current time).
994 * @return string Zone offset, e.g. "-0800" for PST.
996 function _zone_offset ($time = false) {
999 $offset = date("Z", $time);
1005 $offhours = floor($offset / 3600);
1006 $offmins = $offset / 60 - $offhours * 60;
1007 return sprintf("%s%02d%02d", $negoffset, $offhours, $offmins);
1011 * Format time in NCSA format.
1013 * This is a static member function.
1015 * @param $time integer Unix timestamp (defaults to current time).
1016 * @return string Formatted date & time.
1018 function _ncsa_time($time = false) {
1021 return date("d/M/Y:H:i:s", $time) .
1022 " " . $this->_zone_offset();
1026 if ($this->_accesslog->logfile) $this->write_file();
1027 if ($this->_accesslog->_dbh) $this->write_sql();
1031 * Write entry to log file.
1033 function write_file() {
1034 $entry = sprintf('%s %s %s [%s] "%s" %d %d "%s" "%s"',
1035 $this->host, $this->ident, $this->user,
1036 $this->_ncsa_time($this->time),
1037 $this->request, $this->status, $this->size,
1038 $this->referer, $this->user_agent);
1039 if (!empty($this->_accesslog->reader)) {
1040 fclose($this->_accesslog->reader);
1041 unset($this->_accesslog->reader);
1043 //Error log doesn't provide locking.
1044 //error_log("$entry\n", 3, $this->logfile);
1046 if (($fp = fopen($this->logfile, "a"))) {
1047 flock($fp, LOCK_EX);
1048 fputs($fp, "$entry\n");
1053 /* This is better been done by apache mod_log_sql */
1054 /* If ACCESS_LOG_SQL & 2 we do write it by our own */
1055 function write_sql() {
1056 $dbh =& $this->_accesslog->_dbi;
1057 if ($dbh and $dbh->isOpen()) {
1058 $log_tbl =& $this->_accesslog->logtable;
1059 if ($GLOBALS['request']->get('REQUEST_METHOD') == "POST") {
1060 if (check_php_version(4,2))
1061 // strangely HTTP_POST_VARS doesn't contain all posted vars.
1062 $this->request_args = substr(serialize($_POST),0,254); // if VARCHAR(255) is used.
1064 $this->request_args = substr(serialize($GLOBALS['HTTP_POST_VARS']),0,254);
1066 $this->request_args = $GLOBALS['request']->get('QUERY_STRING');
1068 $dbh->genericSqlQuery
1070 sprintf("INSERT DELAYED INTO $log_tbl"
1071 . " (time_stamp,remote_host,remote_user,request_method,request_line,request_uri,"
1072 . "request_args,request_time,status,bytes_sent,referer,agent,request_duration)"
1073 . " VALUES(%d,'%s','%s','%s','%s','%s','%s','%s','%d','%d',%s,'%s','%f')",
1075 $dbh->quote($this->host), $dbh->quote($this->user),
1076 $GLOBALS['request']->get('REQUEST_METHOD'), $dbh->quote($this->request),
1077 $dbh->quote($GLOBALS['request']->get('REQUEST_URI')), $dbh->quote($this->request_args),
1078 $dbh->quote($this->_ncsa_time($this->time)), $this->status, $this->size,
1079 $this->referer ? "'".$dbh->quote($this->referer)."'" : "NULL",
1080 $dbh->quote($this->user_agent),
1088 * Shutdown callback.
1091 * @see Request_AccessLogEntry
1093 function Request_AccessLogEntry_shutdown_function () {
1096 if (isset($request->_accesslog->entries) and $request->_accesslog->logfile)
1097 foreach ($request->_accesslog->entries as $entry) {
1098 $entry->write_file();
1100 unset($request->_accesslog->entries);
1105 function HTTP_ETag($val, $is_weak=false) {
1106 $this->_val = hash($val);
1107 $this->_weak = $is_weak;
1112 * Strong comparison: If either (or both) tag is weak, they
1115 function equals($that, $strong_match=false) {
1116 if ($this->_val != $that->_val)
1118 if ($strong_match and ($this->_weak or $that->_weak))
1124 function asString() {
1125 $quoted = '"' . addslashes($this->_val) . '"';
1126 return $this->_weak ? "W/$quoted" : $quoted;
1129 /** Parse tag from header.
1131 * This is a static member function.
1133 function parse($strval) {
1134 if (!preg_match(':^(W/)?"(.+)"$:i', trim($strval), $m))
1135 return false; // parse failed
1136 list(,$weak,$str) = $m;
1137 return new HTTP_ETag(stripslashes($str), $weak);
1140 function matches($taglist, $strong_match=false) {
1141 $taglist = trim($taglist);
1143 if ($taglist == '*') {
1145 return ! $this->_weak;
1150 while (preg_match('@^(W/)?"((?:\\\\.|[^"])*)"\s*,?\s*@i',
1152 list($match, $weak, $str) = $m;
1153 $taglist = substr($taglist, strlen($match));
1154 $tag = new HTTP_ETag(stripslashes($str), $weak);
1155 if ($this->equals($tag, $strong_match)) {
1163 // Possible results from the HTTP_ValidatorSet::_check*() methods.
1164 // (Higher numerical values take precedence.)
1165 define ('_HTTP_VAL_PASS', 0); // Test is irrelevant
1166 define ('_HTTP_VAL_NOT_MODIFIED', 1); // Test passed, content not changed
1167 define ('_HTTP_VAL_MODIFIED', 2); // Test failed, content changed
1168 define ('_HTTP_VAL_FAILED', 3); // Precondition failed.
1170 class HTTP_ValidatorSet {
1171 function HTTP_ValidatorSet($validators) {
1172 $this->_mtime = $this->_weak = false;
1173 $this->_tag = array();
1175 foreach ($validators as $key => $val) {
1176 if ($key == '%mtime') {
1177 $this->_mtime = $val;
1179 elseif ($key == '%weak') {
1181 $this->_weak = true;
1184 $this->_tag[$key] = $val;
1189 function append($that) {
1190 if (is_array($that))
1191 $that = new HTTP_ValidatorSet($that);
1193 // Pick the most recent mtime
1194 if (isset($that->_mtime))
1195 if (!isset($this->_mtime) || $that->_mtime > $this->_mtime)
1196 $this->_mtime = $that->_mtime;
1198 // If either is weak, we're weak
1199 if (!empty($that->_weak))
1200 $this->_weak = true;
1201 if (is_array($this->_tag))
1202 $this->_tag = array_merge($this->_tag, $that->_tag);
1204 $this->_tag = $that->_tag;
1207 function getETag() {
1210 return new HTTP_ETag($this->_tag, $this->_weak);
1213 function getModificationTime() {
1214 return $this->_mtime;
1217 function checkConditionalRequest (&$request) {
1218 $result = max($this->_checkIfUnmodifiedSince($request),
1219 $this->_checkIfModifiedSince($request),
1220 $this->_checkIfMatch($request),
1221 $this->_checkIfNoneMatch($request));
1223 if ($result == _HTTP_VAL_PASS || $result == _HTTP_VAL_MODIFIED)
1224 return false; // "please proceed with normal processing"
1225 elseif ($result == _HTTP_VAL_FAILED)
1226 return 412; // "412 Precondition Failed"
1227 elseif ($result == _HTTP_VAL_NOT_MODIFIED)
1228 return 304; // "304 Not Modified"
1230 trigger_error("Ack, shouldn't get here", E_USER_ERROR);
1234 function _checkIfUnmodifiedSince(&$request) {
1235 if ($this->_mtime !== false) {
1236 $since = ParseRfc1123DateTime($request->get("HTTP_IF_UNMODIFIED_SINCE"));
1237 if ($since !== false && $this->_mtime > $since)
1238 return _HTTP_VAL_FAILED;
1240 return _HTTP_VAL_PASS;
1243 function _checkIfModifiedSince(&$request) {
1244 if ($this->_mtime !== false and $request->isGetOrHead()) {
1245 $since = ParseRfc1123DateTime($request->get("HTTP_IF_MODIFIED_SINCE"));
1246 if ($since !== false) {
1247 if ($this->_mtime <= $since)
1248 return _HTTP_VAL_NOT_MODIFIED;
1249 return _HTTP_VAL_MODIFIED;
1252 return _HTTP_VAL_PASS;
1255 function _checkIfMatch(&$request) {
1256 if ($this->_tag && ($taglist = $request->get("HTTP_IF_MATCH"))) {
1257 $tag = $this->getETag();
1258 if (!$tag->matches($taglist, 'strong'))
1259 return _HTTP_VAL_FAILED;
1261 return _HTTP_VAL_PASS;
1264 function _checkIfNoneMatch(&$request) {
1265 if ($this->_tag && ($taglist = $request->get("HTTP_IF_NONE_MATCH"))) {
1266 $tag = $this->getETag();
1267 $strong_compare = ! $request->isGetOrHead();
1269 if ($tag->matches($taglist, $strong_compare)) {
1270 if ($request->isGetOrHead())
1271 return _HTTP_VAL_NOT_MODIFIED;
1273 return _HTTP_VAL_FAILED;
1275 return _HTTP_VAL_MODIFIED;
1278 return _HTTP_VAL_PASS;
1283 // $Log: not supported by cvs2svn $
1284 // Revision 1.74 2004/11/07 16:02:51 rurban
1285 // new sql access log (for spam prevention), and restructured access log class
1286 // dbh->quote (generic)
1287 // pear_db: mysql specific parts seperated (using replace)
1289 // Revision 1.73 2004/11/06 04:51:25 rurban
1290 // readable ACCESS_LOG support: RecentReferrers, WikiAccessRestrictions
1292 // Revision 1.72 2004/11/01 10:43:55 rurban
1293 // seperate PassUser methods into seperate dir (memory usage)
1294 // fix WikiUser (old) overlarge data session
1295 // remove wikidb arg from various page class methods, use global ->_dbi instead
1298 // Revision 1.71 2004/10/22 09:20:36 rurban
1299 // fix for USECACHE=false
1301 // Revision 1.70 2004/10/21 19:59:18 rurban
1302 // Patch #991494 (ppo): Avoid notice in PHP >= 4.3.3 if session already started
1304 // Revision 1.69 2004/10/21 19:00:37 rurban
1305 // upload errmsgs by Shilad Sen.
1306 // chunkOutput support: flush the buffer piecewise (dumphtml, large pagelists)
1307 // doesn't gain much because ob_end_clean() doesn't release its
1308 // memory properly yet.
1310 // Revision 1.68 2004/10/12 13:13:19 rurban
1311 // php5 compatibility (5.0.1 ok)
1313 // Revision 1.67 2004/09/25 18:56:54 rurban
1314 // make start_debug logic work
1316 // Revision 1.66 2004/09/25 16:24:52 rurban
1317 // dont compress on debugging
1319 // Revision 1.65 2004/09/17 14:13:49 rurban
1320 // We check for the client Accept-Encoding: "gzip" presence also
1321 // This should eliminate a lot or reported problems.
1323 // Note that this doesn#t fix RSS ssues:
1324 // Most RSS clients are NOT(!) application/xml gzip compatible yet.
1325 // Even if they are sending the accept-encoding gzip header!
1326 // wget is, Mozilla, and MSIE no.
1327 // Of the RSS readers only MagpieRSS 0.5.2 is. http://www.rssgov.com/rssparsers.html
1329 // Revision 1.64 2004/09/17 13:32:36 rurban
1330 // Disable server-side gzip encoding for RSS (RDF encoding), even if the client says it
1331 // supports it. Mozilla has this error, wget works fine. IE not checked.
1333 // Revision 1.63 2004/07/01 09:29:40 rurban
1334 // fixed another DbSession crash: wrong WikiGroup vars
1336 // Revision 1.62 2004/06/27 10:26:02 rurban
1337 // oci8 patch by Philippe Vanhaesendonck + some ADODB notes+fixes
1339 // Revision 1.61 2004/06/25 14:29:17 rurban
1340 // WikiGroup refactoring:
1341 // global group attached to user, code for not_current user.
1342 // improved helpers for special groups (avoid double invocations)
1343 // new experimental config option ENABLE_XHTML_XML (fails with IE, and document.write())
1344 // fixed a XHTML validation error on userprefs.tmpl
1346 // Revision 1.60 2004/06/19 11:51:13 rurban
1347 // CACHE_CONTROL: NONE => NO_CACHE
1349 // Revision 1.59 2004/06/13 11:34:22 rurban
1350 // fixed bug #969532 (space in uploaded filenames)
1351 // improved upload error messages
1353 // Revision 1.58 2004/06/04 20:32:53 rurban
1354 // Several locale related improvements suggested by Pierrick Meignen
1355 // LDAP fix by John Cole
1356 // reanable admin check without ENABLE_PAGEPERM in the admin plugins
1358 // Revision 1.57 2004/06/03 18:54:25 rurban
1359 // fixed "lost level in session" warning, now that signout sets level = 0 (before -1)
1361 // Revision 1.56 2004/05/17 17:43:29 rurban
1362 // CGI: no PATH_INFO fix
1364 // Revision 1.55 2004/05/15 18:31:00 rurban
1365 // some action=pdf Request fixes: With MSIE it works now. Now the work with the page formatting begins.
1367 // Revision 1.54 2004/05/04 22:34:25 rurban
1370 // Revision 1.53 2004/05/03 21:57:47 rurban
1371 // locale updates: we previously lost some words because of wrong strings in
1372 // PhotoAlbum, german rewording.
1373 // fixed $_SESSION registering (lost session vars, esp. prefs)
1374 // fixed ending slash in listAvailableLanguages/Themes
1376 // Revision 1.52 2004/05/03 13:16:47 rurban
1377 // fixed UserPreferences update, esp for boolean and int
1379 // Revision 1.51 2004/05/02 21:26:38 rurban
1380 // limit user session data (HomePageHandle and auth_dbi have to invalidated anyway)
1381 // because they will not survive db sessions, if too large.
1382 // extended action=upgrade
1383 // some WikiTranslation button work
1384 // revert WIKIAUTH_UNOBTAINABLE (need it for main.php)
1385 // some temp. session debug statements
1387 // Revision 1.50 2004/04/29 19:39:44 rurban
1388 // special support for formatted plugins (one-liners)
1389 // like <small><plugin BlaBla ></small>
1390 // iter->asArray() helper for PopularNearby
1391 // db_session for older php's (no &func() allowed)
1393 // Revision 1.49 2004/04/26 20:44:34 rurban
1394 // locking table specific for better databases
1396 // Revision 1.48 2004/04/13 09:13:50 rurban
1397 // sf.net bug #933183 and http://bugs.php.net/17557
1398 // disable ob_gzhandler if apache_note cannot be used.
1399 // (conservative until we find why)
1401 // Revision 1.47 2004/04/02 15:06:55 rurban
1402 // fixed a nasty ADODB_mysql session update bug
1403 // improved UserPreferences layout (tabled hints)
1404 // fixed UserPreferences auth handling
1405 // improved auth stability
1406 // improved old cookie handling: fixed deletion of old cookies with paths
1408 // Revision 1.46 2004/03/30 02:14:03 rurban
1409 // fixed yet another Prefs bug
1410 // added generic PearDb_iter
1411 // $request->appendValidators no so strict as before
1412 // added some box plugin methods
1413 // PageList commalist for condensed output
1415 // Revision 1.45 2004/03/24 19:39:02 rurban
1416 // php5 workaround code (plus some interim debugging code in XmlElement)
1417 // php5 doesn't work yet with the current XmlElement class constructors,
1418 // WikiUserNew does work better than php4.
1419 // rewrote WikiUserNew user upgrading to ease php5 update
1420 // fixed pref handling in WikiUserNew
1421 // added Email Notification
1422 // added simple Email verification
1423 // removed emailVerify userpref subclass: just a email property
1424 // changed pref binary storage layout: numarray => hash of non default values
1425 // print optimize message only if really done.
1426 // forced new cookie policy: delete pref cookies, use only WIKI_ID as plain string.
1427 // prefs should be stored in db or homepage, besides the current session.
1429 // Revision 1.44 2004/03/14 16:26:22 rurban
1432 // Revision 1.43 2004/03/12 20:59:17 rurban
1433 // important cookie fix by Konstantin Zadorozhny
1434 // new editpage feature: JS_SEARCHREPLACE
1436 // Revision 1.42 2004/03/10 15:38:48 rurban
1437 // store current user->page and ->action in session for WhoIsOnline
1438 // better WhoIsOnline icon
1439 // fixed WhoIsOnline warnings
1441 // Revision 1.41 2004/02/27 01:25:14 rurban
1442 // Workarounds for upload handling
1444 // Revision 1.40 2004/02/26 01:39:51 rurban
1447 // Revision 1.39 2004/02/24 15:14:57 rurban
1448 // fixed action=upload problems on Win32, and remove Merge Edit buttons: file does not exist anymore
1450 // Revision 1.38 2004/01/25 10:26:02 rurban
1451 // fixed bug [ 541193 ] HTTP_SERVER_VARS are Apache specific
1452 // http://sourceforge.net/tracker/index.php?func=detail&aid=541193&group_id=6121&atid=106121
1453 // CGI and other servers than apache populate _ENV and not _SERVER
1455 // Revision 1.37 2003/12/26 06:41:16 carstenklapp
1456 // Bugfix: Try to defer OS errors about session.save_path and ACCESS_LOG,
1457 // so they don't prevent IE from partially (or not at all) rendering the
1458 // page. This should help a little for the IE user who encounters trouble
1459 // when setting up a new PhpWiki for the first time.
1465 // c-basic-offset: 4
1466 // c-hanging-comment-ender-p: nil
1467 // indent-tabs-mode: nil