Config.php 5.51 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
<?php
/**
 * Created by PhpStorm.
 * User: crose
 * Date: 3/6/17
 * Time: 8:47 PM
 */

namespace qfq;

use qfq;

13
14
require_once(__DIR__ . '/../Constants.php');
require_once(__DIR__ . '/../helper/Support.php');
15
16
17
18
19
20

class Config {

    /**
     * Read config.qfq.ini.
     *
21
22
23
     * @param string $fileConfigIni
     * @return array
     * @throws UserFormException
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
     */
    public function readConfig($fileConfigIni = '') {

        if ($fileConfigIni == '') {
            // Production Path to CONFIG_INI
            $fileConfigIni = __DIR__ . '/../../../../../' . CONFIG_INI;
            if (!file_exists($fileConfigIni)) {
                // PHPUnit Path to CONFIG_INI
                $fileConfigIni = __DIR__ . '/../../../' . CONFIG_INI;
            }
        }

        try {
            $config = parse_ini_file($fileConfigIni, false);

        } catch (\Exception $e) {
            throw new qfq\UserFormException ("Error read file " . $fileConfigIni . ": " . $e->getMessage(), ERROR_IO_READ_FILE);
        }

        $config = self::renameConfigElements($config);
44
45
46
47
48
49
50
51
52
53
54
        $config = self::setDefaults($config);

        self::checkForAttack($config);

        return $config;
    }

    /**
     * @param array $config
     */
    private static function checkForAttack(array $config) {
55
        $attack = false;
56
57
58
59

        // Iterate over all fake vars
        $arr = explode(',', $config[SYSTEM_SECURITY_VARS_HONEYPOT]);
        foreach ($arr as $key) {
60
61
62
63
            $key = trim($key);
            if ($key === '') {
                continue;
            }
64
            if (!empty($_POST[$key]) || !empty($_GET[$key])) {
65
66
67
68
69
70
71
72
73
74
75
                $attack = true;
            }
        }

        // Limit length of all get vars: protect against SQL injection based on long ...%34%34%24%34...
        $maxLength = $config[SYSTEM_SECURITY_GET_MAX_LENGTH];
        if ($maxLength > 0) {
            foreach ($_GET as $value) {
                if (strlen($value) > $maxLength) {
                    $attack = true;
                }
76
77
78
79
            }
        }

        // Nothing found?
80
        if ($attack === false) {
81
82
83
84
85
86
87
88
            return;
        }

        // Sleep
        if (!empty($config[SYSTEM_SECURITY_ATTACK_DELAY])) {
            sleep($config[SYSTEM_SECURITY_ATTACK_DELAY]);
        }

89
        if ($config[SYSTEM_SECURITY_SHOW_MESSAGE] == 'true' || $config[SYSTEM_SECURITY_SHOW_MESSAGE] == 1) {
90
91
92
93
94
95
96
97
98
99
100
101
102
            echo "Attack detected - stop process";
        }

        exit;
    }

    /**
     * @param array $config
     * @return array
     */
    private static function setDefaults(array $config) {
        // Defaults
        Support::setIfNotSet($config, SYSTEM_DATE_FORMAT, 'yyyy-mm-dd');
103
        Support::setIfNotSet($config, SYSTEM_SHOW_DEBUG_INFO, SYSTEM_SHOW_DEBUG_INFO_AUTO);
104
105
        Support::setIfNotSet($config, SYSTEM_SQL_LOG, SYSTEM_SQL_LOG_FILE);
        Support::setIfNotSet($config, SYSTEM_SQL_LOG_MODE, SQL_LOG_MODE_NONE, ''); // do not worry: parse_ini_file() will replace 'none' and 'off' by ''. Set it here again.
106
107
108
109
110
111
112
113
114
115
116
        Support::setIfNotSet($config, F_BS_COLUMNS, '12');
        Support::setIfNotSet($config, F_BS_LABEL_COLUMNS, '3');
        Support::setIfNotSet($config, F_BS_INPUT_COLUMNS, '6');
        Support::setIfNotSet($config, F_BS_NOTE_COLUMNS, '3');
        Support::setIfNotSet($config, F_CLASS_PILL, 'qfq-color-grey-1');
        Support::setIfNotSet($config, F_CLASS_BODY, 'qfq-color-grey-2');
        Support::setIfNotSet($config, F_BUTTON_ON_CHANGE_CLASS, 'btn-info alert-info');
        Support::setIfNotSet($config, SYSTEM_EDIT_FORM_PAGE, 'form');
        Support::setIfNotSet($config, SYSTEM_SECURITY_VARS_HONEYPOT, 'email,username,password');
        Support::setIfNotSet($config, SYSTEM_SECURITY_ATTACK_DELAY, '5');
        Support::setIfNotSet($config, SYSTEM_SECURITY_SHOW_MESSAGE, 'true');
117
118
        Support::setIfNotSet($config, SYSTEM_SECURITY_GET_MAX_LENGTH, '50');
        Support::setIfNotSet($config, SYSTEM_ESCAPE_TYPE_DEFAULT, TOKEN_ESCAPE_SINGLE_TICK);
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

        return $config;
    }

    /**
     * Rename Elements defined in config.qfq.ini to more appropriate in user interaction.
     * E.g.: in config.qfq.ini everything is in upper case and word space is '_'. In Form.parameter it's lowercase and camel hook.
     *
     * @param array $config
     * @return array
     */
    private static function renameConfigElements(array $config) {

        // oldname > newname
        $setting = [
134
            [SYSTEM_FORM_BS_COLUMNS, F_BS_COLUMNS],
135
136
137
138
139
140
141
142
143
144
145
            [SYSTEM_FORM_BS_LABEL_COLUMNS, F_BS_LABEL_COLUMNS],
            [SYSTEM_FORM_BS_INPUT_COLUMNS, F_BS_INPUT_COLUMNS],
            [SYSTEM_FORM_BS_NOTE_COLUMNS, F_BS_NOTE_COLUMNS],
            [SYSTEM_FORM_DATA_PATTERN_ERROR, F_FE_DATA_PATTERN_ERROR],
            [SYSTEM_FORM_DATA_REQUIRED_ERROR, F_FE_DATA_REQUIRED_ERROR],
            [SYSTEM_FORM_DATA_MATCH_ERROR, F_FE_DATA_MATCH_ERROR],
            [SYSTEM_FORM_DATA_ERROR, F_FE_DATA_ERROR],
            [SYSTEM_CSS_CLASS_QFQ_FORM, F_CLASS],
            [SYSTEM_CSS_CLASS_QFQ_FORM_PILL, F_CLASS_PILL],
            [SYSTEM_CSS_CLASS_QFQ_FORM_BODY, F_CLASS_BODY],
            [SYSTEM_FORM_BUTTON_ON_CHANGE_CLASS, F_BUTTON_ON_CHANGE_CLASS],
146
            [SYSTEM_ESCAPE_TYPE_DEFAULT, F_ESCAPE_TYPE_DEFAULT],
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
        ];

        foreach ($setting as $row) {
            $oldName = $row[0];
            $newName = $row[1];

            if (isset($config[$oldName])) {
                $config[$newName] = $config[$oldName];
                if ($oldName != $newName) {
                    unset($config[$oldName]);
                }
            }
        }

        return $config;
    }

}