Config.php

<?php
/**
 * Created by PhpStorm.
 * User: crose
 * Date: 3/6/17
 * Time: 8:47 PM
 */

namespace qfq;

use qfq;

require_once(__DIR__ . '/../Constants.php');
require_once(__DIR__ . '/../helper/Support.php');

class Config {

    /**
     * Read config.qfq.ini.
     *
     * @param string $fileConfigIni
     * @return array
     * @throws UserFormException
     */
    public function readConfig($fileConfigIni = '') {

        if ($fileConfigIni == '') {
            // Production Path to CONFIG_INI
            $fileConfigIni = __DIR__ . '/../../../../../' . CONFIG_INI;
            if (!file_exists($fileConfigIni)) {
                // PHPUnit Path to CONFIG_INI
                $fileConfigIni = __DIR__ . '/../../../' . CONFIG_INI;
            }
        }

        try {
            $config = parse_ini_file($fileConfigIni, false);

        } catch (\Exception $e) {
            throw new qfq\UserFormException ("Error read file " . $fileConfigIni . ": " . $e->getMessage(), ERROR_IO_READ_FILE);
        }

        $config = self::renameConfigElements($config);
        $config = self::setDefaults($config);

        self::checkForAttack($config);

        return $config;
    }

    /**
     * @param array $config
     */
    private static function checkForAttack(array $config) {
        $attack = false;

        // Iterate over all fake vars
        $arr = explode(',', $config[SYSTEM_SECURITY_VARS_HONEYPOT]);
        foreach ($arr as $key) {
            $key = trim($key);
            if ($key === '') {
                continue;
            }
            if (!empty($_POST[$key]) || !empty($_GET[$key])) {
                $attack = true;
            }
        }

        // Limit length of all get vars: protect against SQL injection based on long ...%34%34%24%34...
        $maxLength = $config[SYSTEM_SECURITY_GET_MAX_LENGTH];
        if ($maxLength > 0) {
            foreach ($_GET as $key => $value) {
                // Check if the variable is something like 'my_name_100' - if the part after the last '_' is numerical, this means a valid, non standard length.
                $arr = explode(GET_EXTRA_LENGTH_TOKEN, $key);

                $cnt = count($arr);
                if ($cnt > 1 && is_numeric($arr[$cnt - 1])) {
                    $maxLength = $arr[$cnt - 1];
                    if ($maxLength > SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH) {
                        $attack = true;
                        break;
                    }
                } else {
                    $maxLength = $config[SYSTEM_SECURITY_GET_MAX_LENGTH]; // might change again.
                }

                if (strlen($value) > $maxLength) {
                    $attack = true;
                    break;
                }
            }
        }

        // Nothing found?
        if ($attack === false) {
            return;
        }

        self::attackDetectedExitNow($config);
    }

    /**
     * @throws UserFormException
     */
    public static function attackDetectedExitNow(array $config = array()) {

        if (count($config) == 0) {
            $config = self::readConfig();
        }

        // In case of an attack: log out the current user.
        Session::destroy();

        // Sleep
        $penalty = (empty($config[SYSTEM_SECURITY_ATTACK_DELAY]) || !is_numeric($config[SYSTEM_SECURITY_ATTACK_DELAY])) ?
            SYSTEM_SECURITY_ATTACK_DELAY_DEFAULT : $config[SYSTEM_SECURITY_ATTACK_DELAY];

        sleep($penalty);

        if ($config[SYSTEM_SECURITY_SHOW_MESSAGE] == 'true' || $config[SYSTEM_SECURITY_SHOW_MESSAGE] == 1) {
            echo "Attack detected - stop process";
        }

        exit;
    }

    /**
     * @param array $config
     * @return array
     */
    private static function setDefaults(array $config) {
        // Defaults
        Support::setIfNotSet($config, SYSTEM_DATE_FORMAT, 'yyyy-mm-dd');
        Support::setIfNotSet($config, SYSTEM_SHOW_DEBUG_INFO, SYSTEM_SHOW_DEBUG_INFO_AUTO);
        Support::setIfNotSet($config, SYSTEM_SQL_LOG, SYSTEM_SQL_LOG_FILE);
        Support::setIfNotSet($config, SYSTEM_SQL_LOG_MODE, SQL_LOG_MODE_NONE, ''); // do not worry: parse_ini_file() will replace 'none' and 'off' by ''. Set it here again.
        Support::setIfNotSet($config, F_BS_COLUMNS, '12');
        Support::setIfNotSet($config, F_BS_LABEL_COLUMNS, '3');
        Support::setIfNotSet($config, F_BS_INPUT_COLUMNS, '6');
        Support::setIfNotSet($config, F_BS_NOTE_COLUMNS, '3');
        Support::setIfNotSet($config, F_CLASS_PILL, 'qfq-color-grey-1');
        Support::setIfNotSet($config, F_CLASS_BODY, 'qfq-color-grey-2');

        Support::setIfNotSet($config, F_SAVE_BUTTON_TEXT, '');
        Support::setIfNotSet($config, F_SAVE_BUTTON_TOOLTIP, 'Save');
        Support::setIfNotSet($config, F_SAVE_BUTTON_CLASS, 'btn btn-default navbar-btn');
        Support::setIfNotSet($config, F_SAVE_BUTTON_GLYPH_ICON, GLYPH_ICON_CHECK);

        Support::setIfNotSet($config, F_CLOSE_BUTTON_TEXT, '');
        Support::setIfNotSet($config, F_CLOSE_BUTTON_TOOLTIP, 'Close');
        Support::setIfNotSet($config, F_CLOSE_BUTTON_CLASS, 'btn btn-default navbar-btn');
        Support::setIfNotSet($config, F_CLOSE_BUTTON_GLYPH_ICON, GLYPH_ICON_CLOSE);

        Support::setIfNotSet($config, F_DELETE_BUTTON_TEXT, '');
        Support::setIfNotSet($config, F_DELETE_BUTTON_TOOLTIP, 'Delete');
        Support::setIfNotSet($config, F_DELETE_BUTTON_CLASS, 'btn btn-default navbar-btn');
        Support::setIfNotSet($config, F_DELETE_BUTTON_GLYPH_ICON, GLYPH_ICON_DELETE);

        Support::setIfNotSet($config, F_NEW_BUTTON_TEXT, '');
        Support::setIfNotSet($config, F_NEW_BUTTON_TOOLTIP, 'New');
        Support::setIfNotSet($config, F_NEW_BUTTON_CLASS, 'btn btn-default navbar-btn');
        Support::setIfNotSet($config, F_NEW_BUTTON_GLYPH_ICON, GLYPH_ICON_NEW);

        Support::setIfNotSet($config, F_BUTTON_ON_CHANGE_CLASS, 'btn-info alert-info');
        Support::setIfNotSet($config, SYSTEM_EDIT_FORM_PAGE, 'form');
        Support::setIfNotSet($config, SYSTEM_SECURITY_VARS_HONEYPOT, 'email,username,password');
        Support::setIfNotSet($config, SYSTEM_SECURITY_ATTACK_DELAY, SYSTEM_SECURITY_ATTACK_DELAY_DEFAULT);
        Support::setIfNotSet($config, SYSTEM_SECURITY_SHOW_MESSAGE, '0');
        Support::setIfNotSet($config, SYSTEM_SECURITY_GET_MAX_LENGTH, SYSTEM_SECURITY_GET_MAX_LENGTH_DEFAULT);
        Support::setIfNotSet($config, SYSTEM_ESCAPE_TYPE_DEFAULT, TOKEN_ESCAPE_SINGLE_TICK);
        Support::setIfNotSet($config, SYSTEM_GFX_EXTRA_BUTTON_INFO_INLINE, '<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>');
        Support::setIfNotSet($config, SYSTEM_GFX_EXTRA_BUTTON_INFO_BELOW, '<span class="glyphicon glyphicon-info-sign text-info" aria-hidden="true"></span>');

        Support::setIfNotSet($config, SYSTEM_DB_UPDATE, SYSTEM_DB_UPDATE_AUTO);
        Support::setIfNotSet($config, SYSTEM_DIRTY_RECORD_TIMEOUT_SECONDS, SYSTEM_DIRTY_RECORD_TIMEOUT_SECONDS_DEFAULT);

        Support::setIfNotSet($config, DOCUMENTATION_QFQ, DOCUMENTATION_QFQ_URL);

        return $config;
    }

    /**
     * Rename Elements defined in config.qfq.ini to more appropriate in user interaction.
     * E.g.: in config.qfq.ini everything is in upper case and word space is '_'. In Form.parameter it's lowercase and camel hook.
     *
     * @param array $config
     * @return array
     */
    private static function renameConfigElements(array $config) {

        // oldname > newname
        $setting = [
            [SYSTEM_FORM_BS_COLUMNS, F_BS_COLUMNS],
            [SYSTEM_FORM_BS_LABEL_COLUMNS, F_BS_LABEL_COLUMNS],
            [SYSTEM_FORM_BS_INPUT_COLUMNS, F_BS_INPUT_COLUMNS],
            [SYSTEM_FORM_BS_NOTE_COLUMNS, F_BS_NOTE_COLUMNS],
            [SYSTEM_FORM_DATA_PATTERN_ERROR, F_FE_DATA_PATTERN_ERROR],
            [SYSTEM_FORM_DATA_REQUIRED_ERROR, F_FE_DATA_REQUIRED_ERROR],
            [SYSTEM_FORM_DATA_MATCH_ERROR, F_FE_DATA_MATCH_ERROR],
            [SYSTEM_FORM_DATA_ERROR, F_FE_DATA_ERROR],
            [SYSTEM_CSS_CLASS_QFQ_FORM, F_CLASS],
            [SYSTEM_CSS_CLASS_QFQ_FORM_PILL, F_CLASS_PILL],
            [SYSTEM_CSS_CLASS_QFQ_FORM_BODY, F_CLASS_BODY],
            [SYSTEM_FORM_BUTTON_ON_CHANGE_CLASS, F_BUTTON_ON_CHANGE_CLASS],
            [SYSTEM_ESCAPE_TYPE_DEFAULT, F_ESCAPE_TYPE_DEFAULT],

            [SYSTEM_SAVE_BUTTON_TEXT, F_SAVE_BUTTON_TEXT],
            [SYSTEM_SAVE_BUTTON_TOOLTIP, F_SAVE_BUTTON_TOOLTIP],
            [SYSTEM_SAVE_BUTTON_CLASS, F_SAVE_BUTTON_CLASS],
            [SYSTEM_SAVE_BUTTON_GLYPH_ICON, F_SAVE_BUTTON_GLYPH_ICON],

            [SYSTEM_CLOSE_BUTTON_TEXT, F_CLOSE_BUTTON_TEXT],
            [SYSTEM_CLOSE_BUTTON_TOOLTIP, F_CLOSE_BUTTON_TOOLTIP],
            [SYSTEM_CLOSE_BUTTON_CLASS, F_CLOSE_BUTTON_CLASS],
            [SYSTEM_CLOSE_BUTTON_GLYPH_ICON, F_CLOSE_BUTTON_GLYPH_ICON],

            [SYSTEM_DELETE_BUTTON_TEXT, F_DELETE_BUTTON_TEXT],
            [SYSTEM_DELETE_BUTTON_TOOLTIP, F_DELETE_BUTTON_TOOLTIP],
            [SYSTEM_DELETE_BUTTON_CLASS, F_DELETE_BUTTON_CLASS],
            [SYSTEM_DELETE_BUTTON_GLYPH_ICON, F_DELETE_BUTTON_GLYPH_ICON],

            [SYSTEM_NEW_BUTTON_TEXT, F_NEW_BUTTON_TEXT],
            [SYSTEM_NEW_BUTTON_TOOLTIP, F_NEW_BUTTON_TOOLTIP],
            [SYSTEM_NEW_BUTTON_CLASS, F_NEW_BUTTON_CLASS],
            [SYSTEM_NEW_BUTTON_GLYPH_ICON, F_NEW_BUTTON_GLYPH_ICON],

        ];

        foreach ($setting as $row) {
            $oldName = $row[0];
            $newName = $row[1];

            if (isset($config[$oldName])) {
                $config[$newName] = $config[$oldName];
                if ($oldName != $newName) {
                    unset($config[$oldName]);
                }
            }
        }

        return $config;
    }

}