1
<?php
2
/**
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <contact@terryl.in>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 * 
10
 * php version 7.1.0
11
 * 
12
 * @category  Web-security
13
 * @package   Shieldon
14
 * @author    Terry Lin <contact@terryl.in>
15
 * @copyright 2019 terrylinooo
16
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17
 * @link      https://github.com/terrylinooo/shieldon
18
 * @see       https://shieldon.io
19
 */
20

21
declare(strict_types=1);
22

23
namespace Shieldon\Firewall\Panel;
24

25
use Psr\Http\Message\ResponseInterface;
26
use Shieldon\Firewall\Panel\BaseController;
27
use function Shieldon\Firewall\__;
28
use function Shieldon\Firewall\get_request;
29
use function Shieldon\Firewall\get_response;
30
use function Shieldon\Firewall\get_session_instance;
31
use function Shieldon\Firewall\unset_superglobal;
32
use function array_keys;
33
use function array_values;
34
use function explode;
35
use function filter_var;
36
use function json_decode;
37
use function json_last_error;
38
use const JSON_PRETTY_PRINT;
39

40
/**
41
 * Home
42
 */
43
class Setting extends BaseController
44
{
45
    /**
46
     *   Public methods       | Desctiotion
47
     *  ----------------------|---------------------------------------------
48
     *   basic                | The page for managing page authentication.
49
     *   ipManager            | The page for managing XSS protection.
50
     *   exclusion            | The page for managing excluded list.
51
     *   export               | Export the settings as a JSON file.
52
     *   import               | Improt the setting by a JSON file.
53
     *  ----------------------|---------------------------------------------
54
     */
55

56
    /**
57
     * Constructor
58
     */
59 3
    public function __construct() 
60
    {
61 3
        parent::__construct();
62
    }
63

64
    /**
65
     * Set up basic settings.
66
     *
67
     * @return ResponseInterface
68
     */
69 3
    public function basic(): ResponseInterface
70
    {
71 3
        $data = [];
72

73 3
        $postParams = get_request()->getParsedBody();
74

75 3
        if (isset($postParams['tab'])) {
76 3
            unset_superglobal('tab', 'post');
77 3
            $this->saveConfig();
78
        }
79

80 3
        $data['title'] = __('panel', 'title_basic_setting', 'Basic Setting');
81

82 3
        return $this->renderPage('panel/setting', $data);
83
    }
84

85
    /**
86
     * Set up basic settings.
87
     *
88
     * @return ResponseInterface
89
     */
90 3
    public function messenger(): ResponseInterface
91
    {
92 3
        $data = [];
93

94 3
        $postParams = get_request()->getParsedBody();
95

96 3
        $data['ajaxUrl'] = $this->url('ajax/tryMessenger');
97

98 3
        if (isset($postParams['tab'])) {
99 3
            unset_superglobal('tab', 'post');
100 3
            $this->saveConfig();
101
        }
102

103 3
        $data['title'] = __('panel', 'title_messenger', 'Messenger');
104

105 3
        return $this->renderPage('panel/messenger', $data);
106
    }
107

108
    /**
109
     * IP manager.
110
     *
111
     * @return ResponseInterface
112
     */
113 3
    public function ipManager(): ResponseInterface
114
    {
115 3
        $postParams = get_request()->getParsedBody();
116

117
        if (
118 3
            isset($postParams['ip']) &&
119 3
            filter_var(explode('/', $postParams['ip'])[0], FILTER_VALIDATE_IP)
120
        ) {
121

122 3
            $url = $postParams['url'];
123 3
            $ip = $postParams['ip'];
124 3
            $rule = $postParams['action'];
125 3
            $order = (int) $postParams['order'];
126

127 3
            if ($order > 0) {
128 3
                $order--;
129
            }
130

131 3
            $ipList = (array) $this->getConfig('ip_manager');
132

133 3
            if ('allow' === $rule || 'deny' === $rule) {
134

135 3
                $newIpList = [];
136 3
                $newIpList[$order]['url'] = $url;
137 3
                $newIpList[$order]['ip'] = $ip;
138 3
                $newIpList[$order]['rule'] = $rule;
139

140 3
                array_splice($ipList, $order, 0, $newIpList);
141

142 3
                $this->setConfig('ip_manager', $ipList);
143

144 3
            } elseif ('remove' === $rule) {
145 3
                unset($ipList[$order]);
146 3
                $ipList = array_values($ipList);
147 3
                $this->setConfig('ip_manager', $ipList);
148
            }
149

150 3
            unset_superglobal('url', 'post');
151 3
            unset_superglobal('ip', 'post');
152 3
            unset_superglobal('action', 'post');
153 3
            unset_superglobal('order', 'post');
154

155 3
            $this->saveConfig();
156
        }
157

158 3
        $data = [];
159

160 3
        $data['ip_list'] = $this->getConfig('ip_manager');
161

162 3
        $data['title'] = __('panel', 'title_ip_manager', 'IP Manager');
163

164 3
        return $this->renderPage('panel/ip_manager', $data);
165
    }
166

167
    /**
168
     * Exclude the URLs that they don't need protection.
169
     *
170
     * @return ResponseInterface
171
     */
172 3
    public function exclusion(): ResponseInterface
173
    {
174 3
        $postParams = get_request()->getParsedBody();
175

176 3
        if (isset($postParams['url'])) {
177

178 3
            $url = $postParams['url'];
179 3
            $action = $postParams['action'];
180 3
            $order = (int) $postParams['order'];
181

182 3
            $excludedUrls = (array) $this->getConfig('excluded_urls');
183

184 3
            if ('add' === $action) {
185 3
                array_push(
186 3
                    $excludedUrls,
187
                    [
188 3
                        'url' => $url
189
                    ]
190
                );
191

192 3
            } elseif ('remove' === $action) {
193 3
                unset($excludedUrls[$order]);
194

195 3
                $excludedUrls = array_values($excludedUrls);
196
            }
197

198 3
            $this->setConfig('excluded_urls', $excludedUrls);
199

200 3
            unset_superglobal('url', 'post');
201 3
            unset_superglobal('action', 'post');
202 3
            unset_superglobal('order', 'post');
203

204 3
            $this->saveConfig();
205
        }
206

207 3
        $data = [];
208

209 3
        $data['exclusion_list'] = $this->getConfig('excluded_urls');
210

211 3
        $data['title'] = __('panel', 'title_exclusion_list', 'Exclusion');
212

213 3
        return $this->renderPage('panel/exclusion', $data);
214
    }
215

216
    /**
217
     * Export settings.
218
     *
219
     * @return ResponseInterface
220
     */
221 3
    public function export(): ResponseInterface
222
    {
223 3
        $response = get_response();
224

225 3
        $stream = $response->getBody();
226 3
        $stream->write(json_encode($this->configuration, JSON_PRETTY_PRINT));
227 3
        $stream->rewind();
228

229 3
        $filename = 'shieldon_' . date('Y-m-d-Hi') . '.json';
230

231 3
        $response = $response->withHeader('Content-Type', 'text/plain');
232 3
        $response = $response->withHeader('Content-Disposition', 'attachment; filename=' . $filename);
233 3
        $response = $response->withHeader('Expires', '0');
234 3
        $response = $response->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0');
235 3
        $response = $response->withHeader('Pragma', 'public');
236 3
        $response = $response->withBody($stream);
237

238 3
        return $response;
239
    }
240

241
    /**
242
     * Import settings.
243
     *
244
     * @return ResponseInterface
245
     */
246 3
    public function import(): ResponseInterface
247
    {
248 3
        $request = get_request();
249 3
        $response = get_response();
250

251 3
        $uploadedFileArr = $request->getUploadedFiles();
252 3
        $importedFileContent = $uploadedFileArr['json_file']->getStream()->getContents();
253

254 3
        if (!empty($importedFileContent)) {
255 3
            $jsonData = json_decode($importedFileContent, true);
256

257 3
            if (json_last_error() !== JSON_ERROR_NONE) {
258 3
                $this->pushMessage(
259 3
                    'error',
260 3
                    __(
261 3
                        'panel',
262 3
                        'error_invalid_json_file',
263 3
                        'Invalid JSON file.'
264
                    )
265
                );
266 3
                get_session_instance()->set('flash_messages', $this->messages);
267

268
                // Return failed result message.
269 3
                return $response->withHeader('Location', $this->url('setting/basic'));
270
            }
271

272 3
            $checkFileVaild = true;
273

274 3
            foreach (array_keys($this->configuration) as $key) {
275 3
                if (!isset($jsonData[$key])) {
276 3
                    $checkFileVaild = false;
277
                }
278
            }
279

280 3
            if ($checkFileVaild) {
281 3
                foreach (array_keys($jsonData) as $key) {
282 3
                    if (isset($this->configuration[$key])) {
283 3
                        unset($this->configuration[$key]);
284
                    }
285
                }
286

287 3
                $this->configuration = $this->configuration + $jsonData;
288

289
                // Save settings into a configuration file.
290 3
                $configFilePath = $this->directory . '/' . $this->filename;
291 3
                file_put_contents($configFilePath, json_encode($this->configuration));
292

293 3
                $this->pushMessage(
294 3
                    'success',
295 3
                    __(
296 3
                        'panel',
297 3
                        'success_json_imported',
298 3
                        'JSON file imported successfully.'
299
                    )
300
                );
301

302 3
                get_session_instance()->set('flash_messages', $this->messages);
303

304
                // Return succesfull result message.
305 3
                return $response->withHeader('Location', $this->url('setting/basic'));
306
            }
307
        }
308

309 3
        $this->pushMessage(
310 3
            'error',
311 3
            __(
312 3
                'panel',
313 3
                'error_invalid_config_file',
314 3
                'Invalid Shieldon configuration file.'
315
            )
316
        );
317

318 3
        get_session_instance()->set('flash_messages', $this->messages);
319

320 3
        return $response->withHeader('Location', $this->url('setting/basic'));
321
    }
322
}

Read our documentation on viewing source code .

Loading