forked from projects/fipamo
ro
4337a20fb8
API Security has been reworked to check if request is secure, verifies the API token created on site setup given to every member, and then confirms the system is accepting API requests by way of the API enabled toggle in settings API usage is now only meant for backend use, so this needs to be noted in the docs
81 lines
2.3 KiB
PHP
81 lines
2.3 KiB
PHP
<?php
|
|
|
|
use Illuminate\Encryption\Encrypter;
|
|
|
|
function createUUID()
|
|
{
|
|
if (function_exists('com_create_guid') === true) {
|
|
return trim(com_create_guid(), '{}');
|
|
}
|
|
|
|
return sprintf(
|
|
'%04X%04X-%04X-%04X-%04X-%04X%04X%04X',
|
|
mt_rand(0, 65535),
|
|
mt_rand(0, 65535),
|
|
mt_rand(0, 65535),
|
|
mt_rand(16384, 20479),
|
|
mt_rand(32768, 49151),
|
|
mt_rand(0, 65535),
|
|
mt_rand(0, 65535),
|
|
mt_rand(0, 65535)
|
|
);
|
|
}
|
|
|
|
function safeString($string)
|
|
{
|
|
return strtolower(
|
|
trim(
|
|
preg_replace(
|
|
'~[^0-9a-z]+~i',
|
|
'_',
|
|
html_entity_decode(
|
|
preg_replace(
|
|
'~&([a-z]{1,2})(?:acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i',
|
|
'$1',
|
|
htmlentities($string, ENT_QUOTES, 'UTF-8')
|
|
),
|
|
ENT_QUOTES,
|
|
'UTF-8'
|
|
)
|
|
),
|
|
'-'
|
|
)
|
|
);
|
|
}
|
|
|
|
function randomString(int $length)
|
|
{
|
|
$alphanum = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
|
$special = '*&!@%^#$';
|
|
$alphabet = $alphanum . $special;
|
|
$random = openssl_random_pseudo_bytes($length);
|
|
$alphabet_length = strlen($alphabet);
|
|
$string = '';
|
|
for ($i = 0; $i < $length; ++$i) {
|
|
$string .= $alphabet[ord($random[$i]) % $alphabet_length];
|
|
}
|
|
|
|
return $string;
|
|
}
|
|
|
|
function createAppKey()
|
|
{
|
|
return 'base64:' . base64_encode(Encrypter::generateKey(config('app.cipher')));
|
|
}
|
|
|
|
function isHttps()
|
|
{
|
|
if (
|
|
(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)) ||
|
|
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') ||
|
|
(isset($_SERVER['HTTP_X_FORWARDED_SCHEME']) && strtolower($_SERVER['HTTP_X_FORWARDED_SCHEME']) === 'https') ||
|
|
(isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] === 'on' || $_SERVER['HTTP_X_FORWARDED_SSL'] == 1)) ||
|
|
(isset($_SERVER['REQUEST_SCHEME']) && strtolower($_SERVER['REQUEST_SCHEME']) === 'https') ||
|
|
(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)
|
|
) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|