You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
132 lines
4.0 KiB
132 lines
4.0 KiB
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* @author Robert Strutts
|
|
* @copyright (c) 2026, Robert Strutts
|
|
* @license MIT
|
|
*/
|
|
|
|
namespace IOcornerstone\Framework;
|
|
|
|
use IOcornerstone\Framework\{
|
|
Security,
|
|
Console,
|
|
};
|
|
/**
|
|
* Description of SiteHelper
|
|
* Checks if IP is allowed for LIVE DEBUGGING
|
|
*
|
|
* @author Robert Strutts
|
|
*/
|
|
final class SiteHelper
|
|
{
|
|
|
|
private static $local_site_domains = ['localhost'];
|
|
private static $Private_IPs_allowed = ['127.0.0.1', '::1'];
|
|
private static $Public_IPs_allowed = [];
|
|
|
|
public static function setupHTTP(): void
|
|
{
|
|
define("PROJECT_ASSETS_DIR", BaseDir . DIRECTORY_SEPARATOR . "public" . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR);
|
|
|
|
$server_port = $_SERVER['SERVER_PORT'] ?? 80;
|
|
$secure_port_on = $_SERVER['HTTPS'] ?? "off";
|
|
$use_secure = ($server_port == "443" || $secure_port_on == "on");
|
|
$protocol = ($use_secure) ? "https://" : "http://";
|
|
$domain_name = $_SERVER['HTTP_HOST'] ?? "";
|
|
|
|
define("HTTP_PROT", $protocol);
|
|
define("USE_SECURE", $use_secure);
|
|
define("PROJECT_BASE_REF", $protocol . $domain_name);
|
|
define("PROJECT_ASSETS_BASE_REF", PROJECT_BASE_REF . "/assets");
|
|
define("ASSETS_DIR", PROJECT_ASSETS_DIR);
|
|
define('ASSETS_BASE_REF', PROJECT_ASSETS_BASE_REF);
|
|
}
|
|
|
|
public static function setLocalSiteDomains(string|array $domain_name): void
|
|
{
|
|
if (is_array($domain_name)) {
|
|
foreach ($domain_name as $domain) {
|
|
self::$local_site_domains[] = $domain;
|
|
}
|
|
} elseif (is_string($domain_name)) {
|
|
self::$local_site_domains[] = $domain_name;
|
|
}
|
|
}
|
|
|
|
public static function setAllowedPrivateIPs(string|array $IP_addresses): void
|
|
{
|
|
if (is_array($IP_addresses)) {
|
|
foreach ($IP_addresses as $IP) {
|
|
$s_ip = Security::getValidIp($IP);
|
|
if ($s_ip === false) {
|
|
continue;
|
|
}
|
|
self::$Private_IPs_allowed[] = $IP;
|
|
}
|
|
} elseif (is_string($IP_addresses)) {
|
|
$s_ip = Security::getValidIp($IP);
|
|
if ($s_ip === false) {
|
|
return;
|
|
}
|
|
self::$Private_IPs_allowed[] = $IP_addresses;
|
|
}
|
|
}
|
|
|
|
public static function setAllowedPublicIPs(string|array $IP_addresses): void
|
|
{
|
|
if (is_array($IP_addresses)) {
|
|
foreach ($IP_addresses as $IP) {
|
|
$s_ip = Security::getValidPublicIp($IP);
|
|
if ($s_ip === false) {
|
|
continue;
|
|
}
|
|
self::$Public_IPs_allowed[] = $s_ip;
|
|
}
|
|
} elseif (is_string($IP_addresses)) {
|
|
$s_ip = Security::getValidPublicIp($IP);
|
|
if ($s_ip === false) {
|
|
return;
|
|
}
|
|
self::$Public_IPs_allowed[] = $IP_addresses;
|
|
}
|
|
}
|
|
|
|
public static function isServerName_A_PrivateDomain(): bool
|
|
{
|
|
$white_list = array_merge(self::$local_site_domains, self::$Private_IPs_allowed);
|
|
return (Security::isServerNameOnDomainList($white_list));
|
|
}
|
|
|
|
public static function remoteNotAllowedForceLive(): bool
|
|
{
|
|
if (Console::isConsole()) {
|
|
return false; // false to show errors and dumps
|
|
}
|
|
|
|
$s = $_SESSION['usersRights'] ?? false;
|
|
if ($s !== false && strlen($s) > 4) {
|
|
$rights = json_decode($s, associative: true);
|
|
$flipped = array_flip($rights);
|
|
if (isset($flipped['developer'])) {
|
|
return false; // false for Developers to see Errors/Logs
|
|
}
|
|
}
|
|
|
|
return (!self::is_allowed());
|
|
}
|
|
|
|
public static function is_allowed(): bool
|
|
{
|
|
$remote_ip = Security::getClientIpAddress();
|
|
if (in_array($remote_ip, self::$Public_IPs_allowed)) {
|
|
return true;
|
|
}
|
|
if (self::isServerName_A_PrivateDomain() && in_array($remote_ip, self::$Private_IPs_allowed)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
|