本文整理汇总了PHP中ESAPI::getHttpUtilities方法的典型用法代码示例。如果您正苦于以下问题:PHP ESAPI::getHttpUtilities方法的具体用法?PHP ESAPI::getHttpUtilities怎么用?PHP ESAPI::getHttpUtilities使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ESAPI的用法示例。
在下文中一共展示了ESAPI::getHttpUtilities方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: _log
/**
* Helper function.
*
* If the supplied logging level is at or above the current logging
* threshold then log the message after optionally encoding any special
* characters that might be dangerous when viewed by an HTML based log
* viewer. Also encode any carriage returns and line feeds to prevent log
* injection attacks. This logs all the supplied parameters: level, event
* type, whether the event represents success or failure and the log
* message. In addition, the application name, logger name/category, local
* IP address and port, the identity of the user and their source IP
* address, a logging specific user session ID, and the current date/time
* are also logged.
* If the supplied logging level is below the current logging threshold then
* the message will be discarded.
*
* @param int $level the priority level of the event - an Logger Level
* constant.
* @param int $type the type of the event - an Logger Event constant.
* @param bool $success TRUE indicates this was a successful
* event, FALSE indicates this was a failed event
* (the typical value).
* @param string $message the message to be logged.
* @param Exception $throwable The throwable Exception.
*
* @return does not return a value.
*/
private function _log($level, $type, $success, $message, $throwable)
{
// If this log level is below the threshold we can quit now.
$logLevel = self::_convertESAPILeveltoLoggerLevel($level);
if (!$this->_log4php->isEnabledFor($logLevel)) {
return;
}
$encoder = ESAPI::getEncoder();
$secConfig = ESAPI::getSecurityConfiguration();
// Add some context to log the message.
$context = '';
// The output of log level is handled here instead of providing a
// LayoutPattern to Log4PHP. This allows us to print TRACE instead of
// ALL and WARNING instead of WARN.
$levelStr = $logLevel->toString();
if ($levelStr == 'ALL') {
$levelStr = 'TRACE';
} elseif ($levelStr == 'WARN') {
$levelStr = 'WARNING';
}
$context .= $levelStr;
// Application name.
// $this->appName is set only if it is to be logged.
if ($this->_appName !== null) {
$context .= ' ' . $this->_appName;
}
// Logger name (Category in Log4PHP parlance)
$context .= ' ' . $this->_log4phpName;
// Event Type
if (!is_string($type)) {
$type = 'EVENT_UNKNOWN';
}
$context .= ' ' . $type;
// Success or Failure of Event
if ($success === true) {
$context .= '-SUCCESS';
} else {
$context .= '-FAILURE';
}
$request = ESAPI::getHttpUtilities()->getCurrentRequest();
if ($request === null) {
$request = new SafeRequest();
ESAPI::getHttpUtilities()->setCurrentHTTP($request);
}
$laddr = $request->getServerName();
if ($laddr === '') {
$laddr = 'UnknownLocalHost';
}
$lport = $request->getServerPort();
$ruser = $request->getRemoteUser();
if ($ruser === '') {
$ruser = 'AnonymousUser';
}
$raddr = $request->getRemoteAddr();
if ($raddr === '') {
$raddr = 'UnknownRemoteHost';
}
$context .= " {$laddr}:{$lport} {$ruser}@{$raddr}";
// create a random session number for the user to represent the
// user's session, if it doesn't exist already
$userSessionIDforLogging = 'SessionUnknown';
if (isset($_SESSION)) {
if (isset($_SESSION['DefaultAuditor']) && isset($_SESSION['DefaultAuditor']['SessionIDForLogging'])) {
$userSessionIDforLogging = $_SESSION['DefaultAuditor']['SessionIDForLogging'];
} else {
try {
$userSessionIDforLogging = (string) ESAPI::getRandomizer()->getRandomInteger(0, 1000000);
$_SESSION['DefaultAuditor']['SessionIDForLogging'] = $userSessionIDforLogging;
} catch (Exception $e) {
// continue
}
}
}
//.........这里部分代码省略.........
示例2: loginWithPassword
/**
* {@inheritDoc}
*/
public function loginWithPassword($password)
{
//FIXME: time() might not be the correct format to be used?
if (is_null($password) || $password == "") {
$this->setLastFailedLoginTime(time());
$this->incrementFailedLoginCount();
throw new AuthenticationLoginException("Login failed", "Missing password: " . $this->getAccountName());
}
// don't let disabled users log in
if (!$this->isEnabled()) {
$this->setLastFailedLoginTime(time());
$this->incrementFailedLoginCount();
throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " . $this->getAccountName());
}
// don't let locked users log in
if ($this->isLocked()) {
$this->setLastFailedLoginTime(time());
$this->incrementFailedLoginCount();
throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " . $this->getAccountName());
}
// don't let expired users log in
if ($this->isExpired()) {
$this->setLastFailedLoginTime(time());
$this->incrementFailedLoginCount();
throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " . $this->getAccountName());
}
$this->logout();
if ($this->verifyPassword($password)) {
$this->_loggedIn = true;
ESAPI::getHttpUtilities()->changeSessionIdentifier(ESAPI::currentRequest());
ESAPI::getAuthenticator()->setCurrentUser($this);
$this->setLastLoginTime(time());
$this->setLastHostAddress(ESAPI::getHttpUtilities()->getCurrentRequest()->getRemoteHost());
ESAPI::getLogger("DefaultUser")->trace(ESAPILogger::SECURITY, "User logged in: " . $this->_accountName);
} else {
$this->_loggedIn = false;
$this->setLastFailedLoginTime(time());
$this->incrementFailedLoginCount();
throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " . $this->getAccountName());
}
}