| Methods |
public
static
|
init(Base $f3): void
Initialises the module.
This static method is called during initialisation. Subclasses can
use this to, among other things:
- register URL routes with the Fat-Free Framework using
$f3->route()
or $f3->map()
- register events
Parameters
| $f3 |
the FatFree framework
|
|
#
|
public
|
__construct()
Creates a module.
This default constructor performs the following:
- sets the $logger variable to the current logger
- sets the locale domain
|
#
|
public
|
beforeroute(): void
FatFree Framework event handler.
FatFree Framework event handler.
This event handler initialises the user system. It starts the PHP session
and loads data for the currently logged-in user, if any.
|
#
|
protected
|
isHttps(): bool
Determines whether the current connection with the user agent is via
HTTPS.
Determines whether the current connection with the user agent is via
HTTPS.
HTTPS is detected if one of the following occurs:
- $_SERVER['HTTPS'] is set to 'on' (Apache installations)
- $_SERVER['HTTP_X_FORWARDED_PROTO'] is set to 'https' (reverse proxies)
- $_SERVER['HTTP_FRONT_END_HTTPS'] is set to 'on'
Returns
true if the connection is via HTTPS
|
#
|
protected
|
checkHttps(
string $action = 'redirect',
boolean $allow_override = false,
string $redirect_url = null,
boolean $strict = true,
): void
Ensure the current connection with the user agent is secure with HTTPS.
Ensure the current connection with the user agent is secure with HTTPS.
This function uses isHttps() to determine whether the connection
is via HTTPS. If it is, this function will return successfully.
If it is not, what happens next is determined by the following steps.
- If $allow_override is true and allow_plaintext is also true,
then the function will return successfully
- Otherwise, then it will either redirect (if $action is
redirect) or return an error (if $action is error)
Parameters
| $action |
what to do if connection is not secure - either
'redirect' or 'error'
|
| $allow_override |
whether allow_plaintext is checked
to see if an unencrypted connection is allowed
|
| $redirect_url |
if $action is redirect, what URL to redirect to.
If null, this will redirect to the same page (albeit with an HTTPS connection)
|
| $strict |
whether HTTP Strict Transport Security is active
|
|
#
|
public
|
getCanonicalURL(string $path = '', string $query = '', string $secure = null): string
Obtains a SimpleID URL. URLs produced by SimpleID should use this function.
Obtains a SimpleID URL. URLs produced by SimpleID should use this function.
Parameters
| $path |
the FatFree path or alias
|
| $query |
a properly encoded query string
|
| $secure |
one of 'https' to force an HTTPS connection, 'http' to force
an unencrypted HTTP connection, 'detect' to base on the current connection, or NULL to vary based on the
canonical_base_path configuration
|
Returns
|
#
|
public
|
getCanonicalHost(string $secure = null): string
Obtains the SimpleID host URL.
Obtains the SimpleID host URL.
This function returns the scheme, host name, port, user name and password (if specified) from
the canonical_base_path configuration variable. It is used, among other things, as the
issuer identifier for JWTs issued by this installation.
Parameters
| $secure |
one of 'https' to force an HTTPS connection, 'http' to force
an unencrypted HTTP connection, 'detect' to base on the current connection, or NULL to vary based on the
canonical_base_path configuration
|
Returns
|
#
|
protected
|
getOrigin(string $uri): string
|
#
|
protected
|
fatalError(string $error, int $code = 500): void
Displays a fatal error message and exits.
Displays a fatal error message and exits.
Parameters
| $error |
the message to set
|
| $code |
the HTTP status code to send
|
|
#
|
public
|
secureCompare(string $str1, string $str2): bool
Compares two strings using the same time whether they're equal or not.
This function should be used to mitigate timing attacks when, for
example, comparing password hashes
Compares two strings using the same time whether they're equal or not.
This function should be used to mitigate timing attacks when, for
example, comparing password hashes
Returns
true if the two strings are equal
|
#
|