Location: PHPKode > projects > MyOWNSpace > MyOWNspace_v8.2/www/classes/hn_urlrewrite.class.php
<?PHP
/**
  * PHP-Class HN_URL_rewrite
  *
  * @author Horst Nogajski <hide@address.com>
  * @version 3.1
  * @revision $Revision: 1.17 $
  * @date $Date: 2004/09/17 19:53:17 $
  * $RCSfile: hn_urlrewrite.class.php,v $
  *
  *
  * License: GNU LGPL (http://www.opensource.org/licenses/lgpl-license.html)
  *
  * Download: http://hn273.users.phpclasses.org/browse/package/1844.html
  *
  * If you find it useful, you might rate it on http://www.phpclasses.org/rate.html?package=1844
  * ... and if you have rated the Version 1 or 2, please update your ratings if you find it better now =:)
  *
  **/



/**
  * VERSION 3.1 because of BIGGEST SECURITY HOLE UNDER THE SUN!
  *
  * (shame on me!)
  *
  *
  * Oh no! I've experienced that, if one use rewriting all URLs and there is also
  * an URL which refers to a htacces-password protected script, the class bypasses
  * Apaches protection!
  *
  * So I've added a rewrite_protected_scripts array to configuration.
  * This is used like the registered_scripts array but exclude its scripts from rewriting.
  *
  * If you use the registered_scripts array you don't need it.
  *
  * BUT if you use the DEFAULT MODE (rewriting all URLs) and you _HAVE_
  * HTACCESS-PASSWORD-PROTECTED files, YOU MUST REGISTER THESE SCRIPTS IN THE
  * REWRITE_PROTECTED_SCRIPTS ARRAY!
  *
  * Scripts registered in that array will neither rewritten nor redirected!
  * The class uses header('Location: ...') if a (also faked) request is send to the
  * redirect-script!
  *
  **/

/**
  * CHANGED & NEW FEATURES IN VERSION 3.0
  *
  *
  * This is the last (Major)-Version. ;-)
  *
  * Now it uses a new RegExp-Searchpattern which allows to rewrite all tags
  * at once. It's faster now!
  *
  * It rewrites the URL links (<a href... </a>),
  * the IMG links (<img src),
  * and new: the AREA links in image maps (<map> <area href... </map>)
  *
  * Per default it rewrites all tags, but optionally you can disable each of the
  * tag-groups in configuration with the new config-vars: nourls, nomaps, noimgs.
  *
  * Therefore the 3 string-rewrite-methods are not used anymore and has changed
  * to only one: string-rewrite($string)
  *
  * Errorhandling is done!
  * Now it fixes the minor Errors to guarantee users can reach pages, e.g. at the price
  * of not rewritten URLs. Have a look to the function at the end of the class.
  *
  * Also fixed some minor glitches:
  *	 - ? removed from QUERY_STRING;
  *	 - now it uses is_file() instead of file_exists() by resolving pathes and checking
  *	   if files are available on local system. (file_exists return TRUE on directories also)
  *	   Now it resolves 100% of all pathnames, ;-)
  *	 - Have cleaned up the syntax for better consistency.
  *
  **/

/**
  * CHANGED & NEW FEATURES IN VERSION 2.1
  *
  * Fixed a Bug with registering hostnames, and also added support for rewriting
  * of URLs which refers to extern servers. (If their hostnames are registered in
  * hostnames array). To enbale this, you must set the new config variable
  * 'rewrite_extern_hostnames' to TRUE.
  * NOTE: these extern servers must be configured in same way as the local one:
  * they need have the same rewrite script registered and also the the same
  * separator string.
  *
  **/

/**
  * CHANGED & NEW FEATURES IN VERSION 2.0
  *
  * Per default, the class now rewrites all URL links which refers to
  * the own serverhost and where the extension is 'php', when no array with
  * registered scriptnames is passed.
  *
  * The links to rewrite can either relative URIs, absolute URIs, or complete URLs
  * with scheme, hostname, path.
  *
  * It detect complete URLs with and without 'www.' in hostname.
  * Optionally you can pass an array with additional hostnames e.g. if you have
  * the same site reachable by different top level domains (.com + .de)
  *
  * Relative parent-links (../) in relative and absolute URIs are resolved now!
  *
  * Now, registered scripts are stored in array as values, not as keys anymore!
  * The param names are not stored in array. They will encoded too.
  * So their order doesn't matter anymore.
  *
  * If you don't want use the buffer-methods, you can use three new string-rewriting methods:
  *	 string_rewrite_urls($string)
  *	 string_rewrite_imgs($string)
  *	 string_rewrite_both($string)
  * All methods return the rewritten string, but do not store it in classes scope.
  *
  **/

/**
  * Tabsize: 4
  **/



	// CONFIGURATION


	// set to absolute url of your (apache registered) redirect-script, but without scheme and host!
	if(!defined('URL_REWRITE_SCRIPT'))
	{
		define('URL_REWRITE_SCRIPT','/goto');
	}




	if(!isset($GLOBALS['_HNURLRW_']) || !is_array($GLOBALS['_HNURLRW_']))
	{
		$GLOBALS['_HNURLRW_'] = array();
	}




	// string: separates path from params in rewritten URL
	if(!isset($GLOBALS['_HNURLRW_']['separator']))
	{
		$GLOBALS['_HNURLRW_']['separator'] = '--';
	}




	// boolean: set to TRUE to disable rewriting for url tags (<a href)
	if(!isset($GLOBALS['_HNURLRW_']['nourls']))
	{
		$GLOBALS['_HNURLRW_']['nourls'] = FALSE;
	}

	// boolean: set to TRUE to disable rewriting for area tags within imagemaps (<map> <area href)
	if(!isset($GLOBALS['_HNURLRW_']['nomaps']))
	{
		$GLOBALS['_HNURLRW_']['nomaps'] = TRUE;
	}

	// boolean: set to TRUE to disable rewriting for img tags (<img src)
	if(!isset($GLOBALS['_HNURLRW_']['noimgs']))
	{
		$GLOBALS['_HNURLRW_']['noimgs'] = FALSE;
	}




	// boolean: switch encoding on/off
	// NOTE: if you do not use encoding you have to ensure that there are no slashes
	//	   within your param names or param values! If there are (only) one, it can
	//	   fool the redirection script!
	//	   Therefor the default is TRUE.
	if(!isset($GLOBALS['_HNURLRW_']['encode']))
	{
		$GLOBALS['_HNURLRW_']['encode'] = TRUE;
	}

	// boolean: use strong encoding with alpha-key-array, (implies that encode is also TRUE)
	if(!isset($GLOBALS['_HNURLRW_']['strong_encode']))
	{
		$GLOBALS['_HNURLRW_']['strong_encode'] = FALSE;
	}

	// array: with chars, this is used for strong encoding
	if(!isset($GLOBALS['_HNURLRW_']['CodingKey']))
	{
		$GLOBALS['_HNURLRW_']['CodingKey'] = array('F','G','R','U','L','B','K','N','T','W','E');
	}




	// string: virtual filename, is added to rewritten URL links
	if(!isset($GLOBALS['_HNURLRW_']['add_indexhtml']))
	{
		$GLOBALS['_HNURLRW_']['add_indexhtml'] = 'index.html';
	}

	// string: virtual filename, is added to rewritten image links
	if(!isset($GLOBALS['_HNURLRW_']['add_pictjpg']))
	{
		$GLOBALS['_HNURLRW_']['add_pictjpg'] = 'pict.jpg';
	}




	// array: list of fileextensions which are parsed by the PHP-Interpreter
	if(!isset($GLOBALS['_HNURLRW_']['valid_php_fileextensions']))
	{
		$GLOBALS['_HNURLRW_']['valid_php_fileextensions'] = array('php');
	}




	// array: list of additional hostnames for the site
	// NOTE:  write complete with 'http://www.domain.com' but without trailing slash!
	if(!isset($GLOBALS['_HNURLRW_']['hostnames']))
	{
		$GLOBALS['_HNURLRW_']['hostnames'] = array();
	}

	// boolean: If you have registered hostnames for rewriting which refers to extern servers, set this to TRUE.
	// Otherwise the class checks if the file is present in filesystem!
	if(!isset($GLOBALS['_HNURLRW_']['rewrite_extern_hostnames']))
	{
		$GLOBALS['_HNURLRW_']['rewrite_extern_hostnames'] = FALSE;
	}




	// boolean:FALSE or array()
	// if you don't want register specific scripts, this mut be FALSE.
	// otherwise it must be an array with scriptnames:
	// the scripts must defined as absolute URIs:
	// e.g. '/hn_urlrewrite_example/example1.php'
	// NOTE: this array can be overwritten by an array directly passed
	// to the class when instantiating!
	// (passing an empty array suppresses rewriting!)
	if(!isset($GLOBALS['_HNURLRW_']['registered_scripts']))
	{
		$GLOBALS['_HNURLRW_']['registered_scripts'] = FALSE;
	}



	// array()
    //
    // NOTE: IF YOU USE htaccess password protected DIRECTORIES AND YOU
    // WANT TO REWRITE ALL URLS, YOU MUST REGISTER THE PROTECTED SCRIPTS
    // IN THIS ARRAY! OTHERWISE EVERYONE CAN ACCESS YOUR HTACCESS-PROTECTED
    // FILES BY ONLY CLICKING ON THE REWRITTEN LINK!
    //
	// the scripts must defined as absolute URIs:
	// e.g. '/protected/folder/file.php'
	if(!isset($GLOBALS['_HNURLRW_']['rewrite_protected_scripts']) || !is_array($GLOBALS['_HNURLRW_']['rewrite_protected_scripts']))
	{
		$GLOBALS['_HNURLRW_']['rewrite_protected_scripts'] = array();
	}
	//$GLOBALS['_HNURLRW_']['rewrite_protected_scripts'][] = '/protected/folder/file.php';
	//$GLOBALS['_HNURLRW_']['rewrite_protected_scripts'][] = '/other/folder/filename.php';




if(!defined('HN_REWRITECLASS'))
{
	define('HN_REWRITECLASS','loaded');



class hn_urlRewrite
{

	/////////////////////////////////////////////
	//	PARAMS

	// PUBLIC
	var $separator					= '--';
	var $registered_scripts			= FALSE;
	var $rewrite_protected_scripts  = array();
	var $hostnames					= array();
	var $rewrite_extern_hostnames	= FALSE;
	var $valid_php_fileextensions	= array('php');
	var $noimgs						= FALSE;
	var $nomaps						= FALSE;
	var $nourls						= FALSE;
	var $encode						= TRUE;
	var $strong_encode				= FALSE;
	var $CodingKey					= array('F','G','R','U','L','B','K','N','T','W','E');
	var $add_indexhtml				= 'index.html';
	var $add_pictjpg				= 'pict.jpg';

	// PRIVATE
	var $host						= '';
	var $path;
	var $compare;
	var $script;
	var $querystring;
	var $page;
	var $DOCUMENT_ROOT;


	/////////////////////////////////////////////
	//	CONSTRUCTOR

	function hn_urlRewrite($registered_scripts=FALSE)
	{
		// store DOCUMENT_ROOT without optionally trailing slash!
		$this->DOCUMENT_ROOT = (strrpos($_SERVER['DOCUMENT_ROOT'],'/')==strlen($_SERVER['DOCUMENT_ROOT'])-1) ? $_SERVER['DOCUMENT_ROOT'] = substr($_SERVER['DOCUMENT_ROOT'], 0, strlen($_SERVER['DOCUMENT_ROOT'])-1) : $_SERVER['DOCUMENT_ROOT'];

		if(is_array($GLOBALS['_HNURLRW_']['rewrite_protected_scripts']))
		{
			$this->rewrite_protected_scripts = $GLOBALS['_HNURLRW_']['rewrite_protected_scripts'];
		}

		if(is_array($registered_scripts))
		{
			$this->compare		 = TRUE;
			$this->registered_scripts = $registered_scripts;
		}
		elseif(is_array($GLOBALS['_HNURLRW_']['registered_scripts']))
		{
			$this->compare		 = TRUE;
			$this->registered_scripts = $GLOBALS['_HNURLRW_']['registered_scripts'];
		}
		else
		{
			$this->compare		 = FALSE;
			$this->registered_scripts	 = null;
		}
		if($this->compare && !is_array($this->registered_scripts))
		{
			$this->_ErrorHandler('no_array');
		}
		if($this->compare && count($this->registered_scripts)<1)
		{
			$this->_ErrorHandler('no_array_values');
		}


		if(is_string($GLOBALS['_HNURLRW_']['separator']))
		{
			$this->separator = $GLOBALS['_HNURLRW_']['separator'];
		}
		// slashes are not allowed in separator! (pathdivider)
		$this->separator = str_replace('/','',$this->separator);
		if($this->separator===FALSE || trim($this->separator)=='')
		{
			$this->_ErrorHandler('no_separator');
		}


		// build an array with valid hostnames
		if(is_array($GLOBALS['_HNURLRW_']['hostnames']))
		{
			foreach($GLOBALS['_HNURLRW_']['hostnames'] as $k=>$v)
			{
				if(strstr($$v,'http://www.')!==FALSE)
				{
					$GLOBALS['_HNURLRW_']['hostnames'][$k] = str_replace('http://www.','http://',$v);
				}
			}
			$this->hostnames = array_merge($this->hostnames,$GLOBALS['_HNURLRW_']['hostnames']);
		}
		$host = 'http://'.$_SERVER['HTTP_HOST'];
		$this->hostnames[] = $host;
		if(strstr($host,'http://www.')!==FALSE)
		{
			$this->hostnames[] = str_replace('http://www.','http://',$host);
		}


		// do other configuration
		$valid = array('nourls','nomaps','noimgs','encode','strong_encode','rewrite_extern_hostnames','valid_php_fileextensions','CodingKey','add_indexhtml','add_pictjpg');
		foreach($valid as $v)
		{
			if(isset($GLOBALS['_HNURLRW_'][$v]))
			{
				$this->{$v} = $GLOBALS['_HNURLRW_'][$v];
			}
		}
	}



	/////////////////////////////////////////////
	//	REDIRECTION - PART | PUBLIC

	function redirect($path=FALSE)
	{
		$this->path = $path;
		if($this->path===FALSE)
		{
			$this->_ErrorHandler('no_path');
		}
		if(!$this->_parse_path())
		{
			$this->_ErrorHandler('no_file');
		}

		// WE WANT NOT BYPASS APACHES HTACCESS PASSWORD PROTECTION!
        // NORMALLY PROTECTED SCRIPTNAMES WILL NOT REWRITTEN, BUT A HACKER
        // THAT KNOWS THIS CLASS MAY TRY TO SEND A FAKED REQUEST TO THE REWRITE-
        // SCRIPT. THIS CHECK AVOIDS SUCH COMPROMISING.
		if(in_array($this->script,$this->rewrite_protected_scripts) || preg_match('/.*\.htaccess$/',$this->script))
		{
			header('Location: '.$this->script);
			exit(0);
		}


		// Tweaking some params
		$_SERVER['SCRIPT_FILENAME']	= $this->DOCUMENT_ROOT.$this->script;
		$_SERVER['SCRIPT_NAME']		= $this->script;
		$_SERVER['PHP_SELF']		= $this->script;
		$_SERVER['REQUEST_URI']		= $this->script;
		$_SERVER['PATH_TRANSLATED']	= realpath($_SERVER['SCRIPT_FILENAME']);
		$_SERVER['QUERY_STRING']	= $this->querystring;
		// also the older ones, if present
		if(isset($SCRIPT_FILENAME))
		{
			$SCRIPT_FILENAME	= $_SERVER['SCRIPT_FILENAME'];
		}
		if(isset($SCRIPT_NAME))
		{
			$SCRIPT_NAME		= $_SERVER['SCRIPT_NAME'];
		}
		if(isset($PHP_SELF))
		{
			$PHP_SELF			= $_SERVER['PHP_SELF'];
		}
		if(isset($REQUEST_URI))
		{
			$REQUEST_URI		= $_SERVER['REQUEST_URI'];
		}
		if(isset($PATH_TRANSLATED))
		{
			$PATH_TRANSLATED	= $_SERVER['PATH_TRANSLATED'];
		}
		if(isset($QUERY_STRING))
		{
			$QUERY_STRING		= $_SERVER['QUERY_STRING'];
		}

		if(!file_exists($_SERVER['SCRIPT_FILENAME']))
		{
			$this->_ErrorHandler('no_file');
		}

		// if the scriptfile is available, we change working directory to it's dir and return filepath to redirection_script
		chdir(dirname($_SERVER['SCRIPT_FILENAME']));
		return $_SERVER['SCRIPT_FILENAME'];
	}

		////////////////////////////////////////////////////
		// REDIRECTION | PRIVATE

		function _parse_path()
		{
			// get scriptname-part and params-part
			$temp = explode('/'.$this->separator.'/', $this->path);

			// check if file exists
			$script = $this->_file_available($temp[0]);
			// if no file is found, we stop!
			if($script===FALSE)
			{
				return FALSE;
			}

			if($this->compare)
			{
				// compare against registered scripts
				$ok = FALSE;
				$check = array('','.php','index.php','/index.php');
				foreach($check as $k=>$v)
				{
					if(in_array($temp[0].$v,$this->registered_scripts))
					{
						$script = $temp[0].$v;
						$ok = TRUE;
						break;
					}
				}
				// if no valid entry is found, we stop!
				if(!$ok)
				{
					return FALSE;
				}
			}

			// write to module_global variable
			$this->script = $script;


			// parse params-part
			if(isset($temp[1]))
			{
				$params = array();
				$temp = str_replace(array('/'.$this->add_indexhtml,'/'.$this->add_pictjpg),'',$temp[1]);
				$temp = explode('/',$temp);
				foreach($temp as $p)
				{
					$p = $this->encode ? $this->_decode($p,$this->strong_encode) : $p;
					$params[] = explode('=',$p);
				}
			}
			else
			{
				$params = array();
			}

			// add params to the GET-Array
			foreach($params as $v) $_GET[strip_tags($v[0])] = strip_tags($v[1]);

			// build querystring
			if(count($params)>0)
			{
				$this->querystring = "{$params[0][0]}={$params[0][1]}";
			}
			if(count($params)>1)
			{
				for($i=1;$i<count($params);$i++)
				{
					$this->querystring .= "&{$params[$i][0]}={$params[$i][1]}";
				}
			}

			return TRUE;
		}


	/////////////////////////////////////////////////////////
	//	PAGE-REWRITING - PART with OUTPUT-BUFFERING | PUBLIC

	function buffer_start($HeadersAgainstCaching=FALSE)
	{
		// Output-Buffering starten
		ob_start();
		ob_implicit_flush(0);

		// Header gegen uebereifrige Caches senden
		if(!headers_sent() && $HeadersAgainstCaching)
		{
			header ("expires: Sun, 06 Jan 2002 01:00:00 GMT");					// Datum in der Vergangenheit
			header ("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");		   // immer geaendert
			header ("pragma: no-cache");										  // HTTP/1.0
			header ("Cache-Control: no-cache, must-revalidate");				  // HTTP/1.1
		}
	}

	function buffer_end()
	{
		// Output-Buffering beenden
		$page = ob_get_contents();
		ob_end_clean();
		$this->page = $this->_rewrite_page($page);
	}


	function send_page($compressed=FALSE)
	{
		if($compressed && ereg('gzip',$_SERVER["HTTP_ACCEPT_ENCODING"]))
		{
			// Browser kann komprimierte Daten verarbeiten:
			header ("Content-Encoding: gzip");								// Content-Encoding senden (damit der Browser was merkt)
			echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";						// hmm, gzip-start?
			$Size = strlen($this->page);									// Groesse bestimmen
			$Crc = crc32($this->page);										// Checksumme bestimmen
			$this->page = gzcompress($this->page, 9);						// Komprimieren
			$this->page = substr($this->page, 0, strlen($this->page) - 4);	// letzte 4 Bytes abschneiden
			echo $this->page;												// komprimiertes Zeugs ausgeben
			gzip_PrintFourChars($Crc);										 // Checksumme ausgeben
			gzip_PrintFourChars($Size);										// Groesse ausgeben
		}
		else
		{
			// Unkomprimierte Daten senden:
			echo $this->page;
		}
	}


	/////////////////////////////////////////////////////////
	//	STRING-REWRITING - PART | PUBLIC (without OUTPUT-BUFFERING)

	function string_rewrite($string)
	{
		return $this->_rewrite_page($string);
	}


		///////////////////////////////////////////////
		//	REWRITING | PRIVATE

		function _rewrite_page($page)
		{
			$a = array();
			$newpage = '';
			//				1		  2		3		 4			 <5>		  6		 7
			$pattern = '=^(.*?)(<area|<a|<img)(.*?)(href\=|src\=)["|\'](.*?)["|\']([^>]*?)(>.*$|>.*?</a>.*$)=msi';
			while(preg_match($pattern, $page, $a))
			{
				if(count($a)>1)
				{
					$page = $a[7];
					$newpage .= $a[1].$a[2].$a[3].$a[4].'"';
					switch($a[2])
					{
						case '<img':
							$newpage .= $this->noimgs ? $a[5].'"'.$a[6] : $this->_rewrite_url($a[5],TRUE).'"'.$a[6];
							break;
						case '<area':
							$newpage .= $this->nomaps ? $a[5].'"'.$a[6] : $this->_rewrite_url($a[5]).'"'.$a[6];
							break;
						case '<a':
							$newpage .= $this->nourls ? $a[5].'"'.$a[6] : $this->_rewrite_url($a[5]).'"'.$a[6];
							break;
					}
				}
			}
			return $newpage.$page;
		}


		function _rewrite_url($url,$img=FALSE)
		{
            // Quick-Check
            if(in_array($url,$this->rewrite_protected_scripts))
            {
                return $url;
            }


			$ok		   = FALSE;
			$temp		 = explode('?',$url);
			$this->host	= '';

			// give up on (none registered) extern URL, mailto or javascript
			if(!$this->_is_localURL($url) || substr($url,0,11)=='javascript:' || substr($url,0,7)=='mailto:')
			{
				return $url;
			}

			// check / fix URL
			$temp[0] = $this->_fix_url($temp[0],$ok);
			if(!$ok)
			{
				return isset($temp[1]) ? $temp[0].'?'.$temp[1] : $temp[0];
			}


            // Oncemore-Checking
            if(in_array($temp[0],$this->rewrite_protected_scripts))
            {
                return $url;
            }


			// build new URL
			$temp[0] = str_replace('.php','',$temp[0]);
			$newurl  = $this->host.URL_REWRITE_SCRIPT.$this->_checkTrailingSlash($temp[0]).$this->separator;
			$this->_checkTrailingSlash($newurl);

			// rewrite params
			$params = isset($temp[1]) ? explode('&',$temp[1]) : array();
			foreach($params as $param)
			{
				if($this->encode)
				{
					$newurl .= $this->_encode($param,$this->strong_encode).'/';
				}
				else
				{
					$newurl .= $param.'/';
				}
			}

			$this->_checkTrailingSlash($newurl);
			return $img ? $newurl.$this->add_pictjpg : $newurl.$this->add_indexhtml;
		}


		function _fix_url($url,&$ok)
		{
			// here, we always have a local URL!
			if(substr($url,0,4)=='http')
			{
				// we have full URL and host-part is already stored in this->host
				$newurl = str_replace($this->host,'',$url);

				// compare
				$path = $this->_compare_url($newurl,'',$ok);
				if($ok)
				{
					return $path;
				}

				return $url;
			}
			else
			{
				// we have absolute or relative URI
				if(preg_match('/^.*\.\.\/.*$/',$url))
				{
					// we have relative Parentlinks in URL
					$UpLinks = $this->_calculate_UpLinks($url);
					if($UpLinks!==FALSE)
					{
						// ParentLinks are succesfully resolved
						$url = $UpLinks;
					}
					else
					{
						// ParentLinks are NOT succesfully resolved
						return $url;
					}
				}

				// absolute path, that's OK!
				if(substr($url,0,1)=='/')
				{
					return $this->_compare_url($url,'',$ok);
				}

				// we have a relative path, concatenate it
				$newurl = $this->_checkTrailingSlash($this->_nobacks(dirname($_SERVER['PHP_SELF']))).$url;
				return $this->_compare_url($url,$newurl,$ok);
			}
		}


		function _compare_url($url,$newurl,&$ok)
		{
			// here, we always have an absolute URI
			$comp = $newurl!='' ? $newurl : $url;


			$res = $this->_file_available($comp);
			// if file does not exists
			if($res===FALSE)
			{
				return $url;
			}

			// no special array is defined, so we have to check extension and if file_exists
			if(!$this->compare)
			{
				if($this->rewrite_extern_hostnames && $this->host!='' && strtolower($this->host)!=strtolower('http://'.$_SERVER['HTTP_HOST']))
				{
					// file from extern server: we only check for file-extension and once more, we only can trust in god! ;-)
					foreach($this->valid_php_fileextensions as $ext)
					{
						if(substr($res,strlen($res)-strlen($ext)) == $ext)
						{
							$ok = TRUE;
							return $res;
						}
					}
					// if we have no match
					return $url;
				}
				else
				{
					// file is local and exists, we check extension
					$temp = pathinfo($this->DOCUMENT_ROOT.$res);
					if(!in_array(strtolower($temp['extension']),$this->valid_php_fileextensions))
					{
						return $url;
					}

					$ok = TRUE;
					return $res;
				}
			}
			else
			{
				$check = array('','.php','index.php','/index.php');
				foreach($check as $k=>$v)
				{
					if(in_array($comp.$v,$this->registered_scripts))
					{
						$ok = TRUE;
						return $comp.$v;
					}
				}
				return $url;
			}
		}



		function _file_available($url)
		{
			// we cannot check on extern servers ;-) (takes to much time) - so we trust in god!
			if($this->rewrite_extern_hostnames && $this->host!='' && strtolower($this->host)!=strtolower('http://'.$_SERVER['HTTP_HOST']))
			{
				return $url;
			}

			// if the url refers to local server we check for file
			$ext = array('','.php','index.php','/index.php');
			foreach($ext as $k=>$v)
			{
				$file = $this->DOCUMENT_ROOT.$url.$v;
				//if(file_exists($file)) return $url.$v;
				if(is_file($file))
				{
					return $url.$v;
				}
			}
			return FALSE;
		}


		function _is_localURL($url)
		{
			// absolute or relative URI
			if(!preg_match('/^http.*$/',$url))
			{
				return TRUE;
			}

			// comparing against local hostnames
			$temp = parse_url($url);
			$url = $temp['scheme'].'://'.$temp['host'];
			if(isset($temp['port']))
			{
				$url .= ':'.$temp['port'];
			}
			foreach($this->hostnames as $v)
			{
				if(strtolower($v)==strtolower($url))
				{
					$this->host = $v;
					return TRUE;
				}
			}
			return FALSE;
		}


		function _calculate_UpLinks($url)
		{
			// make it an absolute url
			if(substr($url,0,1)!='/')
			{
				$url = $this->_checkTrailingSlash($this->_nobacks(dirname($_SERVER['PHP_SELF']))).$url;
			}

			// strip out root and filename
			$file = '';
			if(strrpos($url,'/') != strlen($url))
			{
				$file = basename($url);
			}
			if(substr($url,0,1) == '/')
			{
				$url = substr($url,1);
			}
			$url			  = $this->_nobacks(dirname($url));
			$pathsegments	 = explode('/',$url);
			$uplinks		 = 0;
			foreach($pathsegments as $ps)
			{
				if($ps == "..")
				{
					$uplinks++;
				}
			}
			$k				= count($pathsegments);
			$newurl			= '';

			// No Uplinks in string!
			if($uplinks <= 0)
			{
				return FALSE;
			}

			// Error: Bad Uplink! The given PathString has an Uplink wich refers higher than Root.
			if($pathsegments[0] == "..")
			{
				return FALSE;
			}

			// Error: Bad Uplinks! The given PathString contains to many UpLinks.
			if(($uplinks * 2) > $k)
			{
				return FALSE;
			}


			Do
			{
				// Error: Bad Uplink! The given PathString has Uplinks wich refers higher than Root!
				if($k < 0)
				{
					return FALSE;
				}


				$ups = 0;
				$finished = False;
				Do
				{
					if($pathsegments[$k - $ups -1] == "..")
					{
						$ups++;
					}
					else
					{
						$finished = TRUE;
					}
				} While(!$finished);

				$k = $k - (2 * $ups);
				if($k > -1)
				{
					if(isset($pathsegments[$k-1]) && $pathsegments[$k-1] != "..")
					{
						$newurl = "/".$pathsegments[$k-1].$newurl;
						$k--;
					}
				}
			} while($k > 0);

			return $newurl.'/'.$file;
		}


		function _checkTrailingSlash(&$path)
		{
			if(substr($path,strlen($path)-1,1)!='/')
			{
				$path .= '/';
			}
			return $path;
		}

		function _noTrailingSlash(&$path)
		{
			if(substr($path,strlen($path)-1,1)=='/')
			{
				$path = substr($path,0,strlen($path)-1);
			}
			return $path;
		}

		function _noBacks($PathStr)
		{
			return str_replace("\\","/",$PathStr);
		}




	///////////////////////////////////////////////
	//	EN-/Decode | PRIVATE

	function _encode($txt,$strong=FALSE)
	{
		return $strong ? $this->_strong_encoded($txt) : base64_encode($txt);
	}


	function _decode($txt,$strong=FALSE)
	{
		return $strong ? $this->_strong_decoded($txt) : base64_decode($txt);
	}


	function _strong_encoded($ses)
	{
		// strong_encoding with $alpha_array found at php-manual
		$alpha_array = $this->CodingKey;
		$sesencoded = $ses;
		$num = mt_rand(3,9);
		for($i=1;$i<=$num;$i++)
		{
			$sesencoded = base64_encode($sesencoded);
		}
		$sesencoded = $sesencoded."+".$alpha_array[$num];
		$sesencoded = base64_encode($sesencoded);
		return $sesencoded;
	}

	function _strong_decoded($str)
	{
		$alpha_array = $this->CodingKey;
		$decoded = base64_decode($str);
		list($decoded,$letter) = split("\+",$decoded);
		for($i=0;$i<count($alpha_array);$i++)
		{
			if($alpha_array[$i] == $letter)
			break;
		}
		for($j=1;$j<=$i;$j++)
		{
		  $decoded = base64_decode($decoded);
		}
		return $decoded;
	}


	///////////////////////////////////////////////
	//	ERRORHANDLING | PRIVATE

	function _ErrorHandler($id='')
	{
		switch($id)
		{
			// general:
				case 'no_separator':
					$this->separator = '--';
					return;
					break;

				case 'no_array':
					$this->registered_scripts = array();
					return;
					break;

				case 'no_array_values':
					return;
					break;


			// redirect part:
				case 'no_file':
					header("Location: /404");	// DIRTY FIX! - Don't know, what other makes sense here?
					exit(1);
					break;

				case 'no_path':
					$this->path = '/';		   // ALSO A DIRTY FIX!
					return;
					break;


			default:
				return;
				break;
		}
	}


} // END CLASS

} // END if defined

?>
Return current item: MyOWNSpace