HTTP Class Technical Documentation (diff)

Difference between revisions for Users / Eo Ny / dev

Version1		Version2
14		14
15	==== Public Properties ====	15	==== Public Properties ====
16		16
17	#\|	17
18	\| Property \| Type \| Description \|	18
19	\|\| ##$tls_session## \| bool \| Indicates if the current session uses HTTPS/TLS encryption \|\|	19	==== Private Properties ====
20	\|\| ##$request_uri## \| string \| Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') \|\|	20
21	\|\| ##$ip## \| string \| Client's real IP address (accounts for proxies) \|\|	21
22	\|\| ##$sess## \| Session \| Reference to the Session object \|\|	22	=== Constructor ===
23	\|\| ##$method## \| string \| Current HTTP method/request type \|\|	23
24	\|\| ==== Private Properties ==== \|\|	24	%%php
25	\|\| Property \| Type \| Description \|\|
26	\|\| ---------- \| ------ \| ------------- \|\|
27	\|\| ##$db## \| object \| Database connection reference \|\|
28	\|\| ##$tls_mark## \| string \| Cookie name for TLS session marking \|\|
29	\|\| ##$page## \| string \| Current page name being processed \|\|
30	\|\| ##$hash## \| string \| SHA1 hash of the page name \|\|
31	\|\| ##$query## \| string \| Encoded query string \|\|
32	\|\| ##$lang## \| string \| Current language code \|\|
33	\|\| ##$file## \| string \| Cache file path \|\|
34	\|\| ##$caching## \| int \| Flag indicating if page should be cached (0 or 1) \|\|
35	\|\| ---- \|\|
36	\|\| === Constructor === \|\|
37	\|\| %%php
38	public function __construct(&$db)	25	public function __construct(&$db)
39	%% \|\|	26	%%
40	\|\| Purpose: Initializes the Http object and sets up HTTP session handling. \|\|	27
41	\|\| Parameters: \|\|	28	Purpose: Initializes the Http object and sets up HTTP session handling.
42	\|\| - ##$db## - Database object reference \|\|	29
43	\|\| Initialization Steps: \|\|	30	Parameters:
44	\|\| 1. Stores database reference \|\|	31	- ##$db## - Database object reference
45	\|\| 2. Extracts and normalizes REQUEST_URI \|\|	32
46	\|\| 3. Detects TLS/HTTPS session status \|\|	33	Initialization Steps:
47	\|\| 4. Determines client's real IP address \|\|	34	1. Stores database reference
48	\|\| 5. Sets up TLS mark cookie name \|\|	35	2. Extracts and normalizes REQUEST_URI
49	\|\| 6. Enforces TLS session upgrade if needed \|\|	36	3. Detects TLS/HTTPS session status
50	\|\| Example: \|\|	37	4. Determines client's real IP address
51	\|\| %%php	38	5. Sets up TLS mark cookie name
		39	6. Enforces TLS session upgrade if needed
		40
		41	Example:
		42	%%php
52	$http = new Http($db);	43	$http = new Http($db);
53	%% \|\|	44	%%
54	\|\| ---- \|\|	45
55	\|\| === Core Methods === \|\|	46	----
56	\|\| ==== Session Management ==== \|\|	47
57	\|\| ===== ##session($route): void## ===== \|\|	48	=== Core Methods ===
58	\|\| Initializes the session handler (file-based or database-based). \|\|	49
59	\|\| Parameters: \|\|	50	==== Session Management ====
60	\|\| - ##$route## (int) - Routing flag: \|\|	51
61	\|\| - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration) \|\|	52	===== ##session($route): void## =====
62	\|\| Features: \|\|	53	Initializes the session handler (file-based or database-based).
63	\|\| - Selects storage backend (file or database) \|\|	54
64	\|\| - Configures cookie settings (security, path, httponly) \|\|	55	Parameters:
65	\|\| - Binds IP and TLS validation \|\|	56	- ##$route## (int) - Routing flag:
66	\|\| - Recovers diagnostic logs from previous session \|\|	57	- Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
67	\|\| Example: \|\|	58
68	\|\| %%php	59	Features:
		60	- Selects storage backend (file or database)
		61	- Configures cookie settings (security, path, httponly)
		62	- Binds IP and TLS validation
		63	- Recovers diagnostic logs from previous session
		64
		65	Example:
		66	%%php
69	$http->session(0); // Normal session	67	$http->session(0); // Normal session
70	$http->session(2); // Static file serving mode	68	$http->session(2); // Static file serving mode
71	%% \|\|	69	%%
72	\|\| ---- \|\|	70
73	\|\| ==== Caching System ==== \|\|	71	----
74	\|\| ===== ##check_cache($page, $method): void## ===== \|\|	72
75	\|\| Determines if a page can be cached and prepares the cache check. \|\|	73	==== Caching System ====
76	\|\| Parameters: \|\|	74
77	\|\| - ##$page## (string) - Page name to cache \|\|	75	===== ##check_cache($page, $method): void## =====
78	\|\| - ##$method## (string) - Request method/action (e.g., 'show', 'edit') \|\|	76	Determines if a page can be cached and prepares the cache check.
79	\|\| Caching Rules: \|\|	77
80	\|\| - ✅ Enabled for GET requests only \|\|	78	Parameters:
81	\|\| - ✅ Disabled for POST requests \|\|	79	- ##$page## (string) - Page name to cache
82	\|\| - ❌ Never cached for 'edit' or 'watch' methods \|\|	80	- ##$method## (string) - Request method/action (e.g., 'show', 'edit')
83	\|\| - ✅ Only cached for anonymous users (no logged-in users) \|\|	81
84	\|\| Example: \|\|	82	Caching Rules:
85	\|\| %%php	83	- ✅ Enabled for GET requests only
		84	- ✅ Disabled for POST requests
		85	- ❌ Never cached for 'edit' or 'watch' methods
		86	- ✅ Only cached for anonymous users (no logged-in users)
		87
		88	Example:
		89	%%php
86	$http->check_cache('HomePage', 'show');	90	$http->check_cache('HomePage', 'show');
87	%% \|\|	91	%%
88	\|\| ---- \|\|	92
89	\|\| ===== ##store_cache(): void## ===== \|\|	93	----
90	\|\| Saves the generated page content to cache file. \|\|	94
91	\|\| Features: \|\|	95	===== ##store_cache(): void## =====
92	\|\| - Retrieves output buffer content \|\|	96	Saves the generated page content to cache file.
93	\|\| - Saves to cache file with proper permissions \|\|	97
94	\|\| - Records cache metadata in database \|\|	98	Features:
95	\|\| - Only executes if caching flag is set and user is anonymous \|\|	99	- Retrieves output buffer content
96	\|\| Example: \|\|	100	- Saves to cache file with proper permissions
97	\|\| %%php	101	- Records cache metadata in database
		102	- Only executes if caching flag is set and user is anonymous
		103
		104	Example:
		105	%%php
98	// Called at end of page rendering	106	// Called at end of page rendering
99	$http->store_cache();	107	$http->store_cache();
100	%% \|\|	108	%%
101	\|\| ---- \|\|	109
102	\|\| ===== ##invalidate_page($page): int## ===== \|\|	110	----
103	\|\| Invalidates all cached versions of a page. \|\|	111
104	\|\| Parameters: \|\|	112	===== ##invalidate_page($page): int## =====
105	\|\| - ##$page## (string) - Page name to invalidate \|\|	113	Invalidates all cached versions of a page.
106	\|\| Returns: \|\|	114
107	\|\| - Number of cache entries invalidated \|\|	115	Parameters:
108	\|\| Process: \|\|	116	- ##$page## (string) - Page name to invalidate
109	\|\| 1. Finds all cached versions (different methods/languages) \|\|	117
110	\|\| 2. Touches files to past timestamp (faster than deletion) \|\|	118	Returns:
111	\|\| 3. Removes entries from cache metadata table \|\|	119	- Number of cache entries invalidated
112	\|\| 4. Returns count of invalidated caches \|\|	120
113	\|\| Example: \|\|	121	Process:
114	\|\| %%php	122	1. Finds all cached versions (different methods/languages)
		123	2. Touches files to past timestamp (faster than deletion)
		124	3. Removes entries from cache metadata table
		125	4. Returns count of invalidated caches
		126
		127	Example:
		128	%%php
115	$count = $http->invalidate_page('HomePage');	129	$count = $http->invalidate_page('HomePage');
116	echo "Invalidated $count cache entries";	130	echo "Invalidated $count cache entries";
117	%% \|\|	131	%%
118	\|\| ---- \|\|	132
119	\|\| ==== TLS/HTTPS Security ==== \|\|	133	----
120	\|\| ===== ##secure_base_url(): void## ===== \|\|	134
121	\|\| Switches base URL from HTTP to HTTPS. \|\|	135	==== TLS/HTTPS Security ====
122	\|\| Purpose: \|\|	136
123	\|\| - Ensures all subsequent URLs use HTTPS \|\|	137	===== ##secure_base_url(): void## =====
124	\|\| - Stores original HTTP URL for fallback \|\|	138	Switches base URL from HTTP to HTTPS.
125	\|\| - Called when TLS session is detected \|\|	139
126	\|\| Example: \|\|	140	Purpose:
127	\|\| %%php	141	- Ensures all subsequent URLs use HTTPS
		142	- Stores original HTTP URL for fallback
		143	- Called when TLS session is detected
		144
		145	Example:
		146	%%php
128	$http->secure_base_url();	147	$http->secure_base_url();
129	// $db->base_url now uses https://	148	// $db->base_url now uses https://
130	%% \|\|	149	%%
131	\|\| ---- \|\|	150
132	\|\| ===== ##ensure_tls($url): void## ===== \|\|	151	----
133	\|\| Enforces HTTPS for a specific URL and redirects if necessary. \|\|	152
134	\|\| Parameters: \|\|	153	===== ##ensure_tls($url): void## =====
135	\|\| - ##$url## (string) - URL to secure \|\|	154	Enforces HTTPS for a specific URL and redirects if necessary.
136	\|\| Behavior: \|\|	155
137	\|\| - If not already HTTPS and TLS is enabled, forces HTTPS redirect \|\|	156	Parameters:
138	\|\| - Handles both relative and absolute URLs \|\|	157	- ##$url## (string) - URL to secure
139	\|\| - Converts relative URLs using current server name \|\|	158
140	\|\| Example: \|\|	159	Behavior:
141	\|\| %%php	160	- If not already HTTPS and TLS is enabled, forces HTTPS redirect
		161	- Handles both relative and absolute URLs
		162	- Converts relative URLs using current server name
		163
		164	Example:
		165	%%php
142	$http->ensure_tls('/secure/payment');	166	$http->ensure_tls('/secure/payment');
143	%% \|\|	167	%%
144	\|\| ---- \|\|	168
145	\|\| ==== IP Address Detection ==== \|\|	169	----
146	\|\| ===== ##real_ip(): string## (Private) ===== \|\|	170
147	\|\| Detects client's real IP address accounting for proxies. \|\|	171	==== IP Address Detection ====
148	\|\| Proxy Headers Checked (in order): \|\|	172
149	\|\| 1. ##HTTP_X_CLUSTER_CLIENT_IP## \|\|	173	===== ##real_ip(): string## (Private) =====
150	\|\| 2. ##HTTP_X_FORWARDED_FOR## (or custom header) \|\|	174	Detects client's real IP address accounting for proxies.
151	\|\| 3. ##HTTP_CLIENT_IP## \|\|	175
152	\|\| 4. ##HTTP_X_REMOTE_ADDR## \|\|	176	Proxy Headers Checked (in order):
153	\|\| 5. ##REMOTE_ADDR## (fallback) \|\|	177	1. ##HTTP_X_CLUSTER_CLIENT_IP##
154	\|\| Features: \|\|	178	2. ##HTTP_X_FORWARDED_FOR## (or custom header)
155	\|\| - Filters out private/reserved IP ranges \|\|	179	3. ##HTTP_CLIENT_IP##
156	\|\| - Respects configured reverse proxy addresses \|\|	180	4. ##HTTP_X_REMOTE_ADDR##
157	\|\| - Returns ##'0.0.0.0'## as fallback \|\|	181	5. ##REMOTE_ADDR## (fallback)
158	\|\| Configuration in Database: \|\|	182
159	\|\| - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs \|\|	183	Features:
160	\|\| - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##) \|\|	184	- Filters out private/reserved IP ranges
161	\|\| Example: \|\|	185	- Respects configured reverse proxy addresses
162	\|\| %%php	186	- Returns ##'0.0.0.0'## as fallback
		187
		188	Configuration in Database:
		189	- ##reverse_proxy_addresses## - Comma/space-separated proxy IPs
		190	- ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
		191
		192	Example:
		193	%%php
163	$client_ip = $http->ip; // e.g., "203.0.113.42"	194	$client_ip = $http->ip; // e.g., "203.0.113.42"
164	%% \|\|	195	%%
165	\|\| ---- \|\|	196
166	\|\| ==== HTTPS Detection ==== \|\|	197	----
167	\|\| ===== ##tls_session(): bool## (Private) ===== \|\|	198
168	\|\| Detects if current connection uses HTTPS/TLS. \|\|	199	==== HTTPS Detection ====
169	\|\| Checks (any being true = HTTPS): \|\|	200
170	\|\| - ##$_SERVER['HTTPS']## is 'on' \|\|	201	===== ##tls_session(): bool## (Private) =====
171	\|\| - ##$_SERVER['SERVER_PORT']## is 443 \|\|	202	Detects if current connection uses HTTPS/TLS.
172	\|\| - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https' \|\|	203
173	\|\| - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on' \|\|	204	Checks (any being true = HTTPS):
174	\|\| - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443 \|\|	205	- ##$_SERVER['HTTPS']## is 'on'
175	\|\| ---- \|\|	206	- ##$_SERVER['SERVER_PORT']## is 443
176	\|\| ==== Security Headers ==== \|\|	207	- ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https'
177	\|\| ===== ##http_security_headers(): void## ===== \|\|	208	- ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on'
178	\|\| Sets security-related HTTP headers. \|\|	209	- ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443
179	\|\| Headers Set: \|\|	210
180	\|\| Header \| Purpose \| Config Key \|\|	211	----
181	\|\| -------- \| --------- \| ------------ \|\|	212
182	\|\| Content-Security-Policy \| XSS/injection protection \| ##csp## \|\|	213	==== Security Headers ====
183	\|\| Permissions-Policy \| Control browser features \| ##permissions_policy## \|\|	214
184	\|\| Referrer-Policy \| Control referrer information \| ##referrer_policy## \|\|	215	===== ##http_security_headers(): void## =====
185	\|\| Strict-Transport-Security \| Force HTTPS \| Auto (TLS only) \|\|	216
186	\|\| X-Frame-Options \| Clickjacking protection \| Hardcoded: ##SAMEORIGIN## \|\|	217
187	\|\| X-Content-Type-Options \| MIME sniffing prevention \| Hardcoded: ##nosniff## \|\|	218	==== HTTP Methods ====
188	\|\| CSP Configuration Options: \|\|	219
189	\|\| - ##0## - Disabled \|\|	220	===== ##redirect($url, $permanent = false): void## =====
190	\|\| - ##1## - Default policy (from ##csp.conf##) \|\|	221	Performs an HTTP redirect.
191	\|\| - ##2## - Custom policy (from ##csp_custom.conf##) \|\|	222
192	\|\| Example: \|\|	223	Parameters:
193	\|\| %%php	224	- ##$url## (string) - Target URL
194	$http->http_security_headers();	225	- ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary)
195	%% \|\|	226
196	\|\| ---- \|\|	227	Features:
197	\|\| ==== HTTP Methods ==== \|\|	228	- Decodes ##&## entities to prevent broken redirects
198	\|\| ===== ##redirect($url, $permanent = false): void## ===== \|\|	229	- Only works if headers not yet sent
199	\|\| Performs an HTTP redirect. \|\|	230	- Uses output buffering to work anywhere in page processing
200	\|\| Parameters: \|\|	231
201	\|\| - ##$url## (string) - Target URL \|\|	232	Example:
202	\|\| - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary) \|\|	233	%%php
203	\|\| Features: \|\|
204	\|\| - Decodes ##&## entities to prevent broken redirects \|\|
205	\|\| - Only works if headers not yet sent \|\|
206	\|\| - Uses output buffering to work anywhere in page processing \|\|
207	\|\| Example: \|\|
208	\|\| %%php
209	$http->redirect('http://example.com/new-page', true); // 301	234	$http->redirect('http://example.com/new-page', true); // 301
210	$http->redirect('/wiki/HomePage'); // 302	235	$http->redirect('/wiki/HomePage'); // 302
211	%% \|\|	236	%%
212	\|\| ---- \|\|	237
213	\|\| ===== ##terminate(): void## ===== \|\|	238	----
214	\|\| Safe exit/die with cleanup. \|\|	239
215	\|\| Cleanup Operations: \|\|	240	===== ##terminate(): void## =====
216	\|\| - Saves diagnostic logs to session flash data \|\|	241	Safe exit/die with cleanup.
217	\|\| - Ends script execution \|\|	242
218	\|\| Example: \|\|	243	Cleanup Operations:
219	\|\| %%php	244	- Saves diagnostic logs to session flash data
		245	- Ends script execution
		246
		247	Example:
		248	%%php
220	$http->terminate();	249	$http->terminate();
221	%% \|\|	250	%%
222	\|\| ---- \|\|	251
223	\|\| ===== ##status($code): void## ===== \|\|	252	----
224	\|\| Sets HTTP response status code. \|\|	253
225	\|\| Supported Status Codes: \|\|	254	===== ##status($code): void## =====
226	\|\| %%php	255	Sets HTTP response status code.
		256
		257	Supported Status Codes:
		258	%%php
227	200 => 'OK'	259	200 => 'OK'
228	206 => 'Partial Content'	260	206 => 'Partial Content'
229	301 => 'Moved Permanently'	261	301 => 'Moved Permanently'
…	…	…	…
240	500 => 'Internal Server Error'	272	500 => 'Internal Server Error'
241	501 => 'Not Implemented'	273	501 => 'Not Implemented'
242	503 => 'Service Unavailable'	274	503 => 'Service Unavailable'
243	%% \|\|	275	%%
244	\|\| Example: \|\|	276
245	\|\| %%php	277	Example:
		278	%%php
246	$http->status(404); // Send 404 Not Found	279	$http->status(404); // Send 404 Not Found
247	%% \|\|	280	%%
248	\|\| ---- \|\|	281
249	\|\| ==== Caching Control ==== \|\|	282	----
250	\|\| ===== ##no_cache($client_only = true): void## ===== \|\|	283
251	\|\| Disables caching of the current page. \|\|	284	==== Caching Control ====
252	\|\| Parameters: \|\|	285
253	\|\| - ##$client_only## (bool, default: TRUE) \|\|	286	===== ##no_cache($client_only = true): void## =====
254	\|\| - ##TRUE##: Disable browser cache only \|\|	287	Disables caching of the current page.
255	\|\| - ##FALSE##: Disable both browser and server cache \|\|	288
256	\|\| Headers Set: \|\|	289	Parameters:
257	\|\| - ##Last-Modified: <current-time>## (always fresh) \|\|	290	- ##$client_only## (bool, default: TRUE)
258	\|\| - ##Cache-Control: no-store## \|\|	291	- ##TRUE##: Disable browser cache only
259	\|\| Example: \|\|	292	- ##FALSE##: Disable both browser and server cache
260	\|\| %%php	293
		294	Headers Set:
		295	- ##Last-Modified: <current-time>## (always fresh)
		296	- ##Cache-Control: no-store##
		297
		298	Example:
		299	%%php
261	$http->no_cache(); // Client-side only	300	$http->no_cache(); // Client-side only
262	$http->no_cache(false); // Both client & server	301	$http->no_cache(false); // Both client & server
263	%% \|\|	302	%%
264	\|\| ---- \|\|	303
265	\|\| ===== ##cache_promisc(): void## ===== \|\|	304	----
266	\|\| Marks page as publicly cacheable. \|\|	305
267	\|\| Headers Set: \|\|	306	===== ##cache_promisc(): void## =====
268	\|\| - ##Cache-Control: public## \|\|	307	Marks page as publicly cacheable.
269	\|\| Example: \|\|	308
270	\|\| %%php	309	Headers Set:
		310	- ##Cache-Control: public##
		311
		312	Example:
		313	%%php
271	$http->cache_promisc();	314	$http->cache_promisc();
272	%% \|\|	315	%%
273	\|\| ---- \|\|	316
274	\|\| ==== Language Negotiation ==== \|\|	317	----
275	\|\| ===== ##user_agent_language(): string## ===== \|\|	318
276	\|\| Determines best language based on browser preferences. \|\|	319	==== Language Negotiation ====
277	\|\| Features: \|\|	320
278	\|\| - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language) \|\|	321	===== ##user_agent_language(): string## =====
279	\|\| - Parses ##Accept-Language## header with quality factors \|\|	322	Determines best language based on browser preferences.
280	\|\| - Attempts exact match first, then language fallback \|\|	323
281	\|\| - Falls back to default system language \|\|	324	Features:
282	\|\| Example Header: \|\|	325	- Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
283	\|\| %%	326	- Parses ##Accept-Language## header with quality factors
		327	- Attempts exact match first, then language fallback
		328	- Falls back to default system language
		329
		330	Example Header:
		331	%%
284	Accept-Language: en-US,en;q=0.9,de;q=0.8	332	Accept-Language: en-US,en;q=0.9,de;q=0.8
285	%% \|\|	333	%%
286	\|\| Returns: \|\|	334
287	\|\| - Language code (e.g., 'en', 'en-US', 'de') \|\|	335	Returns:
288	\|\| ---- \|\|	336	- Language code (e.g., 'en', 'en-US', 'de')
289	\|\| ===== ##available_languages($subset = true): array## ===== \|\|	337
290	\|\| Returns list of available language translations. \|\|	338	----
291	\|\| Parameters: \|\|	339
292	\|\| - ##$subset## (bool, default: TRUE) \|\|	340	===== ##available_languages($subset = true): array## =====
293	\|\| - ##TRUE##: Only allowed languages \|\|	341	Returns list of available language translations.
294	\|\| - ##FALSE##: All available languages \|\|	342
295	\|\| Features: \|\|	343	Parameters:
296	\|\| - Scans ##LANG_DIR## for language files \|\|	344	- ##$subset## (bool, default: TRUE)
297	\|\| - Filters by ##allowed_languages## config if set \|\|	345	- ##TRUE##: Only allowed languages
298	\|\| - Caches result in session \|\|	346	- ##FALSE##: All available languages
299	\|\| - System language always included \|\|	347
300	\|\| Returns: \|\|	348	Features:
301	\|\| - Associative array: ##['en' => 'en', 'de' => 'de', ...]## \|\|	349	- Scans ##LANG_DIR## for language files
302	\|\| Example: \|\|	350	- Filters by ##allowed_languages## config if set
303	\|\| %%php	351	- Caches result in session
		352	- System language always included
		353
		354	Returns:
		355	- Associative array: ##['en' => 'en', 'de' => 'de', ...]##
		356
		357	Example:
		358	%%php
304	$all_langs = $http->available_languages(false);	359	$all_langs = $http->available_languages(false);
305	$allowed = $http->available_languages(true);	360	$allowed = $http->available_languages(true);
306	%% \|\|	361	%%
307	\|\| ---- \|\|	362
308	\|\| ==== File Serving ==== \|\|	363	----
309	\|\| ===== ##sendfile($path, $filename = null, $age = null): void## ===== \|\|	364
310	\|\| Serves files with proper HTTP headers and caching. \|\|	365	==== File Serving ====
311	\|\| Parameters: \|\|	366
312	\|\| - ##$path## (string) - File path (or HTTP_XXX constant for error pages) \|\|	367	===== ##sendfile($path, $filename = null, $age = null): void## =====
313	\|\| - ##$filename## (string, optional) - Custom download filename \|\|	368	Serves files with proper HTTP headers and caching.
314	\|\| - ##$age## (int, optional) - Cache age in days \|\|	369
315	\|\| Features: \|\|	370	Parameters:
316	\|\| - HTTP range request support (partial file downloads) \|\|	371	- ##$path## (string) - File path (or HTTP_XXX constant for error pages)
317	\|\| - ETag and Last-Modified conditional requests \|\|	372	- ##$filename## (string, optional) - Custom download filename
318	\|\| - Proper MIME type detection \|\|	373	- ##$age## (int, optional) - Cache age in days
319	\|\| - Content-Security-Policy for special file types \|\|	374
320	\|\| - Streaming for large files \|\|	375	Features:
321	\|\| - GZip compression for text files \|\|	376	- HTTP range request support (partial file downloads)
322	\|\| Special Paths: \|\|	377	- ETag and Last-Modified conditional requests
323	\|\| %%php	378	- Proper MIME type detection
		379	- Content-Security-Policy for special file types
		380	- Streaming for large files
		381	- GZip compression for text files
		382
		383	Special Paths:
		384	%%php
324	$http->sendfile(404); // Serves file defined by HTTP_404 constant	385	$http->sendfile(404); // Serves file defined by HTTP_404 constant
325	$http->sendfile(403); // Serves file defined by HTTP_403 constant	386	$http->sendfile(403); // Serves file defined by HTTP_403 constant
326	%% \|\|	387	%%
327	\|\| Example: \|\|	388
328	\|\| %%php	389	Example:
		390	%%php
329	$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);	391	$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
330	%% \|\|	392	%%
331	\|\| ---- \|\|	393
332	\|\| ===== ##mime_type($path): string## ===== \|\|	394	----
333	\|\| Returns MIME type for a file. \|\|	395
334	\|\| Returns: \|\|	396	===== ##mime_type($path): string## =====
335	\|\| - MIME type string (e.g., 'application/pdf') \|\|	397	Returns MIME type for a file.
336	\|\| - Default: ##'application/octet-stream'## \|\|	398
337	\|\| Example: \|\|	399	Returns:
338	\|\| %%php	400	- MIME type string (e.g., 'application/pdf')
		401	- Default: ##'application/octet-stream'##
		402
		403	Example:
		404	%%php
339	$mime = $http->mime_type('file.pdf'); // 'application/pdf'	405	$mime = $http->mime_type('file.pdf'); // 'application/pdf'
340	%% \|\|	406	%%
341	\|\| ---- \|\|	407
342	\|\| ===== ##mime_types(): array## (Private) ===== \|\|	408	----
343	\|\| Loads and caches MIME types from configuration. \|\|	409
344	\|\| Features: \|\|	410	===== ##mime_types(): array## (Private) =====
345	\|\| - Reads from ##config/mime.types## \|\|	411	Loads and caches MIME types from configuration.
346	\|\| - Caches to ##cache/config/mime.types## \|\|	412
347	\|\| - Reloads if config is updated \|\|	413	Features:
348	\|\| ---- \|\|	414	- Reads from ##config/mime.types##
349	\|\| ==== Compression ==== \|\|	415	- Caches to ##cache/config/mime.types##
350	\|\| ===== ##gzip(): void## ===== \|\|	416	- Reloads if config is updated
351	\|\| Compresses HTTP response with gzip/x-gzip. \|\|	417
352	\|\| Features: \|\|	418	----
353	\|\| - Manually implements gzip (not relying on zlib.output_compression) \|\|	419
354	\|\| - Produces correct ##Content-Length## header \|\|	420	==== Compression ====
355	\|\| - Only compresses if: \|\|	421
356	\|\| - 860 bytes < content < 1 MB \|\|	422	===== ##gzip(): void## =====
357	\|\| - Client accepts compression \|\|	423	Compresses HTTP response with gzip/x-gzip.
358	\|\| - Headers not already sent \|\|	424
359	\|\| Example: \|\|	425	Features:
360	\|\| %%php	426	- Manually implements gzip (not relying on zlib.output_compression)
		427	- Produces correct ##Content-Length## header
		428	- Only compresses if:
		429	- 860 bytes < content < 1 MB
		430	- Client accepts compression
		431	- Headers not already sent
		432
		433	Example:
		434	%%php
361	$http->gzip();	435	$http->gzip();
362	%% \|\|	436	%%
363	\|\| ---- \|\|	437
364	\|\| ==== Utility Methods ==== \|\|	438	----
365	\|\| ===== ##parse_str($str): array## (Private) ===== \|\|	439
366	\|\| Parses URL-encoded strings with special character handling. \|\|	440	==== Utility Methods ====
367	\|\| Purpose: \|\|	441
368	\|\| - Safely handles special characters in query/form data \|\|	442	===== ##parse_str($str): array## (Private) =====
369	\|\| - Converts encoding properly \|\|	443	Parses URL-encoded strings with special character handling.
370	\|\| Example: \|\|	444
371	\|\| %%php	445	Purpose:
		446	- Safely handles special characters in query/form data
		447	- Converts encoding properly
		448
		449	Example:
		450	%%php
372	$data = $http->parse_str('name=John&age=30');	451	$data = $http->parse_str('name=John&age=30');
373	%% \|\|	452	%%
374	\|\| ---- \|\|	453
375	\|\| ===== ##request_uri(): string## (Private) ===== \|\|	454	----
376	\|\| Extracts and normalizes REQUEST_URI from server. \|\|	455
377	\|\| Normalization: \|\|	456	===== ##request_uri(): string## (Private) =====
378	\|\| - Removes base URL prefix \|\|	457	Extracts and normalizes REQUEST_URI from server.
379	\|\| - Removes spaces \|\|	458
380	\|\| - Collapses multiple slashes \|\|	459	Normalization:
381	\|\| - Removes ##..## path traversal attempts \|\|	460	- Removes base URL prefix
382	\|\| - Removes leading/trailing slashes \|\|	461	- Removes spaces
383	\|\| ---- \|\|	462	- Collapses multiple slashes
384	\|\| ===== ##cut_prefix($prefix, $path): string## (Private) ===== \|\|	463	- Removes ##..## path traversal attempts
385	\|\| Removes prefix from path (case-insensitive). \|\|	464	- Removes leading/trailing slashes
386	\|\| ---- \|\|	465
387	\|\| ===== ##get_header_conf($file_name): string## (Private) ===== \|\|	466	----
388	\|\| Loads security header configuration from files. \|\|	467
389	\|\| Files Supported: \|\|	468	===== ##cut_prefix($prefix, $path): string## (Private) =====
390	\|\| - ##csp.conf## / ##csp_custom.conf## \|\|	469	Removes prefix from path (case-insensitive).
391	\|\| - ##permissions_policy.conf## / ##permissions_policy_custom.conf## \|\|	470
392	\|\| ---- \|\|	471	----
393	\|\| === Configuration Dependencies === \|\|	472
394	\|\| The class relies on these database configuration settings: \|\|	473	===== ##get_header_conf($file_name): string## (Private) =====
395	\|\| Setting \| Type \| Purpose \|\|	474	Loads security header configuration from files.
396	\|\| --------- \| ------ \| --------- \|\|	475
397	\|\| ##base_url## \| string \| Wiki's base URL \|\|	476	Files Supported:
398	\|\| ##tls## \| bool \| Enable HTTPS enforcement \|\|	477	- ##csp.conf## / ##csp_custom.conf##
399	\|\| ##cache## \| bool \| Enable page caching \|\|	478	- ##permissions_policy.conf## / ##permissions_policy_custom.conf##
400	\|\| ##cache_ttl## \| int \| Cache lifetime in seconds \|\|	479
401	\|\| ##session_store## \| int \| 1=File, 0=Database \|\|	480	----
402	\|\| ##system_seed_hash## \| string \| Session encryption seed \|\|	481
403	\|\| ##cookie_prefix## \| string \| Session cookie prefix \|\|	482	=== Configuration Dependencies ===
404	\|\| ##cookie_path## \| string \| Cookie path \|\|	483
405	\|\| ##allow_persistent_cookie## \| bool \| Allow persistent login \|\|	484
406	\|\| ##session_length## \| int \| Session lifetime in seconds \|\|	485
407	\|\| ##reverse_proxy_addresses## \| string \| Comma/space-separated proxy IPs \|\|	486	=== Constants Used ===
408	\|\| ##reverse_proxy_header## \| string \| Custom X-Forwarded header \|\|	487
409	\|\| ##language## \| string \| Default language code \|\|	488
410	\|\| ##multilanguage## \| bool \| Enable language negotiation \|\|
411	\|\| ##allowed_languages## \| string \| Comma/space-separated allowed langs \|\|
412	\|\| ##enable_security_headers## \| bool \| Send security headers \|\|
413	\|\| ##csp## \| int \| CSP setting (0/1/2) \|\|
414	\|\| ##permissions_policy## \| int \| Permissions-Policy setting (0/1/2) \|\|
415	\|\| ##referrer_policy## \| int \| Referrer-Policy setting (0-8) \|\|
416	\|\| ---- \|\|
417	\|\| === Constants Used === \|\|
418	\|\| Constant \| Type \| Purpose \|\|
419	\|\| ---------- \| ------ \| --------- \|\|
420	\|\| ##IN_WACKO## \| bool \| Security check (exit if not defined) \|\|
421	\|\| ##CHMOD_SAFE## \| int \| File permissions for cache files \|\|
422	\|\| ##CHMOD_FILE## \| int \| File permissions for config cache \|\|
423	\|\| ##CACHE_PAGE_DIR## \| string \| Page cache directory \|\|
424	\|\| ##CACHE_SESSION_DIR## \| string \| Session cache directory \|\|
425	\|\| ##CACHE_CONFIG_DIR## \| string \| Config cache directory \|\|
426	\|\| ##CONFIG_DIR## \| string \| Configuration directory \|\|
427	\|\| ##LANG_DIR## \| string \| Language files directory \|\|
428	\|\| ##DAYSECS## \| int \| Seconds in a day (86400) \|\|
429	\|\| ##HTTP_404## \| string \| Path to 404 error page \|\|
430	\|\| ##HTTP_403## \| string \| Path to 403 error page \|\|
431	\|#
432
433	----
434		489
435	=== Workflow Examples ===	490	=== Workflow Examples ===
436		491