Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 7 as of 05/05/2026 19:23
15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(14.8 KiB)
WikiAdmin
 Next edit →
Revision 16 as of 05/18/2026 05:05
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin

(18.4 KiB) +3,705
WikiAdmin

Merge of Version1 & Version2
1 == HTTP Class Technical Documentation ==
2
3 {{toc numerate=1}}
4 === Overview ===
5
6 The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
13
14 === Class Properties ===
15
16 ====Public Properties====
17
18 #|
19 *| Property | Type | Description |*
20 || ##$tls_session## | bool | Indicates if the current session uses HTTPS/TLS encryption ||
21 || ##$request_uri## | string | Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') ||
22 || ##$ip## | string | Client's real IP address (accounts for proxies) ||
23 || ##$sess## | Session | Reference to the Session object ||
24 || ##$method## | string | Current HTTP method/request type ||
25 |#
26
27 ====Private Properties====
28
29 #|
30 *| Property | Type | Description |*
31 || ##$db## | object | Database connection reference ||
32 || ##$tls_mark## | string | Cookie name for TLS session marking ||
33 || ##$page## | string | Current page name being processed ||
34 || ##$hash## | string | SHA1 hash of the page name ||
35 || ##$query## | string | Encoded query string ||
36 || ##$lang## | string | Current language code ||
37 || ##$file## | string | Cache file path ||
38 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
39 |#
40
41 ----
42 === Constructor ===
43
44 %%php(hl php)
45 public function __construct(&$db)
46 %%
47
59   6. Enforces TLS session upgrade if needed
60
61 **Example:**
62 %%php(hl php)
63 $http = new Http($db);
64 %%
65
83   - Recovers diagnostic logs from previous session
84
85 **Example:**
86 %%php(hl php)
87 $http->session(0); // Normal session
88 $http->session(2); // Static file serving mode
89 %%
106   - ✅ Only cached for anonymous users (no logged-in users)
107
108 **Example:**
109 %%php(hl php)
110 $http->check_cache('HomePage', 'show');
111 %%
112
113 ----
114
115 ===== ##store_cache(): void## ##store_cache(): void##=====
116 Saves the generated page content to cache file.
117
118 **Features:**
122   - Only executes if caching flag is set and user is anonymous
123
124 **Example:**
125 %%php(hl php)
126 // Called at end of page rendering
127 $http->store_cache();
128 %%
145   4. Returns count of invalidated caches
146
147 **Example:**
148 %%php(hl php)
149 $count = $http->invalidate_page('HomePage');
150 echo "Invalidated $count cache entries";
151 %%
163   - Called when TLS session is detected
164
165 **Example:**
166 %%php(hl php)
167 $http->secure_base_url();
168 // $db->base_url now uses https://
169 %%
182   - Converts relative URLs using current server name
183
184 **Example:**
185 %%php(hl php)
186 $http->ensure_tls('/secure/payment');
187 %%
188
210   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
211
212 **Example:**
213 %%php(hl php)
214 $client_ip = $http->ip; // e.g., "203.0.113.42"
215 %%
216
232
233 ==== Security Headers ====
234
235 =====##http_security_headers(): void##=====
236
237 Sets security-related HTTP headers.
238
239 **Headers Set:**
240
241 #|
242 *| Header | Purpose | Config Key |*
243 || Content-Security-Policy | XSS/injection protection | ##csp## ||
244 || Permissions-Policy | Control browser features | ##permissions_policy## ||
245 || Referrer-Policy | Control referrer information | ##referrer_policy## ||
246 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
247 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
248 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
249 |#
250
251 **CSP Configuration Options:**
252   - ##0## - Disabled
253   - ##1## - Default policy (from ##csp.conf##)
254   - ##2## - Custom policy (from ##csp_custom.conf##)
255
256 **Example:**
257 %%(hl php)
258 $http->http_security_headers();
259 %%
260
261 ----
262 ==== HTTP Methods ====
263
264 ===== ##redirect($url, $permanent = false): void## =====
274   - Uses output buffering to work anywhere in page processing
275
276 **Example:**
277 %%php(hl php)
278 $http->redirect('http://example.com/new-page', true); // 301
279 $http->redirect('/wiki/HomePage'); // 302
280 %%
289   - Ends script execution
290
291 **Example:**
292 %%php(hl php)
293 $http->terminate();
294 %%
295
299 Sets HTTP response status code.
300
301 **Supported Status Codes:**
302 %%php(hl php)
303 200 => 'OK'
304 206 => 'Partial Content'
305 301 => 'Moved Permanently'
319 %%
320
321 **Example:**
322 %%php(hl php)
323 $http->status(404); // Send 404 Not Found
324 %%
325
340   - ##Cache-Control: no-store##
341
342 **Example:**
343 %%php(hl php)
344 $http->no_cache(); // Client-side only
345 $http->no_cache(false); // Both client & server
346 %%
354   - ##Cache-Control: public##
355
356 **Example:**
357 %%php(hl php)
358 $http->cache_promisc();
359 %%
360
399   - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
400
401 **Example:**
402 %%php(hl php)
403 $all_langs = $http->available_languages(false);
404 $allowed = $http->available_languages(true);
405 %%
425   - GZip compression for text files
426
427 **Special Paths:**
428 %%php(hl php)
429 $http->sendfile(404); // Serves file defined by HTTP_404 constant
430 $http->sendfile(403); // Serves file defined by HTTP_403 constant
431 %%
432
433 **Example:**
434 %%php(hl php)
435 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
436 %%
437
445   - Default: ##'application/octet-stream'##
446
447 **Example:**
448 %%php(hl php)
449 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
450 %%
451
475   - Headers not already sent
476
477 **Example:**
478 %%php(hl php)
479 $http->gzip();
480 %%
481
491   - Converts encoding properly
492
493 **Example:**
494 %%php(hl php)
495 $data = $http->parse_str('name=John&age=30');
496 %%
497
523
524 ----
525
526 ===Configuration Dependencies===
527
528 The class relies on these database configuration settings:
529
530 #|
531 *| Setting | Type | Purpose |*
532 || ##base_url## | string | Wiki's base URL ||
533 || ##tls## | bool | Enable HTTPS enforcement ||
534 || ##cache## | bool | Enable page caching ||
535 || ##cache_ttl## | int | Cache lifetime in seconds ||
536 || ##session_store## | int | 1=File, 0=Database ||
537 || ##system_seed_hash## | string | Session encryption seed ||
538 || ##cookie_prefix## | string | Session cookie prefix ||
539 || ##cookie_path## | string | Cookie path ||
540 || ##allow_persistent_cookie## | bool | Allow persistent login ||
541 || ##session_length## | int | Session lifetime in seconds ||
542 || ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs ||
543 || ##reverse_proxy_header## | string | Custom X-Forwarded header ||
544 || ##language## | string | Default language code ||
545 || ##multilanguage## | bool | Enable language negotiation ||
546 || ##allowed_languages## | string | Comma/space-separated allowed langs ||
547 || ##enable_security_headers## | bool | Send security headers ||
548 || ##csp## | int | CSP setting (0/1/2) ||
549 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||
550 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||
551 |#
552
553 ----
554
555 ===Constants Used===
556
557 #|
558 *| Constant | Type | Purpose |*
559 || ##IN_WACKO## | bool | Security check (exit if not defined) ||
560 || ##CHMOD_SAFE## | int | File permissions for cache files ||
561 || ##CHMOD_FILE## | int | File permissions for config cache ||
562 || ##CACHE_PAGE_DIR## | string | Page cache directory ||
563 || ##CACHE_SESSION_DIR## | string | Session cache directory ||
564 || ##CACHE_CONFIG_DIR## | string | Config cache directory ||
565 || ##CONFIG_DIR## | string | Configuration directory ||
566 || ##LANG_DIR## | string | Language files directory ||
567 || ##DAYSECS## | int | Seconds in a day (86400) ||
568 || ##HTTP_404## | string | Path to 404 error page ||
569 || ##HTTP_403## | string | Path to 403 error page ||
570 |#
571
572 ----
573
574 === Workflow Examples ===
575
576 ==== Example 1: Handling a GET Request Example 1: Handling a GET Request====
577
578 %%php(hl php)
579 // In main wiki entry point
580 $http = new Http($db);
581 $http->session(0); // Start session
597
598 ==== Example 2: Handling TLS/HTTPS Upgrade ====
599
600 %%php(hl php)
601 $http = new Http($db); // Constructor detects TLS requirement
602 // If TLS is enabled and user wasn't in TLS before:
603 // - Sets TLS session flag
607
608 ==== Example 3: Invalidating Cache After Page Edit ====
609
610 %%php(hl php)
611 // User edits a page
612 $http = new Http($db);
613 $count = $http->invalidate_page('HomePage');
616
617 ==== Example 4: Serving a File ====
618
619 %%php(hl php)
620 $http = new Http($db);
621 $http->session(2); // Static file mode - no session replay prevention
622
691
692 The class integrates with WackoWiki's diagnostic system:
693
694 %%php(hl php)
695 // Diagnostic messages are preserved across redirects
696 // via session flash data
697