Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 8 as of 05/05/2026 19:24
15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(15.2 KiB)
WikiAdmin
 Next edit →
Revision 16 as of 05/18/2026 05:05
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin

(18.4 KiB) +3,289
WikiAdmin

Version1 Version2 Differences
1 1 == HTTP Class Technical Documentation ==
2 2
  3 {{toc numerate=1}}  
3 4 === Overview ===
4 5
5 6 The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
23 24 || ##$method## | string | Current HTTP method/request type ||
24 25 |#
25 26
26   ==== Private Properties ====
27  
28  
  27 ====Private Properties====
  28
  29 #|
  30 *| Property | Type | Description |*
  31 || ##$db## | object | Database connection reference ||
  32 || ##$tls_mark## | string | Cookie name for TLS session marking ||
  33 || ##$page## | string | Current page name being processed ||
  34 || ##$hash## | string | SHA1 hash of the page name ||
  35 || ##$query## | string | Encoded query string ||
  36 || ##$lang## | string | Current language code ||
  37 || ##$file## | string | Cache file path ||
  38 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
  39 |#
  40
  41 ----
29 42 === Constructor ===
30 43
31   %%php
  44 %%(hl php)
32 45 public function __construct(&$db)
33 46 %%
34 47
46 59   6. Enforces TLS session upgrade if needed
47 60
48 61 **Example:**
49   %%php
  62 %%(hl php)
50 63 $http = new Http($db);
51 64 %%
52 65
70 83   - Recovers diagnostic logs from previous session
71 84
72 85 **Example:**
73   %%php
  86 %%(hl php)
74 87 $http->session(0); // Normal session
75 88 $http->session(2); // Static file serving mode
76 89 %%
93 106   - ✅ Only cached for anonymous users (no logged-in users)
94 107
95 108 **Example:**
96   %%php
  109 %%(hl php)
97 110 $http->check_cache('HomePage', 'show');
98 111 %%
99 112
100 113 ----
101 114
102   ===== ##store_cache(): void## =====
  115 =====##store_cache(): void##=====
103 116 Saves the generated page content to cache file.
104 117
105 118 **Features:**
109 122   - Only executes if caching flag is set and user is anonymous
110 123
111 124 **Example:**
112   %%php
  125 %%(hl php)
113 126 // Called at end of page rendering
114 127 $http->store_cache();
115 128 %%
132 145   4. Returns count of invalidated caches
133 146
134 147 **Example:**
135   %%php
  148 %%(hl php)
136 149 $count = $http->invalidate_page('HomePage');
137 150 echo "Invalidated $count cache entries";
138 151 %%
150 163   - Called when TLS session is detected
151 164
152 165 **Example:**
153   %%php
  166 %%(hl php)
154 167 $http->secure_base_url();
155 168 // $db->base_url now uses https://
156 169 %%
169 182   - Converts relative URLs using current server name
170 183
171 184 **Example:**
172   %%php
  185 %%(hl php)
173 186 $http->ensure_tls('/secure/payment');
174 187 %%
175 188
197 210   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
198 211
199 212 **Example:**
200   %%php
  213 %%(hl php)
201 214 $client_ip = $http->ip; // e.g., "203.0.113.42"
202 215 %%
203 216
219 232
220 233 ==== Security Headers ====
221 234
222   ===== ##http_security_headers(): void## =====
223  
224  
  235 =====##http_security_headers(): void##=====
  236
  237 Sets security-related HTTP headers.
  238
  239 **Headers Set:**
  240
  241 #|
  242 *| Header | Purpose | Config Key |*
  243 || Content-Security-Policy | XSS/injection protection | ##csp## ||
  244 || Permissions-Policy | Control browser features | ##permissions_policy## ||
  245 || Referrer-Policy | Control referrer information | ##referrer_policy## ||
  246 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
  247 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
  248 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
  249 |#
  250
  251 **CSP Configuration Options:**
  252   - ##0## - Disabled
  253   - ##1## - Default policy (from ##csp.conf##)
  254   - ##2## - Custom policy (from ##csp_custom.conf##)
  255
  256 **Example:**
  257 %%(hl php)
  258 $http->http_security_headers();
  259 %%
  260
  261 ----
225 262 ==== HTTP Methods ====
226 263
227 264 ===== ##redirect($url, $permanent = false): void## =====
237 274   - Uses output buffering to work anywhere in page processing
238 275
239 276 **Example:**
240   %%php
  277 %%(hl php)
241 278 $http->redirect('http://example.com/new-page', true); // 301
242 279 $http->redirect('/wiki/HomePage'); // 302
243 280 %%
252 289   - Ends script execution
253 290
254 291 **Example:**
255   %%php
  292 %%(hl php)
256 293 $http->terminate();
257 294 %%
258 295
262 299 Sets HTTP response status code.
263 300
264 301 **Supported Status Codes:**
265   %%php
  302 %%(hl php)
266 303 200 => 'OK'
267 304 206 => 'Partial Content'
268 305 301 => 'Moved Permanently'
282 319 %%
283 320
284 321 **Example:**
285   %%php
  322 %%(hl php)
286 323 $http->status(404); // Send 404 Not Found
287 324 %%
288 325
303 340   - ##Cache-Control: no-store##
304 341
305 342 **Example:**
306   %%php
  343 %%(hl php)
307 344 $http->no_cache(); // Client-side only
308 345 $http->no_cache(false); // Both client & server
309 346 %%
317 354   - ##Cache-Control: public##
318 355
319 356 **Example:**
320   %%php
  357 %%(hl php)
321 358 $http->cache_promisc();
322 359 %%
323 360
362 399   - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
363 400
364 401 **Example:**
365   %%php
  402 %%(hl php)
366 403 $all_langs = $http->available_languages(false);
367 404 $allowed = $http->available_languages(true);
368 405 %%
388 425   - GZip compression for text files
389 426
390 427 **Special Paths:**
391   %%php
  428 %%(hl php)
392 429 $http->sendfile(404); // Serves file defined by HTTP_404 constant
393 430 $http->sendfile(403); // Serves file defined by HTTP_403 constant
394 431 %%
395 432
396 433 **Example:**
397   %%php
  434 %%(hl php)
398 435 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
399 436 %%
400 437
408 445   - Default: ##'application/octet-stream'##
409 446
410 447 **Example:**
411   %%php
  448 %%(hl php)
412 449 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
413 450 %%
414 451
438 475   - Headers not already sent
439 476
440 477 **Example:**
441   %%php
  478 %%(hl php)
442 479 $http->gzip();
443 480 %%
444 481
454 491   - Converts encoding properly
455 492
456 493 **Example:**
457   %%php
  494 %%(hl php)
458 495 $data = $http->parse_str('name=John&age=30');
459 496 %%
460 497
486 523
487 524 ----
488 525
489   === Configuration Dependencies ===
490  
491  
492  
493   === Constants Used ===
494  
495  
  526 ===Configuration Dependencies===
  527
  528 The class relies on these database configuration settings:
  529
  530 #|
  531 *| Setting | Type | Purpose |*
  532 || ##base_url## | string | Wiki's base URL ||
  533 || ##tls## | bool | Enable HTTPS enforcement ||
  534 || ##cache## | bool | Enable page caching ||
  535 || ##cache_ttl## | int | Cache lifetime in seconds ||
  536 || ##session_store## | int | 1=File, 0=Database ||
  537 || ##system_seed_hash## | string | Session encryption seed ||
  538 || ##cookie_prefix## | string | Session cookie prefix ||
  539 || ##cookie_path## | string | Cookie path ||
  540 || ##allow_persistent_cookie## | bool | Allow persistent login ||
  541 || ##session_length## | int | Session lifetime in seconds ||
  542 || ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs ||
  543 || ##reverse_proxy_header## | string | Custom X-Forwarded header ||
  544 || ##language## | string | Default language code ||
  545 || ##multilanguage## | bool | Enable language negotiation ||
  546 || ##allowed_languages## | string | Comma/space-separated allowed langs ||
  547 || ##enable_security_headers## | bool | Send security headers ||
  548 || ##csp## | int | CSP setting (0/1/2) ||
  549 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||
  550 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||
  551 |#
  552
  553 ----
  554
  555 ===Constants Used===
  556
  557 #|
  558 *| Constant | Type | Purpose |*
  559 || ##IN_WACKO## | bool | Security check (exit if not defined) ||
  560 || ##CHMOD_SAFE## | int | File permissions for cache files ||
  561 || ##CHMOD_FILE## | int | File permissions for config cache ||
  562 || ##CACHE_PAGE_DIR## | string | Page cache directory ||
  563 || ##CACHE_SESSION_DIR## | string | Session cache directory ||
  564 || ##CACHE_CONFIG_DIR## | string | Config cache directory ||
  565 || ##CONFIG_DIR## | string | Configuration directory ||
  566 || ##LANG_DIR## | string | Language files directory ||
  567 || ##DAYSECS## | int | Seconds in a day (86400) ||
  568 || ##HTTP_404## | string | Path to 404 error page ||
  569 || ##HTTP_403## | string | Path to 403 error page ||
  570 |#
  571
  572 ----
496 573
497 574 === Workflow Examples ===
498 575
499   ==== Example 1: Handling a GET Request ====
500  
501   %%php
  576 ====Example 1: Handling a GET Request====
  577
  578 %%(hl php)
502 579 // In main wiki entry point
503 580 $http = new Http($db);
504 581 $http->session(0); // Start session
520 597
521 598 ==== Example 2: Handling TLS/HTTPS Upgrade ====
522 599
523   %%php
  600 %%(hl php)
524 601 $http = new Http($db); // Constructor detects TLS requirement
525 602 // If TLS is enabled and user wasn't in TLS before:
526 603 // - Sets TLS session flag
530 607
531 608 ==== Example 3: Invalidating Cache After Page Edit ====
532 609
533   %%php
  610 %%(hl php)
534 611 // User edits a page
535 612 $http = new Http($db);
536 613 $count = $http->invalidate_page('HomePage');
539 616
540 617 ==== Example 4: Serving a File ====
541 618
542   %%php
  619 %%(hl php)
543 620 $http = new Http($db);
544 621 $http->session(2); // Static file mode - no session replay prevention
545 622
614 691
615 692 The class integrates with WackoWiki's diagnostic system:
616 693
617   %%php
  694 %%(hl php)
618 695 // Diagnostic messages are preserved across redirects
619 696 // via session flash data
620 697