Permalinks + PHP + NGINX find the right config?

A

Alexander Muskatin2019-08-30 08:24:02

PHP

Alexander Muskatin, 2019-08-30 08:24:02

There is a self-written script in which it is possible to turn on the CNC from the admin panel, but I decided not to attach the configs because there are many different http-servers.
What we have:
the classes.php file which contains various functions, one of which is responsible for the formation of permalinks

function permalink($url) {
  // url: the URL to be rewritten
  global $settings;

  if($settings['permalinks']) {
    $path['profile'] 			= 'index.php?a=profile';
    $path['group'] 				= 'index.php?a=group';
    $path['page'] 				= 'index.php?a=page';
    $path['feed']			 	= 'index.php?a=feed';
    $path['notifications'] 		= 'index.php?a=notifications';
    $path['settings'] 			= 'index.php?a=settings';
    $path['messages']			= 'index.php?a=messages';
    $path['post']				= 'index.php?a=post';
    $path['search']				= 'index.php?a=search';
    $path['info']				= 'index.php?a=info';
    $path['welcome']			= 'index.php?a=welcome';
    $path['recover']			= 'index.php?a=recover';
    $path['thumb']				= 'thumb.php';

    if(strpos($url, $path['profile'])) {
      $url = str_replace(array($path['profile'], '&u=', '&r=', '&filter='), array('profile', '/', '/', '/filter/'), $url);
    } elseif(strpos($url, $path['group'])) {
      $url = str_replace(array($path['group'], '&name=', '&r=', '&search=', '&friends=', '&deleted='), array('group', '/', '/', '/search/', '/friends/', '/deleted/'), $url);
    } elseif(strpos($url, $path['page'])) {
      $url = str_replace(array($path['page'], '&name=', '&r=', '&friends=', '&deleted='), array('page', '/', '/', '/friends/', '/deleted/'), $url);
    } elseif(strpos($url, $path['feed'])) {
      $url = str_replace(array($path['feed'], '&filter=', '&logout', '&token_id='), array('feed', '/filter/', '/logout', ''), $url);
    } elseif(strpos($url, $path['notifications'])) {
      $url = str_replace(array($path['notifications'], '&filter='), array('notifications', '/filter/'), $url);
    } elseif(strpos($url, $path['settings'])) {
      $url = str_replace(array($path['settings'], '&b='), array('settings', '/'), $url);
    } elseif(strpos($url, $path['messages'])) {
      $url = str_replace(array($path['messages'], '&u=', '&id='), array('messages', '/', '/'), $url);
    } elseif(strpos($url, $path['post'])) {
      $url = str_replace(array($path['post'], '&m='), array('post', '/'), $url);
    } elseif(strpos($url, $path['search'])) {
      $url = str_replace(array($path['search'], '&q=', '&tag=', '&pages=', '&groups=', '&filter=', '&age='), array('search', '/', '/tag/', '/pages/', '/groups/', '/filter/', '/age/'), $url);
    } elseif(strpos($url, $path['info'])) {
      $url = str_replace(array($path['info'], '&b='), array('info', '/'), $url);
    } elseif(strpos($url, $path['welcome'])) {
      $url = str_replace(array($path['welcome']), array('welcome'), $url);
    } elseif(strpos($url, $path['recover'])) {
      $url = str_replace(array($path['recover'], '&r=1'), array('recover', '/do/'), $url);
    } elseif(strpos($url, $path['thumb'])) {
      $url = str_replace(array($path['thumb'], '?t=', '&w=', '&h=', '&src='), array('thumb', '/', '/', '/', '/'), $url);
    }
  }

  return $url;
}

thumb.php file (based on TimThumb as I understand it)
https://pastebin.com/viKEGndg
My under-config

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /usr/local/openresty/nginx/html/default/public;
        index index.php index.html index.htm;
        server_name _;
        location / {
                try_files $uri $uri/ @php;
        }
        location @php {
                rewrite ^/(.*) /index.php?a=$1;
        }
        location ~ \.php {
                try_files $uri = 404;
                #fastcgi_pass 127.0.0.1:9000;
                fastcgi_pass unix:/run/php/php7.3-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
                include fastcgi_params;
        }

        # Server error pages to the static page /404.html.
        error_page  404              /404.html;
        location = /404.html {
                root /usr/local/openresty/nginx/html;
        }
        # Server error pages to the static page /50x.html.
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
                root /usr/local/openresty/nginx/html;
        }
}

What are the problems:
Links are shortened, but the real transition is only index.php?a=feed shortened to /feed and index.php?a=welcome to /welcome , respectively, the rest of the links are not executed - the content of either the /welcome page (in case the user not authorized) or /feed (the user is authorized, in this case index.php?a=settings still works, but when you go deeper, it again throws /feed to the home page with an address like /settings/avatar ), the address changes.
Thumb.php returns all dynamic images with code 404
DOMAIN/thumb.php?t=a&w=50&h=50&src=default.png - Permalinks OFF
DOMAIN/thumb/a/50/50/default.png - Permalinks ON
If anyone is interested in solving a puzzle, welcome.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

B

Boris Korobkov, 2019-08-30
@BorisKorobkov

Global variables and the if sheet is shitty code that is hard to find bugs and hard to maintain.
All this can be done in 3 lines:

$queryString = parse_url($url, PHP_URL_QUERY);
parse_str($queryString, $getValues);
return '/' . ($getValues['a']?? '')
   . (isset($getValues['filter'])? '/filter': '')
   . (isset($getValues['deleted'])? '/deleted': '');