[3609] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: AntiAspi |
---|
[28323] | 4 | Version: auto |
---|
[3609] | 5 | Description: Bloque les aspirateurs de sites |
---|
[28323] | 6 | Plugin URI: http://piwigo.org/ext/extension_view.php?eid=225 |
---|
| 7 | Author: P@t + plg |
---|
[3609] | 8 | Author URI: http://www.gauchon.com |
---|
| 9 | */ |
---|
| 10 | |
---|
| 11 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 12 | |
---|
| 13 | global $prefixeTable; |
---|
| 14 | |
---|
[28323] | 15 | // +-----------------------------------------------------------------------+ |
---|
| 16 | // | Define plugin constants | |
---|
| 17 | // +-----------------------------------------------------------------------+ |
---|
| 18 | |
---|
| 19 | define('ANTIASPI_ID', basename(dirname(__FILE__))); |
---|
| 20 | define('ANTIASPI_PATH', PHPWG_PLUGINS_PATH.ANTIASPI_ID.'/'); |
---|
[3609] | 21 | define('ANTIASPI_TABLE' , $prefixeTable . 'antiaspi_ip_ban'); |
---|
[28323] | 22 | define('ANTIASPI_LOG_TABLE' , $prefixeTable . 'antiaspi_log'); |
---|
[31362] | 23 | define('ANTIASPI_ADMIN',get_root_url().'admin.php?page=plugin-'.ANTIASPI_ID); |
---|
[3609] | 24 | |
---|
| 25 | add_event_handler('loc_end_section_init', 'antiaspi'); |
---|
| 26 | |
---|
| 27 | function antiaspi() |
---|
| 28 | { |
---|
| 29 | global $user, $conf, $page; |
---|
| 30 | |
---|
[31370] | 31 | /*$antiaspi = array( |
---|
[3609] | 32 | 'diff' => '20 pages in 00:00:10' , // IP bannie si 20 pages différentes vues en 10 secondes |
---|
| 33 | 'same' => '15 pages in 00:00:30' , // IP bannie si 15 pages identiques vues en 30 secondes |
---|
| 34 | 'banned during' => '23:59:59' , // IP bannie pendant hh:mm:ss |
---|
| 35 | 'only guest' => true , // si true, ne banni pas les utilisateurs enregistrés |
---|
| 36 | 'only picture' => false , // si true, ne compatibilise que les pages d'images |
---|
| 37 | 'allowed ip' => array() // tableau d'adresse ip autorisées (robots par exemple) |
---|
| 38 | ); |
---|
| 39 | |
---|
| 40 | if (isset($conf['antiaspi'])) |
---|
[31370] | 41 | {*/ |
---|
| 42 | $antiaspi = safe_unserialize($conf['antiaspi']); |
---|
| 43 | // } |
---|
[3609] | 44 | |
---|
| 45 | if (is_admin() or ($antiaspi['only guest'] and !is_a_guest())) return; |
---|
| 46 | |
---|
| 47 | $Vip = $_SERVER["REMOTE_ADDR"]; |
---|
| 48 | |
---|
| 49 | // Traitement des adresse ip autorisées |
---|
| 50 | if (!empty($antiaspi['allowed ip'])) |
---|
| 51 | { |
---|
| 52 | $allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']); |
---|
| 53 | foreach ($allowed_ips as $ip) |
---|
| 54 | { |
---|
| 55 | if (preg_match("#" . $ip . "#", $Vip)) return; |
---|
| 56 | } |
---|
| 57 | } |
---|
| 58 | |
---|
| 59 | // cherche si le visiteur est interdit |
---|
| 60 | $query = 'SELECT ip |
---|
| 61 | FROM ' . ANTIASPI_TABLE . ' |
---|
| 62 | WHERE ip="' . $Vip . '" |
---|
[31372] | 63 | AND date > ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; |
---|
| 64 | |
---|
| 65 | /* Change for subdate for change conf by nb day; |
---|
| 66 | AND date > SUBDATE(NOW(), INTERVAL ' . $antiaspi['banned during'] . ' DAY);'; |
---|
| 67 | */ |
---|
[3609] | 68 | |
---|
| 69 | $result = pwg_query($query); |
---|
| 70 | |
---|
[21214] | 71 | while(list($ip) = pwg_db_fetch_row($result)) |
---|
[3609] | 72 | { |
---|
| 73 | // Visiteur trouvé dans les IP interdites |
---|
| 74 | die("IP " . $ip . " banned for abuse."); |
---|
| 75 | } |
---|
| 76 | |
---|
| 77 | $diff_conf = explode(' pages in ', $antiaspi['diff']); |
---|
| 78 | $same_conf = explode(' pages in ', $antiaspi['same']); |
---|
| 79 | |
---|
| 80 | // nombre de fois ou le visiteur est passé dans les xxx dernières hh:mm:ss |
---|
[28323] | 81 | $query = ' |
---|
| 82 | SELECT |
---|
| 83 | COUNT(*) |
---|
| 84 | FROM ' . ANTIASPI_LOG_TABLE . ' |
---|
| 85 | WHERE ip="' . $Vip . '" |
---|
| 86 | AND occured_on > ADDTIME(NOW(), "-' . $diff_conf[1] . '") |
---|
[3609] | 87 | ' . ($antiaspi['only picture'] ? 'AND image_id IS NOT NULL' : '') . ' |
---|
| 88 | |
---|
[28323] | 89 | UNION ALL |
---|
[3609] | 90 | |
---|
[28323] | 91 | SELECT |
---|
| 92 | COUNT(*) |
---|
| 93 | FROM ' . ANTIASPI_LOG_TABLE . ' |
---|
| 94 | WHERE ip="' . $Vip . '" |
---|
| 95 | AND occured_on > ADDTIME(NOW(), "-' . $same_conf[1] . '") |
---|
[3609] | 96 | AND category_id ' . (isset($page['category']['id']) ? '= ' . $page['category']['id'] : 'IS NULL') . ' |
---|
[28323] | 97 | AND image_id ' . (isset($page['image_id']) ? '= ' . $page['image_id'] : 'IS NULL') . ' |
---|
| 98 | ;'; |
---|
[3609] | 99 | |
---|
| 100 | $result = pwg_query($query); |
---|
| 101 | |
---|
[21214] | 102 | list($diff) = pwg_db_fetch_row($result); |
---|
| 103 | list($same) = pwg_db_fetch_row($result); |
---|
[3609] | 104 | |
---|
| 105 | // si limite atteinte ajouter dans la table des ip interdites. |
---|
| 106 | if ($diff >= $diff_conf[0] or $same >= $same_conf[0]) |
---|
| 107 | { |
---|
| 108 | pwg_query('INSERT INTO ' . ANTIASPI_TABLE . ' (id, ip, date) values ("", "' . $Vip . '", NOW())'); |
---|
| 109 | } |
---|
[28323] | 110 | |
---|
| 111 | $insert = ' |
---|
| 112 | INSERT |
---|
| 113 | INTO '.ANTIASPI_LOG_TABLE.' |
---|
| 114 | SET IP = \''.$Vip.'\' |
---|
| 115 | , occured_on = NOW() |
---|
| 116 | , image_id = '.(isset($page['image_id']) ? $page['image_id'] : 'NULL').' |
---|
| 117 | , category_id = '.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').' |
---|
| 118 | ;'; |
---|
| 119 | pwg_query($insert); |
---|
| 120 | |
---|
| 121 | // automatic purge |
---|
| 122 | $query = ' |
---|
| 123 | DELETE |
---|
| 124 | FROM '.ANTIASPI_LOG_TABLE.' |
---|
| 125 | WHERE occured_on < LEAST(SUBTIME(NOW(), \''.$diff_conf[1].'\'), SUBTIME(NOW(), \''.$same_conf[1].'\')) |
---|
| 126 | ;'; |
---|
| 127 | pwg_query($query); |
---|
[3609] | 128 | } |
---|
[31362] | 129 | |
---|
| 130 | // Plugin for admin |
---|
| 131 | if (script_basename() == 'admin') { |
---|
| 132 | include_once(dirname(__FILE__) . '/initadmin.php'); |
---|
| 133 | } |
---|