1 | <?php |
---|
2 | /* |
---|
3 | Plugin Name: AntiAspi |
---|
4 | Version: 2.0.b |
---|
5 | Description: Bloque les aspirateurs de sites |
---|
6 | Plugin URI: http://phpwebgallery.net/ext/extension_view.php?eid=225 |
---|
7 | Author: P@t |
---|
8 | Author URI: http://www.gauchon.com |
---|
9 | */ |
---|
10 | |
---|
11 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
12 | |
---|
13 | global $prefixeTable; |
---|
14 | |
---|
15 | define('ANTIASPI_TABLE' , $prefixeTable . 'antiaspi_ip_ban'); |
---|
16 | |
---|
17 | add_event_handler('loc_end_section_init', 'antiaspi'); |
---|
18 | |
---|
19 | function antiaspi() |
---|
20 | { |
---|
21 | global $user, $conf, $page; |
---|
22 | |
---|
23 | $antiaspi = array( |
---|
24 | 'diff' => '20 pages in 00:00:10' , // IP bannie si 20 pages différentes vues en 10 secondes |
---|
25 | 'same' => '15 pages in 00:00:30' , // IP bannie si 15 pages identiques vues en 30 secondes |
---|
26 | 'banned during' => '23:59:59' , // IP bannie pendant hh:mm:ss |
---|
27 | 'only guest' => true , // si true, ne banni pas les utilisateurs enregistrés |
---|
28 | 'only picture' => false , // si true, ne compatibilise que les pages d'images |
---|
29 | 'allowed ip' => array() // tableau d'adresse ip autorisées (robots par exemple) |
---|
30 | ); |
---|
31 | |
---|
32 | if (isset($conf['antiaspi'])) |
---|
33 | { |
---|
34 | $antiaspi = array_merge($antiaspi, $conf['antiaspi']); |
---|
35 | } |
---|
36 | |
---|
37 | if (is_admin() or ($antiaspi['only guest'] and !is_a_guest())) return; |
---|
38 | |
---|
39 | $Vip = $_SERVER["REMOTE_ADDR"]; |
---|
40 | |
---|
41 | // Traitement des adresse ip autorisées |
---|
42 | if (!empty($antiaspi['allowed ip'])) |
---|
43 | { |
---|
44 | $allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']); |
---|
45 | foreach ($allowed_ips as $ip) |
---|
46 | { |
---|
47 | if (preg_match("#" . $ip . "#", $Vip)) return; |
---|
48 | } |
---|
49 | } |
---|
50 | |
---|
51 | // cherche si le visiteur est interdit |
---|
52 | $query = 'SELECT ip |
---|
53 | FROM ' . ANTIASPI_TABLE . ' |
---|
54 | WHERE ip="' . $Vip . '" |
---|
55 | AND date > ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; |
---|
56 | |
---|
57 | $result = pwg_query($query); |
---|
58 | |
---|
59 | while(list($ip) = mysql_fetch_row($result)) |
---|
60 | { |
---|
61 | // Visiteur trouvé dans les IP interdites |
---|
62 | die("IP " . $ip . " banned for abuse."); |
---|
63 | } |
---|
64 | |
---|
65 | $diff_conf = explode(' pages in ', $antiaspi['diff']); |
---|
66 | $same_conf = explode(' pages in ', $antiaspi['same']); |
---|
67 | |
---|
68 | // nombre de fois ou le visiteur est passé dans les xxx dernières hh:mm:ss |
---|
69 | $query = 'SELECT COUNT(*) |
---|
70 | FROM ' . HISTORY_TABLE . ' |
---|
71 | WHERE ip="' . $Vip . '" |
---|
72 | AND date = CURDATE() |
---|
73 | AND time > ADDTIME(CURTIME(), "-' . $diff_conf[1] . '") |
---|
74 | ' . ($antiaspi['only picture'] ? 'AND image_id IS NOT NULL' : '') . ' |
---|
75 | |
---|
76 | UNION ALL |
---|
77 | |
---|
78 | SELECT COUNT(*) |
---|
79 | FROM ' . HISTORY_TABLE . ' |
---|
80 | WHERE ip="' . $Vip . '" |
---|
81 | AND date = CURDATE() |
---|
82 | AND time > ADDTIME(CURTIME(), "-' . $same_conf[1] . '") |
---|
83 | AND category_id ' . (isset($page['category']['id']) ? '= ' . $page['category']['id'] : 'IS NULL') . ' |
---|
84 | AND image_id ' . (isset($page['image_id']) ? '= ' . $page['image_id'] : 'IS NULL') . ';'; |
---|
85 | |
---|
86 | $result = pwg_query($query); |
---|
87 | |
---|
88 | list($diff) = mysql_fetch_row($result); |
---|
89 | list($same) = mysql_fetch_row($result); |
---|
90 | |
---|
91 | // si limite atteinte ajouter dans la table des ip interdites. |
---|
92 | if ($diff >= $diff_conf[0] or $same >= $same_conf[0]) |
---|
93 | { |
---|
94 | pwg_query('INSERT INTO ' . ANTIASPI_TABLE . ' (id, ip, date) values ("", "' . $Vip . '", NOW())'); |
---|
95 | } |
---|
96 | } |
---|
97 | |
---|
98 | ?> |
---|