<?php
/*
Plugin Name: AntiAspi
Version: auto
Description: Bloque les aspirateurs de sites
Plugin URI: http://piwigo.org/ext/extension_view.php?eid=225
Author: P@t + plg
Author URI: http://www.gauchon.com
*/

if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');

global $prefixeTable;

// +-----------------------------------------------------------------------+
// | Define plugin constants                                               |
// +-----------------------------------------------------------------------+

define('ANTIASPI_ID', basename(dirname(__FILE__)));
define('ANTIASPI_PATH', PHPWG_PLUGINS_PATH.ANTIASPI_ID.'/');
define('ANTIASPI_TABLE' , $prefixeTable . 'antiaspi_ip_ban');
define('ANTIASPI_LOG_TABLE' , $prefixeTable . 'antiaspi_log');
define('ANTIASPI_ADMIN',get_root_url().'admin.php?page=plugin-'.ANTIASPI_ID);

add_event_handler('init', 'antiaspi_init');
function antiaspi_init()
{
  global $conf;
  $conf['antiaspi'] = safe_unserialize($conf['antiaspi']);
}

add_event_handler('loc_end_section_init', 'antiaspi');

function antiaspi()
{
  global $user, $conf, $page;
  
  /*$antiaspi = array(
    'diff' => '20 pages in 00:00:10' , // IP bannie si 20 pages différentes vues en 10 secondes
    'same' => '15 pages in 00:00:30' , // IP bannie si 15 pages identiques vues en 30 secondes
    'banned during' => '23:59:59' ,    // IP bannie pendant hh:mm:ss
    'only guest' => true ,             // si true, ne banni pas les utilisateurs enregistrés
    'only picture' => false ,          // si true, ne compatibilise que les pages d'images
    'allowed ip' => array()            // tableau d'adresse ip autorisées (robots par exemple)
  );
  
  if (isset($conf['antiaspi']))
  {*/
    $antiaspi = safe_unserialize($conf['antiaspi']);
 // }

  if (is_admin() or ($antiaspi['only guest'] and !is_a_guest())) return;
  
  $Vip = $_SERVER["REMOTE_ADDR"];
  
  // Traitement des adresse ip autorisées
  if (!empty($antiaspi['allowed ip']))
  {
    $allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']);
    foreach ($allowed_ips as $ip)
    {
      if (preg_match("#" . $ip . "#", $Vip)) return;
    }
  }

  // cherche si le visiteur est interdit
  $query = 'SELECT ip
    FROM ' . ANTIASPI_TABLE . '
    WHERE ip="' . $Vip . '"
	AND date > ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';
   
	/* Change for subdate for change conf by nb day;
	AND date > SUBDATE(NOW(), INTERVAL ' . $antiaspi['banned during'] . ' DAY);';
	*/

  $result = pwg_query($query);

  while(list($ip) = pwg_db_fetch_row($result))
  {
    // Visiteur trouvé dans les IP interdites
    die("IP " . $ip . " banned for abuse.");
  }
  
  $diff_conf = explode(' pages in ', $antiaspi['diff']);
  $same_conf = explode(' pages in ', $antiaspi['same']);
  
  // nombre de fois ou le visiteur est passé dans les xxx dernières hh:mm:ss
  $query = '
SELECT
    COUNT(*)
  FROM ' . ANTIASPI_LOG_TABLE . '
  WHERE ip="' . $Vip . '"
    AND occured_on > ADDTIME(NOW(), "-' . $diff_conf[1] . '")
    ' . ($antiaspi['only picture'] ? 'AND image_id IS NOT NULL' : '') . '

UNION ALL

SELECT
    COUNT(*)
  FROM ' . ANTIASPI_LOG_TABLE . '
  WHERE ip="' . $Vip . '"
    AND occured_on > ADDTIME(NOW(), "-' . $same_conf[1] . '")
    AND category_id ' . (isset($page['category']['id']) ? '= ' . $page['category']['id'] : 'IS NULL') . '
    AND image_id ' . (isset($page['image_id']) ? '= ' . $page['image_id'] : 'IS NULL') . '
;';
  
  $result = pwg_query($query);

  list($diff) = pwg_db_fetch_row($result);
  list($same) = pwg_db_fetch_row($result);
  
  // si limite atteinte  ajouter dans la table des ip interdites.
  if ($diff >= $diff_conf[0] or $same >= $same_conf[0])
  {
    pwg_query('INSERT INTO ' . ANTIASPI_TABLE . ' (id, ip, date) values ("", "' . $Vip . '", NOW())');
  }

  $insert = '
INSERT
  INTO '.ANTIASPI_LOG_TABLE.'
  SET IP = \''.$Vip.'\'
    , occured_on = NOW()
    , image_id = '.(isset($page['image_id']) ? $page['image_id'] : 'NULL').'
    , category_id = '.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').'
;';
  pwg_query($insert);

  // automatic purge
  $query = '
DELETE
  FROM '.ANTIASPI_LOG_TABLE.'
  WHERE occured_on < LEAST(SUBTIME(NOW(), \''.$diff_conf[1].'\'), SUBTIME(NOW(), \''.$same_conf[1].'\'))
;';
  pwg_query($query);
}

// Plugin for admin
if (script_basename() == 'admin') {
    include_once(dirname(__FILE__) . '/initadmin.php');
}