Changeset 31953 for extensions/AntiAspi
- Timestamp:
- Nov 28, 2018, 10:18:04 AM (5 years ago)
- Location:
- extensions/AntiAspi
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/AntiAspi/admin.php
r31952 r31953 1 1 <?php 2 2 3 if (!defined('PHPWG_ROOT_PATH')) 4 die('Hacking attempt!'); 3 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); 4 5 5 global $template, $conf, $user; 6 6 7 include_once(PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php'); 8 7 9 load_language('plugin.lang', ANTIASPI_PATH); 10 8 11 $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugin-'; //get_admin_plugin_menu_link(__FILE__); 9 12 … … 11 14 // | Check Access and exit when user status is not ok | 12 15 // +-----------------------------------------------------------------------+ 16 13 17 check_status(ACCESS_ADMINISTRATOR); 14 18 15 19 //-------------------------------------------------------- sections definitions 20 16 21 if (!isset($_GET['tab'])) 17 $page['tab'] = 'ipban'; 22 { 23 $page['tab'] = 'ipban'; 24 } 18 25 else 19 $page['tab'] = $_GET['tab']; 20 $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css')); 26 { 27 $page['tab'] = $_GET['tab']; 28 } 21 29 30 $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css')); 22 31 23 24 $tabsheet->add('ipban', l10n('IP ban'), ANTIASPI_ADMIN . '-ipban');25 $tabsheet->add('ipconfig', l10n('Configuration'), ANTIASPI_ADMIN . '-ipconfig ');26 27 32 $tabsheet = new tabsheet(); 33 $tabsheet->add('ipban', '<i class="icon-network"></i> '.l10n('IP addresses'), ANTIASPI_ADMIN . '-ipban'); 34 $tabsheet->add('ipconfig', '<i class="icon-tools"></i> '.l10n('Configuration'), ANTIASPI_ADMIN . '-ipconfig '); 35 $tabsheet->select($page['tab']); 36 $tabsheet->assign(); 28 37 29 switch ($page['tab']) { 30 case 'ipban': 31 $template->assign( 32 'ipbangest', array( 33 'A' => 'a', 34 )); 35 $ipban = pwg_query("SELECT * FROM " . ANTIASPI_TABLE . ";"); 36 $antiaspi = safe_unserialize($conf['antiaspi']); 37 38 $admin_base_url = ANTIASPI_ADMIN . '-ipban'; 39 if (pwg_db_num_rows($ipban)) { 40 while ($ipban2 = pwg_db_fetch_assoc($ipban)) { 41 42 $items = array( 43 'ID' => $ipban2['id'], 44 'IP' => $ipban2['ip'], 45 'DATE' => $ipban2['date'], 46 'U_DELETE' => $admin_base_url . '&delete=' . $ipban2['id'], 47 'U_EDIT' => $admin_base_url . '&edit=' . $ipban2['id'], 48 ); 38 if ('ipban' == $page['tab']) 39 { 40 $template->assign( 41 'ipbangest', 42 array( 43 'A' => 'a', 44 ) 45 ); 49 46 50 $template->append('ipban2', $items); 51 } 52 } 53 54 if (isset($_GET['delete'])) { 47 $query = ' 48 SELECT 49 *, 50 IF (date > SUBTIME(NOW(), "'.$conf['antiaspi']['banned during'].'"), "active", "deprecated") AS status 51 FROM '.ANTIASPI_TABLE.' 52 ORDER BY id DESC 53 ;'; 54 $ipban = pwg_query($query); 55 55 56 $antiaspi = safe_unserialize($conf['antiaspi']); 57 58 $admin_base_url = ANTIASPI_ADMIN . '-ipban'; 59 if (pwg_db_num_rows($ipban)) 60 { 61 while ($ipban2 = pwg_db_fetch_assoc($ipban)) 62 { 63 $items = array( 64 'ID' => $ipban2['id'], 65 'IP' => $ipban2['ip'], 66 'DATE' => $ipban2['date'], 67 'STATUS' => $ipban2['status'], 68 'U_DELETE' => $admin_base_url . '&delete=' . $ipban2['id'], 69 ); 70 71 $template->append('ipban2', $items); 72 } 73 } 74 75 if (isset($_GET['delete'])) 76 { 56 77 check_input_parameter('delete', $_GET, false, PATTERN_ID); 78 57 79 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE id = ' . $_GET['delete'] . ';'; 58 80 pwg_query($query); … … 62 84 } 63 85 64 if (isset($_POST['submitdeleteall'])) { 65 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';'; 86 if (isset($_POST['submitdeleteall'])) 87 { 88 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';'; 66 89 pwg_query($query); 67 90 redirect($admin_base_url); 68 91 } 69 if (isset($_POST['submitdeletedeprecated'])) { 70 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; 71 pwg_query($query); 72 redirect($admin_base_url); 92 93 if (isset($_POST['submitdeletedeprecated'])) 94 { 95 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; 96 pwg_query($query); 97 redirect($admin_base_url); 73 98 } 74 break;75 case 'ipconfig':76 antiaspi_check_old_conf();77 global $conf, $template;78 $admin_base_url = ANTIASPI_ADMIN . '-ipconfig';79 $antiaspi = safe_unserialize($conf['antiaspi']);80 /*81 $conf['antiaspi'] = array(82 'diff' => '20 pages in 00:00:10' , // IP banned if 20 different pages viewed in 10 seconds83 'same' => '15 pages in 00:00:30' , // IP banned if same 15 pages viewed in 30 seconds84 'banned during' => '23:59:59' , // IP banned during hh:mm:ss85 'only guest' => true , // If true, don't ban registered users86 'only picture' => false , // If true, apply antiaspi only on picture page87 'allowed ip' => array() // Autorized IP (robots for example)88 );89 */90 $diff = explode(" pages in ", $antiaspi['diff']);91 $tempsdiff= explode(":", $diff[1]);92 $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60);93 99 94 $same = explode(" pages in ", $antiaspi['same']); 95 $tempssame= explode(":", $same[1]); 96 $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60); 100 $i = 0; 101 while ($i < count($antiaspi['allowed ip'])) 102 { 103 $items = array( 104 'IP' => $antiaspi['allowed ip'][$i], 105 'U_DELETE' => $admin_base_url . '&deleteallowed='.$i , 106 ); 97 107 98 $onlyguest = array( 99 l10n('Yes'), 100 l10n('No'), 101 ); 102 $onlyguestv = array( 103 true, 104 false, 105 ); 106 $onlypicture = array( 107 l10n('Yes'), 108 l10n('No'), 109 ); 110 $onlypicturev = array( 111 true, 112 false, 113 ); 114 $template->assign( 115 'ipconfiggest', array( 116 'DIFFA' => $diff[0], 117 'DIFFB' => $tempsdiffsec, 118 'SAMEA' => $same[0], 119 'SAMEB' => $tempssamesec, 120 'ONLYGUEST' => $onlyguest, 121 'ONLYGUESTV' => $onlyguestv, 122 'ONLYGUESTSELECT' => $antiaspi['only guest'], 123 'ONLYPICTURE' => $onlypicture, 124 'ONLYPICTUREV' => $onlypicturev, 125 'ONLYPICTURESELECT' => $antiaspi['only picture'], 126 )); 127 $i = 0; 128 while ($i < count($antiaspi['allowed ip'])) { 108 $template->append('allowip', $items); 109 $i++; 110 } 129 111 130 $items = array( 131 'IP' => $antiaspi['allowed ip'][$i], 132 'U_DELETE' => $admin_base_url . '&delete='.$i , 133 ); 112 if (isset($_POST['submitaddipallowed'])) 113 { 114 $i = 0; 115 while ($i < count($antiaspi['allowed ip'])) 116 { 117 if ($_POST['insipallowed']==$antiaspi['allowed ip'][$i]) 118 { 119 $_SESSION['page_errors'] = array(l10n('IP already allowed')); 120 redirect($admin_base_url); 121 } 122 $i++; 123 } 134 124 135 $template->append('allowip', $items); 136 $i++; 125 $antiaspi['allowed ip'][] = $_POST['insipallowed']; 126 conf_update_param('antiaspi', $antiaspi, true); 127 redirect($admin_base_url); 137 128 } 138 139 140 /*$time = '7000';141 echo date('h:i:s', $time);142 */143 129 144 if (isset($_POST['submitconfban'])) { 145 /*$time = date('h:i:s', $_POST['insdiffb']); revoir fonction date HS ?*/ 146 $antiaspi['diff']=$_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb'])); 147 $antiaspi['same']=$_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb'])); 148 $antiaspi['only guest']=$_POST['insonlyguest']; 149 $antiaspi['only picture']=$_POST['insonlypicturet']; 150 151 conf_update_param('antiaspi', $antiaspi); 152 redirect($admin_base_url); 130 if (isset($_GET['deleteallowed'])) 131 { 132 check_input_parameter('deleteallowed', $_GET, false, PATTERN_ID); 133 134 unset($antiaspi['allowed ip'][ $_GET['deleteallowed'] ]); 135 136 $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']); 137 conf_update_param('antiaspi', $antiaspi); 138 redirect($admin_base_url); 139 } 153 140 } 154 141 155 if (isset($_POST['submitaddipallowed'])) { 156 $i = 0; 157 while ($i < count($antiaspi['allowed ip'])) { 158 if($_POST['insipallowed']==$antiaspi['allowed ip'][$i]) 159 { 160 $_SESSION['page_errors'] = array(l10n('IP already allowed')); 161 redirect($admin_base_url); 162 } 163 $i++; 164 }; 142 if ('ipconfig' == $page['tab']) 143 { 144 antiaspi_check_old_conf(); 165 145 166 $antiaspi['allowed ip'][]=$_POST['insipallowed']; 167 conf_update_param('antiaspi', $antiaspi); 168 redirect($admin_base_url); 146 $admin_base_url = ANTIASPI_ADMIN . '-ipconfig'; 147 $antiaspi = safe_unserialize($conf['antiaspi']); 148 149 $diff = explode(" pages in ", $antiaspi['diff']); 150 $tempsdiff= explode(":", $diff[1]); 151 $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60); 152 153 $same = explode(" pages in ", $antiaspi['same']); 154 $tempssame= explode(":", $same[1]); 155 $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60); 156 157 $onlyguest = array(l10n('Yes'), l10n('No')); 158 $onlyguestv = array(true, false); 159 $onlypicture = array(l10n('Yes'), l10n('No')); 160 $onlypicturev = array(true,false); 161 162 $template->assign( 163 'ipconfiggest', 164 array( 165 'DIFFA' => $diff[0], 166 'DIFFB' => $tempsdiffsec, 167 'SAMEA' => $same[0], 168 'SAMEB' => $tempssamesec, 169 'ONLYGUEST' => $onlyguest, 170 'ONLYGUESTV' => $onlyguestv, 171 'ONLYGUESTSELECT' => $antiaspi['only guest'], 172 'ONLYPICTURE' => $onlypicture, 173 'ONLYPICTUREV' => $onlypicturev, 174 'ONLYPICTURESELECT' => $antiaspi['only picture'], 175 ) 176 ); 177 178 if (isset($_POST['submitconfban'])) 179 { 180 /*$time = date('h:i:s', $_POST['insdiffb']); revoir fonction date HS ?*/ 181 $antiaspi['diff'] = $_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb'])); 182 $antiaspi['same'] = $_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb'])); 183 $antiaspi['only guest'] = $_POST['insonlyguest']; 184 $antiaspi['only picture'] = $_POST['insonlypicturet']; 185 186 conf_update_param('antiaspi', $antiaspi); 187 redirect($admin_base_url); 188 } 169 189 } 170 171 if (isset($_GET['delete'])) { 172 check_input_parameter('delete', $_GET, false, PATTERN_ID); 173 unset($antiaspi['allowed ip'][($_GET['delete'])]); 174 $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']); 175 conf_update_param('antiaspi', $antiaspi); 176 redirect($admin_base_url); 177 } 178 179 180 break; 181 } 182 190 183 191 184 192 $template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl')); -
extensions/AntiAspi/admin.tpl
r31372 r31953 23 23 input.hide(); 24 24 }); 25 26 jQuery('.add-ip-allowed-form-toggle').click(function(e) { 27 jQuery('.add-ip-allowed-form').toggle(); 28 e.preventDefault(); 29 }) 25 30 }); 26 31 … … 40 45 41 46 <fieldset> 42 <legend>{' Action IP banned'|@translate}</legend>47 <legend>{'Banned IP addresses'|@translate}</legend> 43 48 <form method="post" > 44 <div style="text-align:center;"> 45 <input class="submit" name="submitdeleteall" type="submit" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');" value="{'Delete all IP Ban'|@translate}"/> 46 <input class="submit" name="submitdeletedeprecated" type="submit" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');" value="{'Delete deprecated IP Ban'|@translate}"/> 49 <div style="text-align:center;margin-bottom: 30px;"> 50 51 <button name="submitdeleteall" type="submit" class="buttonLike" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');"> 52 <i class="icon-trash"></i> {'Delete all'|@translate} 53 </button> 54 55 <button name="submitdeletedeprecated" type="submit" class="buttonLike" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');"> 56 <i class="icon-trash"></i> {'Delete deprecated only'|@translate} 57 </button> 58 47 59 </div> 48 60 </form> 49 </fieldset> 50 <form method="post" > 51 <fieldset> 52 <legend>{'List IP banned'|@translate}</legend> 61 53 62 <table class="lban"> 54 63 {foreach from=$ipban2 item=ipban} … … 56 65 <td><!-- {$ipban.ID} --> {$ipban.IP}</td> 57 66 <td>{$ipban.DATE}</td> 67 <td><span class="badge badge-{$ipban.STATUS}">{$ipban.STATUS}</span></td> 58 68 <td> 59 69 <a href="{$ipban.U_DELETE}" onclick="return confirm( document.getElementById('btn_delete').title + '\n\n' + '{'Are you sure?'|@translate|@escape:'javascript'}');"> 60 <img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/delete.png" id="btn_delete" alt="{'delete'|@translate}" title="{'Delete'|@translate}" />70 <i class="icon-trash" id="btn_delete" title="{'Delete'|@translate}"></i> 61 71 </a> 62 72 </td> … … 65 75 </table> 66 76 </fieldset> 67 </form> 77 78 <fieldset class="antiaspi-whitelist"> 79 <legend>{'Whitelist (allowed ip addresses)'|translate}</legend> 80 <form method="post"> 81 <a href="#" class="icon-plus-circled add-ip-allowed-form-toggle">{'Add allowed IP'|@translate}</a> 82 <span class="add-ip-allowed-form"> 83 {'IP'|@translate} <input " type="text" name="insipallowed" data-ip placeholder="123.123.123.123" value="" size="50" maxlenght="50" required pattern="^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"> 84 <input class="submit" name="submitaddipallowed" type="submit" value="{'Add IP'|@translate}" /> 85 </span> 86 </form> 87 <table class="lban"> 88 {foreach from=$allowip item=allowip2} 89 <tr> 90 <td>{$allowip2.IP}</td> 91 <td> 92 <a href="{$allowip2.U_DELETE}" onclick="return confirm( document.getElementById('btn_delete').title + '\n\n' + '{'Are you sure?'|@translate|@escape:'javascript'}');"> 93 <i class="icon-trash" id="btn_delete" title="{'Delete'|@translate}"></i> 94 </a> 95 </td> 96 </tr> 97 {/foreach} 98 </table> 99 </fieldset> 68 100 {/if} 101 69 102 {if isset ($ipconfiggest)} 70 103 <form method="post"> 71 104 <fieldset> 72 105 <legend>{'Configuration'|translate}</legend> 73 <fieldset>74 106 <p class="input" style="width: 700px;"> 75 107 <label for="insdiffa"><strong>{'IP banned if '|@translate}<span></span></strong></label> … … 80 112 <input type="text" name="insdiffb" data-min="5" data-max="3599" class="range" value="{$ipconfiggest.DIFFB}"/> 81 113 </p> 82 </fieldset> 83 <fieldset> 84 <p class="input" style="width: 700px;"> 114 115 <p class="input" style="width: 700px;margin-top: 50px;"> 85 116 <label for="inssamea"><strong>{'IP banned if same '|@translate}<span></span></strong></label> 86 117 <input type="text" name="inssamea" data-min="10" data-max="500" class="range" value="{$ipconfiggest.SAMEA}"/> 87 118 </p> 88 <p class="input" style="width: 700px; ">119 <p class="input" style="width: 700px;margin-bottom: 50px;"> 89 120 <label for="inssameb"><strong>{' different pages viewed in <span></span> seconds'|@translate} </strong></label> 90 121 <input type="text" name="inssameb" data-min="5" data-max="3599" class="range" value="{$ipconfiggest.SAMEB}"/> 91 122 </p> 92 </fieldset> 123 93 124 <p> 94 125 <strong>{'only guest'|@translate}</strong> … … 101 132 ({'If yes, apply antiaspi only on picture page'|@translate}) 102 133 </p> 103 <fieldset> 104 <legend>{'allowed ip'|translate}</legend> 105 <table class="lban"> 106 {foreach from=$allowip item=allowip2} 107 <tr> 108 <td>{$allowip2.IP}</td> 109 <td> 110 <a href="{$allowip2.U_DELETE}" onclick="return confirm( document.getElementById('btn_delete').title + '\n\n' + '{'Are you sure?'|@translate|@escape:'javascript'}');"> 111 <img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/delete.png" id="btn_delete" alt="{'delete'|@translate}" title="{'Delete'|@translate}" /> 112 </a> 113 </td> 114 </tr> 115 {/foreach} 116 </table> 117 </fieldset> 118 <p> 119 <input class="submit" type="submit" name="submitconfban" value="{'Submit'|@translate}"> 134 <p style="margin-top: 50px"> 135 <button name="submitconfban" type="submit" class="buttonLike"> 136 <i class="icon-floppy"></i> {'Save Settings'|@translate} 137 </button> 120 138 </p> 121 139 </fieldset> 122 140 </form> 123 {if isset ($ipconfiggest)}124 <form method="post">125 <fieldset>126 <legend>{'Add IP allowed'|@translate}</legend>127 {'IP'|@translate} <input " type="text" name="insipallowed" data-ip placeholder="123.123.123.123" value="" size="50" maxlenght="50" required pattern="^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$">128 <br>129 <br>130 <div style="text-align:center;">131 <input class="submit" name="submitaddipallowed" type="submit" value="{'Submit'|@translate}" />132 </div>133 </fieldset>134 </form>135 141 {/if} 136 {/if} -
extensions/AntiAspi/antiaspi.css
r31370 r31953 16 16 table.lban td{ 17 17 padding-right:20px; 18 padding-bottom: 5px; 18 19 } 19 20 … … 21 22 background-color:green; 22 23 } 24 25 .add-ip-allowed-form { 26 display:none; 27 } 28 29 span.badge { 30 padding:2px 5px; 31 border-radius:5px; 32 } 33 span.badge.badge-deprecated { 34 background-color:#ddd; 35 color:#999; 36 } 37 span.badge.badge-active { 38 background-color:#caebff; 39 color:#0080c6; 40 } 41 42 .antiaspi-whitelist form { 43 margin-bottom: 20px; 44 }
Note: See TracChangeset
for help on using the changeset viewer.