Changeset 3695 for extensions/whois_online/online.php
- Timestamp:
- Jul 28, 2009, 9:33:06 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/whois_online/online.php
r3340 r3695 2 2 3 3 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); 4 global $conf, $conf_whois ;5 4 global $conf, $conf_whois, $prefixeTable; 5 include_once(WHOIS_ONLINE_PATH.'include/wo_functions.inc.php'); 6 6 /* Secure Config */ 7 8 7 if (!isset($conf_whois['Active'])) $conf_whois = whois_online_conf(); 9 8 … … 11 10 { 12 11 global $conf; 13 $conf_whois = unserialize($conf['Whois Online']); 14 if (!isset($conf_whois['Active'])) $conf_whois['Active'] = true; 15 if (!isset($conf_whois['Delete level'])) $conf_whois['Delete level'] = 20; 16 if (!isset($conf_whois['Radar limit'])) $conf_whois['Radar limit'] = 25; 17 if (!isset($conf_whois['Webmasters'])) $conf_whois['Webmasters'] = 2; 18 if (!isset($conf_whois['Administrators'])) $conf_whois['Administrators'] = 2; 19 if (!isset($conf_whois['Obsolete limit'])) $conf_whois['Obsolete limit'] = 20; 20 if (!isset($conf_whois['Add to Plugins menu'])) $conf_whois['Add to Plugins menu'] = false; 21 if (!isset($conf_whois['Add icon to History'])) $conf_whois['Add icon to History'] = true; 22 if (!isset($conf_whois['Keep data'])) $conf_whois['Keep data'] = true; 23 if (!isset($conf_whois['Default display'])) $conf_whois['Default display'] = true; 24 if (!isset($conf_whois['Search id'])) $conf_whois['Search id'] = 0; 25 if (!isset($conf_whois['Users'])) 26 $conf_whois['Users'] = Array('max' => 0, 'When' => date('Y-m-d'), 'count' => 0); 12 $default = array( 13 'Active' => true, 14 'Delete level' => 20, 15 'Radar limit' => 25, 16 'Webmasters' => 2, // Normal 17 'Administrators' => 2, 18 'Obsolete limit' => 20, 19 'Default display' => true, 20 'Add to Plugins menu' => false, 21 'Add icon to History' => true, 22 'Keep data' => true, 23 'Search id' => 0, 24 'Users' => Array('max' => 0, 'When' => date('Y-m-d'), 'count' => 0), 25 ); 26 $conf_whois = array_merge($default, unserialize($conf['Whois Online'])); 27 27 if ((!isset($conf_whois['Version'])) or $conf_whois['Version'] != WHOIS_ONLINE_VER 28 28 or $conf['Whois Online'] != serialize($conf_whois)) { … … 39 39 40 40 /* Admin menus are always available */ 41 $conf['Add to Plugins menu'] = $conf_whois['Add to Plugins menu'];42 $conf['Add icon to History'] = $conf_whois['Add icon to History'];43 41 add_event_handler('get_admin_plugin_menu_links', 'whois_add_icon' ); 44 42 /* On Active */ … … 51 49 } 52 50 53 /* --------------- Functions ----------------- */ 54 55 // pparse whois_online/default.tpl 51 52 53 54 // Assume the Default display on pages 56 55 function whois_default_display() { 57 56 global $template; 58 57 $template->set_filenames(array( 'Whois_display' => dirname(__FILE__).'/default.tpl')); 59 58 $template->pparse('Whois_display'); 60 // Based on get_enums(USER_INFOS_TABLE, 'status') ???61 59 } 62 60 63 61 // Add admin links 64 62 function whois_add_icon($menu) { 65 global $conf , $lang;66 if ($conf ['Add icon to History'])63 global $conf_whois, $lang; 64 if ($conf_whois['Add icon to History']) 67 65 $lang['History'] .= '</a> <a class="external" href="' . get_admin_plugin_menu_link(WHOIS_ONLINE_PATH.'config.php') . '"> 68 66 <img class="button" src="' . WHOIS_ONLINE_PATH . 'icons/Whois_tuner.gif" alt="Whois Online configuration" title="Whois Online configuration" /></a>'; 69 if ($conf ['Add to Plugins menu']) array_push($menu, array(67 if ($conf_whois['Add to Plugins menu']) array_push($menu, array( 70 68 'NAME' => 'Whois Online', 71 69 'URL' => get_admin_plugin_menu_link(WHOIS_ONLINE_PATH.'config.php'), … … 117 115 $c['Code'] = '__'; 118 116 } 117 $new = htmlspecialchars(serialize($c),ENT_QUOTES,'UTF-8'); 118 if ($new == $trace['country']) return $c; 119 119 pwg_query('UPDATE ' . WHOIS_ONLINE_TABLE . ' 120 SET `country` = \'' . htmlspecialchars(serialize($c),ENT_QUOTES,'UTF-8'). '\'120 SET `country` = \'' . $new . '\' 121 121 WHERE `session_id` = \'' . $trace['session_id'] . '\';'); 122 122 return $c; … … 185 185 } 186 186 // Write or Rewrite the dedicated record 187 $query = 'REPLACE INTO ' . WHOIS_ONLINE_TABLE . ' (`IP`, `hidden_IP`, `session_id`,`user_id`,`username`,`lang`, 188 ` permanent`,`last_access`,`last_elm_ids`, `last_cat_ids`, `last_tag_ids`, `last_sch_ids`,187 $query = 'REPLACE INTO ' . WHOIS_ONLINE_TABLE . ' (`IP`, `hidden_IP`, `session_id`,`user_id`,`username`,`lang`, `user_agent`, 188 `any_previous`, `same_previous`, `permanent`,`last_access`,`last_elm_ids`, `last_cat_ids`, `last_tag_ids`, `last_sch_ids`, 189 189 `first_access_date`, `last_dates`, `elm_hits`, `pag_hits`) 190 190 VALUES (\''. $dedicated['IP'] .'\', \'' … … 192 192 . $dedicated['user_id'] .'\', \''. $dedicated['username'] .'\', \'' 193 193 . substr($lang_info['code'],0,2) .'\', \'' 194 . $dedicated['user_agent'] .'\', \'' 195 . $dedicated['any_previous'] .'\', \'' 196 . $dedicated['same_previous'] .'\', \'' 194 197 . $dedicated['permanent'] . '\', \''. time() .'\', \'' 195 198 . implode(' ',$dedicated['elm_ids']) . '\', \'' … … 220 223 } 221 224 225 // Antiaspi delay conversion in seconds 226 // delay in "HH:ii:ss" or "d :HH:ii:ss" 227 // return delay in seconds 228 function whois_online_duration($date_string) 229 { 230 list($s, $i, $H, $d, $more) = 231 array_merge(array_reverse( 232 explode(" ",str_ireplace(':',' ', $date_string))), 233 array(0,0,0,0,0)); 234 $t = time(); 235 return strtotime(sprintf("+%s days %s hours %s minutes %s seconds", 236 $d, $H, $i, $s), $t) - $t; 237 } 238 222 239 /* 223 240 Main process: Analyze, set new values and prepare displayed values. … … 239 256 unset($online[0]); 240 257 $sid = session_id(); 241 258 242 259 // Step 1 - Find the User and/or IP/session_id 243 260 foreach ($online as $key => $record) { … … 358 375 $global['tag_ids'][$hour%12]++; 359 376 $global['sch_ids'][$day%14]++; 360 // !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!!377 // !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! 361 378 $global['elm_ids'][10] = $current; // reference minute has changed 362 379 $global['cat_ids'][12] = $five; 363 380 $global['tag_ids'][24] = $hour; 364 381 $global['sch_ids'][14] = $day; 365 // !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! 366 382 // !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! 383 384 // 5.5 - Add in previous 385 if (!isset($global['any_previous'])) { 386 pwg_query('ALTER TABLE ' . WHOIS_ONLINE_TABLE . 387 ' ADD `same_previous` VARCHAR( 256 ) NOT NULL DEFAULT \'\' AFTER `country`;'); 388 pwg_query('ALTER TABLE ' . WHOIS_ONLINE_TABLE . 389 ' ADD `any_previous` VARCHAR( 256 ) NOT NULL DEFAULT \'\' AFTER `country`;'); 390 pwg_query('ALTER TABLE ' . WHOIS_ONLINE_TABLE . 391 ' ADD `user_agent` VARCHAR( 160 ) NOT NULL DEFAULT \'\' AFTER `country`;'); 392 } 393 394 $antiaspi = array( 395 'diff' => '20 pages in 00:00:10' , // Banned for 20 access in 10 seconds or less 396 'same' => '15 pages in 00:00:30' , // Banned for 15 access on the same page in 30 seconds or less 397 'banned during' => '23:59:59' , // Banned time hh:mm:ss or any valid MySQL datetime expression 'YYYY-MM-DD HH:MM:SS' 398 'only guest' => true , // True, registred members won't be banned 399 'only picture' => false , // True, Check only on picture pages 400 'allowed ip' => array() // Allowed IP array (Bots, or your fixed IP) 401 ); 402 if (isset($conf['antiaspi'])) $antiaspi = array_merge($antiaspi, $conf['antiaspi']); 403 404 // For AntiAspi follow ANY PREVIOUS access 405 $access = '0:'; 406 list($max_any, $maxtext) = explode(' pages in ', $antiaspi['diff']); 407 $maxtime = whois_online_duration($maxtext); 408 $prev=''; 409 $previous = (isset($visit['any_previous'])) ? explode(' ', $visit['any_previous']):Array(); 410 foreach ($previous as $v) { 411 $old = explode(':', $v); 412 $old[0] += $visit['delay']; 413 if ($old[0]<$maxtime) $prev .= $old[0].': '; 414 } 415 $prev = $access . ' ' . $prev; 416 $prev = substr($prev, 0, -2); 417 $visit['any_previous'] = $prev; 418 // For AntiAspi follow ANY SAME PICTURE access 419 $access = '0:'; 420 $same_elem = (isset($page['image_id'])) ? $page['image_id']:'0'; 421 list($max_same, $maxtext) = explode(' pages in ', $antiaspi['same']); 422 $maxtime = whois_online_duration($maxtext); 423 $access .= $same_elem . ':'; 424 $prev=''; 425 $previous = (isset($visit['same_previous'])) ? explode(' ', $visit['same_previous']):Array(); 426 foreach ($previous as $v) { 427 $old = explode(':', $v); 428 $old[0] += $visit['delay']; 429 if ($old[0]<$maxtime and $old[1]==$same_elem) $prev .= $old[0].':'.$old[1].': '; 430 } 431 $prev = $access . ' ' . $prev; 432 $prev = substr($prev, 0, -2); 433 $visit['same_previous'] = $prev; 434 435 // Check limits of $visit['any_previous'] and $visit['same_previous'] 436 // by 256 characters 437 // by $max_any and by $max_same 438 while (strlen($visit['any_previous'])>256) { 439 $previous = explode(' ',$visit['any_previous']); 440 $oldest = array_pop($previous); 441 $visit['any_previous'] = implode(' ', $previous); 442 } 443 $ctr_any = count(explode(' ',$visit['any_previous'])); 444 while (strlen($visit['same_previous'])>256) { 445 $previous = explode(' ',$visit['same_previous']); 446 $oldest = array_pop($previous); 447 $visit['same_previous'] = implode(' ', $previous); 448 } 449 $ctr_same = count(explode(' ',$visit['same_previous'])); 450 451 $visit['user_agent'] = $_SERVER['HTTP_USER_AGENT']; 452 $Vip =& $visit['IP']; 453 $visit['Allowed_SE'] = false; 454 if (!empty($antiaspi['allowed ip'])) 455 { 456 $allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']); 457 foreach ($allowed_ips as $ip) 458 { 459 if (preg_match("#" . $ip . "#", $Vip)) { $visit['Allowed_SE'] = true; break; } 460 } 461 } 462 367 463 // Step 6 - Update (on Conf_Update and trace) and send trace to determine global tracing or not 368 464 $dtrace = 0;
Note: See TracChangeset
for help on using the changeset viewer.