<?php
/*
Plugin Name: AntiAspi
Version: 2.0.b
Description: Bloque les aspirateurs de sites
Plugin URI: http://phpwebgallery.net/ext/extension_view.php?eid=225
Author: P@t
Author URI: http://www.gauchon.com
*/

if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');

global $prefixeTable;

define('ANTIASPI_TABLE' , $prefixeTable . 'antiaspi_ip_ban');

add_event_handler('loc_end_section_init', 'antiaspi');

function antiaspi()
{
  global $user, $conf, $page;
  
  $antiaspi = array(
    'diff' => '20 pages in 00:00:10' , // IP bannie si 20 pages différentes vues en 10 secondes
    'same' => '15 pages in 00:00:30' , // IP bannie si 15 pages identiques vues en 30 secondes
    'banned during' => '23:59:59' ,    // IP bannie pendant hh:mm:ss
    'only guest' => true ,             // si true, ne banni pas les utilisateurs enregistrés
    'only picture' => false ,          // si true, ne compatibilise que les pages d'images
    'allowed ip' => array()            // tableau d'adresse ip autorisées (robots par exemple)
  );
  
  if (isset($conf['antiaspi']))
  {
    $antiaspi = array_merge($antiaspi, $conf['antiaspi']);
  }

  if (is_admin() or ($antiaspi['only guest'] and !is_a_guest())) return;
  
  $Vip = $_SERVER["REMOTE_ADDR"];
  
  // Traitement des adresse ip autorisées
  if (!empty($antiaspi['allowed ip']))
  {
    $allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']);
    foreach ($allowed_ips as $ip)
    {
      if (preg_match("#" . $ip . "#", $Vip)) return;
    }
  }

  // cherche si le visiteur est interdit
  $query = 'SELECT ip
    FROM ' . ANTIASPI_TABLE . '
    WHERE ip="' . $Vip . '"
    AND date > ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';

  $result = pwg_query($query);

  while(list($ip) = mysql_fetch_row($result))
  {
    // Visiteur trouvé dans les IP interdites
    die("IP " . $ip . " banned for abuse.");
  }
  
  $diff_conf = explode(' pages in ', $antiaspi['diff']);
  $same_conf = explode(' pages in ', $antiaspi['same']);
  
  // nombre de fois ou le visiteur est passé dans les xxx dernières hh:mm:ss
  $query = 'SELECT COUNT(*)
    FROM ' . HISTORY_TABLE . '
    WHERE ip="' . $Vip . '"
    AND date = CURDATE()
    AND time > ADDTIME(CURTIME(), "-' . $diff_conf[1] . '")
    ' . ($antiaspi['only picture'] ? 'AND image_id IS NOT NULL' : '') . '

    UNION ALL

    SELECT COUNT(*)
    FROM ' . HISTORY_TABLE . '
    WHERE ip="' . $Vip . '"
    AND date = CURDATE()
    AND time > ADDTIME(CURTIME(), "-' . $same_conf[1] . '")
    AND category_id ' . (isset($page['category']['id']) ? '= ' . $page['category']['id'] : 'IS NULL') . '
    AND image_id ' . (isset($page['image_id']) ? '= ' . $page['image_id'] : 'IS NULL') . ';';
  
  $result = pwg_query($query);

  list($diff) = mysql_fetch_row($result);
  list($same) = mysql_fetch_row($result);
  
  // si limite atteinte  ajouter dans la table des ip interdites.
  if ($diff >= $diff_conf[0] or $same >= $same_conf[0])
  {
    pwg_query('INSERT INTO ' . ANTIASPI_TABLE . ' (id, ip, date) values ("", "' . $Vip . '", NOW())');
  }
}

?>