Context Navigation

source: extensions/AntiAspi/main.inc.php @ 31370

Last change on this file since 31370 was 31370, checked in by ddtddt, 8 years ago
[extensions] - AntiAspi - update admin config page
File size: 4.0 KB

Line
1	<?php
2	/*
3	Plugin Name: AntiAspi
4	Version: auto
5	Description: Bloque les aspirateurs de sites
6	Plugin URI: http://piwigo.org/ext/extension_view.php?eid=225
7	Author: P@t + plg
8	Author URI: http://www.gauchon.com
9	*/
10
11	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
12
13	global $prefixeTable;
14
15	// +-----------------------------------------------------------------------+
16	// \| Define plugin constants \|
17	// +-----------------------------------------------------------------------+
18
19	define('ANTIASPI_ID', basename(dirname(__FILE__)));
20	define('ANTIASPI_PATH', PHPWG_PLUGINS_PATH.ANTIASPI_ID.'/');
21	define('ANTIASPI_TABLE' , $prefixeTable . 'antiaspi_ip_ban');
22	define('ANTIASPI_LOG_TABLE' , $prefixeTable . 'antiaspi_log');
23	define('ANTIASPI_ADMIN',get_root_url().'admin.php?page=plugin-'.ANTIASPI_ID);
24
25	add_event_handler('loc_end_section_init', 'antiaspi');
26
27	function antiaspi()
28	{
29	global $user, $conf, $page;
30
31	/*$antiaspi = array(
32	'diff' => '20 pages in 00:00:10' , // IP bannie si 20 pages différentes vues en 10 secondes
33	'same' => '15 pages in 00:00:30' , // IP bannie si 15 pages identiques vues en 30 secondes
34	'banned during' => '23:59:59' , // IP bannie pendant hh:mm:ss
35	'only guest' => true , // si true, ne banni pas les utilisateurs enregistrés
36	'only picture' => false , // si true, ne compatibilise que les pages d'images
37	'allowed ip' => array() // tableau d'adresse ip autorisées (robots par exemple)
38	);
39
40	if (isset($conf['antiaspi']))
41	{*/
42	$antiaspi = safe_unserialize($conf['antiaspi']);
43	// }
44
45	if (is_admin() or ($antiaspi['only guest'] and !is_a_guest())) return;
46
47	$Vip = $_SERVER["REMOTE_ADDR"];
48
49	// Traitement des adresse ip autorisées
50	if (!empty($antiaspi['allowed ip']))
51	{
52	$allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']);
53	foreach ($allowed_ips as $ip)
54	{
55	if (preg_match("#" . $ip . "#", $Vip)) return;
56	}
57	}
58
59	// cherche si le visiteur est interdit
60	$query = 'SELECT ip
61	FROM ' . ANTIASPI_TABLE . '
62	WHERE ip="' . $Vip . '"
63	AND date > ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';
64
65	$result = pwg_query($query);
66
67	while(list($ip) = pwg_db_fetch_row($result))
68	{
69	// Visiteur trouvé dans les IP interdites
70	die("IP " . $ip . " banned for abuse.");
71	}
72
73	$diff_conf = explode(' pages in ', $antiaspi['diff']);
74	$same_conf = explode(' pages in ', $antiaspi['same']);
75
76	// nombre de fois ou le visiteur est passé dans les xxx dernières hh:mm:ss
77	$query = '
78	SELECT
79	COUNT(*)
80	FROM ' . ANTIASPI_LOG_TABLE . '
81	WHERE ip="' . $Vip . '"
82	AND occured_on > ADDTIME(NOW(), "-' . $diff_conf[1] . '")
83	' . ($antiaspi['only picture'] ? 'AND image_id IS NOT NULL' : '') . '
84
85	UNION ALL
86
87	SELECT
88	COUNT(*)
89	FROM ' . ANTIASPI_LOG_TABLE . '
90	WHERE ip="' . $Vip . '"
91	AND occured_on > ADDTIME(NOW(), "-' . $same_conf[1] . '")
92	AND category_id ' . (isset($page['category']['id']) ? '= ' . $page['category']['id'] : 'IS NULL') . '
93	AND image_id ' . (isset($page['image_id']) ? '= ' . $page['image_id'] : 'IS NULL') . '
94	;';
95
96	$result = pwg_query($query);
97
98	list($diff) = pwg_db_fetch_row($result);
99	list($same) = pwg_db_fetch_row($result);
100
101	// si limite atteinte ajouter dans la table des ip interdites.
102	if ($diff >= $diff_conf[0] or $same >= $same_conf[0])
103	{
104	pwg_query('INSERT INTO ' . ANTIASPI_TABLE . ' (id, ip, date) values ("", "' . $Vip . '", NOW())');
105	}
106
107	$insert = '
108	INSERT
109	INTO '.ANTIASPI_LOG_TABLE.'
110	SET IP = \''.$Vip.'\'
111	, occured_on = NOW()
112	, image_id = '.(isset($page['image_id']) ? $page['image_id'] : 'NULL').'
113	, category_id = '.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').'
114	;';
115	pwg_query($insert);
116
117	// automatic purge
118	$query = '
119	DELETE
120	FROM '.ANTIASPI_LOG_TABLE.'
121	WHERE occured_on < LEAST(SUBTIME(NOW(), \''.$diff_conf[1].'\'), SUBTIME(NOW(), \''.$same_conf[1].'\'))
122	;';
123	pwg_query($query);
124	}
125
126	// Plugin for admin
127	if (script_basename() == 'admin') {
128	include_once(dirname(__FILE__) . '/initadmin.php');
129	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: