1 | <?php |
---|
2 | /* |
---|
3 | Plugin Name: AntiAspi |
---|
4 | Version: auto |
---|
5 | Description: Bloque les aspirateurs de sites |
---|
6 | Plugin URI: http://piwigo.org/ext/extension_view.php?eid=225 |
---|
7 | Author: P@t + plg |
---|
8 | Author URI: http://www.gauchon.com |
---|
9 | */ |
---|
10 | |
---|
11 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
12 | |
---|
13 | global $prefixeTable; |
---|
14 | |
---|
15 | // +-----------------------------------------------------------------------+ |
---|
16 | // | Define plugin constants | |
---|
17 | // +-----------------------------------------------------------------------+ |
---|
18 | |
---|
19 | define('ANTIASPI_ID', basename(dirname(__FILE__))); |
---|
20 | define('ANTIASPI_PATH', PHPWG_PLUGINS_PATH.ANTIASPI_ID.'/'); |
---|
21 | define('ANTIASPI_TABLE' , $prefixeTable . 'antiaspi_ip_ban'); |
---|
22 | define('ANTIASPI_LOG_TABLE' , $prefixeTable . 'antiaspi_log'); |
---|
23 | define('ANTIASPI_ADMIN',get_root_url().'admin.php?page=plugin-'.ANTIASPI_ID); |
---|
24 | |
---|
25 | add_event_handler('loc_end_section_init', 'antiaspi'); |
---|
26 | |
---|
27 | function antiaspi() |
---|
28 | { |
---|
29 | global $user, $conf, $page; |
---|
30 | |
---|
31 | /*$antiaspi = array( |
---|
32 | 'diff' => '20 pages in 00:00:10' , // IP bannie si 20 pages différentes vues en 10 secondes |
---|
33 | 'same' => '15 pages in 00:00:30' , // IP bannie si 15 pages identiques vues en 30 secondes |
---|
34 | 'banned during' => '23:59:59' , // IP bannie pendant hh:mm:ss |
---|
35 | 'only guest' => true , // si true, ne banni pas les utilisateurs enregistrés |
---|
36 | 'only picture' => false , // si true, ne compatibilise que les pages d'images |
---|
37 | 'allowed ip' => array() // tableau d'adresse ip autorisées (robots par exemple) |
---|
38 | ); |
---|
39 | |
---|
40 | if (isset($conf['antiaspi'])) |
---|
41 | {*/ |
---|
42 | $antiaspi = safe_unserialize($conf['antiaspi']); |
---|
43 | // } |
---|
44 | |
---|
45 | if (is_admin() or ($antiaspi['only guest'] and !is_a_guest())) return; |
---|
46 | |
---|
47 | $Vip = $_SERVER["REMOTE_ADDR"]; |
---|
48 | |
---|
49 | // Traitement des adresse ip autorisées |
---|
50 | if (!empty($antiaspi['allowed ip'])) |
---|
51 | { |
---|
52 | $allowed_ips = str_replace(array('.', '%'), array('\.', '.*?'), $antiaspi['allowed ip']); |
---|
53 | foreach ($allowed_ips as $ip) |
---|
54 | { |
---|
55 | if (preg_match("#" . $ip . "#", $Vip)) return; |
---|
56 | } |
---|
57 | } |
---|
58 | |
---|
59 | // cherche si le visiteur est interdit |
---|
60 | $query = 'SELECT ip |
---|
61 | FROM ' . ANTIASPI_TABLE . ' |
---|
62 | WHERE ip="' . $Vip . '" |
---|
63 | AND date > ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; |
---|
64 | |
---|
65 | /* Change for subdate for change conf by nb day; |
---|
66 | AND date > SUBDATE(NOW(), INTERVAL ' . $antiaspi['banned during'] . ' DAY);'; |
---|
67 | */ |
---|
68 | |
---|
69 | $result = pwg_query($query); |
---|
70 | |
---|
71 | while(list($ip) = pwg_db_fetch_row($result)) |
---|
72 | { |
---|
73 | // Visiteur trouvé dans les IP interdites |
---|
74 | die("IP " . $ip . " banned for abuse."); |
---|
75 | } |
---|
76 | |
---|
77 | $diff_conf = explode(' pages in ', $antiaspi['diff']); |
---|
78 | $same_conf = explode(' pages in ', $antiaspi['same']); |
---|
79 | |
---|
80 | // nombre de fois ou le visiteur est passé dans les xxx dernières hh:mm:ss |
---|
81 | $query = ' |
---|
82 | SELECT |
---|
83 | COUNT(*) |
---|
84 | FROM ' . ANTIASPI_LOG_TABLE . ' |
---|
85 | WHERE ip="' . $Vip . '" |
---|
86 | AND occured_on > ADDTIME(NOW(), "-' . $diff_conf[1] . '") |
---|
87 | ' . ($antiaspi['only picture'] ? 'AND image_id IS NOT NULL' : '') . ' |
---|
88 | |
---|
89 | UNION ALL |
---|
90 | |
---|
91 | SELECT |
---|
92 | COUNT(*) |
---|
93 | FROM ' . ANTIASPI_LOG_TABLE . ' |
---|
94 | WHERE ip="' . $Vip . '" |
---|
95 | AND occured_on > ADDTIME(NOW(), "-' . $same_conf[1] . '") |
---|
96 | AND category_id ' . (isset($page['category']['id']) ? '= ' . $page['category']['id'] : 'IS NULL') . ' |
---|
97 | AND image_id ' . (isset($page['image_id']) ? '= ' . $page['image_id'] : 'IS NULL') . ' |
---|
98 | ;'; |
---|
99 | |
---|
100 | $result = pwg_query($query); |
---|
101 | |
---|
102 | list($diff) = pwg_db_fetch_row($result); |
---|
103 | list($same) = pwg_db_fetch_row($result); |
---|
104 | |
---|
105 | // si limite atteinte ajouter dans la table des ip interdites. |
---|
106 | if ($diff >= $diff_conf[0] or $same >= $same_conf[0]) |
---|
107 | { |
---|
108 | pwg_query('INSERT INTO ' . ANTIASPI_TABLE . ' (id, ip, date) values ("", "' . $Vip . '", NOW())'); |
---|
109 | } |
---|
110 | |
---|
111 | $insert = ' |
---|
112 | INSERT |
---|
113 | INTO '.ANTIASPI_LOG_TABLE.' |
---|
114 | SET IP = \''.$Vip.'\' |
---|
115 | , occured_on = NOW() |
---|
116 | , image_id = '.(isset($page['image_id']) ? $page['image_id'] : 'NULL').' |
---|
117 | , category_id = '.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').' |
---|
118 | ;'; |
---|
119 | pwg_query($insert); |
---|
120 | |
---|
121 | // automatic purge |
---|
122 | $query = ' |
---|
123 | DELETE |
---|
124 | FROM '.ANTIASPI_LOG_TABLE.' |
---|
125 | WHERE occured_on < LEAST(SUBTIME(NOW(), \''.$diff_conf[1].'\'), SUBTIME(NOW(), \''.$same_conf[1].'\')) |
---|
126 | ;'; |
---|
127 | pwg_query($query); |
---|
128 | } |
---|
129 | |
---|
130 | // Plugin for admin |
---|
131 | if (script_basename() == 'admin') { |
---|
132 | include_once(dirname(__FILE__) . '/initadmin.php'); |
---|
133 | } |
---|