| [ Index ] |
|
Code source de Dotclear 2.0-beta6 |
1 <?php 2 # ***** BEGIN LICENSE BLOCK ***** 3 # This is Antispam, a plugin for DotClear. 4 # Copyright (c) 2007 Alain Vagner and contributors. All rights 5 # reserved. 6 # 7 # DotClear is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # DotClear is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with DotClear; if not, write to the Free Software 19 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 # 21 # ***** END LICENSE BLOCK ***** 22 23 class dcFilterIP extends dcSpamFilter 24 { 25 public $name = 'IP Filter'; 26 public $has_gui = true; 27 28 private $style_list = 'height: 200px; overflow: auto; margin-bottom: 1em; '; 29 private $style_p = 'margin: 1px 0 0 0; padding: 0.2em 0.5em; '; 30 private $style_global = 'background: #ccff99; '; 31 32 private $con; 33 private $table; 34 35 public function __construct(&$core) 36 { 37 parent::__construct($core); 38 $this->con =& $core->con; 39 $this->table = $core->prefix.'spamrule'; 40 } 41 42 protected function setInfo() 43 { 44 $this->description = __('IP Blacklist / Whitelist Filter'); 45 } 46 47 public function getStatusMessage($status,$comment_id) 48 { 49 return sprintf(__('Filtered by %1$s with rule %2$s.'),$this->guiLink(),$status); 50 } 51 52 public function isSpam($type,$author,$email,$site,$ip,$content,$post_id,&$status) 53 { 54 if (!$ip) { 55 return; 56 } 57 58 # White list check 59 if ($this->checkIP($ip,'white') !== false) { 60 return false; 61 } 62 63 # Black list check 64 if (($s = $this->checkIP($ip,'black')) !== false) { 65 $status = $s; 66 return true; 67 } 68 } 69 70 public function gui($url) 71 { 72 global $default_tab; 73 $core =& $this->core; 74 75 # Set current type and tab 76 $ip_type = 'black'; 77 if (!empty($_REQUEST['ip_type']) && $_REQUEST['ip_type'] == 'white') { 78 $ip_type = 'white'; 79 } 80 $default_tab = 'tab_'.$ip_type; 81 82 # Add IP to list 83 if (!empty($_POST['addip'])) 84 { 85 try 86 { 87 $global = !empty($_POST['globalip']) && $core->auth->isSuperAdmin(); 88 89 $this->addIP($ip_type,$_POST['addip'],$global); 90 http::redirect($url.'&added=1&ip_type='.$ip_type); 91 } 92 catch (Exception $e) 93 { 94 $core->error->add($e->getMessage()); 95 } 96 } 97 98 # Remove IP from list 99 if (!empty($_POST['delip']) && is_array($_POST['delip'])) 100 { 101 try { 102 $this->removeRule($_POST['delip']); 103 http::redirect($url.'&removed=1&ip_type='.$ip_type); 104 } catch (Exception $e) { 105 $core->error->add($e->getMessage()); 106 } 107 } 108 109 /* DISPLAY 110 ---------------------------------------------- */ 111 $res = ''; 112 113 if (!empty($_GET['added'])) { 114 $res .= '<p class="message">'.__('IP address has been successfully added.').'</p>'; 115 } 116 if (!empty($_GET['removed'])) { 117 $res .= '<p class="message">'.__('IP addresses have been successfully removed.').'</p>'; 118 } 119 120 $res .= 121 $this->displayForms($url,'black',__('Blacklist')). 122 $this->displayForms($url,'white',__('Whitelist')); 123 124 return $res; 125 } 126 127 private function displayForms($url,$type,$title) 128 { 129 $core =& $this->core; 130 131 $res = 132 '<div class="multi-part" id="tab_'.$type.'" title="'.$title.'">'. 133 134 '<form action="'.html::escapeURL($url).'" method="post">'. 135 '<fieldset><legend>'.__('Add an IP address').'</legend><p>'. 136 form::hidden(array('ip_type'),$type). 137 form::field(array('addip'),18,255).' '; 138 139 if ($core->auth->isSuperAdmin()) { 140 $res .= '<label class="classic">'.form::checkbox(array('globalip'),1).' '. 141 __('Global IP').'</label> '; 142 } 143 144 $res .= 145 '<input class="submit" type="submit" value="'.__('Add').'"/></p>'. 146 '</fieldset></form>'; 147 148 $rs = $this->getRules($type); 149 150 if ($rs->isEmpty()) 151 { 152 $res .= '<p><strong>'.__('No IP address in list.').'</strong></p>'; 153 } 154 else 155 { 156 $res .= 157 '<form action="'.html::escapeURL($url).'" method="post">'. 158 '<fieldset><legend>' . __('IP list') . '</legend>'. 159 '<div style="'.$this->style_list.'">'; 160 161 while ($rs->fetch()) 162 { 163 $bits = explode(':',$rs->rule_content); 164 $pattern = $bits[0]; 165 $ip = $bits[1]; 166 $bitmask = $bits[2]; 167 168 $disabled_ip = false; 169 $p_style = $this->style_p; 170 if (!$rs->blog_id) { 171 $disabled_ip = !$core->auth->isSuperAdmin(); 172 $p_style .= $this->style_global; 173 } 174 175 $res .= 176 '<p style="'.$p_style.'"><label class="classic">'. 177 form::checkbox(array('delip[]'),$rs->rule_id,false,'','',$disabled_ip).' '. 178 html::escapeHTML($pattern). 179 '</label></p>'; 180 } 181 $res .= 182 '</div>'. 183 '<p><input class="submit" type="submit" value="'.__('Delete').'"/>'. 184 form::hidden(array('ip_type'),$type). 185 '</p>'. 186 '</fieldset></form>'; 187 } 188 189 $res .= '</div>'; 190 191 return $res; 192 } 193 194 private function ipmask($pattern,&$ip,&$mask) 195 { 196 $bits = explode('/',$pattern); 197 198 # Set IP 199 $bits[0] .= str_repeat(".0", 3 - substr_count($bits[0], ".")); 200 $ip = ip2long($bits[0]); 201 202 if (!$ip || $ip == -1) { 203 throw new Exception('Invalid IP address'); 204 } 205 206 # Set mask 207 if (!isset($bits[1])) { 208 $mask = -1; 209 } elseif (strpos($bits[1],'.')) { 210 $mask = ip2long($bits[1]); 211 if (!$mask) { 212 $mask = -1; 213 } 214 } else { 215 $mask = (0xffffffff * pow(2, 32-$bits[1])) & 0xffffffff; 216 } 217 } 218 219 private function addIP($type,$pattern,$global) 220 { 221 $this->ipmask($pattern,$ip,$mask); 222 $pattern = long2ip($ip).($mask != -1 ? '/'.long2ip($mask) : ''); 223 $content = $pattern.':'.$ip.':'.$mask; 224 225 $old = $this->getRuleCIDR($type,$global,$ip,$mask); 226 $cur = $this->con->openCursor($this->table); 227 228 if ($old->isEmpty()) 229 { 230 $id = $this->con->select('SELECT MAX(rule_id) FROM '.$this->table)->f(0) + 1; 231 232 $cur->rule_id = $id; 233 $cur->rule_type = (string) $type; 234 $cur->rule_content = (string) $content; 235 236 if ($global && $this->core->auth->isSuperAdmin()) { 237 $cur->blog_id = null; 238 } else { 239 $cur->blog_id = $this->core->blog->id; 240 } 241 242 $cur->insert(); 243 } 244 else 245 { 246 $cur->rule_type = (string) $type; 247 $cur->rule_content = (string) $content; 248 $cur->update('WHERE rule_id = '.(integer) $old->rule_id); 249 } 250 } 251 252 private function getRules($type='all') 253 { 254 $strReq = 255 'SELECT rule_id, rule_type, blog_id, rule_content '. 256 'FROM '.$this->table.' '. 257 "WHERE rule_type = '".$this->con->escape($type)."' ". 258 "AND (blog_id = '".$this->core->blog->id."' OR blog_id IS NULL) ". 259 'ORDER BY blog_id ASC, rule_content ASC '; 260 261 return $this->con->select($strReq); 262 } 263 264 private function getRuleCIDR($type,$global,$ip,$mask) 265 { 266 $strReq = 267 'SELECT * FROM '.$this->table.' '. 268 "WHERE rule_type = '".$this->con->escape($type)."' ". 269 "AND rule_content LIKE '%:".(integer) $ip.":".(integer) $mask."' ". 270 'AND blog_id '.($global ? 'IS NULL ' : "= '".$this->core->blog->id."' "); 271 272 return $this->con->select($strReq); 273 } 274 275 private function checkIP($cip,$type) 276 { 277 $core =& $this->core; 278 279 $strReq = 280 'SELECT DISTINCT(rule_content) '. 281 'FROM '.$this->table.' '. 282 "WHERE rule_type = '".$this->con->escape($type)."' ". 283 "AND (blog_id = '".$this->core->blog->id."' OR blog_id IS NULL) ". 284 'ORDER BY rule_content ASC '; 285 286 $rs = $this->con->select($strReq); 287 while ($rs->fetch()) 288 { 289 list($pattern,$ip,$mask) = explode(':',$rs->rule_content); 290 if ((ip2long($cip) & (integer) $mask) == ((integer) $ip & (integer) $mask)) { 291 return $pattern; 292 } 293 } 294 return false; 295 } 296 297 private function removeRule($ids) 298 { 299 $strReq = 'DELETE FROM '.$this->table.' '; 300 301 if (is_array($ids)) { 302 foreach ($ids as $i => $v) { 303 $ids[$i] = (integer) $v; 304 } 305 $strReq .= 'WHERE rule_id IN ('.implode(',',$ids).') '; 306 } else { 307 $ids = (integer) $ids; 308 $strReq .= 'WHERE rule_id = '.$ids.' '; 309 } 310 311 if (!$this->core->auth->isSuperAdmin()) { 312 $strReq .= "AND blog_id = '".$this->core->blog->id."' "; 313 } 314 315 $this->con->execute($strReq); 316 } 317 } 318 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Fri Feb 23 22:16:06 2007 | par Balluche grâce à PHPXref 0.7 |