/**
* Validates the callback request is valid. If failure happens, the response should
* tell the processor to retry.
*
* @param string $errorString Output error string
*
* @return boolean
*/
public function validateRequest(&$errorString)
{
try {
if ($this->_filtered['test_ipn'] && XenForo_Application::debugMode()) {
$validator = XenForo_Helper_Http::getClient('https://www.sandbox.paypal.com/cgi-bin/webscr');
} else {
$validator = XenForo_Helper_Http::getClient('https://www.paypal.com/cgi-bin/webscr');
}
$validator->setParameterPost('cmd', '_notify-validate');
$validator->setParameterPost($_POST);
$validatorResponse = $validator->request('POST');
if (!$validatorResponse || $validatorResponse->getBody() != 'VERIFIED' || $validatorResponse->getStatus() != 200) {
$host = XenForo_Model_Ip::getHost($this->_request->getClientIp(false));
if (preg_match('#(^|\\.)paypal.com$#i', $host)) {
$errorString = 'Request not validated';
} else {
$errorString = array(false, 'Request not validated (from unknown source)');
}
return false;
}
} catch (Zend_Http_Client_Exception $e) {
$errorString = 'Connection to PayPal failed';
return false;
}
$business = strtolower($this->_filtered['business']);
$receiverEmail = strtolower($this->_filtered['receiver_email']);
$options = XenForo_Application::get('options');
$accounts = preg_split('#\\r?\\n#', $options->payPalAlternateAccounts, -1, PREG_SPLIT_NO_EMPTY);
$accounts[] = $options->payPalPrimaryAccount;
$matched = false;
foreach ($accounts as $account) {
$account = trim(strtolower($account));
if ($account && ($business == $account || $receiverEmail == $account)) {
$matched = true;
break;
}
}
if (!$matched) {
$errorString = 'Invalid business or receiver_email';
return false;
}
return true;
}
/**
* Retrieve the User record associated with the authenticated user.
*
* @return User|null
*/
public function init()
{
$this->getBootstrap()->bootstrap('Auth');
$auth = $this->getBootstrap()->getResource('Auth');
$this->getBootstrap()->bootstrap('Db');
$db = $this->getBootstrap()->getResource('Db');
$front = Zend_Controller_Front::getInstance();
$request = new Zend_Controller_Request_Http();
// REST API requests require a slightly different authentication
// strategy. They use non-persistant, key-based authentication
if ($front->getParam('api')) {
// Authenticate against the API key in a non-persistent way.
$auth->setStorage(new Zend_Auth_Storage_NonPersistent());
$authAdapter = new Omeka_Auth_Adapter_KeyTable($request->getParam('key'));
$auth->authenticate($authAdapter);
}
if (!$auth->hasIdentity()) {
// There is no user if there is no identity.
return null;
}
try {
// Get the user ID for REST API or standard requests.
if ($front->getParam('api')) {
// Update the key row.
$key = $auth->getIdentity();
$key->ip = inet_pton($request->getClientIp());
$key->accessed = date('Y-m-d H:i:s');
$key->save();
$userId = $key->user_id;
} else {
$userId = $auth->getIdentity();
}
$user = $db->getTable('User')->findActiveById($userId);
} catch (Zend_Db_Statement_Exception $e) {
// Exceptions may be thrown because the database is out of sync with
// the code. Suppress errors and skip authentication, but only
// until the database is properly upgraded.
if (Omeka_Db_Migration_Manager::getDefault()->dbNeedsUpgrade()) {
$user = null;
} else {
throw $e;
}
}
if (!$user) {
// If we can't retrieve the User from the database, it likely means
// that this user has been deleted. In this case, do not allow the
// user to stay logged in.
$auth->clearIdentity();
}
return $user;
}
public function init()
{
/** @var $log Zend_Log */
$multilog = $this->getBootstrap()->getPluginResource('multiplelog');
$log = $multilog->getLog('audit');
if (empty($log)) {
throw new Exception('Please configure a multiplelog log with name "audit"');
}
// Custom priority
$log->addPriority('audit', self::PRIORITY);
// Set a priority filter to only allow "audit" events
$filter = new Zend_Log_Filter_Priority(self::PRIORITY, '==');
$log->addFilter($filter);
// Static log events for auditing
$request = new Zend_Controller_Request_Http();
$log->setEventItem('ip', $request->getClientIp());
return $log;
}
/**
* Determines if the given request matches the criteria.
*
* @param array|string $criteria List of criteria, format: [] with keys rule
* and data; may be serialized
* @param boolean $matchOnEmpty If true and there's no criteria, true is
* returned; otherwise, false
* @param Zend_Controller_Request_Http $request Request to check against
*
* @return boolean
*/
public static function requestMatchesCriteria($criteria, $matchOnEmpty = false, Zend_Controller_Request_Http $request = null)
{
if (!($criteria = XenForo_Helper_Criteria::unserializeCriteria($criteria))) {
return (bool) $matchOnEmpty;
}
if (!$request) {
$request = new Zend_Controller_Request_Http();
}
foreach ($criteria as $criterion) {
$data = $criterion['data'];
switch ($criterion['rule']) {
// contains at least x links
case 'geoip_country':
if (!isset($data['countries'])) {
return false;
}
if (!function_exists('geoip_country_code_by_name')) {
return false;
}
try {
$country = geoip_country_code_by_name($request->getClientIp(true));
} catch (Exception $e) {
return false;
}
if (!in_array($country, $data['countries'])) {
return false;
}
break;
// user has open port
// user has open port
case 'open_port':
if (empty($data['port'])) {
return false;
}
if (@fsockopen($_SERVER['REMOTE_ADDR'], $data['port'], $errstr, $errno, 1)) {
return false;
}
break;
}
}
return true;
}
/**
* Takes the info passed to allowRegistration() and extracts the necessary data for the spam check
*
* @param array $user
* @param Zend_Controller_Request_Http $request
*
* @return array
*/
protected function _getSpamCheckData(array $user, Zend_Controller_Request_Http $request)
{
if (!isset($user['ip'])) {
$user['ip'] = $request->getClientIp(false);
}
return $user;
}
/**
* @group ZF-7117
*/
public function testGetClientIpNoProxyCheck()
{
$request = new Zend_Controller_Request_Http();
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.10';
$_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.1.11';
$_SERVER['REMOTE_ADDR'] = '192.168.1.12';
$this->assertEquals('192.168.1.12', $request->getClientIp(false));
}
if ($SERVER_URL && $SERVER_URL != WT_SERVER_NAME . WT_SCRIPT_PATH) {
header('Location: ' . $SERVER_URL . WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''), true, 301);
exit;
}
// Request more resources - if we can/want to
if (!ini_get('safe_mode')) {
$memory_limit = WT_Site::preference('MEMORY_LIMIT');
if ($memory_limit) {
ini_set('memory_limit', $memory_limit);
}
$max_execution_time = WT_Site::preference('MAX_EXECUTION_TIME');
if ($max_execution_time && strpos(ini_get('disable_functions'), 'set_time_limit') === false) {
set_time_limit($max_execution_time);
}
}
$rule = WT_DB::prepare("SELECT SQL_CACHE rule FROM `##site_access_rule`" . " WHERE IFNULL(INET_ATON(?), 0) BETWEEN ip_address_start AND ip_address_end" . " AND ? LIKE user_agent_pattern" . " ORDER BY ip_address_end LIMIT 1")->execute(array($WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT']))->fetchOne();
switch ($rule) {
case 'allow':
$SEARCH_SPIDER = false;
break;
case 'deny':
header('HTTP/1.1 403 Access Denied');
exit;
case 'robot':
case 'unknown':
// Search engines don’t send cookies, and so create a new session with every visit.
// Make sure they always use the same one
Zend_Session::setId('search-engine-' . str_replace('.', '-', $WT_REQUEST->getClientIp()));
$SEARCH_SPIDER = true;
break;
case '':
/**
* Returns an array of IPs for the current client
*
* @return
*/
protected function _getClientIps()
{
$ips = preg_split('/,\\s*/', $this->_request->getClientIp(true));
$ips[] = $this->_request->getClientIp(false);
return array_unique($ips);
}
/**
* {@inheritdoc}
*/
public function getClientIp($checkProxy = false)
{
return parent::getClientIp($checkProxy);
}
public function getClientIp($checkProxy = false)
{
if (!empty($this->_remoteAddr)) {
return $this->_remoteAddr;
}
return parent::getClientIp($checkProxy);
}
