Ejemplo n.º 1
0
 /**
  * Validates the callback request is valid. If failure happens, the response should
  * tell the processor to retry.
  *
  * @param string $errorString Output error string
  *
  * @return boolean
  */
 public function validateRequest(&$errorString)
 {
     try {
         if ($this->_filtered['test_ipn'] && XenForo_Application::debugMode()) {
             $validator = XenForo_Helper_Http::getClient('https://www.sandbox.paypal.com/cgi-bin/webscr');
         } else {
             $validator = XenForo_Helper_Http::getClient('https://www.paypal.com/cgi-bin/webscr');
         }
         $validator->setParameterPost('cmd', '_notify-validate');
         $validator->setParameterPost($_POST);
         $validatorResponse = $validator->request('POST');
         if (!$validatorResponse || $validatorResponse->getBody() != 'VERIFIED' || $validatorResponse->getStatus() != 200) {
             $host = XenForo_Model_Ip::getHost($this->_request->getClientIp(false));
             if (preg_match('#(^|\\.)paypal.com$#i', $host)) {
                 $errorString = 'Request not validated';
             } else {
                 $errorString = array(false, 'Request not validated (from unknown source)');
             }
             return false;
         }
     } catch (Zend_Http_Client_Exception $e) {
         $errorString = 'Connection to PayPal failed';
         return false;
     }
     $business = strtolower($this->_filtered['business']);
     $receiverEmail = strtolower($this->_filtered['receiver_email']);
     $options = XenForo_Application::get('options');
     $accounts = preg_split('#\\r?\\n#', $options->payPalAlternateAccounts, -1, PREG_SPLIT_NO_EMPTY);
     $accounts[] = $options->payPalPrimaryAccount;
     $matched = false;
     foreach ($accounts as $account) {
         $account = trim(strtolower($account));
         if ($account && ($business == $account || $receiverEmail == $account)) {
             $matched = true;
             break;
         }
     }
     if (!$matched) {
         $errorString = 'Invalid business or receiver_email';
         return false;
     }
     return true;
 }
Ejemplo n.º 2
0
 /**
  * Retrieve the User record associated with the authenticated user.
  *
  * @return User|null
  */
 public function init()
 {
     $this->getBootstrap()->bootstrap('Auth');
     $auth = $this->getBootstrap()->getResource('Auth');
     $this->getBootstrap()->bootstrap('Db');
     $db = $this->getBootstrap()->getResource('Db');
     $front = Zend_Controller_Front::getInstance();
     $request = new Zend_Controller_Request_Http();
     // REST API requests require a slightly different authentication
     // strategy. They use non-persistant, key-based authentication
     if ($front->getParam('api')) {
         // Authenticate against the API key in a non-persistent way.
         $auth->setStorage(new Zend_Auth_Storage_NonPersistent());
         $authAdapter = new Omeka_Auth_Adapter_KeyTable($request->getParam('key'));
         $auth->authenticate($authAdapter);
     }
     if (!$auth->hasIdentity()) {
         // There is no user if there is no identity.
         return null;
     }
     try {
         // Get the user ID for REST API or standard requests.
         if ($front->getParam('api')) {
             // Update the key row.
             $key = $auth->getIdentity();
             $key->ip = inet_pton($request->getClientIp());
             $key->accessed = date('Y-m-d H:i:s');
             $key->save();
             $userId = $key->user_id;
         } else {
             $userId = $auth->getIdentity();
         }
         $user = $db->getTable('User')->findActiveById($userId);
     } catch (Zend_Db_Statement_Exception $e) {
         // Exceptions may be thrown because the database is out of sync with
         // the code.  Suppress errors and skip authentication, but only
         // until the database is properly upgraded.
         if (Omeka_Db_Migration_Manager::getDefault()->dbNeedsUpgrade()) {
             $user = null;
         } else {
             throw $e;
         }
     }
     if (!$user) {
         // If we can't retrieve the User from the database, it likely means
         // that this user has been deleted.  In this case, do not allow the
         // user to stay logged in.
         $auth->clearIdentity();
     }
     return $user;
 }
Ejemplo n.º 3
0
 public function init()
 {
     /** @var $log Zend_Log */
     $multilog = $this->getBootstrap()->getPluginResource('multiplelog');
     $log = $multilog->getLog('audit');
     if (empty($log)) {
         throw new Exception('Please configure a multiplelog log with name "audit"');
     }
     // Custom priority
     $log->addPriority('audit', self::PRIORITY);
     // Set a priority filter to only allow "audit" events
     $filter = new Zend_Log_Filter_Priority(self::PRIORITY, '==');
     $log->addFilter($filter);
     // Static log events for auditing
     $request = new Zend_Controller_Request_Http();
     $log->setEventItem('ip', $request->getClientIp());
     return $log;
 }
Ejemplo n.º 4
0
 /**
  * Determines if the given request matches the criteria.
  *
  * @param array|string $criteria List of criteria, format: [] with keys rule
  * and data; may be serialized
  * @param boolean $matchOnEmpty If true and there's no criteria, true is
  * returned; otherwise, false
  * @param Zend_Controller_Request_Http $request Request to check against
  *
  * @return boolean
  */
 public static function requestMatchesCriteria($criteria, $matchOnEmpty = false, Zend_Controller_Request_Http $request = null)
 {
     if (!($criteria = XenForo_Helper_Criteria::unserializeCriteria($criteria))) {
         return (bool) $matchOnEmpty;
     }
     if (!$request) {
         $request = new Zend_Controller_Request_Http();
     }
     foreach ($criteria as $criterion) {
         $data = $criterion['data'];
         switch ($criterion['rule']) {
             // contains at least x links
             case 'geoip_country':
                 if (!isset($data['countries'])) {
                     return false;
                 }
                 if (!function_exists('geoip_country_code_by_name')) {
                     return false;
                 }
                 try {
                     $country = geoip_country_code_by_name($request->getClientIp(true));
                 } catch (Exception $e) {
                     return false;
                 }
                 if (!in_array($country, $data['countries'])) {
                     return false;
                 }
                 break;
                 // user has open port
             // user has open port
             case 'open_port':
                 if (empty($data['port'])) {
                     return false;
                 }
                 if (@fsockopen($_SERVER['REMOTE_ADDR'], $data['port'], $errstr, $errno, 1)) {
                     return false;
                 }
                 break;
         }
     }
     return true;
 }
Ejemplo n.º 5
0
 /**
  * Takes the info passed to allowRegistration() and extracts the necessary data for the spam check
  *
  * @param array $user
  * @param Zend_Controller_Request_Http $request
  *
  * @return array
  */
 protected function _getSpamCheckData(array $user, Zend_Controller_Request_Http $request)
 {
     if (!isset($user['ip'])) {
         $user['ip'] = $request->getClientIp(false);
     }
     return $user;
 }
Ejemplo n.º 6
0
 /**
  * @group ZF-7117
  */
 public function testGetClientIpNoProxyCheck()
 {
     $request = new Zend_Controller_Request_Http();
     $_SERVER['HTTP_CLIENT_IP'] = '192.168.1.10';
     $_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.1.11';
     $_SERVER['REMOTE_ADDR'] = '192.168.1.12';
     $this->assertEquals('192.168.1.12', $request->getClientIp(false));
 }
Ejemplo n.º 7
0
if ($SERVER_URL && $SERVER_URL != WT_SERVER_NAME . WT_SCRIPT_PATH) {
    header('Location: ' . $SERVER_URL . WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''), true, 301);
    exit;
}
// Request more resources - if we can/want to
if (!ini_get('safe_mode')) {
    $memory_limit = WT_Site::preference('MEMORY_LIMIT');
    if ($memory_limit) {
        ini_set('memory_limit', $memory_limit);
    }
    $max_execution_time = WT_Site::preference('MAX_EXECUTION_TIME');
    if ($max_execution_time && strpos(ini_get('disable_functions'), 'set_time_limit') === false) {
        set_time_limit($max_execution_time);
    }
}
$rule = WT_DB::prepare("SELECT SQL_CACHE rule FROM `##site_access_rule`" . " WHERE IFNULL(INET_ATON(?), 0) BETWEEN ip_address_start AND ip_address_end" . " AND ? LIKE user_agent_pattern" . " ORDER BY ip_address_end LIMIT 1")->execute(array($WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT']))->fetchOne();
switch ($rule) {
    case 'allow':
        $SEARCH_SPIDER = false;
        break;
    case 'deny':
        header('HTTP/1.1 403 Access Denied');
        exit;
    case 'robot':
    case 'unknown':
        // Search engines don’t send cookies, and so create a new session with every visit.
        // Make sure they always use the same one
        Zend_Session::setId('search-engine-' . str_replace('.', '-', $WT_REQUEST->getClientIp()));
        $SEARCH_SPIDER = true;
        break;
    case '':
Ejemplo n.º 8
0
 /**
  * Returns an array of IPs for the current client
  *
  * @return
  */
 protected function _getClientIps()
 {
     $ips = preg_split('/,\\s*/', $this->_request->getClientIp(true));
     $ips[] = $this->_request->getClientIp(false);
     return array_unique($ips);
 }
Ejemplo n.º 9
0
 /**
  * {@inheritdoc}
  */
 public function getClientIp($checkProxy = false)
 {
     return parent::getClientIp($checkProxy);
 }
Ejemplo n.º 10
0
 public function getClientIp($checkProxy = false)
 {
     if (!empty($this->_remoteAddr)) {
         return $this->_remoteAddr;
     }
     return parent::getClientIp($checkProxy);
 }