/** * Change the way bad behavior ... well behaves */ public function action_bbSettings_display() { global $txt, $scripturl, $context, $modSettings, $boardurl; // Initialize the form $this->_initBBSettingsForm(); // Our callback templates are here loadTemplate('BadBehavior'); // Any errors to display? if ($context['invalid_badbehavior_httpbl_key']) { $context['settings_message'][] = $txt['badbehavior_httpbl_key_invalid']; $context['error_type'] = 'warning'; } // Have we blocked anything in the last 7 days? if (!empty($modSettings['badbehavior_enabled'])) { $context['settings_message'][] = bb2_insert_stats(true) . '<a href="' . $boardurl . '/index.php?action=admin;area=logs;sa=badbehaviorlog;desc" /> [' . $txt['badbehavior_details'] . ']</a>'; } // Current whitelist data $whitelist = array('badbehavior_ip_wl', 'badbehavior_useragent_wl', 'badbehavior_url_wl'); foreach ($whitelist as $list) { $context[$list] = array(); $context[$list . '_desc'] = array(); if (!empty($modSettings[$list])) { $context[$list] = unserialize($modSettings[$list]); } if (!empty($modSettings[$list . '_desc'])) { $context[$list . '_desc'] = unserialize($modSettings[$list . '_desc']); } } $config_vars = $this->_bbSettings->settings(); // Saving? if (isset($_GET['save'])) { checkSession(); // Make sure Bad Behavior defaults are set if nothing was specified $_POST['badbehavior_httpbl_threat'] = empty($_POST['badbehavior_httpbl_threat']) ? 25 : $_POST['badbehavior_httpbl_threat']; $_POST['badbehavior_httpbl_maxage'] = empty($_POST['badbehavior_httpbl_maxage']) ? 30 : $_POST['badbehavior_httpbl_maxage']; $_POST['badbehavior_reverse_proxy_header'] = empty($_POST['badbehavior_reverse_proxy_header']) ? 'X-Forwarded-For' : $_POST['badbehavior_reverse_proxy_header']; // Build up the whitelist options foreach ($whitelist as $list) { $this_list = array(); $this_desc = array(); if (isset($_POST[$list])) { // Clear blanks from the data field, only grab the comments that don't have blank data value $this_list = array_map('trim', array_filter($_POST[$list])); $this_desc = array_intersect_key($_POST[$list . '_desc'], $this_list); } updateSettings(array($list => serialize($this_list), $list . '_desc' => serialize($this_desc))); } Settings_Form::save_db($config_vars); redirectexit('action=admin;area=securitysettings;sa=badbehavior'); } $context['post_url'] = $scripturl . '?action=admin;area=securitysettings;save;sa=badbehavior'; // Javascript vars for the "add more xyz" buttons in the callback forms addJavascriptVar(array('sUrlParent' => '\'add_more_url_placeholder\'', 'oUrlOptionsdt' => '{name: \'badbehavior_url_wl_desc[]\', class: \'input_text\'}', 'oUrlOptionsdd' => '{name: \'badbehavior_url_wl[]\', class: \'input_text\'}', 'sUseragentParent' => '\'add_more_useragent_placeholder\'', 'oUseragentOptionsdt' => '{name: \'badbehavior_useragent_wl_desc[]\', class: \'input_text\'}', 'oUseragentOptionsdd' => '{name: \'badbehavior_useragent_wl[]\', class: \'input_text\'}', 'sIpParent' => '\'add_more_ip_placeholder\'', 'oIpOptionsdt' => '{name: \'badbehavior_ip_wl_desc[]\', class: \'input_text\'}', 'oIpOptionsdd' => '{name: \'badbehavior_ip_wl[]\', class: \'input_text\'}')); Settings_Form::prepare_db($config_vars); }
function bb2_options() { $settings = bb2_read_settings(); if ($_POST) { if ($_POST['display_stats']) { $settings['display_stats'] = true; } else { $settings['display_stats'] = false; } if ($_POST['strict']) { $settings['strict'] = true; } else { $settings['strict'] = false; } if ($_POST['verbose']) { $settings['verbose'] = true; } else { $settings['verbose'] = false; } if ($_POST['logging']) { if ($_POST['logging'] == 'verbose') { $settings['verbose'] = true; $settings['logging'] = true; } else { if ($_POST['logging'] == 'normal') { $settings['verbose'] = false; $settings['logging'] = true; } else { $settings['verbose'] = false; $settings['logging'] = false; } } } else { $settings['verbose'] = false; $settings['logging'] = false; } bb2_write_settings($settings); ?> <div id="message" class="updated fade"><p><strong><?php _e('Options saved.'); ?> </strong></p></div> <?php } ?> <div class="wrap"> <h2><?php _e("Bad Behavior"); ?> </h2> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p> <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?> %20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p> <fieldset class="options"> <legend><?php _e('Statistics'); ?> </legend> <?php bb2_insert_stats(true); ?> <p><label><input type="checkbox" name="display_stats" value="true" <?php if ($settings['display_stats']) { ?> checked="checked" <?php } ?> /> <?php _e('Display statistics in blog footer'); ?> </label></p> </fieldset> <fieldset class="options"> <legend><?php _e('Logging'); ?> </legend> <p><label><input type="radio" name="logging" value="verbose" <?php if ($settings['verbose'] && $settings['logging']) { ?> checked="checked" <?php } ?> /> <?php _e('Verbose HTTP request logging'); ?> </label></p> <p><label><input type="radio" name="logging" value="normal" <?php if ($settings['logging'] && !$settings['verbose']) { ?> checked="checked" <?php } ?> /> <?php _e('Normal HTTP request logging (recommended)'); ?> </label></p> <p><label><input type="radio" name="logging" value="false" <?php if (!$settings['logging']) { ?> checked="checked" <?php } ?> /> <?php _e('Do not log HTTP requests (not recommended)'); ?> </label></p> </fieldset> <fieldset class="options"> <legend><?php _e('Strict Mode'); ?> </legend> <p><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?> checked="checked" <?php } ?> /> <?php _e('Strict checking (blocks more spam but may block some people)'); ?> </label></p> </fieldset> <p class="submit"><input type="submit" name="submit" value="<?php _e('Update »'); ?> " /></p> </form> </div> <?php }
function template_body_below() { global $context, $settings, $scripturl, $txt, $modSettings; echo ' </div> </div> </div>'; // Show the XHTML and RSS links, as well as the copyright. // Footer is now full-width by default. Frame inside it will match theme wrapper width automatically. echo ' <div id="footer_section"> <div class="frame">'; // There is now a global "Go to top" link at the right. echo ' <a href="#top" id="bot"><img src="', $settings['images_url'], '/upshrink.png" alt="*" title="', $txt['go_up'], '" /></a> <ul class="reset"> <li class="copyright">', theme_copyright(), ' </li> <li><a id="button_xhtml" href="http://validator.w3.org/check?uri=referer" target="_blank" class="new_win" title="', $txt['valid_xhtml'], '"><span>', $txt['xhtml'], '</span></a></li> ', !empty($modSettings['xmlnews_enable']) && (!empty($modSettings['allow_guestAccess']) || $context['user']['is_logged']) ? '<li><a id="button_rss" href="' . $scripturl . '?action=.xml;type=rss;limit=' . (!empty($modSettings['xmlnews_limit']) ? $modSettings['xmlnews_limit'] : 5) . '" class="new_win"><span>' . $txt['rss'] . '</span></a></li>' : '', !empty($modSettings['badbehavior_enabled']) && !empty($modSettings['badbehavior_display_stats']) ? '<li class="copyright">' . bb2_insert_stats() . '</li>' : '', ' </ul>'; // Show the load time? if ($context['show_load_time']) { echo ' <p>', sprintf($txt['page_created_full'], $context['load_time'], $context['load_queries']), '</p>'; } echo ' </div> </div>'; }
<h2><span>Bad Behavior Plugin</span></h2> <div class="box"> <div class="inbox"> <p>The Bad Behavior system helps protect your site from malicious bots (spammers, email harvesters, etc).</p> <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p> <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?> %20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p> </div> </div> <h2 class="block2"><span>Statistics:</span></h2> <div class="box"> <div class="inbox"> <p><?php echo bb2_insert_stats(true); ?> </p> </div> </div> <h2 class="block2"><span>Settings</span></h2> <div class="box"> <form id="example" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <p class="submittop"><input type="submit" name="save" value="Save changes" /></p> <div class="inform"> <fieldset> <legend>Change your settings and submit!</legend> <div class="infldset">
function bb2_insert_head() { global $bb2_javascript; $f3->set('bb2_javascript', $bb2_javascript); return TRUE; } // Write stats into the $f3 hive function bb2_insert_stats($force = false) { global $bb_settings, $f3; if ($force || $bb_settings['display_stats']) { $blocked = bb2_db_query("SELECT COUNT(*) FROM " . $bb_settings['log_table'] . " WHERE `key` NOT LIKE '00000000'"); if ($blocked !== FALSE) { $f3->set('bb2_stats', $blocked[0]["COUNT(*)"]); } } } // Return the top-level relative path of wherever we are (for cookies) function bb2_relative_path() { return \Base::instance()->get('BASE') . '/'; } // Calls inward to Bad Behavor itself. require_once BB2_CWD . "/bad-behavior/core.inc.php"; $bb_db = $f3->get('DB'); $bb_settings = bb2_read_settings(); bb2_install(); bb2_start($bb_settings); // eFiction 5 specific bb2_insert_stats();
function bb2_options() { $settings = bb2_read_settings(); $request_uri = $_SERVER["REQUEST_URI"]; if (!$request_uri) { $request_uri = $_SERVER['SCRIPT_NAME']; } # IIS if ($_POST) { $_POST = array_map('stripslashes_deep', $_POST); if ($_POST['display_stats']) { $settings['display_stats'] = true; } else { $settings['display_stats'] = false; } if ($_POST['strict']) { $settings['strict'] = true; } else { $settings['strict'] = false; } if ($_POST['verbose']) { $settings['verbose'] = true; } else { $settings['verbose'] = false; } if ($_POST['logging']) { if ($_POST['logging'] == 'verbose') { $settings['verbose'] = true; $settings['logging'] = true; } else { if ($_POST['logging'] == 'normal') { $settings['verbose'] = false; $settings['logging'] = true; } else { $settings['verbose'] = false; $settings['logging'] = false; } } } else { $settings['verbose'] = false; $settings['logging'] = false; } if ($_POST['httpbl_key']) { if (preg_match("/^[a-z]{12}\$/", $_POST['httpbl_key'])) { $settings['httpbl_key'] = $_POST['httpbl_key']; } else { $settings['httpbl_key'] = ''; } } else { $settings['httpbl_key'] = ''; } if ($_POST['httpbl_threat']) { $settings['httpbl_threat'] = intval($_POST['httpbl_threat']); } else { $settings['httpbl_threat'] = '25'; } if ($_POST['httpbl_maxage']) { $settings['httpbl_maxage'] = intval($_POST['httpbl_maxage']); } else { $settings['httpbl_maxage'] = '30'; } if ($_POST['offsite_forms']) { $settings['offsite_forms'] = true; } else { $settings['offsite_forms'] = false; } if ($_POST['eu_cookie']) { $settings['eu_cookie'] = true; } else { $settings['eu_cookie'] = false; } if ($_POST['reverse_proxy']) { $settings['reverse_proxy'] = true; } else { $settings['reverse_proxy'] = false; } if ($_POST['reverse_proxy_header']) { $settings['reverse_proxy_header'] = sanitize_text_field(uc_all($_POST['reverse_proxy_header'])); } else { $settings['reverse_proxy_header'] = 'X-Forwarded-For'; } if ($_POST['reverse_proxy_addresses']) { $settings['reverse_proxy_addresses'] = preg_split("/[\\s,]+/m", $_POST['reverse_proxy_addresses']); $settings['reverse_proxy_addresses'] = array_map('sanitize_text_field', $settings['reverse_proxy_addresses']); } else { $settings['reverse_proxy_addresses'] = array(); } bb2_write_settings($settings); ?> <div id="message" class="updated fade"><p><strong><?php _e('Options saved.'); ?> </strong></p></div> <?php } ?> <div class="wrap"> <?php echo bb2_donate_button(admin_url("options-general.php?page=bb2_options")); ?> <h2><?php _e("Bad Behavior"); ?> </h2> <form method="post" action="<?php echo admin_url("options-general.php?page=bb2_options"); ?> "> <p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p> <p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?> ">Log</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist"); ?> ">Whitelist</a></p> <h3><?php _e('Statistics'); ?> </h3> <?php bb2_insert_stats(true); ?> <table class="form-table"> <tr><td><label><input type="checkbox" name="display_stats" value="true" <?php if ($settings['display_stats']) { ?> checked="checked" <?php } ?> /> <?php _e('Display statistics in blog footer'); ?> </label></td></tr> </table> <h3><?php _e('Logging'); ?> </h3> <table class="form-table"> <tr><td><label><input type="radio" name="logging" value="verbose" <?php if ($settings['verbose'] && $settings['logging']) { ?> checked="checked" <?php } ?> /> <?php _e('Verbose HTTP request logging'); ?> </label></td></tr> <tr><td><label><input type="radio" name="logging" value="normal" <?php if ($settings['logging'] && !$settings['verbose']) { ?> checked="checked" <?php } ?> /> <?php _e('Normal HTTP request logging (recommended)'); ?> </label></td></tr> <tr><td><label><input type="radio" name="logging" value="false" <?php if (!$settings['logging']) { ?> checked="checked" <?php } ?> /> <?php _e('Do not log HTTP requests (not recommended)'); ?> </label></td></tr> </table> <h3><?php _e('Security'); ?> </h3> <table class="form-table"> <tr><td><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?> checked="checked" <?php } ?> /> <?php _e('Strict checking (blocks more spam but may block some people)'); ?> </label></td></tr> <tr><td><label><input type="checkbox" name="offsite_forms" value="true" <?php if ($settings['offsite_forms']) { ?> checked="checked" <?php } ?> /> <?php _e('Allow form postings from other web sites (required for OpenID; increases spam received)'); ?> </label></td></tr> </table> <h3><?php _e('http:BL'); ?> </h3> <p>To use Bad Behavior's http:BL features you must have an <a href="http://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p> <table class="form-table"> <tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php echo sanitize_text_field($settings['httpbl_key']); ?> " /> http:BL Access Key</label></td></tr> <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php echo intval($settings['httpbl_threat']); ?> " /> Minimum Threat Level (25 is recommended)</label></td></tr> <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo intval($settings['httpbl_maxage']); ?> " /> Maximum Age of Data (30 is recommended)</label></td></tr> </table> <h3><?php _e('European Union Cookie'); ?> </h3> <p>Select this option if you believe Bad Behavior's site security cookie is not exempt from the 2012 EU cookie regulation. <a href="http://bad-behavior.ioerror.us/2012/05/04/eu-cookie-requirement-disclosure/">More info</a></p> <table class="form-table"> <tr><td><label><input type="checkbox" name="eu_cookie" value="true" <?php if ($settings['eu_cookie']) { ?> checked="checked" <?php } ?> /> <?php _e('EU cookie handling'); ?> </label></td></tr> </table> <h3><?php _e('Reverse Proxy/Load Balancer'); ?> </h3> <p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p> <p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p> <p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p> <table class="form-table"> <tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?> checked="checked" <?php } ?> /> <?php _e('Enable Reverse Proxy'); ?> </label></td></tr> <tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo sanitize_text_field($settings['reverse_proxy_header']); ?> " /> Header containing Internet clients' IP address</label></td></tr> <tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php echo esc_textarea(implode("\n", $settings['reverse_proxy_addresses'])); ?> </textarea></td></tr> </table> <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update »'); ?> " /></p> </form> </div> <?php }