public function antiDdos()
{
$Register = Register::getInstance();
touchDir(ROOT . '/sys/logs/anti_ddos/');
$date = date("Y-m-d");
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
}
if (mb_strlen($ip) > 15 || !preg_match('#^\\d+\\.\\d+\\.\\d+\\.\\d+$#', $ip) || empty($ip)) {
return;
}
if (!empty($ip)) {
/* if current IP is hacked */
if (file_exists(ROOT . '/sys/logs/anti_ddos/hack_' . $ip . '.dat')) {
$Register['DocParser']->showHttpError('hack');
}
//clean old files
$tmp_files = glob(ROOT . '/sys/logs/anti_ddos/[0-9]*.dat');
//get all except HACK
if (!empty($tmp_files) && count($tmp_files) > 0) {
foreach ($tmp_files as $file) {
if (substr(basename($file), 0, 10) != $date) {
unlink($file);
}
}
}
/* if not hacked */
$file = ROOT . '/sys/logs/anti_ddos/' . $date . '_' . $ip . '.dat';
if (file_exists($file)) {
$data = file_get_contents($file);
$data = explode('***', $data);
if ($data[1] == time()) {
if ($data[0] > Config::read('request_per_second', 'secure')) {
unlink($file);
$f = fopen(ROOT . '/sys/logs/anti_ddos/hack_' . $ip . '.dat', 'w');
fwrite($f, date("Y-m-d H:i"));
fclose($f);
$Register['DocParser']->showHttpError('hack');
}
$attempt = $data[0] + 1;
$f = fopen($file, 'w');
fwrite($f, $attempt . '***' . time());
fclose($f);
} else {
unlink($file);
}
} else {
$f = fopen(ROOT . '/sys/logs/anti_ddos/' . $date . '_' . $ip . '.dat', 'w');
fwrite($f, '1***' . time());
fclose($f);
}
}
}
public function update_by_admin($id = null)
{
//turn access
$this->ACL->turn(array('users', 'edit_users'));
$id = (int) $id;
// ID зарегистрированного пользователя не может быть меньше
// единицы - значит функция вызвана по ошибке
if ($id < 1) {
redirect('/users/');
}
// Если профиль пытается редактировать не зарегистрированный
// пользователь - функция вызвана по ошибке
if (!isset($_SESSION['user'])) {
redirect('/');
}
// Получаем данные о пользователе из БД
$user = $this->Model->getById($id);
if (!$user) {
return $this->showInfoMessage(__('Can not find user'), '/users/');
}
if (is_object($this->AddFields) && $user) {
$user = $this->AddFields->mergeRecords(array($user), true);
$user = $user[0];
}
$fields = array('name', 'email', 'oldEmail', 'icq', 'jabber', 'pol', 'city', 'telephone', 'byear', 'bmonth', 'bday', 'url', 'about', 'signature');
$fields_settings = (array) Config::read('fields', 'users');
$fields_settings = array_merge($fields_settings, array('email'));
foreach ($fields as $field) {
${$field} = isset($_POST[$field]) ? trim($_POST[$field]) : '';
}
if ('1' === $pol) {
$pol = 'm';
} else {
if ('2' === $pol) {
$pol = 'f';
} else {
$pol = '';
}
}
// Обрезаем лишние пробелы
$newpassword = !empty($_POST['newpassword']) ? trim($_POST['newpassword']) : '';
$confirm = !empty($_POST['confirm']) ? trim($_POST['confirm']) : '';
// Обрезаем переменные до длины, указанной в параметре maxlength тега input
$newpassword = mb_substr($newpassword, 0, 30);
$confirm = mb_substr($confirm, 0, 30);
$email = mb_substr($email, 0, 60);
$oldEmail = mb_substr($user->getEmail(), 0, 60);
$icq = mb_substr($icq, 0, 12);
$jabber = mb_substr($jabber, 0, 100);
$city = mb_substr($city, 0, 50);
$telephone = number_format(mb_substr((int) $telephone, 0, 20), 0, '', '');
$byear = intval(mb_substr($byear, 0, 4));
$bmonth = intval(mb_substr($bmonth, 0, 2));
$bday = intval(mb_substr($bday, 0, 2));
$url = mb_substr($url, 0, 60);
$about = mb_substr($about, 0, 1000);
$signature = mb_substr($signature, 0, 500);
$errors = $this->Register['Validate']->check($this->Register['action']);
// Additional fields
if (is_object($this->AddFields)) {
try {
$_addFields = $this->AddFields->checkFields();
} catch (Exception $e) {
$errors[] = $this->AddFields->getErrors();
}
}
// Если заполнено поле "Текущий пароль" - значит пользователь
// хочет изменить его или поменять свой e-mail
$changePassword = false;
$changeEmail = false;
// want to change password
if (!empty($newpassword)) {
$changePassword = true;
}
// user want to change email
if ($email != $oldEmail) {
$changeEmail = true;
}
// if new and old emails are equal, we needn't check password
if ($email == $oldEmail) {
$this->Register['Validate']->disableFieldCheck('password');
}
$tmp_key = rand(0, 9999999);
if (!empty($_FILES['avatar']['name'])) {
touchDir(ROOT . '/sys/tmp/images/', 0777);
$path = ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg';
if (!isset($check_image) && move_uploaded_file($_FILES['avatar']['tmp_name'], $path)) {
chmod($path, 0644);
@($sizes = resampleImage($path, $path, 100));
if (!$sizes) {
@unlink($path);
$errors[] = __('Some error in avatar');
}
} else {
$errors[] = __('Some error in avatar');
}
}
$status = (int) $_POST['status'];
$timezone = (int) $_POST['timezone'];
if ($timezone < -12 or $timezone > 12) {
$timezone = 0;
}
// Errors
if (!empty($errors)) {
$_SESSION['FpsForm'] = array_merge(array('name' => null, 'status' => null, 'email' => null, 'timezone' => null, 'icq' => null, 'url' => null, 'about' => null, 'signature' => null, 'pol' => $pol, 'telephone' => null, 'city' => null, 'jabber' => null, 'byear' => null, 'bmonth' => null, 'bday' => null), $_POST);
$_SESSION['FpsForm']['errors'] = $errors;
redirect('/users/edit_form_by_admin/' . $id);
}
// Если выставлен флажок "Удалить загруженный ранее файл"
if (isset($_POST['unlink']) and is_file(ROOT . '/sys/avatars/' . $id . '.jpg')) {
unlink(ROOT . '/sys/avatars/' . $id . '.jpg');
}
if (file_exists(ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg')) {
if (copy(ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg', ROOT . '/sys/avatars/' . $id . '.jpg')) {
chmod(ROOT . '/sys/avatars/' . $id . '.jpg', 0644);
}
unlink(ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg');
}
// Все поля заполнены правильно - записываем изменения в БД
if ($changePassword) {
$user->setPassw(md5($newpassword));
}
if ($changeEmail) {
$user->setEmail($email);
}
if (isset($_POST['activation'])) {
$user->setActivation('');
}
$user->setName($name);
$user->setStatus($status);
$user->setTimezone($timezone);
$user->setUrl($url);
$user->setIcq($icq);
$user->setJabber($jabber);
$user->setCity($city);
$user->setTelephone($telephone);
$user->setPol($pol);
$user->setByear($byear);
$user->setBmonth($bmonth);
$user->setBday($bday);
$user->setAbout($about);
$user->setSignature($signature);
$user->save();
// Additional fields saving
if (is_object($this->AddFields)) {
$this->AddFields->save($id, $_addFields);
}
if ($this->Log) {
$this->Log->write('editing user by adm', 'user id(' . $id . ') adm id(' . $_SESSION['user']['id'] . ')');
}
return $this->showInfoMessage(__('Operation is successful'), getProfileUrl($id));
}
public function getTmpFilePath($filename, $module)
{
$padStr = str_pad($filename, 8, 0, STR_PAD_LEFT);
$dir1 = substr($padStr, 0, 4);
$tmp_dir = ROOT . '/sys/tmp/hlu_' . $module . '/' . $dir1 . '/';
$tmp_file = $tmp_dir . $filename . '.dat';
touchDir($tmp_dir, 0777);
return $tmp_file;
}
public static function index()
{
$Register = Register::getInstance();
//ip
if (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '00.00.00.00';
}
if (mb_strlen($ip) > 20 || !preg_match('#^\\d+\\.\\d+\\.\\d+\\.\\d+$#', $ip)) {
$ip = '00.00.00.00';
}
if (!file_exists(ROOT . '/sys/logs/counter_ips' . date("Y-m-d"))) {
$counter_tmp_dirs = glob(ROOT . '/sys/logs/counter_ips*');
if (!empty($counter_tmp_dirs) && is_array($counter_tmp_dirs)) {
foreach ($counter_tmp_dirs as $dir) {
_unlink($dir);
}
}
mkdir(ROOT . '/sys/logs/counter_ips' . date("Y-m-d"), 0777, true);
}
if (!file_exists(ROOT . '/sys/logs/counter_ips' . date("Y-m-d") . '/' . $ip . '.dat')) {
$inc_ip = 1;
$file = fopen(ROOT . '/sys/logs/counter_ips' . date("Y-m-d") . '/' . $ip . '.dat', 'w');
fclose($file);
} else {
$inc_ip = 0;
}
//visits from other sites
if (!empty($_SERVER['HTTP_REFERER']) && !preg_match('#^http://' . $_SERVER['SERVER_NAME'] . '#', $_SERVER['HTTP_REFERER'])) {
$other_site_view = 1;
} else {
$other_site_view = 0;
}
//user agent and bot identification
$other_bot = 0;
$yandex_bot = 0;
$google_bot = 0;
if (empty($_SERVER["HTTP_USER_AGENT"])) {
$other_bot = 1;
} else {
if (strstr($_SERVER["HTTP_USER_AGENT"], "Yandex")) {
$yandex_bot = 1;
} elseif (strstr($_SERVER["HTTP_USER_AGENT"], "Googlebot")) {
$google_bot = 1;
} else {
if (strstr($_SERVER["HTTP_USER_AGENT"], "StackRambler") || strstr($_SERVER["HTTP_USER_AGENT"], "Scooter") || strstr($_SERVER["HTTP_USER_AGENT"], "Fast") || strstr($_SERVER["HTTP_USER_AGENT"], "infoseek") || strstr($_SERVER["HTTP_USER_AGENT"], "YahooBot") || strstr($_SERVER["HTTP_USER_AGENT"], "aport") || strstr($_SERVER["HTTP_USER_AGENT"], "slurp") || strstr($_SERVER["HTTP_USER_AGENT"], "architextspider") || strstr($_SERVER["HTTP_USER_AGENT"], "lycos") || strstr($_SERVER["HTTP_USER_AGENT"], "grabber") || strstr(strtolower($_SERVER["HTTP_USER_AGENT"]), "bot") || strstr(strtolower($_SERVER["HTTP_USER_AGENT"]), "spider")) {
$other_bot = 1;
}
}
}
//referer
$referer = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
//check coocie
if (isset($_COOKIE['counter']) || (!empty($other_bot) || !empty($yandex_bot) || !empty($google_bot))) {
$cookie = 0;
} else {
$cookie = 1;
//cookie die in 23:59:59 this day
$curdate = date("n,j,Y");
$curdate = explode(',', $curdate);
$timestamp = mktime(23, 59, 59, $curdate[0], $curdate[1], $curdate[2]);
setcookie('counter', md5($ip), $timestamp, '/');
}
$view = !empty($other_bot) || !empty($yandex_bot) || !empty($google_bot) ? 0 : 1;
touchDir(ROOT . '/sys/logs/counter/', 0777);
$tmp_datafile = ROOT . '/sys/logs/counter/' . date("Y-m-d") . '.dat';
if (file_exists($tmp_datafile) && is_readable($tmp_datafile)) {
$stats = unserialize(file_get_contents($tmp_datafile));
$stats['views'] = $stats['views'] + $view;
$stats['cookie'] = $stats['cookie'] + $cookie;
$stats['ips'] = $stats['ips'] + $inc_ip;
$stats['yandex_bot_views'] = $stats['yandex_bot_views'] + $yandex_bot;
$stats['google_bot_views'] = $stats['google_bot_views'] + $google_bot;
$stats['other_bot_views'] = $stats['other_bot_views'] + $other_bot;
$stats['other_site_visits'] = $stats['other_site_visits'] + $other_site_view;
} else {
$stats = array('views' => 1, 'cookie' => 1, 'ips' => 1, 'yandex_bot_views' => $yandex_bot, 'google_bot_views' => $google_bot, 'other_bot_views' => $other_bot, 'other_site_visits' => $other_site_view);
}
$f = fopen($tmp_datafile, 'w+');
flock($f, LOCK_EX);
fwrite($f, serialize($stats));
flock($f, LOCK_UN);
fclose($f);
//statistics data for counter image
if (!file_exists(ROOT . '/sys/logs/overal_stats.dat')) {
StatisticsModule::_updateOveralHits();
}
$overal = unserialize(file_get_contents(ROOT . '/sys/logs/overal_stats.dat'));
if (!isset($overal['hits'])) {
$overal['hits'] = StatisticsModule::_updateOveralHits();
}
$all_hits = (int) $overal['hits'] + $stats['views'];
$hosts = $stats['cookie'];
$hits = $stats['views'];
//write into data base and delete file (one time in day)
$tmp_files = glob(ROOT . '/sys/logs/counter/*.dat');
if (!empty($tmp_files) && count($tmp_files) > 1) {
foreach ($tmp_files as $file) {
$date = substr(strrchr($file, '/'), 1, 10);
if ($date === date("Y-m-d")) {
continue;
}
StatisticsModule::_writeIntoDataBase($date);
unlink($file);
StatisticsModule::_deleteOveralKey('hits');
}
}
self::viewCounter($all_hits, $hits, $hosts);
//who online
touchDir(ROOT . '/sys/logs/counter_online/');
$path = ROOT . '/sys/logs/counter_online/online.dat';
$users = array();
$guests = array();
$online_users = array();
if (file_exists($path) && is_readable($path)) {
$data = unserialize(file_get_contents($path));
$users = !empty($data['users']) ? $data['users'] : array();
$guests = !empty($data['guests']) ? $data['guests'] : array();
}
foreach ($users as $key => $user) {
if ($user['expire'] < time()) {
unset($users[$key]);
break;
}
// online users list
if (strstr($key, 'bot')) {
$online_users[] = '<span class="botname">' . h($user['name']) . '</span>';
continue;
}
$color = '';
if (isset($user['status'])) {
$group_info = $Register['ACL']->get_user_group($user['status']);
if (!empty($group_info['color'])) {
$color = 'color:#' . $group_info['color'] . ';';
}
}
$online_users[] = get_link(h($user['name']), getProfileUrl($key), array('style' => $color));
}
foreach ($guests as $key => $guest) {
if ($guest['expire'] < time()) {
unset($guests[$key]);
}
}
$_SESSION['online_users_list'] = count($online_users) ? implode(', ', $online_users) : '';
// Max users online in one time
$all_online = intval(count($users) + count($guests));
if (!empty($overal['max_users_online']) && is_numeric($overal['max_users_online'])) {
if ($overal['max_users_online'] < $all_online) {
StatisticsModule::_updateOveralHits(array('max_users_online', 'max_users_online_date'), array($all_online, date("Y-m-d")));
}
} else {
StatisticsModule::_updateOveralHits(array('max_users_online', 'max_users_online_date'), array($all_online, date("Y-m-d")));
}
if (empty($_SERVER['HTTP_USER_AGENT'])) {
$_SERVER["HTTP_USER_AGENT"] = '';
}
if (!empty($_SESSION['user']['id'])) {
$users[$_SESSION['user']['id']] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => $_SESSION['user']['name'], 'status' => $_SESSION['user']['status']);
} else {
if (strstr($_SERVER["HTTP_USER_AGENT"], "StackRambler")) {
$users['bot_rambler'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Rambler[bot]');
} else {
if (strstr($_SERVER["HTTP_USER_AGENT"], "YahooBot")) {
$users['bot_yahoo'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Yahoo[bot]');
} else {
if (strstr($_SERVER["HTTP_USER_AGENT"], "Yandex")) {
$users['bot_yandex'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Yandex[bot]');
} else {
if (strstr($_SERVER["HTTP_USER_AGENT"], "Googlebot")) {
$users['bot_google'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Google[bot]');
} else {
$guests[$ip] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60);
}
}
}
}
}
file_put_contents($path, serialize(array('users' => $users, 'guests' => $guests)));
return;
}
/**
* @return boolean
*/
private function __checkIndex()
{
$meta_file = $this->getTmpPath('meta.dat');
if (file_exists($meta_file) && is_readable($meta_file)) {
$meta = unserialize(file_get_contents($meta_file));
if (!empty($meta['expire']) && $meta['expire'] > time()) {
return true;
} else {
$this->__createIndex();
}
} else {
touchDir($this->getTmpPath());
$this->__createIndex();
}
$index_interval = intval($this->Register['Config']->read('index_interval', $this->module));
if ($index_interval < 1) {
$index_interval = 1;
}
$meta['expire'] = time() + $index_interval * 84000;
file_put_contents($meta_file, serialize($meta));
return true;
}
public function importTemplateFiles($pathToTemplateFiles, $module)
{
if (file_exists($pathToTemplateFiles) && is_dir($pathToTemplateFiles)) {
$templatePath = ROOT . '/template/' . getTemplateName();
$dirs = glob($pathToTemplateFiles . '/*', GLOB_ONLYDIR);
foreach ($dirs as $dir) {
$dirName = basename($dir);
// Copying HTML templates to the special module directory
if ($dirName === 'html') {
touchDir($templatePath . '/html/' . $module, 0777);
copyr($dir, $templatePath . '/html/' . $module, 0777);
continue;
}
touchDir($templatePath . '/' . $dirName, 0777);
copyr($dir, $templatePath . '/' . $dirName, 0777);
}
}
}
/**
* adding IP to ban list
*/
function add()
{
if (empty($_POST['ip'])) {
redirect('/admin/ip_ban.php');
}
$ip = trim($_POST['ip']);
$error = null;
if (!preg_match('#^\\d{1,3}\\.\\d{1,3}.\\d{1,3}.\\d{1,3}$#', $ip)) {
$error = '<li>' . sprintf(__('Wrong chars in "..."'), 'IP') . '</li>';
}
if (!empty($error)) {
$_SESSION['add']['errors'] = '<ul class="uz_err">' . $error . '</ul>';
redirect('/admin/ip_ban.php');
}
if (empty($error)) {
touchDir(ROOT . '/sys/logs/ip_ban/');
$f = fopen(ROOT . '/sys/logs/ip_ban/baned.dat', 'a+');
fwrite($f, $ip . "\n");
fclose($f);
}
redirect('/admin/ip_ban.php');
}
