protected function getInput()
{
$this->app = JFactory::getApplication();
$this->db = JFactory::getDbo();
$this->formfields = $this->form->getFieldset();
$blacklistnets = array();
$blacklistaddresses = array();
$blacklistinputarray=AdminExileHelper::ipArray($this->_getField('blacklist'));
$gmp = AdminExileHelper::gmp();
require_once(JPATH_PLUGINS.'/system/adminexile/classes/'.($gmp?'IPv6Net.class.php':'simplecidr.class.php'));
foreach($blacklistinputarray as $blacklistitem) {
$blacklistitem = trim($blacklistitem);
if(preg_match('/\//',$blacklistitem)) {
try{
$blacklistnets[$blacklistitem]=$gmp?(new IPv6Net($blacklistitem)):SimpleCIDR::getInstance($blacklistitem);
} catch (Exception $e) {
error_log("AdminExile cannot process ".$blacklistitem." due to:".$e->getMessage());
$blacklistaddresses[trim($blacklistitem)]=$blacklistitem;
}
} else {
$blacklistaddresses[trim($blacklistitem)]=$blacklistitem;
}
}
$query = $this->db->getQuery(true);
$query->select('*')->from('#__plg_system_adminexile')->where('penalty = 0')->order('lastattempt DESC');
$this->db->setQuery($query);
$blocked = $this->db->loadObjectList();
$return=array();
$return[]='<h3 style="float:left;clear:left;">'.($gmp?JText::_('PLG_SYS_ADMINEXILE_IPV46'):JText::_('PLG_SYS_ADMINEXILE_IPV4')).'</h3>';
$attempts = new stdClass();
foreach($blocked as $match) {
if(in_array($match->ip,$blacklistaddresses)) {
$attempts->{$match->ip} = new stdClass();
$attempts->{$match->ip}->lastattempt = $match->lastattempt;
$attempts->{$match->ip}->firstattempt = $match->firstattempt;
$attempts->{$match->ip}->attempts = $match->attempts;
} else {
foreach(array_keys($blacklistnets) as $key) {
if($blacklistnets[$key]->contains(trim((string)$match->ip))) {
if(!property_exists($attempts,$key)) {
$attempts->$key = new stdClass();
$attempts->$key->attempts = 0;
$attempts->$key->addresses = new stdClass();
}
$attempts->$key->addresses->{$match->ip}->lastattempt = $match->lastattempt;
$attempts->$key->addresses->{$match->ip}->firstattempt = $match->firstattempt;
$attempts->$key->addresses->{$match->ip}->attempts = $match->attempts;
$attempts->$key->attempts += $match->attempts;
}
}
}
}
JFactory::getDocument()->addScriptDeclaration('window.plg_sys_adminexile_blacklist = '.json_encode($attempts).';');
return implode("\n",$return);
}
protected function getInput()
{
$options = array();
$joomla = array('JACTION_DELETE');
$messages = array('INVALIDASCII','INVALIDCHAR','NOTNUMERIC');
$chars = array('DOLLAR','AMPERSAND','PLUS','COMMA','FORWARDSLASH','COLON','SEMICOLON','EQUALS','QUESTION','AT','SPACE','QUOTE','LESSTHAN','GREATERTHAN','POUND','PERCENT','LEFTCURLY','RIGHTCURLY','PIPE','BACKSLASH','CARAT','TILDE','LEFTBRACKET','RIGHTBRACKET','GRAVE');
$buttons = array('EDIT_IP','DELETE_IP','CLEAR_IP');
$popups = array('NEW_IPV4','NEW_IPV46','DUPLICATE_ADDRESS','INVALID_ADDRESS');
$table = array('IP','ACTIONS','ATTEMPTS','LASTATTEMPT','OPTIONS');
foreach($messages as $string) JText::script('PLG_SYS_ADMINEXILE_MESSAGE_'.$string);
foreach($chars as $string) JText::script('PLG_SYS_ADMINEXILE_CHAR_'.$string);
foreach($buttons as $string) JText::script('PLG_SYS_ADMINEXILE_BUTTON_'.$string);
foreach($popups as $string) JText::script('PLG_SYS_ADMINEXILE_POPUP_'.$string);
foreach($table as $string) JText::script('PLG_SYS_ADMINEXILE_TH_'.$string);
foreach($joomla as $string) JText::script($string);
$options['version']=JVERSION;
$options['gmp']=AdminExileHelper::gmp();
JHtml::_('behavior.framework',true);
$doc = JFactory::getDocument();
$doc->addScriptDeclaration("\n".'window.plg_sys_adminexile_config = '.json_encode($options).';'."\n");
$doc->addScript(JURI::root(true).'/media/plg_system_adminexile/admin.js');
return;
}
public function onAfterInitialise() {
if ($this->_app->isAdmin()) {
$this->_net = false;
JFactory::getLanguage()->load('plg_system_adminexile', JPATH_ADMINISTRATOR);
if (JFactory::getUser()->id) {
// check for block removals
if ($this->_app->input->get->get('adminexile_removeblock', false)) {
$ip = $this->_app->input->get->get('ip', 0);
$firstattempt = $this->_app->input->get->get('firstattempt', 0, 'RAW');
if ($this->_clearBlocks(array('ip' => $ip, 'firstattempt' => $firstattempt))) {
header('Content-Type: application/json');
die(json_encode(array('success' => true)));
}
}
$this->_pass = true;
return true; // user is already logged in
} else {
if ($this->params->get('maillink', 0)) {
if (@$email = $this->_app->input->get->get('email', false)) {
if ($this->params->get('maillink', true) && count($this->params->get('maillinkgroup', array()))) {
$this->_maillink($email, $this->params->get('maillinkgroup', array()));
$this->_redirect();
return true;
}
}
}
}
$this->_key = $this->params->get('key', 'adminexile');
if ($this->_app->getUserState("plg_sys_adminexile.$this->_key", false)) {
$this->_pass = true;
if (isset($_GET[$this->_key]))
$this->_app->redirect(JURI::root() . '/administrator'); // hide the key as soon as possible
return true; // user provided a key and should be shown the login form
}
if ($this->params->get('bruteforce', 0) && $this->_log && $this->_log->penalty != 0)
return true;
if($this->params->get('tmpwhitelist',0)) {
if($this->_getTmpWhitelist($this->_ip)) {
$this->_pass = true;
$this->_authorized();
return true;
}
}
if ($this->params->get('ipsecurity', 0)) {
$this->_gmp = AdminExileHelper::gmp();
$ip = $this->_blackwhite($this->_ip);
if ($ip) {
if ($ip === true) {
$this->_pass = true;
$this->_authorized();
return true;
} else {
$this->_net = $ip;
return true;
}
}
}
if ($this->_keyauth()) {
$this->_pass = true;
$this->_authorized();
return true;
}
return true;
} else {
$this->_frontrestrict();
}
}
