Example #1
0
 /**
  * @brief write 讲日志信息写入文件
  *
  * @param $message 日志信息
  * @param $level 日志等级
  *
  * @return void
  */
 private static function write($message, $level)
 {
     $file_path = LOGX_CACHE . date('Y-m-d') . '.php';
     if (!is_file($file_path)) {
         if (!@file_put_contents($file_path, "<?php exit('Access Denied!'); ?>\n")) {
             throw new LogXException(_t('Cache directory cannot write.'));
         }
     }
     $content = '[' . Request::getIP() . '] [' . date('Y-m-d H:i:s') . '] [' . $level . '] ' . $message . "\n";
     if (!@file_put_contents($file_path, $content, FILE_APPEND)) {
         throw new LogXException(_t('Cache directory cannot write.'));
     }
 }
 /**
  * Evaluates a rule
  * 
  * @param string  $rule  Type of rule
  * @param mixed  $value  Value to evaluate for the rule
  * @return bool
  */
 public function evaluateRule($rule, $value)
 {
     $member = Auth::isLoggedIn() ? Auth::getCurrentMember() : new Member(array());
     if ($rule === '_any') {
         // this is an "any" grouping
         foreach ($value as $sub_rule) {
             reset($sub_rule);
             $key = key($sub_rule);
             if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) {
                 return true;
             }
         }
         return false;
     } elseif ($rule === '_none') {
         // this is a "none" grouping
         foreach ($value as $sub_rule) {
             reset($sub_rule);
             $key = key($sub_rule);
             if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) {
                 return false;
             }
         }
         return true;
     } elseif ($rule === '_all') {
         // this is an "all" grouping
         foreach ($value as $sub_rule) {
             reset($sub_rule);
             $key = key($sub_rule);
             if (!$this->evaluateRule(key($sub_rule), $sub_rule[$key])) {
                 return false;
             }
         }
         return true;
     } elseif ($rule === '_addon') {
         // this is an add-on API call
         // grab add-on definition
         $method = array_get($value, 'method', null);
         $comparison = array_get($value, 'comparison', '==');
         $parameters = array_get($value, 'parameters', array());
         $error = array_get($value, 'error', null);
         $value = array_get($value, 'value', null);
         // split method
         $method_parts = explode(':', $method, 2);
         // were definitions valid?
         if (!$method || count($method_parts) !== 2 || !is_array($parameters)) {
             return false;
         }
         // load API
         try {
             $api = Resource::loadAPI($method_parts[0]);
             // can this method be called?
             if (!is_callable(array($api, $method_parts[1]), false)) {
                 return false;
             }
             // get the result of calling the method
             $result_value = call_user_func_array(array($api, $method_parts[1]), $parameters);
             // now compare the expected value with the actual value
             $result = $this->compareValues($value, $result_value, $comparison);
             // set optional user error
             if (!$result && $error) {
                 $this->flash->set('error', $error);
             }
             return $result;
         } catch (Exception $e) {
             // something went wrong, this fails
             rd($e->getMessage());
             return false;
         }
     } elseif ($rule === '_field') {
         // this is a complex field match
         // grab field definitions
         $field = array_get($value, 'field', null);
         $comparison = array_get($value, 'comparison', '==');
         $value = array_get($value, 'value', null);
         // were definitions valid?
         if (!$field) {
             return false;
         }
         return $this->compareValues($value, $member->get($field, null), $comparison);
     } elseif ($rule === '_logged_in') {
         // this is checking if member is logged in
         return Auth::isLoggedIn() === $value;
     } elseif ($rule === '_ip_address') {
         // this is one or more IP address
         return $this->compareValues(Helper::ensureArray($value), Request::getIP(), '==');
     } else {
         // this is a simple field match
         return $this->compareValues($value, $member->get($rule, null), '==');
     }
 }
 /**
  * (non-PHPdoc)
  * @see Lampcms.SubmittedAnswer::getIP()
  */
 public function getIP()
 {
     return Request::getIP();
 }
Example #4
0
 /**
  * Checks that request did not
  * come from ip address that was previously
  * banned for hack attempts
  *
  * @return object $this
  *
  * @throws LampcmsCookieAuthException
  * if request came from ip address that
  * was banned for attempting to hack
  * login by cookie
  */
 protected function checkForBannedIP()
 {
     $ip = Request::getIP();
     /**
      * If any attempt to login by incorrect cookie
      * came from this ip address in the past 7 days, then
      * the ip is banned.
      *
      * Basically even a single attempt to login by incorrect
      * cookie will ban the ip address
      */
     $timediff = time() - 604800;
     $cur = $this->Registry->Mongo->LOGIN_ERROR->find(array('i_ts' => array('$gt' => $timediff)))->sort(array('i_ts' => -1));
     foreach ($cur as $a) {
         if ('cookie' === $a['login_type'] && $a['ip'] == $ip) {
             $err = 'Attempted to login by cookie from banned ip address: ' . $ip;
             throw new CookieAuthException($err);
         }
     }
     return $this;
 }
Example #5
0
 public function testGetIP()
 {
     $this->assertEquals('127.0.0.2', Request::getIP());
     $_SERVER['REMOTE_ADDR'] = '71.207.145.21';
     $this->assertEquals('71.207.145.21', Request::getIP());
 }
Example #6
0
 /**
  * Add data to LOGIN_ERROR table
  * data includes username, password, geoip, useragent, timestamp
  * of bad login attempt
  *
  * @param string $username
  * @param string $pwd
  * @param bool $username_exists
  * @param string $strIp
  * @param bool $bByCookie login was done using
  * cookies uid and sid
  *
  * @return bool false
  * by returning false we can use the result of this method
  * as a return of fnLogin
  */
 protected function logLoginError($username, $pwd = '', $username_exists = true, $strIp = null, $login_type = 'www')
 {
     if (!$username_exists) {
         d('NO User with nick ' . $username);
     } else {
         d('Error: wrong password for ' . $username . ' and password: ' . $pwd);
     }
     $login_type = true === $login_type ? 'cookie' : $login_type;
     $ip = null !== $strIp ? $strIp : Request::getIP();
     $username_lc = strtolower($username);
     $usr_exists = $username_exists ? 'Y' : 'N';
     $i_ts = time();
     $time = date('r');
     $ua = Request::getUserAgent();
     $aData = compact('usr_lc', 'pwd', 'usr_exists', 'ua', 'i_ts', 'login_type', 'time');
     d('aData: ' . print_r($aData, 1));
     /**
      * Insure these 2 indexes
      * the index for username will be automatically
      * ensured in saveResourceLocation()
      *
      */
     $coll = $this->Registry->Mongo->LOGIN_ERROR;
     $indexed1 = $coll->ensureIndex(array('usr_lc' => 1));
     $indexed1 = $coll->ensureIndex(array('i_ts' => 1));
     $indexed2 = $coll->ensureIndex(array('ip' => 1));
     if ('cookie' === $login_type) {
         $this->Registry->Dispatcher->post($this, 'onSidHack');
     } elseif ('switch' === $login_type) {
         $this->Registry->Dispatcher->post($this, 'onSwitchHack');
     }
     return false;
 }
Example #7
0
 /**
  * @covers Xoops\Core\Request::getIp
  */
 public function testGetIPv6()
 {
     $varname = 'RequestTest';
     $_REQUEST[$varname] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329';
     $this->assertEquals($_REQUEST[$varname], Request::getIP($varname));
     $_REQUEST[$varname] = 'FE80::0202:B3FF:FE1E:8329';
     $this->assertEquals($_REQUEST[$varname], Request::getIP($varname));
     $_REQUEST[$varname] = 'GE80::0202:B3FF:FE1E:8329';
     $this->assertEquals('', Request::getIP($varname));
     $_REQUEST[$varname] = '::ffff:16.32.48.64';
     $this->assertEquals($_REQUEST[$varname], Request::getIP($varname));
 }
Example #8
0
<?php

$root = realpath(dirname(__FILE__));
include_once "{$root}/config.php";
include_once "{$root}/common.php";
$id = isset($_GET['t']) ? intval($_GET['t']) : 0;
$tarjetas = Db::query("SELECT tarjetas.id\n          , tarjetas.nombre\n     FROM tarjetas\n     WHERE tarjetas.id = '{$id}'\n     LIMIT 1");
if ($tarjetas) {
    Db::insert('abusos', array('tarjeta' => $id, 'ip' => Request::getIP(), 'fecha' => time()));
}
Theme::_('Reportar', array('id' => $id));
 /**
  * @brief postComment 写入一条评论
  *
  * @param $c 评论信息
  *
  * @return int
  */
 public function postComment($c)
 {
     $time = time();
     $ip = Request::getIP();
     Database::query("INSERT INTO `{$this->prefix}comments` \n\t\t\t(`pid`,      `uid`,      `author`,        `email`,        `website`,        `content`,        `status`,       `ptime`,`mtime`,`ip`,   `parent`) VALUES \n\t\t\t({$c['pid']},{$c['uid']},'{$c['author']}','{$c['email']}','{$c['website']}','{$c['content']}',{$this->status},{$time},{$time},'{$ip}',0)");
     return Database::insertID();
 }