/** * @brief write 讲日志信息写入文件 * * @param $message 日志信息 * @param $level 日志等级 * * @return void */ private static function write($message, $level) { $file_path = LOGX_CACHE . date('Y-m-d') . '.php'; if (!is_file($file_path)) { if (!@file_put_contents($file_path, "<?php exit('Access Denied!'); ?>\n")) { throw new LogXException(_t('Cache directory cannot write.')); } } $content = '[' . Request::getIP() . '] [' . date('Y-m-d H:i:s') . '] [' . $level . '] ' . $message . "\n"; if (!@file_put_contents($file_path, $content, FILE_APPEND)) { throw new LogXException(_t('Cache directory cannot write.')); } }
/** * Evaluates a rule * * @param string $rule Type of rule * @param mixed $value Value to evaluate for the rule * @return bool */ public function evaluateRule($rule, $value) { $member = Auth::isLoggedIn() ? Auth::getCurrentMember() : new Member(array()); if ($rule === '_any') { // this is an "any" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return true; } } return false; } elseif ($rule === '_none') { // this is a "none" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return false; } } return true; } elseif ($rule === '_all') { // this is an "all" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if (!$this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return false; } } return true; } elseif ($rule === '_addon') { // this is an add-on API call // grab add-on definition $method = array_get($value, 'method', null); $comparison = array_get($value, 'comparison', '=='); $parameters = array_get($value, 'parameters', array()); $error = array_get($value, 'error', null); $value = array_get($value, 'value', null); // split method $method_parts = explode(':', $method, 2); // were definitions valid? if (!$method || count($method_parts) !== 2 || !is_array($parameters)) { return false; } // load API try { $api = Resource::loadAPI($method_parts[0]); // can this method be called? if (!is_callable(array($api, $method_parts[1]), false)) { return false; } // get the result of calling the method $result_value = call_user_func_array(array($api, $method_parts[1]), $parameters); // now compare the expected value with the actual value $result = $this->compareValues($value, $result_value, $comparison); // set optional user error if (!$result && $error) { $this->flash->set('error', $error); } return $result; } catch (Exception $e) { // something went wrong, this fails rd($e->getMessage()); return false; } } elseif ($rule === '_field') { // this is a complex field match // grab field definitions $field = array_get($value, 'field', null); $comparison = array_get($value, 'comparison', '=='); $value = array_get($value, 'value', null); // were definitions valid? if (!$field) { return false; } return $this->compareValues($value, $member->get($field, null), $comparison); } elseif ($rule === '_logged_in') { // this is checking if member is logged in return Auth::isLoggedIn() === $value; } elseif ($rule === '_ip_address') { // this is one or more IP address return $this->compareValues(Helper::ensureArray($value), Request::getIP(), '=='); } else { // this is a simple field match return $this->compareValues($value, $member->get($rule, null), '=='); } }
/** * (non-PHPdoc) * @see Lampcms.SubmittedAnswer::getIP() */ public function getIP() { return Request::getIP(); }
/** * Checks that request did not * come from ip address that was previously * banned for hack attempts * * @return object $this * * @throws LampcmsCookieAuthException * if request came from ip address that * was banned for attempting to hack * login by cookie */ protected function checkForBannedIP() { $ip = Request::getIP(); /** * If any attempt to login by incorrect cookie * came from this ip address in the past 7 days, then * the ip is banned. * * Basically even a single attempt to login by incorrect * cookie will ban the ip address */ $timediff = time() - 604800; $cur = $this->Registry->Mongo->LOGIN_ERROR->find(array('i_ts' => array('$gt' => $timediff)))->sort(array('i_ts' => -1)); foreach ($cur as $a) { if ('cookie' === $a['login_type'] && $a['ip'] == $ip) { $err = 'Attempted to login by cookie from banned ip address: ' . $ip; throw new CookieAuthException($err); } } return $this; }
public function testGetIP() { $this->assertEquals('127.0.0.2', Request::getIP()); $_SERVER['REMOTE_ADDR'] = '71.207.145.21'; $this->assertEquals('71.207.145.21', Request::getIP()); }
/** * Add data to LOGIN_ERROR table * data includes username, password, geoip, useragent, timestamp * of bad login attempt * * @param string $username * @param string $pwd * @param bool $username_exists * @param string $strIp * @param bool $bByCookie login was done using * cookies uid and sid * * @return bool false * by returning false we can use the result of this method * as a return of fnLogin */ protected function logLoginError($username, $pwd = '', $username_exists = true, $strIp = null, $login_type = 'www') { if (!$username_exists) { d('NO User with nick ' . $username); } else { d('Error: wrong password for ' . $username . ' and password: '******'cookie' : $login_type; $ip = null !== $strIp ? $strIp : Request::getIP(); $username_lc = strtolower($username); $usr_exists = $username_exists ? 'Y' : 'N'; $i_ts = time(); $time = date('r'); $ua = Request::getUserAgent(); $aData = compact('usr_lc', 'pwd', 'usr_exists', 'ua', 'i_ts', 'login_type', 'time'); d('aData: ' . print_r($aData, 1)); /** * Insure these 2 indexes * the index for username will be automatically * ensured in saveResourceLocation() * */ $coll = $this->Registry->Mongo->LOGIN_ERROR; $indexed1 = $coll->ensureIndex(array('usr_lc' => 1)); $indexed1 = $coll->ensureIndex(array('i_ts' => 1)); $indexed2 = $coll->ensureIndex(array('ip' => 1)); if ('cookie' === $login_type) { $this->Registry->Dispatcher->post($this, 'onSidHack'); } elseif ('switch' === $login_type) { $this->Registry->Dispatcher->post($this, 'onSwitchHack'); } return false; }
/** * @covers Xoops\Core\Request::getIp */ public function testGetIPv6() { $varname = 'RequestTest'; $_REQUEST[$varname] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329'; $this->assertEquals($_REQUEST[$varname], Request::getIP($varname)); $_REQUEST[$varname] = 'FE80::0202:B3FF:FE1E:8329'; $this->assertEquals($_REQUEST[$varname], Request::getIP($varname)); $_REQUEST[$varname] = 'GE80::0202:B3FF:FE1E:8329'; $this->assertEquals('', Request::getIP($varname)); $_REQUEST[$varname] = '::ffff:16.32.48.64'; $this->assertEquals($_REQUEST[$varname], Request::getIP($varname)); }
<?php $root = realpath(dirname(__FILE__)); include_once "{$root}/config.php"; include_once "{$root}/common.php"; $id = isset($_GET['t']) ? intval($_GET['t']) : 0; $tarjetas = Db::query("SELECT tarjetas.id\n , tarjetas.nombre\n FROM tarjetas\n WHERE tarjetas.id = '{$id}'\n LIMIT 1"); if ($tarjetas) { Db::insert('abusos', array('tarjeta' => $id, 'ip' => Request::getIP(), 'fecha' => time())); } Theme::_('Reportar', array('id' => $id));
/** * @brief postComment 写入一条评论 * * @param $c 评论信息 * * @return int */ public function postComment($c) { $time = time(); $ip = Request::getIP(); Database::query("INSERT INTO `{$this->prefix}comments` \n\t\t\t(`pid`, `uid`, `author`, `email`, `website`, `content`, `status`, `ptime`,`mtime`,`ip`, `parent`) VALUES \n\t\t\t({$c['pid']},{$c['uid']},'{$c['author']}','{$c['email']}','{$c['website']}','{$c['content']}',{$this->status},{$time},{$time},'{$ip}',0)"); return Database::insertID(); }