public function hasBadWordpressTrackback()
 {
     // Fake WordPress trackbacks
     // Real ones do not contain Accept:, and have a charset defined
     // Real WP trackbacks may contain Accept: depending on the HTTP transport being used by the sending host
     return $this->request->hasHeader('content-type') && strpos($this->request->getUserAgent(), 'wordpress') !== false && strpos($this->request->getHeader('content-type'), 'charset=') !== false;
 }
 /**
  * Constructor.
  * Initialize session configuration and set PHP session handlers.
  * Attempts to rejoin a user's session if it exists, or create a new session otherwise.
  */
 function SessionManager(&$sessionDao)
 {
     $this->sessionDao =& $sessionDao;
     // Configure PHP session parameters
     ini_set('session.use_trans_sid', 0);
     ini_set('session.save_handler', 'user');
     ini_set('session.serialize_handler', 'php');
     ini_set('session.use_cookies', 1);
     ini_set('session.name', Config::getVar('general', 'session_cookie_name'));
     // Cookie name
     ini_set('session.cookie_lifetime', 0);
     ini_set('session.cookie_path', Request::getBasePath() . '/');
     ini_set('session.gc_probability', 1);
     ini_set('session.gc_maxlifetime', 60 * 60);
     ini_set('session.auto_start', 1);
     ini_set('session.cache_limiter', 'none');
     session_set_save_handler(array(&$this, 'open'), array(&$this, 'close'), array(&$this, 'read'), array(&$this, 'write'), array(&$this, 'destroy'), array(&$this, 'gc'));
     // Initialize the session
     session_start();
     $sessionId = session_id();
     $ip = Request::getRemoteAddr();
     $userAgent = Request::getUserAgent();
     $now = time();
     if (!isset($this->userSession) || Config::getVar('security', 'session_check_ip') && $this->userSession->getIpAddress() != $ip || $this->userSession->getUserAgent() != $userAgent) {
         if (isset($this->userSession)) {
             // Destroy old session
             session_destroy();
         }
         // Create new session
         $this->userSession =& new Session();
         $this->userSession->setId($sessionId);
         $this->userSession->setIpAddress($ip);
         $this->userSession->setUserAgent($userAgent);
         $this->userSession->setSecondsCreated($now);
         $this->userSession->setSecondsLastUsed($now);
         $this->userSession->setSessionData('');
         $this->sessionDao->insertSession($this->userSession);
     } else {
         if ($this->userSession->getRemember()) {
             // Update session timestamp for remembered sessions so it doesn't expire in the middle of a browser session
             if (Config::getVar('general', 'session_lifetime') > 0) {
                 $this->updateSessionLifetime(time() + Config::getVar('general', 'session_lifetime') * 86400);
             } else {
                 $this->userSession->setRemember(0);
                 $this->updateSessionLifetime(0);
             }
         }
         // Update existing session's timestamp
         $this->userSession->setSecondsLastUsed($now);
         $this->sessionDao->updateSession($this->userSession);
     }
 }
Example #3
0
 /**
  * Insert new session record
  *
  * @param \PDOStatement $stmt
  * @param string        $sessionId
  * @return string
  * @throws \HttpRuntimeException
  */
 private function insertRecord(\PDOStatement $stmt, $sessionId)
 {
     try {
         $insertStmt = $this->db->prepare('INSERT
             INTO `system__sessions` (`id`, `data`, `timestamp`, `ip`, `user_agent`, `place`, `views`, `movings`)
             VALUES (:id, :data, :time, :ip, :ua, :place, 1, 1)');
         $insertStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
         $insertStmt->bindValue(':data', '', \PDO::PARAM_LOB);
         $insertStmt->bindValue(':time', time(), \PDO::PARAM_INT);
         $insertStmt->bindValue(':ip', $this->request->getClientIp(), \PDO::PARAM_STR);
         $insertStmt->bindValue(':ua', $this->request->getUserAgent(), \PDO::PARAM_STR);
         $insertStmt->bindValue(':place', '', \PDO::PARAM_STR);
         $insertStmt->execute();
     } catch (\PDOException $e) {
         $this->catchDuplicateKeyError($e, $stmt);
     }
     return '';
 }
Example #4
0
 /**
  * Determine whether a user agent is a bot or not using an external
  * list of regular expressions.
  */
 function isBot()
 {
     static $isBot;
     if (!isset($isBot)) {
         $userAgent = Request::getUserAgent();
         $isBot = false;
         $userAgentsFile = Config::getVar('general', 'registry_dir') . DIRECTORY_SEPARATOR . 'botAgents.txt';
         $regexps = array_filter(file($userAgentsFile), create_function('&$a', 'return ($a = trim($a)) && !empty($a) && $a[0] != \'#\';'));
         foreach ($regexps as $regexp) {
             if (String::regexp_match($regexp, $userAgent)) {
                 $isBot = true;
                 return $isBot;
             }
         }
     }
     return $isBot;
 }
Example #5
0
 public function testGetUserAgent()
 {
     $this->assertEquals(null, Request::getUserAgent());
     $_SERVER['HTTP_USER_AGENT'] = 'Mozilla 5';
     $this->assertEquals('Mozilla 5', Request::getUserAgent());
 }
Example #6
0
 /**
  * Add data to LOGIN_ERROR table
  * data includes username, password, geoip, useragent, timestamp
  * of bad login attempt
  *
  * @param string $username
  * @param string $pwd
  * @param bool $username_exists
  * @param string $strIp
  * @param bool $bByCookie login was done using
  * cookies uid and sid
  *
  * @return bool false
  * by returning false we can use the result of this method
  * as a return of fnLogin
  */
 protected function logLoginError($username, $pwd = '', $username_exists = true, $strIp = null, $login_type = 'www')
 {
     if (!$username_exists) {
         d('NO User with nick ' . $username);
     } else {
         d('Error: wrong password for ' . $username . ' and password: '******'cookie' : $login_type;
     $ip = null !== $strIp ? $strIp : Request::getIP();
     $username_lc = strtolower($username);
     $usr_exists = $username_exists ? 'Y' : 'N';
     $i_ts = time();
     $time = date('r');
     $ua = Request::getUserAgent();
     $aData = compact('usr_lc', 'pwd', 'usr_exists', 'ua', 'i_ts', 'login_type', 'time');
     d('aData: ' . print_r($aData, 1));
     /**
      * Insure these 2 indexes
      * the index for username will be automatically
      * ensured in saveResourceLocation()
      *
      */
     $coll = $this->Registry->Mongo->LOGIN_ERROR;
     $indexed1 = $coll->ensureIndex(array('usr_lc' => 1));
     $indexed1 = $coll->ensureIndex(array('i_ts' => 1));
     $indexed2 = $coll->ensureIndex(array('ip' => 1));
     if ('cookie' === $login_type) {
         $this->Registry->Dispatcher->post($this, 'onSidHack');
     } elseif ('switch' === $login_type) {
         $this->Registry->Dispatcher->post($this, 'onSwitchHack');
     }
     return false;
 }