/**
* Test to verify that the import is working. This will verify that the syste can import the zipped CSV from the website.
*
* Note that the live sfs website is not actually used, but instead a local test zip.
*
* @setUseOutputBuffering
*/
public function testImport()
{
// This test file contains two entries:
// "257.0.0.1","256","2012-12-14 22:49:31"
// "257.0.0.2","128","2012-12-15 03:23:43"
// Yes, I know 257. is an invalid IPv4 IP... that's why I'm using it as a test.
// The import function just prints straight to stdout. Capture that to get the status.
$file = ROOT_PDIR . 'components/security-suite/tests/test_listed_ip_1_all.zip';
SecuritySuite\StopForumSpam::ImportList($file);
$out = $this->getActualOutput();
$string = 'Processed 2 records from ' . $file . ' successfully!';
$this->assertContains($string, $out, 'Checking that 2 records were processed successfully from the test zip');
// Try to remove them now.
$record = new sfsBlacklistModel('257.0.0.1');
$this->assertEquals('256', $record->get('submissions'), 'Checking that record 257.0.0.1 contains 256 submissions');
$record->delete();
$this->assertTrue(!$record->exists(), 'Checking that record 257.0.0.1 can be removed');
$record = new sfsBlacklistModel('257.0.0.2');
$this->assertEquals('128', $record->get('submissions'), 'Checking that record 257.0.0.2 contains 128 submissions');
$record->delete();
$this->assertTrue(!$record->exists(), 'Checking that record 257.0.0.2 can be removed');
}
/**
* Check the user's IP in the blacklist and see if it's found.
*
* If it is and has a high enough submission rate, (in a 24 hour period), then block the user completely and immediately.
*/
public static function CheckIP()
{
$record = \sfsBlacklistModel::Construct(REMOTE_IP);
// It's not in there, YAY!
if (!$record->exists()) {
return;
}
// Is the submission score high enough?
$highscore = 100;
if ($record->get('submissions') > $highscore) {
// YOU can haz good party tiem nau
\SystemLogModel::LogSecurityEvent('/security/blocked', 'Blocking IP due to over ' . $highscore . ' submissions to sfs in a 24 hour period.');
die('IP Blocked due to high spam score');
}
// Submissions listed, but not exceedingly high?
$warnlevel = 5;
if ($record->get('submissions') > $warnlevel) {
if (\Core\Session::Get('security_antispam_allowed') === null) {
$html = '<html><body>';
$html .= '<!-- You smell of spam.... are you sure you didn\'t come from a can?-->';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['happyfuntime']) && \Core\Session::Get('happyfuntimecheck')) {
// It's an attempt!
if ($_POST['happyfuntime'] == \Core\Session::Get('happyfuntimecheck')) {
\SystemLogModel::LogSecurityEvent('/security/unblocked', 'User successfully answered an anti-bot math question, unblocking.');
\Core\Session::Set('security_antispam_allowed', true);
} else {
\SystemLogModel::LogSecurityEvent('/security/captchafailed', 'User attempted, but failed in answering an anti-bot math question.');
$html .= '<b>NOPE!</b>';
}
}
\SystemLogModel::LogSecurityEvent('/security/blocked', 'Blocking IP due to over ' . $warnlevel . ' submissions to sfs in a 24 hour period.');
$random1 = rand(4, 6) * 2;
$random2 = rand(1, 3) * 2;
$random3 = rand(1, 2);
switch ($random3) {
case 1:
$result = $random1 / $random2;
$operation = 'divided by';
break;
case 2:
$result = $random1 * $random2;
$operation = 'multiplied by';
break;
}
\Core\Session::Set('happyfuntimecheck', $result);
switch ($random2) {
case 1:
$random2 = 'oNe';
break;
case 2:
$random2 = 'Tw0';
break;
case 3:
$random2 = 'ThRe';
break;
case 4:
$random2 = 'Foor';
break;
case 5:
$random2 = 'fIve';
break;
case 6:
$random2 = 'Siix';
break;
}
$html .= '<form method="POST"><p>What is ' . $random1 . ' ' . $operation . ' ' . $random2 . '?</p><input type="text" name="happyfuntime" size="3"/><input type="submit" value="GO"/></form></body></html>';
die($html);
}
}
}
