/**
* bad_behavior
*/
public function bad_behavior()
{
// Calls inward to Bad Behavor itself.
require_once BB2_CWD . "/bad-behavior/version.inc.php";
require_once BB2_CWD . "/bad-behavior/core.inc.php";
bb2_start(bb2_read_settings());
}
function bb2_insert_stats($force = false)
{
$settings = bb2_read_settings();
if ($force || $settings['display_stats']) {
$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
if ($blocked !== FALSE) {
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
}
}
}
function bb2_options()
{
$settings = bb2_read_settings();
if ($_POST) {
if ($_POST['display_stats']) {
$settings['display_stats'] = true;
} else {
$settings['display_stats'] = false;
}
if ($_POST['strict']) {
$settings['strict'] = true;
} else {
$settings['strict'] = false;
}
if ($_POST['verbose']) {
$settings['verbose'] = true;
} else {
$settings['verbose'] = false;
}
if ($_POST['logging']) {
if ($_POST['logging'] == 'verbose') {
$settings['verbose'] = true;
$settings['logging'] = true;
} else {
if ($_POST['logging'] == 'normal') {
$settings['verbose'] = false;
$settings['logging'] = true;
} else {
$settings['verbose'] = false;
$settings['logging'] = false;
}
}
} else {
$settings['verbose'] = false;
$settings['logging'] = false;
}
bb2_write_settings($settings);
?>
<div id="message" class="updated fade"><p><strong><?php
_e('Options saved.');
?>
</strong></p></div>
<?php
}
?>
<div class="wrap">
<h2><?php
_e("Bad Behavior");
?>
</h2>
<form method="post" action="<?php
echo $_SERVER['REQUEST_URI'];
?>
">
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php
echo BB2_VERSION;
?>
%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
<fieldset class="options">
<legend><?php
_e('Statistics');
?>
</legend>
<?php
bb2_insert_stats(true);
?>
<p><label><input type="checkbox" name="display_stats" value="true" <?php
if ($settings['display_stats']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Display statistics in blog footer');
?>
</label></p>
</fieldset>
<fieldset class="options">
<legend><?php
_e('Logging');
?>
</legend>
<p><label><input type="radio" name="logging" value="verbose" <?php
if ($settings['verbose'] && $settings['logging']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Verbose HTTP request logging');
?>
</label></p>
<p><label><input type="radio" name="logging" value="normal" <?php
if ($settings['logging'] && !$settings['verbose']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Normal HTTP request logging (recommended)');
?>
</label></p>
<p><label><input type="radio" name="logging" value="false" <?php
if (!$settings['logging']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Do not log HTTP requests (not recommended)');
?>
</label></p>
</fieldset>
<fieldset class="options">
<legend><?php
_e('Strict Mode');
?>
</legend>
<p><label><input type="checkbox" name="strict" value="true" <?php
if ($settings['strict']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Strict checking (blocks more spam but may block some people)');
?>
</label></p>
</fieldset>
<p class="submit"><input type="submit" name="submit" value="<?php
_e('Update »');
?>
" /></p>
</form>
</div>
<?php
}
function bb2_mediawiki_entry()
{
global $bb2_timer_total;
$bb2_mtime = explode(" ", microtime());
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
if (php_sapi_name() != 'cli') {
require_once BB2_CWD . "/bad-behavior/core.inc.php";
bb2_install();
// FIXME: see above
$settings = bb2_read_settings();
bb2_start($settings);
}
$bb2_mtime = explode(" ", microtime());
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
}
/**
* Display Statistics (default off)
* Enabling this option will return a string to add a blurb to your site footer
* advertising Bad Behavior’s presence and the number of recently blocked requests.
*
* This option is not available or has no effect when logging is not in use.
*
* @param bool $force
*/
function bb2_insert_stats($force = false)
{
global $txt;
$settings = bb2_read_settings();
if ($force || $settings['display_stats']) {
// Get the blocked count for the last 7 days ... cache this as well
if (($bb2_blocked = cache_get_data('bb2_blocked', 900)) === null) {
$bb2_blocked = bb2_db_query('SELECT COUNT(*) FROM {db_prefix}log_badbehavior WHERE `valid` NOT LIKE \'00000000\'');
cache_put_data('bb2_blocked', $bb2_blocked, 900);
}
if ($bb2_blocked !== false) {
return sprintf($txt['badbehavior_blocked'], $bb2_blocked[0]['COUNT(*)']);
}
}
}
function bb2_install()
{
$settings = bb2_read_settings();
if ($settings['is_installed'] == false) {
bb2_db_query(bb2_table_structure($settings['log_table']));
$settings['is_installed'] = true;
bb2_write_settings($settings);
}
}
function bb2_insert_stats($force = false)
{
$settings = bb2_read_settings();
global $CONF;
if ($force || $settings['display_stats']) {
//$blocked = bb2_db_query("SELECT COUNT(*) as blocks FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
$blocked = sql_num_rows(sql_query("SELECT id FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'"));
if ($blocked !== FALSE) {
require_once BB2_CORE . "/responses.inc.php";
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', 'Bad Behavior', 'has blocked', $blocked, 'access attempts in the last 7 days.');
$res = sql_query("SELECT `key`, COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000' GROUP BY `key`");
echo "<table>\n";
echo "<tr><th>Count</th><th>Key</th><th>Response</th><th>Explanation</th><th>Log</th><th>Details</th></tr>\n";
while ($row = sql_fetch_assoc($res)) {
$response = bb2_get_response($row['key']);
echo "<tr>\n";
echo "<td>" . $row['COUNT(*)'] . "</td>\n";
echo "<td>" . $row['key'] . "</td>\n";
echo "<td>" . $response['response'] . "</td>\n";
echo "<td>" . $response['explanation'] . "</td>\n";
echo "<td>" . $response['log'] . "</td>\n";
echo "<td>\n";
echo '<form method="post" action="' . $CONF['PluginURL'] . 'badbehavior/index.php">' . "\n";
echo '<input type="hidden" name="tname" value="' . sql_table('bad_behavior') . '" />' . "\n";
echo '<input type="hidden" name="showlist" value="logs" />' . "\n";
echo '<input type="hidden" name="fname" value="key" />' . "\n";
echo '<input type="hidden" name="oname" value="like" />' . "\n";
echo '<input type="hidden" name="iname" value="' . $row['key'] . '" />' . "\n";
echo '<input type="submit" value="View" class="formbutton" /></form>' . "\n";
echo "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
}
}
function getBadBehaviorRequestsCount()
{
$settings = bb2_read_settings();
return $this->db->getValueByName("SELECT COUNT(*) AS COUNT FROM #_bad_behavior WHERE `key` NOT LIKE '00000000'", 'count');
}
function bb2_expireBans()
{
global $_CONF;
if (!isset($_CONF['bb2_ban_timeout'])) {
$_CONF['bb2_ban_timeout'] = 24;
}
if ($_CONF['bb2_ban_timeout'] == 0) {
return;
}
$settings = bb2_read_settings();
$oldBans = time() - $_CONF['bb2_ban_timeout'] * 60 * 60;
DB_query("DELETE FROM {$settings['ban_table']} WHERE type != 0 AND timestamp < " . $oldBans, 1);
return;
}
// This will put the bb2 screener into the f3 hive key for javascript
function bb2_insert_head()
{
global $bb2_javascript;
$f3->set('bb2_javascript', $bb2_javascript);
return TRUE;
}
// Write stats into the $f3 hive
function bb2_insert_stats($force = false)
{
global $bb_settings, $f3;
if ($force || $bb_settings['display_stats']) {
$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $bb_settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
if ($blocked !== FALSE) {
$f3->set('bb2_stats', $blocked[0]["COUNT(*)"]);
}
}
}
// Return the top-level relative path of wherever we are (for cookies)
function bb2_relative_path()
{
return \Base::instance()->get('BASE') . '/';
}
// Calls inward to Bad Behavor itself.
require_once BB2_CWD . "/bad-behavior/core.inc.php";
$bb_db = $f3->get('DB');
$bb_settings = bb2_read_settings();
bb2_install();
bb2_start($bb_settings);
// eFiction 5 specific
bb2_insert_stats();
function bb2_insert_stats($force = false)
{
global $bb2_result;
$settings = bb2_read_settings();
if ($force || $settings['display_stats']) {
$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
if ($blocked !== FALSE) {
echo sprintf('<p><a href="http://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
}
}
if (@(!empty($bb2_result))) {
echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $bb2_result);
unset($bb2_result);
}
}
/**
* Decide if we are going to enable bad behavior scanning for this user
*
* What it does:
* - Admins and Moderators get a free pass
* - Optionally existing users with post counts over a limit are bypassed
* - Others get a humane frisking
*/
function loadBadBehavior()
{
global $modSettings, $user_info, $bb2_results;
// Bad Behavior Enabled?
if (!empty($modSettings['badbehavior_enabled'])) {
require_once EXTDIR . '/bad-behavior/badbehavior-plugin.php';
$bb_run = true;
// We may want to give some folks a hallway pass
if (!$user_info['is_guest']) {
if (!empty($user_info['is_mod']) || !empty($user_info['is_admin'])) {
$bb_run = false;
} elseif (!empty($modSettings['badbehavior_postcount_wl']) && $modSettings['badbehavior_postcount_wl'] < 0) {
$bb_run = false;
} elseif (!empty($modSettings['badbehavior_postcount_wl']) && $modSettings['badbehavior_postcount_wl'] > 0 && $user_info['posts'] > $modSettings['badbehavior_postcount_wl']) {
$bb_run = false;
}
}
// Put on the sanitary gloves, its time for a patdown !
if ($bb_run === true) {
$bb2_results = bb2_start(bb2_read_settings());
addInlineJavascript(bb2_insert_head());
}
}
}
function bb2_insert_stats($force = FALSE)
{
$settings = bb2_read_settings();
if ($force or $settings['display_stats']) {
$blocked = safe_rows('*', $settings['log_table'], "`key` NOT LIKE '00000000'");
$number = count($blocked);
if ($blocked !== FALSE) {
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', 'Bad Behavior', 'has blocked', $number, 'access attempts in the last 7 days.');
}
}
}
function bb2_options()
{
$settings = bb2_read_settings();
$request_uri = $_SERVER["REQUEST_URI"];
if (!$request_uri) {
$request_uri = $_SERVER['SCRIPT_NAME'];
}
# IIS
if ($_POST) {
$_POST = array_map('stripslashes_deep', $_POST);
if ($_POST['display_stats']) {
$settings['display_stats'] = true;
} else {
$settings['display_stats'] = false;
}
if ($_POST['strict']) {
$settings['strict'] = true;
} else {
$settings['strict'] = false;
}
if ($_POST['verbose']) {
$settings['verbose'] = true;
} else {
$settings['verbose'] = false;
}
if ($_POST['logging']) {
if ($_POST['logging'] == 'verbose') {
$settings['verbose'] = true;
$settings['logging'] = true;
} else {
if ($_POST['logging'] == 'normal') {
$settings['verbose'] = false;
$settings['logging'] = true;
} else {
$settings['verbose'] = false;
$settings['logging'] = false;
}
}
} else {
$settings['verbose'] = false;
$settings['logging'] = false;
}
if ($_POST['httpbl_key']) {
if (preg_match("/^[a-z]{12}\$/", $_POST['httpbl_key'])) {
$settings['httpbl_key'] = $_POST['httpbl_key'];
} else {
$settings['httpbl_key'] = '';
}
} else {
$settings['httpbl_key'] = '';
}
if ($_POST['httpbl_threat']) {
$settings['httpbl_threat'] = intval($_POST['httpbl_threat']);
} else {
$settings['httpbl_threat'] = '25';
}
if ($_POST['httpbl_maxage']) {
$settings['httpbl_maxage'] = intval($_POST['httpbl_maxage']);
} else {
$settings['httpbl_maxage'] = '30';
}
if ($_POST['offsite_forms']) {
$settings['offsite_forms'] = true;
} else {
$settings['offsite_forms'] = false;
}
if ($_POST['eu_cookie']) {
$settings['eu_cookie'] = true;
} else {
$settings['eu_cookie'] = false;
}
if ($_POST['reverse_proxy']) {
$settings['reverse_proxy'] = true;
} else {
$settings['reverse_proxy'] = false;
}
if ($_POST['reverse_proxy_header']) {
$settings['reverse_proxy_header'] = sanitize_text_field(uc_all($_POST['reverse_proxy_header']));
} else {
$settings['reverse_proxy_header'] = 'X-Forwarded-For';
}
if ($_POST['reverse_proxy_addresses']) {
$settings['reverse_proxy_addresses'] = preg_split("/[\\s,]+/m", $_POST['reverse_proxy_addresses']);
$settings['reverse_proxy_addresses'] = array_map('sanitize_text_field', $settings['reverse_proxy_addresses']);
} else {
$settings['reverse_proxy_addresses'] = array();
}
bb2_write_settings($settings);
?>
<div id="message" class="updated fade"><p><strong><?php
_e('Options saved.');
?>
</strong></p></div>
<?php
}
?>
<div class="wrap">
<?php
echo bb2_donate_button(admin_url("options-general.php?page=bb2_options"));
?>
<h2><?php
_e("Bad Behavior");
?>
</h2>
<form method="post" action="<?php
echo admin_url("options-general.php?page=bb2_options");
?>
">
<p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>See also: <a href="<?php
echo admin_url("tools.php?page=bb2_manage");
?>
">Log</a> | <a href="<?php
echo admin_url("options-general.php?page=bb2_whitelist");
?>
">Whitelist</a></p>
<h3><?php
_e('Statistics');
?>
</h3>
<?php
bb2_insert_stats(true);
?>
<table class="form-table">
<tr><td><label><input type="checkbox" name="display_stats" value="true" <?php
if ($settings['display_stats']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Display statistics in blog footer');
?>
</label></td></tr>
</table>
<h3><?php
_e('Logging');
?>
</h3>
<table class="form-table">
<tr><td><label><input type="radio" name="logging" value="verbose" <?php
if ($settings['verbose'] && $settings['logging']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Verbose HTTP request logging');
?>
</label></td></tr>
<tr><td><label><input type="radio" name="logging" value="normal" <?php
if ($settings['logging'] && !$settings['verbose']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Normal HTTP request logging (recommended)');
?>
</label></td></tr>
<tr><td><label><input type="radio" name="logging" value="false" <?php
if (!$settings['logging']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Do not log HTTP requests (not recommended)');
?>
</label></td></tr>
</table>
<h3><?php
_e('Security');
?>
</h3>
<table class="form-table">
<tr><td><label><input type="checkbox" name="strict" value="true" <?php
if ($settings['strict']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Strict checking (blocks more spam but may block some people)');
?>
</label></td></tr>
<tr><td><label><input type="checkbox" name="offsite_forms" value="true" <?php
if ($settings['offsite_forms']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Allow form postings from other web sites (required for OpenID; increases spam received)');
?>
</label></td></tr>
</table>
<h3><?php
_e('http:BL');
?>
</h3>
<p>To use Bad Behavior's http:BL features you must have an <a href="http://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p>
<table class="form-table">
<tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php
echo sanitize_text_field($settings['httpbl_key']);
?>
" /> http:BL Access Key</label></td></tr>
<tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php
echo intval($settings['httpbl_threat']);
?>
" /> Minimum Threat Level (25 is recommended)</label></td></tr>
<tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php
echo intval($settings['httpbl_maxage']);
?>
" /> Maximum Age of Data (30 is recommended)</label></td></tr>
</table>
<h3><?php
_e('European Union Cookie');
?>
</h3>
<p>Select this option if you believe Bad Behavior's site security cookie is not exempt from the 2012 EU cookie regulation. <a href="http://bad-behavior.ioerror.us/2012/05/04/eu-cookie-requirement-disclosure/">More info</a></p>
<table class="form-table">
<tr><td><label><input type="checkbox" name="eu_cookie" value="true" <?php
if ($settings['eu_cookie']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('EU cookie handling');
?>
</label></td></tr>
</table>
<h3><?php
_e('Reverse Proxy/Load Balancer');
?>
</h3>
<p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
<p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
<p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
<table class="form-table">
<tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php
if ($settings['reverse_proxy']) {
?>
checked="checked" <?php
}
?>
/> <?php
_e('Enable Reverse Proxy');
?>
</label></td></tr>
<tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php
echo sanitize_text_field($settings['reverse_proxy_header']);
?>
" /> Header containing Internet clients' IP address</label></td></tr>
<tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php
echo esc_textarea(implode("\n", $settings['reverse_proxy_addresses']));
?>
</textarea></td></tr>
</table>
<p class="submit"><input class="button" type="submit" name="submit" value="<?php
_e('Update »');
?>
" /></p>
</form>
</div>
<?php
}
function bb2_mediawiki_entry()
{
global $bb2_timer_total;
$bb2_mtime = explode(" ", microtime());
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
if (php_sapi_name() != 'cli') {
bb2_install();
// FIXME: see above
$settings = bb2_read_settings();
// FIXME: Need to make this multi-DB compatible eventually
$dbr = wfGetDB(DB_SLAVE);
if (get_class($dbr) != "DatabaseMysql") {
$settings['logging'] = false;
}
bb2_start($settings);
}
$bb2_mtime = explode(" ", microtime());
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
}
