public function antiDdos() { $Register = Register::getInstance(); touchDir(ROOT . '/sys/logs/anti_ddos/'); $date = date("Y-m-d"); if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; } if (mb_strlen($ip) > 15 || !preg_match('#^\\d+\\.\\d+\\.\\d+\\.\\d+$#', $ip) || empty($ip)) { return; } if (!empty($ip)) { /* if current IP is hacked */ if (file_exists(ROOT . '/sys/logs/anti_ddos/hack_' . $ip . '.dat')) { $Register['DocParser']->showHttpError('hack'); } //clean old files $tmp_files = glob(ROOT . '/sys/logs/anti_ddos/[0-9]*.dat'); //get all except HACK if (!empty($tmp_files) && count($tmp_files) > 0) { foreach ($tmp_files as $file) { if (substr(basename($file), 0, 10) != $date) { unlink($file); } } } /* if not hacked */ $file = ROOT . '/sys/logs/anti_ddos/' . $date . '_' . $ip . '.dat'; if (file_exists($file)) { $data = file_get_contents($file); $data = explode('***', $data); if ($data[1] == time()) { if ($data[0] > Config::read('request_per_second', 'secure')) { unlink($file); $f = fopen(ROOT . '/sys/logs/anti_ddos/hack_' . $ip . '.dat', 'w'); fwrite($f, date("Y-m-d H:i")); fclose($f); $Register['DocParser']->showHttpError('hack'); } $attempt = $data[0] + 1; $f = fopen($file, 'w'); fwrite($f, $attempt . '***' . time()); fclose($f); } else { unlink($file); } } else { $f = fopen(ROOT . '/sys/logs/anti_ddos/' . $date . '_' . $ip . '.dat', 'w'); fwrite($f, '1***' . time()); fclose($f); } } }
public function update_by_admin($id = null) { //turn access $this->ACL->turn(array('users', 'edit_users')); $id = (int) $id; // ID зарегистрированного пользователя не может быть меньше // единицы - значит функция вызвана по ошибке if ($id < 1) { redirect('/users/'); } // Если профиль пытается редактировать не зарегистрированный // пользователь - функция вызвана по ошибке if (!isset($_SESSION['user'])) { redirect('/'); } // Получаем данные о пользователе из БД $user = $this->Model->getById($id); if (!$user) { return $this->showInfoMessage(__('Can not find user'), '/users/'); } if (is_object($this->AddFields) && $user) { $user = $this->AddFields->mergeRecords(array($user), true); $user = $user[0]; } $fields = array('name', 'email', 'oldEmail', 'icq', 'jabber', 'pol', 'city', 'telephone', 'byear', 'bmonth', 'bday', 'url', 'about', 'signature'); $fields_settings = (array) Config::read('fields', 'users'); $fields_settings = array_merge($fields_settings, array('email')); foreach ($fields as $field) { ${$field} = isset($_POST[$field]) ? trim($_POST[$field]) : ''; } if ('1' === $pol) { $pol = 'm'; } else { if ('2' === $pol) { $pol = 'f'; } else { $pol = ''; } } // Обрезаем лишние пробелы $newpassword = !empty($_POST['newpassword']) ? trim($_POST['newpassword']) : ''; $confirm = !empty($_POST['confirm']) ? trim($_POST['confirm']) : ''; // Обрезаем переменные до длины, указанной в параметре maxlength тега input $newpassword = mb_substr($newpassword, 0, 30); $confirm = mb_substr($confirm, 0, 30); $email = mb_substr($email, 0, 60); $oldEmail = mb_substr($user->getEmail(), 0, 60); $icq = mb_substr($icq, 0, 12); $jabber = mb_substr($jabber, 0, 100); $city = mb_substr($city, 0, 50); $telephone = number_format(mb_substr((int) $telephone, 0, 20), 0, '', ''); $byear = intval(mb_substr($byear, 0, 4)); $bmonth = intval(mb_substr($bmonth, 0, 2)); $bday = intval(mb_substr($bday, 0, 2)); $url = mb_substr($url, 0, 60); $about = mb_substr($about, 0, 1000); $signature = mb_substr($signature, 0, 500); $errors = $this->Register['Validate']->check($this->Register['action']); // Additional fields if (is_object($this->AddFields)) { try { $_addFields = $this->AddFields->checkFields(); } catch (Exception $e) { $errors[] = $this->AddFields->getErrors(); } } // Если заполнено поле "Текущий пароль" - значит пользователь // хочет изменить его или поменять свой e-mail $changePassword = false; $changeEmail = false; // want to change password if (!empty($newpassword)) { $changePassword = true; } // user want to change email if ($email != $oldEmail) { $changeEmail = true; } // if new and old emails are equal, we needn't check password if ($email == $oldEmail) { $this->Register['Validate']->disableFieldCheck('password'); } $tmp_key = rand(0, 9999999); if (!empty($_FILES['avatar']['name'])) { touchDir(ROOT . '/sys/tmp/images/', 0777); $path = ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg'; if (!isset($check_image) && move_uploaded_file($_FILES['avatar']['tmp_name'], $path)) { chmod($path, 0644); @($sizes = resampleImage($path, $path, 100)); if (!$sizes) { @unlink($path); $errors[] = __('Some error in avatar'); } } else { $errors[] = __('Some error in avatar'); } } $status = (int) $_POST['status']; $timezone = (int) $_POST['timezone']; if ($timezone < -12 or $timezone > 12) { $timezone = 0; } // Errors if (!empty($errors)) { $_SESSION['FpsForm'] = array_merge(array('name' => null, 'status' => null, 'email' => null, 'timezone' => null, 'icq' => null, 'url' => null, 'about' => null, 'signature' => null, 'pol' => $pol, 'telephone' => null, 'city' => null, 'jabber' => null, 'byear' => null, 'bmonth' => null, 'bday' => null), $_POST); $_SESSION['FpsForm']['errors'] = $errors; redirect('/users/edit_form_by_admin/' . $id); } // Если выставлен флажок "Удалить загруженный ранее файл" if (isset($_POST['unlink']) and is_file(ROOT . '/sys/avatars/' . $id . '.jpg')) { unlink(ROOT . '/sys/avatars/' . $id . '.jpg'); } if (file_exists(ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg')) { if (copy(ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg', ROOT . '/sys/avatars/' . $id . '.jpg')) { chmod(ROOT . '/sys/avatars/' . $id . '.jpg', 0644); } unlink(ROOT . '/sys/tmp/images/' . $tmp_key . '.jpg'); } // Все поля заполнены правильно - записываем изменения в БД if ($changePassword) { $user->setPassw(md5($newpassword)); } if ($changeEmail) { $user->setEmail($email); } if (isset($_POST['activation'])) { $user->setActivation(''); } $user->setName($name); $user->setStatus($status); $user->setTimezone($timezone); $user->setUrl($url); $user->setIcq($icq); $user->setJabber($jabber); $user->setCity($city); $user->setTelephone($telephone); $user->setPol($pol); $user->setByear($byear); $user->setBmonth($bmonth); $user->setBday($bday); $user->setAbout($about); $user->setSignature($signature); $user->save(); // Additional fields saving if (is_object($this->AddFields)) { $this->AddFields->save($id, $_addFields); } if ($this->Log) { $this->Log->write('editing user by adm', 'user id(' . $id . ') adm id(' . $_SESSION['user']['id'] . ')'); } return $this->showInfoMessage(__('Operation is successful'), getProfileUrl($id)); }
public function getTmpFilePath($filename, $module) { $padStr = str_pad($filename, 8, 0, STR_PAD_LEFT); $dir1 = substr($padStr, 0, 4); $tmp_dir = ROOT . '/sys/tmp/hlu_' . $module . '/' . $dir1 . '/'; $tmp_file = $tmp_dir . $filename . '.dat'; touchDir($tmp_dir, 0777); return $tmp_file; }
public static function index() { $Register = Register::getInstance(); //ip if (!empty($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } else { $ip = !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '00.00.00.00'; } if (mb_strlen($ip) > 20 || !preg_match('#^\\d+\\.\\d+\\.\\d+\\.\\d+$#', $ip)) { $ip = '00.00.00.00'; } if (!file_exists(ROOT . '/sys/logs/counter_ips' . date("Y-m-d"))) { $counter_tmp_dirs = glob(ROOT . '/sys/logs/counter_ips*'); if (!empty($counter_tmp_dirs) && is_array($counter_tmp_dirs)) { foreach ($counter_tmp_dirs as $dir) { _unlink($dir); } } mkdir(ROOT . '/sys/logs/counter_ips' . date("Y-m-d"), 0777, true); } if (!file_exists(ROOT . '/sys/logs/counter_ips' . date("Y-m-d") . '/' . $ip . '.dat')) { $inc_ip = 1; $file = fopen(ROOT . '/sys/logs/counter_ips' . date("Y-m-d") . '/' . $ip . '.dat', 'w'); fclose($file); } else { $inc_ip = 0; } //visits from other sites if (!empty($_SERVER['HTTP_REFERER']) && !preg_match('#^http://' . $_SERVER['SERVER_NAME'] . '#', $_SERVER['HTTP_REFERER'])) { $other_site_view = 1; } else { $other_site_view = 0; } //user agent and bot identification $other_bot = 0; $yandex_bot = 0; $google_bot = 0; if (empty($_SERVER["HTTP_USER_AGENT"])) { $other_bot = 1; } else { if (strstr($_SERVER["HTTP_USER_AGENT"], "Yandex")) { $yandex_bot = 1; } elseif (strstr($_SERVER["HTTP_USER_AGENT"], "Googlebot")) { $google_bot = 1; } else { if (strstr($_SERVER["HTTP_USER_AGENT"], "StackRambler") || strstr($_SERVER["HTTP_USER_AGENT"], "Scooter") || strstr($_SERVER["HTTP_USER_AGENT"], "Fast") || strstr($_SERVER["HTTP_USER_AGENT"], "infoseek") || strstr($_SERVER["HTTP_USER_AGENT"], "YahooBot") || strstr($_SERVER["HTTP_USER_AGENT"], "aport") || strstr($_SERVER["HTTP_USER_AGENT"], "slurp") || strstr($_SERVER["HTTP_USER_AGENT"], "architextspider") || strstr($_SERVER["HTTP_USER_AGENT"], "lycos") || strstr($_SERVER["HTTP_USER_AGENT"], "grabber") || strstr(strtolower($_SERVER["HTTP_USER_AGENT"]), "bot") || strstr(strtolower($_SERVER["HTTP_USER_AGENT"]), "spider")) { $other_bot = 1; } } } //referer $referer = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; //check coocie if (isset($_COOKIE['counter']) || (!empty($other_bot) || !empty($yandex_bot) || !empty($google_bot))) { $cookie = 0; } else { $cookie = 1; //cookie die in 23:59:59 this day $curdate = date("n,j,Y"); $curdate = explode(',', $curdate); $timestamp = mktime(23, 59, 59, $curdate[0], $curdate[1], $curdate[2]); setcookie('counter', md5($ip), $timestamp, '/'); } $view = !empty($other_bot) || !empty($yandex_bot) || !empty($google_bot) ? 0 : 1; touchDir(ROOT . '/sys/logs/counter/', 0777); $tmp_datafile = ROOT . '/sys/logs/counter/' . date("Y-m-d") . '.dat'; if (file_exists($tmp_datafile) && is_readable($tmp_datafile)) { $stats = unserialize(file_get_contents($tmp_datafile)); $stats['views'] = $stats['views'] + $view; $stats['cookie'] = $stats['cookie'] + $cookie; $stats['ips'] = $stats['ips'] + $inc_ip; $stats['yandex_bot_views'] = $stats['yandex_bot_views'] + $yandex_bot; $stats['google_bot_views'] = $stats['google_bot_views'] + $google_bot; $stats['other_bot_views'] = $stats['other_bot_views'] + $other_bot; $stats['other_site_visits'] = $stats['other_site_visits'] + $other_site_view; } else { $stats = array('views' => 1, 'cookie' => 1, 'ips' => 1, 'yandex_bot_views' => $yandex_bot, 'google_bot_views' => $google_bot, 'other_bot_views' => $other_bot, 'other_site_visits' => $other_site_view); } $f = fopen($tmp_datafile, 'w+'); flock($f, LOCK_EX); fwrite($f, serialize($stats)); flock($f, LOCK_UN); fclose($f); //statistics data for counter image if (!file_exists(ROOT . '/sys/logs/overal_stats.dat')) { StatisticsModule::_updateOveralHits(); } $overal = unserialize(file_get_contents(ROOT . '/sys/logs/overal_stats.dat')); if (!isset($overal['hits'])) { $overal['hits'] = StatisticsModule::_updateOveralHits(); } $all_hits = (int) $overal['hits'] + $stats['views']; $hosts = $stats['cookie']; $hits = $stats['views']; //write into data base and delete file (one time in day) $tmp_files = glob(ROOT . '/sys/logs/counter/*.dat'); if (!empty($tmp_files) && count($tmp_files) > 1) { foreach ($tmp_files as $file) { $date = substr(strrchr($file, '/'), 1, 10); if ($date === date("Y-m-d")) { continue; } StatisticsModule::_writeIntoDataBase($date); unlink($file); StatisticsModule::_deleteOveralKey('hits'); } } self::viewCounter($all_hits, $hits, $hosts); //who online touchDir(ROOT . '/sys/logs/counter_online/'); $path = ROOT . '/sys/logs/counter_online/online.dat'; $users = array(); $guests = array(); $online_users = array(); if (file_exists($path) && is_readable($path)) { $data = unserialize(file_get_contents($path)); $users = !empty($data['users']) ? $data['users'] : array(); $guests = !empty($data['guests']) ? $data['guests'] : array(); } foreach ($users as $key => $user) { if ($user['expire'] < time()) { unset($users[$key]); break; } // online users list if (strstr($key, 'bot')) { $online_users[] = '<span class="botname">' . h($user['name']) . '</span>'; continue; } $color = ''; if (isset($user['status'])) { $group_info = $Register['ACL']->get_user_group($user['status']); if (!empty($group_info['color'])) { $color = 'color:#' . $group_info['color'] . ';'; } } $online_users[] = get_link(h($user['name']), getProfileUrl($key), array('style' => $color)); } foreach ($guests as $key => $guest) { if ($guest['expire'] < time()) { unset($guests[$key]); } } $_SESSION['online_users_list'] = count($online_users) ? implode(', ', $online_users) : ''; // Max users online in one time $all_online = intval(count($users) + count($guests)); if (!empty($overal['max_users_online']) && is_numeric($overal['max_users_online'])) { if ($overal['max_users_online'] < $all_online) { StatisticsModule::_updateOveralHits(array('max_users_online', 'max_users_online_date'), array($all_online, date("Y-m-d"))); } } else { StatisticsModule::_updateOveralHits(array('max_users_online', 'max_users_online_date'), array($all_online, date("Y-m-d"))); } if (empty($_SERVER['HTTP_USER_AGENT'])) { $_SERVER["HTTP_USER_AGENT"] = ''; } if (!empty($_SESSION['user']['id'])) { $users[$_SESSION['user']['id']] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => $_SESSION['user']['name'], 'status' => $_SESSION['user']['status']); } else { if (strstr($_SERVER["HTTP_USER_AGENT"], "StackRambler")) { $users['bot_rambler'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Rambler[bot]'); } else { if (strstr($_SERVER["HTTP_USER_AGENT"], "YahooBot")) { $users['bot_yahoo'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Yahoo[bot]'); } else { if (strstr($_SERVER["HTTP_USER_AGENT"], "Yandex")) { $users['bot_yandex'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Yandex[bot]'); } else { if (strstr($_SERVER["HTTP_USER_AGENT"], "Googlebot")) { $users['bot_google'] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60, 'name' => 'Google[bot]'); } else { $guests[$ip] = array('expire' => time() + $Register['Config']->read('time_on_line') * 60); } } } } } file_put_contents($path, serialize(array('users' => $users, 'guests' => $guests))); return; }
/** * @return boolean */ private function __checkIndex() { $meta_file = $this->getTmpPath('meta.dat'); if (file_exists($meta_file) && is_readable($meta_file)) { $meta = unserialize(file_get_contents($meta_file)); if (!empty($meta['expire']) && $meta['expire'] > time()) { return true; } else { $this->__createIndex(); } } else { touchDir($this->getTmpPath()); $this->__createIndex(); } $index_interval = intval($this->Register['Config']->read('index_interval', $this->module)); if ($index_interval < 1) { $index_interval = 1; } $meta['expire'] = time() + $index_interval * 84000; file_put_contents($meta_file, serialize($meta)); return true; }
public function importTemplateFiles($pathToTemplateFiles, $module) { if (file_exists($pathToTemplateFiles) && is_dir($pathToTemplateFiles)) { $templatePath = ROOT . '/template/' . getTemplateName(); $dirs = glob($pathToTemplateFiles . '/*', GLOB_ONLYDIR); foreach ($dirs as $dir) { $dirName = basename($dir); // Copying HTML templates to the special module directory if ($dirName === 'html') { touchDir($templatePath . '/html/' . $module, 0777); copyr($dir, $templatePath . '/html/' . $module, 0777); continue; } touchDir($templatePath . '/' . $dirName, 0777); copyr($dir, $templatePath . '/' . $dirName, 0777); } } }
/** * adding IP to ban list */ function add() { if (empty($_POST['ip'])) { redirect('/admin/ip_ban.php'); } $ip = trim($_POST['ip']); $error = null; if (!preg_match('#^\\d{1,3}\\.\\d{1,3}.\\d{1,3}.\\d{1,3}$#', $ip)) { $error = '<li>' . sprintf(__('Wrong chars in "..."'), 'IP') . '</li>'; } if (!empty($error)) { $_SESSION['add']['errors'] = '<ul class="uz_err">' . $error . '</ul>'; redirect('/admin/ip_ban.php'); } if (empty($error)) { touchDir(ROOT . '/sys/logs/ip_ban/'); $f = fopen(ROOT . '/sys/logs/ip_ban/baned.dat', 'a+'); fwrite($f, $ip . "\n"); fclose($f); } redirect('/admin/ip_ban.php'); }