}
if ($RIGHT_W) {
$arActions = array(array("ICON" => "edit", "DEFAULT" => true, "TEXT" => GetMessage("SEC_IP_LIST_EDIT"), "ACTION" => $lAdmin->ActionRedirect('security_iprule_edit.php?lang=' . LANGUAGE_ID . '&ID=' . $f_ID)), array("ICON" => "delete", "TEXT" => GetMessage("SEC_IP_LIST_DELETE"), "ACTION" => "if(confirm('" . GetMessage("SEC_IP_LIST_DELETE_CONF") . "')) " . $lAdmin->ActionDoGroup($f_ID, "delete")));
$row->AddActions($arActions);
}
}
$lAdmin->AddFooter(array(array("title" => GetMessage("MAIN_ADMIN_LIST_SELECTED"), "value" => $rsData->SelectedRowsCount()), array("counter" => true, "title" => GetMessage("MAIN_ADMIN_LIST_CHECKED"), "value" => "0")));
$aContext = array();
if ($RIGHT_W) {
$aContext[] = array("TEXT" => GetMessage("MAIN_ADD"), "LINK" => "security_iprule_edit.php?lang=" . LANG, "TITLE" => GetMessage("SEC_IP_LIST_ADD_TITLE"), "ICON" => "btn_new");
}
$lAdmin->AddAdminContextMenu($aContext);
if ($RIGHT_W) {
$lAdmin->AddGroupActionTable(array("delete" => GetMessage("MAIN_ADMIN_LIST_DELETE")));
}
$message = CSecurityIPRule::CheckAntiFile(true);
if ($message) {
$lAdmin->BeginPrologContent();
echo $message->Show();
$lAdmin->EndPrologContent();
}
$lAdmin->CheckListMode();
$APPLICATION->SetTitle(GetMessage("SEC_IP_LIST_TITLE"));
require $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php";
$oFilter = new CAdminFilter($sTableID . "_filter", array("find_rule_type" => GetMessage("SEC_IP_LIST_RULE_TYPE"), "find_active" => GetMessage("SEC_IP_LIST_ACTIVE"), "find_admin_section" => GetMessage("SEC_IP_LIST_ADMIN_SECTION"), "find_site_id" => GetMessage("SEC_IP_LIST_SITE_ID"), "find_name" => GetMessage("SEC_IP_LIST_NAME"), "find_ip" => GetMessage("SEC_IP_LIST_IP"), "find_path" => GetMessage("SEC_IP_LIST_PATH")));
?>
<form name="find_form" method="get" action="<?php
echo $APPLICATION->GetCurPage();
?>
">
public static function OnPageStart($use_query = false)
{
//ToDo: good candidate for refactoring
global $DB, $CACHE_MANAGER;
if (!CSecuritySystemInformation::isCliMode() && CSecurityIPRule::GetActiveCount()) {
if (CSecurityIPRule::CheckAntiFile()) {
return;
}
$bMatch = false;
$uri = $_SERVER['REQUEST_URI'];
if (($pos = strpos($uri, '?')) !== false) {
$uri = substr($uri, 0, $pos);
}
$uri = urldecode($uri);
$uri = preg_replace('#/+#', '/', $uri);
//Block any invalid uri
if (!static::isValidUri($uri)) {
include $_SERVER['DOCUMENT_ROOT'] . '/bitrix/admin/security_403.php';
}
//die inside
//Normalize on Windows, because my. == my
if (CSecuritySystemInformation::isRunOnWin()) {
$uri = preg_replace('#(. )+[/\\\\]+#', '/', $uri);
}
$ip2check = CSecurityIPRule::ip2number($_SERVER["REMOTE_ADDR"]);
if (!$use_query && CACHED_b_sec_iprule !== false) {
$cache_id = "b_sec_iprule";
if ($CACHE_MANAGER->Read(CACHED_b_sec_iprule, $cache_id, "b_sec_iprule")) {
$arRules = $CACHE_MANAGER->Get($cache_id);
} else {
$arRules = array();
$rs = $DB->Query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tr.ID,\n\t\t\t\t\t\t\tr.ADMIN_SECTION,\n\t\t\t\t\t\t\tr.SITE_ID,\n\t\t\t\t\t\t\tr.ACTIVE_FROM_TIMESTAMP,\n\t\t\t\t\t\t\tr.ACTIVE_TO_TIMESTAMP\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tb_sec_iprule r\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tr.ACTIVE='Y'\n\t\t\t\t\t\t\tAND (\n\t\t\t\t\t\t\t\tr.ACTIVE_TO IS NULL\n\t\t\t\t\t\t\t\tOR r.ACTIVE_TO >= " . $DB->CurrentTimeFunction() . "\n\t\t\t\t\t\t\t)\n\t\t\t\t\t");
while ($ar = $rs->Fetch()) {
$ar["ACTIVE_FROM_TIMESTAMP"] = intval($ar["ACTIVE_FROM_TIMESTAMP"]);
$ar["ACTIVE_TO_TIMESTAMP"] = intval($ar["ACTIVE_TO_TIMESTAMP"]);
$ar["INCL_MASKS"] = array();
$ar["EXCL_MASKS"] = array();
$ar["INCL_IPS"] = array();
$ar["EXCL_IPS"] = array();
$arRules[$ar["ID"]] = $ar;
}
$rs = $DB->Query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tim.IPRULE_ID,\n\t\t\t\t\t\t\tim.PREG_MASK\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tb_sec_iprule r\n\t\t\t\t\t\t\tINNER JOIN b_sec_iprule_incl_mask im on im.IPRULE_ID = r.ID\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tr.ACTIVE='Y'\n\t\t\t\t\t\t\tAND (\n\t\t\t\t\t\t\t\tr.ACTIVE_TO IS NULL\n\t\t\t\t\t\t\t\tOR r.ACTIVE_TO >= " . $DB->CurrentTimeFunction() . "\n\t\t\t\t\t\t\t)\n\t\t\t\t\t");
while ($ar = $rs->Fetch()) {
if (array_key_exists($ar["IPRULE_ID"], $arRules)) {
$arRules[$ar["IPRULE_ID"]]["INCL_MASKS"][] = $ar["PREG_MASK"];
}
}
foreach ($arRules as $ID => $ar) {
if (count($ar["INCL_MASKS"]) <= 0) {
unset($arRules[$ID]);
}
}
$rs = $DB->Query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tem.IPRULE_ID,\n\t\t\t\t\t\t\tem.PREG_MASK\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tb_sec_iprule r\n\t\t\t\t\t\t\tINNER JOIN b_sec_iprule_excl_mask em on em.IPRULE_ID = r.ID\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tr.ACTIVE='Y'\n\t\t\t\t\t\t\tAND (\n\t\t\t\t\t\t\t\tr.ACTIVE_TO IS NULL\n\t\t\t\t\t\t\t\tOR r.ACTIVE_TO >= " . $DB->CurrentTimeFunction() . "\n\t\t\t\t\t\t\t)\n\t\t\t\t\t");
while ($ar = $rs->Fetch()) {
if (array_key_exists($ar["IPRULE_ID"], $arRules)) {
$arRules[$ar["IPRULE_ID"]]["EXCL_MASKS"][] = $ar["PREG_MASK"];
}
}
$rs = $DB->Query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tii.IPRULE_ID,\n\t\t\t\t\t\t\tii.IP_START,\n\t\t\t\t\t\t\tii.IP_END\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tb_sec_iprule r\n\t\t\t\t\t\t\tINNER JOIN b_sec_iprule_incl_ip ii on ii.IPRULE_ID = r.ID\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tr.ACTIVE='Y'\n\t\t\t\t\t\t\tAND (\n\t\t\t\t\t\t\t\tr.ACTIVE_TO IS NULL\n\t\t\t\t\t\t\t\tOR r.ACTIVE_TO >= " . $DB->CurrentTimeFunction() . "\n\t\t\t\t\t\t\t)\n\t\t\t\t\t");
while ($ar = $rs->Fetch()) {
if (array_key_exists($ar["IPRULE_ID"], $arRules)) {
$arRules[$ar["IPRULE_ID"]]["INCL_IPS"][] = array(doubleval($ar["IP_START"]), doubleval($ar["IP_END"]));
}
}
foreach ($arRules as $ID => $ar) {
if (count($ar["INCL_IPS"]) <= 0) {
unset($arRules[$ID]);
}
}
$rs = $DB->Query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tei.IPRULE_ID,\n\t\t\t\t\t\t\tei.IP_START,\n\t\t\t\t\t\t\tei.IP_END\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tb_sec_iprule r\n\t\t\t\t\t\t\tINNER JOIN b_sec_iprule_excl_ip ei on ei.IPRULE_ID = r.ID\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tr.ACTIVE='Y'\n\t\t\t\t\t\t\tAND (\n\t\t\t\t\t\t\t\tr.ACTIVE_TO IS NULL\n\t\t\t\t\t\t\t\tOR r.ACTIVE_TO >= " . $DB->CurrentTimeFunction() . "\n\t\t\t\t\t\t\t)\n\t\t\t\t\t");
while ($ar = $rs->Fetch()) {
if (array_key_exists($ar["IPRULE_ID"], $arRules)) {
$arRules[$ar["IPRULE_ID"]]["EXCL_IPS"][] = array(doubleval($ar["IP_START"]), doubleval($ar["IP_END"]));
}
}
$CACHE_MANAGER->Set($cache_id, $arRules);
}
foreach ($arRules as $arRule) {
//Check if this rule is active
if (($arRule["ACTIVE_FROM_TIMESTAMP"] <= 0 || $arRule["ACTIVE_FROM_TIMESTAMP"] <= time()) && ($arRule["ACTIVE_TO_TIMESTAMP"] <= 0 || $arRule["ACTIVE_TO_TIMESTAMP"] >= time())) {
$bMatch = true;
} else {
$bMatch = false;
}
//Check if site does match
if ($bMatch) {
if (defined("ADMIN_SECTION") && ADMIN_SECTION === true) {
$bMatch = $arRule["ADMIN_SECTION"] == "Y";
} else {
$bMatch = !$arRule["SITE_ID"] || $arRule["SITE_ID"] == SITE_ID;
}
} else {
continue;
}
//Check if IP in blocked
if ($bMatch) {
$bMatch = false;
foreach ($arRule["INCL_IPS"] as $arIP) {
if ($ip2check >= $arIP[0] && $ip2check <= $arIP[1]) {
$bMatch = true;
break;
}
}
//IP is in blocked range so check if it is exluded
if ($bMatch) {
foreach ($arRule["EXCL_IPS"] as $arIP) {
if ($ip2check >= $arIP[0] && $ip2check <= $arIP[1]) {
$bMatch = false;
break;
}
}
}
} else {
continue;
}
//IP does match to blocking condition let's check path
if ($bMatch) {
$bMatch = false;
foreach ($arRule["INCL_MASKS"] as $mask) {
if (preg_match("#^" . $mask . "\$#", $uri)) {
$bMatch = true;
break;
}
}
//Check path for exclusion
if ($bMatch) {
foreach ($arRule["EXCL_MASKS"] as $mask) {
if (preg_match("#^" . $mask . "\$#", $uri)) {
$bMatch = false;
break;
}
}
}
} else {
continue;
}
//Found blocking rule
if ($bMatch) {
break;
}
}
} else {
$strSql = "\n\t\t\t\t\tSELECT r.ID\n\t\t\t\t\tFROM\n\t\t\t\t\t\tb_sec_iprule r\n\t\t\t\t\t\tINNER JOIN b_sec_iprule_incl_mask im on im.IPRULE_ID = r.ID\n\t\t\t\t\t\tLEFT JOIN b_sec_iprule_excl_mask em on em.IPRULE_ID = r.ID AND '" . $DB->ForSQL($uri) . "' like em.LIKE_MASK\n\t\t\t\t\t\tINNER JOIN b_sec_iprule_incl_ip ii on ii.IPRULE_ID = r.ID\n\t\t\t\t\t\tLEFT JOIN b_sec_iprule_excl_ip ei on ei.IPRULE_ID = r.ID AND " . $ip2check . " between ei.IP_START and ei.IP_END\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tr.ACTIVE = 'Y'\n\t\t\t\t\t\tAND (r.ACTIVE_FROM IS NULL OR r.ACTIVE_FROM <= " . $DB->CurrentTimeFunction() . ")\n\t\t\t\t\t\tAND (r.ACTIVE_TO IS NULL OR r.ACTIVE_TO >= " . $DB->CurrentTimeFunction() . ")\n\t\t\t\t\t\t" . (defined("ADMIN_SECTION") && ADMIN_SECTION === true ? "AND r.ADMIN_SECTION = 'Y'" : "AND (r.SITE_ID IS NULL OR r.SITE_ID = '" . $DB->ForSQL(SITE_ID) . "')") . "\n\t\t\t\t\t\tAND '" . $DB->ForSQL($uri) . "' like im.LIKE_MASK\n\t\t\t\t\t\tAND em.IPRULE_ID is null\n\t\t\t\t\t\tAND " . $ip2check . " between ii.IP_START and ii.IP_END\n\t\t\t\t\t\tAND ei.IPRULE_ID is null\n\t\t\t\t";
//echo "<pre>".htmlspecialcharsbx($strSql)."</pre>";
$rs = $DB->Query($strSql);
if ($arRule = $rs->Fetch()) {
$bMatch = true;
} else {
$bMatch = false;
}
}
if ($bMatch) {
include $_SERVER["DOCUMENT_ROOT"] . "/bitrix/admin/security_403.php";
}
}
}
}
$data['std']['ITEMS'][] = array("IS_OK" => $error_level == GetMessage("SEC_PANEL_ERROR1") || $error_level == GetMessage("SEC_PANEL_ERROR3"), "KPI_NAME" => GetMessage("SEC_PANEL_ERROR_NAME"), "KPI_VALUE" => $error_level, "KPI_RECOMMENDATION" => $error_level == GetMessage("SEC_PANEL_ERROR1") || $error_level == GetMessage("SEC_PANEL_ERROR3") ? ' ' : ($USER->CanDoOperation('edit_other_settings') ? '<a href="settings.php?lang=' . LANGUAGE_ID . '&mid=main&back_url_settings=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ERROR1") . '</a>' : GetMessage("SEC_PANEL_ERROR1")));
global $DB;
$data['std']['ITEMS'][] = array("IS_OK" => !$DB->debug, "KPI_NAME" => GetMessage("SEC_PANEL_QUERY_DEBUG"), "KPI_VALUE" => $DB->debug ? GetMessage("SEC_PANEL_QUERY_DEBUG_VALUE_ON") : GetMessage("SEC_PANEL_QUERY_DEBUG_VALUE_OFF"), "KPI_RECOMMENDATION" => !$DB->debug ? ' ' : (IsModuleInstalled('fileman') && ($USER->CanDoOperation('fileman_admin_files') || $USER->CanDoOperation('fileman_edit_existent_files')) ? GetMessage("SEC_PANEL_QUERY_DEBUG_RECOMMENDATION_WITH_HREF", array("#HREF#" => '/bitrix/admin/fileman_file_edit.php?lang=' . LANGUAGE_ID . '&full_src=Y&path=' . urlencode(BX_PERSONAL_ROOT . '/php_interface/dbconn.php') . '&back_url=' . urlencode('/bitrix/admin/security_panel.php?lang=' . LANGUAGE_ID))) : GetMessage("SEC_PANEL_QUERY_DEBUG_RECOMMENDATION_WO_HREF")));
$bEventLog = COption::GetOptionString("main", "event_log_logout", "N") === "Y" && COption::GetOptionString("main", "event_log_login_success", "N") === "Y" && COption::GetOptionString("main", "event_log_login_fail", "N") === "Y" && COption::GetOptionString("main", "event_log_register", "N") === "Y" && COption::GetOptionString("main", "event_log_register_fail", "N") === "Y" && COption::GetOptionString("main", "event_log_password_request", "N") === "Y" && COption::GetOptionString("main", "event_log_password_change", "N") === "Y" && COption::GetOptionString("main", "event_log_user_delete", "N") === "Y" && COption::GetOptionString("main", "event_log_user_groups", "N") === "Y" && COption::GetOptionString("main", "event_log_group_policy", "N") === "Y" && COption::GetOptionString("main", "event_log_module_access", "N") === "Y" && COption::GetOptionString("main", "event_log_file_access", "N") === "Y" && COption::GetOptionString("main", "event_log_task", "N") === "Y";
$data['high']['ITEMS'][] = array("IS_OK" => $bEventLog, "KPI_NAME" => GetMessage("SEC_PANEL_EVENT_LOG_NAME"), "KPI_VALUE" => $bEventLog ? GetMessage("SEC_PANEL_EVENT_LOG_VALUE_ON") : GetMessage("SEC_PANEL_EVENT_LOG_VALUE_OFF"), "KPI_RECOMMENDATION" => $bEventLog ? ' ' : ($USER->CanDoOperation('edit_other_settings') ? '<a href="settings.php?lang=' . LANGUAGE_ID . '&mid=main&back_url_settings=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=edit8">' . GetMessage("SEC_PANEL_EVENT_LOG_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_EVENT_LOG_RECOMMENDATION")));
$bSecurityFrame = CSecurityFrame::IsActive();
$data['high']['ITEMS'][] = array("IS_OK" => $bSecurityFrame, "KPI_NAME" => GetMessage("SEC_PANEL_FRAME_NAME"), "KPI_VALUE" => $bSecurityFrame ? GetMessage("SEC_PANEL_FRAME_VALUE_ON") : GetMessage("SEC_PANEL_FRAME_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFrame ? ' ' : ($USER->CanDoOperation('security_frame_settings_write') ? '<a href="security_frame.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FRAME_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FRAME_RECOMMENDATION")));
$rsIPRule = CSecurityIPRule::GetList(array(), array("=RULE_TYPE" => "A", "=ADMIN_SECTION" => "Y", "=SITE_ID" => false, "=SORT" => 10, "=ACTIVE_FROM" => false, "=ACTIVE_TO" => false), array("ID" => "ASC"));
$arIPRule = $rsIPRule->Fetch();
if ($arIPRule) {
$bIPProtection = $arIPRule["ACTIVE"] == "Y";
} else {
$bIPProtection = false;
}
$msgStopListDisabled = CSecurityIPRule::CheckAntiFile(true);
$data['high']['ITEMS'][] = array("IS_OK" => $bIPProtection && $msgStopListDisabled === false, "KPI_NAME" => GetMessage("SEC_PANEL_IPBLOCK_NAME"), "KPI_VALUE" => $bIPProtection && $msgStopListDisabled === false ? GetMessage("SEC_PANEL_IPBLOCK_VALUE_ON") : GetMessage("SEC_PANEL_IPBLOCK_VALUE_OFF"), "KPI_RECOMMENDATION" => $bIPProtection ? $msgStopListDisabled === false ? ' ' : $msgStopListDisabled->Show() : ($USER->CanDoOperation('security_iprule_admin_settings_write') ? '<a href="security_iprule_admin.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION")));
$bSessionsDB = COption::GetOptionString("security", "session") == "Y";
$data['high']['ITEMS'][] = array("IS_OK" => $bSessionsDB, "KPI_NAME" => GetMessage("SEC_PANEL_SESSDB_NAME"), "KPI_VALUE" => $bSessionsDB ? GetMessage("SEC_PANEL_SESSDB_VALUE_ON") : GetMessage("SEC_PANEL_SESSDB_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionsDB ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=savedb">' . GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION")));
$bSessionTTL = COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y" && COption::GetOptionInt("main", "session_id_ttl", 0) > 0;
$data['high']['ITEMS'][] = array("IS_OK" => $bSessionTTL, "KPI_NAME" => GetMessage("SEC_PANEL_SESSID_NAME"), "KPI_VALUE" => $bSessionTTL ? GetMessage("SEC_PANEL_SESSID_VALUE_ON") : GetMessage("SEC_PANEL_SESSID_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionTTL ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=sessid">' . GetMessage("SEC_PANEL_SESSID_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSID_RECOMMENDATION")));
$bRedirect = CSecurityRedirect::IsActive();
$data['high']['ITEMS'][] = array("IS_OK" => $bRedirect, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIFISHING_NAME"), "KPI_VALUE" => $bRedirect ? GetMessage("SEC_PANEL_ANTIFISHING_VALUE_ON") : GetMessage("SEC_PANEL_ANTIFISHING_VALUE_OFF"), "KPI_RECOMMENDATION" => $bRedirect ? ' ' : ($USER->CanDoOperation('security_redirect_settings_write') ? '<a href="security_redirect.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION")));
$bOTP = CSecurityUser::isActive();
$data['very_high']['ITEMS'][] = array("IS_OK" => $bOTP, "KPI_NAME" => GetMessage("SEC_PANEL_OTP_NAME"), "KPI_VALUE" => $bOTP ? GetMessage("SEC_PANEL_OTP_VALUE_ON") : GetMessage("SEC_PANEL_OTP_VALUE_OFF"), "KPI_RECOMMENDATION" => $bOTP ? ' ' : ($USER->CanDoOperation('security_otp_settings_write') ? '<a href="security_otp.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_OTP_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_OTP_RECOMMENDATION")));
$timeFC = COption::GetOptionInt("security", "last_files_check", -1);
$data['very_high']['ITEMS'][] = array("IS_OK" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600, "KPI_NAME" => GetMessage("SEC_PANEL_FILES_NAME"), "KPI_VALUE" => $timeFC < 0 ? GetMessage("SEC_PANEL_FILES_VALUE_NEVER") : (time() - $timeFC > 24 * 3600 ? GetMessage("SEC_PANEL_FILES_VALUE_LONGTIMEAGO") : GetMessage("SEC_PANEL_FILES_VALUE_ACTUAL")), "KPI_RECOMMENDATION" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600 ? ' ' : ($USER->CanDoOperation('security_file_verifier_verify') ? '<a href="security_file_verifier.php?lang=' . LANGUAGE_ID . '">' . GetMessage("SEC_PANEL_FILES_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILES_RECOMMENDATION")));
$bSecurityAV = CSecurityAntiVirus::IsActive();
$data['very_high']['ITEMS'][] = array("IS_OK" => $bSecurityAV, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIVIRUS_NAME"), "KPI_VALUE" => $bSecurityAV ? GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_ON") : GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityAV ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION")));
$strSecurityAVAction = COption::GetOptionString("security", "antivirus_action");
$data['very_high']['ITEMS'][] = array("IS_OK" => $strSecurityAVAction !== "notify_only", "KPI_NAME" => GetMessage("SEC_PANEL_AV_ACTION_NAME"), "KPI_VALUE" => $strSecurityAVAction === "notify_only" ? GetMessage("SEC_PANEL_AV_ACTION_VALUE_NOTIFY") : GetMessage("SEC_PANEL_AV_ACTION_VALUE_ACT"), "KPI_RECOMMENDATION" => $strSecurityAVAction !== "notify_only" ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=params">' . GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION")));
function OnPageStart($use_query = false)
{
global $DB, $CACHE_MANAGER;
if(CSecurityIPRule::GetActiveCount())
{
$bMatch = false;
if(CSecurityIPRule::CheckAntiFile())
return;
$ip2check = CSecurityIPRule::ip2number($_SERVER["REMOTE_ADDR"]);
if(!$use_query && CACHED_b_sec_iprule !== false)
{
$cache_id = "b_sec_iprule";
if($CACHE_MANAGER->Read(CACHED_b_sec_iprule, $cache_id, "b_sec_iprule"))
{
$arRules = $CACHE_MANAGER->Get($cache_id);
}
else
{
$arRules = array();
$rs = $DB->Query("
SELECT
r.ID,
r.ADMIN_SECTION,
r.SITE_ID,
r.ACTIVE_FROM_TIMESTAMP,
r.ACTIVE_TO_TIMESTAMP
FROM
b_sec_iprule r
WHERE
r.ACTIVE='Y'
AND (
r.ACTIVE_TO IS NULL
OR r.ACTIVE_TO >= ".$DB->CurrentTimeFunction()."
)
");
while($ar = $rs->Fetch())
{
$ar["ACTIVE_FROM_TIMESTAMP"] = intval($ar["ACTIVE_FROM_TIMESTAMP"]);
$ar["ACTIVE_TO_TIMESTAMP"] = intval($ar["ACTIVE_TO_TIMESTAMP"]);
$ar["INCL_MASKS"] = array();
$ar["EXCL_MASKS"] = array();
$ar["INCL_IPS"] = array();
$ar["EXCL_IPS"] = array();
$arRules[$ar["ID"]] = $ar;
}
$rs = $DB->Query("
SELECT
im.IPRULE_ID,
im.PREG_MASK
FROM
b_sec_iprule r
INNER JOIN b_sec_iprule_incl_mask im on im.IPRULE_ID = r.ID
WHERE
r.ACTIVE='Y'
AND (
r.ACTIVE_TO IS NULL
OR r.ACTIVE_TO >= ".$DB->CurrentTimeFunction()."
)
");
while($ar = $rs->Fetch())
if(array_key_exists($ar["IPRULE_ID"], $arRules))
$arRules[$ar["IPRULE_ID"]]["INCL_MASKS"][] = $ar["PREG_MASK"];
foreach($arRules as $ID => $ar)
if(count($ar["INCL_MASKS"]) <= 0)
unset($arRules[$ID]);
$rs = $DB->Query("
SELECT
em.IPRULE_ID,
em.PREG_MASK
FROM
b_sec_iprule r
INNER JOIN b_sec_iprule_excl_mask em on em.IPRULE_ID = r.ID
WHERE
r.ACTIVE='Y'
AND (
r.ACTIVE_TO IS NULL
OR r.ACTIVE_TO >= ".$DB->CurrentTimeFunction()."
)
");
while($ar = $rs->Fetch())
if(array_key_exists($ar["IPRULE_ID"], $arRules))
$arRules[$ar["IPRULE_ID"]]["EXCL_MASKS"][] = $ar["PREG_MASK"];
$rs = $DB->Query("
SELECT
ii.IPRULE_ID,
ii.IP_START,
ii.IP_END
FROM
b_sec_iprule r
INNER JOIN b_sec_iprule_incl_ip ii on ii.IPRULE_ID = r.ID
WHERE
r.ACTIVE='Y'
AND (
r.ACTIVE_TO IS NULL
OR r.ACTIVE_TO >= ".$DB->CurrentTimeFunction()."
)
");
while($ar = $rs->Fetch())
if(array_key_exists($ar["IPRULE_ID"], $arRules))
$arRules[$ar["IPRULE_ID"]]["INCL_IPS"][] = array(
doubleval($ar["IP_START"]),
doubleval($ar["IP_END"]),
);
foreach($arRules as $ID => $ar)
if(count($ar["INCL_IPS"]) <= 0)
unset($arRules[$ID]);
$rs = $DB->Query("
SELECT
ei.IPRULE_ID,
ei.IP_START,
ei.IP_END
FROM
b_sec_iprule r
INNER JOIN b_sec_iprule_excl_ip ei on ei.IPRULE_ID = r.ID
WHERE
r.ACTIVE='Y'
AND (
r.ACTIVE_TO IS NULL
OR r.ACTIVE_TO >= ".$DB->CurrentTimeFunction()."
)
");
while($ar = $rs->Fetch())
if(array_key_exists($ar["IPRULE_ID"], $arRules))
$arRules[$ar["IPRULE_ID"]]["EXCL_IPS"][] = array(
doubleval($ar["IP_START"]),
doubleval($ar["IP_END"]),
);
$CACHE_MANAGER->Set($cache_id, $arRules);
}
foreach($arRules as $arRule)
{
//Check if this rule is active
if(
($arRule["ACTIVE_FROM_TIMESTAMP"] <= 0 || $arRule["ACTIVE_FROM_TIMESTAMP"] <= time())
&& ($arRule["ACTIVE_TO_TIMESTAMP"] <= 0 || $arRule["ACTIVE_TO_TIMESTAMP"] >= time())
)
{
$bMatch = true;
}
else
{
$bMatch = false;
}
//Check if site does match
if($bMatch)
{
if(defined("ADMIN_SECTION") && ADMIN_SECTION===true)
$bMatch = $arRule["ADMIN_SECTION"] == "Y";
else
$bMatch = (strlen($arRule["SITE_ID"]) <= 0) || ($arRule["SITE_ID"] = SITE_ID);
}
else
{
continue;
}
//Check if IP in blocked
if($bMatch)
{
$bMatch = false;
foreach($arRule["INCL_IPS"] as $arIP)
{
if($ip2check >= $arIP[0] && $ip2check <= $arIP[1])
{
$bMatch = true;
break;
}
}
//IP is in blocked range so check if it is exluded
if($bMatch)
{
foreach($arRule["EXCL_IPS"] as $arIP)
{
if($ip2check >= $arIP[0] && $ip2check <= $arIP[1])
{
$bMatch = false;
break;
}
}
}
}
else
{
continue;
}
//IP does match to blocking condition let's check path
if($bMatch)
{
$bMatch = false;
foreach($arRule["INCL_MASKS"] as $mask)
{
if(preg_match("#^".$mask."$#", $_SERVER["REQUEST_URI"]))
{
$bMatch = true;
break;
}
}
//Check path for exclusion
if($bMatch)
{
foreach($arRule["EXCL_MASKS"] as $mask)
{
if(preg_match("#^".$mask."$#", $_SERVER["REQUEST_URI"]))
{
$bMatch = false;
break;
}
}
}
}
else
{
continue;
}
//Found blocking rule
if($bMatch)
break;
}
}
else
{
$strSql = "
SELECT r.ID
FROM
b_sec_iprule r
INNER JOIN b_sec_iprule_incl_mask im on im.IPRULE_ID = r.ID
LEFT JOIN b_sec_iprule_excl_mask em on em.IPRULE_ID = r.ID AND '".$DB->ForSQL($_SERVER["REQUEST_URI"])."' like em.LIKE_MASK
INNER JOIN b_sec_iprule_incl_ip ii on ii.IPRULE_ID = r.ID
LEFT JOIN b_sec_iprule_excl_ip ei on ei.IPRULE_ID = r.ID AND ".$ip2check." between ei.IP_START and ei.IP_END
WHERE
r.ACTIVE = 'Y'
AND (r.ACTIVE_FROM IS NULL OR r.ACTIVE_FROM <= ".$DB->CurrentTimeFunction().")
AND (r.ACTIVE_TO IS NULL OR r.ACTIVE_TO >= ".$DB->CurrentTimeFunction().")
".(defined("ADMIN_SECTION") && ADMIN_SECTION===true?
"AND r.ADMIN_SECTION = 'Y'":
"AND (r.SITE_ID IS NULL OR r.SITE_ID = '".$DB->ForSQL(SITE_ID)."')"
)."
AND '".$DB->ForSQL($_SERVER["REQUEST_URI"])."' like im.LIKE_MASK
AND em.IPRULE_ID is null
AND ".$ip2check." between ii.IP_START and ii.IP_END
AND ei.IPRULE_ID is null
";
//echo "<pre>".htmlspecialcharsbx($strSql)."</pre>";
$rs = $DB->Query($strSql);
if($arRule = $rs->Fetch())
$bMatch = true;
else
$bMatch = false;
}
if($bMatch)
include($_SERVER["DOCUMENT_ROOT"]."/bitrix/admin/security_403.php");
}
}
