/** * Run a query and return the results, if any. * Should return FALSE if an error occurred. * Bad Behavior will use the return value here in other callbacks. * * @param string $query * @return bool or int */ function bb2_db_query($query) { $db = database(); // First fix the horrors caused by bb's support of only mysql // ok they are right its my horror :P if (strpos($query, 'DATE_SUB') !== false) { $query = 'DELETE FROM {db_prefix}log_badbehavior WHERE date < ' . (bb2_db_date() - 7 * 86400); } elseif (strpos($query, 'OPTIMIZE TABLE') !== false) { return true; } elseif (strpos($query, '@@session.wait_timeout') !== false) { return true; } // Run the query, return success, failure or the actual results $result = $db->query('', $query, array()); if (!$result) { return false; } elseif ($result === true) { return bb2_db_affected_rows() !== 0; } elseif (bb2_db_num_rows($result) === 0) { return false; } return bb2_db_rows($result); }
function bb2_insert_stats($force = false) { global $bb2_stats; $settings = bb2_read_settings(); if ($force || $settings['display_stats']) { $blocked = bb2_db_rows(bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'")); if ($blocked !== FALSE) { echo sprintf('<span><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</span>', 'Bad Behavior', 'has blocked', $blocked[0]["COUNT(*)"], 'access attempt(s) in the last 7 days.'); } } }
function bb2_insert_stats($force = false) { static $retval = null; $settings = bb2_read_settings(); if (!$force && !$settings['display_stats']) { return ''; // not cached } if ($retval !== null) { return $retval; } $blocked = bb2_db_query("SELECT COUNT(*) AS blocked FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'"); $row = bb2_db_rows($blocked); if ($blocked !== FALSE) { $retval = sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', 'Bad Behavior', 'has blocked', $row['blocked'], 'access attempts in the last 7 days.'); } return $retval; }
function bb2_manage() { global $wpdb; $request_uri = $_SERVER["REQUEST_URI"]; if (!$request_uri) { $request_uri = $_SERVER['SCRIPT_NAME']; } # IIS $settings = bb2_read_settings(); $rows_per_page = 100; $where = ""; // Get query variables desired by the user with input validation $paged = 0 + $_GET['paged']; if (!$paged) { $paged = 1; } if ($_GET['key']) { $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' "; } if ($_GET['blocked']) { $where .= "AND `key` != '00000000' "; } else { if ($_GET['permitted']) { $where .= "AND `key` = '00000000' "; } } if ($_GET['ip']) { $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' "; } if ($_GET['user_agent']) { $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' "; } if ($_GET['request_method']) { $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' "; } // Query the DB based on variables selected $r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table']); $results = bb2_db_rows($r); $totalcount = $results[0]["COUNT(id)"]; $r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where); $results = bb2_db_rows($r); $count = $results[0]["COUNT(id)"]; $pages = ceil($count / 100); $r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page); $results = bb2_db_rows($r); // Display rows to the user ?> <div class="wrap"> <?php echo bb2_donate_button(admin_url("tools.php?page=bb2_manage")); ?> <h2><?php _e("Bad Behavior Log"); ?> </h2> <form method="post" action="<?php echo admin_url("tools.php?page=bb2_manage"); ?> "> <p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p> <p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options"); ?> ">Settings</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist"); ?> ">Whitelist</a></p> <div class="tablenav"> <?php $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged)); if ($page_links) { echo "<div class=\"tablenav-pages\">{$page_links}</div>\n"; } ?> <div class="alignleft"> <?php if ($count < $totalcount) { ?> Displaying <strong><?php echo $count; ?> </strong> of <strong><?php echo $totalcount; ?> </strong> records filtered by:<br/> <?php if ($_GET['key']) { echo "Status [<a href=\"" . esc_url(remove_query_arg(array("paged", "key"), $request_uri)) . "\">X</a>] "; } if ($_GET['blocked']) { echo "Blocked [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">X</a>] "; } if ($_GET['permitted']) { echo "Permitted [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">X</a>] "; } if ($_GET['ip']) { echo "IP [<a href=\"" . esc_url(remove_query_arg(array("paged", "ip"), $request_uri)) . "\">X</a>] "; } if ($_GET['user_agent']) { echo "User Agent [<a href=\"" . esc_url(remove_query_arg(array("paged", "user_agent"), $request_uri)) . "\">X</a>] "; } if ($_GET['request_method']) { echo "GET/POST [<a href=\"" . esc_url(remove_query_arg(array("paged", "request_method"), $request_uri)) . "\">X</a>] "; } } else { ?> Displaying all <strong><?php echo $totalcount; ?> </strong> records<br/> <?php } if (!$_GET['key'] && !$_GET['blocked']) { ?> <a href="<?php echo esc_url(add_query_arg(array("blocked" => "1", "permitted" => "0", "paged" => false), $request_uri)); ?> ">Show Blocked</a> <?php } if (!$_GET['key'] && !$_GET['permitted']) { ?> <a href="<?php echo esc_url(add_query_arg(array("permitted" => "1", "blocked" => "0", "paged" => false), $request_uri)); ?> ">Show Permitted</a> <?php } ?> </div> </div> <table class="widefat"> <thead> <tr> <th scope="col" class="check-column"><input type="checkbox" onclick="checkAll(document.getElementById('request-filter'));" /></th> <th scope="col"><?php _e("IP/Date/Status"); ?> </th> <th scope="col"><?php _e("Headers"); ?> </th> <th scope="col"><?php _e("Entity"); ?> </th> </tr> </thead> <tbody> <?php $alternate = 0; if ($results) { foreach ($results as $result) { $key = bb2_get_response($result["key"]); $alternate++; if ($alternate % 2) { echo "<tr id=\"request-" . $result["id"] . "\" valign=\"top\">\n"; } else { echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n"; } echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n"; $httpbl = bb2_httpbl_lookup($result["ip"]); $host = @gethostbyaddr($result["ip"]); if (!strcmp($host, $result["ip"])) { $host = ""; } else { $host .= "<br/>\n"; } echo "<td><a href=\"" . esc_url(add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri))) . "\">" . $result["ip"] . "</a><br/>{$host}<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url(add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri))) . "\">" . $key["log"] . "</a>\n"; if ($httpbl) { echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>{$httpbl}\n"; } echo "</td>\n"; $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers'])); if (@strpos($headers, $result['user_agent']) !== FALSE) { $headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent'])); } if (@strpos($headers, $result['request_method']) !== FALSE) { $headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("request_method", rawurlencode($result["request_method"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['request_method'] . "</a>", strpos($headers, $result['request_method']), strlen($result['request_method'])); } echo "<td>{$headers}</td>\n"; echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n"; echo "</tr>\n"; } } ?> </tbody> </table> <div class="tablenav"> <?php $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged)); if ($page_links) { echo "<div class=\"tablenav-pages\">{$page_links}</div>\n"; } ?> <div class="alignleft"> </div> </div> </form> </div> <?php }