protected function getInput() { $this->app = JFactory::getApplication(); $this->db = JFactory::getDbo(); $this->formfields = $this->form->getFieldset(); $blacklistnets = array(); $blacklistaddresses = array(); $blacklistinputarray=AdminExileHelper::ipArray($this->_getField('blacklist')); $gmp = AdminExileHelper::gmp(); require_once(JPATH_PLUGINS.'/system/adminexile/classes/'.($gmp?'IPv6Net.class.php':'simplecidr.class.php')); foreach($blacklistinputarray as $blacklistitem) { $blacklistitem = trim($blacklistitem); if(preg_match('/\//',$blacklistitem)) { try{ $blacklistnets[$blacklistitem]=$gmp?(new IPv6Net($blacklistitem)):SimpleCIDR::getInstance($blacklistitem); } catch (Exception $e) { error_log("AdminExile cannot process ".$blacklistitem." due to:".$e->getMessage()); $blacklistaddresses[trim($blacklistitem)]=$blacklistitem; } } else { $blacklistaddresses[trim($blacklistitem)]=$blacklistitem; } } $query = $this->db->getQuery(true); $query->select('*')->from('#__plg_system_adminexile')->where('penalty = 0')->order('lastattempt DESC'); $this->db->setQuery($query); $blocked = $this->db->loadObjectList(); $return=array(); $return[]='<h3 style="float:left;clear:left;">'.($gmp?JText::_('PLG_SYS_ADMINEXILE_IPV46'):JText::_('PLG_SYS_ADMINEXILE_IPV4')).'</h3>'; $attempts = new stdClass(); foreach($blocked as $match) { if(in_array($match->ip,$blacklistaddresses)) { $attempts->{$match->ip} = new stdClass(); $attempts->{$match->ip}->lastattempt = $match->lastattempt; $attempts->{$match->ip}->firstattempt = $match->firstattempt; $attempts->{$match->ip}->attempts = $match->attempts; } else { foreach(array_keys($blacklistnets) as $key) { if($blacklistnets[$key]->contains(trim((string)$match->ip))) { if(!property_exists($attempts,$key)) { $attempts->$key = new stdClass(); $attempts->$key->attempts = 0; $attempts->$key->addresses = new stdClass(); } $attempts->$key->addresses->{$match->ip}->lastattempt = $match->lastattempt; $attempts->$key->addresses->{$match->ip}->firstattempt = $match->firstattempt; $attempts->$key->addresses->{$match->ip}->attempts = $match->attempts; $attempts->$key->attempts += $match->attempts; } } } } JFactory::getDocument()->addScriptDeclaration('window.plg_sys_adminexile_blacklist = '.json_encode($attempts).';'); return implode("\n",$return); }
protected function getInput() { $options = array(); $joomla = array('JACTION_DELETE'); $messages = array('INVALIDASCII','INVALIDCHAR','NOTNUMERIC'); $chars = array('DOLLAR','AMPERSAND','PLUS','COMMA','FORWARDSLASH','COLON','SEMICOLON','EQUALS','QUESTION','AT','SPACE','QUOTE','LESSTHAN','GREATERTHAN','POUND','PERCENT','LEFTCURLY','RIGHTCURLY','PIPE','BACKSLASH','CARAT','TILDE','LEFTBRACKET','RIGHTBRACKET','GRAVE'); $buttons = array('EDIT_IP','DELETE_IP','CLEAR_IP'); $popups = array('NEW_IPV4','NEW_IPV46','DUPLICATE_ADDRESS','INVALID_ADDRESS'); $table = array('IP','ACTIONS','ATTEMPTS','LASTATTEMPT','OPTIONS'); foreach($messages as $string) JText::script('PLG_SYS_ADMINEXILE_MESSAGE_'.$string); foreach($chars as $string) JText::script('PLG_SYS_ADMINEXILE_CHAR_'.$string); foreach($buttons as $string) JText::script('PLG_SYS_ADMINEXILE_BUTTON_'.$string); foreach($popups as $string) JText::script('PLG_SYS_ADMINEXILE_POPUP_'.$string); foreach($table as $string) JText::script('PLG_SYS_ADMINEXILE_TH_'.$string); foreach($joomla as $string) JText::script($string); $options['version']=JVERSION; $options['gmp']=AdminExileHelper::gmp(); JHtml::_('behavior.framework',true); $doc = JFactory::getDocument(); $doc->addScriptDeclaration("\n".'window.plg_sys_adminexile_config = '.json_encode($options).';'."\n"); $doc->addScript(JURI::root(true).'/media/plg_system_adminexile/admin.js'); return; }
public function onAfterInitialise() { if ($this->_app->isAdmin()) { $this->_net = false; JFactory::getLanguage()->load('plg_system_adminexile', JPATH_ADMINISTRATOR); if (JFactory::getUser()->id) { // check for block removals if ($this->_app->input->get->get('adminexile_removeblock', false)) { $ip = $this->_app->input->get->get('ip', 0); $firstattempt = $this->_app->input->get->get('firstattempt', 0, 'RAW'); if ($this->_clearBlocks(array('ip' => $ip, 'firstattempt' => $firstattempt))) { header('Content-Type: application/json'); die(json_encode(array('success' => true))); } } $this->_pass = true; return true; // user is already logged in } else { if ($this->params->get('maillink', 0)) { if (@$email = $this->_app->input->get->get('email', false)) { if ($this->params->get('maillink', true) && count($this->params->get('maillinkgroup', array()))) { $this->_maillink($email, $this->params->get('maillinkgroup', array())); $this->_redirect(); return true; } } } } $this->_key = $this->params->get('key', 'adminexile'); if ($this->_app->getUserState("plg_sys_adminexile.$this->_key", false)) { $this->_pass = true; if (isset($_GET[$this->_key])) $this->_app->redirect(JURI::root() . '/administrator'); // hide the key as soon as possible return true; // user provided a key and should be shown the login form } if ($this->params->get('bruteforce', 0) && $this->_log && $this->_log->penalty != 0) return true; if($this->params->get('tmpwhitelist',0)) { if($this->_getTmpWhitelist($this->_ip)) { $this->_pass = true; $this->_authorized(); return true; } } if ($this->params->get('ipsecurity', 0)) { $this->_gmp = AdminExileHelper::gmp(); $ip = $this->_blackwhite($this->_ip); if ($ip) { if ($ip === true) { $this->_pass = true; $this->_authorized(); return true; } else { $this->_net = $ip; return true; } } } if ($this->_keyauth()) { $this->_pass = true; $this->_authorized(); return true; } return true; } else { $this->_frontrestrict(); } }