/**
* Filters back-end access by IP. If the IP of the visitor is not included
* in the whitelist, he gets redirected to the home page
*/
public function onAfterInitialise()
{
// Let's get a list of allowed IP ranges
$db = $this->db;
$sql = $db->getQuery(true)->select($db->qn('ip'))->from($db->qn('#__admintools_adminiplist'));
$db->setQuery($sql);
try {
if (version_compare(JVERSION, '3.0', 'ge')) {
$ipTable = $db->loadColumn();
} else {
$ipTable = $db->loadResultArray();
}
} catch (Exception $e) {
// Do nothing if the query fails
$ipTable = null;
}
if (empty($ipTable)) {
return;
}
$inList = AtsystemUtilFilter::IPinList($ipTable);
if ($inList === false) {
if (!$this->exceptionsHandler->logAndAutoban('ipwl')) {
return;
}
$this->redirectAdminToHome();
}
}
/**
* Filters visitor access by IP. If the IP of the visitor is included in the
* blacklist, she gets a 403 error
*/
public function onAfterInitialise()
{
// Let's get a list of blocked IP ranges
$db = $this->db;
$sql = $db->getQuery(true)->select($db->qn('ip'))->from($db->qn('#__admintools_ipblock'));
$db->setQuery($sql);
try {
if (version_compare(JVERSION, '3.0', 'ge')) {
$ipTable = $db->loadColumn();
} else {
$ipTable = $db->loadResultArray();
}
} catch (Exception $e) {
// Do nothing if the query fails
$ipTable = null;
}
if (empty($ipTable)) {
return;
}
$inList = AtsystemUtilFilter::IPinList($ipTable);
if ($inList !== true) {
return;
}
$message = $this->cparams->getValue('custom403msg', '');
if (empty($message)) {
$message = 'ADMINTOOLS_BLOCKED_MESSAGE';
}
// Merge the default translation with the current translation
$jlang = JFactory::getLanguage();
// Front-end translation
$jlang->load('plg_system_admintools', JPATH_ADMINISTRATOR, 'en-GB', true);
$jlang->load('plg_system_admintools', JPATH_ADMINISTRATOR, $jlang->getDefault(), true);
$jlang->load('plg_system_admintools', JPATH_ADMINISTRATOR, null, true);
// Do we have an override?
$langOverride = $this->params->get('language_override', '');
if (!empty($langOverride)) {
$jlang->load('plg_system_admintools', JPATH_ADMINISTRATOR, $langOverride, true);
}
$message = JText::_($message);
if ($message == 'ADMINTOOLS_BLOCKED_MESSAGE') {
$message = "Access Denied";
}
// Show the 403 message
if ($this->cparams->getValue('use403view', 0)) {
$session = JFactory::getSession();
// Using a view
if (!$session->get('block', false, 'com_admintools') || F0FPlatform::getInstance()->isBackend()) {
// This is inside an if-block so that we don't end up in an infinite redirection loop
$session->set('block', true, 'com_admintools');
$session->set('message', $message, 'com_admintools');
$session->close();
$base = JURI::base();
if (F0FPlatform::getInstance()->isBackend()) {
$base = rtrim($base);
$base = substr($base, 0, -13);
}
$this->app->redirect($base);
}
return;
}
if (F0FPlatform::getInstance()->isBackend()) {
// You can't use Joomla!'s error page in the admin area. Improvise!
header('HTTP/1.1 403 Forbidden');
echo $message;
$this->app->close();
}
// Using Joomla!'s error page
if (version_compare(JVERSION, '3.0', 'ge')) {
throw new Exception($message, 403);
}
JError::raiseError(403, $message);
}
/**
* Logs security exceptions
*
* @param string $reason Block reason code
* @param string $extraLogInformation Extra information to be written to the text log file
* @param string $extraLogTableInformation Extra information to be written to the extradata field of the log table (useful for JSON format)
*
* @return bool
*/
public function logBreaches($reason, $extraLogInformation = '', $extraLogTableInformation = '')
{
$reasons_nolog = $this->cparams->getValue('reasons_nolog', 'geoblocking');
$reasons_noemail = $this->cparams->getValue('reasons_noemail', 'geoblocking');
$whitelist_domains = $this->cparams->getValue('whitelist_domains', '.googlebot.com,.search.msn.com');
$reasons_nolog = explode(',', $reasons_nolog);
$reasons_noemail = explode(',', $reasons_noemail);
$whitelist_domains = explode(',', $whitelist_domains);
// === SANITY CHECK - BEGIN ===
// Get our IP address
$ip = AtsystemUtilFilter::getIp();
if (strpos($ip, '::') === 0 && strstr($ip, '.') !== false) {
$ip = substr($ip, strrpos($ip, ':') + 1);
}
// No point continuing if we can't get an address, right?
if (empty($ip) || $ip == '0.0.0.0') {
return false;
}
// Make sure it's not an IP in the safe list
$safeIPs = $this->cparams->getValue('neverblockips', '');
if (!empty($safeIPs)) {
$safeIPs = explode(',', $safeIPs);
if (!empty($safeIPs)) {
if (AtsystemUtilFilter::IPinList($safeIPs)) {
return false;
}
}
}
// Make sure we don't have a list in the administrator white list
if ($this->cparams->getValue('ipwl', 0) == 1) {
$db = JFactory::getDBO();
$sql = $db->getQuery(true)->select($db->qn('ip'))->from($db->qn('#__admintools_adminiplist'));
$db->setQuery($sql);
try {
$ipTable = $db->loadColumn();
} catch (Exception $e) {
$ipTable = null;
}
if (!empty($ipTable)) {
if (AtsystemUtilFilter::IPinList($ipTable)) {
return false;
}
}
}
// Make sure this IP doesn't resolve to a whitelisted domain
if (!empty($whitelist_domains)) {
$remote_domain = @gethostbyaddr($ip);
if (!empty($remote_domain)) {
foreach ($whitelist_domains as $domain) {
$domain = trim($domain);
if (strrpos($remote_domain, $domain) !== false) {
return true;
}
}
}
}
// === SANITY CHECK - END ===
// DO I have any kind of log? Let's get some extra info
if ($this->cparams->getValue('logbreaches', 0) && !in_array($reason, $reasons_nolog) || $this->cparams->getValue('emailbreaches', '') && !in_array($reason, $reasons_noemail)) {
$uri = JURI::getInstance();
$url = $uri->toString(array('scheme', 'user', 'pass', 'host', 'port', 'path', 'query', 'fragment'));
JLoader::import('joomla.utilities.date');
$date = new JDate();
$user = JFactory::getUser();
if ($user->guest) {
$username = '******';
} else {
$username = $user->username . ' (' . $user->name . ' <' . $user->email . '>)';
}
$country = '';
$continent = '';
if (class_exists('AkeebaGeoipProvider')) {
$geoip = new AkeebaGeoipProvider();
$country = $geoip->getCountryCode($ip);
$continent = $geoip->getContinent($ip);
}
if (empty($country)) {
$country = '(unknown country)';
}
if (empty($continent)) {
$continent = '(unknown continent)';
}
}
if ($this->cparams->getValue('logbreaches', 0) && !in_array($reason, $reasons_nolog)) {
// Logging to file
$config = JFactory::getConfig();
$logpath = $config->get('log_path');
$fname = $logpath . DIRECTORY_SEPARATOR . 'admintools_breaches.log';
// -- Check the file size. If it's over 1Mb, archive and start a new log.
if (@file_exists($fname)) {
$fsize = filesize($fname);
if ($fsize > 1048756) {
if (@file_exists($fname . '.1')) {
unlink($fname . '.1');
}
@copy($fname, $fname . '.1');
@unlink($fname);
}
}
// -- Log the exception
$fp = @fopen($fname, 'at');
if ($fp !== false) {
fwrite($fp, str_repeat('-', 79) . "\n");
fwrite($fp, "Blocking reason: " . $reason . "\n" . str_repeat('-', 79) . "\n");
fwrite($fp, 'Date/time : ' . gmdate('Y-m-d H:i:s') . " GMT\n");
fwrite($fp, 'URL : ' . $url . "\n");
fwrite($fp, 'User : '******'IP : ' . $ip . "\n");
fwrite($fp, 'Country : ' . $country . "\n");
fwrite($fp, 'Continent : ' . $continent . "\n");
fwrite($fp, 'UA : ' . $_SERVER['HTTP_USER_AGENT'] . "\n");
if (!empty($extraLogInformation)) {
fwrite($fp, $extraLogInformation . "\n");
}
fwrite($fp, "\n\n");
fclose($fp);
}
// ...and write a record to the log table
$db = JFactory::getDBO();
$logEntry = (object) array('logdate' => $date->toSql(), 'ip' => $ip, 'url' => $url, 'reason' => $reason, 'extradata' => $extraLogTableInformation);
try {
$db->insertObject('#__admintools_log', $logEntry);
} catch (Exception $e) {
// Do nothing if the query fails
}
}
$emailbreaches = $this->cparams->getValue('emailbreaches', '');
if (!empty($emailbreaches) && !in_array($reason, $reasons_noemail)) {
// Load the component's administrator translation files
$jlang = JFactory::getLanguage();
$jlang->load('com_admintools', JPATH_ADMINISTRATOR, 'en-GB', true);
$jlang->load('com_admintools', JPATH_ADMINISTRATOR, $jlang->getDefault(), true);
$jlang->load('com_admintools', JPATH_ADMINISTRATOR, null, true);
// Get the site name
$config = JFactory::getConfig();
$sitename = $config->get('sitename');
// Create a link to lookup the IP
$ip_link = $this->cparams->getValue('iplookupscheme', 'http') . '://' . $this->cparams->getValue('iplookup', 'ip-lookup.net/index.php?ip={ip}');
$ip_link = str_replace('{ip}', $ip, $ip_link);
// Get the reason in human readable format
$txtReason = JText::_('ATOOLS_LBL_REASON_' . strtoupper($reason));
// Get extra information
if ($extraLogTableInformation) {
list($logReason, ) = explode('|', $extraLogTableInformation);
$txtReason .= " ({$logReason})";
}
// Send the email
$mailer = JFactory::getMailer();
$mailfrom = $config->get('mailfrom');
$fromname = $config->get('fromname');
// Let's get the most suitable email template
$template = $this->getEmailTemplate($reason);
// Got no template, the user didn't published any email template, or the template doesn't want us to
// send a notification email. Anyway, let's stop here
if (!$template) {
return true;
} else {
$subject = $template[0];
$body = $template[1];
}
$tokens = array('[SITENAME]' => $sitename, '[REASON]' => $txtReason, '[DATE]' => gmdate('Y-m-d H:i:s') . " GMT", '[URL]' => $url, '[USER]' => $username, '[IP]' => $ip, '[LOOKUP]' => '<a href="' . $ip_link . '">IP Lookup</a>', '[COUNTRY]' => $country, '[CONTINENT]' => $continent, '[UA]' => $_SERVER['HTTP_USER_AGENT']);
$subject = str_replace(array_keys($tokens), array_values($tokens), $subject);
$body = str_replace(array_keys($tokens), array_values($tokens), $body);
$recipients = explode(',', $emailbreaches);
$recipients = array_map('trim', $recipients);
foreach ($recipients as $recipient) {
$mailer->isHtml(true);
$mailer->setSender(array($mailfrom, $fromname));
$mailer->addRecipient($recipient);
$mailer->setSubject($subject);
$mailer->setBody($body);
$mailer->Send();
}
}
return true;
}
