Esempio n. 1
0
 /**
  * Logs an IP for an action.
  *
  * @param integer $userId User causing action
  * @param string $contentType Type of content (user, post)
  * @param integer $contentId ID of content
  * @param string $action Action (insert, login)
  * @param string|null $ipAddress IP address or null to pull from request
  * @param integer|null $date Timestamp to tag IP with
  *
  * @return integer ID of inserted IP; 0 if no insert
  */
 public function logIp($userId, $contentType, $contentId, $action, $ipAddress = null, $date = null)
 {
     $ipAddress = XenForo_Helper_Ip::getBinaryIp(null, $ipAddress);
     if (!$ipAddress) {
         return 0;
     }
     if ($date === null) {
         $date = XenForo_Application::$time;
     }
     $this->_getDb()->insert('xf_ip', array('user_id' => $userId, 'content_type' => $contentType, 'content_id' => $contentId, 'action' => $action, 'ip' => $ipAddress, 'log_date' => max(0, $date)));
     return $this->_getDb()->lastInsertId();
 }
Esempio n. 2
0
 public function logAdminRequest(Zend_Controller_Request_Http $request, array $requestData = null, $ipAddress = null)
 {
     $baseUrl = $request->getBaseUrl();
     $requestUri = $request->getRequestUri();
     if (substr($requestUri, 0, strlen($baseUrl)) == $baseUrl) {
         $routeBase = substr($requestUri, strlen($baseUrl));
         $routeBase = preg_replace('/^\\?/', '', $routeBase);
     } else {
         $routeBase = $requestUri;
     }
     if ($requestData === null) {
         $requestData = $this->_filterAdminLogRequestData($_POST);
     }
     $ipAddress = XenForo_Helper_Ip::getBinaryIp(null, $ipAddress, '');
     $this->_getDb()->insert('xf_admin_log', array('request_date' => XenForo_Application::$time, 'user_id' => XenForo_Visitor::getUserId(), 'ip_address' => $ipAddress, 'request_url' => $routeBase, 'request_data' => json_encode($requestData)));
 }
Esempio n. 3
0
 /**
  * Logs that the spam handler was triggered, if the result was not allowed.
  *
  * @param string $contentType
  * @param integer $contentId
  * @param string|null $result
  * @param array|null $details
  * @param null|integer $userId
  * @param null|string $ipAddress
  *
  * @return bool|int True if updated, false if no change, int ID if inserted
  */
 public function logSpamTrigger($contentType, $contentId, $result = null, array $details = null, $userId = null, $ipAddress = null)
 {
     if ($result === null) {
         $result = $this->getLastCheckResult();
     }
     switch ($result) {
         case self::RESULT_DENIED:
         case self::RESULT_MODERATED:
             break;
         default:
             return false;
     }
     $ipAddress = XenForo_Helper_Ip::getBinaryIp(null, $ipAddress);
     if ($userId === null) {
         $userId = XenForo_Visitor::getUserId();
     }
     if (!$contentId) {
         $contentId = null;
     }
     if ($contentType == 'user') {
         $userId = $contentId ? $contentId : 0;
     }
     if ($details === null) {
         $details = $this->getLastCheckDetails();
     }
     $requestPaths = XenForo_Application::get('requestPaths');
     $request = array('url' => $requestPaths['fullUri'], 'referrer' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', '_GET' => $_GET, '_POST' => $_POST);
     // don't log passwords
     foreach ($request['_POST'] as $key => &$value) {
         if (strpos($key, 'password') !== false || $key == '_xfToken') {
             $value = '********';
         }
     }
     $query = $this->_getDb()->query("\n\t\t\tINSERT INTO xf_spam_trigger_log\n\t\t\t\t(content_type, content_id, log_date, user_id, ip_address, result, details, request_state)\n\t\t\tVALUES\n\t\t\t\t(?, ?, ?, ?, ?, ?, ?, ?)\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\tlog_date = VALUES(log_date),\n\t\t\t\tuser_id = VALUES(user_id),\n\t\t\t\tip_address = VALUES(ip_address),\n\t\t\t\tresult = VALUES(result),\n\t\t\t\tdetails = VALUES(details),\n\t\t\t\trequest_state = VALUES(request_state)\n\t\t", array($contentType, $contentId, XenForo_Application::$time, $userId, $ipAddress, $result, serialize($details), serialize($request)));
     return $query->rowCount() == 1 ? $this->_getDb()->lastInsertId() : true;
 }
Esempio n. 4
0
 public static function logException($e, $rollbackTransactions = true, $messagePrefix = '')
 {
     $isValidArg = $e instanceof Exception || $e instanceof Throwable;
     if (!$isValidArg) {
         throw new Exception("logException requires an Exception or a Throwable");
     }
     try {
         $db = XenForo_Application::getDb();
         if ($db->getConnection()) {
             if ($rollbackTransactions) {
                 @XenForo_Db::rollbackAll($db);
             }
             $dbVersionId = @$db->fetchOne("SELECT option_value FROM xf_option WHERE option_id = 'currentVersionId'");
             if ($dbVersionId && $dbVersionId != XenForo_Application::$versionId) {
                 // do not log errors when an upgrade is pending
                 return;
             }
             if (!file_exists(XenForo_Helper_File::getInternalDataPath() . '/install-lock.php')) {
                 // install hasn't finished yet, don't write
                 return;
             }
             $rootDir = XenForo_Application::getInstance()->getRootDir();
             $file = $e->getFile();
             if (strpos($file, $rootDir) === 0) {
                 $file = substr($file, strlen($rootDir));
                 if (strlen($file) && ($file[0] == '/' || $file[0] == '\\')) {
                     $file = substr($file, 1);
                 }
             }
             $requestPaths = XenForo_Application::get('requestPaths');
             $request = array('url' => $requestPaths['fullUri'], '_GET' => $_GET, '_POST' => $_POST);
             // don't log passwords
             foreach ($request['_POST'] as $key => &$value) {
                 if (strpos($key, 'password') !== false || $key == '_xfToken') {
                     $value = '********';
                 }
             }
             $db->insert('xf_error_log', array('exception_date' => XenForo_Application::$time, 'user_id' => XenForo_Visitor::hasInstance() ? XenForo_Visitor::getUserId() : null, 'ip_address' => XenForo_Helper_Ip::getBinaryIp(), 'exception_type' => get_class($e), 'message' => $messagePrefix . $e->getMessage(), 'filename' => $file, 'line' => $e->getLine(), 'trace_string' => $e->getTraceAsString(), 'request_state' => serialize($request)));
         }
     } catch (Exception $e) {
     }
 }
Esempio n. 5
0
    /**
     * Updates the session activity of a user.
     *
     * @param integer $userId
     * @param string $ip IP of visiting user
     * @param string $controllerName Last controller class that was invoked
     * @param string $action Last action that was invoked
     * @param string $viewState Either "valid" or "error"
     * @param array $inputParams List of special input params, to include to help get more info on current activity
     * @param integer|null $viewDate The timestamp of the last page view; defaults to now
     * @param string $robotKey
     */
    public function updateSessionActivity($userId, $ip, $controllerName, $action, $viewState, array $inputParams, $viewDate = null, $robotKey = '')
    {
        $userId = intval($userId);
        $ipNum = XenForo_Helper_Ip::getBinaryIp(null, $ip, '');
        $uniqueKey = $userId ? $userId : $ipNum;
        if ($userId) {
            $robotKey = '';
        }
        if (!$viewDate) {
            $viewDate = XenForo_Application::$time;
        }
        $logParams = array();
        foreach ($inputParams as $paramKey => $paramValue) {
            if (!strlen($paramKey) || $paramKey[0] == '_' || !is_scalar($paramValue)) {
                continue;
            }
            $logParams[] = "{$paramKey}=" . urlencode($paramValue);
        }
        $paramList = implode('&', $logParams);
        $paramList = substr($paramList, 0, 100);
        $controllerName = substr($controllerName, 0, 50);
        $action = substr($action, 0, 50);
        try {
            $this->_getDb()->query('
				INSERT INTO xf_session_activity
					(user_id, unique_key, ip, controller_name, controller_action, view_state, params, view_date, robot_key)
				VALUES
					(?, ?, ?, ?, ?, ?, ?, ?, ?)
				ON DUPLICATE KEY UPDATE
					ip = VALUES(ip),
					controller_name = VALUES(controller_name),
					controller_action = VALUES(controller_action),
					view_state = VALUES(view_state),
					params = VALUES(params),
					view_date = VALUES(view_date),
					robot_key = VALUES(robot_key)
			', array($userId, $uniqueKey, $ipNum, $controllerName, $action, $viewState, $paramList, $viewDate, $robotKey));
        } catch (Zend_Db_Exception $e) {
        }
        // ignore db errors here, not that important
    }
Esempio n. 6
0
 public function clearLoginAttempts($usernameOrEmail, $ipAddress = null)
 {
     $ipAddress = XenForo_Helper_Ip::getBinaryIp(null, $ipAddress);
     $db = $this->_getDb();
     $db->delete('xf_login_attempt', 'login = '******' AND ip_address = ' . $db->quote($ipAddress));
 }
Esempio n. 7
0
 /**
  * Starts the session running.
  *
  * @param string|null Session ID. If not provided, read from cookie.
  * @param string|null IP address in one of various formats, for limiting access. If null, grabbed automatically.
  */
 public function start($sessionId = null, $ipAddress = null)
 {
     if (!headers_sent()) {
         header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
         header('Cache-control: private, max-age=0');
     }
     if ($sessionId === null) {
         if (isset($_POST['_xfSessionId']) && is_string($_POST['_xfSessionId'])) {
             $sessionId = $_POST['_xfSessionId'];
         } else {
             $cookie = XenForo_Application::get('config')->cookie->prefix . $this->_config['cookie'];
             $sessionId = isset($_COOKIE[$cookie]) ? $_COOKIE[$cookie] : '';
         }
         $sessionId = is_string($sessionId) ? $sessionId : '';
     }
     if ($ipAddress == null) {
         $ipAddress = XenForo_Helper_Ip::getBinaryIp();
     } else {
         $ipAddress = XenForo_Helper_Ip::convertIpStringToBinary($ipAddress);
     }
     $this->_setup($sessionId, $ipAddress);
 }
 public function logSpamTrigger($contentType, $contentId, $result = null, array $details = null, $userId = null, $ipAddress = null)
 {
     if ($result === null) {
         $result = $this->getLastCheckResult();
     }
     $hax = FALSE;
     if ($result == self::RESULT_ALLOWED) {
         $result = self::RESULT_MODERATED;
         $hax = TRUE;
     }
     $return = parent::logSpamTrigger($contentType, $contentId, $result, $details, $userId, $ipAddress);
     if ($hax) {
         $this->_getDb()->query('UPDATE xf_spam_trigger_log SET result="allowed" WHERE log_date=? AND result=? AND ip_address=?', array(XenForo_Application::$time, self::RESULT_MODERATED, XenForo_Helper_Ip::getBinaryIp(null, $ipAddress)));
     }
     return $return;
 }