function shDoAntiFloodCheck($ip) { $sefConfig = Sh404sefFactory::getConfig(); if (!$sefConfig->shSecActivateAntiFlood || empty($sefConfig->shSecAntiFloodPeriod) || $sefConfig->shSecAntiFloodOnlyOnPOST && empty($_POST) || empty($sefConfig->shSecAntiFloodCount) || empty($ip)) { return; } // disable for requests coming from same site, including ajax calls // coming from jomsocial // activate if using JomSocial on your site, removing the /* and */ marks surrounding the next few lines /* $referrer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; if (!empty($referrer) && strpos( $referrer, Sh404sefFactory::getPageInfo()->getDefaultLiveSite()) === 0) { if (!empty($_POST['option']) && $_POST['option'] == 'community' && !empty( $_POST['task']) && $_POST['task'] == 'azrul_ajax') { return; } } */ // end of Jomsocial specific code $nextId = 1; $cTime = time(); $count = 0; $floodData = shReadFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat'); if (!empty($floodData)) { // find next id $lastRec = $floodData[count($floodData) - 1]; $lastRecId = explode(',', $lastRec); if (!empty($lastRecId)) { $nextId = intval($lastRecId[0]) + 1; } // trim flood data : remove lines older than set time limit foreach ($floodData as $data) { $rec = explode(', ', $data); if (empty($rec[2]) || $cTime - intVal($rec[2]) > $sefConfig->shSecAntiFloodPeriod) { unset($floodData[$count]); } $count++; } $floodData = array_filter($floodData); } // we have only requests made in the last $sefConfig->shSecAntiFloodPeriod seconds left in $floodArray $count = 0; if (!empty($floodData)) { foreach ($floodData as $data) { $rec = explode(',', $data); if (!empty($rec[1]) && JString::trim($rec[1]) == $ip) { $count++; } } } // log current request $floodData[] = $nextId . ', ' . $ip . ', ' . $cTime; // write to file; $saveData = implode("\n", $floodData); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat', $saveData); if ($count >= $sefConfig->shSecAntiFloodCount) { shDoRestrictedAccess('Flooding', $count . ' requests in less than ' . $sefConfig->shSecAntiFloodPeriod . ' seconds (max = ' . $sefConfig->shSecAntiFloodCount . ')'); } }
function shDoAntiFloodCheck($ip) { $sefConfig = shRouter::shGetConfig(); if (!$sefConfig->shSecActivateAntiFlood || empty($sefConfig->shSecAntiFloodPeriod) || $sefConfig->shSecAntiFloodOnlyOnPOST && empty($_POST) || empty($sefConfig->shSecAntiFloodCount) || empty($ip)) { return; } $nextId = 1; $cTime = time(); $count = 0; $floodData = shReadFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat'); if (!empty($floodData)) { // find next id $lastRec = $floodData[count($floodData) - 1]; $lastRecId = explode(',', $lastRec); if (!empty($lastRecId)) { $nextId = intval($lastRecId[0]) + 1; } // trim flood data : remove lines older than set time limit foreach ($floodData as $data) { $rec = explode(', ', $data); if (empty($rec[2]) || $cTime - intVal($rec[2]) > $sefConfig->shSecAntiFloodPeriod) { unset($floodData[$count]); } $count++; } $floodData = array_filter($floodData); } // we have only requests made in the last $sefConfig->shSecAntiFloodPeriod seconds left in $floodArray $count = 0; if (!empty($floodData)) { foreach ($floodData as $data) { $rec = explode(',', $data); if (!empty($rec[1]) && JString::trim($rec[1]) == $ip) { $count++; } } } // log current request $floodData[] = $nextId . ', ' . $ip . ', ' . $cTime; // write to file; $saveData = implode("\n", $floodData); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat', $saveData); if ($count >= $sefConfig->shSecAntiFloodCount) { shDoRestrictedAccess('Flooding', $count . ' requests in less than ' . $sefConfig->shSecAntiFloodPeriod . ' seconds (max = ' . $sefConfig->shSecAntiFloodCount . ')'); } }
function saveConfig($return_data = 0) { $sef_config_file = sh404SEF_ADMIN_ABS_PATH . 'config/config.sef.php'; $database =& JFactory::getDBO(); $quoteGPC = get_magic_quotes_gpc(); $user = JFactory::getUser(); $userName = empty($user) ? '-' : $user->username; $userId = empty($user) ? '-' : $user->id; //build the data file $config_data = '<?php' . "\n" . '// config.sef.php : configuration file for sh404SEF for Joomla 1.5.x' . "\n" . '// ' . $this->version . "\n" . '// saved at: ' . date('Y-m-d H:i:s') . "\n" . '// by: ' . $userName . ' (id: ' . $userId . ' )' . "\n" . '// domain: ' . sh404sefFactory::getPageInfo()->getDefaultFrontLiveSite() . "\n\n" . 'if (!defined(\'_JEXEC\')) die(\'Direct Access to this location is not allowed.\');' . "\n\n"; foreach ($this as $key => $value) { if ($key != "0" && $key != 'ipWhiteList' && $key != 'ipBlackList' && $key != 'uAgentWhiteList' && $key != 'uAgentBlackList' && $key != 'defaultParamList') { $config_data .= "\${$key} = "; if ($key == 'shLangTranslateList' || $key == 'shLangInsertCodeList' || $key == 'defaultComponentStringList' || $key == 'pageTexts' || $key == 'liveSites') { $datastring = ''; foreach ($value as $key2 => $data) { $datastring .= '"' . $key2 . '"=>' . '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",'; } $datastring = JString::substr($datastring, 0, -1); $config_data .= "array({$datastring})"; } else { switch (gettype($value)) { case "boolean": $config_data .= $value ? "true" : "false"; break; case "string": $datastring = str_replace("'", "\\'", $quoteGPC ? stripslashes($value) : $value); $config_data .= "'" . $datastring . "'"; break; case "integer": case "double": $config_data .= strval($value); break; case "array": $datastring = ''; foreach ($value as $key2 => $data) { $datastring .= '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",'; } $datastring = JString::substr($datastring, 0, -1); $config_data .= "array({$datastring})"; break; default: $config_data .= "null"; break; } } $config_data .= ";\n"; } } $config_data .= '?' . '>'; if ($return_data == 1) { return $config_data; } else { // write to disk $trans_tbl = get_html_translation_table(HTML_ENTITIES); $trans_tbl = array_flip($trans_tbl); $config_data = strtr($config_data, $trans_tbl); jimport('joomla.filesystem.file'); $ret = JFile::write($sef_config_file, $config_data); // save lists shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_white_list.dat', $this->ipWhiteList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_black_list.dat', $this->ipBlackList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_white_list.dat', $this->uAgentWhiteList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_black_list.dat', $this->uAgentBlackList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'custom.sef.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList); // V 1.2.4.q : save copy of config file to other location for automatic recovering of config when upgrading $fileName = sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', sh404sefFactory::getPageInfo()->getDefaultFrontLiveSite())) . '.php'; JFile::write($fileName, $config_data); // save lists to backup location if (!is_writable(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security')) { jimport('joomla.filesystem.folder'); JFolder::create(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security'); } shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_IP_white_list.dat', $this->ipWhiteList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_IP_black_list.dat', $this->ipBlackList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_uAgent_white_list.dat', $this->uAgentWhiteList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_uAgent_black_list.dat', $this->uAgentBlackList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', sh404sefFactory::getPageInfo()->getDefaultFrontLiveSite())) . '.custom.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList); // v 3.0+ : as we are now using J! router, we need to update the global configuration object with the rewrite mode setting // as otherwise users would have to manually change it return $ret; } }
function saveConfig($return_data = 0) { global $sef_config_file; $database =& JFactory::getDBO(); $quoteGPC = get_magic_quotes_gpc(); $user = JFactory::getUser(); $userName = empty($user) ? '-' : $user->username; $userId = empty($user) ? '-' : $user->id; //build the data file $config_data = '<?php' . "\n" . '// config.sef.php : configuration file for sh404SEF for Joomla 1.5.x' . "\n" . '// ' . $this->version . "\n" . '// saved at: ' . date('Y-m-d H:i:s') . "\n" . '// by: ' . $userName . ' (id: ' . $userId . ' )' . "\n" . '// domain: ' . $GLOBALS['shConfigFrontLiveSite'] . "\n\n" . 'if (!defined(\'_JEXEC\')) die(\'Direct Access to this location is not allowed.\');' . "\n\n"; foreach ($this as $key => $value) { if ($key != "0" && $key != 'ipWhiteList' && $key != 'ipBlackList' && $key != 'uAgentWhiteList' && $key != 'uAgentBlackList' && $key != 'defaultParamList') { $config_data .= "\${$key} = "; if ($key == 'shLangTranslateList' || $key == 'shLangInsertCodeList' || $key == 'defaultComponentStringList' || $key == 'pageTexts') { $datastring = ''; foreach ($value as $key2 => $data) { $datastring .= '"' . $key2 . '"=>' . '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",'; } $datastring = substr($datastring, 0, -1); $config_data .= "array({$datastring})"; } else { switch (gettype($value)) { case "boolean": $config_data .= $value ? "true" : "false"; break; case "string": $config_data .= "\"" . str_replace('"', '\\"', $quoteGPC ? stripslashes($value) : $value) . "\""; break; case "integer": case "double": $config_data .= strval($value); break; case "array": $datastring = ''; foreach ($value as $key2 => $data) { $datastring .= '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",'; } $datastring = substr($datastring, 0, -1); $config_data .= "array({$datastring})"; break; default: $config_data .= "null"; break; } } $config_data .= ";\n"; } } $config_data .= '?' . '>'; if ($return_data == 1) { return $config_data; } else { // write to disk //if (is_writable($sef_config_file)) { $trans_tbl = get_html_translation_table(HTML_ENTITIES); $trans_tbl = array_flip($trans_tbl); $config_data = strtr($config_data, $trans_tbl); $fd = fopen($sef_config_file, "wb"); if (fwrite($fd, $config_data, strlen($config_data)) === FALSE) { $ret = 0; } else { $ret = 1; } fclose($fd); // save lists shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_white_list.txt', $this->ipWhiteList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_black_list.txt', $this->ipBlackList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_white_list.txt', $this->uAgentWhiteList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_black_list.txt', $this->uAgentBlackList); shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'custom.sef.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList); // V 1.2.4.q : save copy of config file to other location for automatic recovering of config when upgrading $fd = fopen(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', $GLOBALS['shConfigFrontLiveSite'])) . '.php', "w"); fwrite($fd, $config_data, strlen($config_data)); fclose($fd); // save lists to backup location if (!is_writable(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security')) { @mkdir(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security'); } shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_IP_white_list.txt', $this->ipWhiteList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_IP_black_list.txt', $this->ipBlackList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_uAgent_white_list.txt', $this->uAgentWhiteList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_uAgent_black_list.txt', $this->uAgentBlackList); shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', $GLOBALS['shConfigFrontLiveSite'])) . '.custom.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList); return $ret; } }