function shDoAntiFloodCheck($ip)
{
$sefConfig = Sh404sefFactory::getConfig();
if (!$sefConfig->shSecActivateAntiFlood || empty($sefConfig->shSecAntiFloodPeriod) || $sefConfig->shSecAntiFloodOnlyOnPOST && empty($_POST) || empty($sefConfig->shSecAntiFloodCount) || empty($ip)) {
return;
}
// disable for requests coming from same site, including ajax calls
// coming from jomsocial
// activate if using JomSocial on your site, removing the /* and */ marks surrounding the next few lines
/*
$referrer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
if (!empty($referrer) && strpos( $referrer, Sh404sefFactory::getPageInfo()->getDefaultLiveSite()) === 0) {
if (!empty($_POST['option']) && $_POST['option'] == 'community'
&& !empty( $_POST['task']) && $_POST['task'] == 'azrul_ajax') {
return;
}
}
*/
// end of Jomsocial specific code
$nextId = 1;
$cTime = time();
$count = 0;
$floodData = shReadFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat');
if (!empty($floodData)) {
// find next id
$lastRec = $floodData[count($floodData) - 1];
$lastRecId = explode(',', $lastRec);
if (!empty($lastRecId)) {
$nextId = intval($lastRecId[0]) + 1;
}
// trim flood data : remove lines older than set time limit
foreach ($floodData as $data) {
$rec = explode(', ', $data);
if (empty($rec[2]) || $cTime - intVal($rec[2]) > $sefConfig->shSecAntiFloodPeriod) {
unset($floodData[$count]);
}
$count++;
}
$floodData = array_filter($floodData);
}
// we have only requests made in the last $sefConfig->shSecAntiFloodPeriod seconds left in $floodArray
$count = 0;
if (!empty($floodData)) {
foreach ($floodData as $data) {
$rec = explode(',', $data);
if (!empty($rec[1]) && JString::trim($rec[1]) == $ip) {
$count++;
}
}
}
// log current request
$floodData[] = $nextId . ', ' . $ip . ', ' . $cTime;
// write to file;
$saveData = implode("\n", $floodData);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat', $saveData);
if ($count >= $sefConfig->shSecAntiFloodCount) {
shDoRestrictedAccess('Flooding', $count . ' requests in less than ' . $sefConfig->shSecAntiFloodPeriod . ' seconds (max = ' . $sefConfig->shSecAntiFloodCount . ')');
}
}
function shDoAntiFloodCheck($ip)
{
$sefConfig = shRouter::shGetConfig();
if (!$sefConfig->shSecActivateAntiFlood || empty($sefConfig->shSecAntiFloodPeriod) || $sefConfig->shSecAntiFloodOnlyOnPOST && empty($_POST) || empty($sefConfig->shSecAntiFloodCount) || empty($ip)) {
return;
}
$nextId = 1;
$cTime = time();
$count = 0;
$floodData = shReadFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat');
if (!empty($floodData)) {
// find next id
$lastRec = $floodData[count($floodData) - 1];
$lastRecId = explode(',', $lastRec);
if (!empty($lastRecId)) {
$nextId = intval($lastRecId[0]) + 1;
}
// trim flood data : remove lines older than set time limit
foreach ($floodData as $data) {
$rec = explode(', ', $data);
if (empty($rec[2]) || $cTime - intVal($rec[2]) > $sefConfig->shSecAntiFloodPeriod) {
unset($floodData[$count]);
}
$count++;
}
$floodData = array_filter($floodData);
}
// we have only requests made in the last $sefConfig->shSecAntiFloodPeriod seconds left in $floodArray
$count = 0;
if (!empty($floodData)) {
foreach ($floodData as $data) {
$rec = explode(',', $data);
if (!empty($rec[1]) && JString::trim($rec[1]) == $ip) {
$count++;
}
}
}
// log current request
$floodData[] = $nextId . ', ' . $ip . ', ' . $cTime;
// write to file;
$saveData = implode("\n", $floodData);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_AntiFlood_Data.dat', $saveData);
if ($count >= $sefConfig->shSecAntiFloodCount) {
shDoRestrictedAccess('Flooding', $count . ' requests in less than ' . $sefConfig->shSecAntiFloodPeriod . ' seconds (max = ' . $sefConfig->shSecAntiFloodCount . ')');
}
}
function saveConfig($return_data = 0)
{
$sef_config_file = sh404SEF_ADMIN_ABS_PATH . 'config/config.sef.php';
$database =& JFactory::getDBO();
$quoteGPC = get_magic_quotes_gpc();
$user = JFactory::getUser();
$userName = empty($user) ? '-' : $user->username;
$userId = empty($user) ? '-' : $user->id;
//build the data file
$config_data = '<?php' . "\n" . '// config.sef.php : configuration file for sh404SEF for Joomla 1.5.x' . "\n" . '// ' . $this->version . "\n" . '// saved at: ' . date('Y-m-d H:i:s') . "\n" . '// by: ' . $userName . ' (id: ' . $userId . ' )' . "\n" . '// domain: ' . sh404sefFactory::getPageInfo()->getDefaultFrontLiveSite() . "\n\n" . 'if (!defined(\'_JEXEC\')) die(\'Direct Access to this location is not allowed.\');' . "\n\n";
foreach ($this as $key => $value) {
if ($key != "0" && $key != 'ipWhiteList' && $key != 'ipBlackList' && $key != 'uAgentWhiteList' && $key != 'uAgentBlackList' && $key != 'defaultParamList') {
$config_data .= "\${$key} = ";
if ($key == 'shLangTranslateList' || $key == 'shLangInsertCodeList' || $key == 'defaultComponentStringList' || $key == 'pageTexts' || $key == 'liveSites') {
$datastring = '';
foreach ($value as $key2 => $data) {
$datastring .= '"' . $key2 . '"=>' . '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",';
}
$datastring = JString::substr($datastring, 0, -1);
$config_data .= "array({$datastring})";
} else {
switch (gettype($value)) {
case "boolean":
$config_data .= $value ? "true" : "false";
break;
case "string":
$datastring = str_replace("'", "\\'", $quoteGPC ? stripslashes($value) : $value);
$config_data .= "'" . $datastring . "'";
break;
case "integer":
case "double":
$config_data .= strval($value);
break;
case "array":
$datastring = '';
foreach ($value as $key2 => $data) {
$datastring .= '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",';
}
$datastring = JString::substr($datastring, 0, -1);
$config_data .= "array({$datastring})";
break;
default:
$config_data .= "null";
break;
}
}
$config_data .= ";\n";
}
}
$config_data .= '?' . '>';
if ($return_data == 1) {
return $config_data;
} else {
// write to disk
$trans_tbl = get_html_translation_table(HTML_ENTITIES);
$trans_tbl = array_flip($trans_tbl);
$config_data = strtr($config_data, $trans_tbl);
jimport('joomla.filesystem.file');
$ret = JFile::write($sef_config_file, $config_data);
// save lists
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_white_list.dat', $this->ipWhiteList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_black_list.dat', $this->ipBlackList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_white_list.dat', $this->uAgentWhiteList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_black_list.dat', $this->uAgentBlackList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'custom.sef.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList);
// V 1.2.4.q : save copy of config file to other location for automatic recovering of config when upgrading
$fileName = sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', sh404sefFactory::getPageInfo()->getDefaultFrontLiveSite())) . '.php';
JFile::write($fileName, $config_data);
// save lists to backup location
if (!is_writable(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security')) {
jimport('joomla.filesystem.folder');
JFolder::create(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security');
}
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_IP_white_list.dat', $this->ipWhiteList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_IP_black_list.dat', $this->ipBlackList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_uAgent_white_list.dat', $this->uAgentWhiteList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_security/sh404SEF_uAgent_black_list.dat', $this->uAgentBlackList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404sef/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', sh404sefFactory::getPageInfo()->getDefaultFrontLiveSite())) . '.custom.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList);
// v 3.0+ : as we are now using J! router, we need to update the global configuration object with the rewrite mode setting
// as otherwise users would have to manually change it
return $ret;
}
}
function saveConfig($return_data = 0)
{
global $sef_config_file;
$database =& JFactory::getDBO();
$quoteGPC = get_magic_quotes_gpc();
$user = JFactory::getUser();
$userName = empty($user) ? '-' : $user->username;
$userId = empty($user) ? '-' : $user->id;
//build the data file
$config_data = '<?php' . "\n" . '// config.sef.php : configuration file for sh404SEF for Joomla 1.5.x' . "\n" . '// ' . $this->version . "\n" . '// saved at: ' . date('Y-m-d H:i:s') . "\n" . '// by: ' . $userName . ' (id: ' . $userId . ' )' . "\n" . '// domain: ' . $GLOBALS['shConfigFrontLiveSite'] . "\n\n" . 'if (!defined(\'_JEXEC\')) die(\'Direct Access to this location is not allowed.\');' . "\n\n";
foreach ($this as $key => $value) {
if ($key != "0" && $key != 'ipWhiteList' && $key != 'ipBlackList' && $key != 'uAgentWhiteList' && $key != 'uAgentBlackList' && $key != 'defaultParamList') {
$config_data .= "\${$key} = ";
if ($key == 'shLangTranslateList' || $key == 'shLangInsertCodeList' || $key == 'defaultComponentStringList' || $key == 'pageTexts') {
$datastring = '';
foreach ($value as $key2 => $data) {
$datastring .= '"' . $key2 . '"=>' . '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",';
}
$datastring = substr($datastring, 0, -1);
$config_data .= "array({$datastring})";
} else {
switch (gettype($value)) {
case "boolean":
$config_data .= $value ? "true" : "false";
break;
case "string":
$config_data .= "\"" . str_replace('"', '\\"', $quoteGPC ? stripslashes($value) : $value) . "\"";
break;
case "integer":
case "double":
$config_data .= strval($value);
break;
case "array":
$datastring = '';
foreach ($value as $key2 => $data) {
$datastring .= '"' . str_replace('"', '\\"', $quoteGPC ? stripslashes($data) : $data) . '",';
}
$datastring = substr($datastring, 0, -1);
$config_data .= "array({$datastring})";
break;
default:
$config_data .= "null";
break;
}
}
$config_data .= ";\n";
}
}
$config_data .= '?' . '>';
if ($return_data == 1) {
return $config_data;
} else {
// write to disk
//if (is_writable($sef_config_file)) {
$trans_tbl = get_html_translation_table(HTML_ENTITIES);
$trans_tbl = array_flip($trans_tbl);
$config_data = strtr($config_data, $trans_tbl);
$fd = fopen($sef_config_file, "wb");
if (fwrite($fd, $config_data, strlen($config_data)) === FALSE) {
$ret = 0;
} else {
$ret = 1;
}
fclose($fd);
// save lists
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_white_list.txt', $this->ipWhiteList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_IP_black_list.txt', $this->ipBlackList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_white_list.txt', $this->uAgentWhiteList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'security/sh404SEF_uAgent_black_list.txt', $this->uAgentBlackList);
shSaveFile(sh404SEF_ADMIN_ABS_PATH . 'custom.sef.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList);
// V 1.2.4.q : save copy of config file to other location for automatic recovering of config when upgrading
$fd = fopen(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', $GLOBALS['shConfigFrontLiveSite'])) . '.php', "w");
fwrite($fd, $config_data, strlen($config_data));
fclose($fd);
// save lists to backup location
if (!is_writable(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security')) {
@mkdir(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security');
}
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_IP_white_list.txt', $this->ipWhiteList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_IP_black_list.txt', $this->ipBlackList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_uAgent_white_list.txt', $this->uAgentWhiteList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_security/sh404SEF_uAgent_black_list.txt', $this->uAgentBlackList);
shSaveFile(sh404SEF_ABS_PATH . 'media/sh404_upgrade_conf_' . str_replace('/', '_', str_replace('http://', '', $GLOBALS['shConfigFrontLiveSite'])) . '.custom.php', $quoteGPC ? stripslashes($this->defaultParamList) : $this->defaultParamList);
return $ret;
}
}
