protected function checkIP()
{
$ip = \Lampcms\Request::getIP();
d('checking IP: ' . $ip);
$res = $this->Registry->Mongo->BANNED_IP->findOne(array('_id' => $ip));
if (!empty($res)) {
throw new \Lampcms\FilterException('Unable to add new content at this time');
}
}
/**
* Get Location object for the ip address
*
* @param string $ip ip address
*
* @return object of type Location
*/
public function getLocation($ip = null)
{
$ip = null !== $ip ? $ip : \Lampcms\Request::getIP();
if (false === ($l = $this->isPublic($ip))) {
d('ip not public');
return new Location();
}
if (4 === PHP_INT_SIZE) {
$l = sprintf("%u", $l);
}
$i = (double) $l;
$a = $this->MongoDB->GEO_BLOCKS->findOne(array('s' => array('$lte' => $i), 'e' => array('$gte' => $i)), array('l'));
if (is_array($a) && !empty($a['l'])) {
/**
* Important: must exclude _id from returned data, otherwise
* it may override another _id when doing array_merge
*
*/
$loc = $this->MongoDB->GEO_LOCATION->findOne(array('_id' => $a['l']), array('_id' => 0));
return new Location($loc);
}
return new Location();
}
/**
* Make accessId - a unique
* idendifier for the current request
* based on date + appID (or ip address) and
* Viewer ID
*
* @return object $this
*/
protected function makeAccessId()
{
if (!isset($this->accessId)) {
d('making accessId. $this->Registry->clientAppId is: ' . $this->Registry->clientAppId);
$clientId = empty($this->Registry->clientAppId) ? Request::getIP() : $this->Registry->clientAppId;
d('clientId: ' . $clientId);
$this->accessId = date('Ymd') . '_' . $clientId . '_' . $this->Registry->Viewer->getUid();
}
return $this;
}
/**
* Check for previous
* failed attempts to reset password
* by using incorrect code
*
*
* @throws \Lampcms\Exception
* @return object $this
*/
protected function checkHacks()
{
$ipHacks = 0;
$uidHacks = 0;
$uid = $this->Router->getNumber(1);
$timeOffset = time() - 86400;
$cur = $this->Registry->Mongo->PASSWORD_CHANGE->find(array('i_ts' > $timeOffset));
if ($cur && $cur->count(true) > 0) {
$ip = Request::getIP();
foreach ($cur as $aVal) {
if ($ip == $aVal['ip']) {
$ipHacks += 1;
}
if ($uid == $aVal['i_uid']) {
$uidHacks += 1;
}
if ($uidHacks > 5 || $ipHacks > 5) {
e('LampcmsError: hacking of password reset link. $uidHacks: ' . $uidHacks . ' $ipHacks: ' . $ipHacks . ' from ip: ' . $ip);
$this->Registry->Dispatcher->post($this, 'onPasswordResetHack', $aVal);
throw new \Lampcms\Exception('@@Access denied@@');
}
}
}
return $this;
}
/**
* Insert record into VOTE_HACKS collection
*
* @todo move this to external class and make
* this method static, accepting only Registry
*/
protected function recordVoteHack()
{
$coll = $this->Registry->Mongo->VOTE_HACKS;
$coll->ensureIndex(array('i_ts' => 1));
$aData = array('i_uid' => $this->Registry->Viewer->getUid(), 'i_ts' => time(), 'ip' => Request::getIP());
$coll->save($aData);
return $this;
}
} catch (Lampcms\IniException $e) {
throw new \OutOfBoundsException($e->getMessage());
}
/**
* First thing is to set our timezone
*/
if (false === date_default_timezone_set($oINI->SERVER_TIMEZONE)) {
throw new \Lampcms\DevException('Invalid name of "SERVER_TIMEZONE" in !config.ini constant. The list of valid timezone names can be found here: http://us.php.net/manual/en/timezones.php');
}
/**
* The DEBUG is automatically enabled for
* users whose ip addresses are added to
* MY_IP section of config.inc
* or if script is run from console
*/
$myIP = \Lampcms\Request::getIP();
$aMyIPs = $oINI->offsetGet('MY_IP');
$debug = $oINI->DEBUG;
if ($debug || isset($aMyIPs[$myIP]) || defined('SPECIAL_LOG_FILE')) {
define('LAMPCMS_DEBUG', true);
error_reporting(E_ALL | E_DEPRECATED);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
ini_set('warn_plus_overloading', 1);
/**
* Turn on session garbage collection
* to be run at every session start
* to give us consistant behaviour
* in debug mode
* Session expiration is 5 minutes
* which means when logged in without
/**
* Update ONLINE_USERS collection
* @todo exit if useragent is of known Crawler
*
* @todo make logging guests online configurable option via Ini
*
*/
protected function run()
{
$Viewer = $this->Registry->Viewer;
$ip = Request::getIP();
$uid = $Viewer->getUid();
d('uid: ' . $uid);
$aData = array('ip' => $ip, 'i_ts' => time(), 'ua' => Request::getUserAgent(), 'action' => 'request_' . $this->Registry->Request->get('a', 's', 'home'), 'uri' => $_SERVER['REQUEST_URI'], 'title' => $this->title, 'category' => $this->category, 'a_kw' => !empty($this->aInfo['keywords']) ? explode(', ', $this->aInfo['keywords']) : array());
if ($uid > 0) {
$aData['i_uid'] = $uid;
$aData['username'] = $Viewer->getDisplayName();
$aData['avtr'] = $Viewer->getAvatarSrc();
$aData['profile'] = $Viewer->getProfileUrl();
$aData['role'] = $Viewer->getRoleId();
$aData['i_pp'] = $Viewer->getProfitPoint();
}
$Mongo = $this->Registry->Mongo->getDb();
$Geo = $this->Registry->Geo;
$func = function () use($aData, $Mongo, $Geo) {
$aGeo = $Geo->getLocation($aData['ip'])->toArray();
$aData = $aData + $aGeo;
/**
* Need unique index uid
*
*/
if (array_key_exists('i_uid', $aData)) {
$coll = $Mongo->ONLINE;
$coll->ensureIndex(array('i_uid' => 1), array('unique' => true));
$coll->ensureIndex(array('i_ts' => 1));
$coll->update(array('i_uid' => $aData['i_uid']), $aData, array('upsert' => true));
} else {
/**
* For guests the value of ip2long (int)
* will be used as uid
*/
$aData['i_uid'] = ip2long($aData['ip']);
$coll = $Mongo->GUESTS;
$coll->ensureIndex(array('i_uid' => 1), array('unique' => true));
$coll->ensureIndex(array('i_ts' => 1));
$coll->update(array('ip' => $aData['ip']), $aData, array('upsert' => true));
}
/**
* Remove old records
* Cleanup runs 10% of requests
* removes records older than 24 hours
*/
if (1 === rand(0, 10)) {
$offset = time() - 60 * 60 * 24;
$coll->remove(array('i_ts' => array('$lt' => $offset)));
}
};
\Lampcms\runLater($func);
}
/**
* Insert record into VOTE_HACKS collection
*
* @todo move this to external class and make
* this method static, accepting only Registry
* @return \Lampcms\Controllers\Accept
*/
protected function recordVoteHack()
{
$coll = $this->Registry->Mongo->VOTE_HACKS;
$coll->ensureIndex(array(Schema::CREATED_TIMESTAMP => 1));
$aData = array(Schema::POSTER_ID => $this->Registry->Viewer->getUid(), Schema::CREATED_TIMESTAMP => time(), Schema::IP_ADDRESS => Request::getIP());
$coll->save($aData);
return $this;
}
/**
* Save the submitted form values
* by setting the $this->oApi object
* and then calling insert() or save() on it
*
* @return object $this
*
*/
protected function save()
{
$isUpdate = false;
$vals = $this->Form->getSubmittedValues();
d('vals: ' . print_r($vals, 1));
$appid = (int) $vals['app_id'];
if ($appid > 0) {
$isUpdate = true;
d('has appid, editing mode');
$this->validateAppIdOwnership($appid);
} else {
/**
* Auto-generate app_id
* Use USERS auto-increment value
* because we can then store the image in the same
* way we store avatar - in the same directory
* using hex based path.
*
*/
$appid = $this->Registry->Incrementor->nextValue('USERS');
}
d('$appid: ' . $appid);
$this->oApi['_id'] = $appid;
$this->oApi['i_uid'] = $this->Registry->Viewer->getUid();
$this->oApi['app_name'] = (string) $this->Request->getUTF8('app_name')->trim()->stripTags();
$this->oApi['appsite'] = (string) $this->Request->getUTF8('appsite')->trim()->stripTags();
$this->oApi['company'] = (string) $this->Request->getUTF8('company')->trim()->stripTags();
$this->oApi['app_type'] = (string) $this->Request->getUTF8('app_type')->trim()->stripTags();
$this->oApi['about'] = (string) $this->Request->getUTF8('about')->trim()->stripTags();
$this->oApi['api_key'] = $appid . '.' . String::makeRandomString(12);
$this->parseIcon();
/**
* Ensure that app is a unique field
* app is the name of application
*/
$coll = $this->Registry->Mongo->API_CLIENTS;
$coll->ensureIndex(array('app_name' => 1), array('unique' => true));
$coll->ensureIndex(array('api_key' => 1), array('unique' => true));
$coll->ensureIndex(array('i_uid' => 1));
try {
if ($isUpdate) {
d('cp');
$this->oApi['edited_time'] = date('F j, Y g:i a T');
$this->oApi['edit_ip'] = Request::getIP();
$res = $this->oApi->save();
} else {
d('cp');
$this->oApi['created_time'] = date('F j, Y g:i a T');
$this->oApi['ip'] = Request::getIP();
$res = $this->oApi->insert();
}
} catch (\Exception $e) {
throw new \OutOfBoundsException($e->getMessage());
}
d('$res: ' . $res);
return $this;
}
/**
* Update LOGIN_LOG collection
*
*/
protected function run()
{
$Viewer = $this->Registry->Viewer;
if (!is_object($Viewer)) {
d('Could not get Viewer object');
return;
}
$ip = Request::getIP();
$uid = $Viewer->getUid();
d('uid: ' . $uid);
if ($uid > 0) {
$aData = array('ip' => $ip, 'i_uid' => $uid, 'i_ts' => time(), 'ua' => Request::getUserAgent(), 'login_method' => $this->loginMethod);
$Mongo = $this->Registry->Mongo->getDb();
//$Geo = $this->Registry->Geo;
$func = function () use($aData, $Mongo) {
//$aGeo = $Geo->getLocation($aData['ip'])->toArray();
//$aData = $aData + $aGeo;
$coll = $Mongo->LOGIN_LOG;
$coll->ensureIndex(array('i_uid' => 1));
$coll->ensureIndex(array('ip' => 1));
$coll->insert($aData);
};
\Lampcms\runLater($func);
}
}
