protected function checkIP() { $ip = \Lampcms\Request::getIP(); d('checking IP: ' . $ip); $res = $this->Registry->Mongo->BANNED_IP->findOne(array('_id' => $ip)); if (!empty($res)) { throw new \Lampcms\FilterException('Unable to add new content at this time'); } }
/** * Get Location object for the ip address * * @param string $ip ip address * * @return object of type Location */ public function getLocation($ip = null) { $ip = null !== $ip ? $ip : \Lampcms\Request::getIP(); if (false === ($l = $this->isPublic($ip))) { d('ip not public'); return new Location(); } if (4 === PHP_INT_SIZE) { $l = sprintf("%u", $l); } $i = (double) $l; $a = $this->MongoDB->GEO_BLOCKS->findOne(array('s' => array('$lte' => $i), 'e' => array('$gte' => $i)), array('l')); if (is_array($a) && !empty($a['l'])) { /** * Important: must exclude _id from returned data, otherwise * it may override another _id when doing array_merge * */ $loc = $this->MongoDB->GEO_LOCATION->findOne(array('_id' => $a['l']), array('_id' => 0)); return new Location($loc); } return new Location(); }
/** * Make accessId - a unique * idendifier for the current request * based on date + appID (or ip address) and * Viewer ID * * @return object $this */ protected function makeAccessId() { if (!isset($this->accessId)) { d('making accessId. $this->Registry->clientAppId is: ' . $this->Registry->clientAppId); $clientId = empty($this->Registry->clientAppId) ? Request::getIP() : $this->Registry->clientAppId; d('clientId: ' . $clientId); $this->accessId = date('Ymd') . '_' . $clientId . '_' . $this->Registry->Viewer->getUid(); } return $this; }
/** * Check for previous * failed attempts to reset password * by using incorrect code * * * @throws \Lampcms\Exception * @return object $this */ protected function checkHacks() { $ipHacks = 0; $uidHacks = 0; $uid = $this->Router->getNumber(1); $timeOffset = time() - 86400; $cur = $this->Registry->Mongo->PASSWORD_CHANGE->find(array('i_ts' > $timeOffset)); if ($cur && $cur->count(true) > 0) { $ip = Request::getIP(); foreach ($cur as $aVal) { if ($ip == $aVal['ip']) { $ipHacks += 1; } if ($uid == $aVal['i_uid']) { $uidHacks += 1; } if ($uidHacks > 5 || $ipHacks > 5) { e('LampcmsError: hacking of password reset link. $uidHacks: ' . $uidHacks . ' $ipHacks: ' . $ipHacks . ' from ip: ' . $ip); $this->Registry->Dispatcher->post($this, 'onPasswordResetHack', $aVal); throw new \Lampcms\Exception('@@Access denied@@'); } } } return $this; }
/** * Insert record into VOTE_HACKS collection * * @todo move this to external class and make * this method static, accepting only Registry */ protected function recordVoteHack() { $coll = $this->Registry->Mongo->VOTE_HACKS; $coll->ensureIndex(array('i_ts' => 1)); $aData = array('i_uid' => $this->Registry->Viewer->getUid(), 'i_ts' => time(), 'ip' => Request::getIP()); $coll->save($aData); return $this; }
} catch (Lampcms\IniException $e) { throw new \OutOfBoundsException($e->getMessage()); } /** * First thing is to set our timezone */ if (false === date_default_timezone_set($oINI->SERVER_TIMEZONE)) { throw new \Lampcms\DevException('Invalid name of "SERVER_TIMEZONE" in !config.ini constant. The list of valid timezone names can be found here: http://us.php.net/manual/en/timezones.php'); } /** * The DEBUG is automatically enabled for * users whose ip addresses are added to * MY_IP section of config.inc * or if script is run from console */ $myIP = \Lampcms\Request::getIP(); $aMyIPs = $oINI->offsetGet('MY_IP'); $debug = $oINI->DEBUG; if ($debug || isset($aMyIPs[$myIP]) || defined('SPECIAL_LOG_FILE')) { define('LAMPCMS_DEBUG', true); error_reporting(E_ALL | E_DEPRECATED); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); ini_set('warn_plus_overloading', 1); /** * Turn on session garbage collection * to be run at every session start * to give us consistant behaviour * in debug mode * Session expiration is 5 minutes * which means when logged in without
/** * Update ONLINE_USERS collection * @todo exit if useragent is of known Crawler * * @todo make logging guests online configurable option via Ini * */ protected function run() { $Viewer = $this->Registry->Viewer; $ip = Request::getIP(); $uid = $Viewer->getUid(); d('uid: ' . $uid); $aData = array('ip' => $ip, 'i_ts' => time(), 'ua' => Request::getUserAgent(), 'action' => 'request_' . $this->Registry->Request->get('a', 's', 'home'), 'uri' => $_SERVER['REQUEST_URI'], 'title' => $this->title, 'category' => $this->category, 'a_kw' => !empty($this->aInfo['keywords']) ? explode(', ', $this->aInfo['keywords']) : array()); if ($uid > 0) { $aData['i_uid'] = $uid; $aData['username'] = $Viewer->getDisplayName(); $aData['avtr'] = $Viewer->getAvatarSrc(); $aData['profile'] = $Viewer->getProfileUrl(); $aData['role'] = $Viewer->getRoleId(); $aData['i_pp'] = $Viewer->getProfitPoint(); } $Mongo = $this->Registry->Mongo->getDb(); $Geo = $this->Registry->Geo; $func = function () use($aData, $Mongo, $Geo) { $aGeo = $Geo->getLocation($aData['ip'])->toArray(); $aData = $aData + $aGeo; /** * Need unique index uid * */ if (array_key_exists('i_uid', $aData)) { $coll = $Mongo->ONLINE; $coll->ensureIndex(array('i_uid' => 1), array('unique' => true)); $coll->ensureIndex(array('i_ts' => 1)); $coll->update(array('i_uid' => $aData['i_uid']), $aData, array('upsert' => true)); } else { /** * For guests the value of ip2long (int) * will be used as uid */ $aData['i_uid'] = ip2long($aData['ip']); $coll = $Mongo->GUESTS; $coll->ensureIndex(array('i_uid' => 1), array('unique' => true)); $coll->ensureIndex(array('i_ts' => 1)); $coll->update(array('ip' => $aData['ip']), $aData, array('upsert' => true)); } /** * Remove old records * Cleanup runs 10% of requests * removes records older than 24 hours */ if (1 === rand(0, 10)) { $offset = time() - 60 * 60 * 24; $coll->remove(array('i_ts' => array('$lt' => $offset))); } }; \Lampcms\runLater($func); }
/** * Insert record into VOTE_HACKS collection * * @todo move this to external class and make * this method static, accepting only Registry * @return \Lampcms\Controllers\Accept */ protected function recordVoteHack() { $coll = $this->Registry->Mongo->VOTE_HACKS; $coll->ensureIndex(array(Schema::CREATED_TIMESTAMP => 1)); $aData = array(Schema::POSTER_ID => $this->Registry->Viewer->getUid(), Schema::CREATED_TIMESTAMP => time(), Schema::IP_ADDRESS => Request::getIP()); $coll->save($aData); return $this; }
/** * Save the submitted form values * by setting the $this->oApi object * and then calling insert() or save() on it * * @return object $this * */ protected function save() { $isUpdate = false; $vals = $this->Form->getSubmittedValues(); d('vals: ' . print_r($vals, 1)); $appid = (int) $vals['app_id']; if ($appid > 0) { $isUpdate = true; d('has appid, editing mode'); $this->validateAppIdOwnership($appid); } else { /** * Auto-generate app_id * Use USERS auto-increment value * because we can then store the image in the same * way we store avatar - in the same directory * using hex based path. * */ $appid = $this->Registry->Incrementor->nextValue('USERS'); } d('$appid: ' . $appid); $this->oApi['_id'] = $appid; $this->oApi['i_uid'] = $this->Registry->Viewer->getUid(); $this->oApi['app_name'] = (string) $this->Request->getUTF8('app_name')->trim()->stripTags(); $this->oApi['appsite'] = (string) $this->Request->getUTF8('appsite')->trim()->stripTags(); $this->oApi['company'] = (string) $this->Request->getUTF8('company')->trim()->stripTags(); $this->oApi['app_type'] = (string) $this->Request->getUTF8('app_type')->trim()->stripTags(); $this->oApi['about'] = (string) $this->Request->getUTF8('about')->trim()->stripTags(); $this->oApi['api_key'] = $appid . '.' . String::makeRandomString(12); $this->parseIcon(); /** * Ensure that app is a unique field * app is the name of application */ $coll = $this->Registry->Mongo->API_CLIENTS; $coll->ensureIndex(array('app_name' => 1), array('unique' => true)); $coll->ensureIndex(array('api_key' => 1), array('unique' => true)); $coll->ensureIndex(array('i_uid' => 1)); try { if ($isUpdate) { d('cp'); $this->oApi['edited_time'] = date('F j, Y g:i a T'); $this->oApi['edit_ip'] = Request::getIP(); $res = $this->oApi->save(); } else { d('cp'); $this->oApi['created_time'] = date('F j, Y g:i a T'); $this->oApi['ip'] = Request::getIP(); $res = $this->oApi->insert(); } } catch (\Exception $e) { throw new \OutOfBoundsException($e->getMessage()); } d('$res: ' . $res); return $this; }
/** * Update LOGIN_LOG collection * */ protected function run() { $Viewer = $this->Registry->Viewer; if (!is_object($Viewer)) { d('Could not get Viewer object'); return; } $ip = Request::getIP(); $uid = $Viewer->getUid(); d('uid: ' . $uid); if ($uid > 0) { $aData = array('ip' => $ip, 'i_uid' => $uid, 'i_ts' => time(), 'ua' => Request::getUserAgent(), 'login_method' => $this->loginMethod); $Mongo = $this->Registry->Mongo->getDb(); //$Geo = $this->Registry->Geo; $func = function () use($aData, $Mongo) { //$aGeo = $Geo->getLocation($aData['ip'])->toArray(); //$aData = $aData + $aGeo; $coll = $Mongo->LOGIN_LOG; $coll->ensureIndex(array('i_uid' => 1)); $coll->ensureIndex(array('ip' => 1)); $coll->insert($aData); }; \Lampcms\runLater($func); } }