function bb2_post($settings, $package)
{
// Check blackhole lists for known spam/malicious activity
require_once BB2_CORE . "/blackhole.inc.php";
bb2_test($settings, $package, bb2_blackhole($package));
// MovableType needs specialized screening
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
return "7d12528e";
}
}
// Trackbacks need special screening
$request_entity = $package['request_entity'];
if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
require_once BB2_CORE . "/trackback.inc.php";
return bb2_trackback($package);
}
// Catch a few completely broken spambots
foreach ($request_entity as $key => $value) {
$pos = strpos($key, "\tdocument.write");
if ($pos !== FAlSE) {
return "dfd9b1ad";
}
}
// Screen by cookie/JavaScript form add
if (isset($_COOKIE[BB2_COOKIE])) {
$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
}
if (isset($_POST[BB2_COOKIE])) {
$screener2 = explode(" ", $_POST[BB2_COOKIE]);
}
$screener = max($screener1[0], $screener2[0]);
if ($screener > 0) {
// Posting too fast? 5 sec
// FIXME: even 5 sec is too intrusive
// if ($screener + 5 > time())
// return "408d7e72";
// Posting too slow? 48 hr
if ($screener + 172800 < time()) {
return "b40c8ddc";
}
// Screen by IP address
$ip = ip2long($package['ip']);
$ip_screener = ip2long($screener[1]);
// FIXME: This is b0rked, but why?
// if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
// return "c1fa729b";
// Screen for user agent changes
// User connected previously with blank user agent
$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
// Damnit, too many ways for this to fail :(
if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0) {
return "799165c2";
}
}
return false;
}
function bb2_housekeeping($settings, $package)
{
// FIXME Yes, the interval's hard coded (again) for now.
$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < " . (bb2_db_date() - 60 * 60 * 24 * 7);
bb2_db_query($query);
// Waste a bunch more of the spammer's time, sometimes.
if (rand(1, 1000) == 1) {
sleep(10);
}
}
function bb2_housekeeping($settings, $package)
{
// FIXME Yes, the interval's hard coded (again) for now.
$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
bb2_db_query($query);
// Waste a bunch more of the spammer's time, sometimes.
if (rand(1, 25) == 1) {
$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
bb2_db_query($query);
}
}
function bb2_insert($settings, $package, $key)
{
if (!$settings['logging']) {
return "";
}
$sql = "INSERT INTO `{$settings['log_table']}`\r\n\t\t(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES\r\n\t\t(:ip, :date, :request_method, :request_uri, :server_protocol, :headers, :user_agent, :request_entity, :key)";
$assigns = ["ip" => bb2_db_escape($package['ip']), "date" => bb2_db_date(), "request_method" => bb2_db_escape($package['request_method']), "request_uri" => bb2_db_escape($package['request_uri']), "server_protocol" => bb2_db_escape($package['server_protocol']), "headers" => NULL, "user_agent" => bb2_db_escape($package['user_agent']), "request_entity" => "", "key" => $key];
$assigns['headers'] = "{$assigns['request_method']} {$assigns['request_uri']} {$assigns['server_protocol']}\n";
foreach ($package['headers'] as $h => $v) {
$assigns['headers'] .= bb2_db_escape("{$h}: {$v}\n");
}
$assigns['request_entity'] = "";
if (!strcasecmp($assigns['request_method'], "POST")) {
foreach ($package['request_entity'] as $h => $v) {
$assigns['request_entity'] .= bb2_db_escape("{$h}: {$v}\n");
}
}
return [$sql, $assigns];
}
function bb2_insert($settings, $package, $key)
{
$ip = bb2_db_escape($package['ip']);
$date = bb2_db_date();
$request_method = bb2_db_escape($package['request_method']);
$request_uri = bb2_db_escape($package['request_uri']);
$server_protocol = bb2_db_escape($package['server_protocol']);
$user_agent = bb2_db_escape($package['user_agent']);
$headers = "{$request_method} {$request_uri} {$server_protocol}\n";
foreach ($package['headers'] as $h => $v) {
$headers .= bb2_db_escape("{$h}: {$v}\n");
}
$request_entity = "";
if (!strcasecmp($request_method, "POST")) {
foreach ($package['request_entity'] as $h => $v) {
$request_entity .= bb2_db_escape("{$h}: {$v}\n");
}
}
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`\n\t\t(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES\n\t\t('{$ip}', '{$date}', '{$request_method}', '{$request_uri}', '{$server_protocol}', '{$headers}', '{$user_agent}', '{$request_entity}', '{$key}')";
}
function bb2_insert($settings, $package, $key)
{
$ip = bb2_db_escape($package['ip']);
$date = bb2_db_date();
$request_method = bb2_db_escape($package['request_method']);
$request_uri = bb2_db_escape($package['request_uri']);
$server_protocol = bb2_db_escape($package['server_protocol']);
$user_agent = bb2_db_escape($package['user_agent']);
$headers = "$request_method $request_uri $server_protocol\n";
foreach ($package['headers'] as $h => $v) {
$headers .= bb2_db_escape("$h: $v\n");
}
$request_entity = "";
if (!strcasecmp($request_method, "POST")) {
foreach ($package['request_entity'] as $h => $v) {
$request_entity .= bb2_db_escape("$h: $v\n");
}
}
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
}
/**
* Create the query for inserting a record in to the database.
* This is the main logging function for logging and verbose levels.
*
* @param array $settings
* @param array $package
* @param string $key
* @return string
*/
function bb2_insert($settings, $package, $key)
{
global $user_info, $sc;
// Logging not enabled
if (!$settings['logging']) {
return '';
}
// Clean the data that bb sent us
$ip = bb2_db_escape($package['ip']);
$date = (int) bb2_db_date();
$request_method = bb2_db_escape($package['request_method']);
$request_uri = bb2_db_escape($package['request_uri']);
$server_protocol = bb2_db_escape($package['server_protocol']);
$user_agent = bb2_db_escape($package['user_agent']);
$member_id = (int) (!empty($user_info['id'])) ? $user_info['id'] : 0;
$session = !empty($sc) ? (string) $sc : '';
// Prepare the headers etc for db insertion
// We are passed at least
// Host, User-Agent, Accept, Accept-Language, Accept-Encoding, DNT, Connection, Referer, Cookie, Authorization
$headers = '';
$length = 0;
$skip = array('User-Agent', 'Accept-Encoding', 'DNT', 'X-Wap-Profile');
foreach ($package['headers'] as $h => $v) {
if (!in_array($h, $skip)) {
// Make sure this header it will fit in the db, if not move on to the next
// @todo increase the db space to 512 or convert to text?
$check = $length + Util::strlen($h) + Util::strlen($v) + 2;
if ($check < 255) {
$headers .= bb2_db_escape($h . ': ' . $v . "\n");
$length = $check;
}
}
}
$request_entity = '';
if (!strcasecmp($request_method, "POST")) {
foreach ($package['request_entity'] as $h => $v) {
if (is_array($v)) {
$v = bb2_multi_implode($v, ' | ');
}
$request_entity .= bb2_db_escape("{$h}: {$v}\n");
}
// Only such much space in this column, so brutally cut it
// @todo in 1.1 improve logging or drop this?
$request_entity = substr($request_entity, 0, 254);
}
// Add it
return "INSERT INTO {db_prefix}log_badbehavior\n\t\t(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `valid`, `id_member`, `session`) VALUES\n\t\t('{$ip}', '{$date}', '{$request_method}', '{$request_uri}', '{$server_protocol}', '{$headers}', '{$user_agent}', '{$request_entity}', '{$key}', '{$member_id}' , '{$session}')";
}
function bb2_insert($settings, $package, $key)
{
if (!$settings['logging']) {
return "";
}
$ip = bb2_db_escape($package['ip']);
$date = bb2_db_escape(bb2_db_date());
$request_method = bb2_db_escape($package['request_method']);
$request_uri = bb2_db_escape($package['request_uri']);
$server_protocol = bb2_db_escape($package['server_protocol']);
$user_agent = bb2_db_escape($package['user_agent']);
$headers = "{$request_method} {$request_uri} {$server_protocol}\n";
foreach ($package['headers'] as $h => $v) {
$headers .= "{$h}: {$v}\n";
}
$headers = bb2_db_escape($headers);
$request_entity = "";
if (!strcasecmp($request_method, "POST")) {
foreach ($package['request_entity'] as $h => $v) {
$request_entity .= "{$h}: {$v}\n";
}
}
$request_entity = bb2_db_escape($request_entity);
return 'INSERT INTO `' . $settings['log_table'] . '`' . '(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES' . '(' . $ip . ', ' . $date . ', ' . $request_method . ', ' . $request_uri . ', ' . $server_protocol . ', ' . $headers . ', ' . $user_agent . ', ' . $request_entity . ', ' . bb2_db_escape($key) . ')';
}
