Exemplo n.º 1
0
	protected function getInput()
	{
	    $this->app = JFactory::getApplication();
            $this->db = JFactory::getDbo();
	    $this->formfields = $this->form->getFieldset();
            $blacklistnets = array();
            $blacklistaddresses = array();
            $blacklistinputarray=AdminExileHelper::ipArray($this->_getField('blacklist'));
            $gmp = AdminExileHelper::gmp();
            require_once(JPATH_PLUGINS.'/system/adminexile/classes/'.($gmp?'IPv6Net.class.php':'simplecidr.class.php'));
            foreach($blacklistinputarray as $blacklistitem) {
		$blacklistitem = trim($blacklistitem);
                if(preg_match('/\//',$blacklistitem)) {
                    try{
                        $blacklistnets[$blacklistitem]=$gmp?(new IPv6Net($blacklistitem)):SimpleCIDR::getInstance($blacklistitem);
                    } catch (Exception $e) {
                        error_log("AdminExile cannot process ".$blacklistitem." due to:".$e->getMessage());
                        $blacklistaddresses[trim($blacklistitem)]=$blacklistitem;
                    }
                } else {
                    $blacklistaddresses[trim($blacklistitem)]=$blacklistitem;
                }
            }
            $query = $this->db->getQuery(true);
            $query->select('*')->from('#__plg_system_adminexile')->where('penalty = 0')->order('lastattempt DESC');
            $this->db->setQuery($query);
            $blocked = $this->db->loadObjectList();
            $return=array();
            $return[]='<h3 style="float:left;clear:left;">'.($gmp?JText::_('PLG_SYS_ADMINEXILE_IPV46'):JText::_('PLG_SYS_ADMINEXILE_IPV4')).'</h3>';
            $attempts = new stdClass();
            foreach($blocked as $match) {
                if(in_array($match->ip,$blacklistaddresses)) {
                    $attempts->{$match->ip} = new stdClass();
                    $attempts->{$match->ip}->lastattempt = $match->lastattempt;
                    $attempts->{$match->ip}->firstattempt = $match->firstattempt;
                    $attempts->{$match->ip}->attempts = $match->attempts;
                } else {
                    foreach(array_keys($blacklistnets) as $key) {
                        if($blacklistnets[$key]->contains(trim((string)$match->ip))) { 
                            if(!property_exists($attempts,$key)) {
                                $attempts->$key = new stdClass();
                                $attempts->$key->attempts = 0;
                                $attempts->$key->addresses = new stdClass();
                            }                           
                            $attempts->$key->addresses->{$match->ip}->lastattempt = $match->lastattempt;
                            $attempts->$key->addresses->{$match->ip}->firstattempt = $match->firstattempt;
                            $attempts->$key->addresses->{$match->ip}->attempts = $match->attempts;
                            $attempts->$key->attempts += $match->attempts;
                        }
                    }
                }
            }
            JFactory::getDocument()->addScriptDeclaration('window.plg_sys_adminexile_blacklist = '.json_encode($attempts).';');
            return implode("\n",$return);
	}
Exemplo n.º 2
0
	protected function getInput()
	{
                $options = array();
                $joomla = array('JACTION_DELETE');
                $messages = array('INVALIDASCII','INVALIDCHAR','NOTNUMERIC');
                $chars = array('DOLLAR','AMPERSAND','PLUS','COMMA','FORWARDSLASH','COLON','SEMICOLON','EQUALS','QUESTION','AT','SPACE','QUOTE','LESSTHAN','GREATERTHAN','POUND','PERCENT','LEFTCURLY','RIGHTCURLY','PIPE','BACKSLASH','CARAT','TILDE','LEFTBRACKET','RIGHTBRACKET','GRAVE');
                $buttons = array('EDIT_IP','DELETE_IP','CLEAR_IP');
                $popups = array('NEW_IPV4','NEW_IPV46','DUPLICATE_ADDRESS','INVALID_ADDRESS');
                $table = array('IP','ACTIONS','ATTEMPTS','LASTATTEMPT','OPTIONS');
                foreach($messages as $string) JText::script('PLG_SYS_ADMINEXILE_MESSAGE_'.$string);
                foreach($chars as $string) JText::script('PLG_SYS_ADMINEXILE_CHAR_'.$string);
                foreach($buttons as $string) JText::script('PLG_SYS_ADMINEXILE_BUTTON_'.$string);
                foreach($popups as $string) JText::script('PLG_SYS_ADMINEXILE_POPUP_'.$string);
                foreach($table as $string) JText::script('PLG_SYS_ADMINEXILE_TH_'.$string);
                foreach($joomla as $string) JText::script($string);
                $options['version']=JVERSION;
                $options['gmp']=AdminExileHelper::gmp();
                JHtml::_('behavior.framework',true);
		$doc = JFactory::getDocument();
                $doc->addScriptDeclaration("\n".'window.plg_sys_adminexile_config = '.json_encode($options).';'."\n");
                $doc->addScript(JURI::root(true).'/media/plg_system_adminexile/admin.js');
		return;
	}
Exemplo n.º 3
0
    public function onAfterInitialise() {
        if ($this->_app->isAdmin()) {
            $this->_net = false;
            JFactory::getLanguage()->load('plg_system_adminexile', JPATH_ADMINISTRATOR);
            if (JFactory::getUser()->id) {
                // check for block removals
                if ($this->_app->input->get->get('adminexile_removeblock', false)) {
                    $ip = $this->_app->input->get->get('ip', 0);
                    $firstattempt = $this->_app->input->get->get('firstattempt', 0, 'RAW');
                    if ($this->_clearBlocks(array('ip' => $ip, 'firstattempt' => $firstattempt))) {
                        header('Content-Type: application/json');
                        die(json_encode(array('success' => true)));
                    }
                }
                $this->_pass = true;
                return true; // user is already logged in
            } else {
                if ($this->params->get('maillink', 0)) {
                    if (@$email = $this->_app->input->get->get('email', false)) {
                        if ($this->params->get('maillink', true) && count($this->params->get('maillinkgroup', array()))) {
                            $this->_maillink($email, $this->params->get('maillinkgroup', array()));
                            $this->_redirect();
                            return true;
                        }
                    }
                }
            }

            $this->_key = $this->params->get('key', 'adminexile');
            if ($this->_app->getUserState("plg_sys_adminexile.$this->_key", false)) {
                $this->_pass = true;
                if (isset($_GET[$this->_key]))
                    $this->_app->redirect(JURI::root() . '/administrator'); // hide the key as soon as possible
                return true; // user provided a key and should be shown the login form
            }

            if ($this->params->get('bruteforce', 0) && $this->_log && $this->_log->penalty != 0)
                return true;

            if($this->params->get('tmpwhitelist',0)) {
                if($this->_getTmpWhitelist($this->_ip)) {
                    $this->_pass = true;
                    $this->_authorized();
                    return true;
                }
            }
            if ($this->params->get('ipsecurity', 0)) {
                $this->_gmp = AdminExileHelper::gmp();
                $ip = $this->_blackwhite($this->_ip);
                if ($ip) {
                    if ($ip === true) {
                        $this->_pass = true;
                        $this->_authorized();
                        return true;
                    } else {
                        $this->_net = $ip;
                        return true;
                    }
                }
            }

            if ($this->_keyauth()) {
                $this->_pass = true;
                $this->_authorized();
                return true;
            }
            return true;
        } else {
            $this->_frontrestrict();
        }
    }