private function UpdateIPAddrInfo($inclogins) { global $sso_ipaddr_info; $info = $this->GetInfo(); if (isset($sso_ipaddr_info["sso_login_modules"]["sso_recaptcha"])) { $result = $sso_ipaddr_info["sso_login_modules"]["sso_recaptcha"]; } else { $result = array("ts" => CSDB::ConvertToDBTime(time()), "logins" => 0); } // Check expirations and reset if necessary. if (CSDB::ConvertFromDBTime($result["ts"]) < time() - $info["login_interval"]) { $result["ts"] = CSDB::ConvertToDBTime(time()); $result["logins"] = 0; } // Increment requested. if ($inclogins && $result["logins"] < $info["login_attempts"]) { $result["logins"]++; } $sso_ipaddr_info["sso_login_modules"]["sso_recaptcha"] = $result; // Save the information. SSO_SaveIPAddrInfo(); }
function SSO_IsSpammer($info) { global $sso_settings, $sso_ipaddr, $sso_ipaddr_info, $sso_provider; // Check for an existing entry. if (isset($sso_ipaddr_info["spaminfo"]) && isset($sso_ipaddr_info["spaminfo"][$sso_provider])) { return $info["allchecks"] ? isset($sso_ipaddr_info["spaminfo_cache"]["spammer"]) ? $sso_ipaddr_info["spaminfo_cache"]["spammer"] : $sso_ipaddr_info["spaminfo"][$sso_provider]["spammer"] : false; } // An extra cache so the various servers are only queried once for global data. $spamcache = isset($sso_ipaddr_info["spaminfo_cache"]) ? $sso_ipaddr_info["spaminfo_cache"] : array(); // Check DNSRBL entries. Only IPv4 support for the moment. $spaminfo = array("reasons" => array()); $spammer = false; if (!isset($spamcache["dnsrbl"])) { $spamcache["dnsrbl"] = array(); } if ($sso_ipaddr["ipv4"] != "") { $num = 0; $ipv4 = implode(".", array_reverse(explode(".", $sso_ipaddr["ipv4"]))); $blacklists = explode("\n", str_replace("\r", "\n", $info["dnsrbl_lists"] . "\n" . $sso_settings[""]["iprestrict"]["dnsrbl_lists"])); foreach ($blacklists as $blacklist) { $pos = strpos($blacklist, "#"); if ($pos !== false) { $blacklist = substr($blacklist, 0, $pos); } $blacklist = trim($blacklist); if ($blacklist != "") { $blacklist = explode("|", $blacklist); $domain = trim(array_shift($blacklist)); $url = $domain; if (substr($url, 0, 7) == "http://" || substr($domain, 0, 8) == "https://") { $domain = trim(array_shift($blacklist)); } if ($domain != "") { if (isset($spamcache["dnsrbl"][$domain])) { $mapips = $spamcache["dnsrbl"][$domain]; } else { $mapips = gethostbynamel(stripos($domain, "@IP@") === false ? $ipv4 . "." . $domain : str_replace("@IP@", $ipv4, $domain)); $spamcache["dnsrbl"][$domain] = $mapips; } if ($mapips !== false && is_array($mapips)) { if (!count($blacklist)) { $spaminfo["reasons"][] = BB_Translate("IP address '%s' appears on the blacklist at '%s'.", $sso_ipaddr["ipv4"], $url); $found = true; } else { $found = false; while (count($blacklist) && !$found) { $match = trim(array_shift($blacklist)); if (strpos($match, "&") !== false || strpos($match, "<") !== false || strpos($match, ">") !== false) { $match = explode(".", $match); if (count($match) == 4) { foreach ($mapips as $mapip) { $mapip = explode(".", $mapip); if (count($mapip) == 4) { for ($x = 0; $x < 4; $x++) { $chr = substr($match[$x], 0, 1); if ($chr == "&" && ((int) substr($match[$x], 1) & (int) $mapip[$x]) == 0) { break; } else { if ($chr == "<" && (int) substr($match[$x], 1) <= (int) $mapip[$x]) { break; } else { if ($chr == ">" && (int) substr($match[$x], 1) >= (int) $mapip[$x]) { break; } else { if ($chr != "&" && $chr != "<" && $chr != ">" && $chr != "" && $match[$x] != $mapip[$x]) { break; } } } } } if ($x == 4) { $spaminfo["reasons"][] = BB_Translate("IP address '%s' appears on the blacklist at '%s' with return value '%s' matching pattern '%s'.", $sso_ipaddr["ipv4"], $url, implode(".", $mapip), implode(".", $match)); $found = true; break; } } } } } else { if (in_array($match, $mapips)) { $spaminfo["reasons"][] = BB_Translate("IP address '%s' appears on the blacklist at '%s' with return value '%s'.", $sso_ipaddr["ipv4"], $url, $match); $found = true; } } } } if ($found) { $num++; } } } } } if ((int) $info["dnsrbl_mincount"] > 0 && $num >= (int) $info["dnsrbl_mincount"]) { $spammer = true; } else { if ((int) $sso_settings[""]["iprestrict"]["dnsrbl_mincount"] > 0 && $num >= (int) $sso_settings[""]["iprestrict"]["dnsrbl_mincount"]) { $spammer = true; } } } // Check geolocation blacklists. if (!isset($spamcache["geoip"])) { $spamcache["geoip"] = SSO_GetGeoIPInfo(); } if ($spamcache["geoip"] !== false) { $geoip_lists = explode("\n", str_replace("\r", "\n", $info["geoip_lists"] . "\n" . $sso_settings[""]["iprestrict"]["geoip_lists"])); foreach ($geoip_lists as $line) { $line = trim($line); if ($line != "") { $found = true; $entries = explode(";", $line); foreach ($entries as $entry) { $entry = explode("=", $entry); if (count($entry) != 2) { $found = false; break; } $key = trim($entry[0]); $val = trim($entry[1]); if (!isset($spamcache["geoip"][$key]) || $spamcache["geoip"][$key] != $val) { $found = false; break; } } if ($found) { $spaminfo["reasons"][] = BB_Translate("IP address '%s' matches geolocation '%s'.", $sso_ipaddr["ipv6"] . ($sso_ipaddr["ipv4"] != "" ? " (" . $sso_ipaddr["ipv4"] . ")" : ""), $line); $spammer = true; } } } } // Cache the results. $spaminfo["spammer"] = $spammer; if (!isset($sso_ipaddr_info["spaminfo"])) { $sso_ipaddr_info["spaminfo"] = array(); } $sso_ipaddr_info["spaminfo"][$sso_provider] = $spaminfo; $sso_ipaddr_info["spaminfo_cache"] = $spamcache; SSO_SaveIPAddrInfo(); return $info["allchecks"] ? $spammer : false; }