/**
* Run a query and return the results, if any.
* Should return FALSE if an error occurred.
* Bad Behavior will use the return value here in other callbacks.
*
* @param string $query
* @return bool or int
*/
function bb2_db_query($query)
{
$db = database();
// First fix the horrors caused by bb's support of only mysql
// ok they are right its my horror :P
if (strpos($query, 'DATE_SUB') !== false) {
$query = 'DELETE FROM {db_prefix}log_badbehavior WHERE date < ' . (bb2_db_date() - 7 * 86400);
} elseif (strpos($query, 'OPTIMIZE TABLE') !== false) {
return true;
} elseif (strpos($query, '@@session.wait_timeout') !== false) {
return true;
}
// Run the query, return success, failure or the actual results
$result = $db->query('', $query, array());
if (!$result) {
return false;
} elseif ($result === true) {
return bb2_db_affected_rows() !== 0;
} elseif (bb2_db_num_rows($result) === 0) {
return false;
}
return bb2_db_rows($result);
}
function bb2_insert_stats($force = false)
{
global $bb2_stats;
$settings = bb2_read_settings();
if ($force || $settings['display_stats']) {
$blocked = bb2_db_rows(bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'"));
if ($blocked !== FALSE) {
echo sprintf('<span><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</span>', 'Bad Behavior', 'has blocked', $blocked[0]["COUNT(*)"], 'access attempt(s) in the last 7 days.');
}
}
}
function bb2_insert_stats($force = false)
{
static $retval = null;
$settings = bb2_read_settings();
if (!$force && !$settings['display_stats']) {
return '';
// not cached
}
if ($retval !== null) {
return $retval;
}
$blocked = bb2_db_query("SELECT COUNT(*) AS blocked FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
$row = bb2_db_rows($blocked);
if ($blocked !== FALSE) {
$retval = sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', 'Bad Behavior', 'has blocked', $row['blocked'], 'access attempts in the last 7 days.');
}
return $retval;
}
function bb2_manage()
{
global $wpdb;
$request_uri = $_SERVER["REQUEST_URI"];
if (!$request_uri) {
$request_uri = $_SERVER['SCRIPT_NAME'];
}
# IIS
$settings = bb2_read_settings();
$rows_per_page = 100;
$where = "";
// Get query variables desired by the user with input validation
$paged = 0 + $_GET['paged'];
if (!$paged) {
$paged = 1;
}
if ($_GET['key']) {
$where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
}
if ($_GET['blocked']) {
$where .= "AND `key` != '00000000' ";
} else {
if ($_GET['permitted']) {
$where .= "AND `key` = '00000000' ";
}
}
if ($_GET['ip']) {
$where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
}
if ($_GET['user_agent']) {
$where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
}
if ($_GET['request_method']) {
$where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
}
// Query the DB based on variables selected
$r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table']);
$results = bb2_db_rows($r);
$totalcount = $results[0]["COUNT(id)"];
$r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
$results = bb2_db_rows($r);
$count = $results[0]["COUNT(id)"];
$pages = ceil($count / 100);
$r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
$results = bb2_db_rows($r);
// Display rows to the user
?>
<div class="wrap">
<?php
echo bb2_donate_button(admin_url("tools.php?page=bb2_manage"));
?>
<h2><?php
_e("Bad Behavior Log");
?>
</h2>
<form method="post" action="<?php
echo admin_url("tools.php?page=bb2_manage");
?>
">
<p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>See also: <a href="<?php
echo admin_url("options-general.php?page=bb2_options");
?>
">Settings</a> | <a href="<?php
echo admin_url("options-general.php?page=bb2_whitelist");
?>
">Whitelist</a></p>
<div class="tablenav">
<?php
$page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
if ($page_links) {
echo "<div class=\"tablenav-pages\">{$page_links}</div>\n";
}
?>
<div class="alignleft">
<?php
if ($count < $totalcount) {
?>
Displaying <strong><?php
echo $count;
?>
</strong> of <strong><?php
echo $totalcount;
?>
</strong> records filtered by:<br/>
<?php
if ($_GET['key']) {
echo "Status [<a href=\"" . esc_url(remove_query_arg(array("paged", "key"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['blocked']) {
echo "Blocked [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['permitted']) {
echo "Permitted [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['ip']) {
echo "IP [<a href=\"" . esc_url(remove_query_arg(array("paged", "ip"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['user_agent']) {
echo "User Agent [<a href=\"" . esc_url(remove_query_arg(array("paged", "user_agent"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['request_method']) {
echo "GET/POST [<a href=\"" . esc_url(remove_query_arg(array("paged", "request_method"), $request_uri)) . "\">X</a>] ";
}
} else {
?>
Displaying all <strong><?php
echo $totalcount;
?>
</strong> records<br/>
<?php
}
if (!$_GET['key'] && !$_GET['blocked']) {
?>
<a href="<?php
echo esc_url(add_query_arg(array("blocked" => "1", "permitted" => "0", "paged" => false), $request_uri));
?>
">Show Blocked</a> <?php
}
if (!$_GET['key'] && !$_GET['permitted']) {
?>
<a href="<?php
echo esc_url(add_query_arg(array("permitted" => "1", "blocked" => "0", "paged" => false), $request_uri));
?>
">Show Permitted</a> <?php
}
?>
</div>
</div>
<table class="widefat">
<thead>
<tr>
<th scope="col" class="check-column"><input type="checkbox" onclick="checkAll(document.getElementById('request-filter'));" /></th>
<th scope="col"><?php
_e("IP/Date/Status");
?>
</th>
<th scope="col"><?php
_e("Headers");
?>
</th>
<th scope="col"><?php
_e("Entity");
?>
</th>
</tr>
</thead>
<tbody>
<?php
$alternate = 0;
if ($results) {
foreach ($results as $result) {
$key = bb2_get_response($result["key"]);
$alternate++;
if ($alternate % 2) {
echo "<tr id=\"request-" . $result["id"] . "\" valign=\"top\">\n";
} else {
echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n";
}
echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
$httpbl = bb2_httpbl_lookup($result["ip"]);
$host = @gethostbyaddr($result["ip"]);
if (!strcmp($host, $result["ip"])) {
$host = "";
} else {
$host .= "<br/>\n";
}
echo "<td><a href=\"" . esc_url(add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri))) . "\">" . $result["ip"] . "</a><br/>{$host}<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url(add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri))) . "\">" . $key["log"] . "</a>\n";
if ($httpbl) {
echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>{$httpbl}\n";
}
echo "</td>\n";
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
if (@strpos($headers, $result['user_agent']) !== FALSE) {
$headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
}
if (@strpos($headers, $result['request_method']) !== FALSE) {
$headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("request_method", rawurlencode($result["request_method"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['request_method'] . "</a>", strpos($headers, $result['request_method']), strlen($result['request_method']));
}
echo "<td>{$headers}</td>\n";
echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n";
echo "</tr>\n";
}
}
?>
</tbody>
</table>
<div class="tablenav">
<?php
$page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
if ($page_links) {
echo "<div class=\"tablenav-pages\">{$page_links}</div>\n";
}
?>
<div class="alignleft">
</div>
</div>
</form>
</div>
<?php
}
