/** * Validates the callback request is valid. If failure happens, the response should * tell the processor to retry. * * @param string $errorString Output error string * * @return boolean */ public function validateRequest(&$errorString) { try { if ($this->_filtered['test_ipn'] && XenForo_Application::debugMode()) { $validator = XenForo_Helper_Http::getClient('https://www.sandbox.paypal.com/cgi-bin/webscr'); } else { $validator = XenForo_Helper_Http::getClient('https://www.paypal.com/cgi-bin/webscr'); } $validator->setParameterPost('cmd', '_notify-validate'); $validator->setParameterPost($_POST); $validatorResponse = $validator->request('POST'); if (!$validatorResponse || $validatorResponse->getBody() != 'VERIFIED' || $validatorResponse->getStatus() != 200) { $host = XenForo_Model_Ip::getHost($this->_request->getClientIp(false)); if (preg_match('#(^|\\.)paypal.com$#i', $host)) { $errorString = 'Request not validated'; } else { $errorString = array(false, 'Request not validated (from unknown source)'); } return false; } } catch (Zend_Http_Client_Exception $e) { $errorString = 'Connection to PayPal failed'; return false; } $business = strtolower($this->_filtered['business']); $receiverEmail = strtolower($this->_filtered['receiver_email']); $options = XenForo_Application::get('options'); $accounts = preg_split('#\\r?\\n#', $options->payPalAlternateAccounts, -1, PREG_SPLIT_NO_EMPTY); $accounts[] = $options->payPalPrimaryAccount; $matched = false; foreach ($accounts as $account) { $account = trim(strtolower($account)); if ($account && ($business == $account || $receiverEmail == $account)) { $matched = true; break; } } if (!$matched) { $errorString = 'Invalid business or receiver_email'; return false; } return true; }
/** * Retrieve the User record associated with the authenticated user. * * @return User|null */ public function init() { $this->getBootstrap()->bootstrap('Auth'); $auth = $this->getBootstrap()->getResource('Auth'); $this->getBootstrap()->bootstrap('Db'); $db = $this->getBootstrap()->getResource('Db'); $front = Zend_Controller_Front::getInstance(); $request = new Zend_Controller_Request_Http(); // REST API requests require a slightly different authentication // strategy. They use non-persistant, key-based authentication if ($front->getParam('api')) { // Authenticate against the API key in a non-persistent way. $auth->setStorage(new Zend_Auth_Storage_NonPersistent()); $authAdapter = new Omeka_Auth_Adapter_KeyTable($request->getParam('key')); $auth->authenticate($authAdapter); } if (!$auth->hasIdentity()) { // There is no user if there is no identity. return null; } try { // Get the user ID for REST API or standard requests. if ($front->getParam('api')) { // Update the key row. $key = $auth->getIdentity(); $key->ip = inet_pton($request->getClientIp()); $key->accessed = date('Y-m-d H:i:s'); $key->save(); $userId = $key->user_id; } else { $userId = $auth->getIdentity(); } $user = $db->getTable('User')->findActiveById($userId); } catch (Zend_Db_Statement_Exception $e) { // Exceptions may be thrown because the database is out of sync with // the code. Suppress errors and skip authentication, but only // until the database is properly upgraded. if (Omeka_Db_Migration_Manager::getDefault()->dbNeedsUpgrade()) { $user = null; } else { throw $e; } } if (!$user) { // If we can't retrieve the User from the database, it likely means // that this user has been deleted. In this case, do not allow the // user to stay logged in. $auth->clearIdentity(); } return $user; }
public function init() { /** @var $log Zend_Log */ $multilog = $this->getBootstrap()->getPluginResource('multiplelog'); $log = $multilog->getLog('audit'); if (empty($log)) { throw new Exception('Please configure a multiplelog log with name "audit"'); } // Custom priority $log->addPriority('audit', self::PRIORITY); // Set a priority filter to only allow "audit" events $filter = new Zend_Log_Filter_Priority(self::PRIORITY, '=='); $log->addFilter($filter); // Static log events for auditing $request = new Zend_Controller_Request_Http(); $log->setEventItem('ip', $request->getClientIp()); return $log; }
/** * Determines if the given request matches the criteria. * * @param array|string $criteria List of criteria, format: [] with keys rule * and data; may be serialized * @param boolean $matchOnEmpty If true and there's no criteria, true is * returned; otherwise, false * @param Zend_Controller_Request_Http $request Request to check against * * @return boolean */ public static function requestMatchesCriteria($criteria, $matchOnEmpty = false, Zend_Controller_Request_Http $request = null) { if (!($criteria = XenForo_Helper_Criteria::unserializeCriteria($criteria))) { return (bool) $matchOnEmpty; } if (!$request) { $request = new Zend_Controller_Request_Http(); } foreach ($criteria as $criterion) { $data = $criterion['data']; switch ($criterion['rule']) { // contains at least x links case 'geoip_country': if (!isset($data['countries'])) { return false; } if (!function_exists('geoip_country_code_by_name')) { return false; } try { $country = geoip_country_code_by_name($request->getClientIp(true)); } catch (Exception $e) { return false; } if (!in_array($country, $data['countries'])) { return false; } break; // user has open port // user has open port case 'open_port': if (empty($data['port'])) { return false; } if (@fsockopen($_SERVER['REMOTE_ADDR'], $data['port'], $errstr, $errno, 1)) { return false; } break; } } return true; }
/** * Takes the info passed to allowRegistration() and extracts the necessary data for the spam check * * @param array $user * @param Zend_Controller_Request_Http $request * * @return array */ protected function _getSpamCheckData(array $user, Zend_Controller_Request_Http $request) { if (!isset($user['ip'])) { $user['ip'] = $request->getClientIp(false); } return $user; }
/** * @group ZF-7117 */ public function testGetClientIpNoProxyCheck() { $request = new Zend_Controller_Request_Http(); $_SERVER['HTTP_CLIENT_IP'] = '192.168.1.10'; $_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.1.11'; $_SERVER['REMOTE_ADDR'] = '192.168.1.12'; $this->assertEquals('192.168.1.12', $request->getClientIp(false)); }
if ($SERVER_URL && $SERVER_URL != WT_SERVER_NAME . WT_SCRIPT_PATH) { header('Location: ' . $SERVER_URL . WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''), true, 301); exit; } // Request more resources - if we can/want to if (!ini_get('safe_mode')) { $memory_limit = WT_Site::preference('MEMORY_LIMIT'); if ($memory_limit) { ini_set('memory_limit', $memory_limit); } $max_execution_time = WT_Site::preference('MAX_EXECUTION_TIME'); if ($max_execution_time && strpos(ini_get('disable_functions'), 'set_time_limit') === false) { set_time_limit($max_execution_time); } } $rule = WT_DB::prepare("SELECT SQL_CACHE rule FROM `##site_access_rule`" . " WHERE IFNULL(INET_ATON(?), 0) BETWEEN ip_address_start AND ip_address_end" . " AND ? LIKE user_agent_pattern" . " ORDER BY ip_address_end LIMIT 1")->execute(array($WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT']))->fetchOne(); switch ($rule) { case 'allow': $SEARCH_SPIDER = false; break; case 'deny': header('HTTP/1.1 403 Access Denied'); exit; case 'robot': case 'unknown': // Search engines don’t send cookies, and so create a new session with every visit. // Make sure they always use the same one Zend_Session::setId('search-engine-' . str_replace('.', '-', $WT_REQUEST->getClientIp())); $SEARCH_SPIDER = true; break; case '':
/** * Returns an array of IPs for the current client * * @return */ protected function _getClientIps() { $ips = preg_split('/,\\s*/', $this->_request->getClientIp(true)); $ips[] = $this->_request->getClientIp(false); return array_unique($ips); }
/** * {@inheritdoc} */ public function getClientIp($checkProxy = false) { return parent::getClientIp($checkProxy); }
public function getClientIp($checkProxy = false) { if (!empty($this->_remoteAddr)) { return $this->_remoteAddr; } return parent::getClientIp($checkProxy); }