From b624e45282e31944d7b72742ba0aa826862850dd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 23 Jan 2013 17:33:14 +0000 Subject: [PATCH] Continued with ext-blacklist: - Blacklisting of IP addresses now possible (with pattern as for all) - Resorted ext-blacklist library, added new functions for IP blacklisting - TODOs.txt updated --- DOCS/TODOs.txt | 7 ++- inc/extensions/ext-blacklist.php | 5 ++ inc/filter/blacklist_filter.php | 34 +++++++++++- inc/language/blacklist_de.php | 1 + inc/language/de.php | 3 +- inc/language/mydata_de.php | 1 + inc/libs/blacklist_functions.php | 55 ++++++++++++++----- inc/libs/register_functions.php | 14 +++-- inc/modules/member/what-mydata.php | 10 ++-- .../de/html/admin/admin_config_blacklist.tpl | 7 +++ 10 files changed, 107 insertions(+), 30 deletions(-) diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt index 5ffb98425a..32d7c03229 100644 --- a/DOCS/TODOs.txt +++ b/DOCS/TODOs.txt @@ -64,7 +64,8 @@ ./inc/extensions/sponsor/mode-setup.php:43:// @TODO Remove double tabs from all lines ./inc/extensions/sql_patches/mode-update.php:43:// @TODO Remove double tabs from all lines ./inc/extensions/user/mode-update.php:43:// @TODO Remove double tabs from all lines -./inc/filter/blacklist_filter.php:63: // @TODO Insert log entry +./inc/filter/blacklist_filter.php:82: // @TODO Insert log entry +./inc/filter/blacklist_filter.php:93: // @TODO Insert log entry ./inc/filter/bonus_filter.php:56: // @TODO This query isn't right, it will only update if the user was for a longer time away! ./inc/filter/cache_filter.php:94: // @TODO This should be rewritten not to load the cache file for just checking if it is there for save removal. ./inc/filter/forced_filter.php:73: // @TODO This part is unfinished @@ -80,8 +81,8 @@ ./inc/header.php:66:// @TODO Find a way to not use direct module comparison ./inc/install-functions.php:446: // @TODO Comparing with DEFAULT_MAIN_TITLE doesn't work ./inc/install-functions.php:97: // @TODO DEACTIVATED: changeDataInLocalConfigurationFile('OUTPUT-MODE', "setConfigEntry('OUTPUT_MODE', '", "');", postRequestElement('omode'), 0); -./inc/language/de.php:1161: // @TODO Rewrite these two constants -./inc/language/de.php:1177: // @TODO Rewrite these three constants +./inc/language/de.php:1162: // @TODO Rewrite these two constants +./inc/language/de.php:1178: // @TODO Rewrite these three constants ./inc/language/de.php:46: // @TODO Please sort these language elements ./inc/language/de.php:748:// @TODO Are these constants longer used? ./inc/language-functions.php:254: // @TODO These are all valid languages, again hard-coded diff --git a/inc/extensions/ext-blacklist.php b/inc/extensions/ext-blacklist.php index 988102d3c1..25a325b96f 100644 --- a/inc/extensions/ext-blacklist.php +++ b/inc/extensions/ext-blacklist.php @@ -72,12 +72,15 @@ INDEX (`pool_id`)", // Add configuration addConfigAddSql('email_blacklist', "ENUM('Y','N') NOT NULL DEFAULT 'Y'"); + addConfigAddSql('ip_blacklist', "ENUM('Y','N') NOT NULL DEFAULT 'Y'"); addConfigAddSql('url_blacklist', "ENUM('Y','N') NOT NULL DEFAULT 'Y'"); // Register filters registerFilter(__FILE__, __LINE__, 'pre_user_registration' , 'CHECK_EMAIL_BLACKLISTED', FALSE, TRUE, isExtensionDryRun()); + registerFilter(__FILE__, __LINE__, 'pre_user_registration' , 'CHECK_IP_BLACKLISTED' , FALSE, TRUE, isExtensionDryRun()); registerFilter(__FILE__, __LINE__, 'pre_update_user_data' , 'CHECK_EMAIL_BLACKLISTED', FALSE, TRUE, isExtensionDryRun()); registerFilter(__FILE__, __LINE__, 'post_email_blacklisted', 'LOG_EMAIL_BLACKLISTED' , FALSE, TRUE, isExtensionDryRun()); + registerFilter(__FILE__, __LINE__, 'post_ip_blacklisted' , 'LOG_IP_BLACKLISTED' , FALSE, TRUE, isExtensionDryRun()); break; case 'remove': // Do stuff when removing extension @@ -89,8 +92,10 @@ INDEX (`pool_id`)", // Unregister filters unregisterFilter(__FILE__, __LINE__, 'pre_user_registration' , 'CHECK_EMAIL_BLACKLISTED', TRUE, isExtensionDryRun()); + unregisterFilter(__FILE__, __LINE__, 'pre_user_registration' , 'CHECK_IP_BLACKLISTED' , TRUE, isExtensionDryRun()); unregisterFilter(__FILE__, __LINE__, 'pre_update_user_data' , 'CHECK_EMAIL_BLACKLISTED', TRUE, isExtensionDryRun()); unregisterFilter(__FILE__, __LINE__, 'post_email_blacklisted', 'LOG_EMAIL_BLACKLISTED' , TRUE, isExtensionDryRun()); + unregisterFilter(__FILE__, __LINE__, 'post_ip_blacklisted' , 'LOG_IP_BLACKLISTED' , TRUE, isExtensionDryRun()); break; case 'activate': // Do stuff when admin activates this extension diff --git a/inc/filter/blacklist_filter.php b/inc/filter/blacklist_filter.php index 289d27105f..00e886c532 100644 --- a/inc/filter/blacklist_filter.php +++ b/inc/filter/blacklist_filter.php @@ -45,7 +45,9 @@ function FILTER_CHECK_EMAIL_BLACKLISTED ($filterData) { // Is the email address blacklisted? if (($filterData['init_done'] === TRUE) && (isEmailBlacklistEnabled()) && (isEmailBlacklisted($filterData['post_data']['email']))) { // Then abort here - $filterData['init_done'] = FALSE; + $filterData['init_done'] = FALSE; + $filterData['blacklisted'] = 'email'; + $filterData['message'] = '{--EMAIL_IS_BLACKLISTED--}'; // Run filter chain for successful detection (don't rely on other fields than 'email') here runFilterChain('post_email_blacklisted', $filterData); @@ -55,10 +57,38 @@ function FILTER_CHECK_EMAIL_BLACKLISTED ($filterData) { return $filterData; } +// Filter to check if IP address is blacklisted +function FILTER_CHECK_IP_BLACKLISTED ($filterData) { + // Is the IP address blacklisted? + if (($filterData['init_done'] === TRUE) && (isEmailBlacklistEnabled()) && (isIpBlacklisted(determineRealRemoteAddress()))) { + // Then abort here + $filterData['init_done'] = FALSE; + $filterData['blacklisted'] = 'ip'; + $filterData['message'] = '{--IP_IS_BLACKLISTED--}'; + + // Run filter chain for successful detection (don't rely on other fields than 'IP') here + runFilterChain('post_ip_blacklisted', $filterData); + } // END - if + + // Return filtered data + return $filterData; +} + // Filter for logging blacklisted email addresses, is being called from above filter function FILTER_LOG_EMAIL_BLACKLISTED ($filerData) { // Make sure, that required data is there - assert((isset($filterData['init_done'])) && (isset($filterData['post_data']['email']))); + assert((isset($filterData['init_done'])) && ($filterData['blacklisted'] == 'email')); + + // @TODO Insert log entry + + // Return filtered data + return $filterData; +} + +// Filter for logging blacklisted IP addresses, is being called from above filter +function FILTER_LOG_IP_BLACKLISTED ($filerData) { + // Make sure, that required data is there + assert((isset($filterData['init_done'])) && ($filterData['blacklisted'] == 'ip')); // @TODO Insert log entry diff --git a/inc/language/blacklist_de.php b/inc/language/blacklist_de.php index 1884f02bb6..a9f59b22de 100644 --- a/inc/language/blacklist_de.php +++ b/inc/language/blacklist_de.php @@ -46,6 +46,7 @@ addMessages(array( 'ADMIN_CONFIG_BLACKLIST_TITLE' => "Konfiguration von Sperrlisten", 'ADMIN_CONFIG_BLACKLIST_LEGEND' => "Sperrlisten aktvieren:", 'ADMIN_CONFIG_EMAIL_BLACKLIST_ENABLED' => "Sperrliste für Email-Adressen aktivieren?", + 'ADMIN_CONFIG_IP_BLACKLIST_ENABLED' => "Sperrliste für IP-Adressen aktivieren?", 'ADMIN_CONFIG_URL_BLACKLIST_ENABLED' => "Sperrliste für gebuchte URLs aktivieren?", 'ADMIN_CONFIG_BLACKLIST_NOTICE' => "Hinweise: Die Sperrliste für Email-Adressen gilt sowohl für die Mitgliedsanmeldung als auch wenn das Mitglied seine Daten ändert. Ist die vom Mitglied eingegebene Email-Adresse gesperrt, wird diese nicht angenommen. Die URL-Sperrliste gilt für alle Erweiterungen (Besuchertausch, Mailbuchung, Forced-Buchungen usw.).", )); diff --git a/inc/language/de.php b/inc/language/de.php index cfbd7727de..067d648cd2 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1025,7 +1025,8 @@ addMessages(array( 'UNKNOWN_ERROR_CODE' => "Unbekannter Fehlercode 0x{%%pipe,getHexErrorCode=%s%%} erkannt.", 'LOADER_SECURITY_HASH_MISMATCH' => "Der Sicherheitshash für den Dereferrer stimmt nicht mit der URL überein.", 'URL_IS_BLACKLISTED' => "URL ist gesperrt.", - 'MEMBER_EMAIL_BLACKLISTED' => "Ihre Email-Adresse darf bei uns nicht verwendet werden. Bitte setzen Sie sich mit uns in Verbindung.", + 'EMAIL_IS_BLACKLISTED' => "Ihre Email-Adresse darf bei uns nicht verwendet werden. Bitte setzen Sie sich mit uns in Verbindung.", + 'IP_IS_BLACKLISTED' => "Die von Ihnen derzeit verwendete IP-Adresse ist bei uns gesperrt. Bitte setzen Sie sich mit uns in Verbindung.", 'DATA_IS_HIDDEN' => "Daten sind verdeckt.", 'ADMIN_BOOKING_PACKAGE_ID' => "Buchungspaket", 'ADMIN_BOOKING_PACKAGE_LINK' => "Zum Paket ...", diff --git a/inc/language/mydata_de.php b/inc/language/mydata_de.php index 339acdb82c..d87a7fd23e 100644 --- a/inc/language/mydata_de.php +++ b/inc/language/mydata_de.php @@ -45,6 +45,7 @@ addMessages(array( 'MEMBER_PROFILE_LAST_CHANGE' => "Letzte Änderung", 'MEMBER_PROFILE_UPDATED' => "Ihre Profildaten wurden aktualisiert.", 'MEMBER_EMAIL_IS_ALREADY_REGISTERED' => "Die Email-Adresse wird bereits von einem anderen Account verwendet.", + 'PRE_UPDATE_USER_DATA_FAILED' => "Überprüfung Ihrer Mitgliedsdaten vor Aktualisierung fehlgeschlagen. Bitte setzen Sie sich mit uns in Verbindung.", )); // [EOF] diff --git a/inc/libs/blacklist_functions.php b/inc/libs/blacklist_functions.php index 05803c8c27..70f45e96e9 100644 --- a/inc/libs/blacklist_functions.php +++ b/inc/libs/blacklist_functions.php @@ -40,6 +40,24 @@ if (!defined('__SECURITY')) { die(); } // END - if +// Checks whether given email is blacklisted +function isEmailBlacklisted ($email) { + // Call inner function + return isGenericBlacklisted('email', $email); +} + +// Checks whether given IP is blacklisted +function isIpBlacklisted ($ip) { + // Call inner function + return isGenericBlacklisted('ip', $ip); +} + +// Checks whether given URL is blacklisted +function isUrlBlacklisted ($url) { + // Call inner function + return isGenericBlacklisted('url', $email); +} + // Checks whether given data is blacklisted function isGenericBlacklisted ($type, $data) { // Mark it as not listed by default @@ -92,13 +110,19 @@ LIMIT 1", // Inserts a given email (pattern) in blacklist if not found function insertEmailInBlacklist ($email, $provider = 'BLACKLIST') { // Call inner function - insertGenericInBlacklist ('email', $email, NULL, $provider); + return insertGenericInBlacklist ('email', $email, NULL, $provider); } -// Inserts a given URL in blacklist if not found +// Inserts a given IP (pattern) in blacklist if not found +function insertIpInBlacklist ($ip, $provider = 'BLACKLIST') { + // Call inner function + return insertGenericInBlacklist ('ip', $ip, NULL, $provider); +} + +// Inserts a given URL (pattern) in blacklist if not found function insertUrlInBlacklist ($url, $poolId, $provider = 'BLACKLIST') { // Call inner function - insertGenericInBlacklist ('url', $url, $poolId, $provider); + return insertGenericInBlacklist ('url', $url, $poolId, $provider); } // Inserts a given URL in blacklist if not found @@ -129,18 +153,9 @@ function insertGenericInBlacklist ($type, $data, $poolId = NULL, $provider = 'BL strtoupper($type) ), __FUNCTION__, __LINE__); } // END - if -} -// Checks whether given email is blacklisted -function isEmailBlacklisted ($email) { - // Call inner function - return isGenericBlacklisted('email', $email); -} - -// Checks whether given URL is blacklisted -function isUrlBlacklisted ($url) { - // Call inner function - return isGenericBlacklisted('url', $email); + // Return insert id for debugging/reporting pursposes + return SQL_INSERT_ID(); } // ---------------------------------------------------------------------------- @@ -183,5 +198,17 @@ function isEmailBlacklistEnabled () { return $GLOBALS[__FUNCTION__]; } +// Wrapper to check if ip_blacklist is enabled +function isIpBlacklistEnabled () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Determine it + $GLOBALS[__FUNCTION__] = (getConfig('ip_blacklist') == 'Y'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + // [EOF] ?> diff --git a/inc/libs/register_functions.php b/inc/libs/register_functions.php index 2d6c8e719e..0fe4451f87 100644 --- a/inc/libs/register_functions.php +++ b/inc/libs/register_functions.php @@ -287,23 +287,25 @@ function doUserRegistration () { reportBug(__FUNCTION__, __LINE__, 'Tried to register a user account without ext-user installed.'); } // END - if + // Init extra SQL data + initExtraRegistrationSql(); + // Init filter data $filterData = array( // Initialization not done by default - 'init_done' => FALSE, - 'post_data' => postRequestArray(), + 'init_done' => FALSE, + 'post_data' => postRequestArray(), + 'blacklisted' => '', + 'message' => '{--PRE_USER_REGISTRATION_FAILED--}', ); - // Init extra SQL data - initExtraRegistrationSql(); - // Run the pre-registration chain $filterData = runFilterChain('pre_user_registration', $filterData); // Did the initialization work? if ($filterData['init_done'] === FALSE) { // Something bad happened! - displayMessage('{--PRE_USER_REGISTRATION_FAILED--}'); + displayMessage($filterData['message']); // Stop here return FALSE; diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index d79da15362..270d746505 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -246,15 +246,17 @@ LIMIT 1', if (postRequestElement('email') != $content['email']) { // Yes, but is it maybe blacklisted? $filterData = array( - 'init_done' => TRUE, - 'post_data' => postRequestArray() + 'init_done' => TRUE, + 'post_data' => postRequestArray(), + 'blacklisted' => '', + 'message' => '{--PRE_UPDATE_USER_DATA_FAILED--}', ); $filterData = runFilterChain('pre_update_user_data', $filterData); // Is it blacklisted? if ($filterData['init_done'] === FALSE) { - // Blacklisted email address found - displayMessage('{--MEMBER_EMAIL_BLACKLISTED--}'); + // Found something blacklisted + displayMessage($filterData['message']); return; } // END - if diff --git a/templates/de/html/admin/admin_config_blacklist.tpl b/templates/de/html/admin/admin_config_blacklist.tpl index 3648fff521..7ab90d7716 100644 --- a/templates/de/html/admin/admin_config_blacklist.tpl +++ b/templates/de/html/admin/admin_config_blacklist.tpl @@ -15,6 +15,13 @@ +
+ +
+ {%template,ConfigurationYesNoSelectionBox=ip_blacklist%} +
+
+
-- 2.39.5