-
Notifications
You must be signed in to change notification settings - Fork 7
/
secure.logic.php
83 lines (75 loc) · 2.24 KB
/
secure.logic.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
/* This file aims to avoid spam in many different ways such as rate limit. */
require_once('predis/autoload.php');
require_once('util4p/CRObject.class.php');
require_once('util4p/Validator.class.php');
require_once('util4p/ReSession.class.php');
require_once('util4p/CRLogger.class.php');
require_once('util4p/AccessController.class.php');
require_once('util4p/Random.class.php');
require_once('Code.class.php');
require_once('UserManager.class.php');
require_once('config.inc.php');
require_once('init.inc.php');
/* list IPs being blocked */
function list_blocked()
{
if (!AccessController::hasAccess(Session::get('role', 'visitor'), 'rc.list')) {
$res['errno'] = Code::NO_PRIVILEGE;
return $res;
}
$res['errno'] = Code::SUCCESS;
$res['list'] = RateLimiter::listPunished();
return $res;
}
/**/
function get_blocked_time($ip)
{
if (!AccessController::hasAccess(Session::get('role', 'visitor'), 'rc.list')) {
$res['errno'] = Code::NO_PRIVILEGE;
return $res;
}
$res['errno'] = Code::SUCCESS;
$res['time'] = RateLimiter::getFreezeTime($ip);
return $res;
}
/**/
function block(CRObject $rule)
{
if (!AccessController::hasAccess(Session::get('role', 'visitor'), 'rc.block')) {
$res['errno'] = Code::NO_PRIVILEGE;
return $res;
}
$res['errno'] = Code::SUCCESS;
$ip = $rule->get('ip');
if ($ip === null) {
$res['errno'] = Code::FAIL;
return $res;
}
$r = array('degree' => 9999, 'interval' => $rule->getInt('time', 3600));
RateLimiter::punish($r, $ip);
$log = new CRObject();
$log->set('scope', Session::get('username'));
$log->set('tag', 'secure.block');
$content = array('ip' => $ip, 'time' => $rule->getInt('time', 3600), 'response' => $res['errno']);
$log->set('content', json_encode($content));
CRLogger::log($log);
return $res;
}
/**/
function unblock(CRObject $rule)
{
if (!AccessController::hasAccess(Session::get('role', 'visitor'), 'rc.unblock')) {
$res['errno'] = Code::NO_PRIVILEGE;
return $res;
}
RateLimiter::clear($rule->get('ip'));
$res['errno'] = Code::SUCCESS;
$log = new CRObject();
$log->set('scope', Session::get('username'));
$log->set('tag', 'secure.unblock');
$content = array('ip' => $rule->get('ip'), 'response' => $res['errno']);
$log->set('content', json_encode($content));
CRLogger::log($log);
return $res;
}