Skip to content

Commit

Permalink
initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
alxndr-w committed Feb 9, 2020
1 parent 1660fc1 commit 495355a
Show file tree
Hide file tree
Showing 8 changed files with 342 additions and 0 deletions.
4 changes: 4 additions & 0 deletions boot.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
<?php
rex_extension::register('PACKAGES_INCLUDED', function (rex_extension_point $ep) {
rex_yform::addTemplatePath($this->getPath('ytemplates'));
});
53 changes: 53 additions & 0 deletions install.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
<?php

rex_sql_table::get(rex::getTable('yform_spam_protection_frequency'))
->ensureColumn(new rex_sql_column('ipv4', 'int(10) unsigned', true))
->ensureColumn(new rex_sql_column('ipv6', 'varbinary(16)', true))
->ensureColumn(new rex_sql_column('createdate', 'datetime', false, null, 'on update CURRENT_TIMESTAMP'))
->ensureColumn(new rex_sql_column('was_blocked', 'bit(1)'))
->ensure();

if (!$this->hasConfig("notification_email")) {
$this->setConfig('notification_email', "");
}

if (!$this->hasConfig("timer")) {
$this->setConfig('timer', 1);
}

if (!$this->hasConfig("timer_session")) {
$this->setConfig('timer_session', 2);
}

if (!$this->hasConfig("timer_form")) {
$this->setConfig('timer_form', 5);
}

if (!$this->hasConfig("honeypot")) {
$this->setConfig('honeypot', 1);
}

if (!$this->hasConfig("ip_block")) {
$this->setConfig('ip_block', 1);
}

if (!$this->hasConfig("ip_block_limit")) {
$this->setConfig('ip_block', 10);
}
if (!$this->hasConfig("ip_block_timer")) {
$this->setConfig('ip_block', 300);
}

if (!$this->hasConfig("geo_block")) {
$this->setConfig('geo_block', 0);
}

if (!$this->hasConfig("tld_block")) {
$this->setConfig('tld_block', 0);
}
if (!$this->hasConfig("tld_list")) {
$this->setConfig('tld_list', ".ru");
}
if (!$this->hasConfig("warning")) {
$this->setConfig('warning', "Ihre Anfrage wurde als Spam erkannt und nicht zugestellt. Sollte dies irrtümlich passiert sein, wenden Sie sich bitte an den Betreiber der Website.");
}
32 changes: 32 additions & 0 deletions lib/ycom.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
<?php

class rex_ycom
{
public static $tables = [];

public static function addTable($table_name)
{
self::$tables[] = $table_name;
}

public static function getTables()
{
return self::$tables;
}

public static function parseText($text)
{
$text = nl2br(trim($text));
return '<p>' . $text . '</p>';
}

public static function cut($text, $size = 15, $t = ' (...) ')
{
$s = strlen($text);
if ($s > $size) {
$start = (int) ($size / 2);
return substr($text, 0, $start) . $t . substr($text, -$start);
}
return $text;
}
}
68 changes: 68 additions & 0 deletions lib/ycom_user.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
<?php

class rex_ycom_user extends \rex_yform_manager_dataset
{
public static function getMe()
{
return rex_ycom_auth::getUser();
}

public function isInGroup($group_id)
{
$ycom_groups = $this->getValue('ycom_groups');

if ('' == $group_id) {
return true;
}
if ('' != $ycom_groups) {
$ycom_groups_array = explode(',', $ycom_groups);
if (in_array($group_id, $ycom_groups_array)) {
return true;
}
}

return false;
}

public function getPassword()
{
return $this->password;
}

public static function createUserByEmail(array $data)
{
$data['status'] = 1;
$data['password'] = str_shuffle('1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
$data['login'] = $data['email'];
$data['login_tries'] = 0;
$data['termofuse_accepted'] = 0;

$data = rex_extension::registerPoint(new rex_extension_point('YCOM_USER_CREATE', $data, []));

$user = self::create();
foreach ($data as $k => $v) {
$user->setValue($k, $v);
}
if ($user->save()) {
return $user;
}
return null;
}

public static function updateUser(array $data)
{
$data = rex_extension::registerPoint(new rex_extension_point('YCOM_USER_UPDATE', $data, []));
$user = self::getMe();

if (!$user) {
return false;
}

foreach ($data as $k => $v) {
$user->setValue($k, $v);
}

return $user
->save();
}
}
73 changes: 73 additions & 0 deletions lib/yform/value/spam_protection.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
<?php

class rex_yform_value_spam_protection extends rex_yform_value_abstract
{
public function postValidateAction()
{
rex_login::startSession();

$debug = (int)$this->getElement(4);
$session_timestamp = rex_request::session('spamfilter');
$form_timestamp = rex_request($this->getFieldId()."_microtime", 'int', false);

$ipv4 = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
$ipv6 = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);

if ($debug) {
rex_sql::factory()->setDebug($debug)->setQuery("DELETE FROM rex_yform_spam_protection_frequency WHERE createdate < (NOW() - INTERVAL ".rex_config::get('yform_spam_protection', 'ip_block_timer')." SECOND)");
}

$count = rex_sql::factory()->setDebug($debug)->getArray("SELECT count(`createdate`) AS `count` FROM rex_yform_spam_protection_frequency WHERE `ipv4` = INET_ATON(:ipv4) AND `ipv6` = :ipv6", [':ipv4' => $ipv4, ':ipv6' => $ipv6])[0]['count'];

$log = [];

if ($this->params['send'] == 1) {
if (rex_request($this->getFieldId()) != "") {
$this->params['warning'][$this->getId()] = $this->params['error_class'];
$this->params['warning_messages'][$this->getId()] = $this->getElement(3);
$log[] = "honeypot wurde ausgefüllt: ".rex_request($this->getFieldId());
}

if(rex_config::get('yform_spam_protection', 'ip_block_limit') > $count) {
rex_sql::factory()->setDebug($debug)->setQuery("INSERT INTO rex_yform_spam_protection_frequency (`ipv4`, `ipv6`, `createdate`, `was_blocked`) VALUES (INET_ATON(:ipv4), :ipv6, NOW(), 1)", [':ipv4'=>$ipv4, ':ipv6'=>$ipv6]);
$this->params['warning'][$this->getId()] = $this->params['error_class'];
$this->params['warning_messages'][$this->getId()] = $this->getElement(3);
$log[] = "ip hat zu viele Versuche in kürzester Zeit unternommen";
} else {
rex_sql::factory()->setDebug($debug)->setQuery("INSERT INTO rex_yform_spam_protection_frequency (`ipv4`, `ipv6`, `createdate`, `was_blocked`) VALUES (INET_ATON(:ipv4), :ipv6, NOW(), 0)", [':ipv4'=>$ipv4, ':ipv6'=>$ipv6]);
}

if (($session_timestamp + rex_config::get('yform_spam_protection', 'timer_session')) > microtime(true)) {
$this->params['warning'][$this->getId()] = $this->params['error_class'];
$this->params['warning_messages'][$this->getId()] = $this->getElement(3);
$log[] = "session-microtime nicht eingehalten: $session_timestamp + ".rex_config::get('yform_spam_protection', 'timer_session')." > ".microtime(true);
}

if (($form_timestamp + rex_config::get('yform_spam_protection', 'timer_form')) > microtime(true)) {
$this->params['warning'][$this->getId()] = $this->params['error_class'];
$this->params['warning_messages'][$this->getId()] = $this->getElement(3);
$log[] = "formular-microtime nicht eingehalten: $form_timestamp + ".rex_config::get('yform_spam_protection', 'timer_form')." > ".microtime(true);
} else {
$log[] = "formular-microtime eingehalten: $form_timestamp + ".rex_config::get('yform_spam_protection', 'timer')." > ".microtime(true);
}
}

if ($debug) {
dump($log);
}

rex_request::setSession('spamfilter', microtime(true));
}

public function enterObject()
{
if ($this->needsOutput()) {
$this->params['form_output'][$this->getId()] = $this->parse('value.spam_protection.tpl.php', []);
}
}

public function getDescription()
{
return 'spam_protection|honeypot|label(Bitte nicht ausfüllen)|Fehler(Ihre Anfrage wurde als Spam erkannt.)|Debugmodus(0/1)';
}
}
18 changes: 18 additions & 0 deletions package.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package: yform_spam_protection
version: '1.0'
author: 'Alexander Walther'
supportpage: https://github.com/alexplusde/yform_spam_protection

requires:
packages:
yform/manager: '>=3,<4'

page:
hidden: true

pages:
yform/spam_protection:
title: 'Spamschutz'

default_config:
timer: 5
82 changes: 82 additions & 0 deletions pages/yform.spam_protection.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
<?php

echo \rex_view::title(\rex_i18n::msg('yform'));


if (rex::getUser()->isAdmin()) {
$form = rex_config_form::factory($this->getProperty('package'));

$form->addFieldset("Einstellungen");

$field = $form->addTextField('warning');
$field->setLabel('Fehlermeldung');
$field->setNotice("Fehlermeldung, die die Validierung ausgeben soll. Kann mit dem Addon Sprog oder XOutputFilter mehrsprachig übersetzt werden.");

$field = $form->addSelectField('timer');
$field->setLabel("Timer");
$select = $field->getSelect();
$select->setSize(1);
$select->addOption("aktivieren", 1);
$select->addOption("deaktivieren", 0);

$field = $form->addSelectField('honeypot');
$field->setLabel("Honeypot");
$select = $field->getSelect();
$select->setSize(1);
$select->addOption("aktivieren", 1);
$select->addOption("deaktivieren", 0);

$field = $form->addSelectField('ip_block');
$field->setLabel("dynamische IP-Sperre");
$field->setNotice("Sollten zu viele Formulare über diese IP-Adresse versendet werden, wird die IP für eine bestimmte Zeit geblockt.");
$select = $field->getSelect();
$select->setSize(1);
$select->addOption("aktivieren", 1);
$select->addOption("deaktivieren", 0);

$form->addFieldset("Erweiterte Einstellungen");

$field = $form->addReadOnlyTextField('notification_email');
$field->setLabel('E-Mail-Adresse');
$field->setNotice("Adresse, die bei erhöhtem Spam-Aufkommen benachrichtigt wird.");

$field = $form->addTextField('timer_session');
$field->setLabel('Timer 1');
$field->setNotice("Anzahl der Sekunden, die mind. für die Bearbeitung oder Korrektur eines Formulars benötigt werden.");

$field = $form->addTextField('timer_form');
$field->setLabel('Timer 2');
$field->setNotice("Anzahl der Sekunden, die mind. seit dem 1. Aufruf eines Formulars vergehen muss.");

$field = $form->addTextField('ip_block_limit');
$field->setLabel('IP-Sperren-Limit');
$field->setNotice("Anzahl, die im IP-Sperren-Zeitfenster überschritten werden muss, z.B. <code>10</code> pro Zeitfenster");

$field = $form->addTextField('ip_block_timer');
$field->setLabel('IP-Sperren-Zeitfenster');
$field->setNotice("In Sekunden, in denen das Anfrage-Limit überschritten werden muss, z.B. <code>600</code> für 10 Minuten.");

$field = $form->addSelectField('geo_block');
$field->setLabel("GeoIP-Sperre");
$select = $field->getSelect();
$select->setSize(1);
$select->addOption("aktivieren", 1);
$select->addOption("deaktivieren", 0);

$field = $form->addSelectField('tld_block');
$field->setLabel("IP-Sperre");
$select = $field->getSelect();
$select->setSize(1);
$select->addOption("aktivieren", 1);
$select->addOption("deaktivieren", 0);

$field = $form->addTextField('tld_list');
$field->setLabel('Top-Level-Domains');
$field->setNotice("Top-Level-Domains, an die kein Versand erfolgen soll, bspw. <code>.ru</code>");

$fragment = new rex_fragment();
$fragment->setVar('class', 'edit', false);
$fragment->setVar('title', "Schaltflächen zur Datenschutzerklärung", false);
$fragment->setVar('body', $form->get(), false);
echo $fragment->parse('core/page/section.php');
}
12 changes: 12 additions & 0 deletions ytemplates/bootstrap/value.spam_protection.tpl.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<div id="<?= $this->getHTMLId() ?>">
<label for="<?= $this->getFieldId() ?>"><?= $this->getLabel() ?></label>
<input id="<?= $this->getFieldId() ?>" name="<?= $this->getFieldId() ?>" type="email" autocomplete="off" tabindex="-1">
<input id="<?= $this->getFieldId() ?>_microtime" name="<?= $this->getFieldId() ?>_microtime" type="hidden" value="<?= microtime(true) ?>" readonly="readonly" tabindex="-1">
<style>
[id="<?=$this->getHTMLId() ?>"] {
overflow: hidden;
height: 1px;
opacity: 100%;
}
</style>
</div>

0 comments on commit 495355a

Please sign in to comment.