-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
342 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
<?php | ||
rex_extension::register('PACKAGES_INCLUDED', function (rex_extension_point $ep) { | ||
rex_yform::addTemplatePath($this->getPath('ytemplates')); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?php | ||
|
||
rex_sql_table::get(rex::getTable('yform_spam_protection_frequency')) | ||
->ensureColumn(new rex_sql_column('ipv4', 'int(10) unsigned', true)) | ||
->ensureColumn(new rex_sql_column('ipv6', 'varbinary(16)', true)) | ||
->ensureColumn(new rex_sql_column('createdate', 'datetime', false, null, 'on update CURRENT_TIMESTAMP')) | ||
->ensureColumn(new rex_sql_column('was_blocked', 'bit(1)')) | ||
->ensure(); | ||
|
||
if (!$this->hasConfig("notification_email")) { | ||
$this->setConfig('notification_email', ""); | ||
} | ||
|
||
if (!$this->hasConfig("timer")) { | ||
$this->setConfig('timer', 1); | ||
} | ||
|
||
if (!$this->hasConfig("timer_session")) { | ||
$this->setConfig('timer_session', 2); | ||
} | ||
|
||
if (!$this->hasConfig("timer_form")) { | ||
$this->setConfig('timer_form', 5); | ||
} | ||
|
||
if (!$this->hasConfig("honeypot")) { | ||
$this->setConfig('honeypot', 1); | ||
} | ||
|
||
if (!$this->hasConfig("ip_block")) { | ||
$this->setConfig('ip_block', 1); | ||
} | ||
|
||
if (!$this->hasConfig("ip_block_limit")) { | ||
$this->setConfig('ip_block', 10); | ||
} | ||
if (!$this->hasConfig("ip_block_timer")) { | ||
$this->setConfig('ip_block', 300); | ||
} | ||
|
||
if (!$this->hasConfig("geo_block")) { | ||
$this->setConfig('geo_block', 0); | ||
} | ||
|
||
if (!$this->hasConfig("tld_block")) { | ||
$this->setConfig('tld_block', 0); | ||
} | ||
if (!$this->hasConfig("tld_list")) { | ||
$this->setConfig('tld_list', ".ru"); | ||
} | ||
if (!$this->hasConfig("warning")) { | ||
$this->setConfig('warning', "Ihre Anfrage wurde als Spam erkannt und nicht zugestellt. Sollte dies irrtümlich passiert sein, wenden Sie sich bitte an den Betreiber der Website."); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<?php | ||
|
||
class rex_ycom | ||
{ | ||
public static $tables = []; | ||
|
||
public static function addTable($table_name) | ||
{ | ||
self::$tables[] = $table_name; | ||
} | ||
|
||
public static function getTables() | ||
{ | ||
return self::$tables; | ||
} | ||
|
||
public static function parseText($text) | ||
{ | ||
$text = nl2br(trim($text)); | ||
return '<p>' . $text . '</p>'; | ||
} | ||
|
||
public static function cut($text, $size = 15, $t = ' (...) ') | ||
{ | ||
$s = strlen($text); | ||
if ($s > $size) { | ||
$start = (int) ($size / 2); | ||
return substr($text, 0, $start) . $t . substr($text, -$start); | ||
} | ||
return $text; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
<?php | ||
|
||
class rex_ycom_user extends \rex_yform_manager_dataset | ||
{ | ||
public static function getMe() | ||
{ | ||
return rex_ycom_auth::getUser(); | ||
} | ||
|
||
public function isInGroup($group_id) | ||
{ | ||
$ycom_groups = $this->getValue('ycom_groups'); | ||
|
||
if ('' == $group_id) { | ||
return true; | ||
} | ||
if ('' != $ycom_groups) { | ||
$ycom_groups_array = explode(',', $ycom_groups); | ||
if (in_array($group_id, $ycom_groups_array)) { | ||
return true; | ||
} | ||
} | ||
|
||
return false; | ||
} | ||
|
||
public function getPassword() | ||
{ | ||
return $this->password; | ||
} | ||
|
||
public static function createUserByEmail(array $data) | ||
{ | ||
$data['status'] = 1; | ||
$data['password'] = str_shuffle('1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'); | ||
$data['login'] = $data['email']; | ||
$data['login_tries'] = 0; | ||
$data['termofuse_accepted'] = 0; | ||
|
||
$data = rex_extension::registerPoint(new rex_extension_point('YCOM_USER_CREATE', $data, [])); | ||
|
||
$user = self::create(); | ||
foreach ($data as $k => $v) { | ||
$user->setValue($k, $v); | ||
} | ||
if ($user->save()) { | ||
return $user; | ||
} | ||
return null; | ||
} | ||
|
||
public static function updateUser(array $data) | ||
{ | ||
$data = rex_extension::registerPoint(new rex_extension_point('YCOM_USER_UPDATE', $data, [])); | ||
$user = self::getMe(); | ||
|
||
if (!$user) { | ||
return false; | ||
} | ||
|
||
foreach ($data as $k => $v) { | ||
$user->setValue($k, $v); | ||
} | ||
|
||
return $user | ||
->save(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
<?php | ||
|
||
class rex_yform_value_spam_protection extends rex_yform_value_abstract | ||
{ | ||
public function postValidateAction() | ||
{ | ||
rex_login::startSession(); | ||
|
||
$debug = (int)$this->getElement(4); | ||
$session_timestamp = rex_request::session('spamfilter'); | ||
$form_timestamp = rex_request($this->getFieldId()."_microtime", 'int', false); | ||
|
||
$ipv4 = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); | ||
$ipv6 = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); | ||
|
||
if ($debug) { | ||
rex_sql::factory()->setDebug($debug)->setQuery("DELETE FROM rex_yform_spam_protection_frequency WHERE createdate < (NOW() - INTERVAL ".rex_config::get('yform_spam_protection', 'ip_block_timer')." SECOND)"); | ||
} | ||
|
||
$count = rex_sql::factory()->setDebug($debug)->getArray("SELECT count(`createdate`) AS `count` FROM rex_yform_spam_protection_frequency WHERE `ipv4` = INET_ATON(:ipv4) AND `ipv6` = :ipv6", [':ipv4' => $ipv4, ':ipv6' => $ipv6])[0]['count']; | ||
|
||
$log = []; | ||
|
||
if ($this->params['send'] == 1) { | ||
if (rex_request($this->getFieldId()) != "") { | ||
$this->params['warning'][$this->getId()] = $this->params['error_class']; | ||
$this->params['warning_messages'][$this->getId()] = $this->getElement(3); | ||
$log[] = "honeypot wurde ausgefüllt: ".rex_request($this->getFieldId()); | ||
} | ||
|
||
if(rex_config::get('yform_spam_protection', 'ip_block_limit') > $count) { | ||
rex_sql::factory()->setDebug($debug)->setQuery("INSERT INTO rex_yform_spam_protection_frequency (`ipv4`, `ipv6`, `createdate`, `was_blocked`) VALUES (INET_ATON(:ipv4), :ipv6, NOW(), 1)", [':ipv4'=>$ipv4, ':ipv6'=>$ipv6]); | ||
$this->params['warning'][$this->getId()] = $this->params['error_class']; | ||
$this->params['warning_messages'][$this->getId()] = $this->getElement(3); | ||
$log[] = "ip hat zu viele Versuche in kürzester Zeit unternommen"; | ||
} else { | ||
rex_sql::factory()->setDebug($debug)->setQuery("INSERT INTO rex_yform_spam_protection_frequency (`ipv4`, `ipv6`, `createdate`, `was_blocked`) VALUES (INET_ATON(:ipv4), :ipv6, NOW(), 0)", [':ipv4'=>$ipv4, ':ipv6'=>$ipv6]); | ||
} | ||
|
||
if (($session_timestamp + rex_config::get('yform_spam_protection', 'timer_session')) > microtime(true)) { | ||
$this->params['warning'][$this->getId()] = $this->params['error_class']; | ||
$this->params['warning_messages'][$this->getId()] = $this->getElement(3); | ||
$log[] = "session-microtime nicht eingehalten: $session_timestamp + ".rex_config::get('yform_spam_protection', 'timer_session')." > ".microtime(true); | ||
} | ||
|
||
if (($form_timestamp + rex_config::get('yform_spam_protection', 'timer_form')) > microtime(true)) { | ||
$this->params['warning'][$this->getId()] = $this->params['error_class']; | ||
$this->params['warning_messages'][$this->getId()] = $this->getElement(3); | ||
$log[] = "formular-microtime nicht eingehalten: $form_timestamp + ".rex_config::get('yform_spam_protection', 'timer_form')." > ".microtime(true); | ||
} else { | ||
$log[] = "formular-microtime eingehalten: $form_timestamp + ".rex_config::get('yform_spam_protection', 'timer')." > ".microtime(true); | ||
} | ||
} | ||
|
||
if ($debug) { | ||
dump($log); | ||
} | ||
|
||
rex_request::setSession('spamfilter', microtime(true)); | ||
} | ||
|
||
public function enterObject() | ||
{ | ||
if ($this->needsOutput()) { | ||
$this->params['form_output'][$this->getId()] = $this->parse('value.spam_protection.tpl.php', []); | ||
} | ||
} | ||
|
||
public function getDescription() | ||
{ | ||
return 'spam_protection|honeypot|label(Bitte nicht ausfüllen)|Fehler(Ihre Anfrage wurde als Spam erkannt.)|Debugmodus(0/1)'; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package: yform_spam_protection | ||
version: '1.0' | ||
author: 'Alexander Walther' | ||
supportpage: https://github.com/alexplusde/yform_spam_protection | ||
|
||
requires: | ||
packages: | ||
yform/manager: '>=3,<4' | ||
|
||
page: | ||
hidden: true | ||
|
||
pages: | ||
yform/spam_protection: | ||
title: 'Spamschutz' | ||
|
||
default_config: | ||
timer: 5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
<?php | ||
|
||
echo \rex_view::title(\rex_i18n::msg('yform')); | ||
|
||
|
||
if (rex::getUser()->isAdmin()) { | ||
$form = rex_config_form::factory($this->getProperty('package')); | ||
|
||
$form->addFieldset("Einstellungen"); | ||
|
||
$field = $form->addTextField('warning'); | ||
$field->setLabel('Fehlermeldung'); | ||
$field->setNotice("Fehlermeldung, die die Validierung ausgeben soll. Kann mit dem Addon Sprog oder XOutputFilter mehrsprachig übersetzt werden."); | ||
|
||
$field = $form->addSelectField('timer'); | ||
$field->setLabel("Timer"); | ||
$select = $field->getSelect(); | ||
$select->setSize(1); | ||
$select->addOption("aktivieren", 1); | ||
$select->addOption("deaktivieren", 0); | ||
|
||
$field = $form->addSelectField('honeypot'); | ||
$field->setLabel("Honeypot"); | ||
$select = $field->getSelect(); | ||
$select->setSize(1); | ||
$select->addOption("aktivieren", 1); | ||
$select->addOption("deaktivieren", 0); | ||
|
||
$field = $form->addSelectField('ip_block'); | ||
$field->setLabel("dynamische IP-Sperre"); | ||
$field->setNotice("Sollten zu viele Formulare über diese IP-Adresse versendet werden, wird die IP für eine bestimmte Zeit geblockt."); | ||
$select = $field->getSelect(); | ||
$select->setSize(1); | ||
$select->addOption("aktivieren", 1); | ||
$select->addOption("deaktivieren", 0); | ||
|
||
$form->addFieldset("Erweiterte Einstellungen"); | ||
|
||
$field = $form->addReadOnlyTextField('notification_email'); | ||
$field->setLabel('E-Mail-Adresse'); | ||
$field->setNotice("Adresse, die bei erhöhtem Spam-Aufkommen benachrichtigt wird."); | ||
|
||
$field = $form->addTextField('timer_session'); | ||
$field->setLabel('Timer 1'); | ||
$field->setNotice("Anzahl der Sekunden, die mind. für die Bearbeitung oder Korrektur eines Formulars benötigt werden."); | ||
|
||
$field = $form->addTextField('timer_form'); | ||
$field->setLabel('Timer 2'); | ||
$field->setNotice("Anzahl der Sekunden, die mind. seit dem 1. Aufruf eines Formulars vergehen muss."); | ||
|
||
$field = $form->addTextField('ip_block_limit'); | ||
$field->setLabel('IP-Sperren-Limit'); | ||
$field->setNotice("Anzahl, die im IP-Sperren-Zeitfenster überschritten werden muss, z.B. <code>10</code> pro Zeitfenster"); | ||
|
||
$field = $form->addTextField('ip_block_timer'); | ||
$field->setLabel('IP-Sperren-Zeitfenster'); | ||
$field->setNotice("In Sekunden, in denen das Anfrage-Limit überschritten werden muss, z.B. <code>600</code> für 10 Minuten."); | ||
|
||
$field = $form->addSelectField('geo_block'); | ||
$field->setLabel("GeoIP-Sperre"); | ||
$select = $field->getSelect(); | ||
$select->setSize(1); | ||
$select->addOption("aktivieren", 1); | ||
$select->addOption("deaktivieren", 0); | ||
|
||
$field = $form->addSelectField('tld_block'); | ||
$field->setLabel("IP-Sperre"); | ||
$select = $field->getSelect(); | ||
$select->setSize(1); | ||
$select->addOption("aktivieren", 1); | ||
$select->addOption("deaktivieren", 0); | ||
|
||
$field = $form->addTextField('tld_list'); | ||
$field->setLabel('Top-Level-Domains'); | ||
$field->setNotice("Top-Level-Domains, an die kein Versand erfolgen soll, bspw. <code>.ru</code>"); | ||
|
||
$fragment = new rex_fragment(); | ||
$fragment->setVar('class', 'edit', false); | ||
$fragment->setVar('title', "Schaltflächen zur Datenschutzerklärung", false); | ||
$fragment->setVar('body', $form->get(), false); | ||
echo $fragment->parse('core/page/section.php'); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<div id="<?= $this->getHTMLId() ?>"> | ||
<label for="<?= $this->getFieldId() ?>"><?= $this->getLabel() ?></label> | ||
<input id="<?= $this->getFieldId() ?>" name="<?= $this->getFieldId() ?>" type="email" autocomplete="off" tabindex="-1"> | ||
<input id="<?= $this->getFieldId() ?>_microtime" name="<?= $this->getFieldId() ?>_microtime" type="hidden" value="<?= microtime(true) ?>" readonly="readonly" tabindex="-1"> | ||
<style> | ||
[id="<?=$this->getHTMLId() ?>"] { | ||
overflow: hidden; | ||
height: 1px; | ||
opacity: 100%; | ||
} | ||
</style> | ||
</div> |