Update version

Web form protection
CleanTalk · Dec 13, 2017 · 69163c2 · 69163c2
1 parent 520c662
commit 69163c2
Show file tree

Hide file tree

Showing 11 changed files with 2,399 additions and 184 deletions.
diff --git a/cleantalk.antispam/classes/general/JSON.php b/cleantalk.antispam/classes/general/JSON.php
diff --git a/cleantalk.antispam/classes/general/cleantalk.class.php b/cleantalk.antispam/classes/general/cleantalk.class.php
diff --git a/cleantalk.antispam/cleantalk-sfw.class.php b/cleantalk.antispam/cleantalk-sfw.class.php
@@ -0,0 +1,164 @@
+<?php
+class CleanTalkSFW
+{
+	public $ip = 0;
+	public $ip_str = '';
+	public $ip_array = Array();
+	public $ip_str_array = Array();
+	public $blocked_ip = '';
+	public $result = false;
+
+	public function cleantalk_get_real_ip()
+	{
+		if ( function_exists( 'apache_request_headers' ) )
+		{
+			$headers = apache_request_headers();
+		}
+		else
+		{
+			$headers = $_SERVER;
+		}
+		if ( array_key_exists( 'X-Forwarded-For', $headers ) )
+		{
+			$the_ip=explode(",", trim($headers['X-Forwarded-For']));
+			$the_ip = trim($the_ip[0]);
+			$this->ip_str_array[]=$the_ip;
+			$this->ip_array[]=sprintf("%u", ip2long($the_ip));
+		}
+		if ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $headers ))
+		{
+			$the_ip=explode(",", trim($headers['HTTP_X_FORWARDED_FOR']));
+			$the_ip = trim($the_ip[0]);
+			$this->ip_str_array[]=$the_ip;
+			$this->ip_array[]=sprintf("%u", ip2long($the_ip));
+		}
+		$the_ip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 );
+		$this->ip_str_array[]=$the_ip;
+		$this->ip_array[]=sprintf("%u", ip2long($the_ip));
+
+		if(isset($_GET['sfw_test_ip']))
+		{
+			$the_ip=$_GET['sfw_test_ip'];
+			$this->ip_str_array[]=$the_ip;
+			$this->ip_array[]=sprintf("%u", ip2long($the_ip));
+		}
+		//$this->ip_str=$the_ip;
+		//$this->ip=sprintf("%u", ip2long($the_ip));
+		//print sprintf("%u", ip2long($the_ip));
+	}
+
+	public function check_ip()
+	{
+		global $DB;
+		$passed_ip='';
+		for($i=0;$i<sizeof($this->ip_array);$i++)
+		{
+			$r = $DB->Query("select count(network) as cnt from `cleantalk_sfw` where network = ".$this->ip_array[$i]." & mask;");
+
+			$sfw_log=COption::GetOptionString( 'cleantalk.antispam', 'sfw_log', '' );
+
+			if($sfw_log=='')
+			{
+				$sfw_log=Array();
+			}
+			else
+			{
+				$sfw_log=json_decode($sfw_log, true);
+			}
+			$cnt=$r->Fetch();
+			if($cnt['cnt']>0)
+			{
+				$this->result=true;
+				$this->blocked_ip=$this->ip_str_array[$i];
+				if(isset($sfw_log[$this->ip_str_array[$i]]))
+				{
+					$sfw_log[$this->ip_str_array[$i]]['all']++;
+				}
+				else
+				{
+					$sfw_log[$this->ip_str_array[$i]] = Array('datetime'=>time(), 'all' => 1, 'allow' => 0);
+				}
+			}
+			else
+			{
+				$passed_ip = $this->ip_str_array[$i];
+			}
+		}
+		if($passed_ip!='')
+		{
+			$key=COption::GetOptionString( 'cleantalk.antispam', 'key', '' );
+			@setcookie ('ct_sfw_pass_key', md5($passed_ip.$key), 0, "/");
+		}
+		COption::SetOptionString( 'cleantalk.antispam', 'sfw_log', json_encode($sfw_log));
+	}
+
+	public function sfw_die()
+	{
+		$key=COption::GetOptionString( 'cleantalk.antispam', 'key', '' );
+		$sfw_die_page=file_get_contents(dirname(__FILE__)."/sfw_die_page.html");
+		$sfw_die_page=str_replace("{REMOTE_ADDRESS}",$this->blocked_ip,$sfw_die_page);
+		$sfw_die_page=str_replace("{REQUEST_URI}",$_SERVER['REQUEST_URI'],$sfw_die_page);
+		$sfw_die_page=str_replace("{SFW_COOKIE}",md5($this->blocked_ip.$key),$sfw_die_page);
+		@header('HTTP/1.0 403 Forbidden');
+		print $sfw_die_page;
+		die();
+	}
+
+	function send_logs(){
+
+		$is_sfw = COption::GetOptionString( 'cleantalk.antispam', 'form_sfw', 0 );
+		$sfw_log = COption::GetOptionString( 'cleantalk.antispam', 'sfw_log', '' );
+		$ct_key = COption::GetOptionString( 'cleantalk.antispam', 'key', '' );
+
+	    if($is_sfw==1 && $sfw_log!=''){
+
+	    	$sfw_log=json_decode($sfw_log, true);
+	    	$data=Array();
+	    	foreach($sfw_log as $key=>$value){
+	    		$data[]=Array($key, $value['all'], $value['allow'], $value['datetime']);
+			}
+			unset($key, $value);
+	    	$qdata = array (
+				'data' => json_encode($data),
+				'rows' => count($data),
+				'timestamp' => time()
+			);
+
+			$result = CleantalkAntispam::CleantalkSendRequest('https://api.cleantalk.org/?method_name=sfw_logs&auth_key='.$ct_key, $qdata, false);
+
+			$result = json_decode($result);
+
+			if(isset($result->data) && isset($result->data->rows))
+				if($result->data->rows == count($data))
+					COption::SetOptionString( 'cleantalk.antispam', 'sfw_log', '');
+	    }
+		return "CleanTalkSFW::send_logs();";
+	}
+
+	function update_local(){
+		global $DB;
+
+		$key=COption::GetOptionString( 'cleantalk.antispam', 'key', '' );
+
+		$data = Array(	'auth_key' => $key,
+			'method_name' => '2s_blacklists_db'
+		);
+
+		$result = CleantalkAntispam::CleantalkSendRequest('https://api.cleantalk.org/2.1', $data, false);
+		$result = json_decode($result, true);
+
+		if(isset($result['data'])){
+			$result=$result['data'];
+			$query="INSERT INTO `cleantalk_sfw` VALUES ";
+			for($i=0;$i<sizeof($result);$i++){
+				if($i==sizeof($result)-1)
+					$query.="(".$result[$i][0].",".$result[$i][1].");";
+				else
+					$query.="(".$result[$i][0].",".$result[$i][1]."), ";
+			}
+			$DB->Query("TRUNCATE TABLE `cleantalk_sfw`;"); //Clean before write
+			$DB->Query($query);
+		}
+		return "CleanTalkSFW::update_local();";
+	}
+}
diff --git a/cleantalk.antispam/description.en b/cleantalk.antispam/description.en
@@ -1,2 +1,3 @@
 - "Display error on BuyOneClick forms"
-- "Protect forms with GET method"
+- "Protect forms with GET method"
+- "Web forms protection"
diff --git a/cleantalk.antispam/description.ru b/cleantalk.antispam/description.ru
@@ -1,2 +1,3 @@
 - "Вывод ошибки на формах Купить в один клик"
-- "Защита любых форм с GET параметрами"
+- "Защита любых форм с GET параметрами"
+- "Защита Веб форм""
diff --git a/cleantalk.antispam/include.php b/cleantalk.antispam/include.php
@@ -212,7 +212,7 @@ public function OnPageStartHandler()
 	    					$show_notice=1;
 	    					if(LANGUAGE_ID=='ru')
 	    					{
-	    						$review_message = "???????? ???????? ?? CleanTalk? ?????????? ?????? ?? ????! <a target='_blank' href='http://marketplace.1c-bitrix.ru/solutions/cleantalk.antispam/#rating'>???????? ????? ? Bitrix.Marketplace</a>";
+	    						$review_message = "Нравится Анти-спам от CleanTalk? Помогите другим узнать о CleanTalk! <a target='_blank' href='http://marketplace.1c-bitrix.ru/solutions/cleantalk.antispam/#rating'>Оставить отзыв на Bitrix.Marketplace</a>";
 	    					}
 	    					else
 	    					{
@@ -370,6 +370,79 @@ function OnBeforeOrderAddHandler(&$arFields)
 		}
 	}
 
+    /**
+     * *** Web forms section ***
+     */
+
+   /**
+     * Checking web forms
+     * @param $WEB_FORM_ID, &$arFields, &$arrVALUES Comment fields to check
+     * @return null|boolean NULL when success or FALSE when spam detected
+     */
+
+    function OnBeforeResultAddHandler($WEB_FORM_ID, &$arFields, &$arrVALUES)
+    {
+    	global $APPLICATION;
+
+		$ct_status = COption::GetOptionString('cleantalk.antispam', 'status', '0');
+        $ct_webform= COption::GetOptionString('cleantalk.antispam', 'web_form', '0');
+
+        if ($ct_status == 1 && $ct_webform == 1){
+
+			$sender_email = null;
+	    	$message = '';
+
+			$skip_keys = array(
+				'WEB_FORM_ID',
+				'RESULT_ID',
+				'formresult',
+				'sessid',
+				'captcha_',
+				'web_form_submit'
+			);
+
+	    	foreach ($arrVALUES as $key => $value){
+
+				// Skipping keys
+				foreach($skip_keys as $skip){
+					if(strpos($key, $skip) !== false)
+						continue 2;
+				}
+
+				if ($sender_email === null && preg_match("/^\S+@\S+\.\S+$/", $value))
+					$sender_email = $value;
+				else
+					$message.="$value\n";
+		    }
+
+		    $arUser = array();
+			$arUser["type"] = "webform";
+			$arUser["sender_email"] = $sender_email;
+			$arUser["sender_nickname"] = '';
+			$arUser["sender_ip"] = $_SERVER['REMOTE_ADDR'];
+			$arUser["message_title"] = "";
+			$arUser["message_body"] = $message;
+			$arUser["example_title"] = "";
+			$arUser["example_body"] = "";
+			$arUser["example_comments"] = "";
+
+			$aResult =  CleantalkAntispam::CheckAllBefore($arUser,FALSE);
+
+			if(isset($aResult) && is_array($aResult)){
+
+				if($aResult['errno'] == 0){
+
+					if($aResult['allow'] == 1){
+						return; //Not spammer - just return;
+					}else{
+						$APPLICATION->ThrowException($aResult['ct_result_comment']);
+						return false;
+					}
+				}
+			}
+		}
+	}
+
     /**
      * *** TreeLike comments section ***
      */
@@ -968,7 +1041,7 @@ static function CheckAllBefore(&$arEntity, $bSendEmail = FALSE) {
 		}
 
         $type = $arEntity['type'];
-        if($type != 'comment' && $type != 'register' && $type != 'order' && $type != 'feedback_general_contact_form' && $type != 'private_message'){
+        if($type != 'comment' && $type != 'webform' &&$type != 'register' && $type != 'order' && $type != 'feedback_general_contact_form' && $type != 'private_message'){
             CEventLog::Add(array(
                 'SEVERITY' => 'SECURITY',
                 'AUDIT_TYPE_ID' => 'CLEANTALK_E_INTERNAL',
@@ -991,6 +1064,7 @@ static function CheckAllBefore(&$arEntity, $bSendEmail = FALSE) {
 			$checkjs = 1;
 		else
 			$checkjs = 0;
+
 		$pointer_data        = (isset($_COOKIE['ct_pointer_data'])  ? json_decode($_COOKIE['ct_pointer_data']) : '');
 		$js_timezone         = (isset($_COOKIE['ct_timezone'])      ? $_COOKIE['ct_timezone']                  : 'none');
 		$first_key_timestamp = (isset($_COOKIE['ct_fkp_timestamp']) ? $_COOKIE['ct_fkp_timestamp']             : 0);
@@ -1100,6 +1174,20 @@ static function CheckAllBefore(&$arEntity, $bSendEmail = FALSE) {
 				$timelabels_key = 'mail_error_comment';
                 $ct_request->submit_time = $ct_submit_time;
 
+                $ct_request->message .= isset($arEntity['message_body']) ? $arEntity['message_body'] : '';
+
+				$ct_result = $ct->isAllowMessage($ct_request);
+				break;
+
+			case 'webform':
+
+				$a_post_info['comment_type'] = 'webform';
+                $post_info = json_encode($a_post_info);
+				$ct_request->post_info = $post_info;
+
+				$timelabels_key = 'mail_error_comment';
+                $ct_request->submit_time = $ct_submit_time;
+
                 $ct_request->message .= isset($arEntity['message_body']) ? $arEntity['message_body'] : '';
 
 				$ct_result = $ct->isAllowMessage($ct_request);

diff --git a/cleantalk.antispam/install/index.php b/cleantalk.antispam/install/index.php
@@ -134,6 +134,10 @@ function DoInstall() {
 			{
 				RegisterModuleDependences('sale', 'OnBeforeOrderAdd', 'cleantalk.antispam', 'CleantalkAntispam', 'OnBeforeOrderAddHandler');
 			} 
+			if (IsModuleInstalled('form'))
+			{
+				RegisterModuleDependences('form', 'OnBeforeResultAdd', 'cleantalk.antispam', 'CleantalkAntispam', 'OnBeforeResultAddHandler');
+			} 
 		}
 
 		//Adding agents
@@ -186,6 +190,9 @@ function DoUninstall() {
         UnRegisterModuleDependences('main', 'OnBeforeUserRegister', 'cleantalk.antispam', 'CleantalkAntispam', 'OnBeforeUserRegisterHandler');
 		UnRegisterModuleDependences('main', 'OnEndBufferContent', 'cleantalk.antispam', 'CleantalkAntispam', 'OnEndBufferContentHandler');
         UnRegisterModuleDependences('main', 'OnEventLogGetAuditTypes', 'cleantalk.antispam', 'CleantalkAntispam', 'OnEventLogGetAuditTypesHandler');
+		if (IsModuleInstalled('form')){
+			UnRegisterModuleDependences('form', 'OnBeforeResultAdd', 'cleantalk.antispam', 'CleantalkAntispam', 'OnBeforeResultAddHandler');
+		} 
         UnRegisterModule('cleantalk.antispam');
         $this->UnInstallDB();
         $this->UnInstallFiles();

diff --git a/cleantalk.antispam/install/version.php b/cleantalk.antispam/install/version.php
@@ -1,5 +1,5 @@
 <?php
 $arModuleVersion = array(
 	"VERSION" => "3.10.2",
-	"VERSION_DATE" => "2017-12-07 24:00:00"
+	"VERSION_DATE" => "2017-09-12 24:00:00"
 );
diff --git a/cleantalk.antispam/options.php b/cleantalk.antispam/options.php
@@ -59,6 +59,7 @@
     COption::SetOptionString( $sModuleId, 'form_comment_treelike',           $_POST['form_comment_treelike'] == '1'           ? '1' : '0' );
     COption::SetOptionString( $sModuleId, 'form_send_example',               $_POST['form_send_example'] == '1'               ? '1' : '0' );
     COption::SetOptionString( $sModuleId, 'form_order',                      $_POST['form_order'] == '1'                      ? '1' : '0' );
+	COption::SetOptionString( $sModuleId, 'web_form',                        $_POST['web_form'] == '1'                        ? '1' : '0' );
     COption::SetOptionString( $sModuleId, 'is_paid',                         $_POST['is_paid'] == '1'                         ? '1' : '0' );
     COption::SetOptionString( $sModuleId, 'last_checked',                    $_POST['last_checked'] == '1'                    ? '1' : '0' );
     COption::SetOptionString( $sModuleId, 'form_global_check',               $_POST['form_global_check'] == '1'               ? '1' : '0' );
@@ -173,6 +174,12 @@ function ctDdisableInputLine(ct_input_line){
         <td  valign="top">
             <input type="checkbox" name="form_order" id="form_order" <? if ( COption::GetOptionString( $sModuleId, 'form_order', '0' ) == '1'):?> checked="checked"<? endif; ?> value="1" />
         </td>
+    </tr>
+	 <tr>
+        <td width="50%" valign="top"><label for="web_form"><?echo GetMessage( 'CLEANTALK_LABEL_WEB_FORMS' );?>:</td>
+        <td  valign="top">
+            <input type="checkbox" name="web_form" id="web_form" <? if ( COption::GetOptionString( $sModuleId, 'web_form', '0' ) == '1'):?> checked="checked"<? endif; ?> value="1" />
+        </td>
     </tr>
     <tr>
         <td width="50%" valign="top"><label for="form_global_check"><?echo GetMessage( 'CLEANTALK_LABEL_GLOBAL_CHECK' );?>:</td>