TightURL

TightURL Git Source Tree

Root/bad-behavior/bad-behavior-wordpress-admin.php

1<?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
3require_once("bad-behavior/responses.inc.php");
4
5function bb2_admin_pages() {
6    global $wp_db_version;
7
8    if (function_exists('current_user_can')) {
9        // The new 2.x way
10        if (current_user_can('manage_options')) {
11            $bb2_is_admin = true;
12        }
13    } else {
14        // The old 1.x way
15        global $user_ID;
16        if (user_can_edit_user($user_ID, 0)) {
17            $bb2_is_admin = true;
18        }
19    }
20
21    if ($bb2_is_admin) {
22        add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
23        if ($wp_db_version >= 4772) { // Version 2.1 or later
24            add_management_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_manage', 'bb2_manage');
25        }
26        @session_start();
27    }
28}
29
30function bb2_clean_log_link($uri) {
31    foreach (array("paged", "ip", "key", "blocked", "request_method", "user_agent") as $arg) {
32        $uri = remove_query_arg($arg, $uri);
33    }
34    return $uri;
35}
36
37function bb2_httpbl_lookup($ip) {
38    $engines = array(
39        2 => "Bloglines",
40        5 => "Googlebot",
41        8 => "msnbot",
42        9 => "Yahoo! Slurp",
43    );
44    $settings = bb2_read_settings();
45    $httpbl_key = $settings['httpbl_key'];
46    if (!$httpbl_key) return false;
47
48    $r = $_SESSION['httpbl'][$ip];
49    $d = "";
50    if (!$r) { // Lookup
51        $find = implode('.', array_reverse(explode('.', $ip)));
52        $result = gethostbynamel("${httpbl_key}.${find}.dnsbl.httpbl.org.");
53        if (!empty($result)) {
54            $r = $result[0];
55            $_SESSION['httpbl'][$ip] = $r;
56        }
57    }
58    if ($r) { // Interpret
59        $ip = explode('.', $r);
60        if ($ip[0] == 127) {
61            if ($ip[3] == 0) {
62                if ($engines[$ip[2]]) {
63                    $d .= $engines[$ip[2]];
64                } else {
65                    $d .= "Search engine ${ip[2]}<br/>\n";
66                }
67            }
68            if ($ip[3] & 1) {
69                $d .= "Suspicious<br/>\n";
70            }
71            if ($ip[3] & 2) {
72                $d .= "Harvester<br/>\n";
73            }
74            if ($ip[3] & 4) {
75                $d .= "Comment Spammer<br/>\n";
76            }
77            if ($ip[3] & 7) {
78                $d .= "Threat level ${ip[2]}<br/>\n";
79            }
80            if ($ip[3] > 0) {
81                $d .= "Age ${ip[1]} days<br/>\n";
82            }
83        }
84    }
85    return $d;
86}
87
88function bb2_manage() {
89    global $wpdb;
90
91    $request_uri = $_SERVER["REQUEST_URI"];
92    $settings = bb2_read_settings();
93    $rows_per_page = 100;
94    $where = "";
95
96    // Get query variables desired by the user with input validation
97    $paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
98    if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
99    if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
100    if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
101    if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
102    if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
103
104    // Query the DB based on variables selected
105    $r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table']);
106    $results = bb2_db_rows($r);
107    $totalcount = $results[0]["COUNT(*)"];
108    $r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
109    $results = bb2_db_rows($r);
110    $count = $results[0]["COUNT(*)"];
111    $pages = ceil($count / 100);
112    $r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
113    $results = bb2_db_rows($r);
114
115    // Display rows to the user
116?>
117<div class="wrap">
118<h2><?php _e("Bad Behavior"); ?></h2>
119<form method="post" action="<?php echo $request_uri; ?>">
120    <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
121    <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
122
123<div class="tablenav">
124<?php
125    $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
126    if ($page_links) echo "<div class=\"tablenav-pages\">$page_links</div>\n";
127?>
128<div class="alignleft">
129<?php if ($count < $totalcount): ?>
130Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
131<?php if ($_GET['key']) echo "Status [<a href=\"" . remove_query_arg(array("paged", "key"), $request_uri) . "\">X</a>] "; ?>
132<?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . remove_query_arg(array("paged", "blocked"), $request_uri) . "\">X</a>] "; ?>
133<?php if ($_GET['ip']) echo "IP [<a href=\"" . remove_query_arg(array("paged", "ip"), $request_uri) . "\">X</a>] "; ?>
134<?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . remove_query_arg(array("paged", "user_agent"), $request_uri) . "\">X</a>] "; ?>
135<?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . remove_query_arg(array("paged", "request_method"), $request_uri) . "\">X</a>] "; ?>
136<?php else: ?>
137Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
138<?php endif; ?>
139<?php if (!$_GET['key'] && !$_GET['blocked']) { ?><a href="<?php echo add_query_arg(array("blocked" => "true", "paged" => false), $request_uri); ?>">Show Blocked</a><?php } ?>
140</div>
141</div>
142
143<table class="widefat">
144    <thead>
145    <tr>
146    <th scope="col" class="check-column"><input type="checkbox" onclick="checkAll(document.getElementById('request-filter'));" /></th>
147    <th scope="col"><?php _e("IP/Date/Status"); ?></th>
148    <th scope="col"><?php _e("Headers"); ?></th>
149    <th scope="col"><?php _e("Entity"); ?></th>
150    </tr>
151    </thead>
152    <tbody>
153<?php
154    $alternate = 0;
155    if ($results) foreach ($results as $result) {
156        $key = bb2_get_response($result["key"]);
157        $alternate++;
158        if ($alternate % 2) {
159            echo "<tr id=\"request-" . $result["id"] . "\" valign=\"top\">\n";
160        } else {
161            echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n";
162        }
163        echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
164        $httpbl = bb2_httpbl_lookup($result["ip"]);
165        echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/><br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
166        if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
167        echo "</td>\n";
168        $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
169        if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
170        if (strpos($headers, $result['request_method']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("request_method", rawurlencode($result["request_method"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['request_method'] . "</a>", strpos($headers, $result['request_method']), strlen($result['request_method']));
171        echo "<td>$headers</td>\n";
172        echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n";
173        echo "</tr>\n";
174    }
175?>
176    </tbody>
177</table>
178<div class="tablenav">
179<?php
180    $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
181    if ($page_links) echo "<div class=\"tablenav-pages\">$page_links</div>\n";
182?>
183<div class="alignleft">
184</div>
185</div>
186</form>
187</div>
188<?php
189}
190
191function bb2_options()
192{
193    $settings = bb2_read_settings();
194
195    if ($_POST) {
196        if ($_POST['display_stats']) {
197            $settings['display_stats'] = true;
198        } else {
199            $settings['display_stats'] = false;
200        }
201        if ($_POST['strict']) {
202            $settings['strict'] = true;
203        } else {
204            $settings['strict'] = false;
205        }
206        if ($_POST['verbose']) {
207            $settings['verbose'] = true;
208        } else {
209            $settings['verbose'] = false;
210        }
211        if ($_POST['logging']) {
212            if ($_POST['logging'] == 'verbose') {
213                $settings['verbose'] = true;
214                $settings['logging'] = true;
215            } else if ($_POST['logging'] == 'normal') {
216                $settings['verbose'] = false;
217                $settings['logging'] = true;
218            } else {
219                $settings['verbose'] = false;
220                $settings['logging'] = false;
221            }
222        } else {
223            $settings['verbose'] = false;
224            $settings['logging'] = false;
225        }
226        if ($_POST['httpbl_key']) {
227            $settings['httpbl_key'] = $_POST['httpbl_key'];
228        } else {
229            $settings['httpbl_key'] = '';
230        }
231        if ($_POST['httpbl_threat']) {
232            $settings['httpbl_threat'] = $_POST['httpbl_threat'];
233        } else {
234            $settings['httpbl_threat'] = '25';
235        }
236        if ($_POST['httpbl_maxage']) {
237            $settings['httpbl_maxage'] = $_POST['httpbl_maxage'];
238        } else {
239            $settings['httpbl_maxage'] = '30';
240        }
241        bb2_write_settings($settings);
242?>
243    <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
244<?php
245    }
246?>
247    <div class="wrap">
248    <h2><?php _e("Bad Behavior"); ?></h2>
249    <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
250    <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
251    <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
252
253    <h3><?php _e('Statistics'); ?></h3>
254    <?php bb2_insert_stats(true); ?>
255    <table class="form-table">
256    <tr><td><label><input type="checkbox" name="display_stats" value="true" <?php if ($settings['display_stats']) { ?>checked="checked" <?php } ?>/> <?php _e('Display statistics in blog footer'); ?></label></td></tr>
257    </table>
258
259    <h3><?php _e('Logging'); ?></h3>
260    <table class="form-table">
261    <tr><td><label><input type="radio" name="logging" value="verbose" <?php if ($settings['verbose'] && $settings['logging']) { ?>checked="checked" <?php } ?>/> <?php _e('Verbose HTTP request logging'); ?></label></td></tr>
262    <tr><td><label><input type="radio" name="logging" value="normal" <?php if ($settings['logging'] && !$settings['verbose']) { ?>checked="checked" <?php } ?>/> <?php _e('Normal HTTP request logging (recommended)'); ?></label></td></tr>
263    <tr><td><label><input type="radio" name="logging" value="false" <?php if (!$settings['logging']) { ?>checked="checked" <?php } ?>/> <?php _e('Do not log HTTP requests (not recommended)'); ?></label></td></tr>
264    </table>
265
266    <h3><?php _e('Strict Mode'); ?></h3>
267    <table class="form-table">
268    <tr><td><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?>checked="checked" <?php } ?>/> <?php _e('Strict checking (blocks more spam but may block some people)'); ?></label></td></tr>
269    </table>
270
271    <h3><?php _e('http:BL'); ?></h3>
272    <p>To use Bad Behavior's http:BL features you must have an <a href="http://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p>
273    <table class="form-table">
274    <tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php echo $settings['httpbl_key']; ?>" /> http:BL Access Key</label></td></tr>
275    <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php echo $settings['httpbl_threat']; ?>" /> Minimum Threat Level (25 is recommended)</label></td></tr>
276    <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo $settings['httpbl_maxage']; ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
277    </table>
278
279    <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
280    </form>
281    </div>
282<?php
283}
284
285add_action('admin_menu', 'bb2_admin_pages');
286
287?>
288

Archive Download this file

Branches