Changes in trunk/vb3 [6:17]

Location:

trunk/vb3

Files:

• upload/includes/bad-behavior/screener.inc.php (modified) (1 diff)
• upload/includes/functions_vb_badbehavior.php (modified) (1 diff)
• upload/admincp/vb_badbehavior.php (modified) (6 diffs)
• product-vb_badbehavior.xml (modified) (3 diffs)

trunk/vb3/upload/includes/bad-behavior/screener.inc.php

@@ -6 +6 @@
 {
         // FIXME: Set the real cookie
-        setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
+        @setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
 }
 

trunk/vb3/upload/includes/functions_vb_badbehavior.php

@@ -330 +330 @@
 }
 
+// Helper function for bb2_log_userid()
+function __walker($var)
+{
+        return (strpos($var, 'Cookie') !== false);
+}
+
+// Determines if vB Bad Behavior has blocked a user request
+// Checks to see of userid is present in the Cookie header
+function bb2_log_userid($headers)
+{
+        if (!empty($headers))
+        {
+                $_tmp = explode("\n", $headers);
+                $_tmp = implode('', array_filter($_tmp, '__walker'));
+                $_tmp = str_replace(';', '&', $_tmp);
+
+                if (empty($_tmp))
+                {
+                        return false;
+                }
+                parse_str($_tmp);
+
+                $userid = COOKIE_PREFIX . 'userid';
+                return $$userid;
+        }
+        return false;
+}
+
 // Calls inward to Bad Behavor itself.
 require_once(BB2_CWD . '/bad-behavior/core.inc.php');

trunk/vb3/upload/admincp/vb_badbehavior.php

@@ -94 +94 @@
         }
 
+        // Need to filter out any keys?
+        $filterkeysql = '';
+
+        if (!empty($vbulletin->options['vb_badbehavior_log_filter']))
+        {
+                $filterkeys = explode("\n", trim($vbulletin->options['vb_badbehavior_log_filter']));
+
+                foreach ($filterkeys AS $filterkey)
+                {
+                        $filterkeysql .= "'" . $db->escape_string($filterkey) . "',";
+                }
+                unset($filterkeys);
+
+                $filterkeysql = trim($filterkeysql, ',');
+        }
+
+        //
         $counter = $db->query_first("
                 SELECT COUNT(*) AS total
                 FROM " . TABLE_PREFIX . "vb_badbehavior
+                " . iif($filterkeysql, "WHERE `key` NOT IN($filterkeysql)") . "
         ");
 
@@ -128 +146 @@
                 SELECT * 
                 FROM " . TABLE_PREFIX . "vb_badbehavior
+                " . iif($filterkeysql, "WHERE `key` NOT IN($filterkeysql)") . "
                 ORDER BY $order
                 LIMIT $startat, {$vbulletin->GPC['perpage']}
@@ -175 +194 @@
                 while ($log = $db->fetch_array($logs))
                 {
+                        $userid = bb2_log_userid($log['http_headers']);
+
                         print_cells_row(array(
-                                $log['ip'],
+                                $log['ip'] . iif($userid !== false, "<br />UserID:<a href=\"member.php?{$vbulletin->session->vars['sessionurl']}u=$userid\" target=\"_blank\">$userid</a>"),
                                 $log['date'],
                                 "<a href=\"#\" onclick=\"window.open('vb_badbehavior.php?{$vbulletin->session->vars['sessionurl']}do=keycheck&key=$log[key]', 'keycheck', 'width=200,height=200');return false;\">$log[key]</a>",
@@ -203 +224 @@
         ));
 
+        $datecut = TIMENOW - (86400 * $vbulletin->GPC['daysprune']);
+
         $logs = $db->query_first("
                 SELECT COUNT(*) AS total 
                 FROM " . TABLE_PREFIX . "vb_badbehavior 
-                WHERE date < DATE_SUB(NOW(), INTERVAL {$vbulletin->GPC['daysprune']} DAY)
+                WHERE UNIX_TIMESTAMP(date) < $datecut
         ");
 
@@ -212 +235 @@
         {
                 print_form_header('vb_badbehavior', 'doprunelog');
-                construct_hidden_code('daysprune', $vbulletin->GPC['daysprune']);
+                construct_hidden_code('daysprune', $datecut);
                 print_table_header($vbphrase['prune_vb_badbehavior_logs']);
                 print_description_row(construct_phrase(
@@ -235 +258 @@
         $db->query_write("
                 DELETE FROM " . TABLE_PREFIX . "vb_badbehavior 
-                WHERE date < DATE_SUB(NOW(), INTERVAL {$vbulletin->GPC['daysprune']} DAY)
+                WHERE UNIX_TIMESTAMP(date) < {$vbulletin->GPC['daysprune']}
         ");
 

trunk/vb3/product-vb_badbehavior.xml

@@ -87 +87 @@
                         <phrase name="setting_vb_badbehavior_verbose_desc" date="1301856755" username="Eric" version="1.0.0"><![CDATA[Turning on verbose mode causes all HTTP requests to be logged. When verbose mode is off, only blocked requests and a few suspicious (but permitted) requests are blocked.<br /><br />Verbose mode is off by default. Using verbose mode is not recommended as it can significantly slow down your site; it exists to capture data from live spammers which are not being blocked.]]></phrase>
                         <phrase name="setting_vb_badbehavior_httpbl_key_title" date="1301856755" username="Eric" version="1.0.0"><![CDATA[http:BL API Key]]></phrase>
-                        <phrase name="setting_vb_badbehavior_httpbl_key_desc" date="1301856755" username="Eric" version="1.0.0"><![CDATA[Bad Behavior is capable of using data from the <a href="http://www.projecthoneypot.org/faq.php#g" target="_blank">http:BL</a> service provided by <a href="http://www.projecthoneypot.org/" target="_blank">Project Honey Pot</a> to screen requests.<br /><br />This is purely optional; however if you wish to use it, you must <a href="http://www.projecthoneypot.org/account_login.php" target="_blank">sign up for the service</a> and obtain an API key. To disable http:BL use, remove the API key from your settings.]]></phrase>
+                        <phrase name="setting_vb_badbehavior_httpbl_key_desc" date="1302825836" username="Eric" version="1.0.3-dev"><![CDATA[Bad Behavior is capable of using data from the <a href="http://www.projecthoneypot.org/faq.php#g" target="_blank">http:BL</a> service provided by <a href="http://www.projecthoneypot.org/" target="_blank">Project Honey Pot</a> to screen requests.<br /><br />This is purely optional; however if you wish to use it, you must <a href="http://www.projecthoneypot.org/httpbl_configure.php" target="_blank">sign up for the service</a> and obtain an API key. To disable http:BL use, remove the API key from your settings.]]></phrase>
                         <phrase name="setting_vb_badbehavior_httpbl_threat_title" date="1301856755" username="Eric" version="1.0.0"><![CDATA[http:BL Threat Level]]></phrase>
                         <phrase name="setting_vb_badbehavior_httpbl_threat_desc" date="1301856755" username="Eric" version="1.0.0"><![CDATA[This number provides a measure of how suspicious an IP address is, based on activity observed at Project Honey Pot. Bad Behavior will block requests with a threat level equal or higher to this setting. Project Honey Pot has <a href="http://www.projecthoneypot.org/threat_info.php" target="_blank">more information on this parameter</a>.]]></phrase>
@@ -98 +98 @@
                         <phrase name="setting_vb_badbehavior_reverse_proxy_addresses_title" date="1301856755" username="Eric" version="1.0.0"><![CDATA[Reverse Proxy Addresses]]></phrase>
                         <phrase name="setting_vb_badbehavior_reverse_proxy_addresses_desc" date="1301856755" username="Eric" version="1.0.0"><![CDATA[IP address or CIDR netblocks which Bad Behavior trusts to provide reliable information in the HTTP header given above. If no addresses are given, Bad Behavior will assume that the HTTP header given is always trustworthy and that the right-most IP address appearing in the header is correct.<br /><br />If you have a chain of two or more proxies this is probably not what you want; in this scenario you should either set this option and provide all proxy server IP addresses (or ranges) which could conceivably handle the request, or have your edge servers set a unique HTTP header with the client's IP address.<br /><br />For instance, when using CloudFlare, it is impossible to provide a list of IP addresses, so you would set the HTTP header to CloudFlare's provided "CF-Connecting-IP" header instead.<br /><br /><strong style="color: #ff0000;">NOTE: Enter one ip address/CIDR netblock per line.</strong>]]></phrase>
+                        <phrase name="setting_vb_badbehavior_log_filter_title" date="1303159579" username="Eric" version="1.0.3-dev"><![CDATA[Log Filter Keys]]></phrase>
+                        <phrase name="setting_vb_badbehavior_log_filter_desc" date="1303159579" username="Eric" version="1.0.3-dev"><![CDATA[Enter a list of keys you want filtered out of the log results. Please make sure you place each key on a separate line.]]></phrase>
                         <phrase name="settinggroup_vb_badbehavior" date="1301856755" username="Eric" version="1.0.0"><![CDATA[vB Bad Behavior Options]]></phrase>
                 </phrasetype>
@@ -148 +150 @@
                                 <optioncode>textarea</optioncode>
                         </setting>
+                        <setting varname="vb_badbehavior_log_filter" displayorder="110">
+                                <datatype>free</datatype>
+                                <optioncode>textarea</optioncode>
+                                <defaultvalue>00000000</defaultvalue>
+                        </setting>
                 </settinggroup>
         </options>