<?php
/**
* webtrees: online genealogy
* Copyright (C) 2016 webtrees development team
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Fisharebest\Webtrees;
use Fisharebest\Webtrees\Controller\PageController;
use Fisharebest\Webtrees\Functions\FunctionsEdit;
use PDO;
define('WT_SCRIPT_NAME', 'admin_site_access.php');
require './includes/session.php';
$rules_display = array(
'unknown' => I18N::translate('unknown'),
'allow' => /* I18N: An access rule - allow access to the site */ I18N::translate('allow'),
'deny' => /* I18N: An access rule - deny access to the site */ I18N::translate('deny'),
'robot' => /* I18N: http://en.wikipedia.org/wiki/Web_crawler */ I18N::translate('robot'),
);
$rules_edit = array(
'unknown' => I18N::translate('unknown'),
'allow' => /* I18N: An access rule - allow access to the site */ I18N::translate('allow'),
'deny' => /* I18N: An access rule - deny access to the site */ I18N::translate('deny'),
'robot' => /* I18N: http://en.wikipedia.org/wiki/Web_crawler */ I18N::translate('robot'),
);
// Form actions
switch (Filter::post('action')) {
case 'save':
if (Filter::checkCsrf()) {
$site_access_rule_id = Filter::postInteger('site_access_rule_id');
$ip_address_start = Filter::post('ip_address_start', WT_REGEX_IPV4);
$ip_address_end = Filter::post('ip_address_end', WT_REGEX_IPV4);
$user_agent_pattern = Filter::post('user_agent_pattern');
$rule = Filter::post('rule', 'allow|deny|robot');
$comment = Filter::post('comment');
$user_agent_string = Filter::server('HTTP_USER_AGENT');
$ip_address = WT_CLIENT_IP;
if ($ip_address_start !== null && $ip_address_end !== null && $user_agent_pattern !== null && $rule !== null) {
// This doesn't work with named placeholders. The :user_agent_string parameter is not recognised.
$oops = $rule !== 'allow' && Database::prepare(
"SELECT INET_ATON(:ip_address) BETWEEN INET_ATON(:ip_address_start) AND INET_ATON(:ip_address_end)" .
" AND :user_agent_string LIKE :user_agent_pattern"
)->execute(array(
'ip_address' => $ip_address,
'ip_address_start' => $ip_address_start,
'ip_address_end' => $ip_address_end,
'user_agent_string' => $user_agent_string,
'user_agent_pattern' => $user_agent_pattern,
))->fetchOne();
if ($oops) {
FlashMessages::addMessage(I18N::translate('You cannot create a rule which would prevent yourself from accessing the website.'), 'danger');
} elseif ($site_access_rule_id === null) {
Database::prepare(
"INSERT INTO `##site_access_rule` (ip_address_start, ip_address_end, user_agent_pattern, rule, comment) VALUES (INET_ATON(:ip_address_start), INET_ATON(:ip_address_end), :user_agent_pattern, :rule, :comment)"
)->execute(array(
'ip_address_start' => $ip_address_start,
'ip_address_end' => $ip_address_end,
'user_agent_pattern' => $user_agent_pattern,
'rule' => $rule,
'comment' => $comment,
));
FlashMessages::addMessage(I18N::translate('The website access rule has been created.'), 'success');
} else {
Database::prepare(
"UPDATE `##site_access_rule` SET ip_address_start = INET_ATON(:ip_address_start), ip_address_end = INET_ATON(:ip_address_end), user_agent_pattern = :user_agent_pattern, rule = :rule, comment = :comment WHERE site_access_rule_id = :site_access_rule_id"
)->execute(array(
'ip_address_start' => $ip_address_start,
'ip_address_end' => $ip_address_end,
'user_agent_pattern' => $user_agent_pattern,
'rule' => $rule,
'comment' => $comment,
'site_access_rule_id' => $site_access_rule_id,
));
FlashMessages::addMessage(I18N::translate('The website access rule has been updated.'), 'success');
}
}
}
header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME);
return;
case 'delete':
if (Filter::checkCsrf()) {
$site_access_rule_id = Filter::postInteger('site_access_rule_id');
Database::prepare(
"DELETE FROM `##site_access_rule` WHERE site_access_rule_id = :site_access_rule_id"
)->execute(array(
'site_access_rule_id' => $site_access_rule_id,
));
FlashMessages::addMessage(I18N::translate('The website access rule has been deleted.'), 'success');
}
header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME);
return;
}
// Delete any "unknown" visitors that are now "known".
// This could happen every time we create/update a rule.
Database::exec(
"DELETE unknown" .
" FROM `##site_access_rule` AS unknown" .
" JOIN `##site_access_rule` AS known ON (unknown.user_agent_pattern LIKE known.user_agent_pattern)" .
" WHERE unknown.rule='unknown' AND known.rule<>'unknown'" .
" AND unknown.ip_address_start BETWEEN known.ip_address_start AND known.ip_address_end"
);
$controller = new PageController;
$controller
->restrictAccess(Auth::isAdmin())
->addExternalJavascript(WT_JQUERY_DATATABLES_JS_URL)
->addExternalJavascript(WT_DATATABLES_BOOTSTRAP_JS_URL)
->setPageTitle(I18N::translate('Website access rules'));
$action = Filter::get('action');
switch ($action) {
case 'load':
// AJAX callback for datatables
$search = Filter::get('search');
$search = $search['value'];
$start = Filter::getInteger('start');
$length = Filter::getInteger('length');
$sql =
"SELECT SQL_CACHE SQL_CALC_FOUND_ROWS" .
" '', INET_NTOA(ip_address_start), ip_address_start, INET_NTOA(ip_address_end), ip_address_end, user_agent_pattern, rule, comment, site_access_rule_id" .
" FROM `##site_access_rule`";
$args = array();
if ($search) {
$sql .=
" WHERE (INET_ATON(:search_1) BETWEEN ip_address_start AND ip_address_end" .
" OR INET_NTOA(ip_address_start) LIKE CONCAT('%', :search_2, '%')" .
" OR INET_NTOA(ip_address_end) LIKE CONCAT('%', :search_3, '%')" .
" OR user_agent_pattern LIKE CONCAT('%', :search_4, '%')" .
" OR comment LIKE CONCAT('%', :search_5, '%'))";
$args['search_1'] = Filter::escapeLike($search);
$args['search_2'] = Filter::escapeLike($search);
$args['search_3'] = Filter::escapeLike($search);
$args['search_4'] = Filter::escapeLike($search);
$args['search_5'] = Filter::escapeLike($search);
}
$order = Filter::getArray('order');
$sql .= ' ORDER BY';
if ($order) {
foreach ($order as $key => $value) {
if ($key > 0) {
$sql .= ',';
}
// Datatables numbers columns 0, 1, 2
// MySQL numbers columns 1, 2, 3
switch ($value['dir']) {
case 'asc':
$sql .= " :col_" . $key . " ASC";
break;
case 'desc':
$sql .= " :col_" . $key . " DESC";
break;
}
$args['col_' . $key] = 1 + $value['column'];
}
} else {
$sql .= ' 1 ASC';
}
if ($length > 0) {
$sql .= " LIMIT :length OFFSET :start";
$args['length'] = $length;
$args['start'] = $start;
}
// This becomes a JSON list, not a JSON array, so we need numeric keys.
$data = Database::prepare($sql)->execute($args)->fetchAll(PDO::FETCH_NUM);
// Reformat the data for display
foreach ($data as &$datum) {
$site_access_rule_id = $datum[8];
$datum[0] = '<div class="btn-group"><button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false"><i class="fa fa-pencil"></i> <span class="caret"></span></button><ul class="dropdown-menu" role="menu"><li><a href="?action=edit&site_access_rule_id=' . $site_access_rule_id . '"><i class="fa fa-fw fa-pencil"></i> ' . I18N::translate('Edit') . '</a></li><li class="divider"><li><a href="#" onclick="if (confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs($datum[5])) . '\')) delete_site_access_rule(' . $site_access_rule_id . '); return false;"><i class="fa fa-fw fa-trash-o"></i> ' . I18N::translate('Delete') . '</a></li></ul></div>';
$datum[5] = '<span dir="ltr">' . $datum[5] . '</span>';
$datum[6] = $rules_display[$datum[6]];
$datum[7] = '<span dir="auto">' . $datum[7] . '</span>';
}
// Total filtered/unfiltered rows
$recordsFiltered = Database::prepare("SELECT FOUND_ROWS()")->fetchOne();
$recordsTotal = Database::prepare("SELECT COUNT(*) FROM `##site_access_rule`")->fetchOne();
header('Content-type: application/json');
// See http://www.datatables.net/usage/server-side
echo json_encode(array(
'draw' => Filter::getInteger('draw'),
'recordsTotal' => $recordsTotal,
'recordsFiltered' => $recordsFiltered,
'data' => $data,
));
break;
case 'edit':
case 'create':
if (Filter::get('action') === 'edit') {
$controller->setPageTitle(I18N::translate('Edit a website access rule'));
} else {
$controller->setPageTitle(I18N::translate('Create a website access rule'));
}
$controller->pageHeader();
$site_access_rule = Database::prepare(
"SELECT site_access_rule_id, INET_NTOA(ip_address_start) AS ip_address_start, INET_NTOA(ip_address_end) AS ip_address_end, user_agent_pattern, rule, comment" .
" FROM `##site_access_rule` WHERE site_access_rule_id = :site_access_rule_id"
)->execute(array(
'site_access_rule_id' => Filter::getInteger('site_access_rule_id'),
))->fetchOneRow();
$site_access_rule_id = $site_access_rule ? $site_access_rule->site_access_rule_id : null;
$ip_address_start = $site_access_rule ? $site_access_rule->ip_address_start : '0.0.0.0';
$ip_address_end = $site_access_rule ? $site_access_rule->ip_address_end : '255.255.255.255';
$user_agent_pattern = $site_access_rule ? $site_access_rule->user_agent_pattern : '%';
$rule = $site_access_rule ? $site_access_rule->rule : 'allow';
$comment = $site_access_rule ? $site_access_rule->comment : '';
?>
<ol class="breadcrumb small">
<li><a href="admin.php"><?php echo I18N::translate('Control panel'); ?></a></li>
<li><a href="admin_site_access.php"><?php echo I18N::translate('Website access rules'); ?></a></li>
<li class="active"><?php echo $controller->getPageTitle(); ?></li>
</ol>
<h1><?php echo $controller->getPageTitle(); ?></h1>
<form method="post" class="form form-horizontal">
<input type="hidden" name="action" value="save">
<input type="hidden" name="site_access_rule_id" value="<?php echo $site_access_rule_id; ?>">
<?php echo Filter::getCsrf(); ?>
<!-- IP_ADDRESS_START -->
<div class="form-group">
<label class="control-label col-sm-3" for="ip_address_start">
<?php echo I18N::translate('Start IP address'); ?>
</label>
<div class="col-sm-9">
<input class="form-control" type="text" id="ip_address_start" name="ip_address_start" required pattern="<?php echo WT_REGEX_IPV4; ?>" value="<?php echo Filter::escapeHtml($ip_address_start); ?>">
</div>
</div>
<!-- IP_ADDRESS_END -->
<div class="form-group">
<label class="control-label col-sm-3" for="ip_address_end">
<?php echo I18N::translate('End IP address'); ?>
</label>
<div class="col-sm-9">
<input class="form-control" type="text" id="ip_address_end" name="ip_address_end" required pattern="<?php echo WT_REGEX_IPV4; ?>" value="<?php echo Filter::escapeHtml($ip_address_end); ?>">
</div>
</div>
<!-- USER_AGENT_PATTERN -->
<div class="form-group">
<label class="control-label col-sm-3" for="user_agent_pattern">
<?php echo I18N::translate('User-agent string'); ?>
</label>
<div class="col-sm-9">
<input class="form-control" type="text" id="user_agent_pattern" name="user_agent_pattern" required value="<?php echo Filter::escapeHtml($user_agent_pattern); ?>" maxlength="255" dir="ltr">
<p class="small text-muted">
<?php echo I18N::translate('The “%” character is a wildcard, and will match zero or more other characters.'); ?>
</p>
</div>
</div>
<!-- RULE -->
<div class="form-group">
<label class="control-label col-sm-3" for="rule">
<?php echo /* I18N: A configuration setting */ I18N::translate('Rule'); ?>
</label>
<div class="col-sm-9">
<?php echo FunctionsEdit::selectEditControl('rule', $rules_edit, null, $rule, 'class="form-control"'); ?>
</div>
</div>
<!-- COMMENT -->
<div class="form-group">
<label class="control-label col-sm-3" for="comment">
<?php echo I18N::translate('Comment'); ?>
</label>
<div class="col-sm-9">
<input class="form-control" type="text" id="comment" name="comment" value="<?php echo Filter::escapeHtml($comment); ?>" maxlength="255" dir="auto">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<button type="submit" class="btn btn-primary">
<?php echo I18N::translate('save'); ?>
</button>
</div>
</div>
</form>
<?php
break;
default:
$controller
->pageHeader()
->addInlineJavascript('
jQuery.fn.dataTableExt.oSort["unicode-asc" ]=function(a,b) {return a.replace(/<[^<]*>/, "").localeCompare(b.replace(/<[^<]*>/, ""))};
jQuery.fn.dataTableExt.oSort["unicode-desc"]=function(a,b) {return b.replace(/<[^<]*>/, "").localeCompare(a.replace(/<[^<]*>/, ""))};
jQuery(".table-site-access-rules").dataTable({
ajax: "' . WT_BASE_URL . WT_SCRIPT_NAME . '?action=load",
serverSide: true,
' . I18N::datatablesI18N() . ',
processing: true,
stateSave: true,
stateDuration: 180,
sorting: [[1, "asc"]],
columns: [
/* 0 <edit> */ { sortable: false },
/* 1 ip_address_start */ { dataSort: 2, class: "ip_address" },
/* 2 ip_address_start (sort) */ { type: "num", visible: false },
/* 3 ip_address_end */ { dataSort: 4, class: "ip_address" },
/* 4 ip_address_end (sort) */ { type: "num", visible: false },
/* 5 user_agent_pattern */ { class: "ua_string" },
/* 6 comment */ { },
/* 7 rule */ { }
]
});
');
?>
<ol class="breadcrumb small">
<li><a href="admin.php"><?php echo I18N::translate('Control panel'); ?></a></li>
<li class="active"><?php echo $controller->getPageTitle(); ?></li>
</ol>
<h1><?php echo $controller->getPageTitle(); ?></h1>
<p><?php echo /* I18N: http://en.wikipedia.org/wiki/User_agent */ I18N::translate('Restrict access to the website, using IP addresses and user-agent strings.'); ?></p>
<table class="table table-hover table-condensed table-bordered table-site-access-rules">
<caption>
<?php echo I18N::translate('The following rules are used to decide whether a visitor is a human being (allow full access), a search-engine robot (allow restricted access) or an unwanted crawler (deny all access).'); ?>
</caption>
<thead>
<tr>
<th><?php echo I18N::translate('Edit'); ?></th>
<th><?php echo /* I18N …of a range of addresses */ I18N::translate('Start IP address'); ?></th>
<th>-</th>
<th><?php echo /* I18N …of a range of addresses */ I18N::translate('End IP address'); ?></th>
<th>-</th>
<th><?php echo /* I18N: http://en.wikipedia.org/wiki/User_agent_string */ I18N::translate('User-agent string'); ?></th>
<th><?php echo /* I18N: noun */ I18N::translate('Rule'); ?></th>
<th><?php echo I18N::translate('Comment'); ?></th>
</tr>
</thead>
</table>
<!-- Implement the delete action -->
<form class="hide" method="post" id="delete-form">
<?php echo Filter::getCsrf(); ?>
<input type="hidden" name="site_access_rule_id" id="site-access-rule-id" value="">
<input type="hidden" name="action" value="delete">
</form>
<script>
function delete_site_access_rule(site_access_rule_id) {
document.getElementById("site-access-rule-id").value = site_access_rule_id;
document.getElementById("delete-form").submit();
}
</script>
<?php
break;
}