Add blacklist IP

core/class/blacklist.class.php

@@ -0,0 +1,83 @@
+<?php
+
+class blacklist {
+
+    private static $log_file = '../blacklist/ip_attempts.log';
+    private static $blacklist_file = '../blacklist/ip.txt';
+    private static $max_attempts = 5;
+    private static $time_window = 10 * 60; // 10 minutes en secondes
+
+    public static function execute(?string $_from = NULL) {
+        self::check($_from);
+    }
+
+    public static function isValidIPv4() {
+        return filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
+    }
+
+    private static function getFullUrl() { $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
+        return $protocol . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
+    }
+
+    private static function readBalcklist(){ // Charger les tentatives existantes
+        $attempts = [];
+        if (file_exists(self::$log_file)) {
+            $lines = file(self::$log_file, FILE_IGNORE_NEW_LINES);
+            foreach ($lines as $line) {
+                list($ip, $timestamp) = explode(',', $line);
+                $attempts[] = ['ip' => $ip, 'timestamp' => strtotime($timestamp)];
+            }
+        }
+        return $attempts;
+    }
+
+    private static function checkBlacklist(string $_ip){ // Vérifier si l'IP est déjà blacklistée
+        $blacklisted = FALSE;
+        if (file_exists(self::$blacklist_file)) {
+            $blacklisted_ips = file(self::$blacklist_file, FILE_IGNORE_NEW_LINES);
+            $blacklisted = in_array($_ip, $blacklisted_ips);
+        }
+        return $blacklisted;
+    }
+
+    private static function addBalcklist(string $_ip){ // Ajouter une nouvelle tentative
+        file_put_contents(self::$log_file, "$_ip," . date('Y-m-d H:i:s') . ", " . $_SERVER["REQUEST_METHOD"] . "," . self::getFullUrl() . "\n", FILE_APPEND);
+    }
+    
+    private static function check(){ // Compter les tentatives récentes
+        $now = time();
+        $time_window = self::$time_window;
+        $attempts = self::readBalcklist();
+        $ip = $_SERVER['REMOTE_ADDR'];
+        $blacklisted = self::checkBlacklist($ip);
+
+        self::addBalcklist($ip);
+
+        $recent_attempts = array_filter($attempts, function ($attempt) use ($ip, $now, $time_window) {
+            return $attempt['ip'] === $ip && ($now - $attempt['timestamp']) <= $time_window;
+        });
+
+        if (count($recent_attempts) + 1 > self::$max_attempts && !self::checkBlacklist($ip)) {
+            file_put_contents(self::$blacklist_file, "$ip\n", FILE_APPEND);
+            $blacklisted = TRUE;
+        }
+
+        if ($blacklisted == TRUE) {
+            header('HTTP/1.0 401 Unauthorized');
+            echo "Votre IP (" . $ip . ") a été blacklistée pour trop de tentatives.";
+            exit();
+        } else {
+            echo "Votre IP est : " . $ip . ". Nombre de tentatives récentes : " . (count($recent_attempts) + 1);
+            exit();
+        }
+    }
+
+    public static function itIs(){ // Est-il blacklisté
+        $ip = $_SERVER['REMOTE_ADDR'];
+        if(self::checkBlacklist($ip)){
+            echo "Votre IP (" . $ip . ") a été blacklistée pour trop de tentatives.";
+            exit();
+        }
+    }
+
+}

core/class/button.class.php

@@ -2,7 +2,7 @@
 
 class button
 {
-    public static function confirm(array $_array = NULL)
+    public static function confirm(?array $_array = NULL)
     {
         $config = array(
             "value" => "Valider",

core/controllers/header.php

@@ -23,12 +23,19 @@ if(!is_null(WHITE_IP)){
     }
 }
 
+// Vérifier si IP balcklistée
+if(blacklist::isValidIPv4()){
+    blacklist::itIs();
+}
+
+// Si le site est en mode debug
 if(debug::isFile("debug")){
     error_reporting(E_ALL);
     ini_set("display_errors", 1);
     debug::startTimer();
 }
 
+// Si le site est en maintenance
 if(debug::isFile("maintenance") AND $_SERVER['HTTP_HOST'] != DOMAIN_CMS){
     get::page("maintenance");
     exit();

public-cms/.htaccess

@@ -1,8 +1,12 @@
 
 RewriteBase /
 RewriteEngine On
-RewriteRule ^index\.html$ /index.php 
-RewriteRule ^add\-([a-z]+)\.html$ index.php?p=$1&add=1 [L,NC,QSA,NS]
-RewriteRule ^([\-a-z]+)\.html$ index.php?p=$1 [L,NC,QSA,NS]
-RewriteRule ^([\-a-z]+)\.vue$ index.php?p=$1&blank=1 [L,NC,QSA,NS]
-RewriteRule ^([a-z]+)\-([0-9]*)\.html$ index.php?p=$1&id=$2 [L,NC,QSA,NS]
+
+RewriteRule ^index\.html$ /index.php [L]
+
+RewriteRule ^add-([a-z]+)\.html$ index.php?p=$1&add=1 [L,NC,QSA]
+RewriteRule ^([\-a-z]+)\.html$ index.php?p=$1 [L,NC,QSA]
+RewriteRule ^([\-a-z]+)\.vue$ index.php?p=$1&blank=1 [L,NC,QSA]
+RewriteRule ^([a-z]+)-([0-9]*)\.html$ index.php?p=$1&id=$2 [L,NC,QSA]
+
+ErrorDocument 404 /404.php

public-cms/404.php

@@ -0,0 +1,66 @@
+<?php
+/*
+$visitor_ip = $_SERVER['REMOTE_ADDR'];
+
+if(!blacklistisValidIPv4($visitor_ip)){
+    $log_file = '../blacklist/ip_attempts.log';
+    $blacklist_file = '../blacklist/ip.txt';
+    $max_attempts = 5;
+    $time_window = 10 * 60; // 10 minutes en secondes
+
+    // Charger les tentatives existantes
+    $attempts = [];
+    if (file_exists($log_file)) {
+        $lines = file($log_file, FILE_IGNORE_NEW_LINES);
+        foreach ($lines as $line) {
+            list($ip, $timestamp) = explode(',', $line);
+            $attempts[] = ['ip' => $ip, 'timestamp' => strtotime($timestamp)];
+        }
+    }
+
+    // Vérifier si l'IP est déjà blacklistée
+    $blacklisted = false;
+    if (file_exists($blacklist_file)) {
+        $blacklisted_ips = file($blacklist_file, FILE_IGNORE_NEW_LINES);
+        $blacklisted = in_array($visitor_ip, $blacklisted_ips);
+    }
+
+    // Ajouter une nouvelle tentative
+    file_put_contents($log_file, "$visitor_ip," . date('Y-m-d H:i:s') . ", " . $_SERVER["REQUEST_METHOD"] . "," . getFullUrl() . "\n", FILE_APPEND);
+
+    // Compter les tentatives récentes
+    $now = time();
+    $recent_attempts = array_filter($attempts, function ($attempt) use ($visitor_ip, $now, $time_window) {
+        return $attempt['ip'] === $visitor_ip && ($now - $attempt['timestamp']) <= $time_window;
+    });
+
+    if (count($recent_attempts) + 1 > $max_attempts && !$blacklisted) {
+        file_put_contents($blacklist_file, "$visitor_ip\n", FILE_APPEND);
+        $blacklisted = true;
+    }
+
+    if ($blacklisted) {
+        header('HTTP/1.0 401 Unauthorized');
+        echo "Votre IP ($visitor_ip) a été blacklistée pour trop de tentatives.";
+        exit();
+    } else {
+        echo "Votre IP est : $visitor_ip. Nombre de tentatives récentes : " . (count($recent_attempts) + 1);
+    }
+} else {
+    echo json_encode([["error" => "404"]]);
+}
+*/
+
+error_reporting(E_ALL);
+ini_set('display_errors', 'On');
+
+require_once "../core/class/blacklist.class.php";
+new blacklist;
+
+if(blacklist::isValidIPv4()){
+    blacklist::execute("404");
+} else {
+    echo json_encode([["error" => "404"]]);
+}
+
+?>