Inicio Explorar Axuda
Iniciar sesión
CSE-Invent
/
CMS-CSE
réplica de https://git.cse-invent.com/product/cms.events.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Fix error

stany.ferer hai 3 meses
pai
f544810311
achega
ff2071f092
Modificáronse 3 ficheiros con 20 adicións e 14 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 2 2
      core/class/access.class.php
  2. 17 10
      core/class/blacklist.class.php
  3. 1 2
      public-events/404.php

+ 2 - 2
core/class/access.class.php
Ver ficheiro 

@@ -207,7 +207,7 @@ class access
 
         return $return;
 
     }
 
 
-    private static function completeIdemAccess(?array $_access = NULL, string $_idAccess){
 
+    private static function completeIdemAccess(string $_idAccess, ?array $_access = NULL){
 
         $roles = self::getListTypeUser([2]); // Tous les types sauf les contrôleurs
 
         foreach ($roles as $keyRole => $valueRole) {
 
             if(empty($_access["access"][$keyRole])){
 
@@ -229,7 +229,7 @@ class access
 
         $access = access::getTypesAccessRecording();
 
         $return = [];
 
         foreach ($access as $keyAccess => $valueAccess) {
 
-            $completeAccess = access::completeIdemAccess($valueAccess, $valueAccess["id_access"]);
 
+            $completeAccess = access::completeIdemAccess($valueAccess["id_access"], $valueAccess);
 
             unset($valueAccess["access"]);
 
             $valueAccess["access"] = $completeAccess;
 
             $return[] = $valueAccess;

+ 17 - 10
core/class/blacklist.class.php
Ver ficheiro 

@@ -12,7 +12,7 @@ class blacklist {
 
     }
 
 
     public static function isValidIPv4() {
 
-        return filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
 
+        return (ENVIRONNEMENT == "DEV") ? TRUE : filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== FALSE;
 
     }
 
 
     private static function getFullUrl() { $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
 
@@ -26,7 +26,7 @@ class blacklist {
 
         return in_array(strtolower($extension), $blackListExtention);
 
     }
 
 
-    private static function readBalcklist(){ // Charger les tentatives existantes
 
+    private static function readBlacklist(){ // Charger les tentatives existantes
 
         $attempts = [];
 
         if (file_exists(self::$log_file)) {
 
             $lines = file(self::$log_file, FILE_IGNORE_NEW_LINES);
 
@@ -47,30 +47,37 @@ class blacklist {
 
         return $blacklisted;
 
     }
 
 
-    private static function addBalcklist(string $_ip){ // Ajouter une nouvelle tentative
 
+    private static function addBlacklist(string $_ip){ // Ajouter une nouvelle tentative
 
         file_put_contents(self::$log_file, "$_ip," . date('Y-m-d H:i:s') . ", " . $_SERVER["REQUEST_METHOD"] . "," . self::getFullUrl() . "\n", FILE_APPEND);
 
     }
 
     
-    private static function check(){ // Compter les tentatives récentes
 
-        if(self::isBlacklistExtention()){
 
+    private static function check() {
 
+        if (self::isBlacklistExtention()) {
 
             $now = time();
 
             $time_window = self::$time_window;
 
-            $attempts = self::readBalcklist();
 
+            $attempts = self::readBlacklist();
 
             $ip = $_SERVER['REMOTE_ADDR'];
 
+
 
+            // Vérifie si l'IP est déjà blacklistée
 
             $blacklisted = self::checkBlacklist($ip);
 
 
-            self::addBalcklist($ip);
 
+            // Ajoute une tentative
 
+            self::addBlacklist($ip);
 
 
+            // Filtre les tentatives récentes
 
             $recent_attempts = array_filter($attempts, function ($attempt) use ($ip, $now, $time_window) {
 
                 return $attempt['ip'] === $ip && ($now - $attempt['timestamp']) <= $time_window;
 
             });
 
 
-            if (count($recent_attempts) + 1 > self::$max_attempts && !self::checkBlacklist($ip)) {
 
+            // Si trop de tentatives, ajoute l'IP à la blacklist
 
+            if (count($recent_attempts) + 1 > self::$max_attempts && !$blacklisted) {
 
                 file_put_contents(self::$blacklist_file, "$ip\n", FILE_APPEND);
 
-                $blacklisted = TRUE;
 
+                $blacklisted = true;
 
             }
 
 
-            if ($blacklisted == TRUE) {
 
+            // Redirection si blacklisté
 
+            if ($blacklisted) {
 
+                header("HTTP/1.1 403 Forbidden");
 
                 header("Location: /noAccess.php");
 
                 exit();
 
             } else {

+ 1 - 2
public-events/404.php
Ver ficheiro 

@@ -2,8 +2,7 @@
 
 require_once "../core/class/blacklist.class.php";
 
 new blacklist;
 
 
-
 
-if(!blacklist::isValidIPv4()){
 
+if(blacklist::isValidIPv4()){
 
     $result = blacklist::execute();
 
 } else {
 
     $result = ["error" => 404, "text" => "La page que vous cherchez n'existe pas."];