292 lines
7.9 KiB
PHP
292 lines
7.9 KiB
PHP
|
<?php
|
||
|
|
||
|
require_once('Crypto.php');
|
||
|
require_once('browser.php');
|
||
|
|
||
|
class API_connect
|
||
|
{
|
||
|
|
||
|
protected $site = "";
|
||
|
protected $get_api;
|
||
|
protected $api_url;
|
||
|
private $rootApiUri;
|
||
|
|
||
|
public function __construct($url = "")
|
||
|
{
|
||
|
if ($url == "") {
|
||
|
$this->api_url = CZ_API_URL;
|
||
|
} else {
|
||
|
$this->api_url = $url;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public function ping()
|
||
|
{
|
||
|
$dataArray = array();
|
||
|
return $this->send_request("ping", $dataArray);
|
||
|
}
|
||
|
|
||
|
public function report_update()
|
||
|
{
|
||
|
return true;
|
||
|
$ak = $this->get_end_point_url(FALSE);
|
||
|
|
||
|
$ch = curl_init();
|
||
|
curl_setopt($ch, CURLOPT_URL, $ak . 'ak.php');
|
||
|
curl_setopt($ch, CURLOPT_POST, FALSE);
|
||
|
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Cz-Setup: true'));
|
||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||
|
|
||
|
$output = curl_exec($ch);
|
||
|
echo_debug('cURL Executed');
|
||
|
|
||
|
echo_debug('cURL Error >> ' . curl_error($ch));
|
||
|
echo_debug("<pre style='border: 2px solid #000; padding: 20px;'>$output</pre>");
|
||
|
|
||
|
curl_close($ch);
|
||
|
echo_debug('cURLd');
|
||
|
|
||
|
$resp = $output;
|
||
|
$resp = json_decode($resp);
|
||
|
|
||
|
if (isset($resp->code) && $resp->code == 1) {
|
||
|
return TRUE;
|
||
|
} else {
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
protected function get_end_point_url($api = TRUE)
|
||
|
{
|
||
|
|
||
|
$current_url = $this->getHttpsPrefix();
|
||
|
|
||
|
$current_url .= str_replace(realpath($_SERVER["DOCUMENT_ROOT"]), $_SERVER['HTTP_HOST'], realpath(dirname(dirname(__FILE__))));
|
||
|
|
||
|
if ($api) {
|
||
|
$current_url .= '/api.php';
|
||
|
} else {
|
||
|
$current_url .= '/';
|
||
|
}
|
||
|
|
||
|
$current_url = rtrim($current_url, '/');
|
||
|
|
||
|
return $current_url;
|
||
|
|
||
|
}
|
||
|
|
||
|
public function setRootApiUri($rootApiUri)
|
||
|
{
|
||
|
if ($rootApiUri == false) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$subFolderIfAny = str_replace($_SERVER['DOCUMENT_ROOT'], '', $rootApiUri);
|
||
|
|
||
|
|
||
|
$current_url = $this->getHttpsPrefix();
|
||
|
|
||
|
$current_url .= rtrim($_SERVER['HTTP_HOST'], '/') . '/' . ltrim($subFolderIfAny, '/');
|
||
|
$this->rootApiUri = $current_url;
|
||
|
|
||
|
return;
|
||
|
|
||
|
}
|
||
|
|
||
|
protected function getHttpsPrefix(){
|
||
|
if (@$_SERVER['HTTPS'] == 'on' || @$_SERVER['SERVER_PORT'] == '443' || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
|
||
|
return "https://";
|
||
|
} else {
|
||
|
return "http://";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
protected function is_request_from_astra()
|
||
|
{
|
||
|
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : "empty";
|
||
|
|
||
|
if (strpos($user_agent, "astra") !== false) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
public function setup()
|
||
|
{
|
||
|
|
||
|
$res = explode(".", CZ_ASTRA_CLIENT_VERSION);
|
||
|
|
||
|
$version['major'] = $res[0];
|
||
|
$version['minor'] = $res[1];
|
||
|
$version['patch'] = $res[2];
|
||
|
|
||
|
$client_api_url = !empty($this->rootApiUri) ? $this->rootApiUri : $this->get_end_point_url();
|
||
|
|
||
|
$dataArray = array(
|
||
|
"version" => $version,
|
||
|
"client_api_url" => $client_api_url,
|
||
|
"platform" => CZ_PLATFORM,
|
||
|
);
|
||
|
|
||
|
/* print_r($dataArray); */
|
||
|
echo_debug('SETUP API Send Request');
|
||
|
echo_debug(serialize($dataArray));
|
||
|
|
||
|
return $this->send_request("setup", $dataArray);
|
||
|
}
|
||
|
|
||
|
public function custom_rule($action, $type, $ip_address = "")
|
||
|
{
|
||
|
$dataArray['rule_action'] = $action;
|
||
|
$dataArray['rule_type'] = $type;
|
||
|
$dataArray['ip_address'] = $ip_address;
|
||
|
return $this->send_request("custom_rule", $dataArray);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
public function custom_rule($action, $type, $ip_address = "") {
|
||
|
|
||
|
}
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
public function hook_has_loggedin($dataArray = array())
|
||
|
{
|
||
|
|
||
|
if ($dataArray[0]['success'] === 1) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
require_once(__DIR__ . '/../Astra.php');
|
||
|
$astra = new Astra();
|
||
|
ASTRA::$_db->log_hit(ASTRA::$_ip);
|
||
|
|
||
|
$dataArray[0]['blocking'] = (ASTRA::$_db->is_blocked_or_trusted(ASTRA::$_ip, false, ASTRA::$_config) == "blocked") ? 1 : 0;
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
public function send_request($api = "", $dataArray = array(), $platform = "php")
|
||
|
{
|
||
|
|
||
|
if ($this->is_request_from_astra()) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$callback = array($this, 'hook_' . $api);
|
||
|
|
||
|
if (is_callable($callback)) {
|
||
|
$hookResponse = call_user_func($callback, array($dataArray));
|
||
|
if (is_array($hookResponse)) {
|
||
|
$dataArray = $hookResponse;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
$dataArray['client_key'] = CZ_CLIENT_KEY;
|
||
|
$dataArray['api'] = $api;
|
||
|
|
||
|
//$dataArray['site'] = $_SERVER['SERVER_NAME'];
|
||
|
$dataArray['site'] = $_SERVER['SERVER_NAME'];
|
||
|
if (!isset($dataArray['version'])) {
|
||
|
$dataArray['version'] = CZ_ASTRA_CLIENT_VERSION;
|
||
|
}
|
||
|
|
||
|
$browser = new Browser_Astra();
|
||
|
$browser_info['useragent'] = $browser->getUserAgent();
|
||
|
$browser_info['browser_name'] = $browser->getBrowser();
|
||
|
$browser_info['version'] = $browser->getVersion();
|
||
|
$browser_info['platform'] = $browser->getPlatform();
|
||
|
$browser_info['isMobile'] = $browser->isMobile();
|
||
|
$browser_info['isTablet'] = $browser->isTablet();
|
||
|
|
||
|
$dataArray['ip'] = ASTRA::$_ip;
|
||
|
|
||
|
if ($dataArray['ip'] == "") {
|
||
|
$dataArray['ip'] = "::1";
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$dataArray['browser'] = $browser_info;
|
||
|
$dataArray['attack_url'] = htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, 'UTF-8');
|
||
|
|
||
|
echo_debug($this->api_url);
|
||
|
echo_debug($dataArray);
|
||
|
|
||
|
$str = serialize($dataArray);
|
||
|
|
||
|
$crypto = new Astra_crypto();
|
||
|
$encrypted_data = $crypto->encrypt($str, CZ_SECRET_KEY);
|
||
|
|
||
|
if ($platform == "wordpress") {
|
||
|
$post_param = array(
|
||
|
"encRequest" => $encrypted_data,
|
||
|
"access_code" => CZ_ACCESS_KEY,
|
||
|
);
|
||
|
$response = wp_remote_post($this->api_url, array(
|
||
|
'method' => 'POST',
|
||
|
'timeout' => 5,
|
||
|
'redirection' => 5,
|
||
|
'httpversion' => '1.0',
|
||
|
'blocking' => true,
|
||
|
'headers' => array(),
|
||
|
'body' => $post_param,
|
||
|
'cookies' => array()
|
||
|
)
|
||
|
);
|
||
|
|
||
|
if (is_wp_error($response) || (isset($response['body']) && is_wp_error($response['body']))) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
$resp = $response['body'];
|
||
|
} else {
|
||
|
echo_debug('cURLing');
|
||
|
$ch = curl_init();
|
||
|
curl_setopt($ch, CURLOPT_URL, $this->api_url);
|
||
|
curl_setopt($ch, CURLOPT_POST, true);
|
||
|
curl_setopt($ch, CURLOPT_POSTFIELDS, "encRequest=" . $encrypted_data . "&access_code=" . CZ_ACCESS_KEY);
|
||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||
|
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
|
||
|
curl_setopt($ch, CURLOPT_TIMEOUT, 5); //timeout in seconds
|
||
|
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
|
||
|
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||
|
|
||
|
$output = curl_exec($ch);
|
||
|
echo_debug('cURL Executed');
|
||
|
|
||
|
echo_debug('cURL Error >> ' . curl_error($ch));
|
||
|
echo_debug("<pre style='border: 2px solid #000; padding: 20px;'>$output</pre>");
|
||
|
|
||
|
if (curl_error($ch)) {
|
||
|
$error_msg = curl_error($ch);
|
||
|
}
|
||
|
|
||
|
curl_close($ch);
|
||
|
echo_debug('cURLd');
|
||
|
$resp = $output;
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
$resp = json_decode($resp);
|
||
|
|
||
|
if (isset($error_msg)) {
|
||
|
//echo $error_msg;
|
||
|
}
|
||
|
|
||
|
//var_dump($output);
|
||
|
|
||
|
|
||
|
if (isset($resp->code) && $resp->code == 1) {
|
||
|
return TRUE;
|
||
|
} else {
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
/* End of file api_connect.php */
|
||
|
?>
|