From: Matteo Nastasi (mop) Date: Mon, 14 Jul 2014 16:29:31 +0000 (+0200) Subject: Merge branch 'ipclass-ban' into certified_ipclass-ban X-Git-Tag: v4.14.3~11 X-Git-Url: http://mop.ddnsfree.com/gitweb/?a=commitdiff_plain;h=14cd1fc05b5d9148de3c427e43bf60cfdf098e9d;hp=03002883141b5e751650f5a28812456c2aa5f054;p=brisk.git Merge branch 'ipclass-ban' into certified_ipclass-ban --- diff --git a/web/Obj/brisk.conf-templ.pho b/web/Obj/brisk.conf-templ.pho index a9d26ba..034dee7 100644 --- a/web/Obj/brisk.conf-templ.pho +++ b/web/Obj/brisk.conf-templ.pho @@ -83,7 +83,8 @@ $G_poll_entries = array( array( 'id' => 'din', 'cont' => 'Dinner room'), array( 'id' => 'bat', 'cont' => 'Bath room'), array( 'id' => 'coo', 'cont' => 'Cooking room') ); -$G_black_list = array(); +$G_ban_list = array(); // each element in the form "IP/" i.e. "192.15.21.4/24" +$G_black_list = array(); // each element in the form "IP/" i.e. "192.15.21.4/24" // this is the prefix path to remove from backtrace diff --git a/web/Obj/brisk.phh b/web/Obj/brisk.phh index 2323342..711e16b 100644 --- a/web/Obj/brisk.phh +++ b/web/Obj/brisk.phh @@ -151,10 +151,10 @@ $mlang_brisk = array( 'btn_backstand'=> array( 'it' => 'torna in piedi', $G_lng = langtolng($G_lang); $G_all_points = array( 11,10,4,3,2, 0,0,0,0,0 ); -$G_brisk_version = "4.14.2"; +$G_brisk_version = "4.14.3"; /* MLANG: ALL THE INFO STRINGS IN brisk.phh */ -$root_wellarr = array( 'it' => array ( 'Brisk (Ver. '.$G_brisk_version.'), NOVITA\': nuovo sistema di registrazione degli utenti, aggiunto reinvio dell\' email di verifica', +$root_wellarr = array( 'it' => array ( 'Brisk (Ver. '.$G_brisk_version.'), NOVITA\': nuovo sistema di registrazione degli utenti, aggiunto reinvio dell\' email di verifica, ban con classi di IP', 'Se vuoi iscriverti alla Mailing List, cliccala!' ), 'en' => array ( 'Brisk (Ver. '.$G_brisk_version.'), NEWS: new users subscription system.', 'If you want to subscribe our Mailing List, click it!' ) ); @@ -578,6 +578,33 @@ function xcapemesg($s) } +class IPClass { + var $addr; + var $mask; + + function IPClass($ipset) + { + //split + $elem = split("/", $ipset, 2); + $addr = $elem[0]; + $mask = (int)$elem[1]; + + //convert mask + + $this->mask = ((1<<($mask))-1) << (32 - $mask); + $this->addr = ip2long($addr) & $this->mask; + + fprintf(STDERR, "New ipclass: %x (%x)\n", $this->addr, $this->mask); + } + + function match($ip) + { + fprintf(STDERR, "IP: %x, ADDR: %x, MASK: %x -> (%d)\n", + $ip, $this->addr, $this->mask, ((ip2long($ip) & $this->mask) == $this->addr)); + return (($ip & $this->mask) == $this->addr); + } +} + class Vect { function Vect($a) { @@ -945,35 +972,185 @@ class Brisk var $step; // current step of the comm array var $garbage_timeout; var $shm_sz; - + + var $ban_list; // ban list (authized allowed) + var $black_list; // black list (anti-dos, noone allowed) + var $delay_mgr; public static $sess_cur; - function Brisk($crystal_filename) { - $this->crystal_filename = $crystal_filename; - $this->user = array(); - $this->table = array(); - $this->match = array(); - + function Brisk() + { + } + + // constructor + static function create($crystal_filename, $ban_list, $black_list) { + if (($brisk_ser = @file_get_contents($crystal_filename)) != FALSE) { + if (($brisk = unserialize($brisk_ser)) != FALSE) { + fprintf(STDERR, "ROOM FROM FILE\n"); + rename($crystal_filename, $crystal_filename.".old"); + + $brisk->reload(); + + return($brisk); + } + } + + fprintf(STDERR, "NEW ROOM\n"); + $thiz = new Brisk(); + + $thiz->crystal_filename = $crystal_filename; + $thiz->user = array(); + $thiz->table = array(); + $thiz->match = array(); + + $thiz->ban_list = NULL; + $thiz->black_list = NULL; + + fprintf(STDERR, "PRE IPCLASS_UPDATE (%d, %d)\n", count($ban_list), count($black_list)); + $thiz->ipclass_update('ban_list', $ban_list); + $thiz->ipclass_update('black_list', $black_list); + fprintf(STDERR, "POST IPCLASS_UPDATE %d %d\n", count($thiz->ban_list), count($thiz->black_list)); + for ($i = 0 ; $i < MAX_PLAYERS ; $i++) { - $this->user[$i] = User::create($this, $i, "", ""); + $thiz->user[$i] = User::create($thiz, $i, "", ""); } for ($i = 0 ; $i < TABLES_N ; $i++) { - $this->table[$i] = Table::create($i); - + $thiz->table[$i] = Table::create($i); + /* OLD METHOD + if ($i < 12) { + $row = ( (((int)($i / 4)) % 2) == 0 ); + $col = ($i % 2 == 0); + $thiz->table[$i]->auth_only = (($row && $col) || (!$row && !$col)); + } + else { + $thiz->table[$i]->auth_only = FALSE; + } + */ if ($i < TABLES_AUTH_N) - $this->table[$i]->auth_only = TRUE; + $thiz->table[$i]->auth_only = TRUE; else - $this->table[$i]->auth_only = FALSE; + $thiz->table[$i]->auth_only = FALSE; } - $this->garbage_timeout = 0; - $this->shm_sz = SHM_DIMS_MIN; + $thiz->garbage_timeout = 0; + $thiz->shm_sz = SHM_DIMS_MIN; - $this->delay_mgr = new Delay_Manager(1.5); + $thiz->delay_mgr = new Delay_Manager(1.5); static::$sess_cur = FALSE; + + return ($thiz); + } + + function ipclass_update($ip_out_s, $ip_in) + { + fprintf(STDERR, "N_IN: %d\n", count($ip_in)); + + $ip_out = &$this->$ip_out_s; + + // if already set clean the ban_list property + if ($ip_out) { + $ct = count($ip_out); + for ($i = 0 ; $i < $ct ; $i++) { + unset($ip_out[$i]); + } + unset($ip_out); + } + + $ip_out = array(); + for ($i = 0 ; $i < count($ip_in) ; $i++) { + $ip_out[$i] = new IPClass($ip_in[$i]); + } + } + + function reload($ban_list, $black_list) + { + fprintf(STDERR, "RELOAD STUFF (%d)(%d)\n", count($ban_list), count($black_list)); + + $this->ipclass_update("ban_list", $ban_list); + $this->ipclass_update("black_list", $black_list); + + $this->banned_kickoff(); + $this->garbage_manager(TRUE); + } + + function banned_kickoff() + { + $is_ban = FALSE; + + for ($table_idx = 0 ; $table_idx < TABLES_N ; $table_idx++) { + $table_cur = $this->table[$table_idx]; + // if the table is complete and exists we check users IP + + if ($table_cur->player_n == PLAYERS_N) { + if (isset($this->match[$table_idx]) && + $table_cur->table_token == $bin5->table_token) { + log_main("PLAYERS == N TABLE ".$table_idx); + + $bin5 = $this->match[$table_idx]; + + $is_ban |= $bin5->banned_kickoff(); + } + } + } + + for ($i = 0 ; $i < MAX_PLAYERS ; $i++) { + $user_cur = $this->user[$i]; + + if ($user_cur->sess == "") + continue; + + // check if the IP is blacklisted + if ($this->black_check($user_cur->ip)) { + $user_cur->lacc = 0; + $is_ban = TRUE; + continue; + } + + // if authorized not check if banlisted + if ($user_cur->flags & USER_FLAG_AUTH) { + continue; + } + + if ($this->ban_check($user_cur->ip)) { + $user_cur->lacc = 0; + $is_ban = TRUE; + } + } + + return $is_ban; + } + + function ban_check($ip_str) + { + $ip = ip2long($ip_str); + fprintf(STDERR, "Brisk::ban_check %d\n", count($this->ban_list)); + for ($i = 0 ; $i < count($this->ban_list) ; $i++) { + fprintf(STDERR, "ban_list[%d] = %x (%x)\n", $i, + $this->ban_list[$i]->addr, $this->ban_list[$i]->mask); + if ($this->ban_list[$i]->match($ip)) { + fprintf(STDERR, "\n\nMATCHA!\n\n"); + return(TRUE); + } + } + return (FALSE); + } + + function black_check($ip_str) + { + $ip = ip2long($ip_str); + fprintf(STDERR, "Brisk::black_check %d\n", count($this->black_list)); + for ($i = 0 ; $i < count($this->black_list) ; $i++) { + fprintf(STDERR, "black_list[%d] = %x (%x)\n", $i, + $this->black_list[$i]->addr, $this->black_list[$i]->mask); + if ($this->black_list[$i]->match($ip)) { + fprintf(STDERR, "\n\nMATCHA!\n\n"); + return(TRUE); + } + } + return (FALSE); } function garbage_manager($force) @@ -2098,7 +2275,6 @@ class Brisk $this->user[$idx]->ip = $ip; $this->user[$idx]->rec = $authenticate; - fprintf(STDERR, "MOP: [%s]\n", $authenticate->supp_comp); $this->user[$idx]->flags = $user_type; $this->user[$idx]->flags |= ($authenticate != FALSE ? USER_FLAG_AUTH : 0x00); $this->user[$idx]->flags |= ( ($pass != FALSE && $bdb == FALSE) ? USER_FLAG_DBFAILED : 0x00); @@ -2202,118 +2378,6 @@ class Brisk } } - // Static functions - static function create($crystal_filename) - { - if (($brisk_ser = @file_get_contents($crystal_filename)) == FALSE || - ($brisk = unserialize($brisk_ser)) == FALSE) { - fprintf(STDERR, "NEW ROOM\n"); - $brisk = new Brisk($crystal_filename); - } - else { - fprintf(STDERR, "ROOM FROM FILE\n"); - rename($crystal_filename, $crystal_filename.".old"); - } - - return $brisk; - } - - - function load_data() - { - GLOBAL $sess; - - do { - if (($tok = @ftok(FTOK_PATH."/main", "C")) == -1) { - log_main("ftok failed"); - break; - } - - if (($shm_sz = sharedmem_sz($tok)) == -1) { - log_main("shmop_open failed"); - } - - if ($shm_sz == -1) - $shm_sz = SHM_DIMS_MIN; - - if ($shm = shm_attach($tok, $shm_sz)) { - $brisk = @shm_get_var($shm, $tok); // CHECKED BELOW - - log_only("bri == ".($brisk == FALSE ? "FALSE" : "TRUE")." bri === ".($brisk === FALSE ? "FALSE" : "TRUE")." bri isset ".(isset($brisk) ? "TRUE" : "FALSE")); - if (isset($brisk)) - log_only("bri count ".count($brisk)); - - if ($brisk == FALSE) { - log_only("INIT MAIN DATA"); - shm_detach($shm); - - $brisk = Brisk::create(); - - log_shme("Brisk::create"); - - if (Brisk::save_data($brisk) == FALSE) - return FALSE; - - return $brisk; - } - $brisk->shm_sz = $shm_sz; - - shm_detach($shm); - - for ($i = 0 ; $i < MAX_PLAYERS ; $i++) { - if (($brisk->user[$i] = User::load_data($i, FALSE)) == FALSE) { - log_crit("User::load_data failed"); - break; - } - } - if ($i < MAX_PLAYERS) { - break; - } - } - - // - // SHSPLIT: load users from the shared memory - // - return ($brisk); - } while (0); - - return (FALSE); - } - - - function save_data_orig($brisk) - { - GLOBAL $sess; - - $shm = FALSE; - - // var_dump($brisk); - - if (($tok = @ftok(FTOK_PATH."/main", "C")) == -1) - return (FALSE); - - while ($brisk->shm_sz < SHM_DIMS_MAX) { - if (($shm = shm_attach($tok, $brisk->shm_sz)) == FALSE) - break; - - // log_only("PUT_VAR DI ".strlen(serialize($brisk))); - if (@shm_put_var($shm, $tok, $brisk) != FALSE) { - shm_detach($shm); - return (TRUE); - } - if (shm_remove($shm) === FALSE) { - log_only("REMOVE FALLITA"); - break; - } - shm_detach($shm); - $brisk->shm_sz += SHM_DIMS_DLT; - } - - if ($shm) - shm_detach($shm); - - return (FALSE); - } function dump_data() { $brisk_ser = serialize($this); @@ -2325,77 +2389,6 @@ class Brisk return (FALSE); } - function save_data($brisk) - { - GLOBAL $sess; - - $ret = FALSE; - $shm = FALSE; - - if (($tok = @ftok(FTOK_PATH."/main", "C")) == -1) - return (FALSE); - - // SHSPLIT: before save the $brisk you must save users, - // detach from main struct and (then) reattach - $user_park = array(); - for ($i = 0 ; $i < MAX_PLAYERS ; $i++) { - $user_park[$i] = $brisk->user[$i]; - $brisk->user[$i] = FALSE; - } - - while ($brisk->shm_sz < SHM_DIMS_MAX) { - if (($shm = shm_attach($tok, $brisk->shm_sz)) == FALSE) - break; - - // log_only("PUT_VAR DI ".strlen(serialize($brisk))); - if (@shm_put_var($shm, $tok, $brisk) != FALSE) { - log_shme("Brisk::save_data"); - $ret = TRUE; - break; - } - if (shm_remove($shm) === FALSE) { - log_only("REMOVE FALLITA"); - break; - } - shm_detach($shm); - $brisk->shm_sz += SHM_DIMS_DLT; - } - - if ($shm) - shm_detach($shm); - - // SHSPLIT: reattach users to the room class - for ($i = 0 ; $i < MAX_PLAYERS ; $i++) { - User::save_data($user_park[$i], $i); - $brisk->user[$i] = $user_park[$i]; - } - log_load("FINISH: ".($ret == TRUE ? "TRUE" : "FALSE")); - - return ($ret); - } - - static function lock_data($is_exclusive) - { - if (($res = file_lock(FTOK_PATH."/main", $is_exclusive)) != FALSE) { - self::$delta_t = microtime(TRUE); - log_lock("LOCK room [".self::$delta_t."]"); - - return ($res); - } - - return (FALSE); - } - - static function unlock_data($res) - { - GLOBAL $sess; - - log_lock("UNLOCK room [".(microtime(TRUE) - (self::$delta_t))."]"); - - file_unlock($res); - } - - function standup_content($user) { $ret = ""; @@ -2488,9 +2481,17 @@ class Brisk function request_mgr(&$s_a_p, $header, &$header_out, &$new_socket, $path, $addr, $get, $post, $cookie) { - GLOBAL $G_black_list; + GLOBAL $G_ban_list, $G_black_list; printf("NEW_SOCKET (root): %d PATH [%s]\n", intval($new_socket), $path); + $remote_addr = addrtoipv4($addr); + + fprintf(STDERR, "\n\n\n PRE_BLACK_CHECK \n\n\n"); + if ($this->black_check($remote_addr)) { + // TODO: waiting async 5 sec before close + fprintf(STDERR, "\n\n\n BLACK_CHECK \n\n\n"); + return (FALSE); + } $enc = get_encoding($header); if (isset($header['User-Agent'])) { diff --git a/web/Obj/sac-a-push.phh b/web/Obj/sac-a-push.phh index b184fb4..44ef8ad 100644 --- a/web/Obj/sac-a-push.phh +++ b/web/Obj/sac-a-push.phh @@ -2,7 +2,7 @@ /* * brisk - Obj/sac-a-push.phh * - * Copyright (C) 2012 Matteo Nastasi + * Copyright (C) 2012-2014 Matteo Nastasi * mailto: nastasi@alternativeoutput.it * matteo.nastasi@milug.org * web: http://www.alternativeoutput.it @@ -32,7 +32,7 @@ declare(ticks = 1); function global_dump() { - GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth; + GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth; GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang; GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list; GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2; @@ -43,6 +43,7 @@ function global_dump() GLOBAL $G_with_topbanner; fprintf(STDERR, "G_alarm_passwd = [%s]\n", print_r($G_alarm_passwd, TRUE)); + fprintf(STDERR, "G_ban_list = [%s]\n", print_r($G_ban_list, TRUE)); fprintf(STDERR, "G_black_list = [%s]\n", print_r($G_black_list, TRUE)); fprintf(STDERR, "G_btrace_pref_sub = [%s]\n", print_r($G_btrace_pref_sub, TRUE)); fprintf(STDERR, "G_dbauth = [%s]\n", print_r($G_dbauth, TRUE)); @@ -621,7 +622,7 @@ class Sac_a_push { { GLOBAL $DOCUMENT_ROOT, $HTTP_HOST; - GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth; + GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth; GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang; GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list; GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2; @@ -797,7 +798,7 @@ class Sac_a_push { $line = trim($buf); if ($line == "reload") { require("$DOCUMENT_ROOT/Etc/".BRISK_CONF); - + $this->app->reload($G_ban_list, $G_black_list); global_dump(); } else if ($line == "shutdown" || $line == "sd") { diff --git a/web/Obj/user.phh b/web/Obj/user.phh index d3eaffd..e06c681 100644 --- a/web/Obj/user.phh +++ b/web/Obj/user.phh @@ -691,7 +691,6 @@ class User { log_rd2("NEWSTAT: ".$this->stat); } /* if ($this->rd_step == -1) { */ else { - /* $sem = Brisk::lock_data(FALSE); */ $S_load_stat['rU_heavy']++; if ($this->rd_step < $this->step) { @@ -699,7 +698,6 @@ class User { if ($this->rd_step + COMM_N < $this->step) { if (($this->rd_stat != $this->stat)) { $to_stat = $this->stat; - /* Brisk::unlock_data($sem); */ log_load("RESYNC"); printf("xXx USER::MAINCHECK2 [%s]\n", get_class($this)); return ($this->page_sync($this->sess, ($to_stat == "table" ? "briskin5/index.php" : "index.php"), $this->table, $this->table_token)); @@ -745,8 +743,6 @@ class User { } /* if ($this->the_end == TRUE) { ... */ } /* if ($this->the_end == TRUE) { ... */ } /* if ($this->rd_step < $this->step) { */ - - /* Brisk::unlock_data($sem); */ } /* else of if ($this->rd_step == -1) { */ diff --git a/web/briskin5/Obj/briskin5.phh b/web/briskin5/Obj/briskin5.phh index ce0fa1d..ee69b35 100644 --- a/web/briskin5/Obj/briskin5.phh +++ b/web/briskin5/Obj/briskin5.phh @@ -1079,7 +1079,6 @@ class Bin5_user extends User { $this->rd_step = $this->step; } /* if ($this->rd_step == -1) { */ else { - /* $sem = Brisk::lock_data(FALSE); */ $S_load_stat['rU_heavy']++; if ($this->rd_step < $this->step) { @@ -1087,7 +1086,6 @@ class Bin5_user extends User { if ($this->rd_step + COMM_N < $this->step) { if ($this->rd_stat != $this->stat) { $to_stat = $this->stat; - /* Brisk::unlock_data($sem); */ log_load("RESYNC"); printf("xXx BIN5_USER::MAINCHECK\n"); return ($this->page_sync($this->sess, ($to_stat == "table" ? "index.php" : "../index.php"), $this->table, $this->table_token)); @@ -1136,7 +1134,6 @@ class Bin5_user extends User { } /* if ($this->the_end == TRUE) { ... */ } /* if ($this->rd_step < $this->step) { */ - /* Brisk::unlock_data($sem); */ } /* else of if ($this->rd_step == -1) { */ @@ -1231,7 +1228,32 @@ class Bin5 { return (FALSE); } + function banned_kickoff() + { + $is_ban = FALSE; + + for ($i = 0 ; $i < BIN5_MAX_PLAYERS ; $i++) { + $user_cur = $this->user[$i]; + + // check if the IP is blacklisted + if ($this->brisk->black_check($user_cur->ip)) { + $user_cur->lacc = 0; + $is_ban = TRUE; + continue; + } + // if authorized not check if banlisted + if ($user_cur->flags & USER_FLAG_AUTH) { + continue; + } + + if ($this->brisk->ban_check($user_cur->ip)) { + $user_cur->lacc = 0; + $is_ban = TRUE; + } + } + return ($is_ban); + } function garbage_manager($force) { @@ -1452,7 +1474,7 @@ class Bin5 { static function request_mgr(&$s_a_p, $header, &$header_out, &$new_socket, $path, $addr, $get, $post, $cookie) { - GLOBAL $G_black_list; + GLOBAL $G_ban_list, $G_black_list; printf("NEW_SOCKET (root): %d\n", intval($new_socket)); diff --git a/web/briskin5/index_wr.php b/web/briskin5/index_wr.php index ef9dfda..7a6e6ad 100644 --- a/web/briskin5/index_wr.php +++ b/web/briskin5/index_wr.php @@ -40,15 +40,10 @@ require_once("Obj/briskin5.phh"); */ function bin5_index_wr_main(&$bin5, $remote_addr_full, $get, $post, $cookie) { - GLOBAL $G_base, $G_dbasetype, $G_black_list; + GLOBAL $G_base, $G_dbasetype, $G_ban_list, $G_black_list; $remote_addr = addrtoipv4($remote_addr_full); - if (array_search($remote_addr, $G_black_list) !== FALSE) { - // TODO: waiting async 5 sec before close - return (FALSE); - } - $curtime = time(); if ($bin5 == NULL) { return FALSE; @@ -77,7 +72,8 @@ function bin5_index_wr_main(&$bin5, $remote_addr_full, $get, $post, $cookie) return FALSE; } $bin5->brisk->sess_cur_set($user->sess); - if (array_search($user->ip, $G_black_list) !== FALSE) { + if (!($user->flags & USER_FLAG_AUTH) && + $bin5->brisk->ban_check($user->ip)) { // TODO: waiting async 5 sec before close return (FALSE); } @@ -527,8 +523,6 @@ function bin5_index_wr_main(&$bin5, $remote_addr_full, $get, $post, $cookie) log_wr("NOSENSE"); } } - log_wr("before save data"); - log_wr($user->step, 'bin::index_wr.php: after save_data()'); return TRUE; } ?> diff --git a/web/index.php b/web/index.php index 9a7665b..11694ca 100644 --- a/web/index.php +++ b/web/index.php @@ -237,7 +237,7 @@ function poll_dom() { return ''; } -function index_main(&$brisk, $transp_type, &$header_out, $addr, $get, $post, $cookie) +function index_main(&$brisk, $transp_type, &$header_out, $remote_addr_full, $get, $post, $cookie) { GLOBAL $G_with_donors, $G_donors_cur, $G_donors_all; GLOBAL $G_with_topbanner, $G_topbanner, $G_is_local; @@ -258,8 +258,10 @@ function index_main(&$brisk, $transp_type, &$header_out, $addr, $get, $post, $co if (($table_token = gpcs_var('table_idx', $get, $post, $cookie)) === FALSE) unset ($table_token); + $remote_addr = addrtoipv4($remote_addr_full); + // Use of proxies isn't allowed. - if (!$G_is_local && is_proxy($addr)) { + if (!$G_is_local && is_proxy($remote_addr)) { return FALSE; } @@ -298,15 +300,22 @@ function index_main(&$brisk, $transp_type, &$header_out, $addr, $get, $post, $co if ($ACTION == "login" && isset($name)) { log_main("pre garbage_manager DUE"); - if (isset($pass_private) == FALSE) { + if (isset($pass_private) == FALSE || $pass_private == "") { $pass_private = FALSE; + + $banned = FALSE; + if ($brisk->ban_check($remote_addr)) { + // TODO: find a way to add a nonblocking sleep(5) here + $banned = TRUE; + $idx = -1; + } } $brisk->garbage_manager(TRUE); /* try login */ - $ipv4addr = addrtoipv4($addr); - if (($user = $brisk->add_user(&$sess, &$idx, $name, $pass_private, $ipv4addr, $cookie)) != FALSE) { + if ($banned == FALSE && + ($user = $brisk->add_user(&$sess, &$idx, $name, $pass_private, $remote_addr, $cookie)) != FALSE) { $brisk->sess_cur_set($user->sess); $ACTION = "room"; if ($idx < 0) { @@ -314,7 +323,7 @@ function index_main(&$brisk, $transp_type, &$header_out, $addr, $get, $post, $co $is_login = TRUE; } - log_legal($curtime, $ipv4addr, $user, "STAT:LOGIN", ''); + log_legal($curtime, $remote_addr, $user, "STAT:LOGIN", ''); // recovery lost game if ($user->stat == "table") { diff --git a/web/index_wr.php b/web/index_wr.php index 3e862d1..6d5484b 100644 --- a/web/index_wr.php +++ b/web/index_wr.php @@ -120,12 +120,12 @@ define('LICMGR_CHO_AFTER', 2); function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) { GLOBAL $G_domain, $G_webbase, $G_mail_seed; - GLOBAL $G_shutdown, $G_alarm_passwd, $G_black_list, $G_lang, $G_room_help, $G_room_about; + GLOBAL $G_shutdown, $G_alarm_passwd, $G_ban_list, $G_black_list, $G_lang, $G_room_help, $G_room_about; GLOBAL $G_room_passwdhowto, $mlang_indwr; GLOBAL $G_tos_vers; - $remote_addr = addrtoipv4($remote_addr_full); log_load("index_wr.php"); + $remote_addr = addrtoipv4($remote_addr_full); if (($mesg = gpcs_var('mesg', $get, $post, $cookie)) === FALSE) unset($mesg); @@ -142,13 +142,6 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) /* * MAIN */ - - /* if the IP is banned, exit without do nothing */ - if (array_search($remote_addr, $G_black_list) !== FALSE) { - // TODO: find a way to add a nonblocking sleep(5) here - return (FALSE); - } - $is_spawn = FALSE; log_wr(0, 'index_wr.php: COMM: '.xcapemesg($mesg)); @@ -240,7 +233,8 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) // LACC UPDATED $user->lacc = $curtime; - if (array_search($user->ip, $G_black_list) !== FALSE) { + if (!($user->flags & USER_FLAG_AUTH) && + $brisk->ban_check($user->ip)) { // TODO: find a way to add a nonblocking sleep(5) here return (FALSE); } @@ -852,12 +846,7 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie) } } } - log_wr("before save data"); - // Brisk::save_data($brisk); - log_wr($user->step, 'index_wr.php: after save_data()'); -/* Brisk::unlock_data($sem); */ -/* exit; */ return (FALSE); } ?> diff --git a/web/spush/brisk-spush.php b/web/spush/brisk-spush.php index 5a318dc..cbbce76 100755 --- a/web/spush/brisk-spush.php +++ b/web/spush/brisk-spush.php @@ -42,9 +42,11 @@ require_once($G_base."briskin5/index_wr.php"); function main($argv) { + GLOBAL $G_ban_list, $G_black_list; + pid_save(); do { - if (($brisk = Brisk::create(LEGAL_PATH."/brisk-crystal.data")) == FALSE) { + if (($brisk = Brisk::create(LEGAL_PATH."/brisk-crystal.data", $G_ban_list, $G_black_list)) == FALSE) { log_crit("Brisk::create failed"); $ret = 1; break;