tomasz.sowa
/
winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

added: possibility to ban if a session cookie is incorrect (when we are using encoded cookies) 

added:   possibility to ban if a client tries to hijack the session cookie
added:   possibility to ban if a client did not send a session cookie
renamed: ezc functions:
         login_cannot_login -> ipban_is_login_allowed_from_this_ip  (and the return value was changed)
         login_when_available_login -> ipban_current_ip_expires_time
added: config options:
       // after how many broken encoded cookie we should ban the current IP
       // default: 2 (value in the range <0 - 65535>)
       size_t broken_encoded_cookie_treshold;

       // after how many incorrect session identifiers (or session indices) we should ban the current IP
       // do not set this value too low, as people connecting from the same IP address (from behind a NAT)
       // would be banned if they have an old session cookie remembered in the browser
       // default: 128 (value in the range <0 - 65535>)
       size_t session_hijacking_treshold;

       // after how many times a client will be banned if it did not send a session cookie
       // default: 1000 (value in the range <0 - 65535>)
       size_t no_session_cookie_treshold;








git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa 2014-11-24 20:22:30 +00:00
parent 76314aab10
commit c9bf20201b
18 changed files with 368 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/app.cpp
View File

@ -634,8 +634,6 @@ void App::Make()
if( cur.session->ip_ban && cur.session->ip_ban->IsIPBanned() )
{
PT::Date date(cur.session->ip_ban->expires);
log << log2 << "App: this IP address is banned until to: " << date << " UTC" << logend;
slog << logerror << T("this_ip_is_banned_until") << ' ' << date << " UTC" << logend;
cur.request->status = WINIX_ERR_PERMISSION_DENIED;

10
core/config.cpp
View File

@ -218,9 +218,12 @@ void Config::AssignValues(bool stdout_is_closed)
session_max = Size(L"session_max", 1000000);
session_cookie_encode = Bool(L"session_cookie_encode", false);
session_keys_file = Text(L"session_keys_file");
session_allow_index_difference = Size(L"session_allow_index_difference", 8);
session_index_time_increment = Long(L"session_index_time_increment", 30);
session_key_renew_time = Size(L"session_key_renew_time", 172800); // 2 days
session_allow_index_difference = Size(L"session_allow_index_difference", 8);
session_index_time_increment = Long(L"session_index_time_increment", 30);
session_key_renew_time = Size(L"session_key_renew_time", 172800); // 2 days
broken_encoded_cookie_treshold = Size(L"broken_encoded_cookie_treshold", 2);
session_hijacking_treshold = Size(L"session_hijacking_treshold", 128);
no_session_cookie_treshold = Size(L"no_session_cookie_treshold", 1000);
compression = Bool(L"compression", true);
compression_page_min_size = Size(L"compression_page_min_size", 512);
@ -299,6 +302,7 @@ void Config::AssignValues(bool stdout_is_closed)
incorrect_login_cannot_login_treshold = Size(L"incorrect_login_cannot_login_treshold", 20);
incorrect_login_cannot_login_delay = Size(L"incorrect_login_cannot_login_delay", 1800);
pid_file = Text(L"pid_file", L"");
}

18
core/config.h
View File

@ -233,6 +233,20 @@ public:
// default: 172800 = 2 days (max: 2678400 = 1 month, min: 10)
size_t session_key_renew_time;
// after how many broken encoded cookie we should ban the current IP
// default: 2 (value in the range <0 - 65535>)
size_t broken_encoded_cookie_treshold;
// after how many incorrect session identifiers (or session indices) we should ban the current IP
// do not set this value too low, as people connecting from the same IP address (from behind a NAT)
// would be banned if they have an old session cookie remembered in the browser
// default: 128 (value in the range <0 - 65535>)
size_t session_hijacking_treshold;
// after how many times a client will be banned if it did not send a session cookie
// default: 1000 (value in the range <0 - 65535>)
size_t no_session_cookie_treshold;
// allow the winix output to be compressed
// default: true
bool compression;
@ -672,7 +686,7 @@ public:
// how many incorrect logins there must have been passed to display a captcha
// next to the login form
// default: 3
// default: 3 (value in the range <0 - 65535>)
size_t incorrect_login_captcha_treshold;
// the way how we prevent to login if there are too many incorrect login attempts
@ -683,7 +697,7 @@ public:
int incorrect_login_cannot_login_mode;
// after how many incorrect login attempts we do the incorrect_login_cannot_login_mode action
// default: 20
// default: 20 (value in the range <0 - 65535>)
size_t incorrect_login_cannot_login_treshold;
// used when incorrect_login_cannot_login_mode is zero

28
core/ipban.h
View File

@ -87,11 +87,21 @@ struct IPBan
// the ban level to a greater value
time_t expires;
// how many incorrect login attempts there are
unsigned int incorrect_login_events;
unsigned short int incorrect_login_events;
// in the future there can be more *_events fields
// how many incorrect encoded cookie were sent
// only used if config.session_cookie_encode is true and session_keys_file is defined
unsigned short int broken_encoded_cookie_events;
// how many incorrect session identifiers were sent
unsigned short int session_hijacking_events;
// client didn't send a session cookie
// it can be a bot or just someone wants to DOS the server
// (a new session will be create)
unsigned short int no_session_cookie_events;
bool HasFlag(int flag) const
@ -123,7 +133,7 @@ struct IPBan
}
void AddNextBanLevel(time_t level1_expires, time_t level2_expires, time_t level3_expires)
void IncrementBanLevel(time_t level1_expires, time_t level2_expires, time_t level3_expires)
{
if( HasFlag(WINIX_IPBAN_FLAG_BAN_LEVEL3) )
{
@ -164,14 +174,20 @@ struct IPBan
flags = 0;
last_used = 0;
expires = 0;
incorrect_login_events = 0;
incorrect_login_events = 0;
broken_encoded_cookie_events = 0;
session_hijacking_events = 0;
no_session_cookie_events = 0;
}
void ClearAfterRemovingBan()
void ResetEventsCounters()
{
ClearFlag(WINIX_IPBAN_FLAG_ACTIVE);
incorrect_login_events = 0;
incorrect_login_events = 0;
broken_encoded_cookie_events = 0;
session_hijacking_events = 0;
no_session_cookie_events = 0;
expires = 0;
}

222
core/sessionmanager.cpp
View File

@ -127,6 +127,9 @@ bool SessionManager::EncodeSessionId(long id, unsigned int index, std::wstring &
}
/*
* IMPROVE ME we need a better algorithm
*/
long SessionManager::CreateSessionId()
{
long id;
@ -179,6 +182,7 @@ SessionContainer::Iterator i = session_tab.End();
if( i != session_tab.End() )
{
is_session_set = true;
session = &(*i);
session->new_session = true;
session->SetTimesTo(cur->request->start_time);
@ -190,7 +194,7 @@ SessionContainer::Iterator i = session_tab.End();
else
{
// there is a problem with generating a new session id
log << log1 << "SM: cannot create a session id (temporary used: with id 0)" << logend;
log << log1 << "SM: cannot create a session id" << logend;
SetTemporarySession();
}
}
@ -198,14 +202,18 @@ SessionContainer::Iterator i = session_tab.End();
void SessionManager::SetTemporarySession()
{
is_session_set = true;
session = &temporary_session;
session->Clear(false);
session->SetTimesTo(cur->request->start_time);
session->new_session = false; // temporary session was initialized at the beginning
log << log2 << "SM: using temporary session" << logend;
}
unsigned int SessionManager::SetSessionCalcDifference(Session & ses, unsigned int index)
unsigned int SessionManager::CalculateIndexDifference(Session & ses, unsigned int index)
{
unsigned int difference;
@ -233,15 +241,103 @@ void SessionManager::SetSessionPutLogInfo(Session & ses, bool has_index, unsigne
bool SessionManager::SetSessionFromCookie(long id, bool has_index, unsigned int index)
void SessionManager::IncrementBanLevel(IPBan * ip_ban)
{
unsigned int difference = 0;
ip_ban->SetFlag(WINIX_IPBAN_FLAG_ACTIVE);
SessionContainer::Iterator s = session_tab.FindById(id);
ip_ban->IncrementBanLevel(cur->request->start_time + (time_t)config->ban_level_1_delay,
cur->request->start_time + (time_t)config->ban_level_2_delay,
cur->request->start_time + (time_t)config->ban_level_3_delay);
PT::Date date(ip_ban->expires);
log << log2 << "SM: this IP address has been banned to: " << date << " UTC" << logend;
}
void SessionManager::SetFirstExpirationTime(IPBan * ip_ban)
{
time_t expiry = cur->request->start_time + (time_t)config->ban_level_1_delay;
if( ip_ban->expires < expiry )
ip_ban->expires = expiry;
}
void SessionManager::BrokenCookieCheckBan()
{
if( !current_ip_ban )
current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);
if( current_ip_ban->broken_encoded_cookie_events < config->broken_encoded_cookie_treshold )
{
current_ip_ban->broken_encoded_cookie_events += 1;
SetFirstExpirationTime(current_ip_ban);
}
else
{
log << log2 << "SM: too many incorrect encoded cookies were sent from this IP" << logend;
IncrementBanLevel(current_ip_ban);
SetTemporarySession();
}
}
void SessionManager::IncorrectSessionCheckBan()
{
if( !current_ip_ban )
current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);
if( current_ip_ban->session_hijacking_events < config->session_hijacking_treshold )
{
current_ip_ban->session_hijacking_events += 1;
SetFirstExpirationTime(current_ip_ban);
}
else
{
log << log2 << "SM: too many incorrect sessions identifiers were sent from this IP" << logend;
IncrementBanLevel(current_ip_ban);
SetTemporarySession();
}
}
void SessionManager::NoSessionCookieCheckBan()
{
if( !current_ip_ban )
current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);
if( current_ip_ban->no_session_cookie_events < config->no_session_cookie_treshold )
{
current_ip_ban->no_session_cookie_events += 1;
SetFirstExpirationTime(current_ip_ban);
}
else
{
log << log2 << "SM: too many times you have not sent a session cookie" << logend;
IncrementBanLevel(current_ip_ban);
SetTemporarySession();
}
}
bool SessionManager::IsSessionCorrect(long id, bool has_index, unsigned int index,
const SessionContainer::Iterator & s, unsigned int & difference)
{
difference = 0;
if( id == 0 )
{
log << log3 << "SM: id 0 is reserved for the temporary session" << logend;
IncorrectSessionCheckBan();
return false;
}
if( s == session_tab.End() )
{
log << log3 << "SM: there is no a session with id: " << id << logend;
IncorrectSessionCheckBan();
return false;
}
@ -253,34 +349,51 @@ unsigned int difference = 0;
if( has_index )
{
difference = SetSessionCalcDifference(*s, index);
difference = CalculateIndexDifference(*s, index);
if( (size_t)difference > config->session_allow_index_difference )
{
log << log2 << "SM: an incorrect session index for session: " << id
<< ", index difference: " << (size_t)difference << logend;
IncorrectSessionCheckBan();
return false;
}
}
// that session is in the table
session = &(*s);
session->new_session = false;
session->last_time = cur->request->start_time;
session->last_date = cur->request->start_date;
return true;
}
if( session->id_index_changed + config->session_index_time_increment < cur->request->start_time )
bool SessionManager::SetSessionFromCookie(long id, bool has_index, unsigned int index)
{
unsigned int difference;
bool is_session_correct;
SessionContainer::Iterator s = session_tab.FindById(id);
is_session_correct = IsSessionCorrect(id, has_index, index, s, difference);
if( is_session_correct )
{
session->id_index += 1;
session->id_index_changed = cur->request->start_time;
is_session_set = true;
session = &(*s);
session->new_session = false;
session->last_time = cur->request->start_time;
session->last_date = cur->request->start_date;
if( session->id_index_changed + config->session_index_time_increment < cur->request->start_time )
{
session->id_index += 1;
session->id_index_changed = cur->request->start_time;
}
if( cur->request->method == Request::get )
session->last_time_get = cur->request->start_time;
SetSessionPutLogInfo(*session, has_index, difference);
}
if( cur->request->method == Request::get )
session->last_time_get = cur->request->start_time;
SetSessionPutLogInfo(*session, has_index, difference);
return true;
return is_session_correct;
}
@ -296,6 +409,7 @@ bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
if( !session_id_manager.DecodeToken(cookie, id, index) )
{
log << log2 << "SM: an incorrect cookie string was sent" << logend;
BrokenCookieCheckBan();
return false;
}
@ -309,45 +423,52 @@ bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
}
void SessionManager::SetSession()
bool SessionManager::IsIPBanned()
{
current_ip_ban = ban_tab.FindIP(cur->request->ip);
if( current_ip_ban && current_ip_ban->IsIPBanned() )
if( current_ip_ban )
{
if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires )
{
log << log2 << "SM: removing a ban from this IP and resetting events counter" << logend;
current_ip_ban->ClearAfterRemovingBan();
log << log2 << "SM: resetting events counters for this IP" << logend;
current_ip_ban->ResetEventsCounters();
}
else
if( current_ip_ban->IsIPBanned() )
{
PT::Date date = current_ip_ban->expires;
log << log2 << "SM: this ip is bannned to: " << date << logend;
SetTemporarySession();
return true;
}
}
return false;
}
void SessionManager::SetSession()
{
is_session_set = false;
if( !IsIPBanned() )
{
CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name);
if( i != cur->request->cookie_tab.end() )
{
if( !SetSessionFromCookie(i->second) )
cur->request->cookie_tab.erase(i);
}
else
{
log << log2 << "SM: this ip is bannned, using a temporary session" << logend;
SetTemporarySession();
session->ip_ban = current_ip_ban;
return;
NoSessionCookieCheckBan();
}
}
CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name);
if( i == cur->request->cookie_tab.end() )
{
if( !is_session_set )
CreateSession();
}
else
{
if( !SetSessionFromCookie(i->second) )
{
// there is no such a session
// deleting the old cookie
cur->request->cookie_tab.erase(i);
// and creating a new one
CreateSession();
}
}
session->ip_ban = current_ip_ban;
}
@ -578,6 +699,15 @@ IPBan & SessionManager::AddIPToBanList(int ip)
}
IPBan & SessionManager::AddIPToBanList(int ip, time_t cur_time)
{
IPBan & ban = ban_tab.AddIP(ip);
ban.last_used = cur_time;
return ban;
}
size_t SessionManager::BanListSize()
{
return ban_tab.Size();

26
core/sessionmanager.h
View File

@ -74,6 +74,8 @@ public:
void DeleteSessions(); // deleting all sessions
bool ChangeSessionId(long old_id);
void IncrementBanLevel(IPBan * ip_ban);
void InitTmpSession();
void InitBanList();
void InitCookieEncoding();
@ -93,6 +95,7 @@ public:
size_t MarkAllSessionsToRemove(long user_id);
IPBan & AddIPToBanList(int ip);
IPBan & AddIPToBanList(int ip, time_t cur_time);
size_t BanListSize();
IPBan & GetIPBan(size_t index);
void RemoveIPBan(int ip);
@ -107,34 +110,35 @@ private:
Config * config;
Cur * cur;
System * system;
LastContainer * last_container;
// current session - set by SetSession()
Session * session;
SessionContainer session_tab;
IPBanContainer ban_tab;
IPBan * current_ip_ban;
// session with id 0
bool is_session_set;
Session temporary_session;
SessionIdManager session_id_manager;
bool IsSession(long s);
long CreateSessionId();
void CreateSession();
bool IsSessionCorrect(long id, bool has_index, unsigned int index, const SessionContainer::Iterator & s, unsigned int & difference);
bool SetSessionFromCookie(long id, bool has_index, unsigned int index);
bool SetSessionFromCookie(const std::wstring & cookie);
void SetTemporarySession();
unsigned int SetSessionCalcDifference(Session & ses, unsigned int index);
unsigned int CalculateIndexDifference(Session & ses, unsigned int index);
void SetSessionPutLogInfo(Session & ses, bool has_index, unsigned int difference);
bool IsIPBanned();
void SetFirstExpirationTime(IPBan * ip_ban);
void BrokenCookieCheckBan();
void IncorrectSessionCheckBan();
void NoSessionCookieCheckBan();
// second thread
/*
* second thread
*/
int deleted;
virtual void Work();
void CheckSession(SessionContainer::Iterator & i);

40
functions/login.cpp
View File

@ -139,45 +139,38 @@ return result;
void Login::AddBanInfo()
void Login::CheckBan()
{
IPBan * ip_ban = cur->session->ip_ban;
if( !ip_ban )
ip_ban = &session_manager->AddIPToBanList(cur->request->ip);
ip_ban->last_used = cur->request->start_time;
if( ip_ban->expires != 0 && cur->request->start_time >= ip_ban->expires )
{
// the 'ip block' has expired
ip_ban->ClearAfterRemovingBan();
log << log3 << "Login: removing the IP block for logging" << logend;
ip_ban = &session_manager->AddIPToBanList(cur->request->ip, cur->request->start_time);
cur->session->ip_ban = ip_ban;
}
if( ip_ban->incorrect_login_events < config->incorrect_login_cannot_login_treshold )
{
ip_ban->incorrect_login_events += 1;
if( ip_ban->incorrect_login_events >= config->incorrect_login_cannot_login_treshold )
}
else
{
log << log2 << "Login: too many incorrect login attempts from this IP" << logend;
if( config->incorrect_login_cannot_login_mode == 0 )
{
// don't set WINIX_IPBAN_FLAG_ACTIVE here for IPBan::IsIPBanned() to return false (in CannotLoginFrom)
ip_ban->expires = cur->request->start_time + (time_t)config->incorrect_login_cannot_login_delay;
time_t expires = cur->request->start_time + (time_t)config->incorrect_login_cannot_login_delay;
if( ip_ban->expires < expires )
ip_ban->expires = expires;
PT::Date date(ip_ban->expires);
log << log2 << "Login: logging from this IP address has been blocked until to: " << date << " UTC" << logend;
}
else
if( config->incorrect_login_cannot_login_mode == 1 )
{
ip_ban->SetFlag(WINIX_IPBAN_FLAG_ACTIVE);
ip_ban->AddNextBanLevel(cur->request->start_time + (time_t)config->ban_level_1_delay,
cur->request->start_time + (time_t)config->ban_level_2_delay,
cur->request->start_time + (time_t)config->ban_level_3_delay);
PT::Date date(ip_ban->expires);
log << log2 << "Login: this IP address has been banned until to: " << date << " UTC" << logend;
session_manager->IncrementBanLevel(ip_ban);
}
}
}
@ -215,6 +208,11 @@ bool Login::CannotLoginFrom(const IPBan & ipban)
if( ipban.IsIPBanned() )
return true;
/*
* if incorrect_login_cannot_login_mode is equal to one then we only
* block logging (there is no a ban actually -- neither the active flag is enabled
* nor any ban_level is set)
*/
if( ipban.expires != 0 &&
cur->request->start_time < ipban.expires &&
ipban.incorrect_login_events >= config->incorrect_login_cannot_login_treshold )
@ -274,7 +272,7 @@ long user_id;
if( check_abuse && !CheckAbuse() )
{
AddBanInfo();
CheckBan();
return false;
}
@ -291,7 +289,7 @@ long user_id;
}
else
{
AddBanInfo();
CheckBan();
}
return false;

2
functions/login.h
View File

@ -70,7 +70,7 @@ private:
void ClearTmpStruct();
bool CheckPasswords(const std::wstring & password);
void AddBanInfo();
void CheckBan();
bool CheckAbuse();
UserPass up, up2;

10
html/err_per_denied.html
View File

@ -2,7 +2,15 @@
<h1>{access_denied}</h1>
<p>{access_denied_msg}</p>
<p>{access_denied_msg}
[if ipban_is_current_ip_banned]
<br>
{ipban_your_ip_is_banned} [ipban_current_ip_expires_time].
[end]
</p>
</div>

8
html/fun_ipban.html
View File

@ -4,12 +4,15 @@
[if ipban_tab]
<table>
<table class="ipban_table">
<tr>
<th>{ipban_col_id}</th>
<th>{ipban_col_ip_address}</th>
<th>{ipban_col_login_failures}</th>
<th>{ipban_col_broken_cookie}</th>
<th>{ipban_session_hijacking}</th>
<th>{ipban_no_session_cookie}</th>
<th>{ipban_col_login_allowed}</th>
<th>{ipban_col_ban_level}</th>
<th>{ipban_col_active_flag}</th>
@ -24,6 +27,9 @@
<td>[ipban_tab_id]</td>
<td>[ipban_tab_ip]</td>
<td>[ipban_tab_incorrect_login]</td>
<td>[ipban_tab_broken_encoded_cookie]</td>
<td>[ipban_tab_session_hijacking]</td>
<td>[ipban_tab_no_session_cookie]</td>
<td>[if ipban_tab_is_logging_allowed]{ipban_loggin_allowed}[else]{ipban_loggin_not_allowed}[end]</td>
<td>[ipban_tab_ban_level]</td>
<td>[if ipban_tab_has_active_flag]{ipban_has_active_flag}[end]</td>

4
html/fun_login.html
View File

@ -7,9 +7,9 @@
<a href="[doc_base_url][if-one dir_can_read_exec][dir][if-any item_is item_can_read][item_url]/[end][else]/[end]logout">{logout}</a></p>
[else]
[if login_cannot_login]
[if-no ipban_is_login_allowed_from_this_ip]
<p>{login_cannot_login_from_this_ip}<br>
{login_cannot_login_available} [login_when_available_login]</p>
{login_cannot_login_available} [ipban_current_ip_expires_time]</p>
[else]
<form method="post" action="[login_path]login">

1
html/index_head_functions_add.html
View File

@ -10,6 +10,7 @@
winix_function_is "emacs"
winix_function_is "env"
winix_function_is "imgcrop"
winix_function_is "ipban"
winix_function_is "last"
winix_function_is "ln"
winix_function_is "locale"

11
locale/en
View File

@ -164,7 +164,10 @@ ls_no_picture = There are not any pictures in this directory
ipban_header = IP Banned
ipban_col_id = Id
ipban_col_ip_address = IP address
ipban_col_login_failures = login failures
ipban_col_login_failures = Login failures
ipban_col_broken_cookie = Broken cookies
ipban_session_hijacking = Session hijacking
ipban_no_session_cookie = No session cookie
ipban_col_login_allowed = Login allowed
ipban_col_ban_level = Ban level
ipban_col_active_flag = Active flag
@ -177,7 +180,7 @@ ipban_has_active_flag = yes
ipban_remove_ip = remove
ipban_remove_all_ip = Remove all IP's from the list
ipban_ban_list_empty = There are not any IP addresses banned at the moment.
ipban_your_ip_is_banned = Your IP address is banned on this server until to:
man_header = Man
@ -333,7 +336,9 @@ locale_select = Select language
login_header = Login
login_cannot_login_from_this_ip = We are sorry but there were too many incorrect login attempts from your IP address.
login_cannot_login_from_this_ip = We are sorry but you cannot login from this IP address.
#We are sorry but there were too many incorrect login attempts from your IP address.
login_cannot_login_available = The login process will be available since:

16
locale/pl
View File

@ -168,13 +168,16 @@ ls_no_picture = W tym katalogu nie ma żadnego obrazu
ipban_header = Lista zbanowanych adresów IP
ipban_col_id = L.p.
ipban_col_ip_address = adres IP
ipban_col_login_failures = nieprawidłowe logowania
ipban_col_login_allowed = możliwe logowanie
ipban_col_ip_address = Adres IP
ipban_col_login_failures = Nieprawidłowe logowania
ipban_col_broken_cookie = Popsute ciastka
ipban_session_hijacking = Podszywanie pod inną sesje
ipban_no_session_cookie = Brak ciastka sesyjnego
ipban_col_login_allowed = Możliwe logowanie
ipban_col_ban_level = Rodzaj banu
ipban_col_active_flag = Flaga active
ipban_col_last_used = Ostatnio używany
ipban_col_expires = Wygasza
ipban_col_expires = Wygasa
ipban_col_remove = Usuń
ipban_loggin_allowed = tak
ipban_loggin_not_allowed = nie
@ -182,6 +185,7 @@ ipban_has_active_flag = tak
ipban_remove_ip = usuń
ipban_remove_all_ip = Usuń wszystkie adresy IP z listy
ipban_ban_list_empty = W tej chwili nie ma żadnych zbanowanych adresów IP.
ipban_your_ip_is_banned = Twój adres IP jest zablokowany aż do:
meta_header = Meta
@ -353,7 +357,9 @@ locale_select = Wybierz język
login_header = Logowanie
login_cannot_login_from_this_ip = Przepraszamy ale z twojego adresu IP było zbyt wiele prób nieprawidłowego logowania.
login_cannot_login_from_this_ip = Przepraszamy ale nie możesz się zalogować z tego adresu IP.
#Przepraszamy ale z twojego adresu IP było zbyt wiele prób nieprawidłowego logowania.
login_cannot_login_available = Ponowne logowanie będzie możliwe dopiero od:
uptime_header = Czas pracy systemu

51
templates/ipban.cpp
View File

@ -44,6 +44,37 @@ namespace Winix
namespace TemplatesFunctions
{
void ipban_is_current_ip_banned(Info & i)
{
if( cur->session->ip_ban )
{
i.res = cur->session->ip_ban->IsIPBanned();
}
}
void ipban_current_ip_expires_time(Info & i)
{
if( cur->session->ip_ban && cur->session->ip_ban->expires != 0 )
{
PT::Date date = cur->session->ip_ban->expires;
i.out << date << " UTC";
}
}
void ipban_is_login_allowed_from_this_ip(Info & i)
{
i.res = !functions->fun_login.CannotLoginFromCurrentIP();
}
static size_t ipban_index;
@ -78,6 +109,26 @@ void ipban_tab_incorrect_login(Info & i)
}
void ipban_tab_broken_encoded_cookie(Info & i)
{
if( ipban_index < session_manager->BanListSize() )
i.out << session_manager->GetIPBan(ipban_index).broken_encoded_cookie_events;
}
void ipban_tab_session_hijacking(Info & i)
{
if( ipban_index < session_manager->BanListSize() )
i.out << session_manager->GetIPBan(ipban_index).session_hijacking_events;
}
void ipban_tab_no_session_cookie(Info & i)
{
if( ipban_index < session_manager->BanListSize() )
i.out << session_manager->GetIPBan(ipban_index).no_session_cookie_events;
}
void ipban_tab_ban_level(Info & i)
{

17
templates/login.cpp
View File

@ -69,25 +69,8 @@ void login_path(Info & i)
}
void login_cannot_login(Info & i)
{
i.res = functions->fun_login.CannotLoginFromCurrentIP();
}
void login_when_available_login(Info & i)
{
if( cur->session->ip_ban &&
cur->session->ip_ban->expires != 0 )
{
PT::Date date(cur->session->ip_ban->expires);
i.out << date << " UTC";
}
else
{
i.out << locale.Get(L"unknown");
}
}
void login_should_use_captcha(Info & i)

30
templates/templates.cpp
View File

@ -334,15 +334,21 @@ void Templates::CreateFunctions()
/*
ipban
*/
ezc_functions.Insert("ipban_tab", ipban_tab);
ezc_functions.Insert("ipban_tab_id", ipban_tab_id);
ezc_functions.Insert("ipban_tab_ip", ipban_tab_ip);
ezc_functions.Insert("ipban_tab_incorrect_login", ipban_tab_incorrect_login);
ezc_functions.Insert("ipban_tab_ban_level", ipban_tab_ban_level);
ezc_functions.Insert("ipban_tab_has_active_flag", ipban_tab_has_active_flag);
ezc_functions.Insert("ipban_tab_expires", ipban_tab_expires);
ezc_functions.Insert("ipban_tab_last_used", ipban_tab_last_used);
ezc_functions.Insert("ipban_tab_is_logging_allowed", ipban_tab_is_logging_allowed);
ezc_functions.Insert("ipban_is_current_ip_banned", ipban_is_current_ip_banned);
ezc_functions.Insert("ipban_current_ip_expires_time", ipban_current_ip_expires_time);
ezc_functions.Insert("ipban_is_login_allowed_from_this_ip", ipban_is_login_allowed_from_this_ip);
ezc_functions.Insert("ipban_tab", ipban_tab);
ezc_functions.Insert("ipban_tab_id", ipban_tab_id);
ezc_functions.Insert("ipban_tab_ip", ipban_tab_ip);
ezc_functions.Insert("ipban_tab_incorrect_login", ipban_tab_incorrect_login);
ezc_functions.Insert("ipban_tab_broken_encoded_cookie", ipban_tab_broken_encoded_cookie);
ezc_functions.Insert("ipban_tab_session_hijacking", ipban_tab_session_hijacking);
ezc_functions.Insert("ipban_tab_no_session_cookie", ipban_tab_no_session_cookie);
ezc_functions.Insert("ipban_tab_ban_level", ipban_tab_ban_level);
ezc_functions.Insert("ipban_tab_has_active_flag", ipban_tab_has_active_flag);
ezc_functions.Insert("ipban_tab_expires", ipban_tab_expires);
ezc_functions.Insert("ipban_tab_last_used", ipban_tab_last_used);
ezc_functions.Insert("ipban_tab_is_logging_allowed", ipban_tab_is_logging_allowed);
/*
@ -461,10 +467,8 @@ void Templates::CreateFunctions()
/*
login
*/
ezc_functions.Insert("login_path", login_path);
ezc_functions.Insert("login_cannot_login", login_cannot_login);
ezc_functions.Insert("login_when_available_login", login_when_available_login);
ezc_functions.Insert("login_should_use_captcha", login_should_use_captcha);
ezc_functions.Insert("login_path", login_path);
ezc_functions.Insert("login_should_use_captcha", login_should_use_captcha);
/*

8
templates/templates.h
View File

@ -247,10 +247,16 @@ namespace TemplatesFunctions
/*
ipban
*/
void ipban_is_current_ip_banned(Info & i);
void ipban_current_ip_expires_time(Info & i);
void ipban_is_login_allowed_from_this_ip(Info & i);
void ipban_tab(Info & i);
void ipban_tab_id(Info & i);
void ipban_tab_ip(Info & i);
void ipban_tab_incorrect_login(Info & i);
void ipban_tab_broken_encoded_cookie(Info & i);
void ipban_tab_session_hijacking(Info & i);
void ipban_tab_no_session_cookie(Info & i);
void ipban_tab_ban_level(Info & i);
void ipban_tab_has_active_flag(Info & i);
void ipban_tab_expires(Info & i);
@ -376,8 +382,6 @@ namespace TemplatesFunctions
login
*/
void login_path(Info & i);
void login_cannot_login(Info & i);
void login_when_available_login(Info & i);
void login_should_use_captcha(Info & i);