From c9bf20201b150f700c2b95613600013b3e48f273 Mon Sep 17 00:00:00 2001 From: Tomasz Sowa Date: Mon, 24 Nov 2014 20:22:30 +0000 Subject: [PATCH] added: possibility to ban if a session cookie is incorrect (when we are using encoded cookies) added: possibility to ban if a client tries to hijack the session cookie added: possibility to ban if a client did not send a session cookie renamed: ezc functions: login_cannot_login -> ipban_is_login_allowed_from_this_ip (and the return value was changed) login_when_available_login -> ipban_current_ip_expires_time added: config options: // after how many broken encoded cookie we should ban the current IP // default: 2 (value in the range <0 - 65535>) size_t broken_encoded_cookie_treshold; // after how many incorrect session identifiers (or session indices) we should ban the current IP // do not set this value too low, as people connecting from the same IP address (from behind a NAT) // would be banned if they have an old session cookie remembered in the browser // default: 128 (value in the range <0 - 65535>) size_t session_hijacking_treshold; // after how many times a client will be banned if it did not send a session cookie // default: 1000 (value in the range <0 - 65535>) size_t no_session_cookie_treshold; git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e --- core/app.cpp | 2 - core/config.cpp | 10 +- core/config.h | 18 ++- core/ipban.h | 28 +++- core/sessionmanager.cpp | 222 +++++++++++++++++++++++------ core/sessionmanager.h | 26 ++-- functions/login.cpp | 40 +++--- functions/login.h | 2 +- html/err_per_denied.html | 10 +- html/fun_ipban.html | 8 +- html/fun_login.html | 4 +- html/index_head_functions_add.html | 1 + locale/en | 11 +- locale/pl | 16 ++- templates/ipban.cpp | 51 +++++++ templates/login.cpp | 17 --- templates/templates.cpp | 30 ++-- templates/templates.h | 8 +- 18 files changed, 368 insertions(+), 136 deletions(-) diff --git a/core/app.cpp b/core/app.cpp index 33822c3..d479fcc 100644 --- a/core/app.cpp +++ b/core/app.cpp @@ -634,8 +634,6 @@ void App::Make() if( cur.session->ip_ban && cur.session->ip_ban->IsIPBanned() ) { PT::Date date(cur.session->ip_ban->expires); - - log << log2 << "App: this IP address is banned until to: " << date << " UTC" << logend; slog << logerror << T("this_ip_is_banned_until") << ' ' << date << " UTC" << logend; cur.request->status = WINIX_ERR_PERMISSION_DENIED; diff --git a/core/config.cpp b/core/config.cpp index 1b855b3..bc59e06 100644 --- a/core/config.cpp +++ b/core/config.cpp @@ -218,9 +218,12 @@ void Config::AssignValues(bool stdout_is_closed) session_max = Size(L"session_max", 1000000); session_cookie_encode = Bool(L"session_cookie_encode", false); session_keys_file = Text(L"session_keys_file"); - session_allow_index_difference = Size(L"session_allow_index_difference", 8); - session_index_time_increment = Long(L"session_index_time_increment", 30); - session_key_renew_time = Size(L"session_key_renew_time", 172800); // 2 days + session_allow_index_difference = Size(L"session_allow_index_difference", 8); + session_index_time_increment = Long(L"session_index_time_increment", 30); + session_key_renew_time = Size(L"session_key_renew_time", 172800); // 2 days + broken_encoded_cookie_treshold = Size(L"broken_encoded_cookie_treshold", 2); + session_hijacking_treshold = Size(L"session_hijacking_treshold", 128); + no_session_cookie_treshold = Size(L"no_session_cookie_treshold", 1000); compression = Bool(L"compression", true); compression_page_min_size = Size(L"compression_page_min_size", 512); @@ -299,6 +302,7 @@ void Config::AssignValues(bool stdout_is_closed) incorrect_login_cannot_login_treshold = Size(L"incorrect_login_cannot_login_treshold", 20); incorrect_login_cannot_login_delay = Size(L"incorrect_login_cannot_login_delay", 1800); + pid_file = Text(L"pid_file", L""); } diff --git a/core/config.h b/core/config.h index 3fded31..fe2ecbf 100644 --- a/core/config.h +++ b/core/config.h @@ -233,6 +233,20 @@ public: // default: 172800 = 2 days (max: 2678400 = 1 month, min: 10) size_t session_key_renew_time; + // after how many broken encoded cookie we should ban the current IP + // default: 2 (value in the range <0 - 65535>) + size_t broken_encoded_cookie_treshold; + + // after how many incorrect session identifiers (or session indices) we should ban the current IP + // do not set this value too low, as people connecting from the same IP address (from behind a NAT) + // would be banned if they have an old session cookie remembered in the browser + // default: 128 (value in the range <0 - 65535>) + size_t session_hijacking_treshold; + + // after how many times a client will be banned if it did not send a session cookie + // default: 1000 (value in the range <0 - 65535>) + size_t no_session_cookie_treshold; + // allow the winix output to be compressed // default: true bool compression; @@ -672,7 +686,7 @@ public: // how many incorrect logins there must have been passed to display a captcha // next to the login form - // default: 3 + // default: 3 (value in the range <0 - 65535>) size_t incorrect_login_captcha_treshold; // the way how we prevent to login if there are too many incorrect login attempts @@ -683,7 +697,7 @@ public: int incorrect_login_cannot_login_mode; // after how many incorrect login attempts we do the incorrect_login_cannot_login_mode action - // default: 20 + // default: 20 (value in the range <0 - 65535>) size_t incorrect_login_cannot_login_treshold; // used when incorrect_login_cannot_login_mode is zero diff --git a/core/ipban.h b/core/ipban.h index 82f85f2..8b43f80 100644 --- a/core/ipban.h +++ b/core/ipban.h @@ -87,11 +87,21 @@ struct IPBan // the ban level to a greater value time_t expires; + // how many incorrect login attempts there are - unsigned int incorrect_login_events; + unsigned short int incorrect_login_events; - // in the future there can be more *_events fields + // how many incorrect encoded cookie were sent + // only used if config.session_cookie_encode is true and session_keys_file is defined + unsigned short int broken_encoded_cookie_events; + // how many incorrect session identifiers were sent + unsigned short int session_hijacking_events; + + // client didn't send a session cookie + // it can be a bot or just someone wants to DOS the server + // (a new session will be create) + unsigned short int no_session_cookie_events; bool HasFlag(int flag) const @@ -123,7 +133,7 @@ struct IPBan } - void AddNextBanLevel(time_t level1_expires, time_t level2_expires, time_t level3_expires) + void IncrementBanLevel(time_t level1_expires, time_t level2_expires, time_t level3_expires) { if( HasFlag(WINIX_IPBAN_FLAG_BAN_LEVEL3) ) { @@ -164,14 +174,20 @@ struct IPBan flags = 0; last_used = 0; expires = 0; - incorrect_login_events = 0; + incorrect_login_events = 0; + broken_encoded_cookie_events = 0; + session_hijacking_events = 0; + no_session_cookie_events = 0; } - void ClearAfterRemovingBan() + void ResetEventsCounters() { ClearFlag(WINIX_IPBAN_FLAG_ACTIVE); - incorrect_login_events = 0; + incorrect_login_events = 0; + broken_encoded_cookie_events = 0; + session_hijacking_events = 0; + no_session_cookie_events = 0; expires = 0; } diff --git a/core/sessionmanager.cpp b/core/sessionmanager.cpp index 5dfae39..8ed6345 100644 --- a/core/sessionmanager.cpp +++ b/core/sessionmanager.cpp @@ -127,6 +127,9 @@ bool SessionManager::EncodeSessionId(long id, unsigned int index, std::wstring & } +/* + * IMPROVE ME we need a better algorithm + */ long SessionManager::CreateSessionId() { long id; @@ -179,6 +182,7 @@ SessionContainer::Iterator i = session_tab.End(); if( i != session_tab.End() ) { + is_session_set = true; session = &(*i); session->new_session = true; session->SetTimesTo(cur->request->start_time); @@ -190,7 +194,7 @@ SessionContainer::Iterator i = session_tab.End(); else { // there is a problem with generating a new session id - log << log1 << "SM: cannot create a session id (temporary used: with id 0)" << logend; + log << log1 << "SM: cannot create a session id" << logend; SetTemporarySession(); } } @@ -198,14 +202,18 @@ SessionContainer::Iterator i = session_tab.End(); void SessionManager::SetTemporarySession() { + is_session_set = true; + session = &temporary_session; session->Clear(false); session->SetTimesTo(cur->request->start_time); session->new_session = false; // temporary session was initialized at the beginning + + log << log2 << "SM: using temporary session" << logend; } -unsigned int SessionManager::SetSessionCalcDifference(Session & ses, unsigned int index) +unsigned int SessionManager::CalculateIndexDifference(Session & ses, unsigned int index) { unsigned int difference; @@ -233,15 +241,103 @@ void SessionManager::SetSessionPutLogInfo(Session & ses, bool has_index, unsigne -bool SessionManager::SetSessionFromCookie(long id, bool has_index, unsigned int index) +void SessionManager::IncrementBanLevel(IPBan * ip_ban) { -unsigned int difference = 0; + ip_ban->SetFlag(WINIX_IPBAN_FLAG_ACTIVE); - SessionContainer::Iterator s = session_tab.FindById(id); + ip_ban->IncrementBanLevel(cur->request->start_time + (time_t)config->ban_level_1_delay, + cur->request->start_time + (time_t)config->ban_level_2_delay, + cur->request->start_time + (time_t)config->ban_level_3_delay); + + PT::Date date(ip_ban->expires); + log << log2 << "SM: this IP address has been banned to: " << date << " UTC" << logend; +} + + +void SessionManager::SetFirstExpirationTime(IPBan * ip_ban) +{ + time_t expiry = cur->request->start_time + (time_t)config->ban_level_1_delay; + + if( ip_ban->expires < expiry ) + ip_ban->expires = expiry; +} + + + +void SessionManager::BrokenCookieCheckBan() +{ + if( !current_ip_ban ) + current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time); + + if( current_ip_ban->broken_encoded_cookie_events < config->broken_encoded_cookie_treshold ) + { + current_ip_ban->broken_encoded_cookie_events += 1; + SetFirstExpirationTime(current_ip_ban); + } + else + { + log << log2 << "SM: too many incorrect encoded cookies were sent from this IP" << logend; + IncrementBanLevel(current_ip_ban); + SetTemporarySession(); + } +} + + +void SessionManager::IncorrectSessionCheckBan() +{ + if( !current_ip_ban ) + current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time); + + if( current_ip_ban->session_hijacking_events < config->session_hijacking_treshold ) + { + current_ip_ban->session_hijacking_events += 1; + SetFirstExpirationTime(current_ip_ban); + } + else + { + log << log2 << "SM: too many incorrect sessions identifiers were sent from this IP" << logend; + IncrementBanLevel(current_ip_ban); + SetTemporarySession(); + } +} + + +void SessionManager::NoSessionCookieCheckBan() +{ + if( !current_ip_ban ) + current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time); + + if( current_ip_ban->no_session_cookie_events < config->no_session_cookie_treshold ) + { + current_ip_ban->no_session_cookie_events += 1; + SetFirstExpirationTime(current_ip_ban); + } + else + { + log << log2 << "SM: too many times you have not sent a session cookie" << logend; + IncrementBanLevel(current_ip_ban); + SetTemporarySession(); + } +} + + + +bool SessionManager::IsSessionCorrect(long id, bool has_index, unsigned int index, + const SessionContainer::Iterator & s, unsigned int & difference) +{ + difference = 0; + + if( id == 0 ) + { + log << log3 << "SM: id 0 is reserved for the temporary session" << logend; + IncorrectSessionCheckBan(); + return false; + } if( s == session_tab.End() ) { log << log3 << "SM: there is no a session with id: " << id << logend; + IncorrectSessionCheckBan(); return false; } @@ -253,34 +349,51 @@ unsigned int difference = 0; if( has_index ) { - difference = SetSessionCalcDifference(*s, index); + difference = CalculateIndexDifference(*s, index); if( (size_t)difference > config->session_allow_index_difference ) { log << log2 << "SM: an incorrect session index for session: " << id << ", index difference: " << (size_t)difference << logend; + + IncorrectSessionCheckBan(); return false; } } - // that session is in the table - session = &(*s); - session->new_session = false; - session->last_time = cur->request->start_time; - session->last_date = cur->request->start_date; +return true; +} - if( session->id_index_changed + config->session_index_time_increment < cur->request->start_time ) + +bool SessionManager::SetSessionFromCookie(long id, bool has_index, unsigned int index) +{ +unsigned int difference; +bool is_session_correct; + + SessionContainer::Iterator s = session_tab.FindById(id); + is_session_correct = IsSessionCorrect(id, has_index, index, s, difference); + + if( is_session_correct ) { - session->id_index += 1; - session->id_index_changed = cur->request->start_time; + is_session_set = true; + session = &(*s); + session->new_session = false; + session->last_time = cur->request->start_time; + session->last_date = cur->request->start_date; + + if( session->id_index_changed + config->session_index_time_increment < cur->request->start_time ) + { + session->id_index += 1; + session->id_index_changed = cur->request->start_time; + } + + if( cur->request->method == Request::get ) + session->last_time_get = cur->request->start_time; + + SetSessionPutLogInfo(*session, has_index, difference); } - if( cur->request->method == Request::get ) - session->last_time_get = cur->request->start_time; - - SetSessionPutLogInfo(*session, has_index, difference); - -return true; +return is_session_correct; } @@ -296,6 +409,7 @@ bool SessionManager::SetSessionFromCookie(const std::wstring & cookie) if( !session_id_manager.DecodeToken(cookie, id, index) ) { log << log2 << "SM: an incorrect cookie string was sent" << logend; + BrokenCookieCheckBan(); return false; } @@ -309,45 +423,52 @@ bool SessionManager::SetSessionFromCookie(const std::wstring & cookie) } - -void SessionManager::SetSession() +bool SessionManager::IsIPBanned() { current_ip_ban = ban_tab.FindIP(cur->request->ip); - if( current_ip_ban && current_ip_ban->IsIPBanned() ) + if( current_ip_ban ) { if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires ) { - log << log2 << "SM: removing a ban from this IP and resetting events counter" << logend; - current_ip_ban->ClearAfterRemovingBan(); + log << log2 << "SM: resetting events counters for this IP" << logend; + current_ip_ban->ResetEventsCounters(); + } + else + if( current_ip_ban->IsIPBanned() ) + { + PT::Date date = current_ip_ban->expires; + log << log2 << "SM: this ip is bannned to: " << date << logend; + SetTemporarySession(); + return true; + } + } + +return false; +} + + +void SessionManager::SetSession() +{ + is_session_set = false; + + if( !IsIPBanned() ) + { + CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name); + + if( i != cur->request->cookie_tab.end() ) + { + if( !SetSessionFromCookie(i->second) ) + cur->request->cookie_tab.erase(i); } else { - log << log2 << "SM: this ip is bannned, using a temporary session" << logend; - SetTemporarySession(); - session->ip_ban = current_ip_ban; - return; + NoSessionCookieCheckBan(); } } - CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name); - - if( i == cur->request->cookie_tab.end() ) - { + if( !is_session_set ) CreateSession(); - } - else - { - if( !SetSessionFromCookie(i->second) ) - { - // there is no such a session - // deleting the old cookie - cur->request->cookie_tab.erase(i); - - // and creating a new one - CreateSession(); - } - } session->ip_ban = current_ip_ban; } @@ -578,6 +699,15 @@ IPBan & SessionManager::AddIPToBanList(int ip) } +IPBan & SessionManager::AddIPToBanList(int ip, time_t cur_time) +{ + IPBan & ban = ban_tab.AddIP(ip); + ban.last_used = cur_time; + +return ban; +} + + size_t SessionManager::BanListSize() { return ban_tab.Size(); diff --git a/core/sessionmanager.h b/core/sessionmanager.h index 3c55df8..9489878 100644 --- a/core/sessionmanager.h +++ b/core/sessionmanager.h @@ -74,6 +74,8 @@ public: void DeleteSessions(); // deleting all sessions bool ChangeSessionId(long old_id); + void IncrementBanLevel(IPBan * ip_ban); + void InitTmpSession(); void InitBanList(); void InitCookieEncoding(); @@ -93,6 +95,7 @@ public: size_t MarkAllSessionsToRemove(long user_id); IPBan & AddIPToBanList(int ip); + IPBan & AddIPToBanList(int ip, time_t cur_time); size_t BanListSize(); IPBan & GetIPBan(size_t index); void RemoveIPBan(int ip); @@ -107,34 +110,35 @@ private: Config * config; Cur * cur; System * system; - LastContainer * last_container; - // current session - set by SetSession() Session * session; - SessionContainer session_tab; IPBanContainer ban_tab; - IPBan * current_ip_ban; - - // session with id 0 + bool is_session_set; Session temporary_session; - SessionIdManager session_id_manager; bool IsSession(long s); - - long CreateSessionId(); void CreateSession(); + bool IsSessionCorrect(long id, bool has_index, unsigned int index, const SessionContainer::Iterator & s, unsigned int & difference); bool SetSessionFromCookie(long id, bool has_index, unsigned int index); bool SetSessionFromCookie(const std::wstring & cookie); void SetTemporarySession(); - unsigned int SetSessionCalcDifference(Session & ses, unsigned int index); + unsigned int CalculateIndexDifference(Session & ses, unsigned int index); void SetSessionPutLogInfo(Session & ses, bool has_index, unsigned int difference); + bool IsIPBanned(); + void SetFirstExpirationTime(IPBan * ip_ban); + void BrokenCookieCheckBan(); + void IncorrectSessionCheckBan(); + void NoSessionCookieCheckBan(); - // second thread + + /* + * second thread + */ int deleted; virtual void Work(); void CheckSession(SessionContainer::Iterator & i); diff --git a/functions/login.cpp b/functions/login.cpp index 06d814d..d28b5d1 100644 --- a/functions/login.cpp +++ b/functions/login.cpp @@ -139,45 +139,38 @@ return result; -void Login::AddBanInfo() +void Login::CheckBan() { IPBan * ip_ban = cur->session->ip_ban; if( !ip_ban ) - ip_ban = &session_manager->AddIPToBanList(cur->request->ip); - - ip_ban->last_used = cur->request->start_time; - - if( ip_ban->expires != 0 && cur->request->start_time >= ip_ban->expires ) { - // the 'ip block' has expired - ip_ban->ClearAfterRemovingBan(); - log << log3 << "Login: removing the IP block for logging" << logend; + ip_ban = &session_manager->AddIPToBanList(cur->request->ip, cur->request->start_time); + cur->session->ip_ban = ip_ban; } if( ip_ban->incorrect_login_events < config->incorrect_login_cannot_login_treshold ) + { ip_ban->incorrect_login_events += 1; - - if( ip_ban->incorrect_login_events >= config->incorrect_login_cannot_login_treshold ) + } + else { log << log2 << "Login: too many incorrect login attempts from this IP" << logend; if( config->incorrect_login_cannot_login_mode == 0 ) { - // don't set WINIX_IPBAN_FLAG_ACTIVE here for IPBan::IsIPBanned() to return false (in CannotLoginFrom) - ip_ban->expires = cur->request->start_time + (time_t)config->incorrect_login_cannot_login_delay; + time_t expires = cur->request->start_time + (time_t)config->incorrect_login_cannot_login_delay; + + if( ip_ban->expires < expires ) + ip_ban->expires = expires; + PT::Date date(ip_ban->expires); log << log2 << "Login: logging from this IP address has been blocked until to: " << date << " UTC" << logend; } else if( config->incorrect_login_cannot_login_mode == 1 ) { - ip_ban->SetFlag(WINIX_IPBAN_FLAG_ACTIVE); - ip_ban->AddNextBanLevel(cur->request->start_time + (time_t)config->ban_level_1_delay, - cur->request->start_time + (time_t)config->ban_level_2_delay, - cur->request->start_time + (time_t)config->ban_level_3_delay); - PT::Date date(ip_ban->expires); - log << log2 << "Login: this IP address has been banned until to: " << date << " UTC" << logend; + session_manager->IncrementBanLevel(ip_ban); } } } @@ -215,6 +208,11 @@ bool Login::CannotLoginFrom(const IPBan & ipban) if( ipban.IsIPBanned() ) return true; + /* + * if incorrect_login_cannot_login_mode is equal to one then we only + * block logging (there is no a ban actually -- neither the active flag is enabled + * nor any ban_level is set) + */ if( ipban.expires != 0 && cur->request->start_time < ipban.expires && ipban.incorrect_login_events >= config->incorrect_login_cannot_login_treshold ) @@ -274,7 +272,7 @@ long user_id; if( check_abuse && !CheckAbuse() ) { - AddBanInfo(); + CheckBan(); return false; } @@ -291,7 +289,7 @@ long user_id; } else { - AddBanInfo(); + CheckBan(); } return false; diff --git a/functions/login.h b/functions/login.h index ba18282..f9ad3a4 100644 --- a/functions/login.h +++ b/functions/login.h @@ -70,7 +70,7 @@ private: void ClearTmpStruct(); bool CheckPasswords(const std::wstring & password); - void AddBanInfo(); + void CheckBan(); bool CheckAbuse(); UserPass up, up2; diff --git a/html/err_per_denied.html b/html/err_per_denied.html index ce2cace..b4a13ba 100644 --- a/html/err_per_denied.html +++ b/html/err_per_denied.html @@ -2,7 +2,15 @@

{access_denied}

-

{access_denied_msg}

+

{access_denied_msg} + + [if ipban_is_current_ip_banned] +
+ {ipban_your_ip_is_banned} [ipban_current_ip_expires_time]. + [end] + +

+ diff --git a/html/fun_ipban.html b/html/fun_ipban.html index 1295bba..d4a85bb 100644 --- a/html/fun_ipban.html +++ b/html/fun_ipban.html @@ -4,12 +4,15 @@ [if ipban_tab] - +
+ + + @@ -24,6 +27,9 @@ + + + diff --git a/html/fun_login.html b/html/fun_login.html index bf1d328..81c50a2 100644 --- a/html/fun_login.html +++ b/html/fun_login.html @@ -7,9 +7,9 @@ {logout}

[else] - [if login_cannot_login] + [if-no ipban_is_login_allowed_from_this_ip]

{login_cannot_login_from_this_ip}
- {login_cannot_login_available} [login_when_available_login]

+ {login_cannot_login_available} [ipban_current_ip_expires_time]

[else] diff --git a/html/index_head_functions_add.html b/html/index_head_functions_add.html index fab0c2b..113bd76 100644 --- a/html/index_head_functions_add.html +++ b/html/index_head_functions_add.html @@ -10,6 +10,7 @@ winix_function_is "emacs" winix_function_is "env" winix_function_is "imgcrop" + winix_function_is "ipban" winix_function_is "last" winix_function_is "ln" winix_function_is "locale" diff --git a/locale/en b/locale/en index 43f30e7..b4f2639 100644 --- a/locale/en +++ b/locale/en @@ -164,7 +164,10 @@ ls_no_picture = There are not any pictures in this directory ipban_header = IP Banned ipban_col_id = Id ipban_col_ip_address = IP address -ipban_col_login_failures = login failures +ipban_col_login_failures = Login failures +ipban_col_broken_cookie = Broken cookies +ipban_session_hijacking = Session hijacking +ipban_no_session_cookie = No session cookie ipban_col_login_allowed = Login allowed ipban_col_ban_level = Ban level ipban_col_active_flag = Active flag @@ -177,7 +180,7 @@ ipban_has_active_flag = yes ipban_remove_ip = remove ipban_remove_all_ip = Remove all IP's from the list ipban_ban_list_empty = There are not any IP addresses banned at the moment. - +ipban_your_ip_is_banned = Your IP address is banned on this server until to: man_header = Man @@ -333,7 +336,9 @@ locale_select = Select language login_header = Login -login_cannot_login_from_this_ip = We are sorry but there were too many incorrect login attempts from your IP address. +login_cannot_login_from_this_ip = We are sorry but you cannot login from this IP address. +#We are sorry but there were too many incorrect login attempts from your IP address. + login_cannot_login_available = The login process will be available since: diff --git a/locale/pl b/locale/pl index 064670a..b69c928 100644 --- a/locale/pl +++ b/locale/pl @@ -168,13 +168,16 @@ ls_no_picture = W tym katalogu nie ma żadnego obrazu ipban_header = Lista zbanowanych adresów IP ipban_col_id = L.p. -ipban_col_ip_address = adres IP -ipban_col_login_failures = nieprawidłowe logowania -ipban_col_login_allowed = możliwe logowanie +ipban_col_ip_address = Adres IP +ipban_col_login_failures = Nieprawidłowe logowania +ipban_col_broken_cookie = Popsute ciastka +ipban_session_hijacking = Podszywanie pod inną sesje +ipban_no_session_cookie = Brak ciastka sesyjnego +ipban_col_login_allowed = Możliwe logowanie ipban_col_ban_level = Rodzaj banu ipban_col_active_flag = Flaga active ipban_col_last_used = Ostatnio używany -ipban_col_expires = Wygasza +ipban_col_expires = Wygasa ipban_col_remove = Usuń ipban_loggin_allowed = tak ipban_loggin_not_allowed = nie @@ -182,6 +185,7 @@ ipban_has_active_flag = tak ipban_remove_ip = usuń ipban_remove_all_ip = Usuń wszystkie adresy IP z listy ipban_ban_list_empty = W tej chwili nie ma żadnych zbanowanych adresów IP. +ipban_your_ip_is_banned = Twój adres IP jest zablokowany aż do: meta_header = Meta @@ -353,7 +357,9 @@ locale_select = Wybierz język login_header = Logowanie -login_cannot_login_from_this_ip = Przepraszamy ale z twojego adresu IP było zbyt wiele prób nieprawidłowego logowania. +login_cannot_login_from_this_ip = Przepraszamy ale nie możesz się zalogować z tego adresu IP. +#Przepraszamy ale z twojego adresu IP było zbyt wiele prób nieprawidłowego logowania. + login_cannot_login_available = Ponowne logowanie będzie możliwe dopiero od: uptime_header = Czas pracy systemu diff --git a/templates/ipban.cpp b/templates/ipban.cpp index 374c705..2243e56 100644 --- a/templates/ipban.cpp +++ b/templates/ipban.cpp @@ -44,6 +44,37 @@ namespace Winix namespace TemplatesFunctions { + + +void ipban_is_current_ip_banned(Info & i) +{ + if( cur->session->ip_ban ) + { + i.res = cur->session->ip_ban->IsIPBanned(); + } +} + + +void ipban_current_ip_expires_time(Info & i) +{ + if( cur->session->ip_ban && cur->session->ip_ban->expires != 0 ) + { + PT::Date date = cur->session->ip_ban->expires; + i.out << date << " UTC"; + } +} + + +void ipban_is_login_allowed_from_this_ip(Info & i) +{ + i.res = !functions->fun_login.CannotLoginFromCurrentIP(); +} + + + + + + static size_t ipban_index; @@ -78,6 +109,26 @@ void ipban_tab_incorrect_login(Info & i) } +void ipban_tab_broken_encoded_cookie(Info & i) +{ + if( ipban_index < session_manager->BanListSize() ) + i.out << session_manager->GetIPBan(ipban_index).broken_encoded_cookie_events; +} + + +void ipban_tab_session_hijacking(Info & i) +{ + if( ipban_index < session_manager->BanListSize() ) + i.out << session_manager->GetIPBan(ipban_index).session_hijacking_events; +} + + +void ipban_tab_no_session_cookie(Info & i) +{ + if( ipban_index < session_manager->BanListSize() ) + i.out << session_manager->GetIPBan(ipban_index).no_session_cookie_events; +} + void ipban_tab_ban_level(Info & i) { diff --git a/templates/login.cpp b/templates/login.cpp index 3e14feb..8498cfb 100644 --- a/templates/login.cpp +++ b/templates/login.cpp @@ -69,25 +69,8 @@ void login_path(Info & i) } -void login_cannot_login(Info & i) -{ - i.res = functions->fun_login.CannotLoginFromCurrentIP(); -} -void login_when_available_login(Info & i) -{ - if( cur->session->ip_ban && - cur->session->ip_ban->expires != 0 ) - { - PT::Date date(cur->session->ip_ban->expires); - i.out << date << " UTC"; - } - else - { - i.out << locale.Get(L"unknown"); - } -} void login_should_use_captcha(Info & i) diff --git a/templates/templates.cpp b/templates/templates.cpp index 72f5eaa..a14654b 100644 --- a/templates/templates.cpp +++ b/templates/templates.cpp @@ -334,15 +334,21 @@ void Templates::CreateFunctions() /* ipban */ - ezc_functions.Insert("ipban_tab", ipban_tab); - ezc_functions.Insert("ipban_tab_id", ipban_tab_id); - ezc_functions.Insert("ipban_tab_ip", ipban_tab_ip); - ezc_functions.Insert("ipban_tab_incorrect_login", ipban_tab_incorrect_login); - ezc_functions.Insert("ipban_tab_ban_level", ipban_tab_ban_level); - ezc_functions.Insert("ipban_tab_has_active_flag", ipban_tab_has_active_flag); - ezc_functions.Insert("ipban_tab_expires", ipban_tab_expires); - ezc_functions.Insert("ipban_tab_last_used", ipban_tab_last_used); - ezc_functions.Insert("ipban_tab_is_logging_allowed", ipban_tab_is_logging_allowed); + ezc_functions.Insert("ipban_is_current_ip_banned", ipban_is_current_ip_banned); + ezc_functions.Insert("ipban_current_ip_expires_time", ipban_current_ip_expires_time); + ezc_functions.Insert("ipban_is_login_allowed_from_this_ip", ipban_is_login_allowed_from_this_ip); + ezc_functions.Insert("ipban_tab", ipban_tab); + ezc_functions.Insert("ipban_tab_id", ipban_tab_id); + ezc_functions.Insert("ipban_tab_ip", ipban_tab_ip); + ezc_functions.Insert("ipban_tab_incorrect_login", ipban_tab_incorrect_login); + ezc_functions.Insert("ipban_tab_broken_encoded_cookie", ipban_tab_broken_encoded_cookie); + ezc_functions.Insert("ipban_tab_session_hijacking", ipban_tab_session_hijacking); + ezc_functions.Insert("ipban_tab_no_session_cookie", ipban_tab_no_session_cookie); + ezc_functions.Insert("ipban_tab_ban_level", ipban_tab_ban_level); + ezc_functions.Insert("ipban_tab_has_active_flag", ipban_tab_has_active_flag); + ezc_functions.Insert("ipban_tab_expires", ipban_tab_expires); + ezc_functions.Insert("ipban_tab_last_used", ipban_tab_last_used); + ezc_functions.Insert("ipban_tab_is_logging_allowed", ipban_tab_is_logging_allowed); /* @@ -461,10 +467,8 @@ void Templates::CreateFunctions() /* login */ - ezc_functions.Insert("login_path", login_path); - ezc_functions.Insert("login_cannot_login", login_cannot_login); - ezc_functions.Insert("login_when_available_login", login_when_available_login); - ezc_functions.Insert("login_should_use_captcha", login_should_use_captcha); + ezc_functions.Insert("login_path", login_path); + ezc_functions.Insert("login_should_use_captcha", login_should_use_captcha); /* diff --git a/templates/templates.h b/templates/templates.h index 7b3a09a..05dd660 100644 --- a/templates/templates.h +++ b/templates/templates.h @@ -247,10 +247,16 @@ namespace TemplatesFunctions /* ipban */ + void ipban_is_current_ip_banned(Info & i); + void ipban_current_ip_expires_time(Info & i); + void ipban_is_login_allowed_from_this_ip(Info & i); void ipban_tab(Info & i); void ipban_tab_id(Info & i); void ipban_tab_ip(Info & i); void ipban_tab_incorrect_login(Info & i); + void ipban_tab_broken_encoded_cookie(Info & i); + void ipban_tab_session_hijacking(Info & i); + void ipban_tab_no_session_cookie(Info & i); void ipban_tab_ban_level(Info & i); void ipban_tab_has_active_flag(Info & i); void ipban_tab_expires(Info & i); @@ -376,8 +382,6 @@ namespace TemplatesFunctions login */ void login_path(Info & i); - void login_cannot_login(Info & i); - void login_when_available_login(Info & i); void login_should_use_captcha(Info & i);
{ipban_col_id} {ipban_col_ip_address} {ipban_col_login_failures}{ipban_col_broken_cookie}{ipban_session_hijacking}{ipban_no_session_cookie} {ipban_col_login_allowed} {ipban_col_ban_level} {ipban_col_active_flag}[ipban_tab_id] [ipban_tab_ip] [ipban_tab_incorrect_login][ipban_tab_broken_encoded_cookie][ipban_tab_session_hijacking][ipban_tab_no_session_cookie] [if ipban_tab_is_logging_allowed]{ipban_loggin_allowed}[else]{ipban_loggin_not_allowed}[end] [ipban_tab_ban_level] [if ipban_tab_has_active_flag]{ipban_has_active_flag}[end]