added: possibility to ban if a session cookie is incorrect (when we are using encoded cookies)

added:   possibility to ban if a client tries to hijack the session cookie
added:   possibility to ban if a client did not send a session cookie
renamed: ezc functions:
         login_cannot_login -> ipban_is_login_allowed_from_this_ip  (and the return value was changed)
         login_when_available_login -> ipban_current_ip_expires_time
added: config options:
       // after how many broken encoded cookie we should ban the current IP
       // default: 2 (value in the range <0 - 65535>)
       size_t broken_encoded_cookie_treshold;

       // after how many incorrect session identifiers (or session indices) we should ban the current IP
       // do not set this value too low, as people connecting from the same IP address (from behind a NAT)
       // would be banned if they have an old session cookie remembered in the browser
       // default: 128 (value in the range <0 - 65535>)
       size_t session_hijacking_treshold;

       // after how many times a client will be banned if it did not send a session cookie
       // default: 1000 (value in the range <0 - 65535>)
       size_t no_session_cookie_treshold;








git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e

templates/ipban.cpp

@@ -44,6 +44,37 @@ namespace Winix
 
 namespace TemplatesFunctions
 {
+
+
+void ipban_is_current_ip_banned(Info & i)
+{
+	if( cur->session->ip_ban )
+	{
+		i.res = cur->session->ip_ban->IsIPBanned();
+	}
+}
+
+
+void ipban_current_ip_expires_time(Info & i)
+{
+	if( cur->session->ip_ban && cur->session->ip_ban->expires != 0 )
+	{
+		PT::Date date = cur->session->ip_ban->expires;
+		i.out << date << " UTC";
+	}
+}
+
+
+void ipban_is_login_allowed_from_this_ip(Info & i)
+{
+	i.res = !functions->fun_login.CannotLoginFromCurrentIP();
+}
+
+
+
+
+
+
 static size_t ipban_index;
 
 
@@ -78,6 +109,26 @@ void ipban_tab_incorrect_login(Info & i)
 }
 
 
+void ipban_tab_broken_encoded_cookie(Info & i)
+{
+	if( ipban_index < session_manager->BanListSize() )
+		i.out << session_manager->GetIPBan(ipban_index).broken_encoded_cookie_events;
+}
+
+
+void ipban_tab_session_hijacking(Info & i)
+{
+	if( ipban_index < session_manager->BanListSize() )
+		i.out << session_manager->GetIPBan(ipban_index).session_hijacking_events;
+}
+
+
+void ipban_tab_no_session_cookie(Info & i)
+{
+	if( ipban_index < session_manager->BanListSize() )
+		i.out << session_manager->GetIPBan(ipban_index).no_session_cookie_events;
+}
+
 
 void ipban_tab_ban_level(Info & i)
 {

templates/login.cpp

@@ -69,25 +69,8 @@ void login_path(Info & i)
 }
 
 
-void login_cannot_login(Info & i)
-{
-	i.res = functions->fun_login.CannotLoginFromCurrentIP();
-}
 
 
-void login_when_available_login(Info & i)
-{
-	if( cur->session->ip_ban &&
-		cur->session->ip_ban->expires != 0 )
-	{
-		PT::Date date(cur->session->ip_ban->expires);
-		i.out << date << " UTC";
-	}
-	else
-	{
-		i.out << locale.Get(L"unknown");
-	}
-}
 
 
 void login_should_use_captcha(Info & i)

templates/templates.cpp

@@ -334,15 +334,21 @@ void Templates::CreateFunctions()
 	/*
 		ipban
 	*/
-	ezc_functions.Insert("ipban_tab",						ipban_tab);
-	ezc_functions.Insert("ipban_tab_id",					ipban_tab_id);
-	ezc_functions.Insert("ipban_tab_ip",					ipban_tab_ip);
-	ezc_functions.Insert("ipban_tab_incorrect_login",		ipban_tab_incorrect_login);
-	ezc_functions.Insert("ipban_tab_ban_level",				ipban_tab_ban_level);
-	ezc_functions.Insert("ipban_tab_has_active_flag",		ipban_tab_has_active_flag);
-	ezc_functions.Insert("ipban_tab_expires",				ipban_tab_expires);
-	ezc_functions.Insert("ipban_tab_last_used",				ipban_tab_last_used);
-	ezc_functions.Insert("ipban_tab_is_logging_allowed",	ipban_tab_is_logging_allowed);
+	ezc_functions.Insert("ipban_is_current_ip_banned",			ipban_is_current_ip_banned);
+	ezc_functions.Insert("ipban_current_ip_expires_time",		ipban_current_ip_expires_time);
+	ezc_functions.Insert("ipban_is_login_allowed_from_this_ip",	ipban_is_login_allowed_from_this_ip);
+	ezc_functions.Insert("ipban_tab",							ipban_tab);
+	ezc_functions.Insert("ipban_tab_id",						ipban_tab_id);
+	ezc_functions.Insert("ipban_tab_ip",						ipban_tab_ip);
+	ezc_functions.Insert("ipban_tab_incorrect_login",			ipban_tab_incorrect_login);
+	ezc_functions.Insert("ipban_tab_broken_encoded_cookie",		ipban_tab_broken_encoded_cookie);
+	ezc_functions.Insert("ipban_tab_session_hijacking",			ipban_tab_session_hijacking);
+	ezc_functions.Insert("ipban_tab_no_session_cookie",			ipban_tab_no_session_cookie);
+	ezc_functions.Insert("ipban_tab_ban_level",					ipban_tab_ban_level);
+	ezc_functions.Insert("ipban_tab_has_active_flag",			ipban_tab_has_active_flag);
+	ezc_functions.Insert("ipban_tab_expires",					ipban_tab_expires);
+	ezc_functions.Insert("ipban_tab_last_used",					ipban_tab_last_used);
+	ezc_functions.Insert("ipban_tab_is_logging_allowed",		ipban_tab_is_logging_allowed);
 
 
 	/*
@@ -461,10 +467,8 @@ void Templates::CreateFunctions()
 	/*
 		login
 	*/
-	ezc_functions.Insert("login_path",                 login_path);
-	ezc_functions.Insert("login_cannot_login",         login_cannot_login);
-	ezc_functions.Insert("login_when_available_login", login_when_available_login);
-	ezc_functions.Insert("login_should_use_captcha",   login_should_use_captcha);
+	ezc_functions.Insert("login_path",					login_path);
+	ezc_functions.Insert("login_should_use_captcha",	login_should_use_captcha);
 
 
 	/*

templates/templates.h

@@ -247,10 +247,16 @@ namespace TemplatesFunctions
 	/*
 		ipban
 	*/
+	void ipban_is_current_ip_banned(Info & i);
+	void ipban_current_ip_expires_time(Info & i);
+	void ipban_is_login_allowed_from_this_ip(Info & i);
 	void ipban_tab(Info & i);
 	void ipban_tab_id(Info & i);
 	void ipban_tab_ip(Info & i);
 	void ipban_tab_incorrect_login(Info & i);
+	void ipban_tab_broken_encoded_cookie(Info & i);
+	void ipban_tab_session_hijacking(Info & i);
+	void ipban_tab_no_session_cookie(Info & i);
 	void ipban_tab_ban_level(Info & i);
 	void ipban_tab_has_active_flag(Info & i);
 	void ipban_tab_expires(Info & i);
@@ -376,8 +382,6 @@ namespace TemplatesFunctions
 		login
 	*/
 	void login_path(Info & i);
-	void login_cannot_login(Info & i);
-	void login_when_available_login(Info & i);
 	void login_should_use_captcha(Info & i);