<?php

[0] Fix | Delete

[1] Fix | Delete

class wfRateLimit {

[2] Fix | Delete

const TYPE_GLOBAL = 'global';

[3] Fix | Delete

const TYPE_CRAWLER_VIEWS = 'crawler-views';

[4] Fix | Delete

const TYPE_CRAWLER_404S = 'crawler-404s';

[5] Fix | Delete

const TYPE_HUMAN_VIEWS = 'human-views';

[6] Fix | Delete

const TYPE_HUMAN_404S = 'human-404s';

[7] Fix | Delete

[8] Fix | Delete

const HIT_TYPE_404 = '404';

[9] Fix | Delete

const HIT_TYPE_NORMAL = 'hit';

[10] Fix | Delete

[11] Fix | Delete

const VISITOR_TYPE_HUMAN = 'human';

[12] Fix | Delete

const VISITOR_TYPE_CRAWLER = 'crawler';

[13] Fix | Delete

[14] Fix | Delete

protected $_type;

[15] Fix | Delete

protected static $_hitCount = false;

[16] Fix | Delete

[17] Fix | Delete

public static function table() {

[18] Fix | Delete

return wfDB::networkTable('wfTrafficRates');

[19] Fix | Delete

}

[20] Fix | Delete

[21] Fix | Delete

public static function trimData() {

[22] Fix | Delete

$wfdb = wfDB::shared();

[23] Fix | Delete

$table = self::table();

[24] Fix | Delete

$wfdb->queryWrite("DELETE FROM {$table} WHERE eMin < FLOOR((UNIX_TIMESTAMP() - 60) / 60)");

[25] Fix | Delete

}

[26] Fix | Delete

[27] Fix | Delete

public static function globalRateLimit() {

[28] Fix | Delete

static $_cachedGlobal = null;

[29] Fix | Delete

if ($_cachedGlobal === null) {

[30] Fix | Delete

$_cachedGlobal = new wfRateLimit(self::TYPE_GLOBAL);

[31] Fix | Delete

}

[32] Fix | Delete

return $_cachedGlobal;

[33] Fix | Delete

}

[34] Fix | Delete

[35] Fix | Delete

public static function crawlerViewsRateLimit() {

[36] Fix | Delete

static $_cachedCrawlerViews = null;

[37] Fix | Delete

if ($_cachedCrawlerViews === null) {

[38] Fix | Delete

$_cachedCrawlerViews = new wfRateLimit(self::TYPE_CRAWLER_VIEWS);

[39] Fix | Delete

}

[40] Fix | Delete

return $_cachedCrawlerViews;

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

public static function crawler404sRateLimit() {

[44] Fix | Delete

static $_cachedCrawler404s = null;

[45] Fix | Delete

if ($_cachedCrawler404s === null) {

[46] Fix | Delete

$_cachedCrawler404s = new wfRateLimit(self::TYPE_CRAWLER_404S);

[47] Fix | Delete

}

[48] Fix | Delete

return $_cachedCrawler404s;

[49] Fix | Delete

}

[50] Fix | Delete

[51] Fix | Delete

public static function humanViewsRateLimit() {

[52] Fix | Delete

static $_cachedHumanViews = null;

[53] Fix | Delete

if ($_cachedHumanViews === null) {

[54] Fix | Delete

$_cachedHumanViews = new wfRateLimit(self::TYPE_HUMAN_VIEWS);

[55] Fix | Delete

}

[56] Fix | Delete

return $_cachedHumanViews;

[57] Fix | Delete

}

[58] Fix | Delete

[59] Fix | Delete

public static function human404sRateLimit() {

[60] Fix | Delete

static $_cachedHuman404s = null;

[61] Fix | Delete

if ($_cachedHuman404s === null) {

[62] Fix | Delete

$_cachedHuman404s = new wfRateLimit(self::TYPE_HUMAN_404S);

[63] Fix | Delete

}

[64] Fix | Delete

return $_cachedHuman404s;

[65] Fix | Delete

}

[66] Fix | Delete

[67] Fix | Delete

/**

[68] Fix | Delete

* Returns whether or not humans and bots have the same rate limits configured.

[69] Fix | Delete

*

[70] Fix | Delete

* @return bool

[71] Fix | Delete

*/

[72] Fix | Delete

public static function identicalHumanBotRateLimits() {

[73] Fix | Delete

$humanViews = self::humanViewsRateLimit();

[74] Fix | Delete

$crawlerViews = self::crawlerViewsRateLimit();

[75] Fix | Delete

if ($humanViews->isEnabled() != $crawlerViews->isEnabled()) {

[76] Fix | Delete

return false;

[77] Fix | Delete

}

[78] Fix | Delete

if ($humanViews->limit() != $crawlerViews->limit()) {

[79] Fix | Delete

return false;

[80] Fix | Delete

}

[81] Fix | Delete

[82] Fix | Delete

$human404s = self::human404sRateLimit();

[83] Fix | Delete

$crawler404s = self::crawler404sRateLimit();

[84] Fix | Delete

if ($human404s->isEnabled() != $crawler404s->isEnabled()) {

[85] Fix | Delete

return false;

[86] Fix | Delete

}

[87] Fix | Delete

if ($human404s->limit() != $crawler404s->limit()) {

[88] Fix | Delete

return false;

[89] Fix | Delete

}

[90] Fix | Delete

[91] Fix | Delete

return true;

[92] Fix | Delete

}

[93] Fix | Delete

[94] Fix | Delete

public static function mightRateLimit($hitType) {

[95] Fix | Delete

if (!wfConfig::get('firewallEnabled')) {

[96] Fix | Delete

return false;

[97] Fix | Delete

}

[98] Fix | Delete

[99] Fix | Delete

$IP = wfUtils::getIP();

[100] Fix | Delete

if (wfBlock::isWhitelisted($IP)) {

[101] Fix | Delete

return false;

[102] Fix | Delete

}

[103] Fix | Delete

[104] Fix | Delete

if (wfConfig::get('neverBlockBG') == 'neverBlockUA' && wfCrawl::isGoogleCrawler()) {

[105] Fix | Delete

return false;

[106] Fix | Delete

}

[107] Fix | Delete

[108] Fix | Delete

if (wfConfig::get('neverBlockBG') == 'neverBlockVerified' && wfCrawl::isVerifiedGoogleCrawler()) {

[109] Fix | Delete

return false;

[110] Fix | Delete

}

[111] Fix | Delete

[112] Fix | Delete

if ($hitType == '404') {

[113] Fix | Delete

$allowed404s = wfConfig::get('allowed404s');

[114] Fix | Delete

if (is_string($allowed404s)) {

[115] Fix | Delete

$allowed404s = array_filter(preg_split("/[\r\n]+/", $allowed404s));

[116] Fix | Delete

$allowed404sPattern = '';

[117] Fix | Delete

foreach ($allowed404s as $allowed404) {

[118] Fix | Delete

$allowed404sPattern .= preg_replace('/\\\\\*/', '.*?', preg_quote($allowed404, '/')) . '|';

[119] Fix | Delete

}

[120] Fix | Delete

$uri = $_SERVER['REQUEST_URI'];

[121] Fix | Delete

if (($index = strpos($uri, '?')) !== false) {

[122] Fix | Delete

$uri = substr($uri, 0, $index);

[123] Fix | Delete

}

[124] Fix | Delete

if ($allowed404sPattern && preg_match('/^' . substr($allowed404sPattern, 0, -1) . '$/i', $uri)) {

[125] Fix | Delete

return false;

[126] Fix | Delete

}

[127] Fix | Delete

}

[128] Fix | Delete

}

[129] Fix | Delete

[130] Fix | Delete

if (self::globalRateLimit()->isEnabled()) {

[131] Fix | Delete

return true;

[132] Fix | Delete

}

[133] Fix | Delete

[134] Fix | Delete

$visitorType = self::visitorType();

[135] Fix | Delete

[136] Fix | Delete

if ($visitorType == self::VISITOR_TYPE_CRAWLER) {

[137] Fix | Delete

if ($hitType == self::HIT_TYPE_NORMAL) {

[138] Fix | Delete

if (self::crawlerViewsRateLimit()->isEnabled()) {

[139] Fix | Delete

return true;

[140] Fix | Delete

}

[141] Fix | Delete

}

[142] Fix | Delete

else {

[143] Fix | Delete

if (self::crawler404sRateLimit()->isEnabled()) {

[144] Fix | Delete

return true;

[145] Fix | Delete

}

[146] Fix | Delete

}

[147] Fix | Delete

}

[148] Fix | Delete

else {

[149] Fix | Delete

if ($hitType == self::HIT_TYPE_NORMAL) {

[150] Fix | Delete

if (self::humanViewsRateLimit()->isEnabled()) {

[151] Fix | Delete

return true;

[152] Fix | Delete

}

[153] Fix | Delete

}

[154] Fix | Delete

else {

[155] Fix | Delete

if (self::human404sRateLimit()->isEnabled()) {

[156] Fix | Delete

return true;

[157] Fix | Delete

}

[158] Fix | Delete

}

[159] Fix | Delete

}

[160] Fix | Delete

[161] Fix | Delete

return false;

[162] Fix | Delete

}

[163] Fix | Delete

[164] Fix | Delete

public static function countHit($hitType, $ip) {

[165] Fix | Delete

$table = self::table();

[166] Fix | Delete

$ipHex = wfDB::binaryValueToSQLHex(wfUtils::inet_pton($ip));

[167] Fix | Delete

wfDB::shared()->queryWrite("INSERT INTO {$table} (eMin, IP, hitType, hits) VALUES (FLOOR(UNIX_TIMESTAMP() / 60), {$ipHex}, %s, @wfcurrenthits := 1) ON DUPLICATE KEY UPDATE hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", $hitType);

[168] Fix | Delete

}

[169] Fix | Delete

[170] Fix | Delete

/**

[171] Fix | Delete

* Returns one of the VISITOR_TYPE_ constants for the purposes of determining which rate limit to apply.

[172] Fix | Delete

*

[173] Fix | Delete

* @return string

[174] Fix | Delete

*/

[175] Fix | Delete

public static function visitorType() {

[176] Fix | Delete

static $_cachedVisitorType = null;

[177] Fix | Delete

if ($_cachedVisitorType === null) {

[178] Fix | Delete

$_cachedVisitorType = ((isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) || empty($_SERVER['HTTP_USER_AGENT']) ? wfRateLimit::VISITOR_TYPE_CRAWLER : wfRateLimit::VISITOR_TYPE_HUMAN);

[179] Fix | Delete

}

[180] Fix | Delete

return $_cachedVisitorType;

[181] Fix | Delete

}

[182] Fix | Delete

[183] Fix | Delete

protected function __construct($type) {

[184] Fix | Delete

$this->_type = $type;

[185] Fix | Delete

}

[186] Fix | Delete

[187] Fix | Delete

/**

[188] Fix | Delete

* Returns whether or not this rate limit is configured in a way where it would run.

[189] Fix | Delete

*

[190] Fix | Delete

* @return bool

[191] Fix | Delete

*/

[192] Fix | Delete

public function isEnabled() {

[193] Fix | Delete

switch ($this->_type) {

[194] Fix | Delete

case self::TYPE_GLOBAL:

[195] Fix | Delete

return wfConfig::get('maxGlobalRequests') != 'DISABLED' && wfConfig::getInt('maxGlobalRequests') > 0;

[196] Fix | Delete

case self::TYPE_CRAWLER_VIEWS:

[197] Fix | Delete

return wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && wfConfig::getInt('maxRequestsCrawlers') > 0;

[198] Fix | Delete

case self::TYPE_CRAWLER_404S:

[199] Fix | Delete

return wfConfig::get('max404Crawlers') != 'DISABLED' && wfConfig::getInt('max404Crawlers') > 0;

[200] Fix | Delete

case self::TYPE_HUMAN_VIEWS:

[201] Fix | Delete

return wfConfig::get('maxRequestsHumans') != 'DISABLED' && wfConfig::getInt('maxRequestsHumans') > 0;

[202] Fix | Delete

case self::TYPE_HUMAN_404S:

[203] Fix | Delete

return wfConfig::get('max404Humans') != 'DISABLED' && wfConfig::getInt('max404Humans') > 0;

[204] Fix | Delete

}

[205] Fix | Delete

return true;

[206] Fix | Delete

}

[207] Fix | Delete

[208] Fix | Delete

public function limit() {

[209] Fix | Delete

switch ($this->_type) {

[210] Fix | Delete

case self::TYPE_GLOBAL:

[211] Fix | Delete

return wfConfig::getInt('maxGlobalRequests');

[212] Fix | Delete

case self::TYPE_CRAWLER_VIEWS:

[213] Fix | Delete

return wfConfig::getInt('maxRequestsCrawlers');

[214] Fix | Delete

case self::TYPE_CRAWLER_404S:

[215] Fix | Delete

return wfConfig::getInt('max404Crawlers');

[216] Fix | Delete

case self::TYPE_HUMAN_VIEWS:

[217] Fix | Delete

return wfConfig::getInt('maxRequestsHumans');

[218] Fix | Delete

case self::TYPE_HUMAN_404S:

[219] Fix | Delete

return wfConfig::getInt('max404Humans');

[220] Fix | Delete

}

[221] Fix | Delete

return -1;

[222] Fix | Delete

}

[223] Fix | Delete

[224] Fix | Delete

public function shouldEnforce($hitType) {

[225] Fix | Delete

switch ($this->_type) {

[226] Fix | Delete

case self::TYPE_GLOBAL:

[227] Fix | Delete

return $this->isEnabled() && $this->_hitCount() > max(wfConfig::getInt('maxGlobalRequests'), 1);

[228] Fix | Delete

case self::TYPE_CRAWLER_VIEWS:

[229] Fix | Delete

return self::visitorType() == self::VISITOR_TYPE_CRAWLER && $hitType == self::HIT_TYPE_NORMAL && $this->isEnabled() && $this->_hitCount() > wfConfig::getInt('maxRequestsCrawlers');

[230] Fix | Delete

case self::TYPE_CRAWLER_404S:

[231] Fix | Delete

return self::visitorType() == self::VISITOR_TYPE_CRAWLER && $hitType == self::HIT_TYPE_404 && $this->isEnabled() && $this->_hitCount() > wfConfig::getInt('max404Crawlers');

[232] Fix | Delete

case self::TYPE_HUMAN_VIEWS:

[233] Fix | Delete

return self::visitorType() == self::VISITOR_TYPE_HUMAN && $hitType == self::HIT_TYPE_NORMAL && $this->isEnabled() && $this->_hitCount() > wfConfig::getInt('maxRequestsHumans');

[234] Fix | Delete

case self::TYPE_HUMAN_404S:

[235] Fix | Delete

return self::visitorType() == self::VISITOR_TYPE_HUMAN && $hitType == self::HIT_TYPE_404 && $this->isEnabled() && $this->_hitCount() > wfConfig::getInt('max404Humans');

[236] Fix | Delete

}

[237] Fix | Delete

return false;

[238] Fix | Delete

}

[239] Fix | Delete

[240] Fix | Delete

/**

[241] Fix | Delete

* Returns the hit count corresponding to the current request type.

[242] Fix | Delete

*

[243] Fix | Delete

* @return int

[244] Fix | Delete

*/

[245] Fix | Delete

protected function _hitCount() {

[246] Fix | Delete

if (self::$_hitCount === false) {

[247] Fix | Delete

self::$_hitCount = (int) wfDB::shared()->querySingle("SELECT @wfcurrenthits");

[248] Fix | Delete

}

[249] Fix | Delete

return self::$_hitCount;

[250] Fix | Delete

}

[251] Fix | Delete

}

[252] Fix | Delete