Issues in runner.php (master) - Issues in master - dimaslanjaka/universal-framework - Measure and Improve Code Quality continuously with Scrutinizer

Issues (994)

src/DDOS/runner.php (2 issues)

Labels

Best Practice 1

Severity

<?php

namespace DDOS;

/**
 * DDOS protector base class.
 *
 * @version 2.1.0
 *
 * @author Dimas Lanjaka ([email protected])
 * @copyright (C) Dimas Lanjaka (https://dimaslanjaka.github.io)
 * @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
 */
class runner
{
  public function __construct()
  {
    if (\MVC\helper::cors()) {
      return;
    }
    // Switch to control AntiDDoS state.
    $anti_ddos_protection_enable = true;
    // Activate debug statements.
    $anti_ddos_debug = false;

    if ($anti_ddos_protection_enable) {

      // List of trusted Autonomous systems.
      $not_rated_as = '13238,15169,8075,10310,36647,13335,2635,32934,38365,55967,16509,2559,19500,47764,17012,1449,43247,32734,15768,33512,18730,30148';

      $remote_ip = \MVC\helper::getRequestIP();

      if (!$remote_ip) {
        \JSON\json::json(['error' => true, 'title' => 'DDOS protection', 'message' => 'due security reason please disable your proxy or vpn or ssh or any other third party apps for hidding your ip']);
        header('refresh:5; url=https://www.webmanajemen.com');
        exit;
      }

      $secure_cookie_label = \MVC\helper::ddos_key();

      // Secret key salt to avoid copy/past of the Cookie between visitors.
      // ATTENTION!!!
      // YOU MUST GENERATE NEW $security_cookie_salt BEFORE USE IT ON YOUR OWN SITE.
      // ATTENTION!!!
      $secure_cookie_salt = 'L3n4r0x';

      $secure_cookie_key = md5($remote_ip . ':' . $secure_cookie_salt);

      // Days to use secure cookie.
      $secure_cookie_days = 1;
      // Delay in seconds before redirection to original URL.
      $redirect_delay = 5;

      $test_ip = true;
      $set_secure_cookie = true;
      if (isset($_COOKIE[$secure_cookie_label]) && $_COOKIE[$secure_cookie_label] == $secure_cookie_key) {
        // if cookie exists and match, skip
        $test_ip = false;
        $set_secure_cookie = false;
      }
      if (!$test_ip) {
        //
        // Skiping visitors from trusted AS
        // Example: Google, Microsoft and etc.
        //
        $skip_trusted = true;
        if ($test_ip && function_exists('geoip_org_by_name')) {
          $visitor_org = call_user_func('geoip_org_by_name', $remote_ip);
          if (false !== $visitor_org && preg_match("/^AS(\d+)\s/", $visitor_org, $matches)) {
            $not_rated_as = explode(',', $not_rated_as);
            foreach ($not_rated_as as $asn) {
              if ($skip_trusted) {
                continue;
              }
              if ($asn == $matches[1]) {
                $skip_trusted = true;
              }
            }
            if ($skip_trusted) {
              if ($anti_ddos_debug) {
                error_log(sprintf('Skip antiddos protection for %s, because it\'s trusted AS%d.', $remote_ip, $asn));
              }
              $test_ip = false;
            }
          }
        }
        // another method to skip
        // whitelist ip
        if (\MVC\helper::is_google()) {
          $test_ip = false;
        }
      }
      $run_stop_action = $test_ip;
      if ($run_stop_action) {
        include __DIR__ . '/page.php';
        if ($anti_ddos_debug) {
          error_log(sprintf(
            'Blacklisted IP, drop connection %s to %s.',
            $remote_ip,
            $_SERVER['REQUEST_URI']
          ));
        }

        exit;

      }
      if ($set_secure_cookie && !$run_stop_action) {
        // secure cookie
        setcookie($secure_cookie_label, $secure_cookie_key, null, '/');
      }
    }
  }
}


1			<?php
2
3			namespace DDOS;
4
5			/**
6			* DDOS protector base class.
7			*
8			* @version 2.1.0
9			*
10			* @author Dimas Lanjaka ([email protected])
11			* @copyright (C) Dimas Lanjaka (https://dimaslanjaka.github.io)
12			* @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
13			*/
14			class runner
15			{
16			public function __construct()
17			{
18			if (\MVC\helper::cors()) {
19			return;
20			}
21			// Switch to control AntiDDoS state.
22			$anti_ddos_protection_enable = true;
23			// Activate debug statements.
24			$anti_ddos_debug = false;
25
26			if ($anti_ddos_protection_enable) {
			0 ignored issues – show introduced 2020-07-04 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `$anti_ddos_protection_enable` is always `true`. Loading history...
27			// List of trusted Autonomous systems.
28			$not_rated_as = '13238,15169,8075,10310,36647,13335,2635,32934,38365,55967,16509,2559,19500,47764,17012,1449,43247,32734,15768,33512,18730,30148';
29
30			$remote_ip = \MVC\helper::getRequestIP();
31
32			if (!$remote_ip) {
33			\JSON\json::json(['error' => true, 'title' => 'DDOS protection', 'message' => 'due security reason please disable your proxy or vpn or ssh or any other third party apps for hidding your ip']);
34			header('refresh:5; url=https://www.webmanajemen.com');
35			exit;
36			}
37
38			$secure_cookie_label = \MVC\helper::ddos_key();
39
40			// Secret key salt to avoid copy/past of the Cookie between visitors.
41			// ATTENTION!!!
42			// YOU MUST GENERATE NEW $security_cookie_salt BEFORE USE IT ON YOUR OWN SITE.
43			// ATTENTION!!!
44			$secure_cookie_salt = 'L3n4r0x';
45
46			$secure_cookie_key = md5($remote_ip . ':' . $secure_cookie_salt);
47
48			// Days to use secure cookie.
49			$secure_cookie_days = 1;
50			// Delay in seconds before redirection to original URL.
51			$redirect_delay = 5;
52
53			$test_ip = true;
54			$set_secure_cookie = true;
55			if (isset($_COOKIE[$secure_cookie_label]) && $_COOKIE[$secure_cookie_label] == $secure_cookie_key) {
56			// if cookie exists and match, skip
57			$test_ip = false;
58			$set_secure_cookie = false;
59			}
60			if (!$test_ip) {
61			//
62			// Skiping visitors from trusted AS
63			// Example: Google, Microsoft and etc.
64			//
65			$skip_trusted = true;
66			if ($test_ip && function_exists('geoip_org_by_name')) {
67			$visitor_org = call_user_func('geoip_org_by_name', $remote_ip);
68			if (false !== $visitor_org && preg_match("/^AS(\d+)\s/", $visitor_org, $matches)) {
69			$not_rated_as = explode(',', $not_rated_as);
70			foreach ($not_rated_as as $asn) {
71			if ($skip_trusted) {
72			continue;
73			}
74			if ($asn == $matches[1]) {
75			$skip_trusted = true;
76			}
77			}
78			if ($skip_trusted) {
79			if ($anti_ddos_debug) {
80			error_log(sprintf('Skip antiddos protection for %s, because it\'s trusted AS%d.', $remote_ip, $asn));
81			}
82			$test_ip = false;
83			}
84			}
85			}
86			// another method to skip
87			// whitelist ip
88			if (\MVC\helper::is_google()) {
89			$test_ip = false;
90			}
91			}
92			$run_stop_action = $test_ip;
93			if ($run_stop_action) {
94			include __DIR__ . '/page.php';
95			if ($anti_ddos_debug) {
96			error_log(sprintf(
97			'Blacklisted IP, drop connection %s to %s.',
98			$remote_ip,
99			$_SERVER['REQUEST_URI']
100			));
101			}
102
103			exit;
			0 ignored issues – show Best Practice introduced 2020-07-04 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
104			}
105			if ($set_secure_cookie && !$run_stop_action) {
106			// secure cookie
107			setcookie($secure_cookie_label, $secure_cookie_key, null, '/');
108			}
109			}
110			}
111			}
112

dimaslanjaka / universal-framework

Issues (994)

src/DDOS/runner.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like