Merge pull request #1 from mikasjp/dev

First release

.gitignore

@@ -0,0 +1 @@
+wp-abuseshield-config.php

admin/admin.php

@@ -0,0 +1,69 @@
+<?php
+
+if(!DEFINED("WP_ABUSESHIELD_ADMIN")) die;
+
+require_once plugin_dir_path( __FILE__ ) . "class-wp-abuseshield-admin.php";
+
+$admin = new Wp_Abuseshield_Admin();
+$WP_ABUSESHIELD_ADMIN_NONCE = wp_create_nonce("WP_ABUSESHIELD_ADMIN_NONCE");
+?>
+<h1>WP AbuseShield Configuration</h1><hr>
+<div class="wp-abuseshield-messages">
+<?php echo $admin->DisplayMessages(); ?>
+</div>
+
+<div class="wp-abuseshield-admin">
+
+    <table class="wp-list-table widefat">
+
+    <tr><td>
+    <div class="wp-abuseshield-config-group">
+        <form method="post">
+        <div class="wp-abuseshield-config-row">
+            <label for="WP_ABUSESHIELD_ADMIN_APIKEY">AbuseIPDB API key:</label><br>
+            <input type="text" name="WP_ABUSESHIELD_ADMIN_APIKEY" id="WP_ABUSESHIELD_ADMIN_APIKEY" size="40" value="<?php echo $admin->plugin->config->config["APIKey"]; ?>">
+        </div>
+        <div class="wp-abuseshield-config-row">
+            <label for="WP_ABUSESHIELD_ADMIN_DVC">AbuseIPDB domain verification code:</label><br>
+            <input type="text" name="WP_ABUSESHIELD_ADMIN_DVC" id="WP_ABUSESHIELD_ADMIN_DVC" size="40" value="<?php echo $admin->plugin->config->config["DVC"]; ?>">
+        </div>
+        <div class="wp-abuseshield-config-row">
+            <input type="submit" name="WP_ABUSESHIELD_ADMIN_SUBMIT" class="button button-primary" value="Save">
+        </div>
+        <input name="WP_ABUSESHIELD_ADMIN_NONCE" type="hidden" value="<?php echo $WP_ABUSESHIELD_ADMIN_NONCE; ?>">
+        </form>
+    </div>
+    </td></tr>
+
+    <tr><td>
+    <div class="wp-abuseshield-config-group">
+        <form method="post">
+        <div class="wp-abuseshield-config-row">
+            <label for="WP_ABUSESHIELD_ADMIN_SECRET">Your secret token:</label><br>
+            <input type="text" id="WP_ABUSESHIELD_ADMIN_SECRET" size="40" value="<?php echo $admin->plugin->config->config["Secret"]; ?>" readonly>
+        </div>
+        <div class="wp-abuseshield-config-row">
+            <input type="submit" name="WP_ABUSESHIELD_ADMIN_RESET_SECRET"  class="button button-primary" value="Reset Secret Token">
+        </div>
+        <input name="WP_ABUSESHIELD_ADMIN_NONCE" type="hidden" value="<?php echo $WP_ABUSESHIELD_ADMIN_NONCE; ?>">
+        </form>
+    </div>
+    </td></tr>
+
+    <tr><td>
+    <div class="wp-abuseshield-config-group">
+        <form method="post">
+        <div class="wp-abuseshield-config-row">
+            <span style="font-weight:bold">Cached IPs: </span><?php echo $admin->plugin->cache->CountCache(); ?>
+        </div>
+        <div class="wp-abuseshield-config-row">
+            <input type="submit" name="WP_ABUSESHIELD_ADMIN_CLEAR_CACHE"  class="button button-primary" value="Clear Cache">
+        </div>
+        <input name="WP_ABUSESHIELD_ADMIN_NONCE" type="hidden" value="<?php echo $WP_ABUSESHIELD_ADMIN_NONCE; ?>">
+        </form>
+    </div>
+    </td></tr>
+
+    </td>
+
+</div>

admin/class-wp-abuseshield-admin.php

@@ -0,0 +1,70 @@
+<?php
+
+class WP_Abuseshield_Admin
+{
+
+    public $plugin;
+    protected $messages;
+
+    public function __construct()
+    {
+        $this->messages = [];
+        require_once plugin_dir_path( __FILE__ ) . "../include/class-wp-abuseshield.php";
+        $this->plugin = new Wp_Abuseshield();
+
+        $this->ParseRequests();
+
+        if(empty($this->plugin->config->config["APIKey"]))
+            $this->ShowMessage("For proper operation of the plugin it is necessary to provide your API key, which you can get by registering on the <a href=\"https://www.abuseipdb.com/\" target=\"_blank\">https://www.abuseipdb.com/</a>.");
+
+    }
+
+    protected function VerifyCSRFNonce()
+    {
+        if(wp_verify_nonce($_POST["WP_ABUSESHIELD_ADMIN_NONCE"],"WP_ABUSESHIELD_ADMIN_NONCE"))
+            return true;
+        else
+            return false;
+
+    }
+
+    protected function ParseRequests()
+    {
+        if(isset($_POST["WP_ABUSESHIELD_ADMIN_SUBMIT"]) && $this->VerifyCSRFNonce())
+        {
+            $this->plugin->config->config["APIKey"] = htmlspecialchars($_POST["WP_ABUSESHIELD_ADMIN_APIKEY"]);
+            $this->plugin->config->config["DVC"] = htmlspecialchars($_POST["WP_ABUSESHIELD_ADMIN_DVC"]);
+            $this->plugin->config->SaveConfig();
+            $this->ShowMessage("The configuration has been saved successfully");
+        }
+
+        if(isset($_POST["WP_ABUSESHIELD_ADMIN_RESET_SECRET"]) && $this->VerifyCSRFNonce())
+        {
+            $this->plugin->config->config["Secret"] = $this->plugin->config->GenerateSecret();
+            $this->plugin->config->SaveConfig();
+            $this->ShowMessage("The secret token has been modified successfully");
+        }
+
+        if(isset($_POST["WP_ABUSESHIELD_ADMIN_CLEAR_CACHE"]) && $this->VerifyCSRFNonce())
+        {
+            $this->plugin->cache->ClearCache();
+            $this->ShowMessage("The cache has been cleared");
+        }
+    }
+
+    protected function ShowMessage($s)
+    {
+        $this->messages[] = $s;
+    }
+
+    public function DisplayMessages()
+    {
+        $html = "";
+        foreach($this->messages as $message)
+        {
+            $html .= "<div class=\"wp-abuseshield-admin-messagebox\">".$message."</div>\n";
+        }
+        return $html;
+    }
+
+}

admin/index.php

@@ -0,0 +1 @@
+<?php 

admin/style.css

@@ -0,0 +1,18 @@
+div.wp-abuseshield-admin-messagebox
+{
+    padding: 5px;
+    border: 1px solid #AAA;
+    border-radius: 5px;
+    margin: 5px 5px 5px 0px;
+    font-weight: bold;
+}
+
+div.wp-abuseshield-config-group
+{
+    margin: 5px 0px;
+}
+
+div.wp-abuseshield-config-row
+{
+    margin: 2px 0px;
+}

include/class-wp-abuseshield-abuseipdb.php

@@ -0,0 +1,45 @@
+<?php
+
+class Wp_Abuseshield_AbuseIPDB
+{
+
+    protected $apikey;
+
+    function __construct($key)
+    {
+        $this->apikey = $key;
+    }
+
+    protected function Request($url)
+    {
+        $curl = curl_init($url);
+
+        curl_setopt_array($curl, array(
+            CURLOPT_RETURNTRANSFER => 1,
+            CURLOPT_USERAGENT => "WP AbuseShield WordPress Plugin",
+            CURLOPT_SSL_VERIFYPEER => 0
+        ));
+
+        $result = curl_exec($curl);
+        curl_close($curl);
+
+        return $result;
+    }
+
+    public function CheckIP($IP)
+    {
+        $result = json_decode($this->Request("https://www.abuseipdb.com/check/".$IP."/json?key=".$this->apikey."&days=7"));
+
+        if(count($result) > 0)
+            return false;
+        else
+            return true;
+    }
+
+    public function ReportIP($IP, $comment="Blocked by WP AbuseShield WordPress plugin")
+    {
+        $this->Request("https://www.abuseipdb.com/report/json?key=".$this->apikey."&category=21&comment=".$comment."&ip=".$IP);
+        return true;
+    }
+
+}

include/class-wp-abuseshield-cache.php

@@ -0,0 +1,70 @@
+<?php
+
+class Wp_Abuseshield_Cache
+{
+
+    protected $hashedip;
+    protected $hours;
+
+    function __construct($ip, $hours)
+    {
+        $this->hashedip = sha1($ip);
+        $this->hours = $hours;
+        $this->ClearExpiredGuests();
+    }
+
+    public function CheckGuest()
+    {
+        global $wpdb;
+        $findGuest = $wpdb->get_var("SELECT COUNT(*) FROM ".$wpdb->prefix."abuseshield WHERE ip='".$this->hashedip."'");
+
+        if($findGuest > 0)
+        {
+            $wpdb->update(
+                $wpdb->prefix."abuseshield",
+                array(
+                    "expiry" => time()
+                ),
+                array(
+                    "id" => $this->hashedip
+                )
+            );
+            return false;
+        }
+        else
+        {
+            return true;
+        }
+    }
+
+    public function CacheGuest($ip)
+    {
+        global $wpdb;
+        $wpdb->insert(
+            $wpdb->prefix."abuseshield",
+            array(
+                "ip" => "",
+                "expiry" => (time() + 3600 * $this->hours)
+            )
+        );
+    }
+
+    protected function ClearExpiredGuests()
+    {
+        global $wpdb;
+        $wpdb->query("DELETE FROM ".$wpdb->prefix."abuseshield WHERE expiry<".time());
+    }
+
+    public function ClearCache()
+    {
+        global $wpdb;
+        $wpdb->query("DELETE FROM ".$wpdb->prefix."abuseshield");
+    }
+
+    public function CountCache()
+    {
+        global $wpdb;
+        return $wpdb->get_var("SELECT COUNT(*) FROM ".$wpdb->prefix."abuseshield");
+    }
+
+}

include/class-wp-abuseshield-config.php

@@ -0,0 +1,42 @@
+<?php
+
+class Wp_Abuseshield_Config
+{
+    protected $config_file;
+    public $config;
+
+    public function __construct()
+    {
+        $this->config_file = plugin_dir_path( __FILE__ ) . "../wp-abuseshield-config.php";
+
+        if(!file_exists($this->config_file))
+        {
+            $this->config = [];
+            $this->config["APIKey"] = "";
+            $this->config["DVC"] = "";
+            $this->config["Secret"] = $this->GenerateSecret();
+            $this->config["CacheExpiration"] = 24;
+            $this->SaveConfig();
+        }
+        else
+            $this->LoadConfig();
+    }
+
+    protected function LoadConfig()
+    {
+        $config_file_contents = file($this->config_file);
+        $this->config = json_decode(base64_decode($config_file_contents[1]), true);
+    }
+
+    public function SaveConfig()
+    {
+        $config_string = "<?php /*\n" . base64_encode(json_encode($this->config));
+        return file_put_contents($this->config_file, $config_string);
+    }
+
+    public function GenerateSecret()
+    {
+        return sha1(time()."#".rand(0, 1000000000));
+    }
+
+}