New base class cleantalk.class.php

CleanTalk · Aug 12, 2014 · 96c6deb · 96c6deb
1 parent 7ea5297
commit 96c6deb
Showing 1 changed file with 85 additions and 18 deletions.
diff --git a/CleanTalk/Base/cleantalk.class.php b/CleanTalk/Base/cleantalk.class.php
@@ -2,7 +2,7 @@
 /**
  * Cleantalk base class
  *
- * @version 1.23
+ * @version 1.29
  * @package Cleantalk
  * @subpackage Base
  * @author Сleantalk team (welcome@cleantalk.ru)
@@ -393,6 +393,12 @@ class Cleantalk {
      */
     public $api_version = '/api2.0';
 
+    /**
+     * Use https connection to servers 
+     * @var bool 
+     */
+    public $ssl_on = false;
+
     /**
      * Function checks whether it is possible to publish the message
      * @param CleantalkRequest $request
@@ -597,14 +603,21 @@ private function createMsg($method, CleantalkRequest $request) {
     private function sendRequest($data = null, $url, $server_timeout = 3) {
         // Convert to array
         $data = json_decode(json_encode($data), true);
-        
+
         // Convert to JSON
         $data = json_encode($data);
-          
-        if (isset($this->api_version))
+
+        if (isset($this->api_version)) {
             $url = $url . $this->api_version;
-
+        }
+
+        // Switching to secure connection
+        if ($this->ssl_on && !preg_match("/^https:/", $url)) {
+            $url = preg_replace("/^(http)/i", "$1s", $url);
+        }
+
         $result = false;
+        $curl_error = null;
 		if(function_exists('curl_init')) {
             $ch = curl_init();
             curl_setopt($ch, CURLOPT_URL, $url);
@@ -615,10 +628,22 @@ private function sendRequest($data = null, $url, $server_timeout = 3) {
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
             // resolve 'Expect: 100-continue' issue
             curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
+
+            // Disabling CA cert verivication
+            // Disabling common name verification
+            if ($this->ssl_on) {
+                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+            }
 
             $result = curl_exec($ch);
+            if (!$result) {
+                $curl_error = curl_error($ch);
+            }
+
             curl_close($ch); 
         }
+
         if (!$result) {
             $allow_url_fopen = ini_get('allow_url_fopen');
             if (function_exists('file_get_contents') && isset($allow_url_fopen) && $allow_url_fopen == '1') {
@@ -635,22 +660,28 @@ private function sendRequest($data = null, $url, $server_timeout = 3) {
                 $result = @file_get_contents($url, false, $context);
             }
         }
+
         if (!$result) {
             $response = null;
             $response['errno'] = 1;
-            $response['errstr'] = 'No CURL support compiled in. Disabled allow_url_fopen in php.ini.'; 
+            if ($curl_error) {
+                $response['errstr'] = sprintf("CURL error: '%s'", $curl_error); 
+            } else {
+                $response['errstr'] = 'No CURL support compiled in'; 
+            }
+            $response['errstr'] .= ' or disabled allow_url_fopen in php.ini.'; 
             $response = json_decode(json_encode($response));
 
             return $response;
         }
-  
+        
         $errstr = null;
         $response = json_decode($result);
         if ($result !== false && is_object($response)) {
             $response->errno = 0;
             $response->errstr = $errstr;
         } else {
-            $errstr = 'Failed connect to ' . $url . '.' . ' ' . $result;
+            $errstr = 'Unknown response from ' . $url . '.' . ' ' . $result;
 
             $response = null;
             $response['errno'] = 1;
@@ -841,21 +872,57 @@ public function delCleantalkComment($message) {
         return $message;
     }
 
-    /*
-       Get user IP
+    /**
+    *   Get user IP behind proxy server
     */
-    public function ct_session_ip( $data_ip )
-    {
-        if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
-        {
-            $forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? htmlentities($_SERVER['HTTP_X_FORWARDED_FOR']) : '';
+    public function ct_session_ip( $data_ip ) {
+        if (!$data_ip || !preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $data_ip)) {
+            return $data_ip;
         }
+        if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+
+            $forwarded_ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
 
-        // 127.0.0.1 usually used at reverse proxy
-        $session_ip = ($data_ip == '127.0.0.1' && !empty($forwarded_for)) ? $forwarded_for : $data_ip;
+            // Looking for first value in the list, it should be sender real IP address
+            if (!preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $forwarded_ip[0])) {
+                return $data_ip;
+            }
 
-        return $session_ip;
+            $private_src_ip = false;
+            $private_nets = array(
+                '10.0.0.0/8',
+                '127.0.0.0/8',
+                '176.16.0.0/12',
+                '192.168.0.0/16',
+            );
+
+            foreach ($private_nets as $v) {
+
+                // Private IP found
+                if ($private_src_ip) {
+                    continue;
+                }
+
+                if ($this->net_match($v, $data_ip)) {
+                    $private_src_ip = true;
+                }
+            }
+            if ($private_src_ip) {
+                // Taking first IP from the list HTTP_X_FORWARDED_FOR 
+                $data_ip = $forwarded_ip[0]; 
+            }
+        }
+
+        return $data_ip;
     }
+
+    /**
+    * From http://php.net/manual/en/function.ip2long.php#82397
+    */
+    public function net_match($CIDR,$IP) { 
+        list ($net, $mask) = explode ('/', $CIDR); 
+        return ( ip2long ($IP) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($net); 
+    } 
 
     /**
     * Function to check response time