-
Notifications
You must be signed in to change notification settings - Fork 112
/
Copy pathEmail.php
406 lines (363 loc) · 11.1 KB
/
Email.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
require_once 'IDS/Log/Interface.php';
/**
* Email logging wrapper
*
* The Email wrapper is designed to send reports via email. It implements the
* singleton pattern.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @version Release: $Id:Email.php 517 2007-09-15 15:04:13Z mario $
* @link http://php-ids.org/
*/
class IDS_Log_Email implements IDS_Log_Interface
{
/**
* Recipient container
*
* @var array
*/
protected $recipients = array();
/**
* Mail subject
*
* @var string
*/
protected $subject = null;
/**
* Additional mail headers
*
* @var string
*/
protected $headers = null;
/**
* Optional envelope string
*
* @var string
*/
protected $envelope = null;
/**
* Safemode switch
*
* Using this switch it is possible to enable safemode, which is a spam
* protection based on the alert frequency.
*
* @var boolean
*/
protected $safemode = true;
/**
* Urlencode for result strings
*
* This switch is true by default. Setting it to false removes
* the 'better safe than sorry' urlencoding for the result string in
* the report mails. Enhances readability but maybe XSSes email clients.
*
* @var boolean
*/
protected $urlencode = true;
/**
* Send rate
*
* If safemode is enabled, this property defines how often reports will be
* sent out. Default value is 15, which means that a mail will be sent on
* condition that the last email has not been sent earlier than 15 seconds ago.
*
* @var integer
*/
protected $allowed_rate = 15;
/**
* PHPIDS temp directory
*
* When safemod is enabled, a path to a temp directory is needed to
* store some information. Default is IDS/tmp/
*
* @var string
*/
protected $tmp_path = 'IDS/tmp/';
/**
* File prefix for tmp files
*
* @var string
*/
protected $file_prefix = 'PHPIDS_Log_Email_';
/**
* Holds current remote address
*
* @var string
*/
protected $ip = 'local/unknown';
/**
* Instance container
*
* @var array
*/
protected static $instance = array();
/**
* Constructor
*
* @param mixed $config IDS_Init instance | array
*
* @return void
*/
protected function __construct($config)
{
if ($config instanceof IDS_Init) {
$this->recipients = $config->config['Logging']['recipients'];
$this->subject = $config->config['Logging']['subject'];
$this->headers = $config->config['Logging']['header'];
$this->envelope = $config->config['Logging']['envelope'];
$this->safemode = $config->config['Logging']['safemode'];
$this->urlencode = $config->config['Logging']['urlencode'];
$this->allowed_rate = $config->config['Logging']['allowed_rate'];
$this->tmp_path = $config->getBasePath()
. $config->config['General']['tmp_path'];
} elseif (is_array($config)) {
$this->recipients[] = $config['recipients'];
$this->subject = $config['subject'];
}
// determine correct IP address and concat them if necessary
$this->ip = $_SERVER['REMOTE_ADDR'] .
(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : '');
}
/**
* Returns an instance of this class
*
* This method allows the passed argument to be either an instance of
* IDS_Init or an array.
*
* @param mixed $config IDS_Init | array
* @param string $classname the class name to use
*
* @return object $this
*/
public static function getInstance($config, $classname = 'IDS_Log_Email')
{
if (!self::$instance) {
self::$instance = new $classname($config);
}
return self::$instance;
}
/**
* Permitting to clone this object
*
* For the sake of correctness of a singleton pattern, this is necessary
*
* @return void
*/
private function __clone()
{
}
/**
* Detects spam attempts
*
* To avoid mail spam through this logging class this function is used
* to detect such attempts based on the alert frequency.
*
* @return boolean
*/
protected function isSpamAttempt()
{
/*
* loop through all files in the tmp directory and
* delete garbage files
*/
$dir = $this->tmp_path;
$numPrefixChars = strlen($this->file_prefix);
$files = scandir($dir);
foreach ($files as $file) {
if (is_file($dir . DIRECTORY_SEPARATOR . $file)) {
if (substr($file, 0, $numPrefixChars) == $this->file_prefix) {
$lastModified = filemtime($dir . DIRECTORY_SEPARATOR . $file);
if ((time() - $lastModified) > 3600) {
unlink($dir . DIRECTORY_SEPARATOR . $file);
}
}
}
}
/*
* end deleting garbage files
*/
$remoteAddr = $this->ip;
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$filename = $this->file_prefix . md5($remoteAddr.$userAgent) . '.tmp';
$file = $dir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($file)) {
$handle = fopen($file, 'w');
fwrite($handle, time());
fclose($handle);
return false;
}
$lastAttack = file_get_contents($file);
$difference = time() - $lastAttack;
if ($difference > $this->allowed_rate) {
unlink($file);
} else {
return true;
}
return false;
}
/**
* Prepares data
*
* Converts given data into a format that can be read in an email.
* You might edit this method to your requirements.
*
* @param mixed $data the report data
*
* @return string
*/
protected function prepareData($data)
{
$format = "The following attack has been detected by PHPIDS\n\n";
$format .= "IP: %s \n";
$format .= "Date: %s \n";
$format .= "Impact: %d \n";
$format .= "Affected tags: %s \n";
$attackedParameters = '';
foreach ($data as $event) {
$attackedParameters .= $event->getName() . '=' .
((!isset($this->urlencode) ||$this->urlencode)
? urlencode($event->getValue())
: $event->getValue()) . ", ";
}
$format .= "Affected parameters: %s \n";
$format .= "Request URI: %s \n";
$format .= "Origin: %s \n";
return sprintf($format,
$this->ip,
date('c'),
$data->getImpact(),
join(' ', $data->getTags()),
trim($attackedParameters),
htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, 'UTF-8'),
$_SERVER['SERVER_ADDR']);
}
/**
* Sends the report to registered recipients
*
* @param object $data IDS_Report instance
*
* @throws Exception if data is no string
* @return boolean
*/
public function execute(IDS_Report $data)
{
if ($this->safemode) {
if ($this->isSpamAttempt()) {
return false;
}
}
/*
* In case the data has been modified before it might
* be necessary to convert it to string since it's pretty
* senseless to send array or object via e-mail
*/
$data = $this->prepareData($data);
if (is_string($data)) {
$data = trim($data);
// if headers are passed as array, we need to make a string of it
if (is_array($this->headers)) {
$headers = "";
foreach ($this->headers as $header) {
$headers .= $header . "\r\n";
}
} else {
$headers = $this->headers;
}
if (!empty($this->recipients)) {
if (is_array($this->recipients)) {
foreach ($this->recipients as $address) {
$this->send(
$address,
$data,
$headers,
$this->envelope
);
}
} else {
$this->send(
$this->recipients,
$data,
$headers,
$this->envelope
);
}
}
} else {
throw new Exception(
'Please make sure that data returned by
IDS_Log_Email::prepareData() is a string.'
);
}
return true;
}
/**
* Sends an email
*
* @param string $address email address
* @param string $data the report data
* @param string $headers the mail headers
* @param string $envelope the optional envelope string
*
* @return boolean
*/
protected function send($address, $data, $headers, $envelope = null)
{
if (!$envelope || strpos(ini_get('sendmail_path'),' -f') !== false) {
return mail($address,
$this->subject,
$data,
$headers);
} else {
return mail($address,
$this->subject,
$data,
$headers,
'-f' . $envelope);
}
}
}
/**
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: sw=4 ts=4 expandtab
*/