initial commit

boot.php

@@ -0,0 +1,4 @@
+<?php
+rex_extension::register('PACKAGES_INCLUDED', function (rex_extension_point $ep) {
+    rex_yform::addTemplatePath($this->getPath('ytemplates'));
+});

install.php

@@ -0,0 +1,53 @@
+<?php
+
+rex_sql_table::get(rex::getTable('yform_spam_protection_frequency'))
+    ->ensureColumn(new rex_sql_column('ipv4', 'int(10) unsigned', true))
+    ->ensureColumn(new rex_sql_column('ipv6', 'varbinary(16)', true))
+    ->ensureColumn(new rex_sql_column('createdate', 'datetime', false, null, 'on update CURRENT_TIMESTAMP'))
+    ->ensureColumn(new rex_sql_column('was_blocked', 'bit(1)'))
+    ->ensure();
+
+    if (!$this->hasConfig("notification_email")) {
+        $this->setConfig('notification_email', "");
+    }
+
+    if (!$this->hasConfig("timer")) {
+        $this->setConfig('timer', 1);
+    }
+
+    if (!$this->hasConfig("timer_session")) {
+        $this->setConfig('timer_session', 2);
+    }
+
+    if (!$this->hasConfig("timer_form")) {
+        $this->setConfig('timer_form', 5);
+    }
+
+    if (!$this->hasConfig("honeypot")) {
+        $this->setConfig('honeypot', 1);
+    }
+
+    if (!$this->hasConfig("ip_block")) {
+        $this->setConfig('ip_block', 1);
+    }
+
+    if (!$this->hasConfig("ip_block_limit")) {
+        $this->setConfig('ip_block', 10);
+    }
+    if (!$this->hasConfig("ip_block_timer")) {
+        $this->setConfig('ip_block', 300);
+    }
+
+    if (!$this->hasConfig("geo_block")) {
+        $this->setConfig('geo_block', 0);
+    }
+
+    if (!$this->hasConfig("tld_block")) {
+        $this->setConfig('tld_block', 0);
+    }
+    if (!$this->hasConfig("tld_list")) {
+        $this->setConfig('tld_list', ".ru");
+    }
+    if (!$this->hasConfig("warning")) {
+        $this->setConfig('warning', "Ihre Anfrage wurde als Spam erkannt und nicht zugestellt. Sollte dies irrtümlich passiert sein, wenden Sie sich bitte an den Betreiber der Website.");
+    }

lib/ycom.php

@@ -0,0 +1,32 @@
+<?php
+
+class rex_ycom
+{
+    public static $tables = [];
+
+    public static function addTable($table_name)
+    {
+        self::$tables[] = $table_name;
+    }
+
+    public static function getTables()
+    {
+        return self::$tables;
+    }
+
+    public static function parseText($text)
+    {
+        $text = nl2br(trim($text));
+        return '<p>' . $text . '</p>';
+    }
+
+    public static function cut($text, $size = 15, $t = ' (...) ')
+    {
+        $s = strlen($text);
+        if ($s > $size) {
+            $start = (int) ($size / 2);
+            return substr($text, 0, $start) . $t . substr($text, -$start);
+        }
+        return $text;
+    }
+}

lib/ycom_user.php

@@ -0,0 +1,68 @@
+<?php
+
+class rex_ycom_user extends \rex_yform_manager_dataset
+{
+    public static function getMe()
+    {
+        return rex_ycom_auth::getUser();
+    }
+
+    public function isInGroup($group_id)
+    {
+        $ycom_groups = $this->getValue('ycom_groups');
+
+        if ('' == $group_id) {
+            return true;
+        }
+        if ('' != $ycom_groups) {
+            $ycom_groups_array = explode(',', $ycom_groups);
+            if (in_array($group_id, $ycom_groups_array)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    public static function createUserByEmail(array $data)
+    {
+        $data['status'] = 1;
+        $data['password'] = str_shuffle('1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
+        $data['login'] = $data['email'];
+        $data['login_tries'] = 0;
+        $data['termofuse_accepted'] = 0;
+
+        $data = rex_extension::registerPoint(new rex_extension_point('YCOM_USER_CREATE', $data, []));
+
+        $user = self::create();
+        foreach ($data as $k => $v) {
+            $user->setValue($k, $v);
+        }
+        if ($user->save()) {
+            return $user;
+        }
+        return null;
+    }
+
+    public static function updateUser(array $data)
+    {
+        $data = rex_extension::registerPoint(new rex_extension_point('YCOM_USER_UPDATE', $data, []));
+        $user = self::getMe();
+
+        if (!$user) {
+            return false;
+        }
+
+        foreach ($data as $k => $v) {
+            $user->setValue($k, $v);
+        }
+
+        return $user
+            ->save();
+    }
+}

lib/yform/value/spam_protection.php

@@ -0,0 +1,73 @@
+<?php
+
+class rex_yform_value_spam_protection extends rex_yform_value_abstract
+{
+    public function postValidateAction()
+    {
+        rex_login::startSession();
+
+        $debug = (int)$this->getElement(4);
+        $session_timestamp = rex_request::session('spamfilter');
+        $form_timestamp = rex_request($this->getFieldId()."_microtime", 'int', false);
+
+        $ipv4 = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
+        $ipv6 = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
+
+        if ($debug) {
+            rex_sql::factory()->setDebug($debug)->setQuery("DELETE FROM rex_yform_spam_protection_frequency  WHERE createdate < (NOW() - INTERVAL ".rex_config::get('yform_spam_protection', 'ip_block_timer')." SECOND)");
+        }
+
+        $count = rex_sql::factory()->setDebug($debug)->getArray("SELECT count(`createdate`) AS `count` FROM rex_yform_spam_protection_frequency WHERE `ipv4` = INET_ATON(:ipv4) AND `ipv6` = :ipv6", [':ipv4' => $ipv4, ':ipv6' => $ipv6])[0]['count'];
+
+        $log = [];
+
+        if ($this->params['send'] == 1) {
+            if (rex_request($this->getFieldId()) != "") {
+                $this->params['warning'][$this->getId()] = $this->params['error_class'];
+                $this->params['warning_messages'][$this->getId()] = $this->getElement(3);
+                $log[] = "honeypot wurde ausgefüllt: ".rex_request($this->getFieldId());
+            }
+
+            if(rex_config::get('yform_spam_protection', 'ip_block_limit') > $count) {
+                rex_sql::factory()->setDebug($debug)->setQuery("INSERT INTO rex_yform_spam_protection_frequency (`ipv4`, `ipv6`, `createdate`, `was_blocked`) VALUES (INET_ATON(:ipv4), :ipv6, NOW(), 1)", [':ipv4'=>$ipv4, ':ipv6'=>$ipv6]);
+                $this->params['warning'][$this->getId()] = $this->params['error_class'];
+                $this->params['warning_messages'][$this->getId()] = $this->getElement(3);
+                $log[] = "ip hat zu viele Versuche in kürzester Zeit unternommen";
+            } else {
+                rex_sql::factory()->setDebug($debug)->setQuery("INSERT INTO rex_yform_spam_protection_frequency (`ipv4`, `ipv6`, `createdate`, `was_blocked`) VALUES (INET_ATON(:ipv4), :ipv6, NOW(), 0)", [':ipv4'=>$ipv4, ':ipv6'=>$ipv6]);
+            }
+
+            if (($session_timestamp + rex_config::get('yform_spam_protection', 'timer_session')) > microtime(true)) {
+                $this->params['warning'][$this->getId()] = $this->params['error_class'];
+                $this->params['warning_messages'][$this->getId()] = $this->getElement(3);
+                $log[] = "session-microtime nicht eingehalten: $session_timestamp + ".rex_config::get('yform_spam_protection', 'timer_session')." > ".microtime(true);
+            }
+
+            if (($form_timestamp + rex_config::get('yform_spam_protection', 'timer_form')) > microtime(true)) {
+                $this->params['warning'][$this->getId()] = $this->params['error_class'];
+                $this->params['warning_messages'][$this->getId()] = $this->getElement(3);
+                $log[] = "formular-microtime nicht eingehalten: $form_timestamp + ".rex_config::get('yform_spam_protection', 'timer_form')." > ".microtime(true);
+            } else {
+                $log[] = "formular-microtime eingehalten: $form_timestamp + ".rex_config::get('yform_spam_protection', 'timer')." > ".microtime(true);
+            }
+        }
+
+        if ($debug) {
+            dump($log);
+        }
+
+        rex_request::setSession('spamfilter', microtime(true));
+    }
+
+    public function enterObject()
+    {
+        if ($this->needsOutput()) {
+            $this->params['form_output'][$this->getId()] = $this->parse('value.spam_protection.tpl.php', []);
+        }
+    }
+
+    public function getDescription()
+    {
+        return 'spam_protection|honeypot|label(Bitte nicht ausfüllen)|Fehler(Ihre Anfrage wurde als Spam erkannt.)|Debugmodus(0/1)';
+    }
+}

package.yml

@@ -0,0 +1,18 @@
+package: yform_spam_protection
+version: '1.0'
+author: 'Alexander Walther'
+supportpage: https://github.com/alexplusde/yform_spam_protection
+
+requires:
+    packages:
+        yform/manager: '>=3,<4'
+
+page:
+    hidden: true
+
+pages:
+    yform/spam_protection:
+        title: 'Spamschutz'
+
+default_config:
+    timer: 5

pages/yform.spam_protection.php

@@ -0,0 +1,82 @@
+<?php
+
+echo \rex_view::title(\rex_i18n::msg('yform'));
+
+
+if (rex::getUser()->isAdmin()) {
+    $form = rex_config_form::factory($this->getProperty('package'));
+
+    $form->addFieldset("Einstellungen");
+
+    $field = $form->addTextField('warning');
+    $field->setLabel('Fehlermeldung');
+    $field->setNotice("Fehlermeldung, die die Validierung ausgeben soll. Kann mit dem Addon Sprog oder XOutputFilter mehrsprachig übersetzt werden.");
+
+    $field = $form->addSelectField('timer');
+    $field->setLabel("Timer");
+    $select = $field->getSelect();
+    $select->setSize(1);
+    $select->addOption("aktivieren", 1);
+    $select->addOption("deaktivieren", 0);
+
+    $field = $form->addSelectField('honeypot');
+    $field->setLabel("Honeypot");
+    $select = $field->getSelect();
+    $select->setSize(1);
+    $select->addOption("aktivieren", 1);
+    $select->addOption("deaktivieren", 0);
+
+    $field = $form->addSelectField('ip_block');
+    $field->setLabel("dynamische IP-Sperre");
+    $field->setNotice("Sollten zu viele Formulare über diese IP-Adresse versendet werden, wird die IP für eine bestimmte Zeit geblockt.");
+    $select = $field->getSelect();
+    $select->setSize(1);
+    $select->addOption("aktivieren", 1);
+    $select->addOption("deaktivieren", 0);
+
+    $form->addFieldset("Erweiterte Einstellungen");
+
+    $field = $form->addReadOnlyTextField('notification_email');
+    $field->setLabel('E-Mail-Adresse');
+    $field->setNotice("Adresse, die bei erhöhtem Spam-Aufkommen benachrichtigt wird.");
+
+    $field = $form->addTextField('timer_session');
+    $field->setLabel('Timer 1');
+    $field->setNotice("Anzahl der Sekunden, die mind. für die Bearbeitung oder Korrektur eines Formulars benötigt werden.");
+
+    $field = $form->addTextField('timer_form');
+    $field->setLabel('Timer 2');
+    $field->setNotice("Anzahl der Sekunden, die mind. seit dem 1. Aufruf eines Formulars vergehen muss.");
+
+    $field = $form->addTextField('ip_block_limit');
+    $field->setLabel('IP-Sperren-Limit');
+    $field->setNotice("Anzahl, die im IP-Sperren-Zeitfenster überschritten werden muss, z.B. <code>10</code> pro Zeitfenster");
+
+    $field = $form->addTextField('ip_block_timer');
+    $field->setLabel('IP-Sperren-Zeitfenster');
+    $field->setNotice("In Sekunden, in denen das Anfrage-Limit überschritten werden muss, z.B. <code>600</code> für 10 Minuten.");
+
+    $field = $form->addSelectField('geo_block');
+    $field->setLabel("GeoIP-Sperre");
+    $select = $field->getSelect();
+    $select->setSize(1);
+    $select->addOption("aktivieren", 1);
+    $select->addOption("deaktivieren", 0);
+
+    $field = $form->addSelectField('tld_block');
+    $field->setLabel("IP-Sperre");
+    $select = $field->getSelect();
+    $select->setSize(1);
+    $select->addOption("aktivieren", 1);
+    $select->addOption("deaktivieren", 0);
+
+    $field = $form->addTextField('tld_list');
+    $field->setLabel('Top-Level-Domains');
+    $field->setNotice("Top-Level-Domains, an die kein Versand erfolgen soll, bspw. <code>.ru</code>");
+
+    $fragment = new rex_fragment();
+    $fragment->setVar('class', 'edit', false);
+    $fragment->setVar('title', "Schaltflächen zur Datenschutzerklärung", false);
+    $fragment->setVar('body', $form->get(), false);
+    echo $fragment->parse('core/page/section.php');
+}

ytemplates/bootstrap/value.spam_protection.tpl.php

@@ -0,0 +1,12 @@
+<div id="<?= $this->getHTMLId() ?>">
+        <label for="<?= $this->getFieldId() ?>"><?= $this->getLabel() ?></label>
+        <input id="<?= $this->getFieldId() ?>" name="<?= $this->getFieldId() ?>" type="email" autocomplete="off" tabindex="-1">
+        <input id="<?= $this->getFieldId() ?>_microtime" name="<?= $this->getFieldId() ?>_microtime" type="hidden" value="<?= microtime(true) ?>" readonly="readonly"  tabindex="-1">
+<style>
+[id="<?=$this->getHTMLId() ?>"] {
+    overflow: hidden;
+    height: 1px;
+    opacity: 100%;
+}
+</style>
+</div>