MageFirewall_Firewall - Version 0.1.0

Version Notes

First release

Release Info

Developer	paimpozhil
Extension	MageFirewall_Firewall
Version	0.1.0
Comparing to
See all releases

Version 0.1.0

Files changed (59) hide show

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist.php +11 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit.php +45 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Form.php +19 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tab/Form.php +60 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tabs.php +24 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Grid.php +68 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs.php +12 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs/Grid.php +66 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules.php +12 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit.php +45 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Form.php +19 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tab/Form.php +58 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tabs.php +24 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Grid.php +96 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist.php +11 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit.php +45 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Form.php +19 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tab/Form.php +51 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tabs.php +24 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Grid.php +68 -0
app/code/community/MageFirewall/Firewall/Helper/Data.php +86 -0
app/code/community/MageFirewall/Firewall/Model/Blacklist.php +10 -0
app/code/community/MageFirewall/Firewall/Model/Cron.php +67 -0
app/code/community/MageFirewall/Firewall/Model/Logs.php +10 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist/Collection.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs/Collection.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Options.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Options/Collection.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules/Collection.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Version.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Version/Collection.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist/Collection.php +8 -0
app/code/community/MageFirewall/Firewall/Model/Observer.php +59 -0
app/code/community/MageFirewall/Firewall/Model/Options.php +10 -0
app/code/community/MageFirewall/Firewall/Model/Rules.php +10 -0
app/code/community/MageFirewall/Firewall/Model/Version.php +10 -0
app/code/community/MageFirewall/Firewall/Model/Whitelist.php +10 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/BlacklistController.php +111 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/DiagnosticController.php +27 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/FilecheckerController.php +27 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/RecentController.php +27 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/ViewController.php +53 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/LogsController.php +23 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/RulesController.php +23 -0
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/WhitelistController.php +111 -0
app/code/community/MageFirewall/Firewall/data/firewall_setup/data-install-0.1.0.php +964 -0
app/code/community/MageFirewall/Firewall/etc/config.xml +182 -0
app/code/community/MageFirewall/Firewall/sql/firewall_setup/mysql4-install-0.1.0.php +83 -0
app/design/adminhtml/default/default/template/firewall/dashboard.phtml +152 -0
app/design/adminhtml/default/default/template/firewall/diagnostic.phtml +13 -0
app/design/adminhtml/default/default/template/firewall/filechecker.phtml +22 -0
app/design/adminhtml/default/default/template/firewall/recentfile.phtml +6 -0
app/etc/modules/MageFirewall_Firewall.xml +9 -0
lib/firewall/firewall.php +383 -0
package.xml +18 -0

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist.php ADDED Viewed

	@@ -0,0 +1,11 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Blacklist extends Mage_Adminhtml_Block_Widget_Grid_Container
3	+ {
4	+ public function __construct()
5	+ {
6	+ $this->_controller = 'adminhtml_blacklist';
7	+ $this->_blockGroup = 'firewall';
8	+ $this->_headerText = Mage::helper('firewall')->__('Black List');
9	+ parent::__construct();
10	+ }
11	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit.php ADDED Viewed

	@@ -0,0 +1,45 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit extends Mage_Adminhtml_Block_Widget_Form_Container
4	+ {
5	+ public function __construct()
6	+ {
7	+ parent::__construct();
8	+
9	+ $this->_objectId = 'id';
10	+ $this->_blockGroup = 'firewall';
11	+ $this->_controller = 'adminhtml_blacklist';
12	+
13	+ $this->_updateButton('save', 'label', Mage::helper('firewall')->__('Save blacklist'));
14	+ $this->_updateButton('delete', 'label', Mage::helper('firewall')->__('Delete blacklist'));
15	+
16	+ $this->_addButton('saveandcontinue', array(
17	+ 'label' => Mage::helper('adminhtml')->__('Save And Continue Edit'),
18	+ 'onclick' => 'saveAndContinueEdit()',
19	+ 'class' => 'save',
20	+ ), -100);
21	+
22	+ $this->_formScripts[] = "
23	+ function toggleEditor() {
24	+ if (tinyMCE.getInstanceById('firewall_content') == null) {
25	+ tinyMCE.execCommand('mceAddControl', false, 'firewall_content');
26	+ } else {
27	+ tinyMCE.execCommand('mceRemoveControl', false, 'firewall_content');
28	+ }
29	+ }
30	+
31	+ function saveAndContinueEdit(){
32	+ editForm.submit($('edit_form').action+'back/edit/');
33	+ }
34	+ ";
35	+ }
36	+
37	+ public function getHeaderText()
38	+ {
39	+ if( Mage::registry('rules_data') && Mage::registry('blacklist_data')->getId() ) {
40	+ return Mage::helper('firewall')->__("Edit blacklist '%s'", $this->htmlEscape(Mage::registry('blacklist_data')->getTitle()));
41	+ } else {
42	+ return Mage::helper('firewall')->__('Add blacklist');
43	+ }
44	+ }
45	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Form.php ADDED Viewed

	@@ -0,0 +1,19 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit_Form extends Mage_Adminhtml_Block_Widget_Form
4	+ {
5	+ protected function _prepareForm()
6	+ {
7	+ $form = new Varien_Data_Form(array(
8	+ 'id' => 'edit_form',
9	+ 'action' => $this->getUrl('//save', array('id' => $this->getRequest()->getParam('id'))),
10	+ 'method' => 'post',
11	+ 'enctype' => 'multipart/form-data'
12	+ )
13	+ );
14	+
15	+ $form->setUseContainer(true);
16	+ $this->setForm($form);
17	+ return parent::_prepareForm();
18	+ }
19	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tab/Form.php ADDED Viewed

	@@ -0,0 +1,60 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit_Tab_Form extends Mage_Adminhtml_Block_Widget_Form
4	+ {
5	+ protected function _prepareForm()
6	+ {
7	+ $form = new Varien_Data_Form();
8	+ $this->setForm($form);
9	+ $fieldset = $form->addFieldset('blacklist_form', array('legend'=>Mage::helper('firewall')->__('Blacklist information')));
10	+
11	+ $fieldset->addField('ip', 'text', array(
12	+ 'label' => Mage::helper('firewall')->__('IP Address'),
13	+ 'class' => 'required-entry',
14	+ 'required' => true,
15	+ 'name' => 'ip',
16	+ ));
17	+
18	+ $fieldset->addField('text', 'editor', array(
19	+ 'label' => Mage::helper('firewall')->__('Text'),
20	+ 'required' => false,
21	+ 'name' => 'text',
22	+ 'style' => 'width:274px; height:200px;',
23	+ 'wysiwyg' => false,
24	+ ));
25	+
26	+ $fieldset->addField('status', 'select', array(
27	+ 'label' => Mage::helper('firewall')->__('Status'),
28	+ 'name' => 'status',
29	+ 'values' => array(
30	+ array(
31	+ 'value' => 1,
32	+ 'label' => Mage::helper('firewall')->__('Enabled'),
33	+ ),
34	+
35	+ array(
36	+ 'value' => 2,
37	+ 'label' => Mage::helper('firewall')->__('Disabled'),
38	+ ),
39	+ ),
40	+ ));
41	+
42	+ /*$fieldset->addField('content', 'editor', array(
43	+ 'name' => 'content',
44	+ 'label' => Mage::helper('wall')->__('Content'),
45	+ 'title' => Mage::helper('wall')->__('Content'),
46	+ 'style' => 'width:700px; height:500px;',
47	+ 'wysiwyg' => false,
48	+ 'required' => true,
49	+ ));*/
50	+
51	+ if ( Mage::getSingleton('adminhtml/session')->getBlacklistData() )
52	+ {
53	+ $form->setValues(Mage::getSingleton('adminhtml/session')->getBlacklistData());
54	+ Mage::getSingleton('adminhtml/session')->setBlacklistData(null);
55	+ } elseif ( Mage::registry('blacklist_data') ) {
56	+ $form->setValues(Mage::registry('blacklist_data')->getData());
57	+ }
58	+ return parent::_prepareForm();
59	+ }
60	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tabs.php ADDED Viewed

	@@ -0,0 +1,24 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit_Tabs extends Mage_Adminhtml_Block_Widget_Tabs
4	+ {
5	+
6	+ public function __construct()
7	+ {
8	+ parent::__construct();
9	+ $this->setId('firewall_tabs');
10	+ $this->setDestElementId('edit_form');
11	+ $this->setTitle(Mage::helper('firewall')->__('Blacklist Information'));
12	+ }
13	+
14	+ protected function _beforeToHtml()
15	+ {
16	+ $this->addTab('form_section', array(
17	+ 'label' => Mage::helper('firewall')->__('Blacklist Information'),
18	+ 'title' => Mage::helper('firewall')->__('Blacklist Information'),
19	+ 'content' => $this->getLayout()->createBlock('firewall/adminhtml_blacklist_edit_tab_form')->toHtml(),
20	+ ));
21	+
22	+ return parent::_beforeToHtml();
23	+ }
24	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Grid.php ADDED Viewed

	@@ -0,0 +1,68 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Grid extends Mage_Adminhtml_Block_Widget_Grid
3	+ {
4	+ public function __construct()
5	+ {
6	+ parent::__construct();
7	+ $this->setId('rulesGrid');
8	+ $this->setDefaultSort('blacklist_id');
9	+ $this->setDefaultDir('DESC');
10	+ $this->setSaveParametersInSession(true);
11	+ $this->setUseAjax(true);
12	+ }
13	+ protected function _prepareCollection()
14	+ {
15	+ $orderId = (int) $this->getRequest()->getParam('id');
16	+ if(empty($orderId)){
17	+ $collection = Mage::getModel('firewall/blacklist')->getCollection();
18	+ }
19	+
20	+ $this->setCollection($collection);
21	+ return parent::_prepareCollection();
22	+ }
23	+ protected function _prepareColumns()
24	+ {
25	+ $this->addColumn('blacklist_id', array(
26	+ 'header' => Mage::helper('firewall')->__('ID #'),
27	+ 'align' => 'left',
28	+ 'index' => 'blacklist_id',
29	+ ));
30	+ $this->addColumn('ip', array(
31	+ 'header' => Mage::helper('firewall')->__('IP Address'),
32	+ 'align' => 'left',
33	+ 'index' => 'ip',
34	+ ));
35	+ $this->addColumn('text', array(
36	+ 'header' => Mage::helper('firewall')->__('Reason'),
37	+ 'align' => 'left',
38	+ 'index' => 'text',
39	+ ));
40	+ $this->addColumn('status', array(
41	+ 'header' => Mage::helper('firewall')->__('Status'),
42	+ 'align' => 'left',
43	+ 'width' => '80px',
44	+ 'index' => 'status',
45	+ 'type' => 'options',
46	+ 'options' => array(
47	+ 1 => 'Enabled',
48	+ 2 => 'Disabled',
49	+ ),
50	+ ));
51	+ $this->addColumn('created_time', array(
52	+ 'header' => Mage::helper('firewall')->__('Created Time'),
53	+ 'align' => 'left',
54	+ 'index' => 'created_time',
55	+ ));
56	+ return parent::_prepareColumns();
57	+ }
58	+
59	+ public function getGridUrl()
60	+ {
61	+ return $this->getUrl('//grid', array('_current'=>true));
62	+ }
63	+
64	+ public function getRowUrl($row)
65	+ {
66	+ return $this->getUrl('//edit', array('id' => $row->getId()));
67	+ }
68	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs.php ADDED Viewed

	@@ -0,0 +1,12 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Logs extends Mage_Adminhtml_Block_Widget_Grid_Container
3	+ {
4	+ public function __construct()
5	+ {
6	+ $this->_controller = 'adminhtml_logs';
7	+ $this->_blockGroup = 'firewall';
8	+ $this->_headerText = Mage::helper('firewall')->__('Logs');
9	+ parent::__construct();
10	+ $this->_removeButton('add');
11	+ }
12	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs/Grid.php ADDED Viewed

	@@ -0,0 +1,66 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Logs_Grid extends Mage_Adminhtml_Block_Widget_Grid
3	+ {
4	+ public function __construct()
5	+ {
6	+ parent::__construct();
7	+ $this->setId('logsGrid');
8	+ $this->setDefaultSort('log_id');
9	+ $this->setDefaultDir('DESC');
10	+ $this->setSaveParametersInSession(true);
11	+ $this->setUseAjax(true);
12	+ }
13	+ protected function _prepareCollection()
14	+ {
15	+ $orderId = (int) $this->getRequest()->getParam('id');
16	+ if(empty($orderId)){
17	+ $collection = Mage::getModel('firewall/logs')->getCollection();
18	+ }
19	+
20	+ $this->setCollection($collection);
21	+ return parent::_prepareCollection();
22	+ }
23	+ protected function _prepareColumns()
24	+ {
25	+ $this->addColumn('log_id', array(
26	+ 'header' => Mage::helper('firewall')->__('ID #'),
27	+ 'align' => 'left',
28	+ 'index' => 'log_id',
29	+ ));
30	+ $this->addColumn('ruleid', array(
31	+ 'header' => Mage::helper('firewall')->__('Rule ID'),
32	+ 'align' => 'left',
33	+ 'index' => 'ruleid',
34	+ ));
35	+ $this->addColumn('summary', array(
36	+ 'header' => Mage::helper('firewall')->__('Summary'),
37	+ 'align' => 'left',
38	+ 'index' => 'summary',
39	+ ));
40	+ $this->addColumn('ip', array(
41	+ 'header' => Mage::helper('firewall')->__('IP Address'),
42	+ 'align' => 'left',
43	+ 'index' => 'ip'
44	+ ));
45	+ $this->addColumn('level', array(
46	+ 'header' => Mage::helper('firewall')->__('Level'),
47	+ 'align' => 'left',
48	+ 'index' => 'level'
49	+ ));
50	+ $this->addColumn('incidentid', array(
51	+ 'header' => Mage::helper('firewall')->__('Incident Id'),
52	+ 'align' => 'left',
53	+ 'index' => 'incidentid',
54	+ ));
55	+ $this->addColumn('created_time', array(
56	+ 'header' => Mage::helper('firewall')->__('Date'),
57	+ 'align' => 'left',
58	+ 'index' => 'created_time',
59	+ ));
60	+ return parent::_prepareColumns();
61	+ }
62	+ public function getGridUrl()
63	+ {
64	+ return $this->getUrl('//grid', array('_current'=>true));
65	+ }
66	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules.php ADDED Viewed

	@@ -0,0 +1,12 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Rules extends Mage_Adminhtml_Block_Widget_Grid_Container
3	+ {
4	+ public function __construct()
5	+ {
6	+ $this->_controller = 'adminhtml_rules';
7	+ $this->_blockGroup = 'firewall';
8	+ $this->_headerText = Mage::helper('firewall')->__('Rules List');
9	+ parent::__construct();
10	+ $this->_removeButton('add');
11	+ }
12	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit.php ADDED Viewed

	@@ -0,0 +1,45 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit extends Mage_Adminhtml_Block_Widget_Form_Container
4	+ {
5	+ public function __construct()
6	+ {
7	+ parent::__construct();
8	+
9	+ $this->_objectId = 'id';
10	+ $this->_blockGroup = 'firewall';
11	+ $this->_controller = 'adminhtml_firewall';
12	+
13	+ $this->_updateButton('save', 'label', Mage::helper('firewall')->__('Save Rules'));
14	+ $this->_updateButton('delete', 'label', Mage::helper('firewall')->__('Delete Rules'));
15	+
16	+ $this->_addButton('saveandcontinue', array(
17	+ 'label' => Mage::helper('adminhtml')->__('Save And Continue Edit'),
18	+ 'onclick' => 'saveAndContinueEdit()',
19	+ 'class' => 'save',
20	+ ), -100);
21	+
22	+ $this->_formScripts[] = "
23	+ function toggleEditor() {
24	+ if (tinyMCE.getInstanceById('firewall_content') == null) {
25	+ tinyMCE.execCommand('mceAddControl', false, 'firewall_content');
26	+ } else {
27	+ tinyMCE.execCommand('mceRemoveControl', false, 'firewall_content');
28	+ }
29	+ }
30	+
31	+ function saveAndContinueEdit(){
32	+ editForm.submit($('edit_form').action+'back/edit/');
33	+ }
34	+ ";
35	+ }
36	+
37	+ public function getHeaderText()
38	+ {
39	+ if( Mage::registry('rules_data') && Mage::registry('rules_data')->getId() ) {
40	+ return Mage::helper('firewall')->__("Edit rules '%s'", $this->htmlEscape(Mage::registry('rules_data')->getTitle()));
41	+ } else {
42	+ return Mage::helper('firewall')->__('Add rules');
43	+ }
44	+ }
45	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Form.php ADDED Viewed

	@@ -0,0 +1,19 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit_Form extends Mage_Adminhtml_Block_Widget_Form
4	+ {
5	+ protected function _prepareForm()
6	+ {
7	+ $form = new Varien_Data_Form(array(
8	+ 'id' => 'edit_form',
9	+ 'action' => $this->getUrl('//save', array('id' => $this->getRequest()->getParam('id'))),
10	+ 'method' => 'post',
11	+ 'enctype' => 'multipart/form-data'
12	+ )
13	+ );
14	+
15	+ $form->setUseContainer(true);
16	+ $this->setForm($form);
17	+ return parent::_prepareForm();
18	+ }
19	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tab/Form.php ADDED Viewed

	@@ -0,0 +1,58 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit_Tab_Form extends Mage_Adminhtml_Block_Widget_Form
4	+ {
5	+ protected function _prepareForm()
6	+ {
7	+ $form = new Varien_Data_Form();
8	+ $this->setForm($form);
9	+ $fieldset = $form->addFieldset('rules_form', array('legend'=>Mage::helper('firewall')->__('Rules information')));
10	+
11	+ $fieldset->addField('title', 'text', array(
12	+ 'label' => Mage::helper('firewall')->__('Title'),
13	+ 'class' => 'required-entry',
14	+ 'required' => true,
15	+ 'name' => 'title',
16	+ ));
17	+
18	+ $fieldset->addField('filename', 'file', array(
19	+ 'label' => Mage::helper('firewall')->__('File'),
20	+ 'required' => false,
21	+ 'name' => 'filename',
22	+ ));
23	+
24	+ $fieldset->addField('status', 'select', array(
25	+ 'label' => Mage::helper('firewall')->__('Status'),
26	+ 'name' => 'status',
27	+ 'values' => array(
28	+ array(
29	+ 'value' => 1,
30	+ 'label' => Mage::helper('firewall')->__('Enabled'),
31	+ ),
32	+
33	+ array(
34	+ 'value' => 2,
35	+ 'label' => Mage::helper('firewall')->__('Disabled'),
36	+ ),
37	+ ),
38	+ ));
39	+
40	+ $fieldset->addField('content', 'editor', array(
41	+ 'name' => 'content',
42	+ 'label' => Mage::helper('firewall')->__('Content'),
43	+ 'title' => Mage::helper('firewall')->__('Content'),
44	+ 'style' => 'width:700px; height:500px;',
45	+ 'wysiwyg' => false,
46	+ 'required' => true,
47	+ ));
48	+
49	+ if ( Mage::getSingleton('adminhtml/session')->getRulesData() )
50	+ {
51	+ $form->setValues(Mage::getSingleton('adminhtml/session')->getRulesData());
52	+ Mage::getSingleton('adminhtml/session')->setRulesData(null);
53	+ } elseif ( Mage::registry('rules_data') ) {
54	+ $form->setValues(Mage::registry('rules_data')->getData());
55	+ }
56	+ return parent::_prepareForm();
57	+ }
58	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tabs.php ADDED Viewed

	@@ -0,0 +1,24 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit_Tabs extends Mage_Adminhtml_Block_Widget_Tabs
4	+ {
5	+
6	+ public function __construct()
7	+ {
8	+ parent::__construct();
9	+ $this->setId('firewall_tabs');
10	+ $this->setDestElementId('edit_form');
11	+ $this->setTitle(Mage::helper('firewall')->__('Rules Information'));
12	+ }
13	+
14	+ protected function _beforeToHtml()
15	+ {
16	+ $this->addTab('form_section', array(
17	+ 'label' => Mage::helper('firewall')->__('Rules Information'),
18	+ 'title' => Mage::helper('firewall')->__('Rules Information'),
19	+ 'content' => $this->getLayout()->createBlock('firewall/adminhtml_wall_edit_tab_form')->toHtml(),
20	+ ));
21	+
22	+ return parent::_beforeToHtml();
23	+ }
24	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Grid.php ADDED Viewed

	@@ -0,0 +1,96 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Rules_Grid extends Mage_Adminhtml_Block_Widget_Grid
3	+ {
4	+ public function __construct()
5	+ {
6	+ parent::__construct();
7	+ $this->setId('rulesGrid');
8	+ $this->setDefaultSort('rules_id');
9	+ $this->setDefaultDir('DESC');
10	+ $this->setSaveParametersInSession(true);
11	+ $this->setUseAjax(true);
12	+ }
13	+ protected function _prepareCollection()
14	+ {
15	+ $orderId = (int) $this->getRequest()->getParam('id');
16	+ if(empty($orderId)){
17	+ $collection = Mage::getModel('firewall/rules')->getCollection();
18	+ }
19	+
20	+ $this->setCollection($collection);
21	+ return parent::_prepareCollection();
22	+ }
23	+ protected function _prepareColumns()
24	+ {
25	+ $this->addColumn('rules_id', array(
26	+ 'header' => Mage::helper('firewall')->__('ID #'),
27	+ 'align' => 'left',
28	+ 'index' => 'rules_id',
29	+ ));
30	+ $this->addColumn('who', array(
31	+ 'header' => Mage::helper('firewall')->__('Who'),
32	+ 'align' => 'left',
33	+ 'index' => 'who',
34	+ ));
35	+ $this->addColumn('request', array(
36	+ 'header' => Mage::helper('firewall')->__('Request'),
37	+ 'align' => 'left',
38	+ 'index' => 'request',
39	+ ));
40	+ $this->addColumn('what', array(
41	+ 'header' => Mage::helper('firewall')->__('What'),
42	+ 'align' => 'left',
43	+ 'index' => 'what',
44	+ ));
45	+ $this->addColumn('why', array(
46	+ 'header' => Mage::helper('firewall')->__('Why'),
47	+ 'align' => 'left',
48	+ 'index' => 'why'
49	+ ));
50	+ $this->addColumn('level', array(
51	+ 'header' => Mage::helper('firewall')->__('Level'),
52	+ 'align' => 'left',
53	+ 'index' => 'level',
54	+ ));
55	+ $this->addColumn('enabled', array(
56	+ 'header' => Mage::helper('firewall')->__('Status'),
57	+ 'align' => 'left',
58	+ 'index' => 'enabled',
59	+ ));
60	+ /* $this->addColumn('comments', array(
61	+ 'header' => Mage::helper('paymentcapture')->__('Status Message'),
62	+ 'align' => 'left',
63	+ 'index' => 'comments',
64	+ ));
65	+ $this->addColumn('action_edit', array(
66	+ 'header' => $this->helper('paymentcapture')->__('Action'),
67	+ 'width' => 80,
68	+ 'sortable' => false,
69	+ 'filter' => false,
70	+ 'renderer' => new Grossman_Paymentcapture_Block_Adminhtml_Renderer_Action(),
71	+ ));
72	+
73	+ $this->addColumn('action',
74	+ array(
75	+ 'header' => Mage::helper('paymentcapture')->__(''),
76	+ 'width' => '100',
77	+ 'type' => 'action',
78	+ 'getter' => 'getId',
79	+ 'actions' => array(
80	+ array(
81	+ 'caption' => Mage::helper('paymentcapture')->__('Log'),
82	+ 'url' => array('base'=> 'adminhtml/paymentcapture_view'),
83	+ 'field' => 'id'
84	+ )),
85	+ 'filter' => false,
86	+ 'sortable' => false,
87	+ 'index' => 'stores',
88	+ 'is_system' => true,
89	+ ));*/
90	+ return parent::_prepareColumns();
91	+ }
92	+ public function getGridUrl()
93	+ {
94	+ return $this->getUrl('//grid', array('_current'=>true));
95	+ }
96	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist.php ADDED Viewed

	@@ -0,0 +1,11 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Whitelist extends Mage_Adminhtml_Block_Widget_Grid_Container
3	+ {
4	+ public function __construct()
5	+ {
6	+ $this->_controller = 'adminhtml_whitelist';
7	+ $this->_blockGroup = 'firewall';
8	+ $this->_headerText = Mage::helper('firewall')->__('White List');
9	+ parent::__construct();
10	+ }
11	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit.php ADDED Viewed

	@@ -0,0 +1,45 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit extends Mage_Adminhtml_Block_Widget_Form_Container
4	+ {
5	+ public function __construct()
6	+ {
7	+ parent::__construct();
8	+
9	+ $this->_objectId = 'id';
10	+ $this->_blockGroup = 'firewall';
11	+ $this->_controller = 'adminhtml_whitelist';
12	+
13	+ $this->_updateButton('save', 'label', Mage::helper('firewall')->__('Save whitelist'));
14	+ $this->_updateButton('delete', 'label', Mage::helper('firewall')->__('Delete whitelist'));
15	+
16	+ $this->_addButton('saveandcontinue', array(
17	+ 'label' => Mage::helper('adminhtml')->__('Save And Continue Edit'),
18	+ 'onclick' => 'saveAndContinueEdit()',
19	+ 'class' => 'save',
20	+ ), -100);
21	+
22	+ $this->_formScripts[] = "
23	+ function toggleEditor() {
24	+ if (tinyMCE.getInstanceById('firewall_content') == null) {
25	+ tinyMCE.execCommand('mceAddControl', false, 'firewall_content');
26	+ } else {
27	+ tinyMCE.execCommand('mceRemoveControl', false, 'firewall_content');
28	+ }
29	+ }
30	+
31	+ function saveAndContinueEdit(){
32	+ editForm.submit($('edit_form').action+'back/edit/');
33	+ }
34	+ ";
35	+ }
36	+
37	+ public function getHeaderText()
38	+ {
39	+ if( Mage::registry('rules_data') && Mage::registry('whitelist_data')->getId() ) {
40	+ return Mage::helper('firewall')->__("Edit whitelist '%s'", $this->htmlEscape(Mage::registry('whitelist_data')->getTitle()));
41	+ } else {
42	+ return Mage::helper('firewall')->__('Add whitelist');
43	+ }
44	+ }
45	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Form.php ADDED Viewed

	@@ -0,0 +1,19 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit_Form extends Mage_Adminhtml_Block_Widget_Form
4	+ {
5	+ protected function _prepareForm()
6	+ {
7	+ $form = new Varien_Data_Form(array(
8	+ 'id' => 'edit_form',
9	+ 'action' => $this->getUrl('//save', array('id' => $this->getRequest()->getParam('id'))),
10	+ 'method' => 'post',
11	+ 'enctype' => 'multipart/form-data'
12	+ )
13	+ );
14	+
15	+ $form->setUseContainer(true);
16	+ $this->setForm($form);
17	+ return parent::_prepareForm();
18	+ }
19	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tab/Form.php ADDED Viewed

	@@ -0,0 +1,51 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit_Tab_Form extends Mage_Adminhtml_Block_Widget_Form
4	+ {
5	+ protected function _prepareForm()
6	+ {
7	+ $form = new Varien_Data_Form();
8	+ $this->setForm($form);
9	+ $fieldset = $form->addFieldset('whitelist_form', array('legend'=>Mage::helper('firewall')->__('Whitelist information')));
10	+
11	+ $fieldset->addField('ip', 'text', array(
12	+ 'label' => Mage::helper('firewall')->__('IP Address'),
13	+ 'class' => 'required-entry',
14	+ 'required' => true,
15	+ 'name' => 'ip',
16	+ ));
17	+
18	+ $fieldset->addField('text', 'editor', array(
19	+ 'label' => Mage::helper('firewall')->__('Reason'),
20	+ 'required' => false,
21	+ 'name' => 'text',
22	+ 'style' => 'width:274px; height:200px;',
23	+ 'wysiwyg' => false,
24	+ ));
25	+
26	+ $fieldset->addField('status', 'select', array(
27	+ 'label' => Mage::helper('firewall')->__('Status'),
28	+ 'name' => 'status',
29	+ 'values' => array(
30	+ array(
31	+ 'value' => 1,
32	+ 'label' => Mage::helper('firewall')->__('Enabled'),
33	+ ),
34	+
35	+ array(
36	+ 'value' => 2,
37	+ 'label' => Mage::helper('firewall')->__('Disabled'),
38	+ ),
39	+ ),
40	+ ));
41	+
42	+ if ( Mage::getSingleton('adminhtml/session')->getWhitelistData() )
43	+ {
44	+ $form->setValues(Mage::getSingleton('adminhtml/session')->getWhitelistData());
45	+ Mage::getSingleton('adminhtml/session')->setWhitelistData(null);
46	+ } elseif ( Mage::registry('whitelist_data') ) {
47	+ $form->setValues(Mage::registry('whitelist_data')->getData());
48	+ }
49	+ return parent::_prepareForm();
50	+ }
51	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tabs.php ADDED Viewed

	@@ -0,0 +1,24 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit_Tabs extends Mage_Adminhtml_Block_Widget_Tabs
4	+ {
5	+
6	+ public function __construct()
7	+ {
8	+ parent::__construct();
9	+ $this->setId('whitelist_tabs');
10	+ $this->setDestElementId('edit_form');
11	+ $this->setTitle(Mage::helper('firewall')->__('Whitelist Information'));
12	+ }
13	+
14	+ protected function _beforeToHtml()
15	+ {
16	+ $this->addTab('form_section', array(
17	+ 'label' => Mage::helper('firewall')->__('Whitelist Information'),
18	+ 'title' => Mage::helper('firewall')->__('Whitelist Information'),
19	+ 'content' => $this->getLayout()->createBlock('firewall/adminhtml_whitelist_edit_tab_form')->toHtml(),
20	+ ));
21	+
22	+ return parent::_beforeToHtml();
23	+ }
24	+ }

app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Grid.php ADDED Viewed

	@@ -0,0 +1,68 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Grid extends Mage_Adminhtml_Block_Widget_Grid
3	+ {
4	+ public function __construct()
5	+ {
6	+ parent::__construct();
7	+ $this->setId('whitelistGrid');
8	+ $this->setDefaultSort('whitelist_id');
9	+ $this->setDefaultDir('DESC');
10	+ $this->setSaveParametersInSession(true);
11	+ $this->setUseAjax(true);
12	+ }
13	+ protected function _prepareCollection()
14	+ {
15	+ $orderId = (int) $this->getRequest()->getParam('id');
16	+ if(empty($orderId)){
17	+ $collection = Mage::getModel('firewall/whitelist')->getCollection();
18	+ }
19	+
20	+ $this->setCollection($collection);
21	+ return parent::_prepareCollection();
22	+ }
23	+ protected function _prepareColumns()
24	+ {
25	+ $this->addColumn('whitelist_id', array(
26	+ 'header' => Mage::helper('firewall')->__('ID #'),
27	+ 'align' => 'left',
28	+ 'index' => 'whitelist_id',
29	+ ));
30	+ $this->addColumn('ip', array(
31	+ 'header' => Mage::helper('firewall')->__('IP Address'),
32	+ 'align' => 'left',
33	+ 'index' => 'ip',
34	+ ));
35	+ $this->addColumn('text', array(
36	+ 'header' => Mage::helper('firewall')->__('Text'),
37	+ 'align' => 'left',
38	+ 'index' => 'text',
39	+ ));
40	+ $this->addColumn('status', array(
41	+ 'header' => Mage::helper('firewall')->__('Status'),
42	+ 'align' => 'left',
43	+ 'width' => '80px',
44	+ 'index' => 'status',
45	+ 'type' => 'options',
46	+ 'options' => array(
47	+ 1 => 'Enabled',
48	+ 2 => 'Disabled',
49	+ ),
50	+ ));
51	+ $this->addColumn('created_time', array(
52	+ 'header' => Mage::helper('firewall')->__('Created Time'),
53	+ 'align' => 'left',
54	+ 'index' => 'created_time',
55	+ ));
56	+ return parent::_prepareColumns();
57	+ }
58	+
59	+ public function getGridUrl()
60	+ {
61	+ return $this->getUrl('//grid', array('_current'=>true));
62	+ }
63	+
64	+ public function getRowUrl($row)
65	+ {
66	+ return $this->getUrl('//edit', array('id' => $row->getId()));
67	+ }
68	+ }

app/code/community/MageFirewall/Firewall/Helper/Data.php ADDED Viewed

	@@ -0,0 +1,86 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Helper_Data extends Mage_Core_Helper_Abstract
3	+ {
4	+ public function getLogsCount(){
5	+ $currentMonth=date("Y-m");
6	+ $recentLogs = Mage::getModel('firewall/logs')->getCollection();
7	+ $recentLogs->addFieldToFilter('created_time', array('like' =>"%2014-09%"));
8	+ $LogsCount = $recentLogs->getData();
9	+ return count($LogsCount);
10	+ }
11	+
12	+ public function getMageEmail(){
13	+ return Mage::getStoreConfig('trans_email/ident_general/email');
14	+ }
15	+
16	+ public function getRecentEditedFiles(){
17	+ $days = $this->getOptionsData('show_recent_file_days');
18	+ $lists[0] = $days;
19	+ exec('find . -iregex ".*$html\\|php$" -mtime -'.$lists[0],$lists[1]);
20	+ $lists[1] = implode("<br />", $lists[1]);
21	+ return $lists;
22	+ }
23	+
24	+ public function getClientIp(){
25	+ if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
26	+ $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
27	+ } else {
28	+ $ip_address = $_SERVER['REMOTE_ADDR'];
29	+ }
30	+ return $ip_address;
31	+ }
32	+
33	+ public function getOptionsData($fieldtext){
34	+ $optiosData = Mage::getModel('firewall/options')->getCollection()->addFieldToFilter('path',$fieldtext)->getData();
35	+ return $optiosData[0]['value'];
36	+ }
37	+
38	+ // file checker function start
39	+ // Check for string in file return bool
40	+ public function isinfile($stringtofind,$path) {
41	+ if(!file_exists($path)) {
42	+ return false; // if no file then where would be the exploitation in it :P
43	+ }
44	+ $openedfile = file_get_contents($path);
45	+ if(strpos($openedfile, $stringtofind) !== FALSE)
46	+ {
47	+ // found in file
48	+ return true;
49	+ }
50	+ else
51	+ {
52	+ // Not found in file
53	+ return false;
54	+ }
55	+ }
56	+
57	+ //Printing function for logging function no return
58	+ public function printer($type=2,$printstring) {
59	+ if($type == 1) {
60	+ echo "<br /><h3>$printstring</h3>";
61	+ }
62	+ else if($type == 2) {
63	+ echo "<br />$printstring";
64	+ }
65	+ }
66	+
67	+ public function startprocess($collectiontocheck) {
68	+ $errorflag = 0;
69	+ $this->printer(1,$collectiontocheck['exploitname']);
70	+ foreach($collectiontocheck['data'] as $check) {
71	+ if($this->isinfile($check['searchstring'],$check['filelocation'])) {
72	+ $errorflag = 0;
73	+ }
74	+ }
75	+ $results[]['name'] = $collectiontocheck['exploitname'];
76	+ if($errorflag == 1) {
77	+ $this->printer(2,$collectiontocheck['error']);
78	+ $results[]['status'] = "fail";
79	+ }
80	+ else {
81	+ $results[]['status'] = "pass";
82	+ }
83	+ }
84	+ // file checker function start end
85	+ }
86	+ ?>

app/code/community/MageFirewall/Firewall/Model/Blacklist.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Blacklist extends Mage_Core_Model_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ parent::_construct();
7	+ $this->_init('firewall/blacklist');
8	+ }
9	+ }
10	+ ?>

app/code/community/MageFirewall/Firewall/Model/Cron.php ADDED Viewed

	@@ -0,0 +1,67 @@


1	+ <?php
2	+
3	+ class MageFirewall_Firewall_Model_Cron extends Varien_Object
4	+ {
5	+ public function deleteOldLogs()
6	+ {
7	+ $wallHelper = Mage::helper('firewall');
8	+ $date = date('Y-m-j G:i:s') ;
9	+ $LogDeleteDate = strtotime ( '-'.$this->getLogDays().' day' , strtotime ( $date ) ) ;
10	+ $LogDeleteDate = date ( 'Y-m-j' , $LogDeleteDate ) ;
11	+ $model = Mage::getModel('firewall/logs')->getCollection();
12	+ $model->addFieldToFilter('created_time',array(
13	+ array(
14	+ 'to' => $LogDeleteDate,
15	+ 'date' => true,
16	+ ),
17	+ ));
18	+ $Logs = $model->getData();
19	+ if($Logs){
20	+ foreach($Logs as $logId){
21	+ $model = Mage::getModel('firewall/logs');
22	+ $model->setId(trim($logId['log_id']))
23	+ ->delete();
24	+ }
25	+ }
26	+ $editedFiles = $wallHelper->getRecentEditedFiles();
27	+ $this->notify('admin user',$this->getSenderEmail(),'Magento store - MageFirewal',$editedFiles[1]);
28	+ return;
29	+ }
30	+
31	+ public function getSenderEmail()
32	+ {
33	+ $sendToEmail = Mage::helper('firewall')->getMageEmail();
34	+ if(Mage::helper('firewall')->getOptionsData('email_addresss')) {
35	+ $sendToEmail = Mage::helper('firewall')->getOptionsData('email_addresss');
36	+ }
37	+ return $sendToEmail;
38	+ }
39	+
40	+ public function getLogDays()
41	+ {
42	+ return Mage::getStoreConfig('system/log/clean_after_day');
43	+ }
44	+
45	+ public function notify($sendToName, $sendToEmail, $subject, $msg) {
46	+ $mail = Mage::getModel('core/email');
47	+ $mail->setToName($sendToName);
48	+ $mail->setToEmail($sendToEmail);
49	+ $mail->setBody($msg);
50	+ $mail->setSubject($subject);
51	+ $mail->setFromEmail(Mage::getStoreConfig('trans_email/ident_general/email'));
52	+ $mail->setFromName(Mage::getStoreConfig('trans_email/ident_general/name'));
53	+ $mail->setType('html');
54	+
55	+ try {
56	+ $mail->send();
57	+ }
58	+ catch (Exception $e) {
59	+ Mage::logException($e);
60	+ return false;
61	+ }
62	+
63	+ return true;
64	+ }
65	+
66	+ }
67	+ ?>

app/code/community/MageFirewall/Firewall/Model/Logs.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Logs extends Mage_Core_Model_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ parent::_construct();
7	+ $this->_init('firewall/logs');
8	+ }
9	+ }
10	+ ?>

app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Blacklist extends Mage_Core_Model_Mysql4_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/blacklist', 'blacklist_id');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist/Collection.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Blacklist_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/blacklist');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Logs extends Mage_Core_Model_Mysql4_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/logs', 'log_id');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs/Collection.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Logs_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/logs');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Options.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Options extends Mage_Core_Model_Mysql4_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/options', 'option_id');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Options/Collection.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Options_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/options');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Rules extends Mage_Core_Model_Mysql4_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/rules', 'rules_id');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules/Collection.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Rules_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/rules');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Version.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Version extends Mage_Core_Model_Mysql4_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/version', 'version_id');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Version/Collection.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Version_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/version');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Whitelist extends Mage_Core_Model_Mysql4_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/whitelist', 'whitelist_id');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist/Collection.php ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Mysql4_Whitelist_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ $this->_init('firewall/whitelist');
7	+ }
8	+ }

app/code/community/MageFirewall/Firewall/Model/Observer.php ADDED Viewed

	@@ -0,0 +1,59 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Observer
3	+ {
4	+ /*
5	+ * store ipaddress in blacklist if admin entered wrong password
6	+ * */
7	+ public function login_validation($observer = null)
8	+ {
9	+ $event = $observer->getEvent();
10	+ $controllerAction = $event->getControllerAction();
11	+ $blacklistModel = Mage::getModel('firewall/blacklist');
12	+ $wallHelper = Mage::helper('firewall');
13	+ $ip_address = $wallHelper->getClientIp();
14	+ $model1 = $blacklistModel->getCollection()->addFieldToFilter('ip',$ip_address)->getData();
15	+ if($model1){
16	+ foreach($model1 as $getcount){
17	+ $count=$getcount['count']+1;
18	+ $id=$getcount['blacklist_id'];
19	+ $blacklistModel->setId($id)
20	+ ->setCount($count)
21	+ ->setUpdatedTime(time())
22	+ ->save();
23	+ }
24	+ }
25	+ else{
26	+ $data = array('ip'=>$ip_address,'priority'=>'Normal','count'=>1,'is_delete'=>0,'status'=>1,'text'=>'admin login','created_time'=>time());
27	+ $model = $blacklistModel->setData($data)->save();
28	+ }
29	+ }
30	+ public function checkBlacklist($observer = null)
31	+ {
32	+ $blacklistModel = Mage::getModel('firewall/blacklist');
33	+ $whitelistModel = Mage::getModel('firewall/whitelist');
34	+ $wallHelper = Mage::helper('firewall');
35	+ $loginMaxCount = (int) $wallHelper->getOptionsData('login_lttempts');
36	+ $ip_address = $wallHelper->getClientIp();
37	+ $checkipinblacklist = $blacklistModel->getCollection()
38	+ ->addFieldToFilter('count',array('lt' => $loginMaxCount))
39	+ ->addFieldToFilter('ip',$ip_address)->getData();
40	+ if($checkipinblacklist){
41	+ $blacklistModel->setId($checkipinblacklist[0]['blacklist_id'])
42	+ ->delete();
43	+ }
44	+ $getBlackListIp = $blacklistModel->getCollection()
45	+ ->addFieldToFilter('ip',$ip_address)
46	+ ->addFieldToFilter('status','1')
47	+ ->addFieldToFilter('count',array('gteq' => $loginMaxCount))->getData();
48	+ $getWhiteListIp = $whitelistModel->getCollection()
49	+ ->addFieldToFilter('ip',$ip_address)
50	+ ->addFieldToFilter('status','1')->getData();
51	+
52	+ if($getBlackListIp && !$getWhiteListIp ) {
53	+ $session = Mage::getSingleton('adminhtml/session');
54	+ $adminSession = Mage::getSingleton('admin/session');
55	+ $adminSession->unsetAll();
56	+ $adminSession->getCookie()->delete($adminSession->getSessionName());
57	+ }
58	+ }
59	+ }

app/code/community/MageFirewall/Firewall/Model/Options.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Options extends Mage_Core_Model_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ parent::_construct();
7	+ $this->_init('firewall/options');
8	+ }
9	+ }
10	+ ?>

app/code/community/MageFirewall/Firewall/Model/Rules.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Rules extends Mage_Core_Model_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ parent::_construct();
7	+ $this->_init('firewall/rules');
8	+ }
9	+ }
10	+ ?>

app/code/community/MageFirewall/Firewall/Model/Version.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Version extends Mage_Core_Model_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ parent::_construct();
7	+ $this->_init('firewall/version');
8	+ }
9	+ }
10	+ ?>

app/code/community/MageFirewall/Firewall/Model/Whitelist.php ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Model_Whitelist extends Mage_Core_Model_Abstract
3	+ {
4	+ public function _construct()
5	+ {
6	+ parent::_construct();
7	+ $this->_init('firewall/whitelist');
8	+ }
9	+ }
10	+ ?>

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/BlacklistController.php ADDED Viewed

	@@ -0,0 +1,111 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_BlacklistController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->loadLayout()
7	+ ->_setActiveMenu('firewall/blacklist')
8	+ ->_addBreadcrumb(Mage::helper('adminhtml')->__('Black List'), Mage::helper('adminhtml')->__('Black List'));
9	+ return $this;
10	+ }
11	+ public function indexAction() {
12	+ $this->_initAction();
13	+ $this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_blacklist'));
14	+ $this->renderLayout();
15	+ }
16	+ public function gridAction()
17	+ {
18	+ $this->loadLayout();
19	+ $this->getResponse()->setBody(
20	+ $this->getLayout()->createBlock('firewall/adminhtml_blacklist_grid')->toHtml()
21	+ );
22	+ }
23	+
24	+ public function editAction() {
25	+ $id = $this->getRequest()->getParam('id');
26	+ $model = Mage::getModel('firewall/blacklist')->load($id);
27	+
28	+ if ($model->getId() \|\| $id == 0) {
29	+ $data = Mage::getSingleton('adminhtml/session')->getFormData(true);
30	+ if (!empty($data)) {
31	+ $model->setData($data);
32	+ }
33	+
34	+ Mage::register('blacklist_data', $model);
35	+
36	+ $this->loadLayout();
37	+ $this->_setActiveMenu('blacklist/items');
38	+
39	+ $this->_addBreadcrumb(Mage::helper('adminhtml')->__('BlackList Manager'), Mage::helper('adminhtml')->__('BlackList Manager'));
40	+
41	+ $this->getLayout()->getBlock('head')->setCanLoadExtJs(true);
42	+
43	+ $this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_blacklist_edit'))
44	+ ->_addLeft($this->getLayout()->createBlock('firewall/adminhtml_blacklist_edit_tabs'));
45	+
46	+ $this->renderLayout();
47	+ } else {
48	+ Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Item does not exist'));
49	+ $this->_redirect('//');
50	+ }
51	+ }
52	+
53	+ public function newAction() {
54	+ $this->_forward('edit');
55	+ }
56	+
57	+ public function saveAction() {
58	+ if ($data = $this->getRequest()->getPost()) {
59	+
60	+
61	+ $model = Mage::getModel('firewall/blacklist');
62	+ $model->setData($data)
63	+ ->setId($this->getRequest()->getParam('id'));
64	+
65	+ try {
66	+ if ($model->getCreatedTime == NULL \|\| $model->getUpdateTime() == NULL) {
67	+ $model->setCreatedTime(now())
68	+ ->setUpdateTime(now());
69	+ } else {
70	+ $model->setUpdateTime(now());
71	+ }
72	+
73	+ $model->save();
74	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('firewall')->__('BlackList was successfully saved'));
75	+ Mage::getSingleton('adminhtml/session')->setFormData(false);
76	+
77	+ if ($this->getRequest()->getParam('back')) {
78	+ $this->_redirect('//edit', array('id' => $model->getId()));
79	+ return;
80	+ }
81	+ $this->_redirect('//');
82	+ return;
83	+ } catch (Exception $e) {
84	+ Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
85	+ Mage::getSingleton('adminhtml/session')->setFormData($data);
86	+ $this->_redirect('//edit', array('id' => $this->getRequest()->getParam('id')));
87	+ return;
88	+ }
89	+ }
90	+ Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Unable to find BlackList to save'));
91	+ $this->_redirect('//');
92	+ }
93	+
94	+ public function deleteAction() {
95	+ if( $this->getRequest()->getParam('id') > 0 ) {
96	+ try {
97	+ $model = Mage::getModel('firewall/blacklist');
98	+
99	+ $model->setId($this->getRequest()->getParam('id'))
100	+ ->delete();
101	+
102	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('adminhtml')->__('BlackList was successfully deleted'));
103	+ $this->_redirect('//');
104	+ } catch (Exception $e) {
105	+ Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
106	+ $this->_redirect('//edit', array('id' => $this->getRequest()->getParam('id')));
107	+ }
108	+ }
109	+ $this->_redirect('//');
110	+ }
111	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/DiagnosticController.php ADDED Viewed

	@@ -0,0 +1,27 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_Dashboard_DiagnosticController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('View'));
7	+ $this->loadLayout()
8	+ ->_setActiveMenu('firewall/diagnostic');
9	+
10	+ return $this;
11	+ }
12	+ public function indexAction() {
13	+ $block = $this->getLayout()->createBlock('core/template');
14	+ $block->setTemplate('firewall/diagnostic.phtml');
15	+
16	+ $this->_initAction()
17	+ ->_addContent($block)
18	+ ->renderLayout();
19	+ }
20	+ public function gridAction()
21	+ {
22	+ $this->loadLayout();
23	+ $this->getResponse()->setBody(
24	+ $this->getLayout()->createBlock('dashboard/adminhtml_diagnostic_grid')->toHtml()
25	+ );
26	+ }
27	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/FilecheckerController.php ADDED Viewed

	@@ -0,0 +1,27 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_Dashboard_FileCheckerController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('Diagnostic'));
7	+ $this->loadLayout()
8	+ ->_setActiveMenu('firewall/filechecker');
9	+
10	+ return $this;
11	+ }
12	+ public function indexAction() {
13	+ $block = $this->getLayout()->createBlock('core/template');
14	+ $block->setTemplate('firewall/filechecker.phtml');
15	+
16	+ $this->_initAction()
17	+ ->_addContent($block)
18	+ ->renderLayout();
19	+ }
20	+ public function gridAction()
21	+ {
22	+ $this->loadLayout();
23	+ $this->getResponse()->setBody(
24	+ $this->getLayout()->createBlock('dashboard/adminhtml_diagnosticchecker_grid')->toHtml()
25	+ );
26	+ }
27	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/RecentController.php ADDED Viewed

	@@ -0,0 +1,27 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_Dashboard_RecentController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('View'));
7	+ $this->loadLayout()
8	+ ->_setActiveMenu('firewall/recentedittedfile');
9	+
10	+ return $this;
11	+ }
12	+ public function indexAction() {
13	+ $block = $this->getLayout()->createBlock('core/template');
14	+ $block->setTemplate('firewall/recentfile.phtml');
15	+
16	+ $this->_initAction()
17	+ ->_addContent($block)
18	+ ->renderLayout();
19	+ }
20	+ public function gridAction()
21	+ {
22	+ $this->loadLayout();
23	+ $this->getResponse()->setBody(
24	+ $this->getLayout()->createBlock('dashboard/adminhtml_dashboard_grid')->toHtml()
25	+ );
26	+ }
27	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/ViewController.php ADDED Viewed

	@@ -0,0 +1,53 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_Dashboard_ViewController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('View'));
7	+ $this->loadLayout()
8	+ ->_setActiveMenu('firewall/dashboard');
9	+
10	+ return $this;
11	+ }
12	+ public function indexAction() {
13	+ $wallHelper = Mage::helper('firewall');
14	+ if ($data = $this->getRequest()->getPost()) {
15	+ try {
16	+ $optionsAll = Mage::getModel('firewall/options');
17	+ foreach($data['fireWall_options'] as $datas){
18	+ if(isset($datas['value']))
19	+ $optionsAll->setData($datas);
20	+ $optionsAll->save();
21	+ }
22	+ if($data['fireWall_options'][6]['value']==1){
23	+ $ip_address = $wallHelper->getClientIp();
24	+ $whitelist = Mage::getModel('firewall/whitelist');
25	+ $getWhiteList = Mage::getModel('firewall/whitelist')->getCollection()->addFieldToFilter('ip',$ip_address)->getData();
26	+ if(count($getWhiteList)>=1){
27	+ } else {
28	+ $whitelist->setData(array('ip'=>$ip_address,'is_delete'=>0,'status'=>1,'created_time'=>time()))
29	+ ->save();
30	+ }
31	+ }
32	+
33	+ Mage::getSingleton('adminhtml/session')->addSuccess('Configuration saved succesfully.');
34	+ } catch (Exception $e) {
35	+ Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
36	+ }
37	+ $this->_redirect('/');
38	+ }
39	+ $block = $this->getLayout()->createBlock('core/template');
40	+ $block->setTemplate('firewall/dashboard.phtml');
41	+
42	+ $this->_initAction()
43	+ ->_addContent($block)
44	+ ->renderLayout();
45	+ }
46	+ public function gridAction()
47	+ {
48	+ $this->loadLayout();
49	+ $this->getResponse()->setBody(
50	+ $this->getLayout()->createBlock('dashboard/adminhtml_dashboard_grid')->toHtml()
51	+ );
52	+ }
53	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/LogsController.php ADDED Viewed

	@@ -0,0 +1,23 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_LogsController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->loadLayout()
7	+ ->_setActiveMenu('firewall/logs')
8	+ ->_addBreadcrumb(Mage::helper('adminhtml')->__('Logs'), Mage::helper('adminhtml')->__('Logs'));
9	+ return $this;
10	+ }
11	+ public function indexAction() {
12	+ $this->_initAction();
13	+ $this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_logs'));
14	+ $this->renderLayout();
15	+ }
16	+ public function gridAction()
17	+ {
18	+ $this->loadLayout();
19	+ $this->getResponse()->setBody(
20	+ $this->getLayout()->createBlock('firewall/adminhtml_logs_grid')->toHtml()
21	+ );
22	+ }
23	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/RulesController.php ADDED Viewed

	@@ -0,0 +1,23 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_RulesController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->loadLayout()
7	+ ->_setActiveMenu('firewall/rules')
8	+ ->_addBreadcrumb(Mage::helper('adminhtml')->__('Rules List'), Mage::helper('adminhtml')->__('Rules List'));
9	+ return $this;
10	+ }
11	+ public function indexAction() {
12	+ $this->_initAction();
13	+ $this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_rules'));
14	+ $this->renderLayout();
15	+ }
16	+ public function gridAction()
17	+ {
18	+ $this->loadLayout();
19	+ $this->getResponse()->setBody(
20	+ $this->getLayout()->createBlock('firewall/adminhtml_rules_grid')->toHtml()
21	+ );
22	+ }
23	+ }

app/code/community/MageFirewall/Firewall/controllers/Adminhtml/WhitelistController.php ADDED Viewed

	@@ -0,0 +1,111 @@


1	+ <?php
2	+ class MageFirewall_Firewall_Adminhtml_WhitelistController extends Mage_Adminhtml_Controller_Action
3	+ {
4	+ protected function _initAction()
5	+ {
6	+ $this->loadLayout()
7	+ ->_setActiveMenu('firewall/whitelist')
8	+ ->_addBreadcrumb(Mage::helper('adminhtml')->__('Whitelist'), Mage::helper('adminhtml')->__('Whitelist'));
9	+ return $this;
10	+ }
11	+ public function indexAction() {
12	+ $this->_initAction();
13	+ $this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_whitelist'));
14	+ $this->renderLayout();
15	+ }
16	+ public function gridAction()
17	+ {
18	+ $this->loadLayout();
19	+ $this->getResponse()->setBody(
20	+ $this->getLayout()->createBlock('firewall/adminhtml_whitelist_grid')->toHtml()
21	+ );
22	+ }
23	+
24	+ public function editAction() {
25	+ $id = $this->getRequest()->getParam('id');
26	+ $model = Mage::getModel('firewall/whitelist')->load($id);
27	+
28	+ if ($model->getId() \|\| $id == 0) {
29	+ $data = Mage::getSingleton('adminhtml/session')->getFormData(true);
30	+ if (!empty($data)) {
31	+ $model->setData($data);
32	+ }
33	+
34	+ Mage::register('whitelist_data', $model);
35	+
36	+ $this->loadLayout();
37	+ $this->_setActiveMenu('whitelist/items');
38	+
39	+ $this->_addBreadcrumb(Mage::helper('adminhtml')->__('Whitelist Manager'), Mage::helper('adminhtml')->__('Whitelist Manager'));
40	+
41	+ $this->getLayout()->getBlock('head')->setCanLoadExtJs(true);
42	+
43	+ $this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_whitelist_edit'))
44	+ ->_addLeft($this->getLayout()->createBlock('firewall/adminhtml_whitelist_edit_tabs'));
45	+
46	+ $this->renderLayout();
47	+ } else {
48	+ Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Item does not exist'));
49	+ $this->_redirect('//');
50	+ }
51	+ }
52	+
53	+ public function newAction() {
54	+ $this->_forward('edit');
55	+ }
56	+
57	+ public function saveAction() {
58	+ if ($data = $this->getRequest()->getPost()) {
59	+
60	+
61	+ $model = Mage::getModel('firewall/whitelist');
62	+ $model->setData($data)
63	+ ->setId($this->getRequest()->getParam('id'));
64	+
65	+ try {
66	+ if ($model->getCreatedTime == NULL \|\| $model->getUpdateTime() == NULL) {
67	+ $model->setCreatedTime(now())
68	+ ->setUpdateTime(now());
69	+ } else {
70	+ $model->setUpdateTime(now());
71	+ }
72	+
73	+ $model->save();
74	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('firewall')->__('Whitelist was successfully saved'));
75	+ Mage::getSingleton('adminhtml/session')->setFormData(false);
76	+
77	+ if ($this->getRequest()->getParam('back')) {
78	+ $this->_redirect('//edit', array('id' => $model->getId()));
79	+ return;
80	+ }
81	+ $this->_redirect('//');
82	+ return;
83	+ } catch (Exception $e) {
84	+ Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
85	+ Mage::getSingleton('adminhtml/session')->setFormData($data);
86	+ $this->_redirect('//edit', array('id' => $this->getRequest()->getParam('id')));
87	+ return;
88	+ }
89	+ }
90	+ Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Unable to find Whitelist to save'));
91	+ $this->_redirect('//');
92	+ }
93	+
94	+ public function deleteAction() {
95	+ if( $this->getRequest()->getParam('id') > 0 ) {
96	+ try {
97	+ $model = Mage::getModel('firewall/whitelist');
98	+
99	+ $model->setId($this->getRequest()->getParam('id'))
100	+ ->delete();
101	+
102	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('adminhtml')->__('Whitelist was successfully deleted'));
103	+ $this->_redirect('//');
104	+ } catch (Exception $e) {
105	+ Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
106	+ $this->_redirect('//edit', array('id' => $this->getRequest()->getParam('id')));
107	+ }
108	+ }
109	+ $this->_redirect('//');
110	+ }
111	+ }

app/code/community/MageFirewall/Firewall/data/firewall_setup/data-install-0.1.0.php ADDED Viewed

	@@ -0,0 +1,964 @@


1	+ <?php
2	+ $tickets = Mage::getModel('firewall/rules')
3	+ ->getCollection();
4	+ $tickets = Array
5	+ (
6	+ '0' => Array
7	+ (
8	+ // 'id''1',
9	+ 'who' => 'generic',
10	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT',
11	+ 'what' => '(?:\.{2}[\\/]{1,4}){2}\b',
12	+ 'why' => 'Directory traversal',
13	+ 'level' => '3',
14	+ 'enabled' => '1'
15	+ ),
16	+
17	+ '1' => Array
18	+ (
19	+ // 'id''2',
20	+ 'who' => 'generic',
21	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|REQUEST_URI\|PHP_SELF\|PATH_INFO',
22	+ 'what' => '%00\|\x00',
23	+ 'why' => 'NULL byte character',
24	+ 'level' => '3',
25	+ 'enabled' => '1'
26	+ ),
27	+
28	+ '2' => Array
29	+ (
30	+ // 'id''3',
31	+ 'who' => 'generic',
32	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT',
33	+ 'what' => '[.\\/]/(?:proc/self/\|etc/passwd)\b',
34	+ 'why' => 'Local file inclusion',
35	+ 'level' => '2',
36	+ 'enabled' => '1'
37	+ ),
38	+
39	+ '3' => Array
40	+ (
41	+ // 'id''50',
42	+ 'who' => 'generic',
43	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT',
44	+ 'what' => '^(?i:https?\|ftp)://.+/[^&/]+\?$',
45	+ 'why' => 'Remote file inclusion',
46	+ 'level' => '3',
47	+ 'enabled' => '1'
48	+ ),
49	+
50	+ '4' => Array
51	+ (
52	+ // 'id''51',
53	+ 'who' => 'generic',
54	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT',
55	+ 'what' => '^(?i:https?)://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}',
56	+ 'why' => 'Remote file inclusion (URL IP)',
57	+ 'level' => '2',
58	+ 'enabled' => '1'
59	+ ),
60	+
61	+ '5' => Array
62	+ (
63	+ // 'id''52',
64	+ 'who' => 'generic',
65	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT',
66	+ 'what' => '\b(?i:include\|require)(?i:_once)?\s\([^)](?i:https?\|ftp)://',
67	+ 'why' => 'Remote file inclusion (via require/include)',
68	+ 'level' => '3',
69	+ 'enabled' => '1'
70	+ ),
71	+
72	+ '6' => Array
73	+ (
74	+ // 'id''53',
75	+ 'who' => 'generic',
76	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT',
77	+ 'what' => '^(?i:ftp)://(?:.+?:.+?\@)?[^/]+/.',
78	+ 'why' => 'Remote file inclusion (FTP)',
79	+ 'level' => '2',
80	+ 'enabled' => '1'
81	+ ),
82	+
83	+ '7' => Array
84	+ (
85	+ // 'id''100',
86	+ 'who' => 'generic',
87	+ 'request' => 'GET\|POST\|REQUEST_URI\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
88	+ 'what' => '<\s/?(?i:applet\|div\|embed\|i?frame(?:set)?\|img\|meta\|marquee\|object\|script\|textarea)\b.?>',
89	+ 'why' => 'XSS (HTML tag)',
90	+ 'level' => '2',
91	+ 'enabled' => '1'
92	+ ),
93	+
94	+ '8' => Array
95	+ (
96	+ // 'id''101',
97	+ 'who' => 'generic',
98	+ 'request' => 'GET\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
99	+ 'what' => '\W(?:background(-image)?\|-moz-binding)\s:[^}]?\burl\s*\([^)]+?://',
100	+ 'why' => 'XSS (remote background URI)',
101	+ 'level' => '3',
102	+ 'enabled' => '1'
103	+ ),
104	+
105	+ '9' => Array
106	+ (
107	+ // 'id''102',
108	+ 'who' => 'generic',
109	+ 'request' => 'GET\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
110	+ 'what' => '(?i:<[^>]+?(?:data\|href\|src)\s=\s[\'\"]?(?:https?\|data\|php\|(?:java\|vb)script):)',
111	+ 'why' => 'XSS (remote URI)',
112	+ 'level' => '3',
113	+ 'enabled' => '1'
114	+ ),
115	+
116	+ '10' => Array
117	+ (
118	+ // 'id''103',
119	+ 'who' => 'generic',
120	+ 'request' => 'GET\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
121	+ 'what' => '\b(?i:on(?i:abort\|blur\|(?:dbl)?click\|dragdrop\|error\|focus\|key(?:up\|down\|press)\|(?:un)?load\|mouse(?:down\|out\|over\|up)\|move\|res(?:et\|ize)\|select\|submit))\b\s*=',
122	+ 'why' => 'XSS (HTML event)',
123	+ 'level' => '2',
124	+ 'enabled' => '1'
125	+ ),
126	+
127	+ '11' => Array
128	+ (
129	+ // 'id''104',
130	+ 'who' => 'generic',
131	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
132	+ 'what' => '[:=\]]\s[\'\"]?(?:alert\|confirm\|eval\|expression\|prompt\|String\.fromCharCode\|url)\s\(',
133	+ 'why' => 'XSS (JS function)',
134	+ 'level' => '3',
135	+ 'enabled' => '1'
136	+ ),
137	+
138	+ '12' => Array
139	+ (
140	+ // 'id''105',
141	+ 'who' => 'generic',
142	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
143	+ 'what' => '\bdocument\.(?:body\|cookie\|location\|open\|write(?:ln)?)\b',
144	+ 'why' => 'XSS (document object)',
145	+ 'level' => '2',
146	+ 'enabled' => '1'
147	+ ),
148	+
149	+ '13' => Array
150	+ (
151	+ // 'id''106',
152	+ 'who' => 'generic',
153	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
154	+ 'what' => '\blocation\.(?:href\|replace)\b',
155	+ 'why' => 'XSS (location object)',
156	+ 'level' => '2',
157	+ 'enabled' => '1'
158	+ ),
159	+
160	+ '14' => Array
161	+ (
162	+ // 'id''107',
163	+ 'who' => 'generic',
164	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
165	+ 'what' => '\bwindow\.(?:open\|location)\b',
166	+ 'why' => 'XSS (window object)',
167	+ 'level' => '2',
168	+ 'enabled' => '1'
169	+ ),
170	+
171	+ '15' => Array
172	+ (
173	+ // 'id''108',
174	+ 'who' => 'generic',
175	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
176	+ 'what' => '(?i:style)\s=\s[\'"]?[^/\'"]+/\*',
177	+ 'why' => 'XSS (obfuscated style)',
178	+ 'level' => '3',
179	+ 'enabled' => '1'
180	+ ),
181	+
182	+ '16' => Array
183	+ (
184	+ // 'id''109',
185	+ 'who' => 'generic',
186	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
187	+ 'what' => '^/?>',
188	+ 'why' => 'XSS (leading greater-than sign)',
189	+ 'level' => '2',
190	+ 'enabled' => '1'
191	+ ),
192	+
193	+ '17' => Array
194	+ (
195	+ // 'id''110',
196	+ 'who' => 'generic',
197	+ 'request' => 'QUERY_STRING',
198	+ 'what' => '(?:%%\d\d%\d\d){5}',
199	+ 'why' => 'XSS (double nibble)',
200	+ 'level' => '2',
201	+ 'enabled' => '1'
202	+ ),
203	+
204	+ '18' => Array
205	+ (
206	+ // 'id''111',
207	+ 'who' => 'generic',
208	+ 'request' => 'GET\|POST\|REQUEST_URI\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
209	+ 'what' => '(\+\|\%2B)A(Dw\|ACIAPgA8)-.+?(\+\|\%2B)AD4(APAAi)?-',
210	+ 'why' => 'XSS (UTF-7)',
211	+ 'level' => '2',
212	+ 'enabled' => '1'
213	+ ),
214	+
215	+ '19' => Array
216	+ (
217	+ // 'id''150',
218	+ 'who' => 'generic',
219	+ 'request' => 'GET\|POST',
220	+ 'what' => '[\n\r]\s\b(?:(?:reply-)?to\|b?cc\|content-[td]\w)\b\s:.*?\@',
221	+ 'why' => 'Mail header injection',
222	+ 'level' => '2',
223	+ 'enabled' => '1'
224	+ ),
225	+
226	+ '20' => Array
227	+ (
228	+ // 'id''151',
229	+ 'who' => 'generic',
230	+ 'request' => 'GET\|POST',
231	+ 'what' => '^[\x0d\x0a]{1,2}[-a-zA-Z0-9]+:\s*\w+',
232	+ 'why' => 'HTTP header injection',
233	+ 'level' => '2',
234	+ 'enabled' => '1'
235	+ ),
236	+
237	+ '21' => Array
238	+ (
239	+ // 'id''152',
240	+ 'who' => 'generic',
241	+ 'request' => 'HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
242	+ 'what' => '[\x0d\x0a]',
243	+ 'why' => 'HTTP header injection (CR/LF)',
244	+ 'level' => '2',
245	+ 'enabled' => '1'
246	+ ),
247	+
248	+ '22' => Array
249	+ (
250	+ // 'id''153',
251	+ 'who' => 'generic',
252	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
253	+ 'what' => '<!--#(?:config\|echo\|exec\|flastmod\|fsize\|include)\b.+?-->',
254	+ 'why' => 'SSI command injection',
255	+ 'level' => '2',
256	+ 'enabled' => '1'
257	+ ),
258	+
259	+ '23' => Array
260	+ (
261	+ // 'id''154',
262	+ 'who' => 'generic',
263	+ 'request' => 'HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
264	+ 'what' => '(?s:<\?.+)\|#!/(?:usr\|bin)/.+?\s',
265	+ 'why' => 'Code Injection',
266	+ 'level' => '3',
267	+ 'enabled' => '1'
268	+ ),
269	+
270	+ '24' => Array
271	+ (
272	+ // 'id''155',
273	+ 'who' => 'generic',
274	+ 'request' => 'GET\|POST',
275	+ 'what' => '(?s:<\?(?![Xx][Mm][Ll]).?(?:\$_?(?:COOKIE\|ENV\|FILES\|GLOBALS\|(?:GE\|POS\|REQUES)T\|SE(RVER\|SSION))\s[=\[)]\|\b(?i:array_map\|assert\|base64_(?:de\|en)code\|curl_exec\|eval\|file(?:_get_contents)?\|fsockopen\|gzinflate\|move_uploaded_file\|passthru\|preg_replace\|phpinfo\|stripslashes\|strrev\|system\|(?:shell_)?exec)\s\()\|\x60.+?\x60)\|#!/(?:usr\|bin)/.+?\s\|\W\$\{\s[\'"]\w+[\'"]',
276	+ 'why' => 'Code Injection',
277	+ 'level' => '3',
278	+ 'enabled' => '1'
279	+ ),
280	+
281	+ '25' => Array
282	+ (
283	+ // 'id''156',
284	+ 'who' => 'generic',
285	+ 'request' => 'GET\|POST',
286	+ 'what' => '\b(?i:eval)\s\(\s(?i:base64_decode\|exec\|file_get_contents\|gzinflate\|passthru\|shell_exec\|stripslashes\|system)\s*\(',
287	+ 'why' => 'Code Injection #2',
288	+ 'level' => '2',
289	+ 'enabled' => '1'
290	+ ),
291	+
292	+ '26' => Array
293	+ (
294	+ // 'id''157',
295	+ 'who' => 'generic',
296	+ 'request' => 'GET:fltr',
297	+ 'what' => ';',
298	+ 'why' => 'Code injection (phpThumb)',
299	+ 'level' => '3',
300	+ 'enabled' => '1'
301	+ ),
302	+
303	+ '27' => Array
304	+ (
305	+ // 'id''158',
306	+ 'who' => 'generic',
307	+ 'request' => 'GET:file_to_serve',
308	+ 'what' => 'flowplayer/3\.1\.1/flowplayer-3\.1\.1\.min.js',
309	+ 'why' => 'Code injection (OpenX backdoor)',
310	+ 'level' => '3',
311	+ 'enabled' => '1'
312	+ ),
313	+
314	+ '28' => Array
315	+ (
316	+ // 'id''159',
317	+ 'who' => 'generic',
318	+ 'request' => 'GET:phpThumbDebug',
319	+ 'what' => '.',
320	+ 'why' => 'phpThumb debug mode (potential SSRF)',
321	+ 'level' => '1',
322	+ 'enabled' => '1'
323	+ ),
324	+
325	+ '29' => Array
326	+ (
327	+ // 'id''200',
328	+ 'who' => 'generic',
329	+ 'request' => 'GET\|POST\|HTTP_COOKIE',
330	+ 'what' => '^(?i:admin(?:istrator)?)[\'"].?(?:--\|#\|/\)',
331	+ 'why' => 'SQL injection (admin login attempt)',
332	+ 'level' => '3',
333	+ 'enabled' => '1'
334	+ ),
335	+
336	+ '30' => Array
337	+ (
338	+ // 'id''201',
339	+ 'who' => 'generic',
340	+ 'request' => 'GET\|POST',
341	+ 'what' => '\b(?i:[-\w]+@(?:[-a-z0-9]+\.)+[a-z]{2,8}\'.{0,20}\band\b.{0,20}=[\s/]\')',
342	+ 'why' => 'SQL injection (user login attempt)',
343	+ 'level' => '3',
344	+ 'enabled' => '1'
345	+ ),
346	+
347	+ '31' => Array
348	+ (
349	+ // 'id''202',
350	+ 'who' => 'generic',
351	+ 'request' => 'GET:username\|POST:username',
352	+ 'what' => '[#\'"=(),<>/\\*\x60]',
353	+ 'why' => 'SQL injection (username)',
354	+ 'level' => '3',
355	+ 'enabled' => '1'
356	+ ),
357	+
358	+ '32' => Array
359	+ (
360	+ // 'id''204',
361	+ 'who' => 'generic',
362	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
363	+ 'what' => '\b(?i:and\|or\|having)\b.+?[\'"]?(\w+)[\'"]?\s=\s[\'"]?\1',
364	+ 'why' => 'SQL injection (equal operator)',
365	+ 'level' => '3',
366	+ 'enabled' => '1'
367	+ ),
368	+
369	+ '33' => Array
370	+ (
371	+ // 'id''205',
372	+ 'who' => 'generic',
373	+ 'request' => 'GET\|POST',
374	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\bfrom\b.+?information_schema\b)',
375	+ 'why' => 'SQL injection (information_schema)',
376	+ 'level' => '3',
377	+ 'enabled' => '1'
378	+ ),
379	+
380	+ '34' => Array
381	+ (
382	+ // 'id''206',
383	+ 'who' => 'generic',
384	+ 'request' => 'GET\|POST',
385	+ 'what' => '/\\/(?i:and\|from\|limit\|or\|select\|union\|request)/\\/',
386	+ 'why' => 'SQL injection (comment obfuscation)',
387	+ 'level' => '3',
388	+ 'enabled' => '1'
389	+ ),
390	+
391	+ '35' => Array
392	+ (
393	+ // 'id''207',
394	+ 'who' => 'generic',
395	+ 'request' => 'GET\|POST',
396	+ 'what' => '^[-\d\';].+\w.+(?:--\|#\|/\)\s$',
397	+ 'why' => 'SQL injection (trailing comment)',
398	+ 'level' => '3',
399	+ 'enabled' => '1'
400	+ ),
401	+
402	+ '36' => Array
403	+ (
404	+ // 'id''208',
405	+ 'who' => 'generic',
406	+ 'request' => 'HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
407	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\b(?:alter\|create\|delete\|drop\|grant\|information_schema\|insert\|load\|rename\|select\|truncate\|update)[^-\w])',
408	+ 'why' => 'SQL injection',
409	+ 'level' => '1',
410	+ 'enabled' => '1'
411	+ ),
412	+
413	+ '37' => Array
414	+ (
415	+ // 'id''209',
416	+ 'who' => 'generic',
417	+ 'request' => 'GET\|POST',
418	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').?(?:\ball\b.+?)?\bselect\b.+?\b(?:and\b\|from\b\|limit\b\|request\b\|\@?\@?version\b\|(?:user\|benchmark\|char\|count\|database\|(?:group_)?concat(?:_ws)?\|floor\|md5\|rand\|substring\|version)\s\(\|--\|/\*\|#$))',
419	+ 'why' => 'SQL injection (select)',
420	+ 'level' => '3',
421	+ 'enabled' => '1'
422	+ ),
423	+
424	+ '38' => Array
425	+ (
426	+ // 'id''210',
427	+ 'who' => 'generic',
428	+ 'request' => 'GET\|POST',
429	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').?(?:\ball\b.+?)?\binsert\b.+?\binto\b.?$[^)]+$.+?values.*?\()',
430	+ 'why' => 'SQL injection (insert)',
431	+ 'level' => '3',
432	+ 'enabled' => '1'
433	+ ),
434	+
435	+ '39' => Array
436	+ (
437	+ // 'id''211',
438	+ 'who' => 'generic',
439	+ 'request' => 'GET\|POST',
440	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\bupdate\b.+?\bset\b.+?=)',
441	+ 'why' => 'SQL injection (update)',
442	+ 'level' => '3',
443	+ 'enabled' => '1'
444	+ ),
445	+
446	+ '40' => Array
447	+ (
448	+ // 'id''212',
449	+ 'who' => 'generic',
450	+ 'request' => 'GET\|POST',
451	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\bgrant\b.+?\bon\b.+?to\s+)',
452	+ 'why' => 'SQL injection (grant)',
453	+ 'level' => '3',
454	+ 'enabled' => '1'
455	+ ),
456	+
457	+ '41' => Array
458	+ (
459	+ // 'id''213',
460	+ 'who' => 'generic',
461	+ 'request' => 'GET\|POST',
462	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\bdelete\b.+?\bfrom\b.+)',
463	+ 'why' => 'SQL injection (delete)',
464	+ 'level' => '3',
465	+ 'enabled' => '1'
466	+ ),
467	+
468	+ '42' => Array
469	+ (
470	+ // 'id''214',
471	+ 'who' => 'generic',
472	+ 'request' => 'GET\|POST',
473	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\b(alter\|create\|drop)\b.+?(?:DATABASE\|FUNCTION\|INDEX\|PROCEDURE\|SCHEMA\|TABLE\|TRIGGER\|VIEW)\b.+?)',
474	+ 'why' => 'SQL injection (alter/create/drop)',
475	+ 'level' => '3',
476	+ 'enabled' => '1'
477	+ ),
478	+
479	+ '43' => Array
480	+ (
481	+ // 'id''215',
482	+ 'who' => 'generic',
483	+ 'request' => 'GET\|POST',
484	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\b(?:rename\|truncate)\b.+?table)',
485	+ 'why' => 'SQL injection (rename/truncate)',
486	+ 'level' => '3',
487	+ 'enabled' => '1'
488	+ ),
489	+
490	+ '44' => Array
491	+ (
492	+ // 'id''216',
493	+ 'who' => 'generic',
494	+ 'request' => 'GET\|POST',
495	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?\bselect\b.+?\b(?:into\b.+?(?:(?:dump\|out)file\|\@[\'"\x60]?\w+)\|load_file))\b',
496	+ 'why' => 'SQL injection (select into/load_file)',
497	+ 'level' => '3',
498	+ 'enabled' => '1'
499	+ ),
500	+
501	+ '45' => Array
502	+ (
503	+ // 'id''217',
504	+ 'who' => 'generic',
505	+ 'request' => 'GET\|POST',
506	+ 'what' => '(?i:(?:\b(?:and\|or\|union)\b\|;\|\').*?load\b.+?\bdata\b.+?\binfile\b.+?\binto)\b',
507	+ 'why' => 'SQL injection (load)',
508	+ 'level' => '3',
509	+ 'enabled' => '1'
510	+ ),
511	+
512	+ '46' => Array
513	+ (
514	+ // 'id''250',
515	+ 'who' => 'generic',
516	+ 'request' => 'HTTP_HOST',
517	+ 'what' => '[^-a-zA-Z0-9._:\[\]]',
518	+ 'why' => 'Malformed Host header',
519	+ 'level' => '2',
520	+ 'enabled' => '1'
521	+ ),
522	+
523	+ '47' => Array
524	+ (
525	+ // 'id''300',
526	+ 'who' => 'generic',
527	+ 'request' => 'GET\|POST',
528	+ 'what' => '^[\'"]',
529	+ 'why' => 'Leading quote',
530	+ 'level' => '2',
531	+ 'enabled' => '1'
532	+ ),
533	+
534	+ '48' => Array
535	+ (
536	+ // 'id''301',
537	+ 'who' => 'generic',
538	+ 'request' => 'GET',
539	+ 'what' => '^[\x09\x20]',
540	+ 'why' => 'Leading space',
541	+ 'level' => '1',
542	+ 'enabled' => '1'
543	+ ),
544	+
545	+ '49' => Array
546	+ (
547	+ // 'id''302',
548	+ 'who' => 'generic',
549	+ 'request' => 'QUERY_STRING\|PATH_INFO',
550	+ 'what' => '\bHTTP_RAW_POST_DATA\|HTTP_(?:POS\|GE)T_VARS\b',
551	+ 'why' => 'PHP variable',
552	+ 'level' => '2',
553	+ 'enabled' => '1'
554	+ ),
555	+
556	+ '50' => Array
557	+ (
558	+ // 'id''303',
559	+ 'who' => 'generic',
560	+ 'request' => 'SCRIPT_NAME',
561	+ 'what' => 'phpinfo\.php',
562	+ 'why' => 'Attempt to access phpinfo.php',
563	+ 'level' => '1',
564	+ 'enabled' => '1'
565	+ ),
566	+
567	+ '51' => Array
568	+ (
569	+ // 'id''304',
570	+ 'who' => 'generic',
571	+ 'request' => 'SCRIPT_NAME',
572	+ 'what' => '/scripts/(?:setup\|signon)\.php',
573	+ 'why' => 'phpMyAdmin hacking attempt',
574	+ 'level' => '2',
575	+ 'enabled' => '1'
576	+ ),
577	+
578	+ '52' => Array
579	+ (
580	+ // 'id''305',
581	+ 'who' => 'generic',
582	+ 'request' => 'SCRIPT_NAME',
583	+ 'what' => '\.ph(?:p[2-6]?\|tml)\..+?',
584	+ 'why' => 'PHP handler obfuscation',
585	+ 'level' => '3',
586	+ 'enabled' => '1'
587	+ ),
588	+
589	+ '53' => Array
590	+ (
591	+ // 'id''306',
592	+ 'who' => 'generic',
593	+ 'request' => 'GET:mosConfig_absolute_path\|POST:mosConfig_absolute_path',
594	+ 'what' => '.',
595	+ 'why' => 'mosConfig_absolute_path override attempt',
596	+ 'level' => '3',
597	+ 'enabled' => '1'
598	+ ),
599	+
600	+ '54' => Array
601	+ (
602	+ // 'id''307',
603	+ 'who' => 'generic',
604	+ 'request' => 'GET:mosConfig_live_site\|POST:mosConfig_live_site',
605	+ 'what' => '.',
606	+ 'why' => 'mosConfig_live_site override attempt',
607	+ 'level' => '3',
608	+ 'enabled' => '1'
609	+ ),
610	+
611	+ '55' => Array
612	+ (
613	+ // 'id''308',
614	+ 'who' => 'generic',
615	+ 'request' => 'GET:mosConfig_cachepath\|POST:mosConfig_cachepath',
616	+ 'what' => '.',
617	+ 'why' => 'mosConfig_cachepath override attempt',
618	+ 'level' => '3',
619	+ 'enabled' => '1'
620	+ ),
621	+
622	+ '56' => Array
623	+ (
624	+ // 'id''309',
625	+ 'who' => 'generic',
626	+ 'request' => 'QUERY_STRING\|PATH_INFO\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
627	+ 'what' => '\b(?:\$?_(COOKIE\|ENV\|FILES\|(?:GE\|POS\|REQUES)T\|SE(RVER\|SSION))\|HTTP_(?:(?:POST\|GET)_VARS\|RAW_POST_DATA)\|GLOBALS)\s[=\[]\|\W\$\{\s[\'"]\w+[\'"]',
628	+ 'why' => 'PHP predefined variables',
629	+ 'level' => '2',
630	+ 'enabled' => '1'
631	+ ),
632	+
633	+ '57' => Array
634	+ (
635	+ // 'id''310',
636	+ 'who' => 'generic',
637	+ 'request' => 'HTTP_USER_AGENT',
638	+ 'what' => '(?i:acunetix\|analyzer\|AhrefsBot\|backdoor\|bandit\|blackwidow\|BOT for JCE\|collect\|core-project\|dts agent\|emailmagnet\|ex(ploit\|tract)\|flood\|grabber\|harvest\|httrack\|havij\|hunter\|indy library\|inspect\|LoadTimeBot\|Microsoft URL Control\|mj12bot\|morfeus\|nessus\|pmafind\|scanner\|siphon\|sqlmap\|survey\|teleport)',
639	+ 'why' => 'Bad User-agent',
640	+ 'level' => '1',
641	+ 'enabled' => '1'
642	+ ),
643	+
644	+ '58' => Array
645	+ (
646	+ // 'id''311',
647	+ 'who' => 'generic',
648	+ 'request' => 'SCRIPT_NAME',
649	+ 'what' => '/tiny_?mce/plugins/spellchecker/classes/',
650	+ 'why' => 'TinyMCE path disclosure',
651	+ 'level' => '2',
652	+ 'enabled' => '1'
653	+ ),
654	+
655	+ '59' => Array
656	+ (
657	+ // 'id''312',
658	+ 'who' => 'generic',
659	+ 'request' => 'HTTP_X_FORWARDED_FOR',
660	+ 'what' => '[^.0-9a-f:\x20,unkow]',
661	+ 'why' => 'Non-compliant X_FORWARDED_FOR',
662	+ 'level' => '1',
663	+ 'enabled' => '1'
664	+ ),
665	+
666	+ '60' => Array
667	+ (
668	+ // 'id''313',
669	+ 'who' => 'generic',
670	+ 'request' => 'QUERY_STRING',
671	+ 'what' => '^-[bcndfiswzT]',
672	+ 'why' => 'PHP-CGI exploit (CVE-2012-1823)',
673	+ 'level' => '2',
674	+ 'enabled' => '1'
675	+ ),
676	+
677	+ '61' => Array
678	+ (
679	+ // 'id''350',
680	+ 'who' => 'generic',
681	+ 'request' => 'SCRIPT_NAME',
682	+ 'what' => '(?i:bypass\|c99(?:madShell\|ud)?\|c100\|cookie_(?:usage\|setup)\|diagnostics\|dump\|endix\|gifimg\|goog[l1]e.+[\da-f]{10}\|imageth\|imlog\|r5[47]\|safe0ver\|sniper\|(?:jpe?g\|gif\|png))\.ph(?:p[2-6]?\|tml)',
683	+ 'why' => 'Shell/backdoor',
684	+ 'level' => '3',
685	+ 'enabled' => '1'
686	+ ),
687	+
688	+ '62' => Array
689	+ (
690	+ // 'id''351',
691	+ 'who' => 'generic',
692	+ 'request' => 'GET:nixpasswd\|POST:nixpasswd',
693	+ 'what' => '^.?',
694	+ 'why' => 'Shell/backdoor (nixpasswd)',
695	+ 'level' => '3',
696	+ 'enabled' => '1'
697	+ ),
698	+
699	+ '63' => Array
700	+ (
701	+ // 'id''352',
702	+ 'who' => 'generic',
703	+ 'request' => 'QUERY_STRING',
704	+ 'what' => '\bact=img&img=\w',
705	+ 'why' => 'Shell/backdoor (img)',
706	+ 'level' => '3',
707	+ 'enabled' => '1'
708	+ ),
709	+
710	+ '64' => Array
711	+ (
712	+ // 'id''353',
713	+ 'who' => 'generic',
714	+ 'request' => 'QUERY_STRING',
715	+ 'what' => '\bc=img&name=\w',
716	+ 'why' => 'Shell/backdoor (name)',
717	+ 'level' => '3',
718	+ 'enabled' => '1'
719	+ ),
720	+
721	+ '65' => Array
722	+ (
723	+ // 'id''354',
724	+ 'who' => 'generic',
725	+ 'request' => 'QUERY_STRING',
726	+ 'what' => '^image=(?:arrow\|file\|folder\|smiley)$',
727	+ 'why' => 'Shell/backdoor (image)',
728	+ 'level' => '3',
729	+ 'enabled' => '1'
730	+ ),
731	+
732	+ '66' => Array
733	+ (
734	+ // 'id''355',
735	+ 'who' => 'generic',
736	+ 'request' => 'HTTP_COOKIE',
737	+ 'what' => '\buname=.+?;\ssysctl=',
738	+ 'why' => 'Shell/backdoor (cookie)',
739	+ 'level' => '3',
740	+ 'enabled' => '1'
741	+ ),
742	+
743	+ '67' => Array
744	+ (
745	+ // 'id''356',
746	+ 'who' => 'generic',
747	+ 'request' => 'POST:sql_passwd\|GET:sql_passwd',
748	+ 'what' => '.',
749	+ 'why' => 'Shell/backdoor (sql_passwd)',
750	+ 'level' => '3',
751	+ 'enabled' => '1'
752	+ ),
753	+
754	+ '68' => Array
755	+ (
756	+ // 'id''357',
757	+ 'who' => 'generic',
758	+ 'request' => 'POST:nowpath',
759	+ 'what' => '^.?',
760	+ 'why' => 'Shell/backdoor (nowpath)',
761	+ 'level' => '3',
762	+ 'enabled' => '1'
763	+ ),
764	+
765	+ '69' => Array
766	+ (
767	+ // 'id''358',
768	+ 'who' => 'generic',
769	+ 'request' => 'POST:view_writable',
770	+ 'what' => '^.?',
771	+ 'why' => 'Shell/backdoor (view_writable)',
772	+ 'level' => '3',
773	+ 'enabled' => '1'
774	+ ),
775	+
776	+ '70' => Array
777	+ (
778	+ // 'id''359',
779	+ 'who' => 'generic',
780	+ 'request' => 'HTTP_COOKIE',
781	+ 'what' => '\bphpspypass=',
782	+ 'why' => 'Shell/backdoor (phpspy)',
783	+ 'level' => '3',
784	+ 'enabled' => '1'
785	+ ),
786	+
787	+ '71' => Array
788	+ (
789	+ // 'id''360',
790	+ 'who' => 'generic',
791	+ 'request' => 'POST:a',
792	+ 'what' => '^(?:Bruteforce\|Console\|Files(?:Man\|Tools)\|Network\|Php\|SecInfo\|SelfRemove\|Sql\|StringTools)$',
793	+ 'why' => 'Shell/backdoor (a)',
794	+ 'level' => '3',
795	+ 'enabled' => '1'
796	+ ),
797	+
798	+ '72' => Array
799	+ (
800	+ // 'id''361',
801	+ 'who' => 'generic',
802	+ 'request' => 'POST:nst_cmd',
803	+ 'what' => '^.',
804	+ 'why' => 'Shell/backdoor (nstview)',
805	+ 'level' => '3',
806	+ 'enabled' => '1'
807	+ ),
808	+
809	+ '73' => Array
810	+ (
811	+ // 'id''362',
812	+ 'who' => 'generic',
813	+ 'request' => 'POST:cmd',
814	+ 'what' => '^(?:c(?:h_\|URL)\|db_query\|echo\s\\.\|(?:edit\|download\|save)_file\|find(?:_text\|\s.+)\|ftp_(?:brute\|file_(?:down\|up))\|mail_file\|mk\|mysql(?:b\|_dump)\|php_eval\|ps\s.\|search_text\|safe_dir\|sym[1-2]\|test[1-8]\|zend)$',
815	+ 'why' => 'Shell/backdoor (cmd)',
816	+ 'level' => '2',
817	+ 'enabled' => '1'
818	+ ),
819	+
820	+ '74' => Array
821	+ (
822	+ // 'id''363',
823	+ 'who' => 'generic',
824	+ 'request' => 'GET:p',
825	+ 'what' => '^(?:chmod\|cmd\|edit\|eval\|delete\|headers\|md5\|mysql\|phpinfo\|rename)$',
826	+ 'why' => 'Shell/backdoor (p)',
827	+ 'level' => '3',
828	+ 'enabled' => '1'
829	+ ),
830	+
831	+ '75' => Array
832	+ (
833	+ // 'id''364',
834	+ 'who' => 'generic',
835	+ 'request' => 'QUERY_STRING',
836	+ 'what' => '^act=(?:bind\|cmd\|encoder\|eval\|feedback\|ftpquickbrute\|gofile\|ls\|mkdir\|mkfile\|processes\|ps_aux\|search\|security\|sql\|tools\|update\|upload)&d=%2F',
837	+ 'why' => 'Shell/backdoor (act)',
838	+ 'level' => '3',
839	+ 'enabled' => '1'
840	+ ),
841	+
842	+ '76' => Array
843	+ (
844	+ // 'id''500',
845	+ 'who' => 'option',
846	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
847	+ 'what' => '[\x01-\x08\x0e-\x1f]',
848	+ 'why' => 'Disallowed ASCII characters',
849	+ 'level' => '2',
850	+ 'enabled' => '1'
851	+ ),
852	+
853	+ '77' => Array
854	+ (
855	+ // 'id''520',
856	+ 'who' => 'option',
857	+ 'request' => 'GET\|POST\|HTTP_COOKIE\|HTTP_USER_AGENT\|HTTP_REFERER',
858	+ 'what' => '\b(?i:php://[a-z].+?\|\bdata:.*?;base64,)',
859	+ 'why' => 'PHP wrappers',
860	+ 'level' => '3',
861	+ 'enabled' => '1'
862	+ ),
863	+
864	+ '78' => Array
865	+ (
866	+ // 'id''1200',
867	+ 'who' => 'magento',
868	+ 'request' => 'SCRIPT_NAME',
869	+ 'what' => '/(?:[Cc]onfig\|install)\.php',
870	+ 'why' => 'Magento: unauthorised access to a PHP script',
871	+ 'level' => '2',
872	+ 'enabled' => '1'
873	+ ),
874	+
875	+ '79' => Array
876	+ (
877	+ // 'id''1201',
878	+ 'who' => 'magento',
879	+ 'request' => 'SCRIPT_NAME',
880	+ 'what' => '/(?:app\|cache\|includes\|js(?!/index\.php)\|lib\|media\|pkginfo\|var)/',
881	+ 'why' => 'Magento: unauthorised access to a PHP script',
882	+ 'level' => '2',
883	+ 'enabled' => '1'
884	+ ),
885	+
886	+ '80' => Array
887	+ (
888	+ // 'id''1202',
889	+ 'who' => 'magento',
890	+ 'request' => 'GET\|POST',
891	+ 'what' => '\badmin_user\b',
892	+ 'why' => 'Magento: SQL injection (admin_user)',
893	+ 'level' => '2',
894	+ 'enabled' => '1'
895	+ )
896	+ ) ;
897	+
898	+ foreach ($tickets as $ticket) {
899	+ Mage::getModel('firewall/rules')
900	+ ->setData($ticket)
901	+ ->save();
902	+ }
903	+
904	+ $optionsModel = Mage::getModel('firewall/options')->getCollection();
905	+ $options = Array
906	+ (
907	+ '0' => Array
908	+ (
909	+ 'text' => 'Firewall ',
910	+ 'path' => 'firewall_enable',
911	+ 'value' => '1'
912	+ ),
913	+
914	+ '1' => Array
915	+ (
916	+ 'text' => 'Firewall Loaded ?',
917	+ 'path' => 'prepend_configuration',
918	+ 'value' => ''
919	+ ),
920	+
921	+ '2' => Array
922	+ (
923	+ 'text' => 'Console mode',
924	+ 'path' => 'debug_mode',
925	+ 'value' => '0'
926	+ ),
927	+
928	+ '3' => Array
929	+ (
930	+ 'text' => 'Show recent modified file days ',
931	+ 'path' => 'show_recent_file_days',
932	+ 'value' => '5'
933	+ ),
934	+
935	+ '4' => Array
936	+ (
937	+ 'text' => 'Receiver Email address',
938	+ 'path' => 'email_addresss',
939	+ 'value' => ''
940	+ ),
941	+ '5' => Array
942	+ (
943	+ 'text' => 'Allows only Whitelist ip\'s to access admin',
944	+ 'path' => 'allow_whitelist',
945	+ 'value' => '0'
946	+ ),
947	+ '6' => Array
948	+ (
949	+ 'text' => 'Admin Login Attempts (Allowed)',
950	+ 'path' => 'login_lttempts',
951	+ 'value' => '3'
952	+ ),
953	+ '7' => Array
954	+ (
955	+ 'text' => 'Ban attacking IPs from accessing site',
956	+ 'path' => 'banning_ip',
957	+ 'value' => '0'
958	+ )
959	+ );
960	+ foreach ($options as $option) {
961	+ Mage::getModel('firewall/options')
962	+ ->setData($option)
963	+ ->save();
964	+ }

app/code/community/MageFirewall/Firewall/etc/config.xml ADDED Viewed

	@@ -0,0 +1,182 @@


1	+ <?xml version="1.0"?>
2	+ <config>
3	+ <modules>
4	+ <MageFirewall_Firewall>
5	+ <version>0.1.0</version>
6	+ </MageFirewall_Firewall>
7	+ </modules>
8	+ <admin>
9	+ <routers>
10	+ <firewall>
11	+ <use>admin</use>
12	+ <args>
13	+ <module>MageFirewall_Firewall</module>
14	+ <frontName>Firewall</frontName>
15	+ </args>
16	+ </firewall>
17	+ </routers>
18	+ </admin>
19	+ <adminhtml>
20	+ <menu>
21	+ <firewall module="firewall">
22	+ <title>Firewall</title>
23	+ <sort_order>71</sort_order>
24	+ <!--<children>
25	+ <items module="wall">
26	+ <title>White List</title>
27	+ <sort_order>0</sort_order>
28	+ <action>wall/adminhtml_wall</action>
29	+ </items>
30	+ </children>-->
31	+ <children>
32	+ <dashboard>
33	+ <title>Dashboard</title>
34	+ <action>firewall/adminhtml_dashboard_view</action>
35	+ <sort_order>50</sort_order>
36	+ </dashboard>
37	+ <recentedittedfiles>
38	+ <title>Recent Edited Files</title>
39	+ <action>firewall/adminhtml_dashboard_recent</action>
40	+ <sort_order>60</sort_order>
41	+ </recentedittedfiles>
42	+ <whitelist>
43	+ <title>White List</title>
44	+ <action>firewall/adminhtml_whitelist</action>
45	+ <sort_order>100</sort_order>
46	+ </whitelist>
47	+ <blacklist>
48	+ <title>Black List</title>
49	+ <action>firewall/adminhtml_blacklist</action>
50	+ <sort_order>200</sort_order>
51	+ </blacklist>
52	+ <rules>
53	+ <title>Rules</title>
54	+ <action>firewall/adminhtml_rules</action>
55	+ <sort_order>300</sort_order>
56	+ </rules>
57	+ <logs>
58	+ <title>Logs</title>
59	+ <action>firewall/adminhtml_logs</action>
60	+ <sort_order>400</sort_order>
61	+ </logs>
62	+ <logs1>
63	+ <title>Scan your Store</title>
64	+ <action>firewall/adminhtml_dashboard_diagnostic</action>
65	+ <sort_order>500</sort_order>
66	+ </logs1>
67	+ <diagnostic>
68	+ <title>Diagnostic</title>
69	+ <action>firewall/adminhtml_dashboard_filechecker</action>
70	+ <sort_order>550</sort_order>
71	+ </diagnostic>
72	+ </children>
73	+ </firewall>
74	+ </menu>
75	+ <acl>
76	+ <resources>
77	+ <all>
78	+ <title>Allow Everything</title>
79	+ </all>
80	+ <admin>
81	+ <children>
82	+ <MageFirewall_Firewall>
83	+ <title>White List</title>
84	+ <sort_order>10</sort_order>
85	+ </MageFirewall_Firewall>
86	+ </children>
87	+ </admin>
88	+ </resources>
89	+ </acl>
90	+ </adminhtml>
91	+ <global>
92	+ <models>
93	+ <firewall>
94	+ <class>MageFirewall_Firewall_Model</class>
95	+ <resourceModel>firewall_mysql4</resourceModel>
96	+ </firewall>
97	+ <firewall_mysql4>
98	+ <class>MageFirewall_Firewall_Model_Mysql4</class>
99	+ <entities>
100	+ <rules>
101	+ <table>firewall_rules</table>
102	+ </rules>
103	+ <version>
104	+ <table>firewall_version</table>
105	+ </version>
106	+ <logs>
107	+ <table>firewall_logs</table>
108	+ </logs>
109	+ <whitelist>
110	+ <table>firewall_whitelist</table>
111	+ </whitelist>
112	+ <blacklist>
113	+ <table>firewall_blacklist</table>
114	+ </blacklist>
115	+ <options>
116	+ <table>firewall_options</table>
117	+ </options>
118	+ </entities>
119	+ </firewall_mysql4>
120	+ </models>
121	+ <events>
122	+ <admin_session_user_login_failed>
123	+ <observers>
124	+ <MageFirewall_Firewall_Model_Observer>
125	+ <class>MageFirewall_Firewall_Model_Observer</class>
126	+ <method>login_validation</method>
127	+ </MageFirewall_Firewall_Model_Observer>
128	+ </observers>
129	+ </admin_session_user_login_failed>
130	+ <admin_session_user_login_success>
131	+ <observers>
132	+ <MageFirewall_Firewall_Model_Observer>
133	+ <class>MageFirewall_Firewall_Model_Observer</class>
134	+ <method>checkBlacklist</method>
135	+ </MageFirewall_Firewall_Model_Observer>
136	+ </observers>
137	+ </admin_session_user_login_success>
138	+ </events>
139	+ <resources>
140	+ <firewall_setup>
141	+ <setup>
142	+ <module>MageFirewall_Firewall</module>
143	+ </setup>
144	+ <connection>
145	+ <use>core_setup</use>
146	+ </connection>
147	+ </firewall_setup>
148	+ <firewall_write>
149	+ <connection>
150	+ <use>core_write</use>
151	+ </connection>
152	+ </firewall_write>
153	+ <firewall_read>
154	+ <connection>
155	+ <use>core_read</use>
156	+ </connection>
157	+ </firewall_read>
158	+ </resources>
159	+ <helpers>
160	+ <firewall>
161	+ <class>MageFirewall_Firewall_Helper</class>
162	+ </firewall>
163	+ </helpers>
164	+ <blocks>
165	+ <firewall>
166	+ <class>MageFirewall_Firewall_Block</class>
167	+ </firewall>
168	+ </blocks>
169	+ </global>
170	+ <crontab>
171	+ <jobs>
172	+ <firewall_delete_log>
173	+ <schedule>
174	+ <cron_expr>0 0 /15 *</cron_expr>
175	+ </schedule>
176	+ <run>
177	+ <model>firewall/cron::deleteOldLogs</model>
178	+ </run>
179	+ </firewall_delete_log>
180	+ </jobs>
181	+ </crontab>
182	+ </config>

app/code/community/MageFirewall/Firewall/sql/firewall_setup/mysql4-install-0.1.0.php ADDED Viewed

	@@ -0,0 +1,83 @@


1	+ <?php
2	+
3	+ $installer = $this;
4	+
5	+ $installer->startSetup();
6	+
7	+ $installer->run("
8	+
9	+ -- DROP TABLE IF EXISTS {$this->getTable('firewall_rules')};
10	+ CREATE TABLE {$this->getTable('firewall_rules')} (
11	+ `rules_id` int(11) unsigned NOT NULL auto_increment,
12	+ `who` varchar(255) NOT NULL default '',
13	+ `request` text NOT NULL default '',
14	+ `what` text NOT NULL default '',
15	+ `why` text NOT NULL default '',
16	+ `level` text NOT NULL default '',
17	+ `enabled` smallint(6) NOT NULL default '0',
18	+ `created_time` datetime NULL,
19	+ `update_time` datetime NULL,
20	+ PRIMARY KEY (`rules_id`)
21	+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
22	+
23	+ -- DROP TABLE IF EXISTS {$this->getTable('firewall_version')};
24	+ CREATE TABLE {$this->getTable('firewall_version')} (
25	+ `version_id` int(11) unsigned NOT NULL auto_increment,
26	+ `version` varchar(255) NOT NULL default '',
27	+ `created_time` datetime NULL,
28	+ `update_time` datetime NULL,
29	+ PRIMARY KEY (`version_id`)
30	+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
31	+
32	+ -- DROP TABLE IF EXISTS {$this->getTable('firewall_logs')};
33	+ CREATE TABLE {$this->getTable('firewall_logs')} (
34	+ `log_id` int(11) unsigned NOT NULL auto_increment,
35	+ `ruleid` varchar(255) NULL default '',
36	+ `summary` text NULL default '',
37	+ `ip` varchar(255) NULL,
38	+ `level` smallint(6) NULL,
39	+ `incidentid` varchar(255) NULL,
40	+ `created_time` datetime NULL,
41	+ PRIMARY KEY (`log_id`)
42	+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
43	+
44	+ -- DROP TABLE IF EXISTS {$this->getTable('firewall_whitelist')};
45	+ CREATE TABLE {$this->getTable('firewall_whitelist')} (
46	+ `whitelist_id` int(11) unsigned NOT NULL auto_increment,
47	+ `ip` varchar(255) NOT NULL default '',
48	+ `text` text NOT NULL default '',
49	+ `status` smallint(6) NOT NULL default '0',
50	+ `is_delete` smallint(6) NOT NULL default '0',
51	+ `created_time` datetime NULL,
52	+ `update_time` datetime NULL,
53	+ PRIMARY KEY (`whitelist_id`)
54	+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
55	+
56	+ -- DROP TABLE IF EXISTS {$this->getTable('firewall_blacklist')};
57	+ CREATE TABLE {$this->getTable('firewall_blacklist')} (
58	+ `blacklist_id` int(11) unsigned NOT NULL auto_increment,
59	+ `ip` varchar(255) NOT NULL default '',
60	+ `priority` varchar(255) NOT NULL default '',
61	+ `text` text NOT NULL default '',
62	+ `count` varchar(255) NOT NULL default '',
63	+ `is_delete` smallint(6) NOT NULL default '0',
64	+ `status` smallint(6) NOT NULL default '0',
65	+ `created_time` datetime NULL,
66	+ `update_time` datetime NULL,
67	+ PRIMARY KEY (`blacklist_id`)
68	+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
69	+
70	+ -- DROP TABLE IF EXISTS {$this->getTable('firewall_options')};
71	+ CREATE TABLE {$this->getTable('firewall_options')} (
72	+ `option_id` int(11) unsigned NOT NULL auto_increment,
73	+ `path` varchar(255) NOT NULL default '',
74	+ `text` varchar(255) NOT NULL default '',
75	+ `value` varchar(255) NOT NULL default '',
76	+ `status` smallint(6) NOT NULL default '1',
77	+ `created_time` datetime NULL,
78	+ `update_time` datetime NULL,
79	+ PRIMARY KEY (`option_id`)
80	+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
81	+
82	+ ");
83	+ $installer->endSetup();

app/design/adminhtml/default/default/template/firewall/dashboard.phtml ADDED Viewed

	@@ -0,0 +1,152 @@


1	+ <style>
2	+ .firewall-options-form-table tr > td
3	+ {
4	+ border-collapse:separate;
5	+ border-spacing:5em;
6	+ padding-bottom: 1em;
7	+ }
8	+ .critical { color: #D20000; }
9	+ </style>
10	+ <?php
11	+ $wallHelper = Mage::helper('firewall');
12	+ $getIncludedFile = get_included_files();
13	+ $rootPath = $_SERVER['DOCUMENT_ROOT'];
14	+ $paths = $rootPath.'/lib/firewall/firewall.php';
15	+ $optionsAll = Mage::getModel('firewall/options')->getCollection()->getData();
16	+ $firewalFile = ini_get('auto_prepend_file');
17	+ $autoprepend = '<b>No</b>.';
18	+ $autoprependimageIcon = 'error_msg_icon.gif';
19	+ $firewallDisabled = 0;
20	+ if (strpos($firewalFile,'lib/firewall/firewall.php') !== false \|\| in_array($paths, $getIncludedFile)) {
21	+ $firewallDisabled = 1;
22	+ $autoprependimageIcon = 'success_msg_icon.gif';
23	+ $autoprependMsg ='';
24	+ $autoprepend = '<b>Yes</b>.';
25	+ } else {
26	+ $autoprependMsg .='<p class="critical">To Enable firewall include the following line in index.php in your webroot directory <br />
27	+ after the following line of code <br />
28	+ "define(\'MAGENTO_ROOT\', getcwd());" <br />
29	+ require_once MAGENTO_ROOT.\'/lib/firewall/firewall.php\';</p> or';
30	+ $autoprependMsg .='<p class="critical">add the below line to your php.ini / fastphp / in your vhost configuration file. <br />
31	+ auto_prepend_file = '.$paths.'</p>';
32	+
33	+ }
34	+ $senderEmail = $wallHelper->getMageEmail();
35	+ ?>
36	+ <form id="edit_form" name="edit_form" method="post" action="<?php $this->getUrl('//post')?>">
37	+ <input name="form_key" type="hidden" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" />
38	+ <table class="firewall-options-form-table">
39	+ <tbody>
40	+ <tr><th><h2>General Information</h2></th></tr>
41	+ <tr>
42	+ <th scope="row"><?php echo $optionsAll[1]['text']; ?></th>
43	+ <td width="20" align="left">
44	+ <?php
45	+ echo '<img width="16" height="16" border="0" src="/skin/adminhtml/default/default/images/'.$autoprependimageIcon.'">'; ?>
46	+ </td>
47	+ <td align="left">
48	+ <input type="hidden" name="fireWall_options[2][option_id]" value="<?php echo $optionsAll[1]['option_id']; ?>">
49	+ <select style="width:200px" name="fireWall_options[2][value]" disabled>
50	+ <option value="1"> <?php echo $autoprepend; ?></option>
51	+ </select>
52	+ <?php if($firewallDisabled==0) { echo $autoprependMsg; } ?>
53	+ </td>
54	+ </tr>
55	+ <tr>
56	+ <th scope="row">Hacking Attempts</th>
57	+ <td></td>
58	+ <td align="left">
59	+ <a href="<?php echo Mage::helper("adminhtml")->getUrl("firewall/adminhtml_logs/index"); ?>">
60	+ <?php echo $_blockData = $wallHelper->getLogsCount(); ?>
61	+ </a>
62	+ </td>
63	+ </tr>
64	+ <tr><th><h2>Basic Configuration</h2></th></tr>
65	+ <tr>
66	+ <th scope="row"><?php echo $optionsAll[0]['text']; ?></th>
67	+ <td width="20" align="left">
68	+ <?php $imageIcon = ($optionsAll[0]['value']==1 && $firewallDisabled==1) ? 'success_msg_icon.gif' : 'error_msg_icon.gif';
69	+ echo '<img width="16" height="16" border="0" src="/skin/adminhtml/default/default/images/'.$imageIcon.'">'; ?>
70	+ </td>
71	+ <td align="left">
72	+ <input type="hidden" name="fireWall_options[1][option_id]" value="<?php echo $optionsAll[0]['option_id']; ?>">
73	+ <select style="width:200px" name="fireWall_options[1][value]" <?php echo ($firewallDisabled==0) ? "disabled" : ''; ?>>
74	+ <?php if($firewallDisabled==1) { ?> <option <?php echo ($optionsAll[0]['value']==1 && $firewallDisabled==1) ? 'selected=""' : ''; ?> value="1">Enabled</option> <?php } ?>
75	+ <option <?php echo ($optionsAll[0]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
76	+ </select>
77	+ </td>
78	+ </tr>
79	+ <tr>
80	+ <th scope="row"><?php echo $optionsAll[2]['text']; ?></th>
81	+ <td width="20" align="left">
82	+ </td>
83	+ <td align="left">
84	+ <input type="hidden" name="fireWall_options[3][option_id]" value="<?php echo $optionsAll[2]['option_id']; ?>">
85	+ <select style="width:200px" name="fireWall_options[3][value]">
86	+ <option <?php echo ($optionsAll[2]['value']==1) ? 'selected=""' : ''; ?> value="1">Enabled</option>
87	+ <option <?php echo ($optionsAll[2]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
88	+ </select>
89	+ </td>
90	+ </tr>
91	+ <tr>
92	+ <th scope="row"><?php echo $optionsAll[3]['text']; ?></th>
93	+ <td width="20" align="left">
94	+ </td>
95	+ <td align="left">
96	+ <input type="hidden" name="fireWall_options[4][option_id]" value="<?php echo $optionsAll[3]['option_id']; ?>">
97	+ <input type="text" name="fireWall_options[4][value]" value="<?php echo $optionsAll[3]['value']; ?>" />
98	+ </td>
99	+ </tr>
100	+ <tr>
101	+ <th scope="row"><?php echo $optionsAll[4]['text']; ?></th>
102	+ <td></td>
103	+ <td align="left">
104	+ <input type="hidden" name="fireWall_options[5][option_id]" value="<?php echo $optionsAll[4]['option_id']; ?>">
105	+ <input type="text" name="fireWall_options[5][value]" value="<?php echo (empty($optionsAll[4]['value'])) ? $senderEmail : $optionsAll[4]['value']; ?>" />
106	+ </td>
107	+ </tr>
108	+ <?php /*<tr>
109	+ <th scope="row"><?php echo $optionsAll[5]['text']; ?></th>
110	+ <td></td>
111	+ <td align="left">
112	+ <input type="hidden" name="fireWall_options[6][option_id]" value="<?php echo $optionsAll[5]['option_id']; ?>">
113	+ <select style="width:200px" name="fireWall_options[6][value]">
114	+ <option <?php echo ($optionsAll[5]['value']==1) ? 'selected=""' : ''; ?> value="1">Enabled</option>
115	+ <option <?php echo ($optionsAll[5]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
116	+ </select>
117	+ </td>
118	+ </tr> */ ?>
119	+ <tr>
120	+ <th scope="row"><?php echo $optionsAll[6]['text']; ?></th>
121	+ <td></td>
122	+ <td align="left">
123	+
124	+ <input type="hidden" name="fireWall_options[7][option_id]" value="<?php echo $optionsAll[6]['option_id']; ?>">
125	+ <input type="text" name="fireWall_options[7][value]" value="<?php echo $optionsAll[6]['value']; ?>" />
126	+ </td>
127	+ </tr>
128	+ <tr>
129	+ <th scope="row"><?php echo $optionsAll[7]['text']; ?></th>
130	+ <td></td>
131	+ <td align="left">
132	+ <input type="hidden" name="fireWall_options[8][option_id]" value="<?php echo $optionsAll[7]['option_id']; ?>"><select style="width:200px" name="fireWall_options[8][value]">
133	+ <option <?php echo ($optionsAll[7]['value']==1) ? 'selected=""' : ''; ?> value="1">Enabled</option>
134	+ <option <?php echo ($optionsAll[7]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
135	+ </select>
136	+ </td>
137	+ </tr>
138	+ </tbody>
139	+ </table>
140	+ <?php //echo $this->__($message) ?>
141	+ <br>
142	+ <br>
143	+ <button style="" onclick="firewallConfigForm.submit()" class="form-button" type="button" title="Save Config" id=""><span><span><span><?php echo $this->__('Save Configuration') ?></span></span></span></button>
144	+ </form>
145	+ <br>
146	+ <br>
147	+ <?php //echo $this->__('MageFirewall configuration : '.$autoprepend) ?>
148	+ <br>
149	+ <?php //echo $autoprependMsg; ?>
150	+ <script type="text/javascript">
151	+ var firewallConfigForm = new varienForm('edit_form');
152	+ </script>

app/design/adminhtml/default/default/template/firewall/diagnostic.phtml ADDED Viewed

	@@ -0,0 +1,13 @@


1	+ <iframe style="display:none; border: medium none;" id="iframess" src="" width="100%" height="700px"></iframe>
2	+ <script>
3	+ var url = "<?php echo Mage::helper('adminhtml')->getUrl('firewall/adminhtml_dashboard_View') ?>";
4	+ var baseUrl = "<?php echo Mage::getBaseUrl(); ?>";
5	+ var r = confirm("Press ok to scan you store. This may not work under intranet environment");
6	+ var iframe = document.getElementById('iframess');
7	+ if (r == true) {
8	+ iframe.src = 'http://magefirewall.com/scan.php?url='+baseUrl;
9	+ iframe.show();
10	+ } else {
11	+ window.location = url;
12	+ }
13	+ </script>

app/design/adminhtml/default/default/template/firewall/filechecker.phtml ADDED Viewed

	@@ -0,0 +1,22 @@


1	+ <h1>Diagnostic Result</h1>
2	+ <?php
3	+ $wallHelper = Mage::helper('firewall');
4	+ $phpVs = 0;
5	+ echo 'Magento version is: ', Mage::getVersion() . "<br />";
6	+ if (version_compare(phpversion(), '5.3.0', '<')===true) {
7	+ $phpVs = 1;
8	+ echo 'PHP version: ' . phpversion();
9	+ echo "<br /> Whoops, it looks like you have an older PHP version.";
10	+ } else {
11	+ echo 'PHP version: ' . phpversion() .' (stable)';
12	+ }
13	+ $check1[0]['exploitname'] = '';
14	+ $check1[0]['data'][0]['searchstring'] = "libxml_disable_entity_loader(\$loadEntities);";
15	+ $check1[0]['data'][0]['filelocation'] = "lib/Zend/XmlRpc/Response.php";
16	+ $check1[0]['error'] = "Major security issue please fix this!!!";
17	+ $phpVs = 1;
18	+ $wallHelper->startprocess($check1[0]);
19	+ echo "Currently your website is safe. ";
20	+ echo "<br />";
21	+ echo "<h3>Please contact us at <a href='http://magefirewall.com'>magefirewall</a> or Tweet us at <a href='https://twitter.com/MageFirewall'>@MageFirewall</a> </h3>";
22	+ ?>

app/design/adminhtml/default/default/template/firewall/recentfile.phtml ADDED Viewed

	@@ -0,0 +1,6 @@


1	+ <?php
2	+ $lists = Mage::helper('firewall')->getRecentEditedFiles();
3	+ echo "<b>Last ".$lists[0]." days modified files</b> <br> <br> <div style='height: 250px;overflow-y: scroll; border: 1px solid;padding: 5px;'>";
4	+ echo $lists[1];
5	+ echo "</div>";
6	+ ?>

app/etc/modules/MageFirewall_Firewall.xml ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ <?xml version="1.0"?>
2	+ <config>
3	+ <modules>
4	+ <MageFirewall_Firewall>
5	+ <active>true</active>
6	+ <codePool>community</codePool>
7	+ </MageFirewall_Firewall>
8	+ </modules>
9	+ </config>

lib/firewall/firewall.php ADDED Viewed

	@@ -0,0 +1,383 @@


1	+ <?php
2	+ /*
3	+ +------------------------------------------------------------------+
4	+ \| Firewall (c)2012-2013 NinTechNet \|
5	+ \| <contact@ninjafirewall.com> \|
6	+ \| \|
7	+ \| EDITION : Free Edition \|
8	+ +------------------------------------------------------------------+
9	+ \| REVISION: 2013-12-28 18:21:33 \|
10	+ +------------------------------------------------------------------+
11	+ \| This program is free software: you can redistribute it and/or \|
12	+ \| modify it under the terms of the GNU General Public License as \|
13	+ \| published by the Free Software Foundation, either version 3 of \|
14	+ \| the License, or (at your option) any later version. \|
15	+ \| \|
16	+ \| This program is distributed in the hope that it will be useful, \|
17	+ \| but WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	+ \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \|
19	+ \| GNU General Public License for more details. \|
20	+ +------------------------------------------------------------------+
21	+ */
22	+ $current_link = "$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
23	+ $host=$_SERVER['HTTP_HOST'].'/downloader/';
24	+ if (strpos($current_link, $host ) !== false) {
25	+ return; // firewall does not support magento connect downloader term in the URL without this condition.
26	+ }
27	+ $mageFilename = 'app/Mage.php';
28	+ require_once $mageFilename;
29	+ //Mage::setIsDeveloperMode(true);
30	+ //ini_set('display_errors', 1);
31	+ umask(0);
32	+ Mage::app();
33	+ if(!Mage::helper('core')->isModuleEnabled('MageFirewall_Firewall')) return;
34	+ $resource = Mage::getSingleton('core/resource');
35	+ $readConnection = $resource->getConnection('core_read');
36	+ $mageOptions = Mage::getModel('firewall/options');
37	+ $wallHelper = Mage::helper('firewall');
38	+ if($wallHelper->getOptionsData('firewall_enable')==0) return;
39	+ $ip_address = $wallHelper->getClientIp();
40	+ $WhiteListQuery = "SELECT * FROM ".$resource->getTableName('firewall_whitelist')." WHERE status=1 && is_delete!=1 && ip='$ip_address'";
41	+ $WhiteListResults = $readConnection->fetchAll($WhiteListQuery);
42	+ $MagenfCheckDebug = '';
43	+ //checking debug mode is enabled or not
44	+ if($wallHelper->getOptionsData('debug_mode')==1) $MagenfCheckDebug = 2;
45	+ $getIpOptionValue = $wallHelper->getOptionsData('banning_ip');
46	+ $CheckipOption = ($getIpOptionValue==0) ? 'off' : 'on';
47	+ define('NF_STARTTIME', microtime(true));
48	+
49	+ $MagenfCheckEnabled = 1; // $results['0']['enabled'];
50	+ $MagenfoptionApplication = 'generic\|option\|magento'; //$results['0']['application'];
51	+
52	+ if ($MagenfCheckDebug) {
53	+ register_shutdown_function('nf_debugfirewall', $MagenfCheckDebug);
54	+ define('STAG', '- ');
55	+ define('ETAG', "\n");
56	+ $nfdebug = STAG ."starting Firewall". ETAG ;// STAG ."hooked PHP script\t\t[----] ". $_SERVER['SCRIPT_FILENAME'] . ETAG;
57	+ }
58	+
59	+ if (! $MagenfCheckEnabled) {
60	+ if ($MagenfCheckDebug) { define('NFDEBUG', $nfdebug.= STAG ."protection is disabled\t[STOP]". ETAG . '::' . nf_benchmarks() ); }
61	+ //return;
62	+ }
63	+ if(empty($WhiteListResults)){
64	+ $blackListQuery = "SELECT * FROM ".$resource->getTableName('firewall_blacklist')." WHERE status=1 && is_delete!=1 && ip='$ip_address'";
65	+ $blackListResults = $readConnection->fetchAll($blackListQuery);
66	+ if(!empty($blackListResults)){
67	+ nf_write2log('Blacklist Ip trying to get site.', null, 2, 0);
68	+ //echo "You are in blacklist.";
69	+ //die();
70	+ }
71	+ }
72	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking user IP\t\t";}
73	+ if ( (preg_match('/^(?:::ffff:)?127\.0\.0\.1$/', $ip_address)) \|\| ($ip_address == $_SERVER['SERVER_ADDR']) ) {
74	+ if ($MagenfCheckDebug) { define('NFDEBUG', $nfdebug.= '[STOP] '. $ip_address .' is whitelisted'. ETAG . '::' . nf_benchmarks() ); }
75	+ return;
76	+ }
77	+
78	+ if ($MagenfCheckDebug) { $nfdebug.= "[----] banning IP option is $CheckipOption". ETAG; }
79	+ if ( ($_SERVER['SCRIPT_FILENAME'] == dirname(__FILE__) .'/index.php') \|\| ($_SERVER['SCRIPT_FILENAME'] == dirname(__FILE__) .'/login.php') ) {
80	+ if ($MagenfCheckDebug) { define('NFDEBUG', $nfdebug.= STAG ."script is whitelisted\t\t[STOP] ".$_SERVER['SCRIPT_NAME']. ETAG . '::' . nf_benchmarks() ); }
81	+ return;
82	+ }
83	+ if (preg_match('/^[\d.:]+$/', $_SERVER['HTTP_HOST'])) {
84	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."HTTP_HOST\t\t\t[FAIL] HTTP_HOST is an IP (".$_SERVER['HTTP_HOST'] .')'. ETAG; }
85	+ nf_write2log('HTTP_HOST is an IP', $_SERVER['HTTP_HOST'], 1, 0);
86	+ if($getIpOptionValue==1){
87	+ nf_block();
88	+ }
89	+ }
90	+
91	+ if ( strpos('GET\|POST\|HEAD', $_SERVER['REQUEST_METHOD']) === false ) {
92	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."REQUEST_METHOD\t\t[FAIL] ". nf_bin2hex_string($_SERVER['REQUEST_METHOD']) .' not allowed'. ETAG; }
93	+ nf_write2log('request method not allowed', $_SERVER['REQUEST_METHOD'], 2, 0);
94	+ nf_block();
95	+ }
96	+ nf_check_request();
97	+
98	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking uploads\t\t"; }
99	+ if (! empty($_FILES)) {
100	+ nf_check_upload();
101	+ } else {
102	+ if ($MagenfCheckDebug) { $nfdebug.= "[----] no upload detected". ETAG; }
103	+ }
104	+ $_GET = nf_sanitise( $_GET, 1, 'GET');
105	+ $_COOKIE = nf_sanitise( $_COOKIE, 1, 'COOKIE');
106	+ if (! empty($_SERVER['HTTP_USER_AGENT'])) {
107	+ $_SERVER['HTTP_USER_AGENT'] = nf_sanitise( $_SERVER['HTTP_USER_AGENT'], 1, 'HTTP_USER_AGENT');
108	+ }
109	+ if (! empty($_SERVER['HTTP_REFERER'])) {
110	+ $_SERVER['HTTP_REFERER'] = nf_sanitise( $_SERVER['HTTP_REFERER'], 1, 'HTTP_REFERER');
111	+ }
112	+ if (! empty($_SERVER['PATH_INFO'])) {
113	+ $_SERVER['PATH_INFO'] = nf_sanitise( $_SERVER['PATH_INFO'], 2, 'PATH_INFO');
114	+ }
115	+ if (! empty($_SERVER['PATH_TRANSLATED'])) {
116	+ $_SERVER['PATH_TRANSLATED'] = nf_sanitise( $_SERVER['PATH_TRANSLATED'], 2, 'PATH_TRANSLATED');
117	+ }
118	+ if (! empty($_SERVER['PHP_SELF'])) {
119	+ $_SERVER['PHP_SELF'] = nf_sanitise( $_SERVER['PHP_SELF'], 2, 'PHP_SELF');
120	+ }
121	+
122	+ if ( (! defined('NFDEBUG')) && ($nfdebug) ) { define('NFDEBUG',$nfdebug . '::' . nf_benchmarks() ); }
123	+ return;
124	+
125	+ /* ================================================================ */
126	+ function nf_debugfirewall($debug) {
127	+
128	+ if ( (defined('NF_NODBG')) \|\| (! defined('NFDEBUG')) \|\| (NFDEBUG == '') ) {
129	+ return;
130	+ }
131	+ list($nfdebug, $bench) = explode('::', NFDEBUG . '::');
132	+
133	+ if ($debug == 1) {
134	+ echo "\n<!--\n". htmlentities( $nfdebug ) ."- stopping Firewall\n- processing time:\t\t$bench s\n-->" ;
135	+ } else {
136	+ echo '<br><script>function onoff(){if(document.getElementById("tex").style.display=="none"){document.getElementById("tex").style.display="";document.getElementById("fie").style.background="#000000";document.cookie="tex=0; expires=Thu, 01-Jan-70 00:00:01 GMT;";}else{document.getElementById("tex").style.display="none";document.getElementById("fie").style.background="none";document.cookie="tex=1;";}}</script>'. "\n". '<center><fieldset id=fie style="width:85%;font-family:Verdana,Arial,sans-serif,Ubuntu;font-size:10px;background:';
137	+ if ( (isset($_COOKIE['tex'])) && ($_COOKIE['tex'])==1) {echo 'none';} else {echo '#000000';}
138	+ echo ';border:0px solid #000000;padding:0px;"><legend id=leg style="border:1px solid #ffd821;background:#ffd821;font-family:Verdana,Arial,sans-serif,Ubuntu;font-size:10px;"><a title=\'Click to mask/show the console\' href="javascript:onoff();" style="text-decoration: none;color:#000000;background:#ffd821;"><b> Firewall debug console </b></a></legend><textarea id=tex rows='. count(explode("\n", $nfdebug)) .' style="font-family:\'Courier New\',Courier,monospace,Verdana, Arial, sans-serif;font-size:12px;width:100%;border:none;padding:0px;background:#000000;color:#ffffff;line-height:14px;';
139	+ if ( (isset($_COOKIE['tex'])) && ($_COOKIE['tex'])==1) {echo 'display:none;'; }
140	+ echo '" wrap="off">'. htmlentities( $nfdebug ) ."- stopping Firewall\n- processing time\t\t$bench s</textarea></fieldset></center><br>";
141	+ }
142	+ }
143	+ /* ================================================================ */
144	+ function nf_check_request() {
145	+ global $resource;
146	+ global $readConnection;
147	+ global $MagenfCheckDebug;
148	+ global $MagenfoptionApplication;
149	+ global $nfdebug;
150	+
151	+ $rules_count = 0;
152	+ $query = 'SELECT * FROM ' . $resource->getTableName('firewall_rules'). ' WHERE `who` REGEXP "^('. $MagenfoptionApplication .')$" && `enabled` = "1"';
153	+ $results = $readConnection->fetchAll($query);
154	+ foreach($results as $rulesData){
155	+ $wherelist = explode('\|', $rulesData['request']);
156	+ foreach ($wherelist as $where) {
157	+ if ( ($where == 'POST') \|\| ($where == 'GET') ) {
158	+ foreach ($GLOBALS['_' . $where] as $reqkey => $reqvalue) {
159	+ if ( is_array($reqvalue) ) {
160	+ $res = nf_flatten( "\n", $reqvalue );
161	+ $reqvalue = $res;
162	+
163	+ $rulesData['what'] = '(?m:'. $rulesData['what'] .')';
164	+ } else {
165	+ if ( ($where == 'POST') && ($reqvalue) && (! isset( $b64_post[$reqkey])) ) {
166	+ $b64_post[$reqkey] = 1;
167	+ nf_check_b64($reqkey, $reqvalue);
168	+ }
169	+ }
170	+ // print_r("reqvalue." .$reqvalue ."=" );
171	+ if (! $reqvalue) {continue;}
172	+ $rules_count++;
173	+
174	+ // print_r($rulesData['what'] . "<br />");
175	+ if ( preg_match('`'.$rulesData['what'].'`', $reqvalue) ) {
176	+
177	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] '. $where .' : ' . $rulesData['why'] . ' (#'. $rulesData['rules_id'] . ')' . ETAG; }
178	+
179	+ nf_write2log($rulesData['why'], $where . ':' . $reqkey . ' = ' . $reqvalue, $rulesData['level'], $rulesData['rules_id']);
180	+ nf_block();
181	+ }
182	+
183	+
184	+ }
185	+ continue;
186	+ }
187	+
188	+ $sub_value = explode(':', $where);
189	+ if ( (! empty($sub_value[1]) ) && ( @isset($GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) ) ) {
190	+ $rules_count++;
191	+ if ( is_array($GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) ) {
192	+ $res = nf_flatten( "\n", $GLOBALS['_' . $sub_value[0]] [$sub_value[1]] );
193	+ $GLOBALS['_' . $sub_value[0]] [$sub_value[1]] = $res;
194	+ $rulesData['what'] = '(?m:'. $rulesData['what'] .')';
195	+ }
196	+ if (! $GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) {continue;}
197	+ if ( preg_match('`'. $rulesData['what'] .'`', $GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) ) {
198	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] '.$sub_value[0].':'.$sub_value[1].' : ' . $rulesData['why'] . ' (#'. $rulesData['rules_id'] . ')' . ETAG; }
199	+ nf_write2log($rulesData['why'], $sub_value[0].':'.$sub_value[1].' = ' . $GLOBALS['_' . $sub_value[0]] [$sub_value[1]], $rulesData['level'], $rulesData['rules_id']);
200	+ nf_block();
201	+ }
202	+
203	+ } elseif ( isset($_SERVER[$where]) ) {
204	+ $rules_count++;
205	+ if ( preg_match('`'. $rulesData['what'] .'`', $_SERVER[$where]) ) {
206	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] ' . $where.' : ' . $rulesData['why'] . ' (#'. $rulesData['rules_id'] . ')' . ETAG; }
207	+ nf_write2log($rulesData['why'], $where . ':' . $_SERVER[$where], $rulesData['level'], $rulesData['rules_id']);
208	+ nf_block();
209	+ }
210	+ }
211	+ }
212	+ }
213	+
214	+
215	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[PASS] '. $rules_count . ' occurences checked' . ETAG; }
216	+
217	+ }
218	+ /* ================================================================ */
219	+ function nf_flatten($glue, $pieces) {
220	+
221	+ foreach ($pieces as $r_pieces) {
222	+ if ( is_array($r_pieces)) {
223	+ $ret[] = nf_flatten($glue, $r_pieces);
224	+ } else {
225	+ $ret[] = $r_pieces;
226	+ }
227	+ }
228	+ return implode($glue, $ret);
229	+ }
230	+ /* ================================================================ */
231	+ function nf_bin2hex_string($data) {
232	+
233	+ $res = '';
234	+ $string = str_split($data);
235	+ foreach ( $string as $char ) {
236	+ if ( ( ord($char) < 32 ) \|\| ( ord($char) > 127 ) ) {
237	+ $res .= '%' . bin2hex($char);
238	+ } else {
239	+ $res .= $char;
240	+ }
241	+ }
242	+ return $res;
243	+ }
244	+ /* ================================================================== */
245	+ function nf_check_b64( $reqkey, $string ) {
246	+
247	+ global $MagenfCheckDebug;
248	+ global $nfdebug;
249	+
250	+ $string = preg_replace( '`[^A-Za-z0-9+/=]`', '', $string);
251	+ if ( (! $string) \|\| (strlen($string) % 4 != 0) ) { return; }
252	+ if ( base64_encode( $decoded = base64_decode($string) ) === $string ) {
253	+ if ( preg_match( '`\b(?:\$?_(COOKIE\|ENV\|FILES\|(?:GE\|POS\|REQUES)T\|SE(RVER\|SSION))\|HTTP_(?:(?:POST\|GET)_VARS\|RAW_POST_DATA)\|GLOBALS)\s[=\[)]\|\b(?i:array_map\|assert\|base64_(?:de\|en)code\|chmod\|curl_exec\|(?:ex\|im)plode\|error_reporting\|eval\|file(?:_get_contents)?\|f(?:open\|write\|close)\|fsockopen\|function_exists\|gzinflate\|md5\|move_uploaded_file\|ob_start\|passthru\|preg_replace\|phpinfo\|stripslashes\|strrev\|(?:shell_)?exec\|system\|unlink)\s\(\|\becho\s[\'"]\|<\s(?i:applet\|div\|embed\|i?frame(?:set)?\|img\|meta\|marquee\|object\|script\|textarea)\b\|\b(?i:(?:ht\|f)tps?\|php)://\|\W\$\{\s*[\'"]\w+[\'"]\|<\?(?i:php)`', $decoded) ) {
254	+ if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] POST[' . $reqkey . '] : BASE64-encoded injection' . ETAG; }
255	+ nf_write2log('BASE64-encoded injection', 'POST:' . $reqkey . ' = ' . $string, 3, 0);
256	+ nf_block();
257	+ }
258	+ }
259	+ }
260	+ /* ================================================================ */
261	+ function nf_sanitise($str, $how, $msg ) {
262	+
263	+ // global $dbh;
264	+ global $MagenfCheckDebug;
265	+ global $nfdebug;
266	+ if (! isset($str) ) {
267	+ return null;
268	+ } else if (is_string($str) ) {
269	+ if (get_magic_quotes_gpc() ) {$str = stripslashes($str);}
270	+
271	+ if ($how == 1) {
272	+ //$str2 = $dbh->real_escape_string($str);
273	+ $str2 = str_replace('`', '\`', $str);
274	+ } else {
275	+ $str2 = str_replace( array('\\', "'", '"', "\x0d", "\x0a", "\x00", "\x1a", '`', '<', '>'),
276	+ array('\\\\', "\\'", '\\"', 'X', 'X', 'X', 'X', '\\`', '\\<', '\\>'), $str);
277	+ }
278	+ if ($str2 != $str) {
279	+ nf_write2log('Sanitising user input', $msg . ': ' . $str, 6, 0);
280	+ if ($MagenfCheckDebug) { $nfdebug.= STAG . "sanitising $msg\t\t[WARN] string: " . nf_bin2hex_string($str) . ETAG; }
281	+ }
282	+ return $str2;
283	+
284	+ } else if (is_array($str) ) {
285	+ foreach($str as $key => $value) {
286	+ if (get_magic_quotes_gpc() ) {$key = stripslashes($key);}
287	+
288	+ $key2 = str_replace( array('\\', "'", '"', "\x0d", "\x0a", "\x00", "\x1a", '`', '<', '>'),
289	+ array('\\\\', "\\'", '\\"', 'X', 'X', 'X', 'X', '`', '<', '>'), $key, $occ);
290	+ if ($occ) {
291	+ unset($str[$key]);
292	+ nf_write2log('Sanitising user input', $msg . ': ' . $key, 6, 0);
293	+ if ($MagenfCheckDebug) { $nfdebug.= STAG . "sanitising $msg\t\t[WARN] string: " . nf_bin2hex_string($key) . ETAG; }
294	+ }
295	+ $str[$key2] = nf_sanitise($value, $how, $msg);
296	+ }
297	+ return $str;
298	+ }
299	+ }
300	+ /* ================================================================ */
301	+ function nf_check_upload() {
302	+
303	+ global $nfdebug;
304	+ global $MagenfCheckDebug;
305	+ $tmp = '';
306	+ foreach ($_FILES as $file) {
307	+ if ( is_array($file['name']) ) {
308	+ foreach($file['name'] as $key => $value) {
309	+ if (! $file['name'][$key]) { continue; }
310	+ $tmp .= $file['name'][$key] . ', ' . number_format($file['size'][$key]) . ' bytes ';
311	+ }
312	+ } else {
313	+ if (! $file['name']) { continue; }
314	+ $tmp .= $file['name'] . ', ' . number_format($file['size']) . ' bytes ';
315	+ }
316	+ }
317	+ if ($tmp) {
318	+ if ($MagenfCheckDebug) { $nfdebug.= '[FAIL] file upload attempt : '. nf_bin2hex_string($tmp) . ETAG; }
319	+ nf_write2log('File upload attempt', rtrim($tmp, ' '), 2, 0);
320	+ nf_block();
321	+ }
322	+
323	+ if ($MagenfCheckDebug) { $nfdebug.= '[----] upload field is empty' . ETAG; }
324	+ }
325	+ /* ================================================================ */
326	+ function nf_block() {
327	+
328	+ global $nfdebug;
329	+ global $rand_value;
330	+ global $ip_address;
331	+
332	+ header('HTTP/1.1 403 Forbidden');
333	+ header('Status: 403 Forbidden');
334	+ echo '<html><head><title>403 Forbidden</title><style>.smallblack{font-family:Verdana,Arial,Helvetica,Ubuntu,"Bitstream Vera Sans",sans-serif;font-size:12px;line-height:16px;color:#000000;}.tinygrey{font-family:Verdana,Arial,Helvetica,Ubuntu, "Bitstream Vera Sans",sans-serif;font-size:10px;line-height:12px;color:#999999;}</style></head><body><br><br><br><br><br><table align=center style="border:1px solid #FDCD25;" cellspacing=0 cellpadding=6 class=smallblack><tr><td align=center><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1goFFS4tIeiJwwAAAqNJREFUOMttk9trXFUUxn97nz0zZ+ZEEnNFwSAhVQoKEcFCqaJ9CQhBnxRC639QCvqgkJdQGoo3fBbxQmlLzIPoQ0SKEAQlITEEL6mkScUmJ2MymclJzlzOTM6cs3w4U3OhH+yXtdb3fWvtxVKcwPI4g20Z3nW6H30509HvgCLcc2tVr/hT4PPRU1f5i4dhZhzjfpz+Mpx/25fdJZE4kkPEIt7vEi68429+kr3x66ekjpFlCqvwef+8FH6OJPRFQl+q+9vy9eQtuXnjupQK6/IgLsW5aOeLJxeXx0kDGIC8y2ePvzb+HCanKa8BsHLnH+YXFjHG0NUmDL/0bOKm07r7/MRQ+O1bX0E0au59wKmegadHMI6hsgoa0FD11snn81iWxc52BglslAAxoIzuHjg9vPbhn88Yx+G9VC7dTbCW9KMTo9r+Jq7rorVmr2ghQRqlFQgQQiqb7mxvY8zkOjgHGxCuQgSoRCQob+O6LkopdosCByrJCUkd97HbecGYHDZ6D6qzYPf8L1ArF9nY2Eg62G0iYQRKJSM0SqBLGIeMUVkUFnBwF9QWpOxkM3GdZrMJQHhQBGkk5LAOB34yrg1GFA1SgCWg90Htg4InHjtcc19PDaVqrS0AKaAJommYsMFstpNBaCVM8l48C79MgbsFr5wBbbdm161/MhB5LOlmhfdjGx/TEkgBaVhx4c3LcOkK/PF3EjtqIFnKUcA13TXKcrDDD7QRYx2KfHMb3H+hUITJaYj0EQGHuF7gx443WNQATpGLjT2WeIQIKyl6fQT6eqGrE0ZeBcsGrITc8FjOVrhw/B6+J1OfYyr28MRHxEfiKhIHiFQQKSOxh1ef5zuZwX7AUyevsjLNUKqXMauL51WOtIAioB6V+K1ZYsIZZvFo/X+fTjL6xSvBJAAAAABJRU5ErkJggg==" border=0 width=16 height=16><p>Sorry <b>'. $ip_address .'</b>, your request cannot be proceeded.<br>For security reason it was blocked and logged.<p>If you think that this was a mistake, please contact<br>the webmaster and enclose the following incident ID :<p>[<b>#' . $rand_value . '</b>]<br> </td></tr></table><br><br><br><br></body></html>';
335	+
336	+ if ($nfdebug) {define('NFDEBUG', $nfdebug . '::' . nf_benchmarks() );}
337	+
338	+ @$dbh->close();
339	+ exit;
340	+ }
341	+ /* ================================================================ */
342	+ function nf_write2log( $loginfo, $logdata, $loglevel, $ruleid ) {
343	+
344	+ global $MagenfCheckDebug;
345	+ global $rand_value;
346	+ global $nfdebug;
347	+ global $ip_address;
348	+
349	+ if ( ($loglevel == 6) \|\| ($loglevel == 5) ) {
350	+ $rand_value = '0000000';
351	+ $http_ret_code = '200 OK';
352	+ } else {
353	+ $rand_value = mt_rand(1000000, 9000000);
354	+ $http_ret_code = '403 Forbidden';
355	+ }
356	+
357	+ /*$LOG_FILE = dirname(__FILE__) . '/var/logs/firewall_' . date('Y-m') . '.log';
358	+ if (! $handle = fopen($LOG_FILE, 'a') ) {
359	+ if ($MagenfCheckDebug) { $nfdebug.= STAG .'unable to write to log'. "\t" . '[ERROR] ' . $LOG_FILE . ETAG; }
360	+ return;
361	+ }*/
362	+
363	+ //if (strlen($logdata) > 100) { $logdata = substr($logdata, 0, 100) . '...'; }
364	+
365	+ $message =
366	+ '[' . $http_ret_code . '] ' . '[' . $_SERVER['REQUEST_METHOD'] . '] ' .
367	+ '[' . $_SERVER['SCRIPT_NAME'] . '] ' . '[' . $loginfo . '] ' .
368	+ '[' . nf_bin2hex_string($logdata) . ']' . "\n";
369	+ Mage::getModel('firewall/logs')
370	+ ->setData(array('summary'=>$message,'ruleid'=>$ruleid,'level'=>$loglevel,'ip'=>$ip_address,'incidentid'=>$rand_value,'created_time'=>time()))
371	+ ->save();
372	+ Mage::log($message, null, "firewall_-".date('Y-m-d').".log");
373	+ // fclose($handle);
374	+ }
375	+ /* ================================================================ */
376	+ function nf_benchmarks() {
377	+
378	+ return round( (microtime(true) - NF_STARTTIME), 5);
379	+
380	+ }
381	+ /* ================================================================ */
382	+ // EOF
383	+ ?>

package.xml ADDED Viewed

	@@ -0,0 +1,18 @@


1	+ <?xml version="1.0"?>
2	+ <package>
3	+ <name>MageFirewall_Firewall</name>
4	+ <version>0.1.0</version>
5	+ <stability>stable</stability>
6	+ <license>OSL v. 3.0</license>
7	+ <channel>community</channel>
8	+ <extends/>
9	+ <summary>Opensource Magento Firewall for securing your e-commerce system.</summary>
10	+ <description>It protects users magneto ecommerce systems with several security features.</description>
11	+ <notes>First release</notes>
12	+ <authors><author><name>paimpozhil</name><user>paimpozhil</user><email>paimpozhil@gmail.com</email></author></authors>
13	+ <date>2014-09-18</date>
14	+ <time>12:48:17</time>
15	+ <contents><target name="magecommunity"><dir name="MageFirewall"><dir name="Firewall"><dir name="Block"><dir name="Adminhtml"><dir name="Blacklist"><dir name="Edit"><file name="Form.php" hash="d26360056e1af1941f2055ce2f6d43c3"/><dir name="Tab"><file name="Form.php" hash="0bb50bc1207256d40e7bae26e7919789"/></dir><file name="Tabs.php" hash="ef545ebdef29eb8a07a0fe514e96a838"/></dir><file name="Edit.php" hash="8a0b682b1b1a13693828654fc465d03a"/><file name="Grid.php" hash="458ace727ba696dcff27220b702d9869"/></dir><file name="Blacklist.php" hash="8aafc52116e077dfd7568f02085ee216"/><dir name="Logs"><file name="Grid.php" hash="211ce1ba3dc311ea3a9926626d7549ab"/></dir><file name="Logs.php" hash="cfaf8454e04b9c29c19d49188e92278b"/><dir name="Rules"><dir name="Edit"><file name="Form.php" hash="af6478cdc0e8597539270574bf580732"/><dir name="Tab"><file name="Form.php" hash="964beb6b05ed7cfcdad228322700d680"/></dir><file name="Tabs.php" hash="588f28856122a51bbfcdc88b07eb7c78"/></dir><file name="Edit.php" hash="31a84e45679addebf887c283509cad74"/><file name="Grid.php" hash="177f832f0bf29b5b35e407c30bc3d53d"/></dir><file name="Rules.php" hash="a9b1815f6c762a33fe4af0d9e825e6b1"/><dir name="Whitelist"><dir name="Edit"><file name="Form.php" hash="24f87e125d1d354dcd49096e2da1a90d"/><dir name="Tab"><file name="Form.php" hash="bf8f74d7665ed79991081c4edef5a998"/></dir><file name="Tabs.php" hash="ce02a58a943827ccb9dde071e8777a1b"/></dir><file name="Edit.php" hash="c00bd6da06bb01bfbeeaed24e026de96"/><file name="Grid.php" hash="fe80f5ae18c2e74b53e90def5b1c7ce8"/></dir><file name="Whitelist.php" hash="e5ddc033500ffe525ce9b9a46e1686bf"/></dir></dir><dir name="Helper"><file name="Data.php" hash="c84897bcb7a2e6f36955f4261bf89486"/></dir><dir name="Model"><file name="Blacklist.php" hash="b9f445d0e476b13bba2d6082cafcf413"/><file name="Cron.php" hash="27fd2731368dd6b41d107361f450b794"/><file name="Logs.php" hash="81e0eeeb79349075393f37994edf2f45"/><dir name="Mysql4"><dir name="Blacklist"><file name="Collection.php" hash="70d70ef8a916a611852bb4403c833907"/></dir><file name="Blacklist.php" hash="78c956b15cb27ab5771585425b6e55ac"/><dir name="Logs"><file name="Collection.php" hash="8dbd26450f38fd779adeb2d4c8c6ecfc"/></dir><file name="Logs.php" hash="8597c4053eb34f82aa4f315648a55eae"/><dir name="Options"><file name="Collection.php" hash="551289eb76b05c994c92f7a7a03344ec"/></dir><file name="Options.php" hash="b6c0c2f3fe6090f24a19532087ba19c2"/><dir name="Rules"><file name="Collection.php" hash="0e16336936eea930eb9be37760cd3859"/></dir><file name="Rules.php" hash="708f759852fdfda07c04209e0cc4666c"/><dir name="Version"><file name="Collection.php" hash="d2742547114e9824f2a69efa094a2bcb"/></dir><file name="Version.php" hash="07c11bd747b44ef08b3772057c9a1b95"/><dir name="Whitelist"><file name="Collection.php" hash="ae8cac841ebd6cb95630b53dbcbee435"/></dir><file name="Whitelist.php" hash="921942f5c7d5f294e07fb73257a7e23d"/></dir><file name="Observer.php" hash="645cc56e5039f188e95e2797dd67a9e2"/><file name="Options.php" hash="3d3562b526556480e38e3f5939292a13"/><file name="Rules.php" hash="26f3b465b377fb3cc620c3e646a901ef"/><file name="Version.php" hash="dcafc9db7dfae1b4bc661824a5ceb8d0"/><file name="Whitelist.php" hash="f9c48424055eff408351eb7a995a756e"/></dir><dir name="controllers"><dir name="Adminhtml"><file name="BlacklistController.php" hash="eafd2d348873ab7ed8818a181adeaee2"/><dir name="Dashboard"><file name="DiagnosticController.php" hash="87c41a95b25174c03078bf46cf3b1419"/><file name="FilecheckerController.php" hash="12b8bb4454bcb6b78e4b7f8556856f70"/><file name="RecentController.php" hash="478f5b5aea6861764d29af9146c52764"/><file name="ViewController.php" hash="9fe90eac61581484055357ab52245848"/></dir><file name="LogsController.php" hash="555ab9ab642e538b3619d60ba2f12187"/><file name="RulesController.php" hash="185a0da146bc4a5aec80b227065aa53d"/><file name="WhitelistController.php" hash="544c62f98e22d1b5d0d561778df7d310"/></dir></dir><dir name="data"><dir name="firewall_setup"><file name="data-install-0.1.0.php" hash="c6a2451a59e0cea5d4ebbf7d36f20a95"/></dir></dir><dir name="etc"><file name="config.xml" hash="c7d67c3014f973ea2f4293d3b13bdcc9"/></dir><dir name="sql"><dir name="firewall_setup"><file name="mysql4-install-0.1.0.php" hash="535a6fd1a31529f877521f2378f7bfba"/></dir></dir></dir></dir></target><target name="magedesign"><dir name="adminhtml"><dir name="default"><dir name="default"><dir name="template"><dir name="firewall"><file name="dashboard.phtml" hash="b5c056f7651668f40003d95f6f87868f"/><file name="diagnostic.phtml" hash="700a66064a5536f116c1e95c44f1fd60"/><file name="filechecker.phtml" hash="080be0a8975e968c68717831d1d8cd23"/><file name="recentfile.phtml" hash="d731d305ae36c3c930ccf521d02eb150"/></dir></dir></dir></dir></dir></target><target name="mageetc"><dir name="modules"><file name="MageFirewall_Firewall.xml" hash="58c9780878d409245f613b460d080d96"/></dir></target><target name="magelib"><dir name="firewall"><file name="firewall.php" hash="a2a84e69a9854203d7c20af000e4c6d8"/></dir></target></contents>
16	+ <compatible/>
17	+ <dependencies><required><php><min>5.2.0</min><max>5.6.0</max></php></required></dependencies>
18	+ </package>