conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD);
$ok = mysqli_select_db($this->conn,DB_NAME);
if (!$ok) return false;
$this->get_options();
// plugin disabled
if (!$this->enable) return;
// current request is admin's one
if (isset($_COOKIE['wpantiddos']) && $_COOKIE['wpantiddos']==$this->cookie) return;
if ($this->only_params_enabled)
if (!$this->only_param_detected())
return;
// detect request type and limits
if ($this->xhr_request())
{
if ($this->hits_limit_XHR=='ANY') return;
$request_type = 'xhr';
$hits_limit = $this->hits_limit_XHR;
$seconds_limit = wpadtiddos_seconds_limit_XHR;
}
elseif ($_POST && isset($_POST[$this->pass_param]) )
{
if ($this->seconds_limit_AUTH=='ANY') return;
$request_type = 'auth';
$seconds_limit = $this->seconds_limit_AUTH;
$this->only_params .= ' '.$this->pass_param;
$hits_limit = 1;
}
elseif ($_POST)
{
if ($this->seconds_limit_POST=='ANY') return;
$request_type = 'post';
$hits_limit = 1;
$seconds_limit = $this->seconds_limit_POST;
}
else
{
if ($this->hits_limit_GET=='ANY') return;
$request_type = 'get';
$hits_limit = $this->hits_limit_GET;
$seconds_limit = wpadtiddos_seconds_limit_GET;
}
if ($this->send_header)
header("WP_AntiDDOS: yes");
if ($this->cloudflare)
{
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
$this->ip = $_SERVER['REMOTE_ADDR'];
if ($this->block_cnet)
$this->ip = substr($this->ip,0,strrpos($this->ip,'.')+1);
$this->warm_level = ceil($hits_limit/2);
try
{
$res = mysqli_query($this->conn,"SELECT count(*) kount FROM $this->table_name WHERE ip='".addslashes($this->ip)."' AND tstamp>".(time()-$seconds_limit)." AND type='$request_type'");
$row = mysqli_fetch_assoc($res);
if (!$row)
$this->error_msg = 'Error detected';
$this->hits = @$row['kount']+1; // consider current request too
if ($this->hits==0) // if no hits from this IP
$this->visitor = "new";
elseif ($this->hits>$hits_limit)
$this->visitor = "hot";
elseif ($this->hits>=$this->warm_level)
$this->visitor = "warm";
else
$this->visitor = "cool";
// add current hit
mysqli_query($this->conn,"INSERT INTO $this->table_name SET ip='$this->ip', type='$request_type', tstamp=".time());
// cleanup ip list
$clear_time = max($this->delay_time,$seconds_limit);
mysqli_query($this->conn,"DELETE FROM $this->table_name WHERE tstamp<".(time()-$clear_time));
}
catch(Exception $e)
{
$this->error_msg = $e->getString();
$this->status = 'error';
mysqli_close($this->conn);
return;
}
mysqli_close($this->conn);
if (!empty($this->error_msg) )
{
$this->status = 'error';
}
if ($this->auto && $this->visitor=='hot')
{
header('HTTP/1.0 503 Service Unavailable');
header('Status: 503 Service Unavailable');
header("Retry-After: ".($this->delay_time+1)); // submit form first if POST request
if (!$_POST)
print "";
else
{
$inputs = $this->array_to_fields($_POST);
print '
';
}
if ($request_type=='auth')
printf("$this->delay_message_auth
",$this->delay_time);
else
printf("$this->delay_message
",$this->delay_time);
die();
}
}
function xhr_request()
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']))
{
if ($_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest')
return true;
}
else
{
$headers = getallheaders();
if (isset($headers['X-Requested-With']) && $headers['X-Requested-With']=='XMLHttpRequest')
return true;
}
return false;
}
public function get_options()
{
global $table_prefix;
$result = mysqli_query($this->conn,"SELECT option_name, option_value FROM {$table_prefix}options WHERE option_name LIKE 'Wpantiddos_Plugin_%'");
while ($row = mysqli_fetch_assoc($result)) {
$name = str_replace('Wpantiddos_Plugin_','',$row['option_name']);
$value = $row['option_value'];
if ($value==='Yes') $value = true;
if ($value==='No') $value = false;
if (isset($this->$name))
$this->$name = $value;
}
}
public function only_param_detected()
{
$acual = array_merge(array_keys($_GET),array_keys($_POST));
$found = array_intersect($acual,explode(' ',trim($this->only_params)));
return $found;
}
function array_to_fields($fields, $prefix = '') {
$form_html = '';
foreach ($fields as $name => $value) {
if ( ! is_array($value)) {
if ( ! empty($prefix)) {
$name = $prefix . '[' . $name . ']';
}
// generate the hidden field
$form_html .= "\n";
} else {
if ( ! empty($prefix)) {
$subprefix = $prefix . '[' . $name . ']';
} else {
$subprefix = $name;
}
$form_html .= array_to_fields($value, $subprefix);
}
}
return $form_html;
}
}
?>