1: <?php
2:
3: namespace Alpha\Model;
4:
5: use Alpha\Model\Type\String;
6: use Alpha\Util\Logging\Logger;
7: use Alpha\Util\Config\ConfigProvider;
8: use Alpha\Exception\AlphaException;
9:
10: /**
11: * A HTTP request that resulted in a 400 response. The class is only used when the
12: * security.client.temp.blacklist.filter.enabled setting is set to true to enable the filter.
13: *
14: * @since 1.0
15: *
16: * @author John Collins <dev@alphaframework.org>
17: * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
18: * @copyright Copyright (c) 2015, John Collins (founder of Alpha Framework).
19: * All rights reserved.
20: *
21: * <pre>
22: * Redistribution and use in source and binary forms, with or
23: * without modification, are permitted provided that the
24: * following conditions are met:
25: *
26: * * Redistributions of source code must retain the above
27: * copyright notice, this list of conditions and the
28: * following disclaimer.
29: * * Redistributions in binary form must reproduce the above
30: * copyright notice, this list of conditions and the
31: * following disclaimer in the documentation and/or other
32: * materials provided with the distribution.
33: * * Neither the name of the Alpha Framework nor the names
34: * of its contributors may be used to endorse or promote
35: * products derived from this software without specific
36: * prior written permission.
37: *
38: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
39: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
40: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
41: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
42: * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
43: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
48: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
49: * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
50: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51: * </pre>
52: */
53: class BadRequest extends ActiveRecord
54: {
55: /**
56: * The HTTP user-agent client string.
57: *
58: * @var Alpha\Model\Type\String
59: *
60: * @since 1.0
61: */
62: protected $client;
63:
64: /**
65: * The IP of the client.
66: *
67: * @var Alpha\Model\Type\String
68: *
69: * @since 1.0
70: */
71: protected $IP;
72:
73: /**
74: * The resource that the client requested.
75: *
76: * @var Alpha\Model\Type\String
77: *
78: * @since 1.0
79: */
80: protected $requestedResource;
81:
82: /**
83: * An array of data display labels for the class properties.
84: *
85: * @var array
86: *
87: * @since 1.0
88: */
89: protected $dataLabels = array('OID' => 'Bad request ID#', 'client' => 'Client string', 'IP' => 'IP', 'requestedResource' => 'Requested resource');
90:
91: /**
92: * The name of the database table for the class.
93: *
94: * @var string
95: *
96: * @since 1.0
97: */
98: const TABLE_NAME = 'BadRequest';
99:
100: /**
101: * Trace logger.
102: *
103: * @var Alpha\Util\Logging\Logger
104: *
105: * @since 1.0
106: */
107: private static $logger = null;
108:
109: /**
110: * Constructor for the class.
111: *
112: * @since 1.0
113: */
114: public function __construct()
115: {
116: self::$logger = new Logger('BadRequest');
117: self::$logger->debug('>>__construct()');
118:
119: // ensure to call the parent constructor
120: parent::__construct();
121:
122: $this->client = new String();
123: $this->IP = new String();
124: $this->requestedResource = new String();
125:
126: self::$logger->debug('<<__construct');
127: }
128:
129: /**
130: * Gets the count of bad requests for the client with this IP and client string in the past
131: * configurable period (security.client.temp.blacklist.filter.period).
132: *
133: * @return int
134: *
135: * @since 1.0
136: *
137: * @throws Alpha\Exception\AlphaException
138: */
139: public function getBadRequestCount()
140: {
141: $config = ConfigProvider::getInstance();
142:
143: // the datetime interval syntax between MySQL and SQLite3 is a little different
144: if ($config->get('db.provider.name') == 'Alpha\Model\ActiveRecordProviderMySQL') {
145: $sqlQuery = 'SELECT COUNT(OID) AS request_count FROM '.$this->getTableName()." WHERE IP = '".$this->IP->getValue()."' AND client = '".$this->client->getValue()."' AND created_ts > NOW()-INTERVAL '".$config->get('security.client.temp.blacklist.filter.period')."' MINUTE";
146: } else {
147: $sqlQuery = 'SELECT COUNT(OID) AS request_count FROM '.$this->getTableName()." WHERE IP = '".$this->IP->getValue()."' AND client = '".$this->client->getValue()."' AND created_ts > datetime('now', '-".$config->get('security.client.temp.blacklist.filter.period')." MINUTES')";
148: }
149:
150: $result = $this->query($sqlQuery);
151:
152: if (isset($result[0])) {
153: $row = $result[0];
154: } else {
155: throw new AlphaException('No result set returned when querying the bad request table');
156: }
157:
158: if (isset($row['request_count'])) {
159: return $row['request_count'];
160: } else {
161: return 0;
162: }
163: }
164: }
165: