1: <?php
2:
3: /**
4: *
5: * A HTTP request that resulted in a 404 response. The class is only used when the
6: * security.client.temp.blacklist.filter.enabled setting is set to true to enable the filter.
7: *
8: * @package alpha::model
9: * @since 1.0
10: * @author John Collins <dev@alphaframework.org>
11: * @version $Id: BadRequestObject.inc 1563 2012-08-04 14:36:54Z alphadevx $
12: * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
13: * @copyright Copyright (c) 2012, John Collins (founder of Alpha Framework).
14: * All rights reserved.
15: *
16: * <pre>
17: * Redistribution and use in source and binary forms, with or
18: * without modification, are permitted provided that the
19: * following conditions are met:
20: *
21: * * Redistributions of source code must retain the above
22: * copyright notice, this list of conditions and the
23: * following disclaimer.
24: * * Redistributions in binary form must reproduce the above
25: * copyright notice, this list of conditions and the
26: * following disclaimer in the documentation and/or other
27: * materials provided with the distribution.
28: * * Neither the name of the Alpha Framework nor the names
29: * of its contributors may be used to endorse or promote
30: * products derived from this software without specific
31: * prior written permission.
32: *
33: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
34: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
35: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
37: * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
38: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
39: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
40: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
41: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
42: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
43: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
44: * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
45: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
46: * </pre>
47: *
48: */
49: class BadRequestObject extends AlphaDAO {
50: /**
51: * The HTTP user-agent client string
52: *
53: * @var String
54: * @since 1.0
55: */
56: protected $client;
57:
58: /**
59: * The IP of the client
60: *
61: * @var String
62: * @since 1.0
63: */
64: protected $IP;
65:
66: /**
67: * The non-existant resource that the client requested
68: *
69: * @var String
70: * @since 1.0
71: */
72: protected $requestedResource;
73:
74: /**
75: * An array of data display labels for the class properties
76: *
77: * @var array
78: * @since 1.0
79: */
80: protected $dataLabels = array('OID'=>'Bad request ID#','client'=>'Client string','IP'=>'IP','requestedResource'=>'Requested resource');
81:
82: /**
83: * The name of the database table for the class
84: *
85: * @var string
86: * @since 1.0
87: */
88: const TABLE_NAME = 'BadRequest';
89:
90: /**
91: * Trace logger
92: *
93: * @var Logger
94: * @since 1.0
95: */
96: private static $logger = null;
97:
98: /**
99: * Constructor for the class
100: *
101: * @since 1.0
102: */
103: public function __construct() {
104: self::$logger = new Logger('BadRequestObject');
105: self::$logger->debug('>>__construct()');
106:
107: // ensure to call the parent constructor
108: parent::__construct();
109:
110: $this->client = new String();
111: $this->IP = new String();
112: $this->requestedResource = new String();
113:
114: self::$logger->debug('<<__construct');
115: }
116:
117: /**
118: * Gets the count of bad requests for the client with this IP and client string in the past
119: * configurable period (security.client.temp.blacklist.filter.period)
120: *
121: * @return integer
122: * @since 1.0
123: * @throws AlphaException
124: */
125: public function getBadRequestCount() {
126:
127: global $config;
128:
129: // the datetime interval syntax between MySQL and SQLite3 is a little different
130: if($config->get('db.provider.name') == 'AlphaDAOProviderMySQL')
131: $sqlQuery = "SELECT COUNT(OID) AS request_count FROM ".$this->getTableName()." WHERE IP = '".$this->IP->getValue()."' AND client = '".$this->client->getValue()."' AND created_ts > NOW()-INTERVAL '".$config->get('security.client.temp.blacklist.filter.period')."' MINUTE";
132: else
133: $sqlQuery = "SELECT COUNT(OID) AS request_count FROM ".$this->getTableName()." WHERE IP = '".$this->IP->getValue()."' AND client = '".$this->client->getValue()."' AND created_ts > datetime('now', '-".$config->get('security.client.temp.blacklist.filter.period')." MINUTES')";
134:
135: $result = $this->query($sqlQuery);
136:
137: if(isset($result[0]))
138: $row = $result[0];
139: else
140: throw new AlphaException('No result set returned when querying the bad request table');
141:
142: if(isset($row['request_count'])) {
143: return $row['request_count'];
144: }else{
145: return 0;
146: }
147: }
148: }
149:
150: ?>