1: <?php
  2: 
  3: namespace Alpha\Model;
  4: 
  5: use Alpha\Model\Type\String;
  6: use Alpha\Util\Logging\Logger;
  7: use Alpha\Util\Config\ConfigProvider;
  8: use Alpha\Exception\AlphaException;
  9: 
 10: /**
 11:  * A HTTP request that resulted in a 400 response.  The class is only used when the
 12:  * security.client.temp.blacklist.filter.enabled setting is set to true to enable the filter.
 13:  *
 14:  * @since 1.0
 15:  *
 16:  * @author John Collins <dev@alphaframework.org>
 17:  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 18:  * @copyright Copyright (c) 2015, John Collins (founder of Alpha Framework).
 19:  * All rights reserved.
 20:  *
 21:  * <pre>
 22:  * Redistribution and use in source and binary forms, with or
 23:  * without modification, are permitted provided that the
 24:  * following conditions are met:
 25:  *
 26:  * * Redistributions of source code must retain the above
 27:  *   copyright notice, this list of conditions and the
 28:  *   following disclaimer.
 29:  * * Redistributions in binary form must reproduce the above
 30:  *   copyright notice, this list of conditions and the
 31:  *   following disclaimer in the documentation and/or other
 32:  *   materials provided with the distribution.
 33:  * * Neither the name of the Alpha Framework nor the names
 34:  *   of its contributors may be used to endorse or promote
 35:  *   products derived from this software without specific
 36:  *   prior written permission.
 37:  *
 38:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 39:  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 40:  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 41:  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 42:  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 43:  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 44:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 45:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 46:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 47:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 48:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 49:  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 50:  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 51:  * </pre>
 52:  */
 53: class BadRequest extends ActiveRecord
 54: {
 55:     /**
 56:      * The HTTP user-agent client string.
 57:      *
 58:      * @var Alpha\Model\Type\String
 59:      *
 60:      * @since 1.0
 61:      */
 62:     protected $client;
 63: 
 64:     /**
 65:      * The IP of the client.
 66:      *
 67:      * @var Alpha\Model\Type\String
 68:      *
 69:      * @since 1.0
 70:      */
 71:     protected $IP;
 72: 
 73:     /**
 74:      * The resource that the client requested.
 75:      *
 76:      * @var Alpha\Model\Type\String
 77:      *
 78:      * @since 1.0
 79:      */
 80:     protected $requestedResource;
 81: 
 82:     /**
 83:      * An array of data display labels for the class properties.
 84:      *
 85:      * @var array
 86:      *
 87:      * @since 1.0
 88:      */
 89:     protected $dataLabels = array('OID' => 'Bad request ID#', 'client' => 'Client string', 'IP' => 'IP', 'requestedResource' => 'Requested resource');
 90: 
 91:     /**
 92:      * The name of the database table for the class.
 93:      *
 94:      * @var string
 95:      *
 96:      * @since 1.0
 97:      */
 98:     const TABLE_NAME = 'BadRequest';
 99: 
100:     /**
101:      * Trace logger.
102:      *
103:      * @var Alpha\Util\Logging\Logger
104:      *
105:      * @since 1.0
106:      */
107:     private static $logger = null;
108: 
109:     /**
110:      * Constructor for the class.
111:      *
112:      * @since 1.0
113:      */
114:     public function __construct()
115:     {
116:         self::$logger = new Logger('BadRequest');
117:         self::$logger->debug('>>__construct()');
118: 
119:         // ensure to call the parent constructor
120:         parent::__construct();
121: 
122:         $this->client = new String();
123:         $this->IP = new String();
124:         $this->requestedResource = new String();
125: 
126:         self::$logger->debug('<<__construct');
127:     }
128: 
129:     /**
130:      * Gets the count of bad requests for the client with this IP and client string in the past
131:      * configurable period (security.client.temp.blacklist.filter.period).
132:      *
133:      * @return int
134:      *
135:      * @since 1.0
136:      *
137:      * @throws Alpha\Exception\AlphaException
138:      */
139:     public function getBadRequestCount()
140:     {
141:         $config = ConfigProvider::getInstance();
142: 
143:         // the datetime interval syntax between MySQL and SQLite3 is a little different
144:         if ($config->get('db.provider.name') == 'Alpha\Model\ActiveRecordProviderMySQL') {
145:             $sqlQuery = 'SELECT COUNT(OID) AS request_count FROM '.$this->getTableName()." WHERE IP = '".$this->IP->getValue()."' AND client = '".$this->client->getValue()."' AND created_ts > NOW()-INTERVAL '".$config->get('security.client.temp.blacklist.filter.period')."' MINUTE";
146:         } else {
147:             $sqlQuery = 'SELECT COUNT(OID) AS request_count FROM '.$this->getTableName()." WHERE IP = '".$this->IP->getValue()."' AND client = '".$this->client->getValue()."' AND created_ts > datetime('now', '-".$config->get('security.client.temp.blacklist.filter.period')." MINUTES')";
148:         }
149: 
150:         $result = $this->query($sqlQuery);
151: 
152:         if (isset($result[0])) {
153:             $row = $result[0];
154:         } else {
155:             throw new AlphaException('No result set returned when querying the bad request table');
156:         }
157: 
158:         if (isset($row['request_count'])) {
159:             return $row['request_count'];
160:         } else {
161:             return 0;
162:         }
163:     }
164: }
165: