From 71c5103b5b4c7f9f4cd85a1972d76f23d34de5ef Mon Sep 17 00:00:00 2001 From: pero1203 Date: Wed, 1 Sep 2021 10:39:53 +0200 Subject: [PATCH] Dodane omejitve stevila vprasanj, stevila poslanih vabil in phishing - poslje se mail na info@1ka.si --- admin/survey/Branching.php | 7 ++ admin/survey/SurveyAdminAjax.php | 20 ++-- admin/survey/classes/class.SurveyCheck.php | 110 +++++++++++++++--- .../class.SurveyInvitationsNew.php | 8 +- function.php | 6 +- settings_optional.php.example | 18 ++- 6 files changed, 141 insertions(+), 28 deletions(-) diff --git a/admin/survey/Branching.php b/admin/survey/Branching.php index c4ddd9723..06c8fc111 100644 --- a/admin/survey/Branching.php +++ b/admin/survey/Branching.php @@ -8533,6 +8533,7 @@ class Branching { $spremenljivka = mysqli_insert_id($GLOBALS['connect_db']); } + // vnesemo -4 tag v podatke, ki oznacuje novo spremenljivko $sql = sisplet_query("SELECT id FROM srv_user WHERE ank_id = '$this->anketa'"); $query_values = ""; @@ -8543,6 +8544,12 @@ class Branching { if (mysqli_num_rows($sql) > 0) sisplet_query("INSERT INTO srv_data_vrednost".$this->db_table." (spr_id, vre_id, usr_id) VALUES $query_values"); + + // Preverimo ce smo presegli limit za stevilo vprasanj + $check = new SurveyCheck($this->anketa); + $check->checkLimitSpremenljivke(); + + return $spremenljivka; } diff --git a/admin/survey/SurveyAdminAjax.php b/admin/survey/SurveyAdminAjax.php index fcbf776f8..bde3184c1 100644 --- a/admin/survey/SurveyAdminAjax.php +++ b/admin/survey/SurveyAdminAjax.php @@ -3253,8 +3253,10 @@ class SurveyAdminAjax { SurveyAlert::getInstance()->Init($anketa, $global_user_id); SurveyAlert::getInstance()->sendMailActive(); - $gdpr = new GDPR(); - + # Preverimo, ce gre za phishing + $check = new SurveyCheck($anketa); + $check->checkPhishing(); + # Aktivacijski pop up za hierarhijo if(SurveyInfo::getInstance()->checkSurveyModule('hierarhija')){ // Anketo zaklenemo @@ -3395,24 +3397,28 @@ class SurveyAdminAjax { if ((int)$_POST['voteCountLimitType'] == 1) { $updateString .= $prefix." vote_limit = '1', vote_count='".(int)$_POST['voteCountValue']."'"; $prefix = ','; - } elseif ((int)$_POST['voteCountLimitType'] == 2) { + } + elseif ((int)$_POST['voteCountLimitType'] == 2) { $updateString .= $prefix." vote_limit = '2', vote_count='".(int)$_POST['voteCountValue']."'"; $prefix = ','; - } else { + } + else { $updateString .= $prefix." vote_limit = '0'"; $prefix = ','; } $updateString .= " WHERE id='$anketa'"; $sql = sisplet_query($updateString); + #updejtamo srv_alert global $global_user_id; SurveyAlert::getInstance()->Init($this->anketa, $global_user_id); SurveyAlert::getInstance()->prepareSendExpireAlerts(); + # vsilimo refresh podatkov - SurveyInfo :: getInstance()->resetSurveyData(); - - } elseif ($_GET['a'] == 'anketa_getDates') { + SurveyInfo :: getInstance()->resetSurveyData(); + } + elseif ($_GET['a'] == 'anketa_getDates') { // prikažemo vmesnik za izbiro datuma // preberemo datume aktivnosti //$sqlDates = sisplet_query("SELECT starts, expire FROM srv_anketa WHERE id='" . $this->anketa . "'"); diff --git a/admin/survey/classes/class.SurveyCheck.php b/admin/survey/classes/class.SurveyCheck.php index 840e8cc45..d3fc155fe 100644 --- a/admin/survey/classes/class.SurveyCheck.php +++ b/admin/survey/classes/class.SurveyCheck.php @@ -3,6 +3,8 @@ /* * Preverjanje ankete - limiti velikosti, vabil, preverjanmje phishinga... * + * Zaenkrat samo preverjamo in posljemo mail adminu + * */ class SurveyCheck { @@ -10,36 +12,46 @@ class SurveyCheck { var $anketa; - var $limit_vprasanja = 100; - var $limit_vabila = 1000; - - public function __construct($anketa){ if($anketa == null || $anketa <= 0) return 'ID ankete ne obstaja!'; $this->anketa = $anketa; - - SurveyInfo::getInstance()->SurveyInit($this->anketa); } // Preverimo stevilo vprasanj v anketi public function checkLimitSpremenljivke(){ + global $app_limits; + + // Ce limit ni nastavljen ignoriramo + if(!isset($app_limits['question_count_limit']) || $app_limits['question_count_limit'] <= 0) + return true; // Dobimo stevilo vprasanj v anketi - $stevilo_vprasanj = SurveyInfo::getSurveyQuestionCount(); + $stevilo_vprasanj = SurveyInfo::getInstance()->getSurveyQuestionCount(); // Ce je v anketi ze vec vprasanj kot je limit - if($stevilo_vprasanj > $this->limit_vprasanja) + if($stevilo_vprasanj > $app_limits['question_count_limit']){ + + // Posljemo mail adminu + $this->sendAlert($alert_type='limit_spremenljivke', $stevilo_vprasanj); + return true; - else + } + else{ return false; + } } // Preverimo stevilo poslanih vabil public function checkLimitVabila(){ + global $app_limits; + + // Ce limit ni nastavljen ignoriramo + if(!isset($app_limits['invitation_count_limit']) || $app_limits['invitation_count_limit'] <= 0) + return true; // Prestejemo poslana vabila $sql = sisplet_query("SELECT count(id) AS stevilo_vabil @@ -51,14 +63,41 @@ class SurveyCheck { $stevilo_vabil = $row['stevilo_vabil']; // Ce je poslanih ze vec vabil kot je limit - if($stevilo_vabil > $this->limit_vabila) + if($stevilo_vabil > $app_limits['invitation_count_limit']){ + + // Posljemo mail adminu + $this->sendAlert($alert_type='limit_vabila', $stevilo_vabil); + return true; - else + } + else{ return false; + } } // Preverimo ce je anketa potencialno phishing public function checkPhishing(){ + global $global_user_id; + + + // Dobimo stevilo vprasanj v anketi + $stevilo_vprasanj = SurveyInfo::getInstance()->getSurveyQuestionCount(); + + // Ce imamo v anketi 0 ali vec kot 5 vprasanj je vse ok + if($stevilo_vprasanj >= 5 || $stevilo_vprasanj == 0){ + return false; + } + + + // Dobimo stevilo anket uporabnika + $sqlA = sisplet_query("SELECT count(id) AS count_surveys FROM srv_anketa WHERE insert_uid='".$global_user_id."'"); + $rowA = mysqli_fetch_array($sqlA); + + // Ce ima uporabnik ze vec anket je vse ok + if($rowA['count_surveys'] > 1){ + return false; + } + // Prestejemo vprasanja po tipu $sql = sisplet_query("SELECT count(s.id) AS count_questions @@ -69,12 +108,57 @@ class SurveyCheck { $row = mysqli_fetch_array($sql); // Ce imamo v anketi manj kot 5 vprasanj in so vsa tipa nagovor ali text je potencialen phishing - if($row['count_questions'] < 5) + if($row['count_questions'] == $stevilo_vprasanj){ + + // Posljemo mail adminu + $this->sendAlert($alert_type='phishing'); + return true; - else + } + else{ return false; + } } + + // Posljemo obvestilo adminu o prebitem limitu, phishing anketi... + private function sendAlert($alert_type, $count=0){ + global $site_url; + + switch($alert_type){ + + case 'limit_spremenljivke': + $title = 'Opozorilo - prekoračena omejitev vprašanj'; + $content = 'Anketa '.$this->anketa.' ima prekoračeno omejitev števila vprašanj ('.$count.')!'; + + break; + + case 'limit_vabila': + $title = 'Opozorilo - prekoračena omejitev vabil'; + $content = 'Anketa '.$this->anketa.' ima prekoračeno omejitev poslanih vabil ('.$count.')!'; + + break; + + case 'phishing': + $title = 'Opozorilo - potencialna phishing anketa'; + $content = 'Anketa '.$this->anketa.' - potencialen phishing!'; + + break; + } + + try{ + $MA = new MailAdapter($anketa=null, $type='admin'); + $MA->addRecipients('info@1ka.si'); + $resultX = $MA->sendMail($content, $title); + } + catch (Exception $e){ + } + + // Zalogiramo opozorilo + $SL = new SurveyLog(); + $SL->addMessage(SurveyLog::ERROR, $title.' - anketa '.$this->anketa); + $SL->write(); + } } ?> \ No newline at end of file diff --git a/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php b/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php index 7bdab721f..a5268170e 100644 --- a/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php +++ b/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php @@ -3997,8 +3997,14 @@ class SurveyInvitationsNew { $return['msg'] = '
'.$lang['srv_invitation_note14'].'
'; } + + // Preverimo ce smo presegli limit za posiljanje vabil + $check = new SurveyCheck($this->sid); + $check->checkLimitVabila(); + + # popravimo timestamp za regeneracijo dashboarda - Common::getInstance()->Init($anketa); + Common::getInstance()->Init($this->sid); Common::getInstance()->updateEditStamp(); #$this->viewAarchive($return['msg']); diff --git a/function.php b/function.php index 31cd6880c..41fc5ebed 100644 --- a/function.php +++ b/function.php @@ -1202,10 +1202,10 @@ function root_dir($file = null) // Pri izpolnjevanju ankete preverimo stevilo klikov na minuto - ce jih je prevec, respondenta zavrnemo, drugace se lahko sql zafila in streznik ni vec odziven function checkClicksPerMinute(){ - global $clicks_per_minute_limit; + global $app_limits; // Ce maximum na minuto ni nastavljen ignoriramo limit - if(!isset($clicks_per_minute_limit) || $clicks_per_minute_limit == 0) + if(!isset($app_limits['clicks_per_minute_limit']) || $app_limits['clicks_per_minute_limit'] == 0) return true; // Preverimo ce gre za izpolnjevanje ankete @@ -1235,7 +1235,7 @@ function checkClicksPerMinute(){ } // Click count je ok - pustimo naprej - if($click_count < $clicks_per_minute_limit){ + if($click_count < $app_limits['clicks_per_minute_limit']){ $sqlI = sisplet_query("UPDATE srv_clicks SET click_count=click_count+1 WHERE ank_id='".$_GET['anketa']."'"); return true; } diff --git a/settings_optional.php.example b/settings_optional.php.example index 11ecf5ac6..1c5786b03 100644 --- a/settings_optional.php.example +++ b/settings_optional.php.example @@ -4,9 +4,6 @@ // Debuging - 0 ali 1, ali imamo debug vključen (privzeto je izključen) $debug = 0; -// Max stevilo klikov na doloceno anketo (izpolnjevanje) v eni minuti (zascita, da se streznik ne sesuje) (ce je 0 ni limita) -$clicks_per_minute_limit = 0; - // Ce gre za virtualno domeno $virtual_domain = false; @@ -18,7 +15,6 @@ $lastna_instalacija = false; $aai_instalacija = false; - /* DODATNE NASTAVITVE APLIKACIJE ZA LASTNE NAMESTITVE */ $app_settings = array( 'app_name' => '', // Ime aplikacije @@ -44,6 +40,20 @@ $app_settings = array( ); +/* OMEJITVE APLIKACIJE */ +$app_limits = array( + + // Max stevilo klikov na doloceno anketo (izpolnjevanje) v eni minuti (zascita, da se streznik ne sesuje) (ce je 0 ni limita) + 'clicks_per_minute_limit' => 200, + + // Max stevilo vprasanj v anketi + 'question_count_limit' => 100, + + // Max stevilo poslanih vabil v anketi + 'invitation_count_limit' => 0 +); + + // Nastavitev email streznika za posiljanje mailov $email_server_settings = array( 'SMTPFrom' => '', // polje "from" pri posiljanju