From 7b57fde652cd3781bf06788a778feebe81768e29 Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Sun, 5 Apr 2009 14:20:34 +0000 Subject: [PATCH] limit number of threads from one address git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@459 c66351dc-e62f-0410-b875-e3a5c0b9693f --- src/messenger/webim/client.php | 28 +++++++++------- src/messenger/webim/libs/chat.php | 55 ++++++++++++++++++------------- src/messenger/webim/thread.php | 6 ++-- 3 files changed, 53 insertions(+), 36 deletions(-) diff --git a/src/messenger/webim/client.php b/src/messenger/webim/client.php index 5f458315..51d83a65 100644 --- a/src/messenger/webim/client.php +++ b/src/messenger/webim/client.php @@ -25,7 +25,7 @@ if($settings['enablessl'] == "1" && $settings['forcessl'] == "1") { if($_SERVER['REQUEST_METHOD'] == 'GET' && $_SERVER['QUERY_STRING']) { header("Location: ".get_app_location(true,true)."/client.php?".$_SERVER['QUERY_STRING']); } else { - die("only https connections are processed"); + die("only https connections are handled"); } exit; } @@ -101,24 +101,30 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) { } $userbrowser = $_SERVER['HTTP_USER_AGENT']; $remoteHost = isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : $extAddr; - $thread = create_thread($groupid,$visitor['name'], $remoteHost, $referer,$current_locale,$visitor['id'], $userbrowser); - $_SESSION['threadid'] = $thread['threadid']; - if( $referer ) { - post_message($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referer))); + + $link = connect(); + if(!check_connections_from_remote($remoteHost, $link)) { + mysql_close($link); + die("number of connections from your IP is exceeded, try again later"); } - post_message($thread['threadid'],$kind_info,getstring('chat.wait')); + $thread = create_thread($groupid,$visitor['name'], $remoteHost, $referer,$current_locale,$visitor['id'], $userbrowser,$link); + $_SESSION['threadid'] = $thread['threadid']; + + if( $referer ) { + post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.came.from',array($referer)),$link); + } + post_message_($thread['threadid'],$kind_info,getstring('chat.wait'),$link); if($email) { - post_message($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email))); + post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.email',array($email)),$link); } if($info) { - post_message($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info))); + post_message_($thread['threadid'],$kind_for_agent,getstring2('chat.visitor.info',array($info)),$link); } if($firstmessage) { - $postedid = post_message($thread['threadid'],$kind_user,$firstmessage,$visitor['name']); - $link = connect(); + $postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']); commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link); - mysql_close($link); } + mysql_close($link); } $threadid = $thread['threadid']; $token = $thread['ltoken']; diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index 7736b973..d1eaeea5 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -413,28 +413,28 @@ function rename_user($thread, $newname) { global $kind_events; $link = connect(); - commit_thread( $thread['threadid'], array('userName' => "'".mysql_real_escape_string($newname)."'"), $link); - mysql_close($link); + commit_thread( $thread['threadid'], array('userName' => "'".mysql_real_escape_string($newname,$link)."'"), $link); if( $thread['userName'] != $newname ) { - post_message($thread['threadid'],$kind_events, - getstring2_("chat.status.user.changedname",array($thread['userName'], $newname), $thread['locale'])); + post_message_($thread['threadid'],$kind_events, + getstring2_("chat.status.user.changedname",array($thread['userName'], $newname), $thread['locale']), $link); } + mysql_close($link); } function close_thread($thread,$isuser) { global $state_closed, $kind_events; + $link = connect(); if( $thread['istate'] != $state_closed ) { - $link = connect(); commit_thread( $thread['threadid'], array('istate' => $state_closed, 'messageCount' => '(SELECT COUNT(*) FROM chatmessage WHERE chatmessage.threadid = t.threadid AND ikind = 1)'), $link); - mysql_close($link); } $message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale']) : getstring2_("chat.status.operator.left", array($thread['agentName']), $thread['locale']); - post_message($thread['threadid'], $kind_events, $message); + post_message_($thread['threadid'], $kind_events, $message, $link); + mysql_close($link); } function thread_by_id_($id,$link) { @@ -455,27 +455,24 @@ function thread_by_id($id) { return $thread; } -function create_thread($groupid,$username,$remoteHost,$referer,$lang,$userid,$userbrowser) { +function create_thread($groupid,$username,$remoteHost,$referer,$lang,$userid,$userbrowser,$link) { global $state_loading; - $link = connect(); - $query = sprintf( "insert into chatthread (userName,userid,ltoken,remote,referer,lrevision,locale,userAgent,dtmcreated,dtmmodified,istate".($groupid?",groupid":"").") values ". "('%s','%s',%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,$state_loading".($groupid?",$groupid":"").")", - mysql_real_escape_string($username), - mysql_real_escape_string($userid), + mysql_real_escape_string($username, $link), + mysql_real_escape_string($userid, $link), next_token(), - mysql_real_escape_string($remoteHost), - mysql_real_escape_string($referer), + mysql_real_escape_string($remoteHost, $link), + mysql_real_escape_string($referer, $link), next_revision($link), - mysql_real_escape_string($lang), - mysql_real_escape_string($userbrowser)); + mysql_real_escape_string($lang, $link), + mysql_real_escape_string($userbrowser, $link)); perform_query($query,$link); $id = mysql_insert_id($link); $newthread = thread_by_id_($id,$link); - mysql_close($link); return $newthread; } @@ -486,13 +483,14 @@ function do_take_thread($threadid,$operatorId,$operatorName) { array("istate" => $state_chatting, "nextagent" => 0, "agentId" => $operatorId, - "agentName" => "'".mysql_real_escape_string($operatorName)."'"), $link); + "agentName" => "'".mysql_real_escape_string($operatorName, $link)."'"), $link); mysql_close($link); } function reopen_thread($threadid) { global $state_queue,$state_loading,$state_waiting,$state_chatting,$state_closed,$kind_events; - $thread = thread_by_id($threadid); + $link = connect(); + $thread = thread_by_id_($threadid, $link); if( !$thread ) return FALSE; @@ -501,13 +499,12 @@ function reopen_thread($threadid) { return FALSE; if( $thread['istate'] != $state_chatting && $thread['istate'] != $state_queue && $thread['istate'] != $state_loading ) { - $link = connect(); commit_thread( $threadid, array("istate" => $state_waiting, "nextagent" => 0), $link); - mysql_close($link); } - post_message($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'])); + post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale']), $link); + mysql_close($link); return $thread; } @@ -565,6 +562,20 @@ function check_for_reassign($thread,$operator) { } } +function check_connections_from_remote($remote,$link) { + global $settings, $state_closed; + if($settings['max_connections_from_one_host'] == 0) { + return true; + } + $result = select_one_row( + "select count(*) as opened from chatthread ". + "where remote = '". mysql_real_escape_string($remote, $link)."' AND istate <> $state_closed", $link ); + if($result && isset($result['opened'])) { + return $result['opened'] < $settings['max_connections_from_one_host']; + } + return true; +} + function visitor_from_request() { global $namecookie, $webim_encoding, $usercookie; $defaultName = getstring("chat.default.username"); diff --git a/src/messenger/webim/thread.php b/src/messenger/webim/thread.php index 16c364c9..007c4ef7 100644 --- a/src/messenger/webim/thread.php +++ b/src/messenger/webim/thread.php @@ -70,12 +70,12 @@ if( $act == "refresh" ) { show_error("cannot send"); } - $postedid = post_message($threadid,$kind,$message,$from, $isuser ? null : $operator['operatorid'] ); + $link = connect(); + $postedid = post_message_($threadid,$kind,$message,$link,$from,null,$isuser ? null : $operator['operatorid'] ); if($isuser && $thread["shownmessageid"] == 0) { - $link = connect(); commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link); - mysql_close($link); } + mysql_close($link); print_thread_messages($thread, $token, $lastid, $isuser, $outformat, $isuser ? null : $operator['operatorid']); exit;