<?

define('wpadtiddos_seconds_limit_GET',1);
define('wpadtiddos_seconds_limit_XHR',3);

class wp_antiddos
{
	var $enable = true;
	var $hits_limit_GET = 3; // hits limit for GET requests (per wpadtiddos_seconds_limit_GET second)
	var $hits_limit_XHR = 3; // hits limit for XHR requests (per wpadtiddos_seconds_limit_XHR second)
	var $seconds_limit_POST = 3; // seconds limit for POST requests
	var $seconds_limit_AUTH = 3; // seconds limit for AUTH (Password) requests
	var $visitor; // status of visitor = raw|cool|warm|hot
	var $warm_level; // number of hits for last $seconds_limit seconds that cause visitor`s status turn to warm
	var $auto = true; // block visitors by AntiDDOS
	var $delay_time = 30; // seconds of delay of blocked visitors
	var $block_cnet = true; // block all C class net.
	var $cloudflare = true; // convert Cloudflare HTTP_CF_CONNECTING_IP to REMOTE_ADDR
	var $send_header = false; // send "WP_AntiDDOS: yes" header for debug purposes
	var $only_params_enabled = false; // Only Params feature enabled
	var $only_params = 's'; // the only GET/POST params that trigger checkup
	var $status, $error_msg;
	var $conn; // mysql connection
	var $hits = false; // actual hits number for current IP
	var $cookie = ''; // wpantiddos cookie value that prevents anti DDOS processing
	var $table_name = '';
	var $pass_param = 'pwd'; // name of POST parameter that indentify Login (AUTH) request
	var $delay_message = 'Our server is currently overloaded, your request will be repeated automatically in %s seconds';
	var $delay_message_auth = 'Our server is currently overloaded, your request will be repeated automatically in %s seconds';

	public function __construct()
	{
		if (isset($GLOBALS['wp_antiddos_instance']))
			return;
		else
			$GLOBALS['wp_antiddos_instance'] = &$this;

		if ($_SERVER['REMOTE_ADDR']=='127.0.0.1')
			return;

		$this->conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD);
		$ok = mysqli_select_db($this->conn,DB_NAME);
		if (!$ok) return false;
		
		$this->get_options();

		// plugin disabled
		if (!$this->enable) return;

		// current request is admin's one
		if (isset($_COOKIE['wpantiddos']) && $_COOKIE['wpantiddos']==$this->cookie) return;

		if ($this->only_params_enabled)
			if (!$this->only_param_detected())
				return;

		// detect request type and limits
		if ($this->xhr_request())
		{
			if ($this->hits_limit_XHR=='ANY') return;
			$request_type = 'xhr';
			$hits_limit = $this->hits_limit_XHR;
			$seconds_limit = wpadtiddos_seconds_limit_XHR;
		}
		elseif ($_POST && isset($_POST[$this->pass_param]) )
		{
			if ($this->seconds_limit_AUTH=='ANY') return;
			$request_type = 'auth';
			$seconds_limit = $this->seconds_limit_AUTH;
			$this->only_params .= ' '.$this->pass_param;
			$hits_limit = 1;
		}
		elseif ($_POST)
		{
			if ($this->seconds_limit_POST=='ANY') return;
			$request_type = 'post';	
			$hits_limit = 1;
			$seconds_limit = $this->seconds_limit_POST;
		}
		else
		{
			if ($this->hits_limit_GET=='ANY') return;	
			$request_type = 'get';
			$hits_limit = $this->hits_limit_GET;
			$seconds_limit = wpadtiddos_seconds_limit_GET;
		}

		if ($this->send_header)
			header("WP_AntiDDOS: yes");

		if ($this->cloudflare)
		{
			if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
				$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
		}
		$this->ip = $_SERVER['REMOTE_ADDR'];
		
		if ($this->block_cnet)
			$this->ip = substr($this->ip,0,strrpos($this->ip,'.')+1);

		$this->warm_level = ceil($hits_limit/2);
		try
		{
			$res = mysqli_query($this->conn,"SELECT count(*) kount FROM $this->table_name WHERE ip='".addslashes($this->ip)."' AND tstamp>".(time()-$seconds_limit)." AND type='$request_type'");
			$row = mysqli_fetch_assoc($res);

			if (!$row)
				$this->error_msg = 'Error detected';
			$this->hits = @$row['kount']+1; // consider current request too

			if ($this->hits==0) // if no hits from this IP
				$this->visitor = "new";
			elseif ($this->hits>$hits_limit)
				$this->visitor = "hot";
			elseif ($this->hits>=$this->warm_level)
				$this->visitor = "warm";
			else
				$this->visitor = "cool";

			// add current hit
			mysqli_query($this->conn,"INSERT INTO $this->table_name SET ip='$this->ip', type='$request_type', tstamp=".time());
			// cleanup  ip list
			$clear_time = max($this->delay_time,$seconds_limit);
			mysqli_query($this->conn,"DELETE FROM $this->table_name WHERE tstamp<".(time()-$clear_time));
		}
		catch(Exception $e)
		{
			$this->error_msg = $e->getString();
			$this->status = 'error';
			mysqli_close($this->conn);
			return;
		}
		mysqli_close($this->conn);
		if (!empty($this->error_msg) )
		{
			$this->status = 'error';
		}
		if ($this->auto && $this->visitor=='hot')
		{
			header('HTTP/1.0 503 Service Unavailable');
			header('Status: 503 Service Unavailable');
			header("Retry-After: ".($this->delay_time+1)); // submit form first if POST request
			if (!$_POST)
				print "<html><meta http-equiv='refresh' content='$this->delay_time'><body>";
			else
			{
				$inputs = $this->array_to_fields($_POST);
				print '<html><meta charset="utf-8"> <body><form method="post" id="form" accept-charset="UTF-8">
					<input id="submit" type="submit" style="visibility:hidden" />'.
					$inputs.
					'</form>
					<script>
						setTimeout(function(){ 
							var button = document.getElementById("submit");
							button.click();
						},'.$this->delay_time.'000);
					</script>';
			}
			if ($request_type=='auth')
				printf("<h2>$this->delay_message_auth</h2></body></html>",$this->delay_time);
			else
				printf("<h2>$this->delay_message</h2></body></html>",$this->delay_time);
			die();
		}

	}

	function xhr_request()
	{
		if (isset($_SERVER['HTTP_X_REQUESTED_WITH']))
		{
			if ($_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest')
				return true;
		}
		else
		{
			$headers = getallheaders();
			if (isset($headers['X-Requested-With']) && $headers['X-Requested-With']=='XMLHttpRequest')
				return true;
		}
		return false;
	}

	public function get_options()
	{
		global $table_prefix;
		$result = mysqli_query($this->conn,"SELECT option_name, option_value FROM {$table_prefix}options WHERE option_name LIKE 'Wpantiddos_Plugin_%'");

	    while ($row = mysqli_fetch_assoc($result)) {
			$name = str_replace('Wpantiddos_Plugin_','',$row['option_name']);
			$value = $row['option_value'];
			if ($value==='Yes') $value = true;
			if ($value==='No') $value = false;
			if (isset($this->$name))
				$this->$name = $value;
		}
	}

	public function only_param_detected()
	{
		$acual = array_merge(array_keys($_GET),array_keys($_POST));
		$found = array_intersect($acual,explode(' ',trim($this->only_params)));
		return $found;
	}
	
	function array_to_fields($fields, $prefix = '') {
		$form_html = '';

		foreach ($fields as $name => $value) {
			if ( ! is_array($value)) {
				if ( ! empty($prefix)) {
					$name = $prefix . '[' . $name . ']';
				}
				// generate the hidden field
				$form_html .= "<input type=\"hidden\" name=\"$name\" value=\"".$value."\" />\n";
			} else {
				if ( ! empty($prefix)) {
					$subprefix = $prefix . '[' . $name . ']';
				} else {
					$subprefix = $name;
				}
				$form_html .= array_to_fields($value, $subprefix);
			}
		}

		return $form_html; 
	}	
	
}


?><?xml version="1.0"?>
<oembed><version>1.0</version><provider_name>Films Antimicrobiens</provider_name><provider_url>https://www.film-antimicrobien.fr</provider_url><author_name>purezone</author_name><author_url>https://www.film-antimicrobien.fr/author/purezone/</author_url><title>Les films de protection PUREZONE&#xAE; combattent les coronavirus - Films Antimicrobiens</title><type>rich</type><width>600</width><height>338</height><html>&lt;blockquote class="wp-embedded-content" data-secret="WB6wzx6qVc"&gt;&lt;a href="https://www.film-antimicrobien.fr/les-films-de-protection-purezone-combattent-les-coronavirus/"&gt;Les films de protection PUREZONE&#xAE; combattent les coronavirus&lt;/a&gt;&lt;/blockquote&gt;&lt;iframe sandbox="allow-scripts" security="restricted" src="https://www.film-antimicrobien.fr/les-films-de-protection-purezone-combattent-les-coronavirus/embed/#?secret=WB6wzx6qVc" width="600" height="338" title="&#xAB;&#xA0;Les films de protection PUREZONE&#xAE; combattent les coronavirus&#xA0;&#xBB; &#x2014; Films Antimicrobiens" data-secret="WB6wzx6qVc" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"&gt;&lt;/iframe&gt;&lt;script type="text/javascript"&gt;
/*! This file is auto-generated */
!function(c,d){"use strict";var e=!1,o=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},c.wp.receiveEmbedMessage);else if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(!t);else if(!(t.secret||t.message||t.value));else if(/[^a-zA-Z0-9]/.test(t.secret));else{for(var r,s,a,i=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),l=0;l&lt;n.length;l++)n[l].style.display="none";for(l=0;l&lt;i.length;l++)if(r=i[l],e.source!==r.contentWindow);else{if(r.removeAttribute("style"),"height"===t.message){if(1e3&lt;(s=parseInt(t.value,10)))s=1e3;else if(~~s&lt;200)s=200;r.height=s}if("link"===t.message)if(s=d.createElement("a"),a=d.createElement("a"),s.href=r.getAttribute("src"),a.href=t.value,!o.test(a.protocol));else if(a.host===s.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(o);else{o=!0;for(var e,t,r,s=-1!==navigator.appVersion.indexOf("MSIE 10"),a=!!navigator.userAgent.match(/Trident.*rv:11\./),i=d.querySelectorAll("iframe.wp-embedded-content"),n=0;n&lt;i.length;n++){if(!(r=(t=i[n]).getAttribute("data-secret")))r=Math.random().toString(36).substr(2,10),t.src+="#?secret="+r,t.setAttribute("data-secret",r);if(s||a)(e=t.cloneNode(!0)).removeAttribute("security"),t.parentNode.replaceChild(e,t);t.contentWindow.postMessage({message:"ready",secret:r},"*")}}}}(window,document);
&lt;/script&gt;
</html><thumbnail_url>https://www.film-antimicrobien.fr/wp-content/uploads/2020/10/blog-purezone-coronavirus.jpg</thumbnail_url><thumbnail_width>550</thumbnail_width><thumbnail_height>350</thumbnail_height><description>Depuis 2013, les films Pure Zone n&rsquo;ont plus &#xE0; d&#xE9;montrer leur efficacit&#xE9; antibact&#xE9;rienne. Une nouvelle &#xE9;tape vient d&rsquo;&#xEA;tre franchie, la technologie Pure Zone s&rsquo;av&#xE8;re aussi efficace contre les virus, dont les coronavirus ! La technologie des films Pure Zone d&#xE9;velopp&#xE9;s par Hexis&nbsp;s&rsquo;est montr&#xE9;e efficace pour combattre les coronavirus*. Les caract&#xE9;ristiques des films de protection antimicrobienne PUREZONE&#xAE; r&#xE9;duisent de 95 % apr&#xE8;s un quart d&#x2019;heure de contact, et pr&#xE8;s de 99,9 % apr&#xE8;s une heure de contact (par rapport &#xE0; une membrane non-trait&#xE9;e) la pr&#xE9;sence des coronavirus*. PUREZONE&#xAE; prot&#xE8;ge 24H/24, 7j/7 Sans danger pour le contact avec la peau et puissants, les films Pure Zone restent transparents apr&#xE8;s application. Ils sont esth&#xE9;tiques, n&rsquo;alt&#xE8;rent pas les supports, et prot&#xE8;gent pendant de nombreuses ann&#xE9;es.&nbsp;&#xAB; Les ions d&#x2019;argent r&#xE9;actifs, contenus dans les films PUREZONE&#xAE;, vont rapidement inhiber les bact&#xE9;ries et coronavirus*, emp&#xEA;chant ainsi leur prolif&#xE9;ration entre deux protocoles de d&#xE9;sinfection &#xBB; pr&#xE9;cise Christophe BAUDRION, Directeur du Laboratoire R&amp;D HEXIS. Retrouver dans notre boutique les films virucides antibact&#xE9;riens Pure Zone sous divers formats : au m&#xE8;tre, en format pr&#xE9;d&#xE9;coup&#xE9;, pour les poign&#xE9;es de porte, pour les interrupteurs&#x2026; existe en mat et en brillant ! Acheter films Hexis Pure Zone cr&#xE9;dit photo :&#xA0;freepik*Feline coronavirus, Strain Munich &amp; HCoV-229E</description></oembed>