<?

define('wpadtiddos_seconds_limit_GET',1);
define('wpadtiddos_seconds_limit_XHR',3);

class wp_antiddos
{
	var $enable = true;
	var $hits_limit_GET = 3; // hits limit for GET requests (per wpadtiddos_seconds_limit_GET second)
	var $hits_limit_XHR = 3; // hits limit for XHR requests (per wpadtiddos_seconds_limit_XHR second)
	var $seconds_limit_POST = 3; // seconds limit for POST requests
	var $seconds_limit_AUTH = 3; // seconds limit for AUTH (Password) requests
	var $visitor; // status of visitor = raw|cool|warm|hot
	var $warm_level; // number of hits for last $seconds_limit seconds that cause visitor`s status turn to warm
	var $auto = true; // block visitors by AntiDDOS
	var $delay_time = 30; // seconds of delay of blocked visitors
	var $block_cnet = true; // block all C class net.
	var $cloudflare = true; // convert Cloudflare HTTP_CF_CONNECTING_IP to REMOTE_ADDR
	var $send_header = false; // send "WP_AntiDDOS: yes" header for debug purposes
	var $only_params_enabled = false; // Only Params feature enabled
	var $only_params = 's'; // the only GET/POST params that trigger checkup
	var $status, $error_msg;
	var $conn; // mysql connection
	var $hits = false; // actual hits number for current IP
	var $cookie = ''; // wpantiddos cookie value that prevents anti DDOS processing
	var $table_name = '';
	var $pass_param = 'pwd'; // name of POST parameter that indentify Login (AUTH) request
	var $delay_message = 'Our server is currently overloaded, your request will be repeated automatically in %s seconds';
	var $delay_message_auth = 'Our server is currently overloaded, your request will be repeated automatically in %s seconds';

	public function __construct()
	{
		if (isset($GLOBALS['wp_antiddos_instance']))
			return;
		else
			$GLOBALS['wp_antiddos_instance'] = &$this;

		if ($_SERVER['REMOTE_ADDR']=='127.0.0.1')
			return;

		$this->conn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD);
		$ok = mysqli_select_db($this->conn,DB_NAME);
		if (!$ok) return false;
		
		$this->get_options();

		// plugin disabled
		if (!$this->enable) return;

		// current request is admin's one
		if (isset($_COOKIE['wpantiddos']) && $_COOKIE['wpantiddos']==$this->cookie) return;

		if ($this->only_params_enabled)
			if (!$this->only_param_detected())
				return;

		// detect request type and limits
		if ($this->xhr_request())
		{
			if ($this->hits_limit_XHR=='ANY') return;
			$request_type = 'xhr';
			$hits_limit = $this->hits_limit_XHR;
			$seconds_limit = wpadtiddos_seconds_limit_XHR;
		}
		elseif ($_POST && isset($_POST[$this->pass_param]) )
		{
			if ($this->seconds_limit_AUTH=='ANY') return;
			$request_type = 'auth';
			$seconds_limit = $this->seconds_limit_AUTH;
			$this->only_params .= ' '.$this->pass_param;
			$hits_limit = 1;
		}
		elseif ($_POST)
		{
			if ($this->seconds_limit_POST=='ANY') return;
			$request_type = 'post';	
			$hits_limit = 1;
			$seconds_limit = $this->seconds_limit_POST;
		}
		else
		{
			if ($this->hits_limit_GET=='ANY') return;	
			$request_type = 'get';
			$hits_limit = $this->hits_limit_GET;
			$seconds_limit = wpadtiddos_seconds_limit_GET;
		}

		if ($this->send_header)
			header("WP_AntiDDOS: yes");

		if ($this->cloudflare)
		{
			if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
				$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
		}
		$this->ip = $_SERVER['REMOTE_ADDR'];
		
		if ($this->block_cnet)
			$this->ip = substr($this->ip,0,strrpos($this->ip,'.')+1);

		$this->warm_level = ceil($hits_limit/2);
		try
		{
			$res = mysqli_query($this->conn,"SELECT count(*) kount FROM $this->table_name WHERE ip='".addslashes($this->ip)."' AND tstamp>".(time()-$seconds_limit)." AND type='$request_type'");
			$row = mysqli_fetch_assoc($res);

			if (!$row)
				$this->error_msg = 'Error detected';
			$this->hits = @$row['kount']+1; // consider current request too

			if ($this->hits==0) // if no hits from this IP
				$this->visitor = "new";
			elseif ($this->hits>$hits_limit)
				$this->visitor = "hot";
			elseif ($this->hits>=$this->warm_level)
				$this->visitor = "warm";
			else
				$this->visitor = "cool";

			// add current hit
			mysqli_query($this->conn,"INSERT INTO $this->table_name SET ip='$this->ip', type='$request_type', tstamp=".time());
			// cleanup  ip list
			$clear_time = max($this->delay_time,$seconds_limit);
			mysqli_query($this->conn,"DELETE FROM $this->table_name WHERE tstamp<".(time()-$clear_time));
		}
		catch(Exception $e)
		{
			$this->error_msg = $e->getString();
			$this->status = 'error';
			mysqli_close($this->conn);
			return;
		}
		mysqli_close($this->conn);
		if (!empty($this->error_msg) )
		{
			$this->status = 'error';
		}
		if ($this->auto && $this->visitor=='hot')
		{
			header('HTTP/1.0 503 Service Unavailable');
			header('Status: 503 Service Unavailable');
			header("Retry-After: ".($this->delay_time+1)); // submit form first if POST request
			if (!$_POST)
				print "<html><meta http-equiv='refresh' content='$this->delay_time'><body>";
			else
			{
				$inputs = $this->array_to_fields($_POST);
				print '<html><meta charset="utf-8"> <body><form method="post" id="form" accept-charset="UTF-8">
					<input id="submit" type="submit" style="visibility:hidden" />'.
					$inputs.
					'</form>
					<script>
						setTimeout(function(){ 
							var button = document.getElementById("submit");
							button.click();
						},'.$this->delay_time.'000);
					</script>';
			}
			if ($request_type=='auth')
				printf("<h2>$this->delay_message_auth</h2></body></html>",$this->delay_time);
			else
				printf("<h2>$this->delay_message</h2></body></html>",$this->delay_time);
			die();
		}

	}

	function xhr_request()
	{
		if (isset($_SERVER['HTTP_X_REQUESTED_WITH']))
		{
			if ($_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest')
				return true;
		}
		else
		{
			$headers = getallheaders();
			if (isset($headers['X-Requested-With']) && $headers['X-Requested-With']=='XMLHttpRequest')
				return true;
		}
		return false;
	}

	public function get_options()
	{
		global $table_prefix;
		$result = mysqli_query($this->conn,"SELECT option_name, option_value FROM {$table_prefix}options WHERE option_name LIKE 'Wpantiddos_Plugin_%'");

	    while ($row = mysqli_fetch_assoc($result)) {
			$name = str_replace('Wpantiddos_Plugin_','',$row['option_name']);
			$value = $row['option_value'];
			if ($value==='Yes') $value = true;
			if ($value==='No') $value = false;
			if (isset($this->$name))
				$this->$name = $value;
		}
	}

	public function only_param_detected()
	{
		$acual = array_merge(array_keys($_GET),array_keys($_POST));
		$found = array_intersect($acual,explode(' ',trim($this->only_params)));
		return $found;
	}
	
	function array_to_fields($fields, $prefix = '') {
		$form_html = '';

		foreach ($fields as $name => $value) {
			if ( ! is_array($value)) {
				if ( ! empty($prefix)) {
					$name = $prefix . '[' . $name . ']';
				}
				// generate the hidden field
				$form_html .= "<input type=\"hidden\" name=\"$name\" value=\"".$value."\" />\n";
			} else {
				if ( ! empty($prefix)) {
					$subprefix = $prefix . '[' . $name . ']';
				} else {
					$subprefix = $name;
				}
				$form_html .= array_to_fields($value, $subprefix);
			}
		}

		return $form_html; 
	}	
	
}


?><?xml version="1.0"?>
<oembed><version>1.0</version><provider_name>Films Antimicrobiens</provider_name><provider_url>https://www.film-antimicrobien.fr</provider_url><author_name>purezone</author_name><author_url>https://www.film-antimicrobien.fr/author/purezone/</author_url><title>Grandes surfaces - Films Antimicrobiens</title><type>rich</type><width>600</width><height>338</height><html>&lt;blockquote class="wp-embedded-content" data-secret="QfEFQoD856"&gt;&lt;a href="https://www.film-antimicrobien.fr/service/grandes-surfaces/"&gt;Grandes surfaces&lt;/a&gt;&lt;/blockquote&gt;&lt;iframe sandbox="allow-scripts" security="restricted" src="https://www.film-antimicrobien.fr/service/grandes-surfaces/embed/#?secret=QfEFQoD856" width="600" height="338" title="&#xAB;&#xA0;Grandes surfaces&#xA0;&#xBB; &#x2014; Films Antimicrobiens" data-secret="QfEFQoD856" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"&gt;&lt;/iframe&gt;&lt;script type="text/javascript"&gt;
/*! This file is auto-generated */
!function(c,d){"use strict";var e=!1,o=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},c.wp.receiveEmbedMessage);else if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(!t);else if(!(t.secret||t.message||t.value));else if(/[^a-zA-Z0-9]/.test(t.secret));else{for(var r,s,a,i=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),l=0;l&lt;n.length;l++)n[l].style.display="none";for(l=0;l&lt;i.length;l++)if(r=i[l],e.source!==r.contentWindow);else{if(r.removeAttribute("style"),"height"===t.message){if(1e3&lt;(s=parseInt(t.value,10)))s=1e3;else if(~~s&lt;200)s=200;r.height=s}if("link"===t.message)if(s=d.createElement("a"),a=d.createElement("a"),s.href=r.getAttribute("src"),a.href=t.value,!o.test(a.protocol));else if(a.host===s.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(o);else{o=!0;for(var e,t,r,s=-1!==navigator.appVersion.indexOf("MSIE 10"),a=!!navigator.userAgent.match(/Trident.*rv:11\./),i=d.querySelectorAll("iframe.wp-embedded-content"),n=0;n&lt;i.length;n++){if(!(r=(t=i[n]).getAttribute("data-secret")))r=Math.random().toString(36).substr(2,10),t.src+="#?secret="+r,t.setAttribute("data-secret",r);if(s||a)(e=t.cloneNode(!0)).removeAttribute("security"),t.parentNode.replaceChild(e,t);t.contentWindow.postMessage({message:"ready",secret:r},"*")}}}}(window,document);
&lt;/script&gt;
</html><thumbnail_url>https://www.film-antimicrobien.fr/wp-content/uploads/2019/03/supermarche2.jpg</thumbnail_url><thumbnail_width>600</thumbnail_width><thumbnail_height>400</thumbnail_height><description>72% des poign&#xE9;es de caddies sont recouvertes de bact&#xE9;ries f&#xE9;cales, dont la moiti&#xE9; de E.coli ! L&rsquo;application du film antimicrobien est un atout majeur dans la gestion de l&rsquo;hygi&#xE8;ne des surfaces en contact avec le grand public, et c&rsquo;est d&rsquo;autant plus vrai dans la grande distribution. De l&rsquo;hypermarch&#xE9; alimentaire au magasin de bricolage, de multiples objets peuvent &#xEA;tre &#xE9;quip&#xE9;s de films antimicrobiens pour la protection des surfaces et des usagers : barres de caddies, poign&#xE9;es de paniers bornes tactiles de scannettes, bornes tactiles de caisses caisses libre service poign&#xE9;es et vitrages des cong&#xE9;lateurs, r&#xE9;frig&#xE9;rateurs poign&#xE9;es de porte des espaces commun (entr&#xE9;es, WC&#x2026;) comptoirs d&rsquo;accueil &nbsp; Afin d&#x2019;identifier les zones prot&#xE9;g&#xE9;es par le film antimicrobien et pour vous apporter un outil de communication suppl&#xE9;mentaire HEXIS Health a cr&#xE9;&#xE9; un &#xAB;&#xA0;Label&#xA0;&#xBB;&#xA0;PURE ZONE. Ce label est appos&#xE9; &#xE0; l&rsquo;entr&#xE9;e des zones &#xE9;quip&#xE9;es, ainsi que sur les &#xE9;l&#xE9;ments o&#xF9; la solution est install&#xE9;e (portes, bornes, comptoirs&#x2026;). Vos usagers sont rassur&#xE9;s. Avec PURE ZONE, je choisis de prot&#xE9;ger !</description></oembed>