<?php

require_once("/home/www/wwwbuzzerstar/p/krass/library/Config.inc.php"); 
require_once("/home/www/wwwbuzzerstar/p/krass/library/Connection.inc.php"); 


class Security {

	public function __construct() {
			
		$config 	= new Config();
		$conn 		= new Connection();
		$ClientIP	= $this->getIp();
		
		session_start();
		session_cache_limiter('private');
		session_cache_expire(7); // 7 minuten chache zeit
		
		// set time-out period (in seconds)
		$inactiveTimeout = 430;
		//var_dump( $this->checkAccess());
		
		if (array_key_exists('p_clientip',$_SESSION) && array_key_exists('p_timestamp',$_SESSION) && array_key_exists('p_isfromfacebook',$_SESSION) && !empty($_SESSION["p_timestamp"]) && !empty($_SESSION["p_isfromfacebook"]) && !empty($_SESSION["p_clientip"]) && strcmp($_SESSION["p_clientip"], md5($ClientIP)) == 0){ 
			//echo "array_key_exists";
			$duration = time() - (int)$_SESSION['p_timestamp'];
			if($duration > $inactiveTimeout) {
				// Destroy the session and restart it.
				session_destroy();
				session_start();
				$this->movePage(301,$config->redirectto_security());
				//echo "construct-array_key_exists(): here rediect";
				exit(0);
			} else {
				// here alles ok
				//echo "alles ok: array_key_exists";
				session_write_close();
				return TRUE;
			}
			// never reached
			session_write_close();
			$this->movePage(301,$config->redirectto_security());
			//echo "construct()-array_key_exists: here rediect";
			exit(0);
			
		} elseif (preg_match("/www\.facebook\.com\//",$_SERVER['HTTP_REFERER'])) {
		/*	
			// if isset session p_isfromfacebook 
				////&& session p_timestamp is valid 
				////&& session p_timestamp is kleiner als 430 
				////&& and current IP == session[clientip]
			//	then do:
				//session_write_close();
				// DO NOT update SQL datebase
				//// just return true
		*/
		
			session_regenerate_id();
			
			$_SESSION["p_clientip"]			= md5($ClientIP);
			$_SESSION["p_timestamp"] 		= intval(time());
			$_SESSION["p_isfromfacebook"] 	= intval(1);
									
			// Fine: you are allowed
			$table 		= $config->sql_tablename_security();
			$pdo		= $conn->prepareQuery();
			$stmt 		= $pdo->prepare("INSERT INTO $table (p_clientip, p_isfromfacebook, p_timestamp) VALUES(:p_clientip, :p_isfromfacebook, :p_timestamp) ON DUPLICATE KEY UPDATE p_clientip=:p_clientip, p_isfromfacebook=:p_isfromfacebook, p_timestamp=:p_timestamp;");
			$stmt->execute(array(':p_clientip'=>$ClientIP,':p_isfromfacebook'=>1,':p_timestamp'=>time()));
			
			//var_dump( $this->checkAccess());
			//$stmt->debugDumpParams();
			//var_dump($stmt->errorInfo());
			//var_dump($stmt->errorCode());
			
			session_write_close();
			$_SERVER['HTTP_REFERER'] = "";
			unset($_SERVER['HTTP_REFERER']);
			unset($_SERVER);
			
			return TRUE;

		} elseif ($this->checkAccess()){
			
			// Fine: you are allowed
			session_write_close();
			return TRUE;
			
		} else {
			
			// Bam: Badass
			session_write_close();
			$this->movePage(301,$config->redirectto_security());
			//echo "construct(): here rediect";
			exit(0);
			
		}
		
		// Bam: Badass
		session_write_close();
		$this->movePage(301,$config->redirectto_security());
		//echo "construct(): here rediect";
		exit(0);
		
	}

	public function checkAccess(){
		
		$config 	= new Config();
		$conn 		= new Connection();
		$ClientIP	= $this->getIp();
		
		$inactiveTimeout = 430;
		
		$table 		= $config->sql_tablename_security();
		$pdo		= $conn->prepareQuery();
		$stmt 		= $pdo->prepare("SELECT * FROM $table WHERE p_clientip=:p_clientip LIMIT 1");
		$stmt->bindValue(':p_clientip', $ClientIP, PDO::PARAM_STR);
		$stmt->execute();
		$rows 				= $stmt->fetchAll(PDO::FETCH_ASSOC);
		
		$curTime			= intval(time());
		$timestampFirst		= intval($rows[0]["p_timestamp"]);
		$isFromFacebook		= $rows[0]["p_isfromfacebook"];
		//echo $curTime ." - " .$timestampFirst .">=<b>$inactiveTimeout</b>:<br>";
		//echo $curTime-$timestampFirst;
		
		if (!empty($timestampFirst) && $isFromFacebook == 1 ){
			if ($curTime-$timestampFirst>=$inactiveTimeout){//7 minuten gilt ein einmaliger referer
				return FALSE; // zeitstempel über 7 minuten -> zugriff auf clone verbieten
			} else {
				return TRUE; // zeitstempel kleiner oder unter 7 minuten -> zugriff auf clone erlauben
			}
		}
		return FALSE;
		
	/*
		var_dump($rows);
		exit;
		$stmt->debugDumpParams();
		var_dump($stmt->errorInfo());
		var_dump($stmt->errorCode());
	*/	
	}

	public function getIp(){
		$proxy_headers = array(
			'CLIENT_IP',
			'FORWARDED',
			'FORWARDED_FOR',
			'FORWARDED_FOR_IP',
			'HTTP_CLIENT_IP',
			'HTTP_FORWARDED',
			'HTTP_FORWARDED_FOR',
			'HTTP_FORWARDED_FOR_IP',
			'HTTP_PC_REMOTE_ADDR',
			'HTTP_PROXY_CONNECTION',
			'HTTP_VIA',
			'HTTP_X_FORWARDED',
			'HTTP_X_FORWARDED_FOR',
			'HTTP_X_FORWARDED_FOR_IP',
			'HTTP_X_IMFORWARDS',
			'HTTP_XROXY_CONNECTION',
			'VIA',
			'X_FORWARDED',
			'X_FORWARDED_FOR'
		);
		$regEx = "/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/";
		foreach ($proxy_headers as $proxy_header) {
			if (isset($_SERVER[$proxy_header])) {
				/* HEADER ist gesetzt und dies ist eine gültige IP */
				return $_SERVER[$proxy_header];
			} else if (stristr(',', $_SERVER[$proxy_header]) !== false) {
				// Behandle mehrere IPs in einer Anfrage
				//(z.B.: X-Forwarded-For: client1, proxy1, proxy2)
				$proxy_header_temp = trim(
					array_shift(explode(',', $_SERVER[$proxy_header]))
				); /* Teile in einzelne IPs, gib die letzte zurück und entferne Leerzeichen */

				// if IPv4 address remove port if exists
				if (preg_match($regEx, $proxy_header_temp)
					&& ($pos_temp = stripos($proxy_header_temp, ':')) !== false
				) {
					$proxy_header_temp = substr($proxy_header_temp, 0, $pos_temp);
				}
				return $proxy_header_temp;
			}
		}

		return $_SERVER['REMOTE_ADDR'];
	}

	public function movePage($num,$url){
	   static $http = array (
		   100 => "HTTP/1.1 100 Continue",
		   101 => "HTTP/1.1 101 Switching Protocols",
		   200 => "HTTP/1.1 200 OK",
		   201 => "HTTP/1.1 201 Created",
		   202 => "HTTP/1.1 202 Accepted",
		   203 => "HTTP/1.1 203 Non-Authoritative Information",
		   204 => "HTTP/1.1 204 No Content",
		   205 => "HTTP/1.1 205 Reset Content",
		   206 => "HTTP/1.1 206 Partial Content",
		   300 => "HTTP/1.1 300 Multiple Choices",
		   301 => "HTTP/1.1 301 Moved Permanently",
		   302 => "HTTP/1.1 302 Found",
		   303 => "HTTP/1.1 303 See Other",
		   304 => "HTTP/1.1 304 Not Modified",
		   305 => "HTTP/1.1 305 Use Proxy",
		   307 => "HTTP/1.1 307 Temporary Redirect",
		   400 => "HTTP/1.1 400 Bad Request",
		   401 => "HTTP/1.1 401 Unauthorized",
		   402 => "HTTP/1.1 402 Payment Required",
		   403 => "HTTP/1.1 403 Forbidden",
		   404 => "HTTP/1.1 404 Not Found",
		   405 => "HTTP/1.1 405 Method Not Allowed",
		   406 => "HTTP/1.1 406 Not Acceptable",
		   407 => "HTTP/1.1 407 Proxy Authentication Required",
		   408 => "HTTP/1.1 408 Request Time-out",
		   409 => "HTTP/1.1 409 Conflict",
		   410 => "HTTP/1.1 410 Gone",
		   411 => "HTTP/1.1 411 Length Required",
		   412 => "HTTP/1.1 412 Precondition Failed",
		   413 => "HTTP/1.1 413 Request Entity Too Large",
		   414 => "HTTP/1.1 414 Request-URI Too Large",
		   415 => "HTTP/1.1 415 Unsupported Media Type",
		   416 => "HTTP/1.1 416 Requested range not satisfiable",
		   417 => "HTTP/1.1 417 Expectation Failed",
		   500 => "HTTP/1.1 500 Internal Server Error",
		   501 => "HTTP/1.1 501 Not Implemented",
		   502 => "HTTP/1.1 502 Bad Gateway",
		   503 => "HTTP/1.1 503 Service Unavailable",
		   504 => "HTTP/1.1 504 Gateway Time-out"
	   );
	   header($http[$num]);
	   header ("Location: $url");
	}
}
?>