File Manager

Current Directory: /home/astoriaah/www/administrator/components/com_admintools/Model
Viewing File: /home/astoriaah/www/administrator/components/com_admintools/Model/QuickStart.php
<?php /** * @package admintools * @copyright Copyright (c)2010-2022 Nicholas K. Dionysopoulos / Akeeba Ltd * @license GNU General Public License version 3, or later */ namespace Akeeba\AdminTools\Admin\Model; defined('_JEXEC') || die; use Akeeba\AdminTools\Admin\Helper\Storage; use FOF40\Container\Container; use FOF40\Model\Model; use FOF40\IP\IPHelper as Ip; use Joomla\CMS\Factory; use Joomla\CMS\Language\Text; use Joomla\CMS\Uri\Uri; class QuickStart extends Model { /** * The parameters storage model * * @var Storage */ private $storageModel; /** * Administrator password protection model * * @var AdminPassword */ private $adminPasswordModel; /** * WAF Config model * * @var ConfigureWAF */ private $wafModel; /** * WAF configuration * * @var array */ private $config; public function __construct(Container $container, $config = []) { parent::__construct($container, $config); $this->storageModel = Storage::getInstance(); $this->adminPasswordModel = $this->container->factory->model('AdminPassword')->tmpInstance(); $this->wafModel = $this->container->factory->model('ConfigureWAF')->tmpInstance(); $this->config = $this->wafModel->getConfig(); } /** * Applies the wizard preferences to the component's configuration * * @return void */ public function applyPreferences() { // Reset all stored settings $this->storageModel->resetContents(); // Apply administrator secret URL parameter $this->config['adminpw'] = $this->getState('adminpw', ''); // Password protect administrator $this->applyAdministratorPassword(); // Apply email on admin login $this->config['emailonadminlogin'] = $this->getState('emailonadminlogin', ''); $this->config['emailonfailedadminlogin'] = $this->getState('emailonadminlogin', ''); // Apply IP whitelist $this->applyIpWhitelist(); // Disable editing backend users' properties $this->config['nonewadmins'] = $this->getState('nonewadmins', 0); // Forbid front-end Super Administrator login $this->config['nofesalogin'] = $this->getState('nofesalogin', 0); // Enable WAF $this->applyWafPreferences($this->getState('enablewaf', 0)); // Apply IP workarounds $this->config['ipworkarounds'] = $this->getState('ipworkarounds', 0); // Apply IP autoban preferences $this->applyAutoban($this->getState('autoban', 0)); // Apply automatic permanent blacklist $this->applyBlacklist($this->getState('autoblacklist', 0)); // Apply email address to report WAF exceptions and blocks $this->config['emailbreaches'] = $this->getState('emailbreaches', ''); $this->config['emailafteripautoban'] = $this->getState('emailbreaches', ''); // Project Honeypot HTTP:BL $this->applyProjectHoneypot($this->getState('bbhttpblkey', '')); // Save the WAF configuration $this->wafModel->saveConfig($this->config); // Apply .htaccess Maker if ($this->getState('htmaker', 0)) { $written = $this->applyHtmaker(); if (!$written) { Factory::getApplication()->enqueueMessage(Text::_('COM_ADMINTOOLS_QUICKSTART_MSG_HTMAKERNOTAPPLIED'), 'error'); } } // Save a flag indicating we no longer need to run the Quick Start $this->storageModel->load(); $this->storageModel->setValue('quickstart', 1, 1); } /** * Is it the Quick Setup Wizard's first run? * * @return bool */ public function isFirstRun() { return $this->storageModel->getValue('quickstart', 0) == 0; } /** * Password protect / unprotect administrator * * @return void */ private function applyAdministratorPassword() { $this->adminPasswordModel->username = $this->getState('admin_username', ''); $this->adminPasswordModel->password = $this->getState('admin_password', ''); $this->adminPasswordModel->resetErrorPages = true; if (empty($this->adminPasswordModel->username) || empty($this->adminPasswordModel->password)) { $this->adminPasswordModel->unprotect(); } else { $this->adminPasswordModel->protect(); } } /** * Apply administrator IP whitelist * * @return void */ private function applyIpWhitelist() { $this->config['ipwl'] = $this->getState('ipwl', 0); if ($this->config['ipwl']) { /** @var WhitelistedAddresses $ipwlModel */ $ipwlModel = $this->container->factory->model('WhitelistedAddresses')->tmpInstance(); $tableName = $ipwlModel->getTableName(); $db = $this->container->db; $db->truncateTable($tableName); $ipwlModel->reset(); $detectedIp = $this->getState('detectedip', ''); if (!empty($detectedIp) && ($detectedIp != Ip::getIp())) { $ipwlModel->save([ 'ip' => $this->getState('detectedip', ''), 'description' => Text::_('COM_ADMINTOOLS_QUICKSTART_MSG_IPADDEDBYWIZARD'), ]); } else { $ipwlModel->save([ 'ip' => Ip::getIp(), 'description' => Text::_('COM_ADMINTOOLS_QUICKSTART_MSG_IPADDEDBYWIZARD'), ]); } } } /** * Apply main WAF preference (global disable/enable) * * @param bool $enabled Should I enable WAF? * * @return void */ private function applyWafPreferences($enabled = true) { $state = $enabled ? 1 : 0; // UploadShield is disabled on Joomla! 3.4.1 and later (it's included in Joomla! itself) $uploadShieldState = version_compare(JVERSION, '3.4.1', 'ge') ? 0 : $state; $newValues = [ 'ipbl' => $state, 'sqlishield' => $state, 'antispam' => 0, 'custgenerator' => $state, 'generator' => 'MYOB', 'tpone' => $state, 'tmpl' => $state, 'template' => $state, 'logbreaches' => 1, 'muashield' => $state, 'rfishield' => $state, 'dfishield' => $state, 'uploadshield' => $uploadShieldState, 'sessionshield' => $state, 'tmplwhitelist' => 'component,system,raw,koowa,cartupdate', 'allowsitetemplate' => 0, 'trackfailedlogins' => $state, 'use403view' => 0, 'iplookup' => 'ip-lookup.net/index.php?ip={ip}', 'iplookupscheme' => 'http', 'saveusersignupip' => $state, 'whitelist_domains' => '.googlebot.com,.search.msn.com', 'reasons_nolog' => '', 'reasons_noemail' => '', 'resetjoomlatfa' => 0, 'email_throttle' => 1, 'selfprotect' => 1, 'criticalfiles' => 1, 'superuserslist' => 0, ]; $this->config = array_merge($this->config, $newValues); } /** * Apply automatic IP ban * * @param bool $enabled Should I enable it? * * @return void */ private function applyAutoban($enabled = true) { $state = $enabled ? 1 : 0; $newValues = [ 'tsrenable' => $state, 'tsrstrikes' => 3, 'tsrnumfreq' => 1, 'tsrfrequency' => 'minute', 'tsrbannum' => 15, 'tsrbanfrequency' => 'minute', ]; $this->config = array_merge($this->config, $newValues); } /** * Apply automatic IP ban * * @param bool $enabled Should I enable it? * * @return void */ private function applyBlacklist($enabled = true) { $state = $enabled ? 1 : 0; $newValues = [ 'permaban' => $state, 'permabannum' => 3, ]; $this->config = array_merge($this->config, $newValues); } /** * Apply Project Honeypot HTTP:BL settings * * @param string $key The HTTP:BL key * * @return void */ private function applyProjectHoneypot($key = '') { $state = empty($key) ? 0 : 1; $newValues = [ 'bbhttpblkey' => $key, 'httpblenable' => $state, 'httpblthreshold' => 25, 'httpblmaxage' => 30, 'httpblblocksuspicious' => 0, ]; $this->config = array_merge($this->config, $newValues); } private function applyHtmaker() { /** @var HtaccessMaker $htMakerModel */ $htMakerModel = $this->container->factory->model('HtaccessMaker')->tmpInstance(); // Get the base bath to the site's root $basePath = Uri::base(true); if (substr($basePath, -14) == '/administrator') { $basePath = substr($basePath, 14); } $basePath = trim($basePath, '/'); $basePath = empty($basePath) ? '/' : ''; // Get the site's hostname $hostname = Uri::getInstance()->getHost(); // Should I redirect non-www to www or vice versa? $wwwRedir = substr($hostname, 0, 4) == 'www.' ? 1 : 2; // Is it an HTTPS site? $isHttps = Uri::getInstance()->getScheme() == 'https'; // Create an object with fine-tuned rules for this site $newConfig = (object) [ // == System configuration == // Host name for HTTPS requests (without https://) 'httpshost' => $hostname, // Host name for HTTP requests (without http://) 'httphost' => $hostname, // Follow symlinks (may cause a blank page or 500 Internal Server Error) 'symlinks' => -1, // Base directory of your site (/ for domain's root) 'rewritebase' => $basePath, // == Optimization and utility == // Set default expiration time to 1 hour 'exptime' => 1, // Automatically compress static resources 'autocompress' => 1, // Redirect index.php to root 'autoroot' => 0, // Redirect www and non-www addresses 'wwwredir' => $wwwRedir, // HSTS Header (for HTTPS-only sites) 'hstsheader' => $isHttps ? 1 : 0, // Set UTF-8 charset as default 'utf8charset' => 0, // == Basic security == // Disable directory listings 'nodirlists' => 0, // Block access from specific user agents 'nohoggers' => 1, // Protect against clickjacking 'clickjacking' => 0, // Reduce MIME type security risks 'reducemimetyperisks' => 0, // Reflected XSS prevention 'reflectedxss' => 0, // Prevent content transformation 'notransform' => 0, // -- Fine-tuning // Allow direct access, including .php files, to these directories 'fullaccessdirs' => [ ], ]; // Pass everything back to the model, it will merge the new config with the default one $htMakerModel->saveConfiguration($newConfig); return $htMakerModel->writeConfigFile(); } }