<?php
// $Id: phpids.module,v 1.8.4.2.2.2 2008-03-05 09:11:52 nessiah Exp $
/**
 * Implementation of hook_boot().
 * @ignore : value depends which action will happen
 *   0 = do nothing
 *   1 = only log
 *   2 = log & actions
 */
function phpids_init() {
  global $user;


  $path = dirname(__FILE__);

  if (file_exists(realpath($path . '/IDS/Config/Config.ini')) &&
  variable_get('phpids_enable', 0) == 1 &&
  $user->uid !== "1" &&
  user_access('log phpids') === TRUE) {

    $request = array_merge($_GET, $_POST, $_SESSION);

    // Set the path to phpids
    $phpids_path = realpath(dirname(__FILE__));
    set_include_path(get_include_path(). PATH_SEPARATOR. $phpids_path);
    require_once 'IDS/Init.php';
    require_once 'IDS/Monitor.php';

    $init = IDS_Init::init(dirname(__FILE__) . '/IDS/Config/Config.ini');

    // Set config for drupal

    $init->config['General']['filter_path'] = $path . '/IDS/default_filter.xml';
    $init->config['General']['tmp_path'] = $path . '/IDS/tmp';

    // Check if a external logfile is to use
    if(variable_get('phpids_logging', 0) == 1){
      $init->config['Logging']['path'] = $path . '/IDS/tmp/phpids_log.txt';
    }

    // Ceck if the filter should be cached
    if(variable_get('phpids_filtercache', 0) == 1){
      $init->config['Caching']['path'] = $path . '/IDS/tmp/default_filter.cache';
      $init->config['Caching']['expiration_time'] = variable_get('phpids_cachelifetime', 600);
      $init->config['Caching']['caching'] = 'file';
    } else {
      $init->config['Caching']['caching'] = 'none';
    }

    // Initiate the PHPIDS and fetch the results
    $ids = new IDS_Monitor($request, $init);
    $report = $ids->run();


    if (!$report->isEmpty()) {
      $body = '';
      // Impact of the attack
      $impact = $report->getImpact();

      // Check if email impact and email is valid
      if($impact > variable_get('phpids_maillevel', 9) && valid_email_address(variable_get('phpids_mail', ''))){

        if($user->name){
          $body = t('Username: ') . $user->name . "\n";
        }
        $body .= t('Ipaddress: ') . $user->hostname . "\n";
        $body .= t('Total impact: ') . $report->getImpact() . "\n";
        $body .= t('Affected tags: ') . join(', ', $report->getTags()) . "\n";

         
        foreach ($report->getIterator() as $event ){
          $body .= t('Variable: '). $event->getName() . '|';
          $body .= t('Value: ') . $event->getValue() . "\n";
          $body .= t('Impact: ') . $event->getImpact() . ' | ';
          $body .= t('Tags: ') . join(', ', $event->getTags()) . "\n";
          
          foreach ($event as $filter) {
            $body .= 'Description: ' . $filter->getDescription() .
                            ' | ';
            $body .= 'Tags: ' . join(', ', $filter->getTags()) .
                            "\n";
          }
        }
        
      $mailparams['subject'] = variable_get('phpids_subject', '');
      $mailparams['body'] = $body;
      
      if(drupal_mail('phpids', 'notify', variable_get('phpids_mail', ''), 'en', $mailparams)){
      echo '<b>Mail send</b>';
      } else {
        echo '<b>Mail send not</b>';
      }
      

      }

      watchdog('phpids', $ids->getReport());

      if($impact > variable_get('phpids_warnlevel', 55)){
        $redirect = variable_get('phpids_warnsite', '');
        drupal_goto($redirect);
        exit();
      }


    } else {
     // echo '<a href="?test=%22>XXX<script>alert(1)</script>">No attack detected - click for an example attack</a>';
    }

  }
}


function phpids_mail($key, &$message, $params){
  
  $message['body'] = $params['body'];
  $message['subject'] = $params['subject'];
  
}

function phpids_perm() {

  return array('log phpids', 'administer phpids');

} // function newmodule_perm

/**
 * Implementation of hook_menu().
 */
function phpids_menu() {
  $items['admin/settings/phpids'] = array(
    'title' => 'PHPIDS settings',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('phpids_admin_settings'),
  );

  return $items;
}

/**
 * Implementation of hook_help().
 * TODO: add more documentation.
 */
function phpids_help($path,$arg) {
  switch ($path) {
    case "admin/help#phpids":
      return '<p>'.  t("Add PHPIDS as a security layer for Drupal."). '</p>';
  }
}


/*
 * Callback function to configure PHPIDS
 */
function phpids_admin_settings() {
  // general settings
  $form['general'] = array(
    '#type' => 'fieldset',
    '#title' => t('General'),
  );

  $form['general']['phpids_enable'] = array(
    '#type' => 'checkbox',
    '#title' => t('PHPIDS status'),
    '#default_value' => variable_get('phpids_enable', 0),
    '#description' => t('Genearl Enable/Disable of the Module'),
  );
  $form['general']['phpids_logging'] = array(
    '#type' => 'checkbox',
    '#title' => t('Enable externel file log'),
    '#default_value' => variable_get('phpids_logging', 0),
    '#description' => t('Enable/Disable the external logfile from PHPIDS'),
  );
  $form['general']['phpids_filtercache'] = array(
    '#type' => 'checkbox',
    '#title' => t('Enable filter chache'),
    '#default_value' => variable_get('phpids_filtercache', 0),
    '#description' => t('Enable/Disable the filter chache'),
  );
  $form['general']['phpids_cachelifetime'] = array(
    '#type' => 'textfield',
    '#title' => t('Cachetime'),
    '#default_value' => variable_get('phpids_cachetime', 600),
    '#size' => 5,
    '#maxlenght' => 5,
    '#description' => t('The Time in seconds, before the cache would be renewed'),
  );
  $form['general']['phpids_maillevel'] = array(
    '#type' => 'textfield',
    '#title' => t('Mail impact'),
    '#default_value' => variable_get('phpids_maillevel',9),
    '#size' => 3,
    '#maxlenth' => 2,
    '#description' => t('Sends out mail when this level of impact is reached.'),
  );
  $form['general']['phpids_mail'] = array(
    '#type' => 'textfield',
    '#title' => t('Email'),
    '#default_value' => variable_get('phpids_mail',''),
    '#description' => t('Leave empty if you don\'t want to send out email. Action field on logs overview will display "log" then.'),
  );
  $form['general']['phpids_subject'] = array(
    '#type' => 'textfield',
    '#title' => t('EMail subject'),
    '#default_value' => variable_get('phpids_subject', t('PHPIDS have detect a attack on your website')),
    '#description' => t('The subject from the email, that the system send to you'),
  );

  $form['general']['phpids_warnlevel'] = array(
    '#type' => 'textfield',
    '#title' => t('Redirect impact'),
    '#default_value' => variable_get('phpids_warnlevel',25),
    '#size' => 5,
    '#maxlength' => 5,
    '#description' => t('Redirects to a warning page after this level of impact is reached.'),
  );

  $form['general']['phpids_warnsite'] = array(
     '#type' => 'textfield',
     '#title' => t('Warning page'),
     '#default_value' => variable_get('phpids_warnsite', ''),
     '#description' => t('The redirect site for the attacker. If these field blank, the redirect will go to your front page. If you have a custom page give here the node example node/3'),
  );
  
  return system_settings_form($form) ;
  
}


function phpids_admin_settings_validate($form, &$form_state){

  if(!is_numeric($form_state['values']['phpids_cachelifetime'])){
    form_set_error('phpids_cachelifetime', t('The value of "Cachetime" must be a number'));
  }

  if(!is_numeric($form_state['values']['phpids_maillevel'])){
    form_set_error('phpids_maillevel', t('The value "Mail impact" field must be a number'));
  }

  if(!is_numeric($form_state['values']['phpids_warnlevel'])){
    form_set_error('phpids_warnlevel', t('The value of "Warning impact must be a number"'));
  }

  if(!empty($form_state['values']['phpids_mail']) && !valid_email_address($form_state['values']['phpids_mail'])){
    form_set_error('phpidsmail', t('Field "Email" must be a valid email address'));
  }
}