<?php
if (!defined('_PS_VERSION_'))
    exit;

include_once(_PS_MODULE_DIR_.'/ant_alerthack/models/Suspect.php');
class Ant_Alerthack extends Module
{

    public function __construct()
    {
        $this->name = 'ant_alerthack';
        $this->tab = 'administration';
        $this->author = 'Antadis';
        $this->version = '1.0';
        $this->need_instance = 0;

        parent::__construct();

        $this->displayName = $this->l('Alert for hacking tentative');
        $this->description = $this->l('Alert when someone try to make SQL injection in contact form');
    }

    public function install()
    {
        // if (!$this->installDB()){
        //     return false;
        // }

        $hooks = array(
            'ant_alerthack' => array('Ant Alert Hack', 'Called when someone sends some messages in few minutes'),
            'ant_alerthackbefore' => array('Ant Alert Hack Before', 'Called before customer or visitor makes an action'),
        );
        foreach($hooks as $k => $v) {
            if(count(Db::getInstance()->ExecuteS('
                SELECT `id_hook`
                FROM `'._DB_PREFIX_.'hook`
                WHERE `name` = "'.$k.'"
                LIMIT 1
            ')) == 0) {
                Db::getInstance()->ExecuteS('
                    INSERT INTO `'._DB_PREFIX_.'hook`
                    VALUES (DEFAULT, "'.$k.'", "'.$v[0].'", "'.$v[1].'", 0, 0)
                ');
            }
        }

        if(!parent::install()
        || !$this->registerHook('ant_alerthack')
        || !$this->registerHook('ant_alerthackbefore')) {
            return false;
        }

        # Set default configuration values
        Configuration::updateValue('ANT_ALERTHACK_LIMIT', 5);
        Configuration::updateValue('ANT_ALERTHACK_TIME', 1);
        Configuration::updateValue('ANT_ALERTHACK_EMAILS', 'marion@antadis.com');

        return true;
    }

    private function installDB()
    {
        $result = true;
        # Add tables
        $query = '
            CREATE TABLE IF NOT EXISTS `' . _DB_PREFIX_ . 'ant_alerthack_suspect` (
                `id_suspect` INTEGER NOT NULL AUTO_INCREMENT,
                `id_customer` INTEGER DEFAULT 0,
                `email` VARCHAR(128),
                `page` VARCHAR(250),
                `referrer` VARCHAR(250),
                `user_agent` VARCHAR(128),
                `remote_host` VARCHAR(255),
                `remote_ip` VARCHAR(20),
                `condition` VARCHAR(50),
                `is_suspect` INTEGER DEFAULT 0,
                `date_add` DATETIME NOT NULL,
                `date_upd` DATETIME NOT NULL,
                PRIMARY KEY(`id_suspect`)
            ) ENGINE=' . _MYSQL_ENGINE_ . ' DEFAULT CHARSET=utf8
        ';

        $result = Db::getInstance()->Execute($query);

        return $result;
    }


    public function uninstall() {

        if(parent::uninstall() == false) {
            return false;
        }

        Configuration::deleteByName('ANT_ALERTHACK_LIMIT');
        Configuration::deleteByName('ANT_ALERTHACK_TIME');
        Configuration::deleteByName('ANT_ALERTHACK_EMAILS');

        return true;
    }

    public function hookAnt_Alerthackbefore($params) {
        global $cookie;
        return true;
    }

    public function hookAnt_Alerthack($params) {
        global $cookie;
        $min = (int)Configuration::get('ANT_ALERTHACK_TIME');
        $count_limit = (int)Configuration::get('ANT_ALERTHACK_LIMIT');
        $id_customer = ($params['id_customer']?$params['id_customer']:'');

        $count = Db::getInstance()->getValue('
            SELECT COUNT(m.`id_customer_message`)
            FROM `'._DB_PREFIX_.'customer_message` m
            LEFT JOIN `'._DB_PREFIX_.'customer_thread` t ON (t.`id_customer_thread` = m.`id_customer_thread`)
            WHERE (
                t.`email` = "'.pSQL($params['email']).'"
                '.(!empty($id_customer)?' OR t.`id_customer` = '.(int)$id_customer:'').'
            )
            AND m.`date_add` < NOW() AND m.`date_add` > DATE_SUB(NOW(), INTERVAL '.$min.' MINUTE)
        ');

        if($count >= $count_limit){
            $info = array(
                'count' => (int)$count,
                'time'  => (int)$min
            );
            $this->saveInfo($info, $params['email'], $id_customer);

            $emails = Configuration::get('ANT_ALERTHACK_EMAILS');
            $to = explode(',', $emails);
            $data = array(
                '{limit}'         => (int)Configuration::get('ANT_ALERTHACK_LIMIT'),
                '{time}'          => (int)Configuration::get('ANT_ALERTHACK_TIME'),
                '{suspect_email}' => $params['email'],
            );
            foreach ($to as $email) {
                Mail::Send((int)$cookie->id_lang, 'ant_alerthack', 'Alert Hack', $data, $to);
            }
        }
    }

    public function saveInfo($info, $email, $id_customer = '')
    {

        $remoteIP = $_SERVER['REMOTE_ADDR'];
        if (strstr($remoteIP, ', ')) {
            $ips = explode(', ', $remoteIP);
            $remoteIP = $ips[0];
        }
        $page = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}";
        $page .= (!empty($_SERVER['QUERY_STRING'])? $_SERVER['QUERY_STRING']:'');
        $referrer = $_SERVER['HTTP_REFERER'];
        $useragent = $_SERVER['HTTP_USER_AGENT'];
        $remotehost = gethostbyaddr($remoteIP);
        $is_exist = Db::getInstance()->getRow('
            SELECT `id_suspect`
            FROM `'._DB_PREFIX_.'ant_alerthack_suspect`
            WHERE `email` = "'.pSQL($email).'"
        ');
        if($is_exist){
            $suspect = new Suspect((int)$is_exist['id_suspect']);
        } else {
            $suspect = new Suspect();
        }
        $suspect->id_customer    = (!empty($id_customer)?$id_customer:0);
        $suspect->email          = pSQL($email);
        $suspect->page           = pSQL($page);
        $suspect->user_agent     = pSQL($useragent);
        $suspect->remote_host    = pSQL($remotehost);
        $suspect->remote_ip      = pSQL($remoteIP);
        $suspect->referrer       = pSQL($referrer);
        $suspect->is_suspect     = 1;
        $suspect->condition      = pSQL($info['count'].' messages in '.$info['time'].' minutes');
        $suspect->save();
    }

}