Skip to content

Commit

Permalink
Update the Polls plugin so it can work with IP anonymization
Browse files Browse the repository at this point in the history
  • Loading branch information
@mystralkk
mystralkk committed Jun 5, 2021
1 parent 9dbcd6f commit 3ad7dee
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 24 deletions.
2 changes: 1 addition & 1 deletion plugins/polls/autoinstall.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Polls Plugin 2.1 |
// | Polls Plugin 2.2 |
// +---------------------------------------------------------------------------+
// | autoinstall.php |
// | |
Expand Down
45 changes: 39 additions & 6 deletions plugins/polls/functions.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -801,9 +801,10 @@ function POLLS_pollsave($pid, $aid)
}

// This always does an insert so no need to provide key_field and key_value args
$seq = \Geeklog\IP::getSeq();
DB_query(
"INSERT INTO {$_TABLES['pollvoters']} (ipaddress, date, pid) "
. "VALUES ('" . DB_escapeString(\Geeklog\IP::getIPAddress()) . "', " . time() . ", '" . DB_escapeString($pid) . "')");
"INSERT INTO {$_TABLES['pollvoters']} (seq, date, pid) "
. "VALUES ($seq, " . time() . ", '" . DB_escapeString($pid) . "')");
$retval .= COM_showMessageText(
$LANG_POLLS['savedvotemsg'] . ' "'
. DB_getItem($_TABLES['polltopics'], 'topic', "pid = '" . DB_escapeString($pid) . "'") . '"',
Expand Down Expand Up @@ -1030,10 +1031,16 @@ function POLLS_ipAlreadyVoted($pid, $ip = '')
$ip = \Geeklog\IP::getIPAddress();
}

if (DB_count($_TABLES['pollvoters'],
array('ipaddress', 'pid'),
array(DB_escapeString($ip), DB_escapeString($pid))) > 0
) {
$ip = DB_escapeString($ip);
$pid = DB_escapeString($pid);
$sql = "SELECT COUNT(p.*) AS cnt FROM {$_TABLES['pollvoters']} AS p "
. "LEFT JOIN {$_TABLES['ip_addresses']} AS i "
. "ON p.seq = i.seq "
. "WHERE (i.ipaddress = '$ip') AND (p.pid = '$pid')";
$result = DB_query($sql);
$A = DB_fetchArray($result, false);

if (is_array($A) && isset($A['cnt']) && ($A['cnt'] > 0)) {
$retval = true;
}

Expand Down Expand Up @@ -1399,6 +1406,32 @@ function plugin_upgrade_polls()
break;

case '2.2.0':
// Add 'seq' column
if (isset($_UPDATES[$current_version])) {
$_SQL = $_UPDATES[$current_version];
foreach ($_SQL as $sql) {
DB_query($sql);
}
}

// Move IP addresses to the 'ip_addresses' table
$result = DB_query("SELECT id, ipaddress FROM {$_TABLES['pollvoters']}");
$rows = [];

while (($A = DB_fetchArray($result, false)) !== false) {
$rows[] = $A;
}

foreach ($rows as $row) {
$id = (int) $row['id'];
$ipAddress = $row['ipaddress'];
$seq = \Geeklog\IP::getSeq($ipAddress);
DB_query("UPDATE {$_TABLES['pollvoters']} SET seq = $seq WHERE id = $id");
}

// Drop the 'ipaddress' column
DB_query("ALTER TABLE {$_TABLES['pollvoters']} DROP COLUMN ipaddress");

$current_version = '2.2.1'; // Ships with Geeklog v2.2.2
break;

Expand Down
6 changes: 3 additions & 3 deletions plugins/polls/sql/mysql_install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Polls Plugin 2.1 |
// | Polls Plugin 2.2 |
// +---------------------------------------------------------------------------+
// | mysql_install.php |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2010 by the following authors: |
// | Copyright (C) 2000-2021 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
// | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
Expand Down Expand Up @@ -94,7 +94,7 @@
CREATE TABLE {$_TABLES['pollvoters']} (
id int(10) unsigned NOT NULL auto_increment,
pid varchar(128) NOT NULL,
ipaddress varchar(39) NOT NULL default '',
seq INT NOT NULL DEFAULT 0,
date int(10) unsigned default NULL,
PRIMARY KEY (id)
) ENGINE=MyISAM
Expand Down
11 changes: 8 additions & 3 deletions plugins/polls/sql/mysql_updates.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Polls Plugin 2.1 |
// | Polls Plugin 2.2 |
// +---------------------------------------------------------------------------+
// | mysql_updates.php |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2008-2011 by the following authors: |
// | Copyright (C) 2008-2021 by the following authors: |
// | |
// | Authors: Dirk Haun - dirk AT haun-online DOT de |
// +---------------------------------------------------------------------------+
Expand Down Expand Up @@ -110,7 +110,12 @@
// Fix for sql upgrade bug in Polls v1.1.0 where qid added as varchar(20) and not mediumint(9)
// Only needed for mysql version since pgsql was not available for Polls Plugin v1.1.0
"ALTER TABLE {$_TABLES['pollanswers']} CHANGE `qid` `qid` MEDIUMINT(9) NOT NULL DEFAULT '0'"
)
),

'2.2.0' => [
// Add 'seq' column for IP anonymization
"ALTER TABLE {$_TABLES['pollvoters']} ADD COLUMN seq INT NOT NULL DEFAULT 0",
],
);

/**
Expand Down
6 changes: 3 additions & 3 deletions plugins/polls/sql/pgsql_install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Polls Plugin 2.1 |
// | Polls Plugin 2.2 |
// +---------------------------------------------------------------------------+
// | pgsql_install.php |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2009-2010 by the following authors: |
// | Copyright (C) 2009-2021 by the following authors: |
// | |
// | Authors: Stansislav Palatnik - spalatnikk AT gmail DOT com |
// +---------------------------------------------------------------------------+
Expand Down Expand Up @@ -87,7 +87,7 @@
CREATE TABLE {$_TABLES['pollvoters']} (
id SERIAL,
pid varchar(128) NOT NULL,
ipaddress varchar(15) NOT NULL default '',
seq INT NOT NULL DEFAULT 0,
date int default NULL,
PRIMARY KEY (id))
";
Expand Down
10 changes: 8 additions & 2 deletions plugins/polls/sql/pgsql_updates.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Polls Plugin 2.1 |
// | Polls Plugin 2.2 |
// +---------------------------------------------------------------------------+
// | pgsql_updates.php |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2008-2010 by the following authors: |
// | Copyright (C) 2008-2021 by the following authors: |
// | |
// | Authors: Dirk Haun - dirk AT haun-online DOT de |
// +---------------------------------------------------------------------------+
Expand Down Expand Up @@ -60,6 +60,12 @@
"ALTER TABLE {$_TABLES['pollquestions']} ADD `description` TEXT NULL",
"ALTER TABLE {$_TABLES['polltopics']} ADD `description` TEXT NULL",
),

'2.2.0' => [
// Add 'seq' column for IP anonymization
"ALTER TABLE {$_TABLES['pollvoters']} ADD COLUMN seq INT NOT NULL DEFAULT 0",
],

);

/**
Expand Down
12 changes: 6 additions & 6 deletions system/classes/IP.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
* @copyright (C) 2004-2017 Tom Willett - tomw AT pigstye DOT net
* @copyright (C) 2017-2021 Kenji ITO - mystralkk AT gmail DOT com
* @license GPL
* @note most of the code below were taken from IP.Examine.class.php created by Tom Willett.
* @note some of the code below was taken from 'IP.Examine.class.php' created by Tom Willett.
*/
abstract class IP
{
Expand Down Expand Up @@ -44,7 +44,7 @@ abstract class IP
/**
* @var string
*/
private static $ipAddress;
private static $originalIpAddress;

/**
* Initialize the IP class
Expand All @@ -63,7 +63,7 @@ public static function init($ipAddressTable = 'gl_ip_addresses', $anonymizationP
}
self::$anonymizationPolicy = $anonymizationPolicy;

self::$ipAddress = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.01';
self::$originalIpAddress = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.01';
// $_SERVER['REMOTE_ADDR'] = '0.0.0.0'; // some time in the future
self::$isInitialized = true;
}
Expand Down Expand Up @@ -181,13 +181,13 @@ public static function isValidIPv6($ipAddress)
}

/**
* Return the original $_SERVER['REMOTE_ADDR']
* Return the original (unanonymized) $_SERVER['REMOTE_ADDR']
*
* @return string
*/
public static function getIPAddress()
{
return self::$ipAddress;
return self::$originalIpAddress;
}

/**
Expand Down Expand Up @@ -236,7 +236,7 @@ public static function anonymize($ipAddress, $anonymizationPolicy = null)
public static function getSeq($ipAddress = null)
{
if (empty($ipAddress)) {
$ipAddress = self::$ipAddress;
$ipAddress = self::$originalIpAddress;
}

if (self::$anonymizationPolicy === self::POLICY_ANONYMIZE_IMMEDIATELY) {
Expand Down

0 comments on commit 3ad7dee

Please sign in to comment.