Adding a lockdown feature to mythweb. We check the user agent (and a …

…get var) to see if it is a search engine or bot or the like. If it is, we lock down the mythweb install until the lockfile is manually removed. The idea is to prevent people from having their installs indexed without their knowledge. It is not perfect, but it is a start. There is a way to disable this feature if the user wants, and it is covered in the updated README file.

git-svn-id: http://svn.mythtv.org/svn/trunk@17580 7dbf422c-18fa-0310-86e9-fd20926502f2

README

@@ -135,10 +135,26 @@ A: First, make sure that if you have enabled some form of authentication that
 Q: I get a "500 server error" (or some other number) when trying to view
     MythWeb.
 A: Check your apache logs for details about what caused the error.  Usually,
-    it means that you didn't set up a required module.  Read the 
+    it means that you didn't set up a required module.  Read the
     mythweb.conf.apache file in more detail to make sure you didn't miss
     an important setup file.
 
+Q: Why is my MythWeb install locked?
+A: Given the absolutely huge number of open mythweb installs, we have added in
+    a automatic lockdown feature when we detect a bot or the like. This is to
+    prevent your install from being indexed, and having all your recordings
+    deleted or someone finding it and setting it to record opera 24x7.
+
+Q: So... how do I unlock the install?
+A: You can unlock the install by removing the file the message screen gives
+    you, but you should secure the install before you do that (read INSTALL)
+
+Q: I don't like you protecting my data... I want the world to mess with my
+    MythTV install!
+A: If you want to disable this feature, set the apache envirnment var
+    MYTHWEB_LOCKDOWN_DISABLE to true and remove the lockdown file, and
+    we will no longer try to protect you.
+
 ======================
 4.0 Submitting Patches
 ======================
@@ -150,5 +166,3 @@ Please create patches against the most recent version of SVN.  I can deal with
 other "diff -u" patches, but if there have been any major changes in SVN (there
 occasionally are), I won't put much effort into trying to make your patch work,
 so please just use SVN.
-
-

includes/init.php

@@ -27,7 +27,7 @@
 
 // Define some common stuff
     require_once 'includes/defines.php';
-// Check out the php version info 
+// Check out the php version info
     require_once 'includes/php_version_check.php';
 
 // Load the error trapping and display routines
@@ -46,6 +46,9 @@
 // Load the translation routines so the modules can translate their descriptions
     require_once 'includes/translate.php';
 
+// Protect the users!
+    require_once 'includes/lockdown.php';
+
 // Include a few useful functions
     require_once 'includes/css.php';
     require_once 'includes/mouseovers.php';

includes/lockdown.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * To attempt to curve the massive amounts of (unintentionally) open mythweb installs, we are attempting to
+ * protect the users by having a automatic lockdown if we detect a 'bot' or if it's specifically requested by a user
+ *
+ * You can disable this feature with the apache env var of MYTHWEB_LOCKDOWN_DISABLE being set to true
+ *
+ * @url         $URL: svn+ssh://svn.mythtv.org/var/lib/svn/trunk/mythplugins/mythweb/includes/lockdown.php $
+ * @date        $Date: 2008-03-07 16:21:55 -0800 (Fri, 07 Mar 2008) $
+ * @version     $Revision: 16436 $
+ * @author      $Author: kormoc $
+ * @license     GPL
+ *
+ * @package     MythWeb
+ *
+/**/
+
+    if ($_SERVER['MYTHWEB_LOCKDOWN_DISABLE'] != true) {
+        if (   stristr('bot',     $_SERVER['HTTP_USER_AGENT']) !== false
+            || stristr('spider',  $_SERVER['HTTP_USER_AGENT']) !== false
+            || stristr('crawler', $_SERVER['HTTP_USER_AGENT']) !== false
+            || stristr('search',  $_SERVER['HTTP_USER_AGENT']) !== false
+            || stristr('yahoo',   $_SERVER['HTTP_USER_AGENT']) !== false
+            || isset($_GET['TRIGGER_MYTHWEB_LOCKDOWN'])
+           )
+            touch('lockdown');
+    }
+
+    if (   $_SERVER['MYTHWEB_LOCKDOWN_DISABLE'] != true && file_exists('lockdown'))
+        tailored_error('lockdown');

modules/_shared/lang/Catalan.lang

@@ -472,6 +472,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Informes
 "Low"

modules/_shared/lang/Czech.lang

@@ -371,6 +371,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
 "Low"
 "Low Space"

modules/_shared/lang/Danish.lang

@@ -459,6 +459,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
 "Low"
     Lav

modules/_shared/lang/Dutch.lang

@@ -456,6 +456,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Logboek
 "Low"

modules/_shared/lang/English.lang

@@ -337,6 +337,10 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+    MythWeb has detected a bot accessing this install. We have locked down the install to prevent any issues with bots deleting all your recordings or allowing other people from accessing your mythweb install without your permission. Please secure your install (read the INSTALL and README files) and remove
+"LOCKDOWN_NOTICE_2"
+    to unlock this install. To disable this feature, read the README file.
 "Logs"
 "Low"
 "Low Space"

modules/_shared/lang/English_GB.lang

@@ -341,6 +341,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
 "Low"
 "Low Space"

modules/_shared/lang/Finnish.lang

@@ -448,6 +448,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Lokit
 "Low"

modules/_shared/lang/French.lang

@@ -415,6 +415,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
 "Low"
     faible

modules/_shared/lang/German.lang

@@ -476,6 +476,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Logs
 "Low"

modules/_shared/lang/Japanese.lang

@@ -456,6 +456,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     ログ
 "Low"

modules/_shared/lang/Polish.lang

@@ -405,6 +405,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Logi
 "Low"

modules/_shared/lang/Slovenian.lang

@@ -603,6 +603,8 @@
     Statistike domačega strežnika
 "Local weather forecast"
     Domača vremenska napoved
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Dnevniki
 "Low"

modules/_shared/lang/Spanish.lang

@@ -471,6 +471,8 @@
 "LOADING"
 "Local Server Statistics"
 "Local weather forecast"
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
 "Low"
     Bajo

modules/_shared/lang/Swedish.lang

@@ -575,6 +575,8 @@
     Lokal serverstatistik
 "Local weather forecast"
     Lokal väderprognos
+"LOCKDOWN_NOTICE"
+"LOCKDOWN_NOTICE_2"
 "Logs"
     Logg
 "Low"

modules/_shared/tmpl/_errors/lockdown.php

@@ -0,0 +1,23 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+    <title>Error</title>
+    <link rel="stylesheet" type="text/css" href="<?php echo root ?>skins/errors.css">
+</head>
+
+<body>
+
+<div id="message">
+
+<h2>MythWeb Locked</h2>
+
+<p>
+<?php
+    echo t('LOCKDOWN_NOTICE').' '.realpath('lockdown').' '.t('LOCKDOWN_NOTICE_2');
+?>
+</p>
+
+</div>
+
+</body>
+</html>