mapleopentech/monorepo
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
monorepo/native/wordpress/ticket-tailor-wp-max/includes/class-security-logger.php

370 lines
10 KiB
PHP
Raw Blame History

<?php
/**
* Ticket Tailor Security Logger
*
* Logs security events and sends alerts
* SECURITY ENHANCEMENT: Complete audit trail for compliance
*/
// Exit if accessed directly
if (!defined('ABSPATH')) {
exit;
}
class Ticket_Tailor_Security_Logger {
/**
* Table name
*/
private $table;
/**
* Constructor
*/
public function __construct() {
global $wpdb;
$this->table = $wpdb->prefix . 'ticket_tailor_security_log';
// Create table if needed
$this->maybe_create_table();
}
/**
* Create security log table
*/
private function maybe_create_table() {
global $wpdb;
// Check if table already exists
$table_exists = $wpdb->get_var($wpdb->prepare(
"SHOW TABLES LIKE %s",
$this->table
));
if ($table_exists) {
return;
}
$charset_collate = $wpdb->get_charset_collate();
$sql = "CREATE TABLE IF NOT EXISTS {$this->table} (
id bigint(20) NOT NULL AUTO_INCREMENT,
event_type varchar(50) NOT NULL,
user_id bigint(20) DEFAULT 0,
ip_address varchar(45) NOT NULL,
details longtext,
timestamp datetime NOT NULL,
PRIMARY KEY (id),
KEY event_type (event_type),
KEY timestamp (timestamp),
KEY ip_address (ip_address)
) {$charset_collate};";
// Only require upgrade.php if we actually need to create the table
if (!function_exists('dbDelta')) {
require_once ABSPATH . 'wp-admin/includes/upgrade.php';
}
dbDelta($sql);
}
/**
* Log security event
*/
public function log_event($event_type, $details = array()) {
global $wpdb;
$wpdb->insert(
$this->table,
array(
'event_type' => sanitize_key($event_type),
'user_id' => get_current_user_id(),
'ip_address' => $this->get_ip(),
'details' => wp_json_encode($details),
'timestamp' => current_time('mysql', 1),
),
array('%s', '%d', '%s', '%s', '%s')
);
}
/**
* Log failed webhook
*/
public function log_failed_webhook($ip, $reason) {
$this->log_event('webhook_failed', array(
'ip' => $ip,
'reason' => $reason,
));
// Check for multiple failures
$recent_failures = $this->count_recent_events('webhook_failed', 300);
if ($recent_failures >= 5) {
$this->send_security_alert('Multiple Failed Webhook Attempts', array(
'count' => $recent_failures,
'ip' => $ip,
'timeframe' => '5 minutes',
));
}
}
/**
* Log successful webhook
*/
public function log_successful_webhook($ip, $event_type) {
$this->log_event('webhook_success', array(
'ip' => $ip,
'webhook_type' => $event_type,
));
}
/**
* Log API key change
*/
public function log_api_key_change($old_key_hash, $new_key_hash) {
$this->log_event('api_key_changed', array(
'old_hash' => substr($old_key_hash, 0, 10),
'new_hash' => substr($new_key_hash, 0, 10),
'user' => wp_get_current_user()->user_login,
));
$this->send_security_alert('API Key Changed', array(
'changed_by' => wp_get_current_user()->user_login,
'ip' => $this->get_ip(),
));
}
/**
* Log settings change
*/
public function log_settings_change($setting_name, $old_value = null, $new_value = null) {
$this->log_event('settings_changed', array(
'setting' => $setting_name,
'changed_by' => wp_get_current_user()->user_login,
'has_old' => !is_null($old_value),
'has_new' => !is_null($new_value),
));
}
/**
* Log failed login attempt
*/
public function log_failed_login($username) {
$this->log_event('login_failed', array(
'username' => $username,
));
// Check for brute force
$recent_failures = $this->count_recent_events('login_failed', 900, $this->get_ip());
if ($recent_failures >= 5) {
$this->send_security_alert('Multiple Failed Login Attempts', array(
'count' => $recent_failures,
'ip' => $this->get_ip(),
'username' => $username,
));
}
}
/**
* Log rate limit exceeded
*/
public function log_rate_limit_exceeded($ip, $context = 'webhook') {
$this->log_event('rate_limit_exceeded', array(
'ip' => $ip,
'context' => $context,
));
}
/**
* Log unauthorized access attempt
*/
public function log_unauthorized_access($resource) {
$this->log_event('unauthorized_access', array(
'resource' => $resource,
'user_id' => get_current_user_id(),
));
}
/**
* Count recent events
*/
private function count_recent_events($event_type, $seconds, $ip = null) {
global $wpdb;
$time_threshold = gmdate('Y-m-d H:i:s', time() - $seconds);
if ($ip) {
return $wpdb->get_var($wpdb->prepare(
"SELECT COUNT(*) FROM {$this->table}
WHERE event_type = %s AND timestamp > %s AND ip_address = %s",
$event_type,
$time_threshold,
$ip
));
} else {
return $wpdb->get_var($wpdb->prepare(
"SELECT COUNT(*) FROM {$this->table}
WHERE event_type = %s AND timestamp > %s",
$event_type,
$time_threshold
));
}
}
/**
* Send security alert email
*/
public function send_security_alert($event_type, $details) {
// Check if alerts are enabled
if (!get_option('ticket_tailor_security_alerts', true)) {
return;
}
$admin_email = get_option('admin_email');
$site_name = get_bloginfo('name');
$site_url = get_bloginfo('url');
$subject = sprintf(
'[%s] Security Alert: %s',
$site_name,
$event_type
);
$message = sprintf(
"Security Event Detected on %s\n\n" .
"Event Type: %s\n" .
"Time: %s UTC\n" .
"IP Address: %s\n" .
"User: %s\n\n" .
"Details:\n%s\n\n" .
"---\n" .
"This is an automated security alert from Ticket Tailor plugin.\n" .
"To disable these alerts, go to: %s/wp-admin/admin.php?page=ticket-tailor-settings",
$site_name,
$event_type,
current_time('Y-m-d H:i:s'),
$this->get_ip(),
wp_get_current_user()->user_login ?: 'Guest',
$this->format_details($details),
$site_url
);
wp_mail($admin_email, $subject, $message);
}
/**
* Format details for email
*/
private function format_details($details) {
$formatted = '';
foreach ($details as $key => $value) {
$formatted .= ' ' . ucfirst(str_replace('_', ' ', $key)) . ': ' . $value . "\n";
}
return $formatted;
}
/**
* Get client IP
*/
private function get_ip() {
$ip_keys = array(
'HTTP_CF_CONNECTING_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_REAL_IP',
'REMOTE_ADDR',
);
foreach ($ip_keys as $key) {
if (!empty($_SERVER[$key])) {
$ip = $_SERVER[$key];
if (strpos($ip, ',') !== false) {
$ip = trim(explode(',', $ip)[0]);
}
if (filter_var($ip, FILTER_VALIDATE_IP)) {
return $ip;
}
}
}
return '0.0.0.0';
}
/**
* Get recent security events
*/
public function get_recent_events($limit = 50, $event_type = null) {
global $wpdb;
if ($event_type) {
return $wpdb->get_results($wpdb->prepare(
"SELECT * FROM {$this->table}
WHERE event_type = %s
ORDER BY timestamp DESC
LIMIT %d",
$event_type,
$limit
));
} else {
return $wpdb->get_results($wpdb->prepare(
"SELECT * FROM {$this->table}
ORDER BY timestamp DESC
LIMIT %d",
$limit
));
}
}
/**
* Clean old logs (older than 90 days)
*/
public function cleanup_old_logs() {
global $wpdb;
$threshold = gmdate('Y-m-d H:i:s', time() - (90 * DAY_IN_SECONDS));
$wpdb->query($wpdb->prepare(
"DELETE FROM {$this->table} WHERE timestamp < %s",
$threshold
));
}
/**
* Get security statistics
*/
public function get_statistics($days = 30) {
global $wpdb;
$threshold = gmdate('Y-m-d H:i:s', time() - ($days * DAY_IN_SECONDS));
$stats = array();
// Total events
$stats['total_events'] = $wpdb->get_var($wpdb->prepare(
"SELECT COUNT(*) FROM {$this->table} WHERE timestamp > %s",
$threshold
));
// Events by type
$stats['by_type'] = $wpdb->get_results($wpdb->prepare(
"SELECT event_type, COUNT(*) as count
FROM {$this->table}
WHERE timestamp > %s
GROUP BY event_type
ORDER BY count DESC",
$threshold
), ARRAY_A);
// Top IPs
$stats['top_ips'] = $wpdb->get_results($wpdb->prepare(
"SELECT ip_address, COUNT(*) as count
FROM {$this->table}
WHERE timestamp > %s
GROUP BY ip_address
ORDER BY count DESC
LIMIT 10",
$threshold
), ARRAY_A);
return $stats;
}
}
Reference in a new issue View git blame Copy permalink