package it.acxent.cc.servlet; import it.acxent.cc.Attivita; import it.acxent.common.Blacklist; import it.acxent.db.ApplParmFull; import it.acxent.db.DBAdapter; import it.acxent.db.ResParm; import it.acxent.mail.MailMessage; import it.acxent.mail.MailProperties; import it.acxent.servlet.AcMailer; import java.sql.Timestamp; import java.util.Date; import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class CCMailer extends AcMailer { private static final long serialVersionUID = 4639118494615519041L; protected ResParm checkBlacklist(HttpServletRequest req, HttpServletResponse res) { ApplParmFull apFull = getApFull(req); ResParm rp = new ResParm(true); if (apFull.getParm("MAIL_BLACKLIST_AUTO_FILL").isTrue()) { System.out.println(getClass().getName()); Blacklist bl = new Blacklist(apFull); bl.findByIp(apFull.getReqIpAddress(), false); bl.setIpAddress(apFull.getReqIpAddress()); bl.setFatalCount(bl.getFatalCount() + 1L); if (apFull.getParm("MAIL_BLACKLIST_AUTO_ENABLE").isTrue()) { Timestamp tmstStartCount = bl.getTmstStartCount(); double secondiTraFatal = (double)((DBAdapter.getTimestamp().getTime() - tmstStartCount.getTime()) / 1000L); if (secondiTraFatal < 60.0D) { double l_fatalCountMax = apFull.getParm("MAIL_BLACKLIST_MAX_COUNT").getNumeroDouble() * secondiTraFatal / 60.0D; System.out.println("#####\nsecondiFraInviiMailer: " + l_fatalCountMax + " current send mail count for " + bl.getIpAddress() + ": " + bl.getFatalCount() + "\n#####"); if (l_fatalCountMax > 0.0D && (double)bl.getFatalCount() > l_fatalCountMax) { bl.setTmstStartBlacklist(DBAdapter.getTimestamp()); bl.setDescrizione("Too many mailer send. Probably a sql injection attack!!!"); bl.setNotaBlacklist(apFull.getReqUrl()); bl.setFlgAttivo(1L); sendDebugMailMessage(req, "ACXENT MAILER AUTO BLACKLIST :" + bl.getIpAddress(), String.valueOf(bl.getTmstStartBlacklist()) + "\n\n" + String.valueOf(bl.getTmstStartBlacklist())); rp.setStatus(false); rp.setMsg(apFull.translate("Attenzione! Sono stati rilevati troppi invii da questo ip. Il tuo indirizzo ip è stato messo in blacklist:", getLang(req)) + " " + apFull.translate("Attenzione! Sono stati rilevati troppi invii da questo ip. Il tuo indirizzo ip è stato messo in blacklist:", getLang(req))); } } else { bl.setTmstStartCount(DBAdapter.getTimestamp()); bl.setFatalCount(1L); } } bl.save(); } return rp; } protected void sendMail(HttpServletRequest req, HttpServletResponse res) { ApplParmFull apFull = getApFull(req); try { ResParm rp = checkBlacklist(req, res); if (rp.getStatus()) { MailMessage mf = null; String mailMessageFile = getMailMessageFile(req); String lang = getLang(req); String ipAddress = req.getRemoteHost() + " " + req.getRemoteHost(); Date d = new Date(System.currentTimeMillis()); if (!mailMessageFile.isEmpty()) { mf = new MailMessage(apFull, mailMessageFile); Attivita.sendMailStandardData(mf, lang, Attivita.getDefaultInstance(apFull), req); } Enumeration enu = req.getParameterNames(); StringBuffer theMsg = new StringBuffer(""); String attName = ""; String attValue = ""; while (enu.hasMoreElements()) { attName = enu.nextElement(); attValue = getRequestParameter(req, attName); if (!attName.equals("cmd") && !attName.equals("act") && !attName.equals("mailFrom") && !attName.equals("MAIL_FROM_MAILER") && !attName.equals("MAIL_TO_MAILER") && !attName.equals("mailSubject") && !attName.equals("mailOkMsg") && !attName.equals("mailKoMsg") && !attName.equals("mailResponsePage") && !attName.equals("mailFile")) { if (mf != null) { mf.setString(attName, attValue); continue; } theMsg.append(attName); theMsg.append(": "); theMsg.append(attValue); theMsg.append("\n"); } } MailProperties prop = new MailProperties(); if (getRequestParameter(req, "mailTo").trim().isEmpty()) { if (getRequestParameter(req, "MAIL_TO_MAILER").trim().isEmpty()) { prop.setProperty("TO", getParm("MAIL_TO_MAILER").getTesto().trim()); } else { prop.setProperty("TO", getParm(getRequestParameter(req, "MAIL_TO_MAILER")).getTesto().trim()); } } else { prop.setProperty("TO", getRequestParameter(req, getRequestParameter(req, "mailTo").trim())); } if (!getParm("MAIL_BCC_MAILER").getTesto().equals("")) prop.setProperty("BCC", getParm("MAIL_BCC_MAILER").getTesto()); if (getRequestParameter(req, "mailFrom").equals("")) { prop.setProperty("FROM", getParm(getRequestParameter(req, "MAIL_FROM_MAILER")).getTesto()); } else { prop.setProperty("FROM", getRequestParameter(req, "mailFrom")); } prop.setProperty("SUBJECT", getRequestParameter(req, "mailSubject")); if (mf != null) { mf.setString("ip", ipAddress); mf.setString("timestamp", d.toString()); prop.setProperty("MSG", mf.getMessage()); prop.setProperty("ISHTML", String.valueOf(isMessageHtml(mailMessageFile))); } else { theMsg.append("\nIP: "); theMsg.append(ipAddress); theMsg.append("\ntimestamp:"); theMsg.append(d.toString()); theMsg.append("\n"); prop.setProperty("MSG", theMsg.toString()); prop.setProperty("ISHTML", "false"); } DBAdapter.logDebug(true, "\n" + prop.toString()); MailMessage mm = new MailMessage(getApFull()); mm.sendMailMessage(prop, false); if (getRequestParameter(req, "mailOkMsg").equals("")) { sendMessage(req, apFull.translate("La mail e' stata inviata correttamente.", getLang(req))); } else { sendMessage(req, getRequestParameter(req, "mailOkMsg")); } chiamaJsp(req, res); } else { sendMessage(req, rp.getMsg()); chiamaJsp(req, res); } } catch (Exception e) { handleDebug(e); if (getRequestParameter(req, "mailKoMsg").equals("")) { sendMessage(req, apFull.translate("Impossibile inviare mail: ", getLang(req)) + " " + apFull.translate("Impossibile inviare mail: ", getLang(req))); } else { sendMessage(req, getRequestParameter(req, "mailKoMsg") + ": " + getRequestParameter(req, "mailKoMsg")); } chiamaJsp(req, res); } } }