woocommerce/includes/class-wc-geolocation.php

338 lines
12 KiB
PHP
Raw Normal View History

2014-12-23 18:49:37 +00:00
<?php
/**
2015-11-03 13:53:50 +00:00
* Geolocation class
2014-12-23 18:49:37 +00:00
*
* Handles geolocation and updating the geolocation database.
*
* This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com.
2014-12-23 18:49:37 +00:00
*
* @package WooCommerce/Classes
* @version 3.4.0
2014-12-23 18:49:37 +00:00
*/
defined( 'ABSPATH' ) || exit;
2014-12-23 18:49:37 +00:00
/**
2015-11-03 13:31:20 +00:00
* WC_Geolocation Class.
2014-12-23 18:49:37 +00:00
*/
class WC_Geolocation {
2017-11-22 16:13:59 +00:00
/**
* GeoLite IPv4 DB.
*
* @deprecated 3.4.0
2017-11-22 16:13:59 +00:00
*/
const GEOLITE_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz';
/**
* GeoLite IPv6 DB.
*
* @deprecated 3.4.0
2017-11-22 16:13:59 +00:00
*/
const GEOLITE_IPV6_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz';
2014-12-23 18:49:37 +00:00
/**
* GeoLite2 DB.
*
* @since 3.4.0
*/
const GEOLITE2_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz';
2017-11-22 16:13:59 +00:00
/**
* API endpoints for looking up user IP address.
*
* @var array
*/
2014-12-30 11:11:17 +00:00
private static $ip_lookup_apis = array(
'icanhazip' => 'http://icanhazip.com',
2014-12-30 11:11:17 +00:00
'ipify' => 'http://api.ipify.org/',
'ipecho' => 'http://ipecho.net/plain',
'ident' => 'http://ident.me',
2014-12-30 11:11:17 +00:00
'whatismyipaddress' => 'http://bot.whatismyipaddress.com',
);
2017-11-22 16:13:59 +00:00
/**
* API endpoints for geolocating an IP address
*
* @var array
*/
2014-12-30 11:11:17 +00:00
private static $geoip_apis = array(
2016-12-20 11:30:38 +00:00
'freegeoip' => 'https://freegeoip.net/json/%s',
'ipinfo.io' => 'https://ipinfo.io/%s/json',
'ip-api.com' => 'http://ip-api.com/json/%s',
2014-12-30 11:11:17 +00:00
);
/**
* Check if server supports MaxMind GeoLite2 Reader.
*
* @return bool
*/
private static function supports_geolite2() {
return version_compare( PHP_VERSION, '5.4.0', '>=' );
}
2014-12-23 18:49:37 +00:00
/**
* Hook in tabs.
*/
public static function init() {
2017-11-22 16:13:59 +00:00
// Only download the database from MaxMind if the geolocation function is enabled, or a plugin specifically requests it.
if ( self::supports_geolite2() && 'geolocation' === get_option( 'woocommerce_default_customer_address' ) || apply_filters( 'woocommerce_geolocation_update_database_periodically', false ) ) {
add_action( 'woocommerce_geoip_updater', array( __CLASS__, 'update_database' ) );
}
add_filter( 'pre_update_option_woocommerce_default_customer_address', array( __CLASS__, 'maybe_update_database' ), 10, 2 );
}
/**
2015-11-03 13:31:20 +00:00
* Maybe trigger a DB update for the first time.
2017-11-22 16:13:59 +00:00
*
* @param string $new_value New value.
* @param string $old_value Old value.
* @return string
*/
public static function maybe_update_database( $new_value, $old_value ) {
if ( self::supports_geolite2() && $new_value !== $old_value && 'geolocation' === $new_value ) {
self::update_database();
}
return $new_value;
2014-12-23 18:49:37 +00:00
}
2014-12-23 22:03:10 +00:00
/**
2015-11-03 13:31:20 +00:00
* Get current user IP Address.
2017-11-22 16:13:59 +00:00
*
2014-12-23 22:03:10 +00:00
* @return string
*/
public static function get_ip_address() {
2017-11-22 16:13:59 +00:00
if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) ) { // WPCS: input var ok, CSRF ok.
return sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REAL_IP'] ) ); // WPCS: input var ok, CSRF ok.
} elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { // WPCS: input var ok, CSRF ok.
// Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
// Make sure we always only send through the first IP in the list which should always be the client IP.
return (string) rest_is_ip_address( trim( current( preg_split( '/[,:]/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) ) ); // WPCS: input var ok, CSRF ok.
2017-11-22 16:13:59 +00:00
} elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) { // @codingStandardsIgnoreLine
return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); // @codingStandardsIgnoreLine
}
return '';
2014-12-23 22:03:10 +00:00
}
/**
2016-02-26 13:34:51 +00:00
* Get user IP Address using an external service.
* This is used mainly as a fallback for users on localhost where
* get_ip_address() will be a local IP and non-geolocatable.
2017-11-22 16:13:59 +00:00
*
2014-12-23 22:03:10 +00:00
* @return string
*/
public static function get_external_ip_address() {
2017-05-05 19:58:08 +00:00
$external_ip_address = '0.0.0.0';
if ( '' !== self::get_ip_address() ) {
$transient_name = 'external_ip_address_' . self::get_ip_address();
$external_ip_address = get_transient( $transient_name );
}
2014-12-23 22:03:10 +00:00
if ( false === $external_ip_address ) {
2014-12-30 11:11:17 +00:00
$external_ip_address = '0.0.0.0';
$ip_lookup_services = apply_filters( 'woocommerce_geolocation_ip_lookup_apis', self::$ip_lookup_apis );
$ip_lookup_services_keys = array_keys( $ip_lookup_services );
shuffle( $ip_lookup_services_keys );
2014-12-23 22:03:10 +00:00
2014-12-30 11:11:17 +00:00
foreach ( $ip_lookup_services_keys as $service_name ) {
$service_endpoint = $ip_lookup_services[ $service_name ];
$response = wp_safe_remote_get( $service_endpoint, array( 'timeout' => 2 ) );
2014-12-23 22:03:10 +00:00
if ( ! is_wp_error( $response ) && rest_is_ip_address( $response['body'] ) ) {
$external_ip_address = apply_filters( 'woocommerce_geolocation_ip_lookup_api_response', wc_clean( $response['body'] ), $service_name );
2014-12-23 22:03:10 +00:00
break;
}
}
set_transient( $transient_name, $external_ip_address, WEEK_IN_SECONDS );
}
return $external_ip_address;
}
/**
2015-11-03 13:31:20 +00:00
* Geolocate an IP address.
2017-11-22 16:13:59 +00:00
*
* @param string $ip_address IP Address.
* @param bool $fallback If true, fallbacks to alternative IP detection (can be slower).
* @param bool $api_fallback If true, uses geolocation APIs if the database file doesn't exist (can be slower).
2014-12-23 22:03:10 +00:00
* @return array
*/
public static function geolocate_ip( $ip_address = '', $fallback = true, $api_fallback = true ) {
// Filter to allow custom geolocation of the IP address.
$country_code = apply_filters( 'woocommerce_geolocate_ip', false, $ip_address, $fallback, $api_fallback );
if ( false === $country_code ) {
2017-11-22 16:13:59 +00:00
// If GEOIP is enabled in CloudFlare, we can use that (Settings -> CloudFlare Settings -> Settings Overview).
if ( ! empty( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) { // WPCS: input var ok, CSRF ok.
$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) ); // WPCS: input var ok, CSRF ok.
} elseif ( ! empty( $_SERVER['GEOIP_COUNTRY_CODE'] ) ) { // WPCS: input var ok, CSRF ok.
// WP.com VIP has a variable available.
$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['GEOIP_COUNTRY_CODE'] ) ) ); // WPCS: input var ok, CSRF ok.
} elseif ( ! empty( $_SERVER['HTTP_X_COUNTRY_CODE'] ) ) { // WPCS: input var ok, CSRF ok.
// VIP Go has a variable available also.
$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_COUNTRY_CODE'] ) ) ); // WPCS: input var ok, CSRF ok.
} else {
$ip_address = $ip_address ? $ip_address : self::get_ip_address();
2018-03-14 15:42:53 +00:00
$database = self::get_local_database_path();
if ( self::supports_geolite2() && file_exists( $database ) ) {
2018-03-14 15:42:53 +00:00
$country_code = self::geolocate_via_db( $ip_address, $database );
} elseif ( $api_fallback ) {
$country_code = self::geolocate_via_api( $ip_address );
} else {
$country_code = '';
}
2015-01-01 12:43:49 +00:00
if ( ! $country_code && $fallback ) {
2017-11-22 16:13:59 +00:00
// May be a local environment - find external IP.
return self::geolocate_ip( self::get_external_ip_address(), false, $api_fallback );
}
2015-01-01 12:43:49 +00:00
}
2014-12-23 22:03:10 +00:00
}
return array(
'country' => $country_code,
'state' => '',
2014-12-23 22:03:10 +00:00
);
}
/**
2015-11-03 13:31:20 +00:00
* Path to our local db.
2017-11-22 16:13:59 +00:00
*
* @param string $deprecated Deprecated since 3.4.0.
2014-12-23 22:03:10 +00:00
* @return string
*/
public static function get_local_database_path( $deprecated = '2' ) {
2014-12-23 22:03:10 +00:00
$upload_dir = wp_upload_dir();
return apply_filters( 'woocommerce_geolocation_local_database_path', $upload_dir['basedir'] . '/GeoLite2-Country.mmdb', $deprecated );
2014-12-23 22:03:10 +00:00
}
2014-12-23 18:49:37 +00:00
/**
* Update geoip database. Adapted from https://wordpress.org/plugins/geoip-detect/.
*/
public static function update_database() {
$logger = wc_get_logger();
2015-02-17 16:20:26 +00:00
if ( ! self::supports_geolite2() ) {
$logger->notice( 'Required PHP 5.4 to be able to download MaxMind GeoLite2 database', array( 'source' => 'geolocation' ) );
2015-02-17 16:19:33 +00:00
return;
}
2017-11-22 16:13:59 +00:00
require_once ABSPATH . 'wp-admin/includes/file.php';
2014-12-23 18:49:37 +00:00
$upload_dir = wp_upload_dir();
$tmp_database_path = download_url( self::GEOLITE2_DB );
2014-12-23 18:49:37 +00:00
if ( ! is_wp_error( $tmp_database_path ) ) {
try {
// GeoLite2 database name.
$database = 'GeoLite2-Country.mmdb';
$dest_path = $upload_dir['basedir'] . DIRECTORY_SEPARATOR . $database;
// Extract files with PharData. Tool built into PHP since 5.3.
$file = new PharData( $tmp_database_path ); // phpcs:ignore PHPCompatibility.PHP.NewClasses.phardataFound
$file_path = $file->current()->getFileName() . DIRECTORY_SEPARATOR . $database;
// Extract under uploads directory.
$file->extractTo( $upload_dir['basedir'], $file_path, true );
// Remove old database.
@unlink( $dest_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.file_ops_unlink
// Copy database and delete tmp directories.
@rename( $upload_dir['basedir'] . DIRECTORY_SEPARATOR . $file_path, $dest_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.file_ops_rename
@rmdir( $upload_dir['basedir'] . DIRECTORY_SEPARATOR . $file->current()->getFileName() ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.directory_rmdir
// Set correct file permission.
@chmod( $dest_path, 0644 ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.chmod_chmod
} catch ( Exception $e ) {
$logger->notice( $e->getMessage(), array( 'source' => 'geolocation' ) );
// Reschedule download of DB.
wp_clear_scheduled_hook( 'woocommerce_geoip_updater' );
wp_schedule_event( strtotime( 'first tuesday of next month' ), 'monthly', 'woocommerce_geoip_updater' );
2014-12-23 18:49:37 +00:00
}
@unlink( $tmp_database_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.file_ops_unlink
} else {
$logger->notice(
'Unable to download GeoIP Database: ' . $tmp_database_path->get_error_message(),
array( 'source' => 'geolocation' )
);
2014-12-23 18:49:37 +00:00
}
}
/**
* Use MAXMIND GeoLite database to geolocation the user.
2017-11-22 16:13:59 +00:00
*
* @param string $ip_address IP address.
2018-03-14 15:42:53 +00:00
* @param string $database Database path.
2014-12-23 18:49:37 +00:00
* @return string
*/
2018-03-14 15:42:53 +00:00
private static function geolocate_via_db( $ip_address, $database ) {
if ( ! class_exists( 'WC_Geolite_Integration', false ) ) {
require_once WC_ABSPATH . 'includes/class-wc-geolite-integration.php';
2014-12-23 18:49:37 +00:00
}
2015-02-11 17:51:50 +00:00
$geolite = new WC_Geolite_Integration( $database );
2014-12-23 18:49:37 +00:00
return $geolite->get_country_iso( $ip_address );
2014-12-23 18:49:37 +00:00
}
/**
2014-12-30 11:11:17 +00:00
* Use APIs to Geolocate the user.
2017-11-22 16:13:59 +00:00
*
* @param string $ip_address IP address.
2014-12-30 11:11:17 +00:00
* @return string|bool
2014-12-23 18:49:37 +00:00
*/
2014-12-30 11:11:17 +00:00
private static function geolocate_via_api( $ip_address ) {
2014-12-23 18:49:37 +00:00
$country_code = get_transient( 'geoip_' . $ip_address );
if ( false === $country_code ) {
2014-12-30 11:11:17 +00:00
$geoip_services = apply_filters( 'woocommerce_geolocation_geoip_apis', self::$geoip_apis );
$geoip_services_keys = array_keys( $geoip_services );
shuffle( $geoip_services_keys );
2014-12-23 18:49:37 +00:00
2014-12-30 11:11:17 +00:00
foreach ( $geoip_services_keys as $service_name ) {
$service_endpoint = $geoip_services[ $service_name ];
$response = wp_safe_remote_get( sprintf( $service_endpoint, $ip_address ), array( 'timeout' => 2 ) );
2014-12-30 11:11:17 +00:00
if ( ! is_wp_error( $response ) && $response['body'] ) {
switch ( $service_name ) {
2017-11-22 16:13:59 +00:00
case 'ipinfo.io':
2014-12-30 11:11:17 +00:00
$data = json_decode( $response['body'] );
$country_code = isset( $data->country ) ? $data->country : '';
2017-11-22 16:13:59 +00:00
break;
case 'ip-api.com':
2016-12-20 11:30:38 +00:00
$data = json_decode( $response['body'] );
2017-11-22 16:13:59 +00:00
$country_code = isset( $data->countryCode ) ? $data->countryCode : ''; // @codingStandardsIgnoreLine
break;
case 'freegeoip':
2014-12-30 11:11:17 +00:00
$data = json_decode( $response['body'] );
$country_code = isset( $data->country_code ) ? $data->country_code : '';
2017-11-22 16:13:59 +00:00
break;
default:
2014-12-30 11:11:17 +00:00
$country_code = apply_filters( 'woocommerce_geolocation_geoip_response_' . $service_name, '', $response['body'] );
2017-11-22 16:13:59 +00:00
break;
2014-12-30 11:11:17 +00:00
}
$country_code = sanitize_text_field( strtoupper( $country_code ) );
if ( $country_code ) {
break;
}
}
2014-12-23 18:49:37 +00:00
}
2014-12-30 11:11:17 +00:00
set_transient( 'geoip_' . $ip_address, $country_code, WEEK_IN_SECONDS );
2014-12-23 18:49:37 +00:00
}
return $country_code;
}
}
WC_Geolocation::init();