class-wc-geolocation.php — WooCommerce 10.5.2

woocommerce / includes / class-wc-geolocation.php

woocommerce / includes Last commit date

class-wc-geolocation.php

383 lines

1	<?php
2	/**
3	* Geolocation class
4	*
5	* Handles geolocation and updating the geolocation database.
6	*
7	* This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com.
8	*
9	* @package WooCommerce\Classes
10	* @version 3.9.0
11	*/
12
13	defined( 'ABSPATH' ) \|\| exit;
14
15	/**
16	* WC_Geolocation Class.
17	*/
18	class WC_Geolocation {
19
20	/**
21	* GeoLite IPv4 DB.
22	*
23	* @deprecated 3.4.0
24	*/
25	const GEOLITE_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz';
26
27	/**
28	* GeoLite IPv6 DB.
29	*
30	* @deprecated 3.4.0
31	*/
32	const GEOLITE_IPV6_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz';
33
34	/**
35	* GeoLite2 DB.
36	*
37	* @since 3.4.0
38	* @deprecated 3.9.0
39	*/
40	const GEOLITE2_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz';
41
42	/**
43	* API endpoints for looking up user IP address.
44	*
45	* @var array
46	*/
47	private static $ip_lookup_apis = array(
48	'ipify' => 'http://api.ipify.org/',
49	'ipecho' => 'http://ipecho.net/plain',
50	'ident' => 'http://ident.me',
51	'tnedi' => 'http://tnedi.me',
52	);
53
54	/**
55	* API endpoints for geolocating an IP address
56	*
57	* @var array
58	*/
59	private static $geoip_apis = array(
60	'ipinfo.io' => 'https://ipinfo.io/%s/json',
61	'ip-api.com' => 'http://ip-api.com/json/%s',
62	);
63
64	/**
65	* Check if geolocation is enabled.
66	*
67	* @since 3.4.0
68	* @param string $current_settings Current geolocation settings.
69	* @return bool
70	*/
71	private static function is_geolocation_enabled( $current_settings ) {
72	return in_array( $current_settings, array( 'geolocation', 'geolocation_ajax' ), true );
73	}
74
75	/**
76	* Get current user IP Address.
77	*
78	* @return string
79	*/
80	public static function get_ip_address() {
81	if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) ) {
82	return sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REAL_IP'] ) );
83	} elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
84	// Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
85	// Make sure we always only send through the first IP in the list which should always be the client IP.
86	$value = trim( current( preg_split( '/,/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) );
87	// Account for the '<IPv4 address>:<port>', '[<IPv6>]' and '[<IPv6>]:<port>' cases, removing the port.
88	// The regular expression is oversimplified on purpose, later 'rest_is_ip_address' will do the actual IP address validation.
89	$value = preg_replace( '/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\:.\|\[([^]]+)\]./', '$1$2', $value );
90	return (string) rest_is_ip_address( $value );
91	} elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
92	// Make sure we always only send through the first IP in the list which should always be the client IP.
93	$value = trim( current( preg_split( '/,/', sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) ) ) );
94	return (string) rest_is_ip_address( $value );
95	}
96	return '';
97	}
98
99	/**
100	* Get user IP Address using an external service.
101	* This can be used as a fallback for users on localhost where
102	* get_ip_address() will be a local IP and non-geolocatable.
103	*
104	* @return string
105	*/
106	public static function get_external_ip_address() {
107	$external_ip_address = '0.0.0.0';
108
109	if ( '' !== self::get_ip_address() ) {
110	$transient_name = 'external_ip_address_' . self::get_ip_address();
111	$external_ip_address = get_transient( $transient_name );
112	}
113
114	if ( false === $external_ip_address ) {
115	$external_ip_address = '0.0.0.0';
116	$ip_lookup_services = apply_filters( 'woocommerce_geolocation_ip_lookup_apis', self::$ip_lookup_apis );
117	$ip_lookup_services_keys = array_keys( $ip_lookup_services );
118	shuffle( $ip_lookup_services_keys );
119
120	foreach ( $ip_lookup_services_keys as $service_name ) {
121	$service_endpoint = $ip_lookup_services[ $service_name ];
122	$response = wp_safe_remote_get(
123	$service_endpoint,
124	array(
125	'timeout' => 2,
126	'user-agent' => 'WooCommerce/' . wc()->version,
127	)
128	);
129
130	if ( ! is_wp_error( $response ) && rest_is_ip_address( $response['body'] ) ) {
131	$external_ip_address = apply_filters( 'woocommerce_geolocation_ip_lookup_api_response', wc_clean( $response['body'] ), $service_name );
132	break;
133	}
134	}
135
136	set_transient( $transient_name, $external_ip_address, DAY_IN_SECONDS );
137	}
138
139	return $external_ip_address;
140	}
141
142	/**
143	* Geolocate an IP address.
144	*
145	* @param string $ip_address IP Address.
146	* @param bool $fallback If true, fallbacks to alternative IP detection (can be slower).
147	* @param bool $api_fallback If true, uses geolocation APIs if the database file doesn't exist (can be slower).
148	* @return array
149	*/
150	public static function geolocate_ip( $ip_address = '', $fallback = false, $api_fallback = true ) {
151	/**
152	* Filter to allow custom geolocation of the IP address.
153	*
154	* @since 3.9.0
155	* @param string $geolocation Country code.
156	* @param string $ip_address IP Address.
157	* @param bool $fallback If true, fallbacks to alternative IP detection (can be slower).
158	* @param bool $api_fallback If true, uses geolocation APIs if the database file doesn't exist (can be slower).
159	* @return string
160	*/
161	$country_code = apply_filters( 'woocommerce_geolocate_ip', false, $ip_address, $fallback, $api_fallback );
162
163	if ( false !== $country_code ) {
164	return array(
165	'country' => $country_code,
166	'state' => '',
167	'city' => '',
168	'postcode' => '',
169	);
170	}
171
172	if ( empty( $ip_address ) ) {
173	$ip_address = self::get_ip_address();
174	$country_code = self::get_country_code_from_headers();
175	}
176
177	/**
178	* Get geolocation filter.
179	*
180	* @since 3.9.0
181	* @param array $geolocation Geolocation data, including country, state, city, and postcode.
182	* @param string $ip_address IP Address.
183	*/
184	$geolocation = apply_filters(
185	'woocommerce_get_geolocation',
186	array(
187	'country' => $country_code,
188	'state' => '',
189	'city' => '',
190	'postcode' => '',
191	),
192	$ip_address
193	);
194
195	// If we still haven't found a country code, let's consider doing an API lookup.
196	if ( '' === $geolocation['country'] && $api_fallback ) {
197	$geolocation['country'] = self::geolocate_via_api( $ip_address );
198	}
199
200	// It's possible that we're in a local environment, in which case the geolocation needs to be done from the
201	// external address.
202	if ( '' === $geolocation['country'] && $fallback ) {
203	$external_ip_address = self::get_external_ip_address();
204
205	// Only bother with this if the external IP differs.
206	if ( '0.0.0.0' !== $external_ip_address && $external_ip_address !== $ip_address ) {
207	return self::geolocate_ip( $external_ip_address, false, $api_fallback );
208	}
209	}
210
211	return array(
212	'country' => $geolocation['country'],
213	'state' => $geolocation['state'],
214	'city' => $geolocation['city'],
215	'postcode' => $geolocation['postcode'],
216	);
217	}
218
219	/**
220	* Path to our local db.
221	*
222	* @deprecated 3.9.0
223	* @param string $deprecated Deprecated since 3.4.0.
224	* @return string
225	*/
226	public static function get_local_database_path( $deprecated = '2' ) {
227	wc_deprecated_function( 'WC_Geolocation::get_local_database_path', '3.9.0' );
228	$integration = wc()->integrations->get_integration( 'maxmind_geolocation' );
229	return $integration->get_database_service()->get_database_path();
230	}
231
232	/**
233	* Update geoip database.
234	*
235	* @deprecated 3.9.0
236	* Extract files with PharData. Tool built into PHP since 5.3.
237	*/
238	public static function update_database() {
239	wc_deprecated_function( 'WC_Geolocation::update_database', '3.9.0' );
240	$integration = wc()->integrations->get_integration( 'maxmind_geolocation' );
241	$integration->update_database();
242	}
243
244	/**
245	* Fetches the country code from the request headers, if one is available.
246	*
247	* @since 3.9.0
248	* @return string The country code pulled from the headers, or empty string if one was not found.
249	*/
250	private static function get_country_code_from_headers() {
251	$country_code = '';
252
253	$headers = array(
254	'MM_COUNTRY_CODE',
255	'GEOIP_COUNTRY_CODE',
256	'HTTP_CF_IPCOUNTRY',
257	'HTTP_X_COUNTRY_CODE',
258	);
259
260	foreach ( $headers as $header ) {
261	if ( empty( $_SERVER[ $header ] ) ) {
262	continue;
263	}
264
265	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER[ $header ] ) ) );
266	break;
267	}
268
269	return $country_code;
270	}
271
272	/**
273	* Use APIs to Geolocate the user.
274	*
275	* Geolocation APIs can be added through the use of the woocommerce_geolocation_geoip_apis filter.
276	* Provide a name=>value pair for service-slug=>endpoint.
277	*
278	* If APIs are defined, one will be chosen at random to fulfil the request. After completing, the result
279	* will be cached in a transient.
280	*
281	* @param string $ip_address IP address.
282	* @return string
283	*/
284	private static function geolocate_via_api( $ip_address ) {
285	$country_code = get_transient( 'geoip_' . $ip_address );
286
287	if ( false === $country_code ) {
288	$geoip_services = apply_filters( 'woocommerce_geolocation_geoip_apis', self::$geoip_apis );
289
290	if ( empty( $geoip_services ) ) {
291	return '';
292	}
293
294	$geoip_services_keys = array_keys( $geoip_services );
295
296	shuffle( $geoip_services_keys );
297
298	foreach ( $geoip_services_keys as $service_name ) {
299	$service_endpoint = $geoip_services[ $service_name ];
300	$response = wp_safe_remote_get(
301	sprintf( $service_endpoint, $ip_address ),
302	array(
303	'timeout' => 2,
304	'user-agent' => 'WooCommerce/' . wc()->version,
305	)
306	);
307
308	if ( ! is_wp_error( $response ) && $response['body'] ) {
309	switch ( $service_name ) {
310	case 'ipinfo.io':
311	$data = json_decode( $response['body'] );
312	$country_code = isset( $data->country ) ? $data->country : '';
313	break;
314	case 'ip-api.com':
315	$data = json_decode( $response['body'] );
316	$country_code = isset( $data->countryCode ) ? $data->countryCode : ''; // @codingStandardsIgnoreLine
317	break;
318	default:
319	$country_code = apply_filters( 'woocommerce_geolocation_geoip_response_' . $service_name, '', $response['body'] );
320	break;
321	}
322
323	$country_code = sanitize_text_field( strtoupper( $country_code ) );
324
325	if ( $country_code ) {
326	break;
327	}
328	}
329	}
330
331	set_transient( 'geoip_' . $ip_address, $country_code, DAY_IN_SECONDS );
332	}
333
334	return $country_code;
335	}
336
337	/**
338	* Hook in geolocation functionality.
339	*
340	* @deprecated 3.9.0
341	* @return null
342	*/
343	public static function init() {
344	wc_deprecated_function( 'WC_Geolocation::init', '3.9.0' );
345	return null;
346	}
347
348	/**
349	* Prevent geolocation via MaxMind when using legacy versions of php.
350	*
351	* @deprecated 3.9.0
352	* @since 3.4.0
353	* @param string $default_customer_address current value.
354	* @return string
355	*/
356	public static function disable_geolocation_on_legacy_php( $default_customer_address ) {
357	wc_deprecated_function( 'WC_Geolocation::disable_geolocation_on_legacy_php', '3.9.0' );
358
359	if ( self::is_geolocation_enabled( $default_customer_address ) ) {
360	$default_customer_address = 'base';
361	}
362
363	return $default_customer_address;
364	}
365
366	/**
367	* Maybe trigger a DB update for the first time.
368	*
369	* @deprecated 3.9.0
370	* @param string $new_value New value.
371	* @param string $old_value Old value.
372	* @return string
373	*/
374	public static function maybe_update_database( $new_value, $old_value ) {
375	wc_deprecated_function( 'WC_Geolocation::maybe_update_database', '3.9.0' );
376	if ( $new_value !== $old_value && self::is_geolocation_enabled( $new_value ) ) {
377	self::update_database();
378	}
379
380	return $new_value;
381	}
382	}
383