class-wc-geolocation.php — WooCommerce 3.4.1

woocommerce / includes / class-wc-geolocation.php

woocommerce / includes Last commit date

class-wc-geolocation.php

379 lines

1	<?php
2	/**
3	* Geolocation class
4	*
5	* Handles geolocation and updating the geolocation database.
6	*
7	* This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com.
8	*
9	* @package WooCommerce/Classes
10	* @version 3.4.0
11	*/
12
13	defined( 'ABSPATH' ) \|\| exit;
14
15	/**
16	* WC_Geolocation Class.
17	*/
18	class WC_Geolocation {
19
20	/**
21	* GeoLite IPv4 DB.
22	*
23	* @deprecated 3.4.0
24	*/
25	const GEOLITE_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz';
26
27	/**
28	* GeoLite IPv6 DB.
29	*
30	* @deprecated 3.4.0
31	*/
32	const GEOLITE_IPV6_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz';
33
34	/**
35	* GeoLite2 DB.
36	*
37	* @since 3.4.0
38	*/
39	const GEOLITE2_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz';
40
41	/**
42	* API endpoints for looking up user IP address.
43	*
44	* @var array
45	*/
46	private static $ip_lookup_apis = array(
47	'icanhazip' => 'http://icanhazip.com',
48	'ipify' => 'http://api.ipify.org/',
49	'ipecho' => 'http://ipecho.net/plain',
50	'ident' => 'http://ident.me',
51	'whatismyipaddress' => 'http://bot.whatismyipaddress.com',
52	);
53
54	/**
55	* API endpoints for geolocating an IP address
56	*
57	* @var array
58	*/
59	private static $geoip_apis = array(
60	'ipinfo.io' => 'https://ipinfo.io/%s/json',
61	'ip-api.com' => 'http://ip-api.com/json/%s',
62	);
63
64	/**
65	* Check if server supports MaxMind GeoLite2 Reader.
66	*
67	* @since 3.4.0
68	* @return bool
69	*/
70	private static function supports_geolite2() {
71	return version_compare( PHP_VERSION, '5.4.0', '>=' );
72	}
73
74	/**
75	* Check if geolocation is enabled.
76	*
77	* @since 3.4.0
78	* @param string $current_settings Current geolocation settings.
79	* @return bool
80	*/
81	private static function is_geolocation_enabled( $current_settings ) {
82	return in_array( $current_settings, array( 'geolocation', 'geolocation_ajax' ), true );
83	}
84
85	/**
86	* Prevent geolocation via MaxMind when using legacy versions of php.
87	*
88	* @since 3.4.0
89	* @param string $default_customer_address current value.
90	* @return string
91	*/
92	public static function disable_geolocation_on_legacy_php( $default_customer_address ) {
93	if ( self::is_geolocation_enabled( $default_customer_address ) ) {
94	$default_customer_address = 'base';
95	}
96
97	return $default_customer_address;
98	}
99
100	/**
101	* Hook in geolocation functionality.
102	*/
103	public static function init() {
104	if ( self::supports_geolite2() ) {
105	// Only download the database from MaxMind if the geolocation function is enabled, or a plugin specifically requests it.
106	if ( self::is_geolocation_enabled( get_option( 'woocommerce_default_customer_address' ) ) \|\| apply_filters( 'woocommerce_geolocation_update_database_periodically', false ) ) {
107	add_action( 'woocommerce_geoip_updater', array( __CLASS__, 'update_database' ) );
108	}
109
110	// Trigger database update when settings are changed to enable geolocation.
111	add_filter( 'pre_update_option_woocommerce_default_customer_address', array( __CLASS__, 'maybe_update_database' ), 10, 2 );
112	} else {
113	add_filter( 'pre_option_woocommerce_default_customer_address', array( __CLASS__, 'disable_geolocation_on_legacy_php' ) );
114	}
115	}
116
117	/**
118	* Maybe trigger a DB update for the first time.
119	*
120	* @param string $new_value New value.
121	* @param string $old_value Old value.
122	* @return string
123	*/
124	public static function maybe_update_database( $new_value, $old_value ) {
125	if ( $new_value !== $old_value && self::is_geolocation_enabled( $new_value ) ) {
126	self::update_database();
127	}
128
129	return $new_value;
130	}
131
132	/**
133	* Get current user IP Address.
134	*
135	* @return string
136	*/
137	public static function get_ip_address() {
138	if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) ) { // WPCS: input var ok, CSRF ok.
139	return sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REAL_IP'] ) ); // WPCS: input var ok, CSRF ok.
140	} elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { // WPCS: input var ok, CSRF ok.
141	// Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
142	// Make sure we always only send through the first IP in the list which should always be the client IP.
143	return (string) rest_is_ip_address( trim( current( preg_split( '/[,:]/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) ) ); // WPCS: input var ok, CSRF ok.
144	} elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) { // @codingStandardsIgnoreLine
145	return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); // @codingStandardsIgnoreLine
146	}
147	return '';
148	}
149
150	/**
151	* Get user IP Address using an external service.
152	* This is used mainly as a fallback for users on localhost where
153	* get_ip_address() will be a local IP and non-geolocatable.
154	*
155	* @return string
156	*/
157	public static function get_external_ip_address() {
158	$external_ip_address = '0.0.0.0';
159
160	if ( '' !== self::get_ip_address() ) {
161	$transient_name = 'external_ip_address_' . self::get_ip_address();
162	$external_ip_address = get_transient( $transient_name );
163	}
164
165	if ( false === $external_ip_address ) {
166	$external_ip_address = '0.0.0.0';
167	$ip_lookup_services = apply_filters( 'woocommerce_geolocation_ip_lookup_apis', self::$ip_lookup_apis );
168	$ip_lookup_services_keys = array_keys( $ip_lookup_services );
169	shuffle( $ip_lookup_services_keys );
170
171	foreach ( $ip_lookup_services_keys as $service_name ) {
172	$service_endpoint = $ip_lookup_services[ $service_name ];
173	$response = wp_safe_remote_get( $service_endpoint, array( 'timeout' => 2 ) );
174
175	if ( ! is_wp_error( $response ) && rest_is_ip_address( $response['body'] ) ) {
176	$external_ip_address = apply_filters( 'woocommerce_geolocation_ip_lookup_api_response', wc_clean( $response['body'] ), $service_name );
177	break;
178	}
179	}
180
181	set_transient( $transient_name, $external_ip_address, WEEK_IN_SECONDS );
182	}
183
184	return $external_ip_address;
185	}
186
187	/**
188	* Geolocate an IP address.
189	*
190	* @param string $ip_address IP Address.
191	* @param bool $fallback If true, fallbacks to alternative IP detection (can be slower).
192	* @param bool $api_fallback If true, uses geolocation APIs if the database file doesn't exist (can be slower).
193	* @return array
194	*/
195	public static function geolocate_ip( $ip_address = '', $fallback = true, $api_fallback = true ) {
196	// Filter to allow custom geolocation of the IP address.
197	$country_code = apply_filters( 'woocommerce_geolocate_ip', false, $ip_address, $fallback, $api_fallback );
198
199	if ( false === $country_code ) {
200	// If GEOIP is enabled in CloudFlare, we can use that (Settings -> CloudFlare Settings -> Settings Overview).
201	if ( ! empty( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) { // WPCS: input var ok, CSRF ok.
202	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) ); // WPCS: input var ok, CSRF ok.
203	} elseif ( ! empty( $_SERVER['GEOIP_COUNTRY_CODE'] ) ) { // WPCS: input var ok, CSRF ok.
204	// WP.com VIP has a variable available.
205	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['GEOIP_COUNTRY_CODE'] ) ) ); // WPCS: input var ok, CSRF ok.
206	} elseif ( ! empty( $_SERVER['HTTP_X_COUNTRY_CODE'] ) ) { // WPCS: input var ok, CSRF ok.
207	// VIP Go has a variable available also.
208	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_COUNTRY_CODE'] ) ) ); // WPCS: input var ok, CSRF ok.
209	} else {
210	$ip_address = $ip_address ? $ip_address : self::get_ip_address();
211	$database = self::get_local_database_path();
212
213	if ( self::supports_geolite2() && file_exists( $database ) ) {
214	$country_code = self::geolocate_via_db( $ip_address, $database );
215	} elseif ( $api_fallback ) {
216	$country_code = self::geolocate_via_api( $ip_address );
217	} else {
218	$country_code = '';
219	}
220
221	if ( ! $country_code && $fallback ) {
222	// May be a local environment - find external IP.
223	return self::geolocate_ip( self::get_external_ip_address(), false, $api_fallback );
224	}
225	}
226	}
227
228	return array(
229	'country' => $country_code,
230	'state' => '',
231	);
232	}
233
234	/**
235	* Path to our local db.
236	*
237	* @param string $deprecated Deprecated since 3.4.0.
238	* @return string
239	*/
240	public static function get_local_database_path( $deprecated = '2' ) {
241	$upload_dir = wp_upload_dir();
242
243	return apply_filters( 'woocommerce_geolocation_local_database_path', $upload_dir['basedir'] . '/GeoLite2-Country.mmdb', $deprecated );
244	}
245
246	/**
247	* Update geoip database.
248	*/
249	public static function update_database() {
250	$logger = wc_get_logger();
251
252	if ( ! self::supports_geolite2() ) {
253	$logger->notice( 'Requires PHP 5.4 to be able to download MaxMind GeoLite2 database', array( 'source' => 'geolocation' ) );
254	return;
255	}
256
257	require_once ABSPATH . 'wp-admin/includes/file.php';
258
259	$upload_dir = wp_upload_dir();
260	$tmp_database_path = download_url( self::GEOLITE2_DB );
261
262	if ( ! is_wp_error( $tmp_database_path ) ) {
263	try {
264	// GeoLite2 database name.
265	$database = 'GeoLite2-Country.mmdb';
266	$dest_path = trailingslashit( $upload_dir['basedir'] ) . $database;
267
268	// Extract files with PharData. Tool built into PHP since 5.3.
269	$file = new PharData( $tmp_database_path ); // phpcs:ignore PHPCompatibility.PHP.NewClasses.phardataFound
270	$file_path = trailingslashit( $file->current()->getFileName() ) . $database;
271
272	// Extract under uploads directory.
273	$file->extractTo( $upload_dir['basedir'], $file_path, true );
274
275	// Remove old database.
276	@unlink( $dest_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.file_ops_unlink
277
278	// Copy database and delete tmp directories.
279	@rename( trailingslashit( $upload_dir['basedir'] ) . $file_path, $dest_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.file_ops_rename
280	@rmdir( trailingslashit( $upload_dir['basedir'] ) . $file->current()->getFileName() ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.directory_rmdir
281
282	// Set correct file permission.
283	@chmod( $dest_path, 0644 ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.chmod_chmod
284	} catch ( Exception $e ) {
285	$logger->notice( $e->getMessage(), array( 'source' => 'geolocation' ) );
286
287	// Reschedule download of DB.
288	wp_clear_scheduled_hook( 'woocommerce_geoip_updater' );
289	wp_schedule_event( strtotime( 'first tuesday of next month' ), 'monthly', 'woocommerce_geoip_updater' );
290	}
291
292	@unlink( $tmp_database_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.FileSystemWritesDisallow.file_ops_unlink
293	} else {
294	$logger->notice(
295	'Unable to download GeoIP Database: ' . $tmp_database_path->get_error_message(),
296	array( 'source' => 'geolocation' )
297	);
298	}
299	}
300
301	/**
302	* Use MAXMIND GeoLite database to geolocation the user.
303	*
304	* @param string $ip_address IP address.
305	* @param string $database Database path.
306	* @return string
307	*/
308	private static function geolocate_via_db( $ip_address, $database ) {
309	if ( ! class_exists( 'WC_Geolite_Integration', false ) ) {
310	require_once WC_ABSPATH . 'includes/class-wc-geolite-integration.php';
311	}
312
313	$geolite = new WC_Geolite_Integration( $database );
314
315	return $geolite->get_country_iso( $ip_address );
316	}
317
318	/**
319	* Use APIs to Geolocate the user.
320	*
321	* Geolocation APIs can be added through the use of the woocommerce_geolocation_geoip_apis filter.
322	* Provide a name=>value pair for service-slug=>endpoint.
323	*
324	* If APIs are defined, one will be chosen at random to fulfil the request. After completing, the result
325	* will be cached in a transient.
326	*
327	* @param string $ip_address IP address.
328	* @return string
329	*/
330	private static function geolocate_via_api( $ip_address ) {
331	$country_code = get_transient( 'geoip_' . $ip_address );
332
333	if ( false === $country_code ) {
334	$geoip_services = apply_filters( 'woocommerce_geolocation_geoip_apis', self::$geoip_apis );
335
336	if ( empty( $geoip_services ) ) {
337	return '';
338	}
339
340	$geoip_services_keys = array_keys( $geoip_services );
341
342	shuffle( $geoip_services_keys );
343
344	foreach ( $geoip_services_keys as $service_name ) {
345	$service_endpoint = $geoip_services[ $service_name ];
346	$response = wp_safe_remote_get( sprintf( $service_endpoint, $ip_address ), array( 'timeout' => 2 ) );
347
348	if ( ! is_wp_error( $response ) && $response['body'] ) {
349	switch ( $service_name ) {
350	case 'ipinfo.io':
351	$data = json_decode( $response['body'] );
352	$country_code = isset( $data->country ) ? $data->country : '';
353	break;
354	case 'ip-api.com':
355	$data = json_decode( $response['body'] );
356	$country_code = isset( $data->countryCode ) ? $data->countryCode : ''; // @codingStandardsIgnoreLine
357	break;
358	default:
359	$country_code = apply_filters( 'woocommerce_geolocation_geoip_response_' . $service_name, '', $response['body'] );
360	break;
361	}
362
363	$country_code = sanitize_text_field( strtoupper( $country_code ) );
364
365	if ( $country_code ) {
366	break;
367	}
368	}
369	}
370
371	set_transient( 'geoip_' . $ip_address, $country_code, WEEK_IN_SECONDS );
372	}
373
374	return $country_code;
375	}
376	}
377
378	WC_Geolocation::init();
379