class-wc-geolocation.php — WooCommerce 3.8.3

woocommerce / includes / class-wc-geolocation.php

woocommerce / includes Last commit date

class-wc-geolocation.php

374 lines

1	<?php
2	/**
3	* Geolocation class
4	*
5	* Handles geolocation and updating the geolocation database.
6	*
7	* This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com.
8	*
9	* @package WooCommerce/Classes
10	* @version 3.4.0
11	*/
12
13	defined( 'ABSPATH' ) \|\| exit;
14
15	/**
16	* WC_Geolocation Class.
17	*/
18	class WC_Geolocation {
19
20	/**
21	* GeoLite IPv4 DB.
22	*
23	* @deprecated 3.4.0
24	*/
25	const GEOLITE_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz';
26
27	/**
28	* GeoLite IPv6 DB.
29	*
30	* @deprecated 3.4.0
31	*/
32	const GEOLITE_IPV6_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz';
33
34	/**
35	* GeoLite2 DB.
36	*
37	* @since 3.4.0
38	*/
39	const GEOLITE2_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz';
40
41	/**
42	* API endpoints for looking up user IP address.
43	*
44	* @var array
45	*/
46	private static $ip_lookup_apis = array(
47	'ipify' => 'http://api.ipify.org/',
48	'ipecho' => 'http://ipecho.net/plain',
49	'ident' => 'http://ident.me',
50	'whatismyipaddress' => 'http://bot.whatismyipaddress.com',
51	);
52
53	/**
54	* API endpoints for geolocating an IP address
55	*
56	* @var array
57	*/
58	private static $geoip_apis = array(
59	'ipinfo.io' => 'https://ipinfo.io/%s/json',
60	'ip-api.com' => 'http://ip-api.com/json/%s',
61	);
62
63	/**
64	* Check if server supports MaxMind GeoLite2 Reader.
65	*
66	* @since 3.4.0
67	* @return bool
68	*/
69	private static function supports_geolite2() {
70	return version_compare( PHP_VERSION, '5.4.0', '>=' );
71	}
72
73	/**
74	* Check if geolocation is enabled.
75	*
76	* @since 3.4.0
77	* @param string $current_settings Current geolocation settings.
78	* @return bool
79	*/
80	private static function is_geolocation_enabled( $current_settings ) {
81	return in_array( $current_settings, array( 'geolocation', 'geolocation_ajax' ), true );
82	}
83
84	/**
85	* Prevent geolocation via MaxMind when using legacy versions of php.
86	*
87	* @since 3.4.0
88	* @param string $default_customer_address current value.
89	* @return string
90	*/
91	public static function disable_geolocation_on_legacy_php( $default_customer_address ) {
92	if ( self::is_geolocation_enabled( $default_customer_address ) ) {
93	$default_customer_address = 'base';
94	}
95
96	return $default_customer_address;
97	}
98
99	/**
100	* Hook in geolocation functionality.
101	*/
102	public static function init() {
103	if ( self::supports_geolite2() ) {
104	// Only download the database from MaxMind if the geolocation function is enabled, or a plugin specifically requests it.
105	if ( self::is_geolocation_enabled( get_option( 'woocommerce_default_customer_address' ) ) \|\| apply_filters( 'woocommerce_geolocation_update_database_periodically', false ) ) {
106	add_action( 'woocommerce_geoip_updater', array( __CLASS__, 'update_database' ) );
107	}
108
109	// Trigger database update when settings are changed to enable geolocation.
110	add_filter( 'pre_update_option_woocommerce_default_customer_address', array( __CLASS__, 'maybe_update_database' ), 10, 2 );
111	} else {
112	add_filter( 'pre_option_woocommerce_default_customer_address', array( __CLASS__, 'disable_geolocation_on_legacy_php' ) );
113	}
114	}
115
116	/**
117	* Maybe trigger a DB update for the first time.
118	*
119	* @param string $new_value New value.
120	* @param string $old_value Old value.
121	* @return string
122	*/
123	public static function maybe_update_database( $new_value, $old_value ) {
124	if ( $new_value !== $old_value && self::is_geolocation_enabled( $new_value ) ) {
125	self::update_database();
126	}
127
128	return $new_value;
129	}
130
131	/**
132	* Get current user IP Address.
133	*
134	* @return string
135	*/
136	public static function get_ip_address() {
137	if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) ) { // WPCS: input var ok, CSRF ok.
138	return sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REAL_IP'] ) ); // WPCS: input var ok, CSRF ok.
139	} elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { // WPCS: input var ok, CSRF ok.
140	// Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
141	// Make sure we always only send through the first IP in the list which should always be the client IP.
142	return (string) rest_is_ip_address( trim( current( preg_split( '/,/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) ) ); // WPCS: input var ok, CSRF ok.
143	} elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) { // @codingStandardsIgnoreLine
144	return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); // @codingStandardsIgnoreLine
145	}
146	return '';
147	}
148
149	/**
150	* Get user IP Address using an external service.
151	* This can be used as a fallback for users on localhost where
152	* get_ip_address() will be a local IP and non-geolocatable.
153	*
154	* @return string
155	*/
156	public static function get_external_ip_address() {
157	$external_ip_address = '0.0.0.0';
158
159	if ( '' !== self::get_ip_address() ) {
160	$transient_name = 'external_ip_address_' . self::get_ip_address();
161	$external_ip_address = get_transient( $transient_name );
162	}
163
164	if ( false === $external_ip_address ) {
165	$external_ip_address = '0.0.0.0';
166	$ip_lookup_services = apply_filters( 'woocommerce_geolocation_ip_lookup_apis', self::$ip_lookup_apis );
167	$ip_lookup_services_keys = array_keys( $ip_lookup_services );
168	shuffle( $ip_lookup_services_keys );
169
170	foreach ( $ip_lookup_services_keys as $service_name ) {
171	$service_endpoint = $ip_lookup_services[ $service_name ];
172	$response = wp_safe_remote_get( $service_endpoint, array( 'timeout' => 2 ) );
173
174	if ( ! is_wp_error( $response ) && rest_is_ip_address( $response['body'] ) ) {
175	$external_ip_address = apply_filters( 'woocommerce_geolocation_ip_lookup_api_response', wc_clean( $response['body'] ), $service_name );
176	break;
177	}
178	}
179
180	set_transient( $transient_name, $external_ip_address, WEEK_IN_SECONDS );
181	}
182
183	return $external_ip_address;
184	}
185
186	/**
187	* Geolocate an IP address.
188	*
189	* @param string $ip_address IP Address.
190	* @param bool $fallback If true, fallbacks to alternative IP detection (can be slower).
191	* @param bool $api_fallback If true, uses geolocation APIs if the database file doesn't exist (can be slower).
192	* @return array
193	*/
194	public static function geolocate_ip( $ip_address = '', $fallback = false, $api_fallback = true ) {
195	// Filter to allow custom geolocation of the IP address.
196	$country_code = apply_filters( 'woocommerce_geolocate_ip', false, $ip_address, $fallback, $api_fallback );
197
198	if ( false === $country_code ) {
199	// If GEOIP is enabled in CloudFlare, we can use that (Settings -> CloudFlare Settings -> Settings Overview).
200	if ( ! empty( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) { // WPCS: input var ok, CSRF ok.
201	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) ); // WPCS: input var ok, CSRF ok.
202	} elseif ( ! empty( $_SERVER['GEOIP_COUNTRY_CODE'] ) ) { // WPCS: input var ok, CSRF ok.
203	// WP.com VIP has a variable available.
204	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['GEOIP_COUNTRY_CODE'] ) ) ); // WPCS: input var ok, CSRF ok.
205	} elseif ( ! empty( $_SERVER['HTTP_X_COUNTRY_CODE'] ) ) { // WPCS: input var ok, CSRF ok.
206	// VIP Go has a variable available also.
207	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_COUNTRY_CODE'] ) ) ); // WPCS: input var ok, CSRF ok.
208	} else {
209	$ip_address = $ip_address ? $ip_address : self::get_ip_address();
210	$database = self::get_local_database_path();
211
212	if ( self::supports_geolite2() && file_exists( $database ) ) {
213	$country_code = self::geolocate_via_db( $ip_address, $database );
214	} elseif ( $api_fallback ) {
215	$country_code = self::geolocate_via_api( $ip_address );
216	} else {
217	$country_code = '';
218	}
219
220	if ( ! $country_code && $fallback ) {
221	// May be a local environment - find external IP.
222	return self::geolocate_ip( self::get_external_ip_address(), false, $api_fallback );
223	}
224	}
225	}
226
227	return array(
228	'country' => $country_code,
229	'state' => '',
230	);
231	}
232
233	/**
234	* Path to our local db.
235	*
236	* @param string $deprecated Deprecated since 3.4.0.
237	* @return string
238	*/
239	public static function get_local_database_path( $deprecated = '2' ) {
240	return apply_filters( 'woocommerce_geolocation_local_database_path', WP_CONTENT_DIR . '/uploads/GeoLite2-Country.mmdb', $deprecated );
241	}
242
243	/**
244	* Update geoip database.
245	*
246	* Extract files with PharData. Tool built into PHP since 5.3.
247	*/
248	public static function update_database() {
249	$logger = wc_get_logger();
250
251	if ( ! self::supports_geolite2() ) {
252	$logger->notice( 'Requires PHP 5.4 to be able to download MaxMind GeoLite2 database', array( 'source' => 'geolocation' ) );
253	return;
254	}
255
256	require_once ABSPATH . 'wp-admin/includes/file.php';
257
258	$database = 'GeoLite2-Country.mmdb';
259	$target_database_path = self::get_local_database_path();
260	$tmp_database_path = download_url( self::GEOLITE2_DB );
261
262	if ( ! is_wp_error( $tmp_database_path ) ) {
263	WP_Filesystem();
264
265	global $wp_filesystem;
266
267	try {
268	// Make sure target dir exists.
269	$wp_filesystem->mkdir( dirname( $target_database_path ) );
270
271	// Extract files with PharData. Tool built into PHP since 5.3.
272	$file = new PharData( $tmp_database_path ); // phpcs:ignore PHPCompatibility.Classes.NewClasses.phardataFound
273	$file_path = trailingslashit( $file->current()->getFileName() ) . $database;
274	$file->extractTo( dirname( $tmp_database_path ), $file_path, true );
275
276	// Move file and delete temp.
277	$wp_filesystem->move( trailingslashit( dirname( $tmp_database_path ) ) . $file_path, $target_database_path, true );
278	$wp_filesystem->delete( trailingslashit( dirname( $tmp_database_path ) ) . $file->current()->getFileName() );
279	} catch ( Exception $e ) {
280	$logger->notice( $e->getMessage(), array( 'source' => 'geolocation' ) );
281
282	// Reschedule download of DB.
283	wp_clear_scheduled_hook( 'woocommerce_geoip_updater' );
284	wp_schedule_event( strtotime( 'first tuesday of next month' ), 'monthly', 'woocommerce_geoip_updater' );
285	}
286	// Delete temp file regardless of success.
287	$wp_filesystem->delete( $tmp_database_path );
288	} else {
289	$logger->notice(
290	'Unable to download GeoIP Database: ' . $tmp_database_path->get_error_message(),
291	array( 'source' => 'geolocation' )
292	);
293	}
294	}
295
296	/**
297	* Use MAXMIND GeoLite database to geolocation the user.
298	*
299	* @param string $ip_address IP address.
300	* @param string $database Database path.
301	* @return string
302	*/
303	private static function geolocate_via_db( $ip_address, $database ) {
304	if ( ! class_exists( 'WC_Geolite_Integration', false ) ) {
305	require_once WC_ABSPATH . 'includes/class-wc-geolite-integration.php';
306	}
307
308	$geolite = new WC_Geolite_Integration( $database );
309
310	return $geolite->get_country_iso( $ip_address );
311	}
312
313	/**
314	* Use APIs to Geolocate the user.
315	*
316	* Geolocation APIs can be added through the use of the woocommerce_geolocation_geoip_apis filter.
317	* Provide a name=>value pair for service-slug=>endpoint.
318	*
319	* If APIs are defined, one will be chosen at random to fulfil the request. After completing, the result
320	* will be cached in a transient.
321	*
322	* @param string $ip_address IP address.
323	* @return string
324	*/
325	private static function geolocate_via_api( $ip_address ) {
326	$country_code = get_transient( 'geoip_' . $ip_address );
327
328	if ( false === $country_code ) {
329	$geoip_services = apply_filters( 'woocommerce_geolocation_geoip_apis', self::$geoip_apis );
330
331	if ( empty( $geoip_services ) ) {
332	return '';
333	}
334
335	$geoip_services_keys = array_keys( $geoip_services );
336
337	shuffle( $geoip_services_keys );
338
339	foreach ( $geoip_services_keys as $service_name ) {
340	$service_endpoint = $geoip_services[ $service_name ];
341	$response = wp_safe_remote_get( sprintf( $service_endpoint, $ip_address ), array( 'timeout' => 2 ) );
342
343	if ( ! is_wp_error( $response ) && $response['body'] ) {
344	switch ( $service_name ) {
345	case 'ipinfo.io':
346	$data = json_decode( $response['body'] );
347	$country_code = isset( $data->country ) ? $data->country : '';
348	break;
349	case 'ip-api.com':
350	$data = json_decode( $response['body'] );
351	$country_code = isset( $data->countryCode ) ? $data->countryCode : ''; // @codingStandardsIgnoreLine
352	break;
353	default:
354	$country_code = apply_filters( 'woocommerce_geolocation_geoip_response_' . $service_name, '', $response['body'] );
355	break;
356	}
357
358	$country_code = sanitize_text_field( strtoupper( $country_code ) );
359
360	if ( $country_code ) {
361	break;
362	}
363	}
364	}
365
366	set_transient( 'geoip_' . $ip_address, $country_code, WEEK_IN_SECONDS );
367	}
368
369	return $country_code;
370	}
371	}
372
373	WC_Geolocation::init();
374