class-wc-geolocation.php — WooCommerce 7.7.0-beta.1

woocommerce / includes / class-wc-geolocation.php

woocommerce / includes Last commit date

class-wc-geolocation.php

368 lines

1	<?php
2	/**
3	* Geolocation class
4	*
5	* Handles geolocation and updating the geolocation database.
6	*
7	* This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com.
8	*
9	* @package WooCommerce\Classes
10	* @version 3.9.0
11	*/
12
13	defined( 'ABSPATH' ) \|\| exit;
14
15	/**
16	* WC_Geolocation Class.
17	*/
18	class WC_Geolocation {
19
20	/**
21	* GeoLite IPv4 DB.
22	*
23	* @deprecated 3.4.0
24	*/
25	const GEOLITE_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz';
26
27	/**
28	* GeoLite IPv6 DB.
29	*
30	* @deprecated 3.4.0
31	*/
32	const GEOLITE_IPV6_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz';
33
34	/**
35	* GeoLite2 DB.
36	*
37	* @since 3.4.0
38	* @deprecated 3.9.0
39	*/
40	const GEOLITE2_DB = 'http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz';
41
42	/**
43	* API endpoints for looking up user IP address.
44	*
45	* @var array
46	*/
47	private static $ip_lookup_apis = array(
48	'ipify' => 'http://api.ipify.org/',
49	'ipecho' => 'http://ipecho.net/plain',
50	'ident' => 'http://ident.me',
51	'tnedi' => 'http://tnedi.me',
52	);
53
54	/**
55	* API endpoints for geolocating an IP address
56	*
57	* @var array
58	*/
59	private static $geoip_apis = array(
60	'ipinfo.io' => 'https://ipinfo.io/%s/json',
61	'ip-api.com' => 'http://ip-api.com/json/%s',
62	);
63
64	/**
65	* Check if geolocation is enabled.
66	*
67	* @since 3.4.0
68	* @param string $current_settings Current geolocation settings.
69	* @return bool
70	*/
71	private static function is_geolocation_enabled( $current_settings ) {
72	return in_array( $current_settings, array( 'geolocation', 'geolocation_ajax' ), true );
73	}
74
75	/**
76	* Get current user IP Address.
77	*
78	* @return string
79	*/
80	public static function get_ip_address() {
81	if ( isset( $_SERVER['HTTP_X_REAL_IP'] ) ) {
82	return sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REAL_IP'] ) );
83	} elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
84	// Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
85	// Make sure we always only send through the first IP in the list which should always be the client IP.
86	return (string) rest_is_ip_address( trim( current( preg_split( '/,/', sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ) ) ) );
87	} elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
88	return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) );
89	}
90	return '';
91	}
92
93	/**
94	* Get user IP Address using an external service.
95	* This can be used as a fallback for users on localhost where
96	* get_ip_address() will be a local IP and non-geolocatable.
97	*
98	* @return string
99	*/
100	public static function get_external_ip_address() {
101	$external_ip_address = '0.0.0.0';
102
103	if ( '' !== self::get_ip_address() ) {
104	$transient_name = 'external_ip_address_' . self::get_ip_address();
105	$external_ip_address = get_transient( $transient_name );
106	}
107
108	if ( false === $external_ip_address ) {
109	$external_ip_address = '0.0.0.0';
110	$ip_lookup_services = apply_filters( 'woocommerce_geolocation_ip_lookup_apis', self::$ip_lookup_apis );
111	$ip_lookup_services_keys = array_keys( $ip_lookup_services );
112	shuffle( $ip_lookup_services_keys );
113
114	foreach ( $ip_lookup_services_keys as $service_name ) {
115	$service_endpoint = $ip_lookup_services[ $service_name ];
116	$response = wp_safe_remote_get(
117	$service_endpoint,
118	array(
119	'timeout' => 2,
120	'user-agent' => 'WooCommerce/' . wc()->version,
121	)
122	);
123
124	if ( ! is_wp_error( $response ) && rest_is_ip_address( $response['body'] ) ) {
125	$external_ip_address = apply_filters( 'woocommerce_geolocation_ip_lookup_api_response', wc_clean( $response['body'] ), $service_name );
126	break;
127	}
128	}
129
130	set_transient( $transient_name, $external_ip_address, DAY_IN_SECONDS );
131	}
132
133	return $external_ip_address;
134	}
135
136	/**
137	* Geolocate an IP address.
138	*
139	* @param string $ip_address IP Address.
140	* @param bool $fallback If true, fallbacks to alternative IP detection (can be slower).
141	* @param bool $api_fallback If true, uses geolocation APIs if the database file doesn't exist (can be slower).
142	* @return array
143	*/
144	public static function geolocate_ip( $ip_address = '', $fallback = false, $api_fallback = true ) {
145	// Filter to allow custom geolocation of the IP address.
146	$country_code = apply_filters( 'woocommerce_geolocate_ip', false, $ip_address, $fallback, $api_fallback );
147
148	if ( false !== $country_code ) {
149	return array(
150	'country' => $country_code,
151	'state' => '',
152	'city' => '',
153	'postcode' => '',
154	);
155	}
156
157	if ( empty( $ip_address ) ) {
158	$ip_address = self::get_ip_address();
159	$country_code = self::get_country_code_from_headers();
160	}
161
162	/**
163	* Get geolocation filter.
164	*
165	* @since 3.9.0
166	* @param array $geolocation Geolocation data, including country, state, city, and postcode.
167	* @param string $ip_address IP Address.
168	*/
169	$geolocation = apply_filters(
170	'woocommerce_get_geolocation',
171	array(
172	'country' => $country_code,
173	'state' => '',
174	'city' => '',
175	'postcode' => '',
176	),
177	$ip_address
178	);
179
180	// If we still haven't found a country code, let's consider doing an API lookup.
181	if ( '' === $geolocation['country'] && $api_fallback ) {
182	$geolocation['country'] = self::geolocate_via_api( $ip_address );
183	}
184
185	// It's possible that we're in a local environment, in which case the geolocation needs to be done from the
186	// external address.
187	if ( '' === $geolocation['country'] && $fallback ) {
188	$external_ip_address = self::get_external_ip_address();
189
190	// Only bother with this if the external IP differs.
191	if ( '0.0.0.0' !== $external_ip_address && $external_ip_address !== $ip_address ) {
192	return self::geolocate_ip( $external_ip_address, false, $api_fallback );
193	}
194	}
195
196	return array(
197	'country' => $geolocation['country'],
198	'state' => $geolocation['state'],
199	'city' => $geolocation['city'],
200	'postcode' => $geolocation['postcode'],
201	);
202	}
203
204	/**
205	* Path to our local db.
206	*
207	* @deprecated 3.9.0
208	* @param string $deprecated Deprecated since 3.4.0.
209	* @return string
210	*/
211	public static function get_local_database_path( $deprecated = '2' ) {
212	wc_deprecated_function( 'WC_Geolocation::get_local_database_path', '3.9.0' );
213	$integration = wc()->integrations->get_integration( 'maxmind_geolocation' );
214	return $integration->get_database_service()->get_database_path();
215	}
216
217	/**
218	* Update geoip database.
219	*
220	* @deprecated 3.9.0
221	* Extract files with PharData. Tool built into PHP since 5.3.
222	*/
223	public static function update_database() {
224	wc_deprecated_function( 'WC_Geolocation::update_database', '3.9.0' );
225	$integration = wc()->integrations->get_integration( 'maxmind_geolocation' );
226	$integration->update_database();
227	}
228
229	/**
230	* Fetches the country code from the request headers, if one is available.
231	*
232	* @since 3.9.0
233	* @return string The country code pulled from the headers, or empty string if one was not found.
234	*/
235	private static function get_country_code_from_headers() {
236	$country_code = '';
237
238	$headers = array(
239	'MM_COUNTRY_CODE',
240	'GEOIP_COUNTRY_CODE',
241	'HTTP_CF_IPCOUNTRY',
242	'HTTP_X_COUNTRY_CODE',
243	);
244
245	foreach ( $headers as $header ) {
246	if ( empty( $_SERVER[ $header ] ) ) {
247	continue;
248	}
249
250	$country_code = strtoupper( sanitize_text_field( wp_unslash( $_SERVER[ $header ] ) ) );
251	break;
252	}
253
254	return $country_code;
255	}
256
257	/**
258	* Use APIs to Geolocate the user.
259	*
260	* Geolocation APIs can be added through the use of the woocommerce_geolocation_geoip_apis filter.
261	* Provide a name=>value pair for service-slug=>endpoint.
262	*
263	* If APIs are defined, one will be chosen at random to fulfil the request. After completing, the result
264	* will be cached in a transient.
265	*
266	* @param string $ip_address IP address.
267	* @return string
268	*/
269	private static function geolocate_via_api( $ip_address ) {
270	$country_code = get_transient( 'geoip_' . $ip_address );
271
272	if ( false === $country_code ) {
273	$geoip_services = apply_filters( 'woocommerce_geolocation_geoip_apis', self::$geoip_apis );
274
275	if ( empty( $geoip_services ) ) {
276	return '';
277	}
278
279	$geoip_services_keys = array_keys( $geoip_services );
280
281	shuffle( $geoip_services_keys );
282
283	foreach ( $geoip_services_keys as $service_name ) {
284	$service_endpoint = $geoip_services[ $service_name ];
285	$response = wp_safe_remote_get(
286	sprintf( $service_endpoint, $ip_address ),
287	array(
288	'timeout' => 2,
289	'user-agent' => 'WooCommerce/' . wc()->version,
290	)
291	);
292
293	if ( ! is_wp_error( $response ) && $response['body'] ) {
294	switch ( $service_name ) {
295	case 'ipinfo.io':
296	$data = json_decode( $response['body'] );
297	$country_code = isset( $data->country ) ? $data->country : '';
298	break;
299	case 'ip-api.com':
300	$data = json_decode( $response['body'] );
301	$country_code = isset( $data->countryCode ) ? $data->countryCode : ''; // @codingStandardsIgnoreLine
302	break;
303	default:
304	$country_code = apply_filters( 'woocommerce_geolocation_geoip_response_' . $service_name, '', $response['body'] );
305	break;
306	}
307
308	$country_code = sanitize_text_field( strtoupper( $country_code ) );
309
310	if ( $country_code ) {
311	break;
312	}
313	}
314	}
315
316	set_transient( 'geoip_' . $ip_address, $country_code, DAY_IN_SECONDS );
317	}
318
319	return $country_code;
320	}
321
322	/**
323	* Hook in geolocation functionality.
324	*
325	* @deprecated 3.9.0
326	* @return null
327	*/
328	public static function init() {
329	wc_deprecated_function( 'WC_Geolocation::init', '3.9.0' );
330	return null;
331	}
332
333	/**
334	* Prevent geolocation via MaxMind when using legacy versions of php.
335	*
336	* @deprecated 3.9.0
337	* @since 3.4.0
338	* @param string $default_customer_address current value.
339	* @return string
340	*/
341	public static function disable_geolocation_on_legacy_php( $default_customer_address ) {
342	wc_deprecated_function( 'WC_Geolocation::disable_geolocation_on_legacy_php', '3.9.0' );
343
344	if ( self::is_geolocation_enabled( $default_customer_address ) ) {
345	$default_customer_address = 'base';
346	}
347
348	return $default_customer_address;
349	}
350
351	/**
352	* Maybe trigger a DB update for the first time.
353	*
354	* @deprecated 3.9.0
355	* @param string $new_value New value.
356	* @param string $old_value Old value.
357	* @return string
358	*/
359	public static function maybe_update_database( $new_value, $old_value ) {
360	wc_deprecated_function( 'WC_Geolocation::maybe_update_database', '3.9.0' );
361	if ( $new_value !== $old_value && self::is_geolocation_enabled( $new_value ) ) {
362	self::update_database();
363	}
364
365	return $new_value;
366	}
367	}
368