[ Index ] |
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10) |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 Bad Behavior - detects and blocks unwanted Web accesses 4 Copyright (C) 2005,2006,2007,2008,2009 Michael Hampton 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 3 of the License, or 9 (at your option) any later version. 10 11 As a special exemption, you may link this program with any of the 12 programs listed below, regardless of the license terms of those 13 programs, and distribute the resulting program, without including the 14 source code for such programs: ExpressionEngine 15 16 This program is distributed in the hope that it will be useful, 17 but WITHOUT ANY WARRANTY; without even the implied warranty of 18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 GNU General Public License for more details. 20 21 You should have received a copy of the GNU General Public License 22 along with this program; if not, write to the Free Software 23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 24 25 Please report any problems to badbots AT ioerror DOT us 26 */ 27 28 // This file is the entry point for Bad Behavior 2 in phpwcms. 29 30 // obligate check for phpwcms constants 31 if (!defined('PHPWCMS_ROOT')) { 32 die("You Cannot Access This Script Directly, Have a Nice Day."); 33 } 34 // ---------------------------------------------------------------- 35 36 $_SERVER['REMOTE_ADDR'] = getRemoteIP(); 37 38 39 define('BB2_CWD', PHPWCMS_ROOT.'/include/inc_ext/bad-behavior'); 40 41 // core path setting based on phpwcms' values 42 define('BB2_CORE', BB2_CWD.'/bad-behavior'); 43 44 // Settings you can adjust for Bad Behavior. 45 // Most of these are unused in non-database mode. 46 $bb2_settings_defaults = array( 47 'log_table' => DB_PREPEND.'phpwcms_bad_behavior', 48 'display_stats' => true, 49 'strict' => false, 50 'verbose' => false, 51 'logging' => true, 52 'httpbl_key' => '', 53 'httpbl_threat' => '25', 54 'httpbl_maxage' => '30', 55 'offsite_forms' => false 56 ); 57 58 // Bad Behavior callback functions. 59 60 // Return current time in the format preferred by your database. 61 function bb2_db_date() { 62 return gmdate('Y-m-d H:i:s'); // Example is MySQL format 63 } 64 65 // Return affected rows from most recent query. 66 function bb2_db_affected_rows() { 67 return false; 68 } 69 70 // Escape a string for database usage 71 function bb2_db_escape($string) { 72 // return mysql_real_escape_string($string); 73 return aporeplace($string); // No-op when database not in use. 74 } 75 76 // Return the number of rows in a particular query. 77 function bb2_db_num_rows($result) { 78 if ($result !== FALSE) 79 return count($result); 80 return 0; 81 } 82 83 // Run a query and return the results, if any. 84 // Should return FALSE if an error occurred. 85 // Bad Behavior will use the return value here in other callbacks. 86 function bb2_db_query($query) { 87 88 $result = @mysql_query($query, $GLOBALS['db']); 89 90 if($result === false) { 91 return false; 92 } elseif($result === true) { 93 return true; 94 } else { 95 $query_result = array(); 96 while($row = mysql_fetch_assoc($result)) { 97 $query_result[] = $row; 98 } 99 mysql_free_result($result); 100 return $query_result; 101 } 102 return false; 103 } 104 105 // Return all rows in a particular query. 106 // Should contain an array of all rows generated by calling mysql_fetch_assoc() 107 // or equivalent and appending the result of each call to an array. 108 function bb2_db_rows($result) { 109 return $result; 110 } 111 112 // Return emergency contact email address. 113 function bb2_email() { 114 return $GLOBALS['phpwcms']['admin_email']; 115 } 116 117 // retrieve settings from database 118 // Settings are hard-coded for non-database use 119 function bb2_read_settings() { 120 121 if(isset($GLOBALS['phpwcms']['bad_behavior_settings']) && is_array($GLOBALS['phpwcms']['bad_behavior_settings'])) { 122 $settings = $GLOBALS['phpwcms']['bad_behavior_settings']; 123 } else { 124 $settings = array(); 125 } 126 $bb2_settings_defaults = array( 127 'log_table' => DB_PREPEND.'phpwcms_bad_behavior', 128 'display_stats' => true, 129 'strict' => false, 130 'verbose' => false, 131 'db_installed' => true, 132 'logging' => true, 133 'httpbl_key' => '', 134 'httpbl_threat' => '25', 135 'httpbl_maxage' => '30', 136 'offsite_forms' => false 137 ); 138 139 return array_merge($bb2_settings_defaults, $settings); 140 } 141 142 // write settings to database 143 function bb2_write_settings($settings) { 144 return false; 145 } 146 147 // Insert a new record 148 function bb2_insert($settings, $package, $key) 149 { 150 $ip = bb2_db_escape($package['ip']); 151 $date = bb2_db_date(); 152 $request_method = bb2_db_escape($package['request_method']); 153 $request_uri = bb2_db_escape($package['request_uri']); 154 $server_protocol = bb2_db_escape($package['server_protocol']); 155 $user_agent = bb2_db_escape($package['user_agent']); 156 $headers = $request_method.' '.$request_uri.' '.$server_protocol."\n"; 157 foreach ($package['headers'] as $h => $v) { 158 $headers .= bb2_db_escape("$h: $v\n"); 159 } 160 $request_entity = ""; 161 if (!strcasecmp($request_method, "POST")) { 162 foreach ($package['request_entity'] as $h => $v) { 163 $request_entity .= bb2_db_escape("$h: $v\n"); 164 } 165 } 166 return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "` 167 (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES 168 ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')"; 169 } 170 171 // installation 172 function bb2_install() { 173 $settings = bb2_read_settings(); 174 if(empty($settings['db_installed'])) { 175 bb2_db_query(bb2_table_structure($settings['log_table'])); 176 } 177 } 178 179 // Screener 180 // Insert this into the <head> section of your HTML through a template call 181 // or whatever is appropriate. This is optional we'll fall back to cookies 182 // if you don't use it. 183 function bb2_insert_head() { 184 global $bb2_javascript; 185 //echo $bb2_javascript; 186 $GLOBALS['block']['custom_htmlhead']['bad_behavior'] = ' '.$bb2_javascript; 187 } 188 189 // Display stats? This is optional. 190 function bb2_insert_stats($force = false) { 191 $settings = bb2_read_settings(); 192 193 if ($force || $settings['display_stats']) { 194 $blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'"); 195 if ($blocked !== FALSE) { 196 echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.')); 197 } 198 } 199 } 200 201 // Return the top-level relative path of wherever we are (for cookies) 202 // You should provide in $url the top-level URL for your site. 203 function bb2_relative_path() { 204 //$url = parse_url(get_bloginfo('url')); 205 //return $url['path'] . '/'; 206 return PHPWCMS_URL; 207 } 208 209 // Calls inward to Bad Behavor itself. 210 require_once (BB2_CWD . '/bad-behavior/version.inc.php'); 211 require_once (BB2_CWD . '/bad-behavior/core.inc.php'); 212 213 bb2_start(bb2_read_settings()); 214 215 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Nov 16 22:51:00 2010 | Cross-referenced by PHPXref 0.7 |