[ Index ] |
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10) |
[Summary view] [Print] [Text view]
1 <?php if (!defined('BB2_CWD')) die("I said no cheating!"); 2 3 // Bad Behavior entry point is bb2_start() 4 // If you're reading this, you are probably lost. 5 // Go read the bad-behavior-generic.php file. 6 7 //define('BB2_CORE', dirname(__FILE__)); 8 define('BB2_COOKIE', 'bb2_screener_'); 9 10 require_once (BB2_CORE . "/functions.inc.php"); 11 12 // Kill 'em all! 13 function bb2_banned($settings, $package, $key, $previous_key=false) 14 { 15 // Some spambots hit too hard. Slow them down a bit. 16 sleep(2); 17 18 require_once (BB2_CORE . "/banned.inc.php"); 19 bb2_display_denial($settings, $package, $key, $previous_key); 20 bb2_log_denial($settings, $package, $key, $previous_key); 21 if (is_callable('bb2_banned_callback')) { 22 bb2_banned_callback($settings, $package, $key); 23 } 24 // Penalize the spammers some more 25 require_once (BB2_CORE . "/housekeeping.inc.php"); 26 bb2_housekeeping($settings, $package); 27 die(); 28 } 29 30 function bb2_approved($settings, $package) 31 { 32 // Dirk wanted this 33 if (is_callable('bb2_approved_callback')) { 34 bb2_approved_callback($settings, $package); 35 } 36 37 // Decide what to log on approved requests. 38 if (($settings['verbose'] && $settings['logging']) || empty($package['user_agent'])) { 39 bb2_db_query(bb2_insert($settings, $package, "00000000")); 40 } 41 } 42 43 44 // Let God sort 'em out! 45 function bb2_start($settings) 46 { 47 // Gather up all the information we need, first of all. 48 $headers = bb2_load_headers(); 49 // Postprocess the headers to mixed-case 50 // TODO: get the world to stop using PHP as CGI 51 $headers_mixed = array(); 52 foreach ($headers as $h => $v) { 53 $headers_mixed[uc_all($h)] = $v; 54 } 55 56 // IPv6 - IPv4 compatibility mode hack 57 $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']); 58 59 // Reconstruct the HTTP entity, if present. 60 $request_entity = array(); 61 if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) { 62 foreach ($_POST as $h => $v) { 63 $request_entity[$h] = $v; 64 } 65 } 66 67 $request_uri = empty($_SERVER["REQUEST_URI"]) ? $_SERVER['SCRIPT_NAME'] : $_SERVER["REQUEST_URI"]; # IIS 68 69 # Nasty CloudFlare hack provided by butchs at simplemachines 70 $ip_temp = preg_replace("/^::ffff:/", "", (array_key_exists('Cf-Connecting-Ip', $headers_mixed)) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']); 71 $cloudflare_ip = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']); 72 73 @$package = array('ip' => $ip_temp, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false, 'cloudflare' => $cloudflare_ip); 74 75 $result = bb2_screen($settings, $package); 76 if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result); 77 return $result; 78 } 79 80 function bb2_screen($settings, $package) 81 { 82 // Please proceed to the security checkpoint and have your 83 // identification and boarding pass ready. 84 85 // Check for CloudFlare CDN since IP to be screened may be different 86 // Thanks to butchs at Simple Machines 87 if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) { 88 require_once (BB2_CORE . "/cloudflare.inc.php"); 89 $r = bb2_cloudflare($package); 90 if ($r !== false && $r != $package['ip']) return $r; 91 } 92 93 // First check the whitelist 94 require_once (BB2_CORE . "/whitelist.inc.php"); 95 if (!bb2_whitelist($package)) { 96 // Now check the blacklist 97 require_once (BB2_CORE . "/blacklist.inc.php"); 98 if ($r = bb2_blacklist($package)) return $r; 99 100 // Check the http:BL 101 require_once (BB2_CORE . "/blackhole.inc.php"); 102 if ($r = bb2_httpbl($settings, $package)) return $r; 103 104 // Check for common stuff 105 require_once (BB2_CORE . "/common_tests.inc.php"); 106 if ($r = bb2_protocol($settings, $package)) return $r; 107 if ($r = bb2_cookies($settings, $package)) return $r; 108 if ($r = bb2_misc_headers($settings, $package)) return $r; 109 110 // Specific checks 111 @$ua = $package['user_agent']; 112 // MSIE checks 113 if (stripos($ua, "; MSIE") !== FALSE) { 114 $package['is_browser'] = true; 115 if (stripos($ua, "Opera") !== FALSE) { 116 require_once (BB2_CORE . "/opera.inc.php"); 117 if ($r = bb2_opera($package)) return $r; 118 } else { 119 require_once (BB2_CORE . "/msie.inc.php"); 120 if ($r = bb2_msie($package)) return $r; 121 } 122 } elseif (stripos($ua, "Konqueror") !== FALSE) { 123 $package['is_browser'] = true; 124 require_once (BB2_CORE . "/konqueror.inc.php"); 125 if ($r = bb2_konqueror($package)) return $r; 126 } elseif (stripos($ua, "Opera") !== FALSE) { 127 $package['is_browser'] = true; 128 require_once (BB2_CORE . "/opera.inc.php"); 129 if ($r = bb2_opera($package)) return $r; 130 } elseif (stripos($ua, "Safari") !== FALSE) { 131 $package['is_browser'] = true; 132 require_once (BB2_CORE . "/safari.inc.php"); 133 if ($r = bb2_safari($package)) return $r; 134 } elseif (stripos($ua, "Lynx") !== FALSE) { 135 $package['is_browser'] = true; 136 require_once (BB2_CORE . "/lynx.inc.php"); 137 if ($r = bb2_lynx($package)) return $r; 138 } elseif (stripos($ua, "MovableType") !== FALSE) { 139 require_once (BB2_CORE . "/movabletype.inc.php"); 140 if ($r = bb2_movabletype($package)) return $r; 141 } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) { 142 require_once (BB2_CORE . "/msnbot.inc.php"); 143 if ($r = bb2_msnbot($package)) return $r; 144 } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) { 145 require_once (BB2_CORE . "/google.inc.php"); 146 if ($r = bb2_google($package)) return $r; 147 } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) { 148 $package['is_browser'] = true; 149 require_once (BB2_CORE . "/mozilla.inc.php"); 150 if ($r = bb2_mozilla($package)) return $r; 151 } 152 153 // More intensive screening applies to POST requests 154 if (!strcasecmp('POST', $package['request_method'])) { 155 require_once (BB2_CORE . "/post.inc.php"); 156 if ($r = bb2_post($settings, $package)) return $r; 157 } 158 } 159 160 // Last chance screening. 161 require_once (BB2_CORE . "/screener.inc.php"); 162 bb2_screener($settings, $package); 163 164 // And that's about it. 165 bb2_approved($settings, $package); 166 return false; 167 } 168 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Nov 16 22:51:00 2010 | Cross-referenced by PHPXref 0.7 |