} elseif (!crackerTrackerIsConsole() && getCrackerTrackerConfig('ctracker_alert_user') == 'Y' && isCrackerTrackerIpSuspicious()) {
// This IP is suspicious, so we alert him/her
crackerTrackerAlertCurrentUser();
-} // END - if
+}
// Close any open database links
crackerTrackerCloseDatabaseLink();
} elseif (isCrackerTrackerTableCreated('ctracker_config')) {
// Load the config
crackerTrackerLoadConfig();
- } // END - if
+ }
} else {
// Init fake config
crackerTrackerInitFakeConfig();
print 'No MySQLi available.<br />';
}
print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '<br />';
- } // END - if
+ }
// Currently only die here
crackerTrackerDie();
// Closes a maybe open database link
function crackerTrackerCloseDatabaseLink () {
- // Is the link up?
- if (isCrackerTrackerDatabaseLinkUp()) {
- // Did it work?
- if (!mysqli_close($GLOBALS['ctracker_link'])) {
- // Attempt has failed
- crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
- } // END - if
- } // END - if
+ // The link should be up here
+ if (!isCrackerTrackerDatabaseLinkUp()) {
+ // Throw exception
+ throw new BadFunctionCallException('Link is not up.');
+ }
+
+ // Did it work?
+ if (!mysqli_close($GLOBALS['ctracker_link'])) {
+ // Attempt has failed
+ crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
+ }
}
// Inserts given array, if IP/check_get combination was not found
function crackerTrackerInsertArray ($table, array $rowData) {
- // Is there a link up?
- if (!isCrackerTrackerDatabaseLinkUp()) {
- // Abort silently here
- return FALSE;
- } // END - if
-
// Is it found?
if (!isCrackerTrackerEntryFound($rowData)) {
- // Prepare SQL
- $sqlString = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($rowData)) . '`) VALUES(' . implode_secure($rowData) . ')';
-
// Reset insert id
$GLOBALS['ctracker_last_insert_id'] = FALSE;
// Run it
- runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__);
+ runCrackerTrackerSql(sprintf("INSERT INTO `%s` (`%s`) VALUES(%s)",
+ $table,
+ implode('`,`', array_keys($rowData)),
+ implode_secure($rowData)
+ ), __FUNCTION__, __LINE__);
// Remember the last insert id
$GLOBALS['ctracker_last_insert_id'] = mysqli_insert_id($GLOBALS['ctracker_link']) or crackerTrackerDatabaseError(__FUNCTION__, __LINE__);
// Updates a given entry by just counting it up
function updateCrackerTrackerEntry (array $rowData, $countColumn = 'count') {
- // Construct the SELECT query
- $sqlString = 'UPDATE `ctracker_data` SET `' . $countColumn . '`=`' . $countColumn . '`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") LIMIT 1';
+ // The link should be up here
+ if (!isCrackerTrackerDatabaseLinkUp()) {
+ // Throw exception
+ throw new BadFunctionCallException('Link is not up.');
+ }
// Run the SQL and check if we have one line
- runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__);
+ runCrackerTrackerSql(sprintf("UPDATE `ctracker_data` SET `%s`=`%s`+1 WHERE (`remote_addr`='%s' AND `proxy_addr`=' . ') LIMIT 1",
+ $countColumn,
+ $countColumn,
+ crackerTrackerEscapeString($rowData['remote_addr']),
+ crackerTrackerEscapeString($rowData['proxy_addr'])
+ ), __FUNCTION__, __LINE__);
}
// Checks if an entry with IP/check_get/domain combination is there
function isCrackerTrackerEntryFound (array $rowData) {
- // Construct the SELECT query
- $sqlString = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_get` = "' . crackerTrackerEscapeString($rowData['check_get']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1';
+ // The link should be up here
+ if (!isCrackerTrackerDatabaseLinkUp()) {
+ // Throw exception
+ throw new BadFunctionCallException('Link is not up.');
+ }
// Run the SQL and check if we have one line
- return ((isCrackerTrackerDatabaseLinkUp()) && (mysqli_num_rows(runCrackerTrackerSql($sqlString, __FUNCTION__, __LINE__)) == 1));
+ $result = runCrackerTrackerSql(sprintf("SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`='%s' OR `proxy_addr`='%s') AND `check_get` = '%s' AND `server_name`='%s' LIMIT 1'",
+ crackerTrackerEscapeString($rowData['remote_addr']),
+ crackerTrackerEscapeString($rowData['proxy_addr']),
+ crackerTrackerEscapeString($rowData['check_get']),
+ crackerTrackerEscapeString($rowData['server_name'])
+ ), __FUNCTION__, __LINE__);
+
+ // Check count of rows
+ return (mysqli_num_rows($result) == 1);
}
// Escapes the string
// Return the secured string
return $string;
-} // END - if
+}
// Runs an SQL query and checks for errors
function runCrackerTrackerSql ($sqlString, $function, $line) {
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort here
crackerTrackerDie();
- } // END - if
+ }
// Remember last SQL
$GLOBALS['ctracker_last_sql'] = $sqlString;
// Okay, found. So abort
$found = TRUE;
break;
- } // END - if
- } // END - if
+ }
+ }
// Free result
freeCrackerTrackerResult($result);
foreach ($columns as $column=>$type) {
// Add this entry
$sqlString .= '`' . $column . '` ' . $type . ', ';
- } // END - foreach
+ }
// Add table name as primary key
$sqlString .= 'PRIMARY KEY (`' . $table . '`), ';
foreach ($keys as $key=>$type) {
// Add this entry
$sqlString .= '' . $type . ' (`' . $key . '`), ';
- } // END - foreach
+ }
// Finish SQL
$sqlString = substr($sqlString, 0, -2) . ') TYPE=InnoDB';
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort here silently
return;
- } // END - if
+ }
// Is the main config table there?
if (!isCrackerTrackerTableCreated('ctracker_config')) {
// Init that table
crackerTrackerInitTable('ctracker_config');
- } // END - if
+ }
// Init update array here
crackerTrackerInitUpdates();
// And count it up in the config array
$GLOBALS['ctracker_config']['ctracker_db_version']++;
- } // END - if
+ }
}
// Load the configuration
// die() on production systems
die();
}
- } // END - if
+ }
// Return it
return $GLOBALS['ctracker_config'][$entry];
if (!isCrackerTrackerDatabaseLinkUp()) {
// Skip this step silently, all is not suspicious
return FALSE;
- } // END - if
+ }
// Check if an entry is there
$result = runCrackerTrackerSql("SELECT COUNT(`id`) AS `cnt` FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__);
// Cache the entry
$GLOBALS['ctracker_last_suspicious_entry'] = mysqli_fetch_array($result);
- } // END - if
+ }
// Free result
freeCrackerTrackerResult($result);
if ($found === TRUE) {
// Cache the ticket data
$GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result);
- } // END - if
+ }
// Free result
freeCrackerTrackerResult($result);
if (!isCrackerTrackerDebug()) {
// Sleep a little to waste the attacker's time
sleep(mt_rand(10,30));
- } // END - if
+ }
// Bye, bye...
if (isCrackerTrackerDebug()) {
if (isCrackerTrackerProxyUsed()) {
// Set it
$proxyUsed = 'Y';
- } // END - if
+ }
// Prepare array for database insert
$rowData = [
crackerTrackerInsertArray('ctracker_data', $rowData);
}
+// Increases count of spam-bot accesses for the current IP
function ctrackerIncreaseAntiSpambotCount () {
// Init row data
$rowData = [
// Display the form for new ticket
crackerTrackerLoadTemplate('add_ticket');
}
- } // END - if
+ }
// And stop here
die();
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-if (!function_exists('implode_r')) {
- // Implode recursive a multi-dimension array, taken from www.php.net
- function implode_r ($glue, $array, $array_name = NULL) {
- $return = [];
- while (list($key,$value) = @each($array)) {
- if (is_array($value)) {
- // Is an array again, so call recursive
- $return[] = implode_r($glue, $value, (string) $key);
+// Implode recursive a multi-dimension array, taken from www.php.net
+function implode_r ($glue, $array, $array_name = NULL) {
+ $return = [];
+ while (list($key,$value) = @each($array)) {
+ if (is_array($value)) {
+ // Is an array again, so call recursive
+ $return[] = implode_r($glue, $value, (string) $key);
+ } else {
+ if ($array_name != NULL) {
+ $return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
} else {
- if ($array_name != NULL) {
- $return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
- } else {
- $return[] = $key . '=' . $value."\n";
- }
+ $return[] = $key . '=' . $value."\n";
}
- } // END - while
-
- // Return resulting array
- return implode($glue, $return);
- } // END - function
-} // END - if
-
-if (!function_exists('implode_secure')) {
- // Implode a simple array with a 'call-back' to our escaper function
- function implode_secure (array $array) {
- // Return string
- $return = '';
-
- // Implode all data
- foreach ($array as $entry) {
- // Don't escape some
- if (in_array($entry, array('NOW()'))) {
- // Add it with non-string glue
- $return .= $entry . ',';
- } elseif (empty($entry)) {
- // Empty strings need no escaping
- $return .= '"",';
- } else {
- // Secure this string and add it
- $return .= '"' . crackerTrackerEscapeString($entry) . '",';
- }
- } // END - foreach
+ }
+ }
+
+ // Return resulting array
+ return implode($glue, $return);
+}
+
+// Implode a simple array with a 'call-back' to our escaper function
+function implode_secure (array $array) {
+ // Return string
+ $return = '';
+
+ // Implode all data
+ foreach ($array as $entry) {
+ // Don't escape some
+ if (in_array($entry, array('NOW()'))) {
+ // Add it with non-string glue
+ $return .= $entry . ',';
+ } elseif (empty($entry)) {
+ // Empty strings need no escaping
+ $return .= '"",';
+ } else {
+ // Secure this string and add it
+ $return .= '"' . crackerTrackerEscapeString($entry) . '",';
+ }
+ }
- // Remove last char
- $return = substr($return, 0, -1);
+ // Remove last char
+ $return = substr($return, 0, -1);
- // Return this string
- return $return;
- } // END - function
-} // END - if
+ // Return this string
+ return $return;
+}
// Load configuration, if found
function crackerTrackerLoadConfiguration () {
if (!isCrackerTrackerFileFound($fqfn)) {
// No config file found
die(__FUNCTION__.': No configuration file found.');
- } // END - if
+ }
// Load it
require $fqfn;
if (isset($_SERVER['HTTP_USER_AGENT'])) {
// Then use it securely
$ua = crackerTrackerSecureString(urldecode($_SERVER['HTTP_USER_AGENT']));
- } // END - if
+ }
// Sanitize it?
if ($sanitize === TRUE) {
// Sanitize ...
$ua = crackerTrackerSanitize($ua);
- } // END - if
+ }
// Return it
return $ua;
if (!empty($_SERVER['SCRIPT_NAME'])) {
// Return NULL
$scriptName = crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
- } // END - if
+ }
// Sanitize it?
if ($sanitize === TRUE) {
// Sanitize ...
$scriptName = crackerTrackerSanitize($scriptName);
- } // END - if
+ }
// Return
return $scriptName;
if ((!empty($query)) && ($sanitize === TRUE)) {
// Sanitize ...
$query = crackerTrackerSanitize($query);
- } // END - if
+ }
// Return it
return $query;
if (!empty($_SERVER['SERVER_NAME'])) {
// Return NULL
$serverName = crackerTrackerSecureString($_SERVER['SERVER_NAME']);
- } // END - if
+ }
// Sanitize it?
if ($sanitize === TRUE) {
// Sanitize ...
$serverName = crackerTrackerSanitize($serverName);
- } // END - if
+ }
// Return it
return $serverName;
if (!empty($_SERVER['HTTP_REFERER'])) {
// Then use it securely
$referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER']));
- } // END - if
+ }
// Sanitize it?
if ($sanitize === TRUE) {
// Sanitize ...
$referer = crackerTrackerSanitize($referer);
- } // END - if
+ }
// Return it
return $referer;
if (!empty($_SERVER['REQUEST_METHOD'])) {
// Then use it
$method = $_SERVER['REQUEST_METHOD'];
- } // END - if
+ }
// Return it
return $method;
// Use this language/weight instead
$GLOBALS['ctracker_language'] = $langArray[0];
$weight = $langArray[1];
- } // END - if
- } // END - foreach
- } // END - if
+ }
+ }
+ }
// Construct FQFN
$FQFN = sprintf('%s/libs/language/%s.php',
// Construct FQFN again
$FQFN = sprintf('%s/libs/language/en.php', $GLOBALS['ctracker_base_path']);
- } // END - if
+ }
// Load the language file
require($FQFN);
if (isset($GLOBALS['ctracker_localized'][$message])) {
// Use this instead
$output = $GLOBALS['ctracker_localized'][$message];
- } // END - if
+ }
// Return it
return $output;
// $content
$code = str_replace($match, "\" . \$content['" . $matches[4][$key] . "'] . \"", $code);
}
- } // END - foreach
+ }
// Return it
return $code;
if (!is_null($lang)) {
// Then use this instead
$language = $lang;
- } // END - if
+ }
// Return it
return $language;
if (isset($GLOBALS['ctracker_last_ticket']['ctracker_ticket'])) {
// Then use it
$id = $GLOBALS['ctracker_last_ticket']['ctracker_ticket'];
- } // END - if
+ }
// Return the number
return $id;
) as $key) {
// Unset it
unset($GLOBALS[$key]);
- } // END - foreach
+ }
}
// Sanitizes string
foreach ($GLOBALS['ctracker_updates'][$update] as $sql) {
// Run the SQL command
runCrackerTrackerSql($sql, __FUNCTION__, __LINE__);
- } // END - foreach
+ }
}
if (isset($_POST['ctracker_add_ticket'])) {
// Output messages
crackerTrackerLoadLocalizedTemplate('add_ticket_missing');
-} // END - if
+}
// Load form
crackerTrackerLoadLocalizedTemplate('add_ticket_form');
print '<div class="ctracker_form_missing">';
crackerTrackerOutputLocalized('add_ticket_name_missing');
print '</div>';
-} // END - if
+}
// Field 'name not filled out?
if (empty($_POST['name'])) {
print '<div class="ctracker_form_missing">';
crackerTrackerOutputLocalized('add_ticket_email_missing');
print '</div>';
-} // END - if
+}
?>
</div>
print '<div class="ctracker_form_missing">';
crackerTrackerOutputLocalized('add_ticket_name_missing');
print '<pre>';
-} // END - if
+}
// Field 'name not filled out?
if (empty($_POST['name'])) {
print '<div class="ctracker_form_missing">';
crackerTrackerOutputLocalized('add_ticket_email_missing');
print '<pre>';
-} // END - if
+}
?>
</div>
projects / ctracker.git / commitdiff