From 932234b77aa61eed6cdcabf0da2f5ec123f92608 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 6 Sep 2023 04:36:45 +0200 Subject: [PATCH] Continued: - removed last remaining closing PHP tag - added type-hints for scalar parameter - fixed possible E_NOTICE and E_WARNING when configuration file exists but contains invalid data - fixed BadFunctionCallException --- config/db_config.php.dist | 3 --- libs/lib_connect.php | 48 +++++++++++++++++++++------------------ libs/lib_detector.php | 23 +++++++++++-------- libs/lib_general.php | 32 +++++++++++++------------- 4 files changed, 55 insertions(+), 51 deletions(-) diff --git a/config/db_config.php.dist b/config/db_config.php.dist index a6368fb..5cc2b39 100644 --- a/config/db_config.php.dist +++ b/config/db_config.php.dist @@ -39,6 +39,3 @@ $GLOBALS['ctracker_debug_enabled'] = FALSE; // Email recipient for all emails $GLOBALS['ctracker_email'] = 'you@domain.invalid'; - -// [EOF] -?> diff --git a/libs/lib_connect.php b/libs/lib_connect.php index f3c0161..2690624 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -66,18 +66,22 @@ function isCrackerTrackerDatabaseLinkUp () { } // Database error detected -function crackerTrackerDatabaseError ($F, $L) { +function crackerTrackerDatabaseError (string $file, int $line) { // Should we debug? if (isCrackerTrackerDebug()) { // Output error - print 'Function : ' . $F . '
'; - print 'Line : ' . $L . '
'; - if (isset($GLOBALS['ctracker_link'])) { - print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '
'; + print 'Function : ' . $file . '
' . PHP_EOL; + print 'Line : ' . $line . '
' . PHP_EOL; + if (isset($GLOBALS['ctracker_link']) && $GLOBALS['ctracker_link'] !== false) { + print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '
' . PHP_EOL; } else { - print 'No MySQLi available.
'; + print 'No MySQLi available.
' . PHP_EOL; + } + if (isset($GLOBALS['ctracker_last_sql'])) { + print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '
' . PHP_EOL; + } else { + print 'No last SQL command available.
' . PHP_EOL; } - print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '
'; } // Currently only die here @@ -100,11 +104,11 @@ function crackerTrackerCloseDatabaseLink () { } // Inserts given array, if IP/check_get combination was not found -function crackerTrackerInsertArray ($table, array $rowData) { +function crackerTrackerInsertArray (string $table, array $rowData) { // Is it found? if (!isCrackerTrackerEntryFound($rowData)) { // Reset insert id - $GLOBALS['ctracker_last_insert_id'] = FALSE; + $GLOBALS['ctracker_last_insert_id'] = false; // Run it runCrackerTrackerSql(sprintf("INSERT INTO `%s` (`%s`) VALUES(%s)", @@ -122,7 +126,7 @@ function crackerTrackerInsertArray ($table, array $rowData) { } // Updates a given entry by just counting it up -function updateCrackerTrackerEntry (array $rowData, $countColumn = 'count') { +function updateCrackerTrackerEntry (array $rowData, string $countColumn = 'count') { // The link should be up here if (!isCrackerTrackerDatabaseLinkUp()) { // Throw exception @@ -159,7 +163,7 @@ function isCrackerTrackerEntryFound (array $rowData) { } // Escapes the string -function crackerTrackerEscapeString ($string) { +function crackerTrackerEscapeString (string $string) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Then we cant use mysqli_real_escape_string! @@ -177,7 +181,7 @@ function crackerTrackerEscapeString ($string) { } // Runs an SQL query and checks for errors -function runCrackerTrackerSql ($sqlString, $function, $line) { +function runCrackerTrackerSql (string $sqlString, string $function, int $line) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Abort here @@ -195,9 +199,9 @@ function runCrackerTrackerSql ($sqlString, $function, $line) { } // Checks wether a table was found -function isCrackerTrackerTableCreated ($table) { +function isCrackerTrackerTableCreated (string $table) { // Default is not found - $found = FALSE; + $found = false; // Run the query $result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__); @@ -210,7 +214,7 @@ function isCrackerTrackerTableCreated ($table) { // Is the table there? if ($tab == $table) { // Okay, found. So abort - $found = TRUE; + $found = true; break; } } @@ -223,7 +227,7 @@ function isCrackerTrackerTableCreated ($table) { } // Creates the given table with columns -function crackerTrackerCreateTable ($table, array $columns, array $keys) { +function crackerTrackerCreateTable (string $table, array $columns, array $keys) { // Begin the SQL $sqlString = 'CREATE TABLE IF NOT EXISTS `' . $table . '` ('; @@ -240,7 +244,7 @@ function crackerTrackerCreateTable ($table, array $columns, array $keys) { $sqlString .= 'PRIMARY KEY (`' . $table . '`), '; // Add keys - foreach ($keys as $key=>$type) { + foreach ($keys as $key => $type) { // Add this entry $sqlString .= '' . $type . ' (`' . $key . '`), '; } @@ -253,7 +257,7 @@ function crackerTrackerCreateTable ($table, array $columns, array $keys) { } // Inits a table by inserting -function crackerTrackerInitTable ($table) { +function crackerTrackerInitTable (string $table) { // Prepare SQL and run it runCrackerTrackerSql('INSERT INTO `' . $table . '` (`' . $table . '`) VALUES (NULL)'); } @@ -310,7 +314,7 @@ function crackerTrackerLoadConfig () { } // Getter for config -function getCrackerTrackerConfig ($entry) { +function getCrackerTrackerConfig (string $entry) { // Is the config entry there? if (!isset($GLOBALS['ctracker_config'][$entry])) { // Then better die here, else we may have an endless loop @@ -332,7 +336,7 @@ function isCrackerTrackerIpSuspicious () { // Skip this silently if we have not config if (!isCrackerTrackerDatabaseLinkUp()) { // Skip this step silently, all is not suspicious - return FALSE; + return false; } // Check if an entry is there @@ -345,7 +349,7 @@ function isCrackerTrackerIpSuspicious () { $found = ($rows > 0); // And again? - if ($found === TRUE) { + if ($found === true) { // Yes, one is found, then load it $result = runCrackerTrackerSql("SELECT SQL_SMALL_RESULT * FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); @@ -369,7 +373,7 @@ function ifCrackerTrackerIpHasTicket () { $found = (mysqli_num_rows($result) == 1); // And again? - if ($found === TRUE) { + if ($found === true) { // Cache the ticket data $GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result); } diff --git a/libs/lib_detector.php b/libs/lib_detector.php index d0cf25d..122f773 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -223,7 +223,7 @@ function initCrackerTrackerArrays () { // Also block these requests (mostly you don't want CONNECT to some SMTP sites) $GLOBALS['ctracker_blocked_methods'] = [ - 'CONNECT' => TRUE, + 'CONNECT' => true, ]; // Init more elements @@ -236,8 +236,8 @@ function initCrackerTrackerArrays () { // Checks for worms function isCrackerTrackerWormDetected () { // Check against the whole list - $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString(TRUE))); - $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_ua_blacklist'], '*', crackerTrackerUserAgent(TRUE))); + $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString(true))); + $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_ua_blacklist'], '*', crackerTrackerUserAgent(true))); /* * If it differs to original and the *whole* request string is not in @@ -245,9 +245,9 @@ function isCrackerTrackerWormDetected () { */ $isWorm = ( ( - $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(TRUE) && (!in_array(crackerTrackerQueryString(TRUE), $GLOBALS['ctracker_whitelist'])) + $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(true) && (!in_array(crackerTrackerQueryString(true), $GLOBALS['ctracker_whitelist'])) ) || ( - $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(TRUE) + $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(true) ) || ( isset($GLOBALS['ctracker_blocked_methods'][crackerTrackerRequestMethod()]) ) @@ -312,7 +312,7 @@ function sendCrackerTrackerTicketMails () { } // Sends a mail out -function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) { +function crackerTrackerSendMail (string $mail, string $recipient = NULL, string $subject = NULL) { // Construct dummy array $rowData = [ 'remote_addr' => determineCrackerTrackerRealRemoteAddress(), @@ -330,7 +330,7 @@ function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) { print 'Recipient=' . $recipient . '
Subject=' . $subject . '
Text=
' . $mail . '
'; // All fine - return TRUE; + return true; } elseif (!is_null($recipient)) { // Recipient specified return mail($recipient, $subject, $mail, $GLOBALS['ctracker_header']); @@ -346,7 +346,7 @@ function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) { print 'Recipient=' . $recipient . '
Subject=' . $subject . '
Text=
' . $mail . '
'; // All fine - return TRUE; + return true; } } @@ -381,8 +381,11 @@ Filtered POST string : ' . $GLOBALS['ctracker_checked_post'] . ' // Sleeps for a random time and aborts the script function crackerTrackerDie () { - // Close database link - crackerTrackerCloseDatabaseLink(); + // Check if link is up + if (isCrackerTrackerDatabaseLinkUp()) { + // Close database link + crackerTrackerCloseDatabaseLink(); + } // Do only sleep if debug/developer mode is not enabled if (!isCrackerTrackerDebug()) { diff --git a/libs/lib_general.php b/libs/lib_general.php index d6e1a87..ad4f25b 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -23,7 +23,7 @@ */ // Implode recursive a multi-dimension array, taken from www.php.net -function implode_r ($glue, $array, $array_name = NULL) { +function implode_r (string $glue, array $array, string $array_name = NULL) { $return = []; while (list($key,$value) = @each($array)) { if (is_array($value)) { @@ -90,7 +90,7 @@ function crackerTrackerLoadConfiguration () { // Getter for ctracker_debug_enabled function isCrackerTrackerDebug () { // Is it set? - $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE)); + $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === true)); // Debug message //* DEBUG: */ error_log('result=' . intval($result)); @@ -139,7 +139,7 @@ function isCrackerTrackerProxyUsed () { } // Detects the user-agent string -function crackerTrackerUserAgent ($sanitize = FALSE) { +function crackerTrackerUserAgent (bool $sanitize = false) { // Default is 'unknown' $ua = 'unknown'; @@ -150,7 +150,7 @@ function crackerTrackerUserAgent ($sanitize = FALSE) { } // Sanitize it? - if ($sanitize === TRUE) { + if ($sanitize === true) { // Sanitize ... $ua = crackerTrackerSanitize($ua); } @@ -160,7 +160,7 @@ function crackerTrackerUserAgent ($sanitize = FALSE) { } // Detects the script name -function crackerTrackerScriptName ($sanitize = FALSE) { +function crackerTrackerScriptName (bool $sanitize = false) { // Default is NULL $scriptName = NULL; @@ -171,7 +171,7 @@ function crackerTrackerScriptName ($sanitize = FALSE) { } // Sanitize it? - if ($sanitize === TRUE) { + if ($sanitize === true) { // Sanitize ... $scriptName = crackerTrackerSanitize($scriptName); } @@ -181,7 +181,7 @@ function crackerTrackerScriptName ($sanitize = FALSE) { } // Detects the query string -function crackerTrackerQueryString ($sanitize = FALSE) { +function crackerTrackerQueryString (bool $sanitize = false) { // Default is NULL $query = NULL; @@ -195,7 +195,7 @@ function crackerTrackerQueryString ($sanitize = FALSE) { } // Sanitize it? - if ((!empty($query)) && ($sanitize === TRUE)) { + if ((!empty($query)) && ($sanitize === true)) { // Sanitize ... $query = crackerTrackerSanitize($query); } @@ -205,7 +205,7 @@ function crackerTrackerQueryString ($sanitize = FALSE) { } // Detects the server's name -function crackerTrackerServerName ($sanitize = FALSE) { +function crackerTrackerServerName (bool $sanitize = false) { // Default is NULL $serverName = NULL; @@ -216,7 +216,7 @@ function crackerTrackerServerName ($sanitize = FALSE) { } // Sanitize it? - if ($sanitize === TRUE) { + if ($sanitize === true) { // Sanitize ... $serverName = crackerTrackerSanitize($serverName); } @@ -226,7 +226,7 @@ function crackerTrackerServerName ($sanitize = FALSE) { } // Detects the referer -function crackerTrackerReferer ($sanitize = FALSE) { +function crackerTrackerReferer (bool $sanitize = false) { // Default is a dash $referer = '-'; @@ -237,7 +237,7 @@ function crackerTrackerReferer ($sanitize = FALSE) { } // Sanitize it? - if ($sanitize === TRUE) { + if ($sanitize === true) { // Sanitize ... $referer = crackerTrackerSanitize($referer); } @@ -486,7 +486,7 @@ function getCrackerTrackerTicketId () { function sendCrackerTrackerCookie () { // Set the cookie // @TODO Why can't domain be set to value from crackerTrackerServerName() ? - setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), TRUE); + setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), true); $_COOKIE['ctracker_ticket'] = getCrackerTrackerTicketId(); } @@ -528,7 +528,7 @@ function crackerTrackerSendRawRedirect ($url) { // check if running on IIS < 6 with CGI-PHP if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) && - (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== FALSE) && + (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== false) && (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) && ($matches[1] < 6)) { // Send the IIS header @@ -610,7 +610,7 @@ function ifCtrackerTrackerAntiSpamFieldGiven () { // Is request method POST? if (crackerTrackerRequestMethod() != 'POST') { // Cannot be given - return FALSE; + return false; } // Walk through all fields @@ -618,7 +618,7 @@ function ifCtrackerTrackerAntiSpamFieldGiven () { // Is one found? if (in_array($fieldName, $_POST) && !empty($_POST[$fieldName])) { // Filled out! - return TRUE; + return true; } } } -- 2.39.5