From 932234b77aa61eed6cdcabf0da2f5ec123f92608 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Wed, 6 Sep 2023 04:36:45 +0200
Subject: [PATCH] Continued: - removed last remaining closing PHP tag - added
type-hints for scalar parameter - fixed possible E_NOTICE and E_WARNING when
configuration file exists but contains invalid data - fixed
BadFunctionCallException
---
config/db_config.php.dist | 3 ---
libs/lib_connect.php | 48 +++++++++++++++++++++------------------
libs/lib_detector.php | 23 +++++++++++--------
libs/lib_general.php | 32 +++++++++++++-------------
4 files changed, 55 insertions(+), 51 deletions(-)
diff --git a/config/db_config.php.dist b/config/db_config.php.dist
index a6368fb..5cc2b39 100644
--- a/config/db_config.php.dist
+++ b/config/db_config.php.dist
@@ -39,6 +39,3 @@ $GLOBALS['ctracker_debug_enabled'] = FALSE;
// Email recipient for all emails
$GLOBALS['ctracker_email'] = 'you@domain.invalid';
-
-// [EOF]
-?>
diff --git a/libs/lib_connect.php b/libs/lib_connect.php
index f3c0161..2690624 100644
--- a/libs/lib_connect.php
+++ b/libs/lib_connect.php
@@ -66,18 +66,22 @@ function isCrackerTrackerDatabaseLinkUp () {
}
// Database error detected
-function crackerTrackerDatabaseError ($F, $L) {
+function crackerTrackerDatabaseError (string $file, int $line) {
// Should we debug?
if (isCrackerTrackerDebug()) {
// Output error
- print 'Function : ' . $F . '<br />';
- print 'Line : ' . $L . '<br />';
- if (isset($GLOBALS['ctracker_link'])) {
- print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '<br />';
+ print 'Function : ' . $file . '<br />' . PHP_EOL;
+ print 'Line : ' . $line . '<br />' . PHP_EOL;
+ if (isset($GLOBALS['ctracker_link']) && $GLOBALS['ctracker_link'] !== false) {
+ print 'MySQL error : ' . mysqli_error($GLOBALS['ctracker_link']) . '<br />' . PHP_EOL;
} else {
- print 'No MySQLi available.<br />';
+ print 'No MySQLi available.<br />' . PHP_EOL;
+ }
+ if (isset($GLOBALS['ctracker_last_sql'])) {
+ print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '<br />' . PHP_EOL;
+ } else {
+ print 'No last SQL command available.<br />' . PHP_EOL;
}
- print 'Last SQL : '. $GLOBALS['ctracker_last_sql'] . '<br />';
}
// Currently only die here
@@ -100,11 +104,11 @@ function crackerTrackerCloseDatabaseLink () {
}
// Inserts given array, if IP/check_get combination was not found
-function crackerTrackerInsertArray ($table, array $rowData) {
+function crackerTrackerInsertArray (string $table, array $rowData) {
// Is it found?
if (!isCrackerTrackerEntryFound($rowData)) {
// Reset insert id
- $GLOBALS['ctracker_last_insert_id'] = FALSE;
+ $GLOBALS['ctracker_last_insert_id'] = false;
// Run it
runCrackerTrackerSql(sprintf("INSERT INTO `%s` (`%s`) VALUES(%s)",
@@ -122,7 +126,7 @@ function crackerTrackerInsertArray ($table, array $rowData) {
}
// Updates a given entry by just counting it up
-function updateCrackerTrackerEntry (array $rowData, $countColumn = 'count') {
+function updateCrackerTrackerEntry (array $rowData, string $countColumn = 'count') {
// The link should be up here
if (!isCrackerTrackerDatabaseLinkUp()) {
// Throw exception
@@ -159,7 +163,7 @@ function isCrackerTrackerEntryFound (array $rowData) {
}
// Escapes the string
-function crackerTrackerEscapeString ($string) {
+function crackerTrackerEscapeString (string $string) {
// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Then we cant use mysqli_real_escape_string!
@@ -177,7 +181,7 @@ function crackerTrackerEscapeString ($string) {
}
// Runs an SQL query and checks for errors
-function runCrackerTrackerSql ($sqlString, $function, $line) {
+function runCrackerTrackerSql (string $sqlString, string $function, int $line) {
// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Abort here
@@ -195,9 +199,9 @@ function runCrackerTrackerSql ($sqlString, $function, $line) {
}
// Checks wether a table was found
-function isCrackerTrackerTableCreated ($table) {
+function isCrackerTrackerTableCreated (string $table) {
// Default is not found
- $found = FALSE;
+ $found = false;
// Run the query
$result = runCrackerTrackerSql('SHOW TABLES', __FUNCTION__, __LINE__);
@@ -210,7 +214,7 @@ function isCrackerTrackerTableCreated ($table) {
// Is the table there?
if ($tab == $table) {
// Okay, found. So abort
- $found = TRUE;
+ $found = true;
break;
}
}
@@ -223,7 +227,7 @@ function isCrackerTrackerTableCreated ($table) {
}
// Creates the given table with columns
-function crackerTrackerCreateTable ($table, array $columns, array $keys) {
+function crackerTrackerCreateTable (string $table, array $columns, array $keys) {
// Begin the SQL
$sqlString = 'CREATE TABLE IF NOT EXISTS `' . $table . '` (';
@@ -240,7 +244,7 @@ function crackerTrackerCreateTable ($table, array $columns, array $keys) {
$sqlString .= 'PRIMARY KEY (`' . $table . '`), ';
// Add keys
- foreach ($keys as $key=>$type) {
+ foreach ($keys as $key => $type) {
// Add this entry
$sqlString .= '' . $type . ' (`' . $key . '`), ';
}
@@ -253,7 +257,7 @@ function crackerTrackerCreateTable ($table, array $columns, array $keys) {
}
// Inits a table by inserting
-function crackerTrackerInitTable ($table) {
+function crackerTrackerInitTable (string $table) {
// Prepare SQL and run it
runCrackerTrackerSql('INSERT INTO `' . $table . '` (`' . $table . '`) VALUES (NULL)');
}
@@ -310,7 +314,7 @@ function crackerTrackerLoadConfig () {
}
// Getter for config
-function getCrackerTrackerConfig ($entry) {
+function getCrackerTrackerConfig (string $entry) {
// Is the config entry there?
if (!isset($GLOBALS['ctracker_config'][$entry])) {
// Then better die here, else we may have an endless loop
@@ -332,7 +336,7 @@ function isCrackerTrackerIpSuspicious () {
// Skip this silently if we have not config
if (!isCrackerTrackerDatabaseLinkUp()) {
// Skip this step silently, all is not suspicious
- return FALSE;
+ return false;
}
// Check if an entry is there
@@ -345,7 +349,7 @@ function isCrackerTrackerIpSuspicious () {
$found = ($rows > 0);
// And again?
- if ($found === TRUE) {
+ if ($found === true) {
// Yes, one is found, then load it
$result = runCrackerTrackerSql("SELECT SQL_SMALL_RESULT * FROM `ctracker_data` USE INDEX (`remote_proxy_last`) WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__);
@@ -369,7 +373,7 @@ function ifCrackerTrackerIpHasTicket () {
$found = (mysqli_num_rows($result) == 1);
// And again?
- if ($found === TRUE) {
+ if ($found === true) {
// Cache the ticket data
$GLOBALS['ctracker_last_ticket'] = mysqli_fetch_array($result);
}
diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index d0cf25d..122f773 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -223,7 +223,7 @@ function initCrackerTrackerArrays () {
// Also block these requests (mostly you don't want CONNECT to some SMTP sites)
$GLOBALS['ctracker_blocked_methods'] = [
- 'CONNECT' => TRUE,
+ 'CONNECT' => true,
];
// Init more elements
@@ -236,8 +236,8 @@ function initCrackerTrackerArrays () {
// Checks for worms
function isCrackerTrackerWormDetected () {
// Check against the whole list
- $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString(TRUE)));
- $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_ua_blacklist'], '*', crackerTrackerUserAgent(TRUE)));
+ $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString(true)));
+ $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_ua_blacklist'], '*', crackerTrackerUserAgent(true)));
/*
* If it differs to original and the *whole* request string is not in
@@ -245,9 +245,9 @@ function isCrackerTrackerWormDetected () {
*/
$isWorm = (
(
- $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(TRUE) && (!in_array(crackerTrackerQueryString(TRUE), $GLOBALS['ctracker_whitelist']))
+ $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(true) && (!in_array(crackerTrackerQueryString(true), $GLOBALS['ctracker_whitelist']))
) || (
- $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(TRUE)
+ $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(true)
) || (
isset($GLOBALS['ctracker_blocked_methods'][crackerTrackerRequestMethod()])
)
@@ -312,7 +312,7 @@ function sendCrackerTrackerTicketMails () {
}
// Sends a mail out
-function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) {
+function crackerTrackerSendMail (string $mail, string $recipient = NULL, string $subject = NULL) {
// Construct dummy array
$rowData = [
'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
@@ -330,7 +330,7 @@ function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) {
print 'Recipient=' . $recipient . '<br />Subject=' . $subject . '<br />Text=<pre>' . $mail . '</pre>';
// All fine
- return TRUE;
+ return true;
} elseif (!is_null($recipient)) {
// Recipient specified
return mail($recipient, $subject, $mail, $GLOBALS['ctracker_header']);
@@ -346,7 +346,7 @@ function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) {
print 'Recipient=' . $recipient . '<br />Subject=' . $subject . '<br />Text=<pre>' . $mail . '</pre>';
// All fine
- return TRUE;
+ return true;
}
}
@@ -381,8 +381,11 @@ Filtered POST string : ' . $GLOBALS['ctracker_checked_post'] . '
// Sleeps for a random time and aborts the script
function crackerTrackerDie () {
- // Close database link
- crackerTrackerCloseDatabaseLink();
+ // Check if link is up
+ if (isCrackerTrackerDatabaseLinkUp()) {
+ // Close database link
+ crackerTrackerCloseDatabaseLink();
+ }
// Do only sleep if debug/developer mode is not enabled
if (!isCrackerTrackerDebug()) {
diff --git a/libs/lib_general.php b/libs/lib_general.php
index d6e1a87..ad4f25b 100644
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -23,7 +23,7 @@
*/
// Implode recursive a multi-dimension array, taken from www.php.net
-function implode_r ($glue, $array, $array_name = NULL) {
+function implode_r (string $glue, array $array, string $array_name = NULL) {
$return = [];
while (list($key,$value) = @each($array)) {
if (is_array($value)) {
@@ -90,7 +90,7 @@ function crackerTrackerLoadConfiguration () {
// Getter for ctracker_debug_enabled
function isCrackerTrackerDebug () {
// Is it set?
- $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE));
+ $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === true));
// Debug message
//* DEBUG: */ error_log('result=' . intval($result));
@@ -139,7 +139,7 @@ function isCrackerTrackerProxyUsed () {
}
// Detects the user-agent string
-function crackerTrackerUserAgent ($sanitize = FALSE) {
+function crackerTrackerUserAgent (bool $sanitize = false) {
// Default is 'unknown'
$ua = 'unknown';
@@ -150,7 +150,7 @@ function crackerTrackerUserAgent ($sanitize = FALSE) {
}
// Sanitize it?
- if ($sanitize === TRUE) {
+ if ($sanitize === true) {
// Sanitize ...
$ua = crackerTrackerSanitize($ua);
}
@@ -160,7 +160,7 @@ function crackerTrackerUserAgent ($sanitize = FALSE) {
}
// Detects the script name
-function crackerTrackerScriptName ($sanitize = FALSE) {
+function crackerTrackerScriptName (bool $sanitize = false) {
// Default is NULL
$scriptName = NULL;
@@ -171,7 +171,7 @@ function crackerTrackerScriptName ($sanitize = FALSE) {
}
// Sanitize it?
- if ($sanitize === TRUE) {
+ if ($sanitize === true) {
// Sanitize ...
$scriptName = crackerTrackerSanitize($scriptName);
}
@@ -181,7 +181,7 @@ function crackerTrackerScriptName ($sanitize = FALSE) {
}
// Detects the query string
-function crackerTrackerQueryString ($sanitize = FALSE) {
+function crackerTrackerQueryString (bool $sanitize = false) {
// Default is NULL
$query = NULL;
@@ -195,7 +195,7 @@ function crackerTrackerQueryString ($sanitize = FALSE) {
}
// Sanitize it?
- if ((!empty($query)) && ($sanitize === TRUE)) {
+ if ((!empty($query)) && ($sanitize === true)) {
// Sanitize ...
$query = crackerTrackerSanitize($query);
}
@@ -205,7 +205,7 @@ function crackerTrackerQueryString ($sanitize = FALSE) {
}
// Detects the server's name
-function crackerTrackerServerName ($sanitize = FALSE) {
+function crackerTrackerServerName (bool $sanitize = false) {
// Default is NULL
$serverName = NULL;
@@ -216,7 +216,7 @@ function crackerTrackerServerName ($sanitize = FALSE) {
}
// Sanitize it?
- if ($sanitize === TRUE) {
+ if ($sanitize === true) {
// Sanitize ...
$serverName = crackerTrackerSanitize($serverName);
}
@@ -226,7 +226,7 @@ function crackerTrackerServerName ($sanitize = FALSE) {
}
// Detects the referer
-function crackerTrackerReferer ($sanitize = FALSE) {
+function crackerTrackerReferer (bool $sanitize = false) {
// Default is a dash
$referer = '-';
@@ -237,7 +237,7 @@ function crackerTrackerReferer ($sanitize = FALSE) {
}
// Sanitize it?
- if ($sanitize === TRUE) {
+ if ($sanitize === true) {
// Sanitize ...
$referer = crackerTrackerSanitize($referer);
}
@@ -486,7 +486,7 @@ function getCrackerTrackerTicketId () {
function sendCrackerTrackerCookie () {
// Set the cookie
// @TODO Why can't domain be set to value from crackerTrackerServerName() ?
- setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), TRUE);
+ setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), true);
$_COOKIE['ctracker_ticket'] = getCrackerTrackerTicketId();
}
@@ -528,7 +528,7 @@ function crackerTrackerSendRawRedirect ($url) {
// check if running on IIS < 6 with CGI-PHP
if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) &&
- (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== FALSE) &&
+ (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== false) &&
(preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) &&
($matches[1] < 6)) {
// Send the IIS header
@@ -610,7 +610,7 @@ function ifCtrackerTrackerAntiSpamFieldGiven () {
// Is request method POST?
if (crackerTrackerRequestMethod() != 'POST') {
// Cannot be given
- return FALSE;
+ return false;
}
// Walk through all fields
@@ -618,7 +618,7 @@ function ifCtrackerTrackerAntiSpamFieldGiven () {
// Is one found?
if (in_array($fieldName, $_POST) && !empty($_POST[$fieldName])) {
// Filled out!
- return TRUE;
+ return true;
}
}
}
--
2.39.5