sprich zugriff ################################################################################################ ###################################### sicherheitsfunktionen ####################################### ################################################################################################ ####################################################################### ###################### wenn innerhalb von zeitintervall zu oft gesucht wird ####################################################################### function check_intervall() { return 1; /* $SecMustDiffer = 2; $sec = time(); $remote_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $Path = SECURITY_CHECK_INTERVAL; touch("$Path/check_intervall.$remote_ip"); $check_handle = fopen("$Path/check_intervall.$remote_ip","r"); $last_access = fgets($check_handle, 100); trim($last_access); fclose($check_handle); $sec_check = explode ("#", $last_access); if ( strcasecmp($sec_check[0],$remote_ip) == 0 ) { $secdiff = $sec - $sec_check[1]; if ( $secdiff >= $SecMustDiffer ) { #alles ok, länger als 1 sec zwischen suchanfragen } else { $banned_handle = fopen("$Path/check_intervall.$remote_ip","w"); fputs($banned_handle,"$remote_ip#$sec\n"); fclose($banned_handle); echo "
Bitte warten sie $SecMustDiffer Sekunde zwischen den Suchanfragen!
Please wait at least $SecMustDiffer second between each request!
"; return 0; }; # if ($secdiff >= $SecMustDiffer ) { }; # if ( $sec_check[0] == "$remote_ip") { $log_handle = fopen("$Path/check_intervall.$remote_ip","w"); fputs($log_handle,"$remote_ip#$sec\n"); fclose($log_handle); return 1; */ }; # function check_interval() ####################################################################### ###################### wenn am tag zuoft gesucht wurde -> banned until 0:00 ####################################################################### function check_accessed_times() { # kein check bei googlebots if ( preg_match("#(googlebot)|(msnbot|Lycos_Spider|eMiragorobot|Slurp|Ask Jeeves|WebCrawler|Scooter|Google)|(bot)#si", $_SERVER['HTTP_USER_AGENT']) ) { return 1; }; $current_day = date("j"); $remote_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $Path = SECURITY_ACCESS_TIME; touch("$Path/check_access.$remote_ip"); $check_handle = fopen("$Path/check_access.$remote_ip","r"); $last_access = fgets($check_handle, 100); trim($last_access); fclose($check_handle); list($iplog,$times,$myday) = explode ("#", $last_access); # nur wenn der gleiche tag ist, checke,sonst alles ok! # if ( preg_match("/$current_day/", $myday) ) { if ( $current_day == $myday ) { # heute schon über MAXREQUESTPERDAY mal zugegriffen -> banne diese ip bis 0 Uhr if ( $times >= MAXREQUESTPERDAY ) { echo "

Gesperrt bis 0 Uhr - weil du heute schon zu oft gesucht hast! Probleme an bigfish82@gmail.com berichten! Bannded until 0 o'clock because of too extensive use today. Report Errors to bigfish82@gmail.com !

"; exit; return 0; } else { $times = $times+1; $log_handle = fopen("$Path/check_access.$remote_ip","w"); fputs($log_handle,"$remote_ip#$times#$current_day\n"); fclose($log_handle); return 1; }; # if ( $times >= MAXREQUESTPERDAY ) { } else { # ip hat heute noch nicht zugegriffen,darum den ersten eintrag machen! $times = "0"; $log_handle = fopen("$Path/check_access.$remote_ip","w"); fputs($log_handle,"$remote_ip#$times#$current_day\n"); fclose($log_handle); return 1; }; # if ( $current_day == $myday ) { return 1; }; # function check_accessed_times() { ####################################################################### ###################### böse sonderzeichen entfernen ####################################################################### function deleteSpecialChars($del_badchar) { if ( strlen($del_badchar) > MAXSTRLEN ) { # lösche alles nach dem 200sten zeichen bei überlangen eingaben $del_badchar = substr($del_badchar, 0, MAXSTRLEN); }; $del_badchar = preg_replace("/\"/", "", $del_badchar); $del_badchar = preg_replace("/`/", "", $del_badchar); $del_badchar = preg_replace("/'/", "", $del_badchar); $del_badchar = preg_replace("/\?/", "", $del_badchar); $del_badchar = preg_replace("/%/", "", $del_badchar); $del_badchar = preg_replace("/$/", "", $del_badchar); $del_badchar = preg_replace("/§/", "", $del_badchar); $del_badchar = preg_replace("/!/", "", $del_badchar); $del_badchar = preg_replace("/\&/", "+", $del_badchar); $del_badchar = preg_replace("/\{/", "", $del_badchar); $del_badchar = preg_replace("/\}/", "", $del_badchar); $del_badchar = preg_replace("/\(/", "", $del_badchar); $del_badchar = preg_replace("/\)/", "", $del_badchar); $del_badchar = preg_replace("/\[/", "", $del_badchar); $del_badchar = preg_replace("/\]/", "", $del_badchar); $del_badchar = preg_replace("/=/", "", $del_badchar); $del_badchar = preg_replace("/#/", "", $del_badchar); $del_badchar = preg_replace("/,/", "", $del_badchar); $del_badchar = preg_replace("/;/", "", $del_badchar); $del_badchar = preg_replace("/\|/", "", $del_badchar); $del_badchar = preg_replace("//", "", $del_badchar); $del_badchar = preg_replace("/\//", "", $del_badchar); $del_badchar = preg_replace("/°/", "", $del_badchar); $del_badchar = preg_replace("/^/", "", $del_badchar); $del_badchar = preg_replace("/\./", "", $del_badchar); $del_badchar = preg_replace("/,/", "", $del_badchar); $del_badchar = preg_replace("/ß/", "ss", $del_badchar); $del_badchar = preg_replace("/\|/", "", $del_badchar); $del_badchar = preg_replace("/€/", "", $del_badchar); $del_badchar = preg_replace("/´/", "", $del_badchar); $del_badchar = preg_replace("/~/", "", $del_badchar); $del_badchar = preg_replace("/µ/", "", $del_badchar); $del_badchar = preg_replace("/\&+\#+(\d)+\;/", " ", $del_badchar); # entferne html entities $code_entities_match = array(' ','--','"','!','@','#','$','%','^','&','*','(',')','_','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','~','`','='); $code_entities_replace = array(' ',' ','','','','','','','','','','','','','','','','','','','','','',''); $del_badchar = str_replace($code_entities_match, $code_entities_replace, $del_badchar); #return strtolower($del_badchar); return $del_badchar; }; # function deleteSpecialChars($del_badchar) { function logQuerys( $query, $lang, $catg ) { $catg = strtolower($catg); # logge die referers mit $REMOTE = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $UA = $_SERVER["HTTP_USER_AGENT"]; $REFERER = $_SERVER["HTTP_REFERER"]; $QUERY = $_SERVER["QUERY_STRING"]; $LANG = $_SERVER["HTTP_ACCEPT_LANGUAGE"]; $TODAY = date("j.n.Y"); if (!file_exists("/srv/server/querys/logquerys1.txt")) { touch("/srv/server/querys/logquerys1.txt"); }; $log_handle = fopen("/srv/server/querys/logquerys1.txt","a+") or die; flock($log_handle, LOCK_EX); fputs($log_handle,"$TODAY#$REFERER#$QUERY#$UA#$LANG#$REMOTE\n"); fclose($log_handle); # logge die keywords mit $KeywordDate = date("j.n.Y"); $KeyWordStoreDir = date("n.Y"); # setze language flag # if ( !strcasecmp($lang, "fr") == 0 ) { $lang = "fr"; # }; # setze den storepath -> jeden tag neu $StorePath = "/srv/server/querys/keywords/$KeyWordStoreDir"; # erstelle verzeichnis, wenn es nicht existiert if (!is_dir ( $StorePath ) ) { mkdir ($StorePath, 0777); }; # erstelle absoluten pfad zur keyword store datei $StorePathFile .= $StorePath . "/$KeywordDate.$catg.$lang.txt"; # erstelle die keyword store datei # if (!file_exists($StorePathFile)) { # touch($StorePathFile); # }; $fh = fopen("$StorePathFile","a+"); flock($fh, LOCK_EX); fwrite($fh,"$query\n"); fclose($fh); return 1; }; # function logQuerys() {} function logGoto( $url ) { $REMOTE = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $QUERY = $_SERVER["QUERY_STRING"]; $LANG = $_SERVER["HTTP_ACCEPT_LANGUAGE"]; $TODAY = date("j.n.Y"); if (!file_exists("/server/querys/logclicks.txt")) { touch("/server/querys/logclicks.txt"); }; $log_handle = fopen("/server/querys/logclicks.txt","a+"); flock($log_handle, LOCK_EX); fputs($log_handle,"$TODAY#$url#$QUERY#$LANG#$REMOTE\n"); fclose($log_handle); return 1; }; # function logQuerys() {} function logMailSend( $url, $email, $mailfrom ) { $REMOTE = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $TODAY = date("j.n.Y"); if (!file_exists("/server/querys/logmailsend.txt")) { touch("/server/querys/logmailsend.txt"); }; $log_handle = fopen("/server/querys/logmailsend.txt","a+"); flock($log_handle, LOCK_EX); fputs($log_handle,"$TODAY#$email#$mailfrom#$REMOTE#$url\n"); fclose($log_handle); return 1; }; # function logQuerys() {} /* function HTTPStatus($num) { static $http = array ( 100 => "HTTP/1.1 100 Continue", 101 => "HTTP/1.1 101 Switching Protocols", 200 => "HTTP/1.1 200 OK", 201 => "HTTP/1.1 201 Created", 202 => "HTTP/1.1 202 Accepted", 203 => "HTTP/1.1 203 Non-Authoritative Information", 204 => "HTTP/1.1 204 No Content", 205 => "HTTP/1.1 205 Reset Content", 206 => "HTTP/1.1 206 Partial Content", 300 => "HTTP/1.1 300 Multiple Choices", 301 => "HTTP/1.1 301 Moved Permanently", 302 => "HTTP/1.1 302 Found", 303 => "HTTP/1.1 303 See Other", 304 => "HTTP/1.1 304 Not Modified", 305 => "HTTP/1.1 305 Use Proxy", 307 => "HTTP/1.1 307 Temporary Redirect", 400 => "HTTP/1.1 400 Bad Request", 401 => "HTTP/1.1 401 Unauthorized", 402 => "HTTP/1.1 402 Payment Required", 403 => "HTTP/1.1 403 Forbidden", 404 => "HTTP/1.1 404 Not Found", 405 => "HTTP/1.1 405 Method Not Allowed", 406 => "HTTP/1.1 406 Not Acceptable", 407 => "HTTP/1.1 407 Proxy Authentication Required", 408 => "HTTP/1.1 408 Request Time-out", 409 => "HTTP/1.1 409 Conflict", 410 => "HTTP/1.1 410 Gone", 411 => "HTTP/1.1 411 Length Required", 412 => "HTTP/1.1 412 Precondition Failed", 413 => "HTTP/1.1 413 Request Entity Too Large", 414 => "HTTP/1.1 414 Request-URI Too Large", 415 => "HTTP/1.1 415 Unsupported Media Type", 416 => "HTTP/1.1 416 Requested range not satisfiable", 417 => "HTTP/1.1 417 Expectation Failed", 500 => "HTTP/1.1 500 Internal Server Error", 501 => "HTTP/1.1 501 Not Implemented", 502 => "HTTP/1.1 502 Bad Gateway", 503 => "HTTP/1.1 503 Service Unavailable", 504 => "HTTP/1.1 504 Gateway Time-out" ); header($http[$num]); */ ?>