sprich zugriff function is_good( $string ){ global $BadWordArray; $stopwordlist = STOPWORDLIST; $BadWordArray = file($stopwordlist); $string = title_plus7($string); # functions.inc.php $string = str_ireplace("+", " ", $string); $PossibleBadArray = explode(" ", $string); for ( $i = 0; $i<=count($PossibleBadArray); $i++){ $value = trim($PossibleBadArray[$i]); for ( $a = 0; $a<=count($BadWordArray); $a++){ $value_filter = trim($BadWordArray[$a]); // echo "checking input: '$value' with filter: '$value_filter'
"; if ( preg_match_all("/\b$value\b/i", $value_filter ,$matches ) ){ if ( strlen($value) >= 3 ) { // echo "BAD BAD BAD: filter: '$value_filter' --- '$value' --- '$string' \n";sleep(0.25); return 0; }; # if ( strlen($value) >= 2 ) { }; # if ( count(preg_grep("/$value/is", $BadWordArray )) >= 1 ){ }; # for ( $a = 0; $a<=count($BadWordArray); $a++){ }; # for ( $i = 0; $i<=count($database_category); $i++){ return 1; }; # function is_good(){ function deleteSpecialChars($del_badchar) { $MaxStringSearchLenght = MAXSTRLEN; if ( strlen($del_badchar) > $MaxStringSearchLenght ) { # lösche alles nach dem 200sten zeichen bei überlangen eingaben $del_badchar = substr($del_badchar, 0, $MaxStringSearchLenght); }; $del_badchar = preg_replace("/[^a-z0-9\s+]/i", " ", $del_badchar); /* $del_badchar = preg_replace("/\"/", "", $del_badchar); $del_badchar = preg_replace("/`/", "", $del_badchar); $del_badchar = preg_replace("/'/", "", $del_badchar); $del_badchar = preg_replace("/\?/", "", $del_badchar); $del_badchar = preg_replace("/%/", "", $del_badchar); $del_badchar = preg_replace("/$/", "", $del_badchar); $del_badchar = preg_replace("/§/", "", $del_badchar); $del_badchar = preg_replace("/!/", "", $del_badchar); $del_badchar = preg_replace("/\&/", "+", $del_badchar); $del_badchar = preg_replace("/\{/", "", $del_badchar); $del_badchar = preg_replace("/\}/", "", $del_badchar); $del_badchar = preg_replace("/\(/", "", $del_badchar); $del_badchar = preg_replace("/\)/", "", $del_badchar); $del_badchar = preg_replace("/\[/", "", $del_badchar); $del_badchar = preg_replace("/\]/", "", $del_badchar); $del_badchar = preg_replace("/=/", "", $del_badchar); $del_badchar = preg_replace("/#/", "", $del_badchar); $del_badchar = preg_replace("/,/", "", $del_badchar); $del_badchar = preg_replace("/;/", "", $del_badchar); $del_badchar = preg_replace("/\|/", "", $del_badchar); $del_badchar = preg_replace("//", "", $del_badchar); $del_badchar = preg_replace("/\//", "", $del_badchar); $del_badchar = preg_replace("/°/", "", $del_badchar); $del_badchar = preg_replace("/^/", "", $del_badchar); $del_badchar = preg_replace("/\./", "", $del_badchar); $del_badchar = preg_replace("/,/", "", $del_badchar); $del_badchar = preg_replace("/ß/", "ss", $del_badchar); $del_badchar = preg_replace("/\|/", "", $del_badchar); $del_badchar = preg_replace("/€/", "", $del_badchar); $del_badchar = preg_replace("/´/", "", $del_badchar); $del_badchar = preg_replace("/~/", "", $del_badchar); $del_badchar = preg_replace("/µ/", "", $del_badchar); $del_badchar = preg_replace("/\&+\#+(\d)+\;/", " ", $del_badchar); # entferne html entities */ $code_entities_match = array(' ','--','"','!','@','#','$','%','^','&','*','(',')','_','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','~','`','='); $code_entities_replace = array(' ',' ','','','','','','','','','','','','','','','','','','','','','',''); $del_badchar = str_replace($code_entities_match, $code_entities_replace, $del_badchar); $del_badchar = addslashes($del_badchar); $del_badchar = strip_tags($del_badchar); $del_badchar = escapeshellcmd($del_badchar); return $del_badchar; }; # function deleteSpecialChars($del_badchar) { #function logQuerys( $query, $lang, $catg ) { function logQuerys( $query, $catg ,$lang ) { $isvalid = is_good($query); # security.inc.php //echo "($isvalid) on query: '$query'
"; if ( $isvalid != 1 ) { return 0; }; $catg = strtolower($catg); # logge die referers mit $REMOTE = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $UA = $_SERVER["HTTP_USER_AGENT"]; $REFERER = $_SERVER["HTTP_REFERER"]; $QUERY = $_SERVER["QUERY_STRING"]; $LANG = $_SERVER["HTTP_ACCEPT_LANGUAGE"]; $TODAY = date("j.n.Y"); if (!file_exists("/home/querys/logquerys1.txt")) { touch("/home/querys/logquerys1.txt"); }; $log_handle = fopen("/home/querys/logquerys1.txt","a+"); flock($log_handle, LOCK_EX); fputs($log_handle,"$TODAY#$REFERER#$QUERY#$UA#$LANG#$REMOTE\n"); fclose($log_handle); ##### ## logge die keywords mit ##### $BadWordArray = file("/home/wwwroot/lib/stopwordlist.txt"); $KeywordDate = date("j.n.Y"); $KeyWordStoreDir = date("n.Y"); # setze language flag $lang = "en"; # setze den storepath -> jeden tag neu $StorePath = "/home/querys/keywords/$KeyWordStoreDir"; # erstelle verzeichnis, wenn es nicht existiert if (!is_dir ( $StorePath ) ) { mkdir ($StorePath, 0777); }; # erstelle absoluten pfad zur keyword store datei $StorePathFile .= $StorePath . "/$KeywordDate.$catg.$lang.txt"; $neu = trim($query); $fh = fopen("$StorePathFile","a+"); flock($fh, LOCK_EX); if ( count(preg_grep("/$neu/is", $BadWordArray )) && strlen($neu) > 1 ){ # echo "BAD BAD BAD : '$neu'\n";sleep(0.25); } else { # speichere nur, wenn kein badword ist fputs($fh,"$query\n"); } fclose($fh); return 1; }; # function logQuerys() {} function logGoto( $url ) { $REMOTE = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $QUERY = $_SERVER["QUERY_STRING"]; $LANG = $_SERVER["HTTP_ACCEPT_LANGUAGE"]; $TODAY = date("j.n.Y"); if (!file_exists("/home/querys/logclicks.txt")) { touch("/home/querys/logclicks.txt"); }; $log_handle = fopen("/home/querys/logclicks.txt","a+"); flock($log_handle, LOCK_EX); fputs($log_handle,"$TODAY#$url#$QUERY#$LANG#$REMOTE\n"); fclose($log_handle); return 1; }; # function logQuerys() {} function logMailSend( $url, $email, $mailfrom ) { $REMOTE = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $TODAY = date("j.n.Y"); if (!file_exists("/home/querys/logmailsend.txt")) { touch("/home/querys/logmailsend.txt"); }; $log_handle = fopen("/home/querys/logmailsend.txt","a+"); flock($log_handle, LOCK_EX); fputs($log_handle,"$TODAY#$email#$mailfrom#$REMOTE#$url\n"); fclose($log_handle); return 1; }; # function logQuerys() {} /* function HTTPStatus($num) { static $http = array ( 100 => "HTTP/1.1 100 Continue", 101 => "HTTP/1.1 101 Switching Protocols", 200 => "HTTP/1.1 200 OK", 201 => "HTTP/1.1 201 Created", 202 => "HTTP/1.1 202 Accepted", 203 => "HTTP/1.1 203 Non-Authoritative Information", 204 => "HTTP/1.1 204 No Content", 205 => "HTTP/1.1 205 Reset Content", 206 => "HTTP/1.1 206 Partial Content", 300 => "HTTP/1.1 300 Multiple Choices", 301 => "HTTP/1.1 301 Moved Permanently", 302 => "HTTP/1.1 302 Found", 303 => "HTTP/1.1 303 See Other", 304 => "HTTP/1.1 304 Not Modified", 305 => "HTTP/1.1 305 Use Proxy", 307 => "HTTP/1.1 307 Temporary Redirect", 400 => "HTTP/1.1 400 Bad Request", 401 => "HTTP/1.1 401 Unauthorized", 402 => "HTTP/1.1 402 Payment Required", 403 => "HTTP/1.1 403 Forbidden", 404 => "HTTP/1.1 404 Not Found", 405 => "HTTP/1.1 405 Method Not Allowed", 406 => "HTTP/1.1 406 Not Acceptable", 407 => "HTTP/1.1 407 Proxy Authentication Required", 408 => "HTTP/1.1 408 Request Time-out", 409 => "HTTP/1.1 409 Conflict", 410 => "HTTP/1.1 410 Gone", 411 => "HTTP/1.1 411 Length Required", 412 => "HTTP/1.1 412 Precondition Failed", 413 => "HTTP/1.1 413 Request Entity Too Large", 414 => "HTTP/1.1 414 Request-URI Too Large", 415 => "HTTP/1.1 415 Unsupported Media Type", 416 => "HTTP/1.1 416 Requested range not satisfiable", 417 => "HTTP/1.1 417 Expectation Failed", 500 => "HTTP/1.1 500 Internal Server Error", 501 => "HTTP/1.1 501 Not Implemented", 502 => "HTTP/1.1 502 Bad Gateway", 503 => "HTTP/1.1 503 Service Unavailable", 504 => "HTTP/1.1 504 Gateway Time-out" ); header($http[$num]); */ ################################################################################################ ###################################### sicherheitsfunktionen ####################################### ################################################################################################ ####################################################################### ###################### wenn innerhalb von zeitintervall zu oft gesucht wird ####################################################################### function check_intervall() { return 1; /* $SecMustDiffer = 2; $sec = time(); $remote_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $Path = SECURITY_CHECK_INTERVAL; touch("$Path/check_intervall.$remote_ip"); $check_handle = fopen("$Path/check_intervall.$remote_ip","r"); $last_access = fgets($check_handle, 100); trim($last_access); fclose($check_handle); $sec_check = explode ("#", $last_access); if ( strcasecmp($sec_check[0],$remote_ip) == 0 ) { $secdiff = $sec - $sec_check[1]; if ( $secdiff >= $SecMustDiffer ) { #alles ok, l�nger als 1 sec zwischen suchanfragen } else { $banned_handle = fopen("$Path/check_intervall.$remote_ip","w"); fputs($banned_handle,"$remote_ip#$sec\n"); fclose($banned_handle); echo "
Bitte warten sie $SecMustDiffer Sekunde zwischen den Suchanfragen!
Please wait at least $SecMustDiffer second between each request!
"; return 0; }; # if ($secdiff >= $SecMustDiffer ) { }; # if ( $sec_check[0] == "$remote_ip") { $log_handle = fopen("$Path/check_intervall.$remote_ip","w"); fputs($log_handle,"$remote_ip#$sec\n"); fclose($log_handle); return 1; */ }; # function check_interval() ####################################################################### ###################### wenn am tag zuoft gesucht wurde -> banned until 0:00 ####################################################################### function check_accessed_times() { return 1; # kein check bei googlebots if ( preg_match("#(googlebot)|(msnbot|Lycos_Spider|eMiragorobot|Slurp|Ask Jeeves|WebCrawler|Scooter|Google)|(bot)#si", $_SERVER['HTTP_USER_AGENT']) ) { return 1; }; $current_day = date("j"); $remote_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $Path = SECURITY_ACCESS_TIME; touch("$Path/check_access.$remote_ip"); $check_handle = fopen("$Path/check_access.$remote_ip","r"); $last_access = fgets($check_handle, 100); trim($last_access); fclose($check_handle); list($iplog,$times,$myday) = explode ("#", $last_access); # nur wenn der gleiche tag ist, checke,sonst alles ok! # if ( preg_match("/$current_day/", $myday) ) { if ( $current_day == $myday ) { # heute schon �ber MAXREQUESTPERDAY mal zugegriffen -> banne diese ip bis 0 Uhr if ( $times >= MAXREQUESTPERDAY ) { echo "

Gesperrt bis 0 Uhr - weil du heute schon zu oft gesucht hast! Probleme an bigfish82@gmail.com berichten! Bannded until 0 o'clock because of too extensive use today. Report Errors to bigfish82@gmail.com !

"; return 0; } else { $times = $times+1; $log_handle = fopen("$Path/check_access.$remote_ip","w"); fputs($log_handle,"$remote_ip#$times#$current_day\n"); fclose($log_handle); return 1; }; # if ( $times >= MAXREQUESTPERDAY ) { } else { # ip hat heute noch nicht zugegriffen,darum den ersten eintrag machen! $times = "0"; $log_handle = fopen("$Path/check_access.$remote_ip","w"); fputs($log_handle,"$remote_ip#$times#$current_day\n"); fclose($log_handle); return 1; }; # if ( $current_day == $myday ) { return 1; }; # function check_accessed_times() { /* ####################################################################### ###################### b�se sonderzeichen entfernen ####################################################################### function deleteSpecialChars($del_badchar) { if ( strlen($del_badchar) > MAXSTRLEN ) { # l�sche alles nach dem 200sten zeichen bei �berlangen eingaben $del_badchar = substr($del_badchar, 0, MAXSTRLEN); }; $del_badchar = preg_replace("/\"/", "", $del_badchar); $del_badchar = preg_replace("/`/", "", $del_badchar); $del_badchar = preg_replace("/'/", "", $del_badchar); $del_badchar = preg_replace("/\?/", "", $del_badchar); $del_badchar = preg_replace("/%/", "", $del_badchar); $del_badchar = preg_replace("/$/", "", $del_badchar); $del_badchar = preg_replace("/�/", "", $del_badchar); $del_badchar = preg_replace("/!/", "", $del_badchar); $del_badchar = preg_replace("/\&/", "+", $del_badchar); $del_badchar = preg_replace("/\{/", "", $del_badchar); $del_badchar = preg_replace("/\}/", "", $del_badchar); # $del_badchar = preg_replace("/(/", "", $del_badchar); # $del_badchar = preg_replace("/)/", "", $del_badchar); $del_badchar = preg_replace("/\[/", "", $del_badchar); $del_badchar = preg_replace("/\]/", "", $del_badchar); $del_badchar = preg_replace("/=/", "", $del_badchar); $del_badchar = preg_replace("/#/", "", $del_badchar); $del_badchar = preg_replace("/,/", "", $del_badchar); $del_badchar = preg_replace("/;/", "", $del_badchar); $del_badchar = preg_replace("/\|/", "", $del_badchar); $del_badchar = preg_replace("//", "", $del_badchar); $del_badchar = preg_replace("/\//", "", $del_badchar); $del_badchar = preg_replace("/�/", "", $del_badchar); $del_badchar = preg_replace("/^/", "", $del_badchar); $del_badchar = preg_replace("/\./", "", $del_badchar); $del_badchar = preg_replace("/,/", "", $del_badchar); $del_badchar = preg_replace("/�/", "ss", $del_badchar); $del_badchar = preg_replace("/\|/", "", $del_badchar); $del_badchar = preg_replace("/�/", "", $del_badchar); $del_badchar = preg_replace("/�/", "", $del_badchar); $del_badchar = preg_replace("/~/", "", $del_badchar); $del_badchar = preg_replace("/�/", "", $del_badchar); $del_badchar = preg_replace("/\&+\#+(\d)+\;/", " ", $del_badchar); # entferne html entities $code_entities_match = array(' ','--','"','!','@','#','$','%','^','&','*','(',')','_','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','~','`','='); $code_entities_replace = array(' ',' ','','','','','','','','','','','','','','','','','','','','','',''); $del_badchar = str_replace($code_entities_match, $code_entities_replace, $del_badchar); #return strtolower($del_badchar); return $del_badchar; }; # function deleteSpecialChars($del_badchar) { */ ?>