1 |
<?php |
2 |
/* This file is part of BBClone (A PHP based Web Counter on Steroids) |
3 |
* |
4 |
* SVN FILE $Id$ |
5 |
* |
6 |
* Copyright (C) 2001-2016, the BBClone Team (see doc/authors.txt for details) |
7 |
* |
8 |
* This program is free software: you can redistribute it and/or modify |
9 |
* it under the terms of the GNU General Public License as published by |
10 |
* the Free Software Foundation, either version 3 of the License, or |
11 |
* (at your option) any later version. |
12 |
* |
13 |
* This program is distributed in the hope that it will be useful, |
14 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 |
* GNU General Public License for more details. |
17 |
* |
18 |
* See doc/copying.txt for details |
19 |
*/ |
20 |
|
21 |
//////////// |
22 |
// Marker // |
23 |
//////////// |
24 |
|
25 |
// Main Class Counter |
26 |
class bbc_marker { |
27 |
var $sep, $filename, $ignored, $string; |
28 |
|
29 |
// randomly choose a counter file to write to |
30 |
function bbc_counter_file($cache_path, $counter_pre, $counter_suf) { |
31 |
global $BBC_COUNTER_FILES; |
32 |
|
33 |
mt_srand((double) microtime() * 1000000); |
34 |
return ($cache_path.$counter_pre.mt_rand(0, ($BBC_COUNTER_FILES - 1)).$counter_suf); |
35 |
} |
36 |
|
37 |
function bbc_known_range($addr, $class_a) { |
38 |
// look up whether an address is registerred |
39 |
global $BBC_IP2EXT_PATH; |
40 |
|
41 |
$long = sprintf("%u", ip2long($addr)); |
42 |
$file = $BBC_IP2EXT_PATH.$class_a.".inc"; |
43 |
$is_valid = false; |
44 |
|
45 |
if (!is_readable($file)) return false; |
46 |
|
47 |
$fp = fopen($file, "rb"); |
48 |
|
49 |
while (($range = fgetcsv($fp, 32, "|")) !== false) { |
50 |
if (($long >= $range[1]) && ($long < ($range[1] + $range[2]))) { |
51 |
$is_valid = true; |
52 |
break; |
53 |
} |
54 |
} |
55 |
fclose($fp); |
56 |
return ($is_valid ? true : false); |
57 |
} |
58 |
|
59 |
// validates a hostname or ip address |
60 |
function bbc_valid_ip($addr, $prx = 0) { |
61 |
$iptest = explode(".", $addr); |
62 |
$iptest = defined("_rev") ? array_reverse($iptest) : $iptest; |
63 |
$oct = count($iptest); |
64 |
|
65 |
if ($oct != 4) return false; |
66 |
|
67 |
for ($i = 0; $i < $oct; $i++) { |
68 |
$iptest[$i] = trim($iptest[$i]); |
69 |
|
70 |
if ((!preg_match(":^[0-9]{1,3}$:", $iptest[$i])) || ($iptest[$i] > 255)) return false; |
71 |
} |
72 |
|
73 |
if (($iptest[0] < 1) || ($iptest[0] > 223) || ($iptest[3] < 1) || ($iptest[3] > 254) || |
74 |
(($prx) && ($this->bbc_known_range($addr, $iptest[0]) === false))) return false; |
75 |
|
76 |
return (defined("_rev") ? implode(".", $iptest) : $addr); |
77 |
} |
78 |
|
79 |
// converts a hexadecimal ip address to the dotted format if applicable |
80 |
function bbc_hex2ip($str) { |
81 |
if (!preg_match(":[a-fA-F0-9]{8}:", $str)) return $str; |
82 |
|
83 |
$arr = explode(".", wordwrap($str, 2, ".", 2)); |
84 |
|
85 |
for ($i = 0, $k = count($arr); $i < $k; $i++) $arr[$i] = trim(hexdec($arr[$i])); |
86 |
return ($arr[0].".".$arr[1].".".$arr[2].".".$arr[3]); |
87 |
} |
88 |
|
89 |
// returns the first valid host |
90 |
function bbc_select_host($array) { |
91 |
arsort($array, SORT_NUMERIC); |
92 |
|
93 |
foreach ($array as $key => $val) { |
94 |
$key = $this->bbc_hex2ip(trim($key)); |
95 |
|
96 |
if (($prx = $this->bbc_valid_ip($key, 1)) !== false) return $prx; |
97 |
} |
98 |
return false; |
99 |
} |
100 |
|
101 |
// extract the first valid address from a chain |
102 |
function bbc_unchain_addr($val) { |
103 |
if (strpos($val, ",") === false) return $val; |
104 |
|
105 |
$array = explode(",", $val); |
106 |
|
107 |
for ($i = 0, $max = count($array); $i < $max; $i++) $array[$i] = trim($array[$i]); |
108 |
return $this->bbc_select_host(array_flip($array)); |
109 |
} |
110 |
|
111 |
// return the correct remote address |
112 |
function bbc_get_remote_addr($addr, $reverse) { |
113 |
$addr = $this->bbc_unchain_addr($addr); |
114 |
$reverse = $this->bbc_unchain_addr($reverse); |
115 |
|
116 |
if ((!empty($reverse)) && ($this->bbc_valid_ip($addr, 1) === false)) return $reverse; |
117 |
elseif (empty($addr)) return "127.0.0.1"; |
118 |
else return ((substr($addr, 0, strpos($addr, ".")) == 127) ? "127.0.0.1" : $addr); |
119 |
} |
120 |
|
121 |
// check for client in proxy headers |
122 |
function bbc_parse_headers() { |
123 |
if (_BBC_PHP < 410) global $HTTP_SERVER_VARS; |
124 |
|
125 |
foreach (((_BBC_PHP < 410) ? $HTTP_SERVER_VARS : $_SERVER) as $key => $val) { |
126 |
if (!(substr($key, 0, strpos($key, "_")) == "HTTP")) continue; |
127 |
|
128 |
if ((stristr($val, " for ") !== false)) { |
129 |
$tmp = explode(" for ", strtolower($val)); |
130 |
$tmpval = trim($tmp[count($tmp) - 1]); |
131 |
$tmpval = $this->bbc_unchain_addr($tmpval); |
132 |
$chk[$tmpval] = isset($chk[$tmpval]) ? ++$chk[$tmpval] : 1; |
133 |
} |
134 |
if ((strpos($key, "_CLIENT") !== false) || (substr($key, -4) == "_FOR")) { |
135 |
$val = $this->bbc_unchain_addr($val); |
136 |
$chk[$val] = isset($chk[$val]) ? ++$chk[$val] : 1; |
137 |
} |
138 |
// If we find this, the client's ip address needs to be reversed |
139 |
if (($key == "HTTP_VIA") && (preg_match("|Traffic[ \-]?Server/5\.2\.0|i", $val))) { |
140 |
!defined("_rev") ? define("_rev", 1) : ""; |
141 |
} |
142 |
} |
143 |
return (!empty($chk) ? $this->bbc_select_host($chk) : false); |
144 |
} |
145 |
|
146 |
// Check if an ip address is matching up against the blacklist |
147 |
function bbc_is_ignored($blacklist, $client) { |
148 |
$ipmatch = (empty($blacklist) ? "" : explode(",", $blacklist)); |
149 |
|
150 |
if (empty($ipmatch)) return false; |
151 |
|
152 |
for($i = count($ipmatch) - 1; $i >= 0; $i--) { |
153 |
$test = trim($ipmatch[$i]); |
154 |
|
155 |
if (substr($client, 0, strlen($test)) === $test) return true; |
156 |
} |
157 |
return false; |
158 |
} |
159 |
|
160 |
// checking for matching hosts which we have to ignore. We assume that a |
161 |
// keyword with leading slash implies an uri and everything else a hostname |
162 |
function bbc_ignore_ref($array) { |
163 |
global $BBC_IGNORE_REFER; |
164 |
|
165 |
if (!empty($BBC_IGNORE_REFER)) { |
166 |
foreach(explode(",", $BBC_IGNORE_REFER) as $test) { |
167 |
$test = trim($test); |
168 |
$is_path = ($test[0] == "/") ? true : false; |
169 |
|
170 |
if (stristr(($is_path ? $array[2] : $array[1]), $test) !== false) return true; |
171 |
} |
172 |
} |
173 |
return false; |
174 |
} |
175 |
|
176 |
// checks for a valid url format |
177 |
function bbc_valid_ref($ref) { |
178 |
$tmp = explode(":", $ref); |
179 |
|
180 |
for ($i = 0, $k = count($tmp); $i < $k; $i++) $tmp[$i] = trim($tmp[$i]); |
181 |
return (((($tmp[0] == "http") || ($tmp[0] == "https")) && (substr($tmp[1], 0, 2) == "//")) ? true : false); |
182 |
} |
183 |
|
184 |
//converts a referrer to an array with the hostname, ip address and the full referrer |
185 |
function bbc_parse_ref($ref) { |
186 |
if (!$this->bbc_valid_ref($ref)) return false; |
187 |
|
188 |
// getting rid of stupid user input |
189 |
$ref = str_replace(":/", "://", preg_replace(":/+:", "/", $ref)); |
190 |
$ref = preg_replace(":\.+(/|$):", "\\1", $ref); |
191 |
$ref = substr(strstr($ref, "://"), 3); |
192 |
|
193 |
$uri = (($slash = strpos($ref, "/")) !== false) ? substr($ref, $slash) : "/"; |
194 |
$host_raw = strtolower((($slash !== false) ? substr($ref, 0, $slash) : $ref)); |
195 |
$host = (($port = strpos($host_raw, ":")) !== false) ? substr($host_raw, 0, $port) : $host_raw; |
196 |
|
197 |
return (preg_match("|^[a-zA-Z0-9._\-]{2,64}$|", $host) ? array("http://".$host_raw.$uri, $host, $uri) : false); |
198 |
} |
199 |
|
200 |
// determine and filter stuff which came from the local server |
201 |
function bbc_filter_ref($srvhost, $ref, $srvname, $srvaddr) { |
202 |
$ref_array = $this->bbc_parse_ref($ref); |
203 |
|
204 |
if (is_array($ref_array) && ($this->bbc_ignore_ref($ref_array) !== false)) return "ignored"; |
205 |
|
206 |
if (!$ref_array || ($ref_array[1] == $srvaddr) || ($ref_array[1] == $srvname) || |
207 |
((substr($ref_array[1], 0, 4) == "127.") || (substr($ref_array[1], 0, 2) == "0.")) || |
208 |
((substr($srvname, 0, 4) == "www.") && (substr($srvname, 4) == $ref_array[1])) || |
209 |
((substr($ref_array[1], 0, 4) == "www.") && (substr($ref_array[1], 4) == $srvname)) || |
210 |
(!empty($srvhost) && (($srvhost == $ref_array[1]) || |
211 |
((substr($srvhost, 0, 4) == "www.") && (substr($srvhost, 4) == $ref_array[1])) || |
212 |
((substr($ref_array[1], 0, 4) == "www.") && (substr($ref_array[1], 4) == $srvhost))))) { |
213 |
return "unknown"; |
214 |
} |
215 |
else return $ref_array[0]; |
216 |
} |
217 |
|
218 |
// avoid trails of query strings which aren't relevant for page counting |
219 |
function bbc_filter_uri($script, $pinfo, $uri) { |
220 |
global $BBC_USE_ORIGINAL_URI; |
221 |
|
222 |
// check if we should use original uri, else we filter uri by default |
223 |
if ((!empty($BBC_USE_ORIGINAL_URI))) { |
224 |
return $uri; |
225 |
} |
226 |
// filter -> getting rid of stupid user input |
227 |
foreach (array("pinfo", "uri") as $path) { |
228 |
${$path} = str_replace(":/", "://", preg_replace(":/+:", "/", ${$path})); |
229 |
${$path} = preg_replace(":\.+(/|$):", "\\1", ${$path}); |
230 |
} |
231 |
|
232 |
// On some systems path info is just an alias for the script uri |
233 |
$pinfo = ($uri == $pinfo) ? 0 : $pinfo; |
234 |
|
235 |
$uri = !empty($pinfo) ? substr($uri, 0, (strlen($uri) - strlen($pinfo))) : $uri; |
236 |
$uri = (basename($uri) !== $script) ? (((($dir = dirname($uri)) == ".") || (empty($dir))) ? "/" : $dir."/") |
237 |
.$script : $uri; |
238 |
|
239 |
$test = explode(".", $script); |
240 |
$tmp = strtolower(trim($test[0])); |
241 |
$tmp = ((count($test) == 2) && (($tmp == "index") || ($tmp == "default"))) ? true : false; |
242 |
|
243 |
return (($tmp !== false) ? substr($uri, 0, (strrpos($uri, "/") + 1)) : (empty($uri) ? "/" : $uri)); |
244 |
} |
245 |
|
246 |
// automatic page name generation in case of not being specified |
247 |
function bbc_auto_page_name($uri) { |
248 |
if (!is_string($uri) || empty($uri) || ($uri == "/")) return "index"; |
249 |
|
250 |
$uri = (substr($uri, -1) == "/") ? substr($uri, 1, -1) : ((($dot = strrpos($uri, ".")) !== false) ? |
251 |
substr($uri, 1, --$dot) : substr($uri, 1)); |
252 |
$uri = strtr($uri, array("/" => " -> ", "_" => " ")); |
253 |
|
254 |
return ucwords($uri); |
255 |
} |
256 |
|
257 |
// write the entry |
258 |
function bbc_write_entry() { |
259 |
global $BBC_CACHE_PATH; |
260 |
|
261 |
$file = $this->filename; |
262 |
$base = basename($file); |
263 |
|
264 |
if (!is_readable($file)) return array($base, "r"); |
265 |
if (!is_writable($file)) return array($base, "w"); |
266 |
|
267 |
$fp = defined("_BBC_DIO") ? dio_open($file, O_RDWR | O_APPEND) : fopen($file, "ab+"); |
268 |
|
269 |
if (defined("_BBC_DIO") && (dio_fcntl($fp, F_SETLK, 1) !== -1)) { |
270 |
dio_write($fp, $this->string); |
271 |
dio_fcntl($fp, F_SETLK, 0); |
272 |
|
273 |
$ok = 1; |
274 |
} |
275 |
else { |
276 |
if (defined("_BBC_SEM") ? ($id = bbc_semlock($file)) : flock($fp, LOCK_EX)) { |
277 |
fputs($fp, $this->string); |
278 |
fflush($fp); |
279 |
defined("_BBC_SEM") ? sem_release($id) : flock($fp, LOCK_UN); |
280 |
|
281 |
$ok = 1; |
282 |
} |
283 |
} |
284 |
defined("_BBC_DIO") ? dio_close($fp) : fclose($fp); |
285 |
|
286 |
return (isset($ok) ? array($base, "o") : array($base, "l")); |
287 |
} |
288 |
|
289 |
// constructor |
290 |
function bbc_marker() { |
291 |
if (_BBC_PHP < 410) global $HTTP_SERVER_VARS; |
292 |
|
293 |
global $BBC_CACHE_PATH, $BBC_COUNTER_PREFIX, $BBC_COUNTER_SUFFIX, $BBC_IGNORE_IP, $BBC_SEP, $BBC_TIMESTAMP, |
294 |
$BBC_TIME_OFFSET, $DOCUMENT_ROOT, $HTTP_HOST, $HTTP_X_REMOTECLIENT_IP, $LOCAL_ADDR, $PATH_INFO, |
295 |
$PHP_SELF, $SCRIPT_FILENAME, $SERVER_NAME; |
296 |
|
297 |
$this->sep = $BBC_SEP; |
298 |
$this->ignored = false; |
299 |
$this->filename = $this->bbc_counter_file($BBC_CACHE_PATH, $BBC_COUNTER_PREFIX, $BBC_COUNTER_SUFFIX); |
300 |
|
301 |
$time = $BBC_TIMESTAMP + ($BBC_TIME_OFFSET * 60); |
302 |
|
303 |
// loads of initialisations |
304 |
$hdr = array("DOCUMENT_ROOT", "HTTP_USER_AGENT", "LOCAL_ADDR", "REMOTE_HOST", "REMOTE_ADDR", "HTTP_HOST", |
305 |
"HTTP_REFERER", "HTTP_X_REMOTECLIENT_IP", "ORIG_PATH_INFO", "ORIG_PATH_TRANSLATED", |
306 |
"ORIG_SCRIPT_FILENAME", "PATH_INFO", "PATH_TRANSLATED", "HTTP_PC_REMOTE_ADDR", "PHP_SELF", |
307 |
"SCRIPT_FILENAME", "SERVER_NAME", "SERVER_ADDR"); |
308 |
|
309 |
foreach ($hdr as $str) { |
310 |
$$str = ((_BBC_PHP < 410) ? !empty($HTTP_SERVER_VARS[$str]) : !empty($_SERVER[$str])) ? |
311 |
bbc_clean(((_BBC_PHP < 410) ? $HTTP_SERVER_VARS[$str] : $_SERVER[$str]), $BBC_SEP) : false; |
312 |
} |
313 |
|
314 |
// determine whether we got the "ORIG_" prefix |
315 |
foreach (array("PATH_INFO", "PATH_TRANSLATED", "SCRIPT_FILENAME") as $env) { |
316 |
$$env = !empty(${"ORIG_".$env}) ? ${"ORIG_".$env} : $$env; |
317 |
} |
318 |
|
319 |
$filename = (empty($PATH_TRANSLATED) || ($PATH_TRANSLATED == $DOCUMENT_ROOT)) ? basename($SCRIPT_FILENAME) : |
320 |
basename($PATH_TRANSLATED); |
321 |
$REMOTE_ADDR = ((stristr(PHP_OS, "darwin") !== false) && !empty($HTTP_PC_REMOTE_ADDR)) ? $HTTP_PC_REMOTE_ADDR : |
322 |
$REMOTE_ADDR; |
323 |
$REQUEST_URI = $this->bbc_filter_uri($filename, $PATH_INFO , $PHP_SELF); |
324 |
$SERVER_ADDR = empty($SERVER_ADDR) ? $LOCAL_ADDR : $SERVER_ADDR; |
325 |
$SERVER_ADDR = $this->bbc_valid_ip($SERVER_ADDR) ? $SERVER_ADDR : "127.0.0.1"; |
326 |
$HTTP_USER_AGENT = empty($HTTP_USER_AGENT) ? "unknown" : $HTTP_USER_AGENT; |
327 |
$HTTP_REFERER = empty($HTTP_REFERER) ? "unknown" : |
328 |
$this->bbc_filter_ref($HTTP_HOST, $HTTP_REFERER, $SERVER_NAME, $SERVER_ADDR); |
329 |
// Use a page name even if the user didn't specify it |
330 |
$page = defined("_BBC_PAGE_NAME") ? bbc_clean(_BBC_PAGE_NAME, $BBC_SEP) : $this->bbc_auto_page_name($REQUEST_URI); |
331 |
$prx = $this->bbc_parse_headers(); |
332 |
|
333 |
if (!empty($prx)) { |
334 |
$prx_addr = $this->bbc_get_remote_addr($REMOTE_ADDR, $HTTP_X_REMOTECLIENT_IP); |
335 |
|
336 |
if (($this->ignored = $this->bbc_is_ignored($BBC_IGNORE_IP, $prx_addr)) !== false) return; |
337 |
else $REMOTE_ADDR = bbc_clean($prx, $BBC_SEP); |
338 |
} |
339 |
else { |
340 |
$prx_addr = "unknown"; |
341 |
$REMOTE_ADDR = $this->bbc_get_remote_addr($REMOTE_ADDR, $HTTP_X_REMOTECLIENT_IP); |
342 |
} |
343 |
|
344 |
if (($this->ignored = $this->bbc_is_ignored($BBC_IGNORE_IP, $REMOTE_ADDR)) !== false) return; |
345 |
|
346 |
// "unknown" is meant as a placeholder for the hostname, which will be processed at a different location |
347 |
$this->string = $time.$this->sep.$prx_addr.$this->sep.$REMOTE_ADDR.$this->sep."unknown".$this->sep |
348 |
.$HTTP_USER_AGENT.$this->sep.$HTTP_REFERER.$this->sep.$REQUEST_URI.$this->sep.$page."\n"; |
349 |
} |
350 |
} |
351 |
?> |