Вход
Регистрация
PHP коды
| Система безопасности и фильтровки данных
/*задаём основные настройки и стерлизацию*/ $usehtaccessbans = 1;# 1 = изменить .htaccess запретить IP-адреса, 0 = не запрещать IP-адреса. $filterGETvars = 1;# 1 = стерилизовать HTML-теги в GET переменных, 0 = нет $filterCOOKIEvars = 1; # 1 = стерилизовать HTML-теги в Cookie переменных, 0 = не $filterPOSTvars = 0; # 1 = стерилизовать HTML-теги в POST переменных, 0 = не $extraPOSTprotection = 1; # 1 = использовать дополнительную защиту POST, 0 = не $extraGETprotection = 0; # 1 = использовать дополнительную защиту GET, 0 = не (не рекомендуется!) $checkmultiPOST = 1; # 1 = разрешить только maxmultiPOST число последовательных сообщений, 0 = не волнует, $maxmultiPOST = 4; # Максимальное количество операций POST подряд, если checkmultipost включен. $zipcompress = 0; # 1 = Сжимать-страниц с использованием библиотеки GZIP (меньшую пропускную способность, что выше, CPU), 0 = нет $compresslevel = 9; # Уровень сжатия для zipcompressing от 1 (низкая) до 9 (максимум) $cpuloadmonitor = 0; # 1 = блокировать доступ, если в течение определенного загрузки системы, 0 = нет $cpumaxload = 10,0; # Максимальная 5 минут средняя загрузка системы перед блокированием доступа $ccisessionpath = ""; # Если не пустой, задает путь к каталогу для хранения файлов сессий. /* шифрования и кодирование переменных*/ $javababble = 0; # 1 = использовать кодировку / Шифрование (должен быть включен любой), 0 = нет $javaencrypt = 0; # У фактического Шифрование HTML, а не только избежать (предупреждение: может замедлить дисплей) $preservehead = 0; # 1 = Только кодирования / шифрования между телом теги, 0 = кодирование / шифрование весь документ /*Проверить в-Script переопределения*/ if (isset($zipoverride)) { if (!isset($_REQUEST["zipoverride"])) { $zipcompress = $zipoverride; unset($zipoverride); } } if (isset($babbleoverride)) { if (!isset($_REQUEST["babbleoverride"])) { $javababble = $babbleoverride; unset($babbleoverride); } } ################## # # Function: CCIJavaBabble # # Usage: Takes some HTML, url-encodes it (jumbles it) then returns the javascript needed to display it properly. # ################## function CCIJavaBabble($myoutput) { global $mycrypto, $myalpha2, $javaencrypt, $preservehead; $s = $myoutput; $s = ereg_replace("\n","",$s); if ($preservehead) { eregi("(^.+]*>)",$s,$chunks); $outputstring = $chunks[1]; eregi_replace($headpart,"",$s); eregi("(]*>.*)",$s,$chunks); $outputend = $chunks[1]; eregi_replace($footpart,"",$s); } else { $outputstring = ""; $outputend = ""; } if ($javaencrypt) { $s = strtr($s,$myalpha2,$mycrypto); $s = rawurlencode($s); $outputstring .= "
You must enable Javascript in order to view this webpage.
" . $outputend; return $outputstring; } ################## # # Function: CCIClearSession # # Format: CCIClearSession() # Returns: Nothing # # Usage: Clears all the data out of the session record other than data used for this script # ################## function CCIClearSession() { $getvariables = array_keys($_SESSION); $count = 0; while($count < count($getvariables)) { if (substr($getvariables[$count],0,7) != "ccisec-") { session_unregister($getvariables[$count]); if (ini_get('register_globals')) unset($$getvariables[$count]); } $count++; } } ################## # # Function: CCIBanIP # # Format: CCIBanIP(IPAddress) # Returns: Nothing # # Usage: Will open and add a deny line to the .htaccess file in the same directory to deny all # accessing by a given IP address. # ################## function CCIBanIP($banip) { $filelocation = ".htaccess"; $limitend = "# End of CCI Security Section\n"; $newline = "deny from $banip\n"; if (file_exists($filelocation)) { $mybans = file($filelocation); $lastline = ""; if (in_array($newline,$mybans)) exit(); if (in_array($limitend,$mybans)) { $i = count($mybans)-1; while ($mybans[$i] != $limitend) { $lastline = array_pop($mybans) . $lastline; $i--; } $lastline = array_pop($mybans) . $lastline; $lastline = array_pop($mybans) . $lastline; $lastline = array_pop($mybans) . $lastline; array_push($mybans,$newline,$lastline); } else { array_push($mybans,"\n\n# CCI Security Script\n","
\n","order allow,deny\n",$newline,"allow from all\n","
\n",$limitend); } } else { $mybans = array("# CCI Security Script\n","
\n","order allow,deny\n",$newline,"allow from all\n","
\n",$limitend); } $myfile = fopen($filelocation,"w"); fwrite($myfile,implode($mybans,"")); fclose($myfile); } ################## # # Function: CCIFloodCheck # # Format: CCIFloodCheck("identifier",interval,threshold) # Returns: 1 if requested without minimum interval, a threshold number of times. 0 if not. # # Usage: For functions that require flood control pass a unique identifier, the minimum number of # seconds that should be waited between repeats of the function, and a number of times that # function can be called too quickly before it sets off the flood trapping. # ################## function CCIFloodCheck($identifier,$interval,$threshold=1) { $myresult = 0; if (isset($_SESSION["ccisec-" . $identifier])) { if ($_SESSION["ccisec-" . $identifier] > (time()-$interval)) { if ($threshold<2) { $myresult = 1; } else { if (!isset($_SESSION["ccisec-" . $identifier . "-counter"])) { $_SESSION["ccisec-" . $identifier . "-counter"] = 1; } else { $_SESSION["ccisec-" . $identifier . "-counter"]++; if ($_SESSION["ccisec-" . $identifier . "-counter"] >= $threshold) { $myresult = 1; } } } } $_SESSION["ccisec-" . $identifier] = time(); } return $myresult; } ################################################################################ srand(time()); if (eregi("ccisecurity\.php",$_SERVER["SCRIPT_NAME"])) exit(); if ($ccisessionpath != "") session_save_path($ccisessionpath); session_name(md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_HOST"] . "CCI")); ini_set("session.use_only_cookies","1"); ini_set("session.use_trans_sid","0"); if (($zipcompress) && (eregi("gzip",$_SERVER["HTTP_ACCEPT_ENCODING"]))) { ini_set("zlib.output_compression","On"); ini_set("zlib.output_compression_level",$compresslevel); ob_start("ob_gzhandler"); } if ($javababble) { if ($javaencrypt) { $myalpha = array_merge(range("a","z"),range("A","Z"),range("0","9")); $myalpha2 = implode("",$myalpha); shuffle($myalpha); $mycrypto = implode("",$myalpha); setcookie(md5($_SERVER["REMOTE_ADDR"] . $_SERVER["SERVER_ADDR"]),$mycrypto); unset($myalpha); } ob_start("cciJavaBabble"); } if (substr_count($_SERVER["SERVER_NAME"],".")>1) { $cookiedomain = eregi_replace("^[^\.]+\.",".",$_SERVER["SERVER_NAME"]); } else $cookiedomain = "." . $_SERVER["SERVER_NAME"]; $ip = $_SERVER["REMOTE_ADDR"]; $mykeyname = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_HOST"] . $_SERVER["DOCUMENT_ROOT"] . "CCI"); $myposthashname = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_HOST"] . $_SERVER["PATH"] . "CCI"); $myhash = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . $_SERVER["HTTP_HOST"] . $_SERVER["DOCUMENT_ROOT"] . $_SERVER["SERVER_SOFTWARE"] . $_SERVER["PATH"] . "X"); $mysession = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_HOST"]); session_id($mysession); session_start(); if (!isset($_SESSION["ccisec-errors"])) $_SESSION["ccisec-errors"] = 0; if ($_SESSION["ccisec-errors"]>=10) { CCIBanIP($ip); exit(); } if ($_SESSION["ccisec-myhash"] != $myhash) { $_SESSION["ccisec-myhash"] = $myhash; $_SESSION["ccisec-errors"]++; session_write_close(); Header("Location: http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit(); } if ((!isset($_COOKIE[$mykeyname])) || ($_COOKIE[$mykeyname] != $myhash)) { if (!isset($_SESSION["ccisec-nocookie"])) { $_SESSION["ccisec-nocookie"] = 1; } else { $_SESSION["ccisec-nocookie"]++; } if (($usehtaccessbans) && ($_SESSION["ccisec-nocookie"]>10)) CCIBanIP($ip); setcookie($mykeyname,$myhash,0,"/",$cookiedomain); if ($_SESSION["ccisec-nocookie"]>2) { echo "
Access Denied
You must enable cookies in order to access this website. Please do so before returning, as continued attempts to access without cookies may result in a banning of this ip ($ip).
"; session_write_close(); exit(); } if ($extraGETprotection) { $_SESSION["ccisec-hash"] = md5(uniqid(time())); setcookie($myposthashname,$_SESSION["ccisec-hash"],0,"/",$cookiedomain); } CCIClearSession(); session_write_close(); Header("Location: http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit(); } else $_SESSION["ccisec-nocookie"] = 0; if (($usehtaccessbans) && ($_SESSION["ccisec-fastaccesses"]>40)) CCIBanIP($ip); if ($_SESSION["ccisec-fastaccesses"]>10) { if ((time()-60) < $_SESSION["ccisec-lastaccess"]) { echo "
Access Denied
There have been too many rapid requests from this IP address ($ip). You must now wait a full 60 seconds before accessing this site again.
"; $_SESSION["ccisec-fastaccesses"]++; $_SESSION["ccisec-lastaccess"]=time(); exit(); } } if (!isset($_SESSION["ccisec-lastaccess"])) { $_SESSION["ccisec-lastaccess"]=time(); } else { if ((time()-2) < $_SESSION["ccisec-lastaccess"]) { if (!isset($_SESSION["ccisec-fastaccesses"])) $_SESSION["ccisec-fastaccesses"] = 0; $_SESSION["ccisec-fastaccesses"]++; } else { $_SESSION["ccisec-fastaccesses"] = 0; } $_SESSION["ccisec-lastaccess"]=time(); } if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($checkmultiPOST) { if (($_SESSION["ccisec-lastoperation"] == "POST") && ($_SESSION["ccisec-opcount"] >= $maxmultiPOST)) { echo "
Access Denied
You may not make multiple POST operations in sequence - please return to the website and try again.
"; $_SESSION["ccisec-errors"]++; exit(); } } if ($extraPOSTprotection) { if ((!isset($_COOKIE[$myposthashname])) || ($_COOKIE[$myposthashname] != $_SESSION["ccisec-hash"])) { echo "
Access Denied
Your browser did not send the correct security data needed to complete a POST operation. Make sure that you have cookies enabled and then try again, or contact the administration if you feel you are receiving this message in error.
"; $_SESSION["ccisec-errors"]++; exit(); } } } else if (($extraGETprotection) && ($_SERVER["REQUEST_METHOD"] == "GET")) { if ((!isset($_COOKIE[$myposthashname])) || ($_COOKIE[$myposthashname] != $_SESSION["ccisec-hash"])) { echo "
Access Denied
Your browser did not send the correct security data needed to complete a GET operation. Make sure that you have cookies enabled and then try again, or contact the administration if you feel you are receiving this message in error.
"; $_SESSION["ccisec-errors"]++; exit(); } } else if ($_SERVER["REQUEST_METHOD"] != "GET") { exit(); } if (($extraPOSTprotection) || ($extraGETprotection)) { srand(time()); $_SESSION["ccisec-hash"] = md5(uniqid(time())); setcookie($myposthashname,$_SESSION["ccisec-hash"],0,"/",$cookiedomain); } if ($_SESSION["ccisec-lastoperation"] == $_SERVER["REQUEST_METHOD"]) { if (!isset($_SESSION["ccisec-opcount"])) { $_SESSION["ccisec-opcount"] = 1; } else { $_SESSION["ccisec-opcount"]++; } } else $_SESSION["ccisec-lastoperation"] = $_SERVER["REQUEST_METHOD"]; # Make special characters safe in any GET based cgi variables. if ($filterGETvars) { $getvariables = array_keys($_GET); $count = 0; while($count < count($getvariables)) { $_GET[$getvariables[$count]] = htmlspecialchars($_GET[$getvariables[$count]]); if (ini_get('register_globals')) $$getvariables[$count] = $_GET[$getvariables[$count]]; $count++; } } if ($filterPOSTvars) { $getvariables = array_keys($_POST); $count = 0; while($count < count($getvariables)) { $_POST[$getvariables[$count]] = htmlspecialchars($_POST[$getvariables[$count]]); if (ini_get('register_globals')) $$getvariables[$count] = $_POST[$getvariables[$count]]; $count++; } } if ($filterCOOKIEvars) { $getvariables = array_keys($_COOKIE); $count = 0; while($count < count($getvariables)) { $_COOKIE[$getvariables[$count]] = htmlspecialchars($_COOKIE[$getvariables[$count]]); if (ini_get('register_globals')) $$getvariables[$count] = $_COOKIE[$getvariables[$count]]; $count++; } } if ($cpuloadmonitor) { $myshelldata = shell_exec("uptime"); $myshelldata = eregi_replace(".*average.*: ","",$myshelldata); $myshelldata = eregi_replace(", .*","",$myshelldata); if ($myshelldata >= $cpumaxload) { echo "
Access Denied
The server is currently too busy to serve your request. We apologize for the inconvenience.
"; exit(); } unset($myshelldata); } unset($count); unset($getvariables); unset($ip); unset($cookiedomain); unset($mykeyname); unset($myposthashname); unset($myhash); unset($mysession); $_SESSION["ccisec-errors"] = 0; if (connection_aborted()) exit();
Онлайн: 3
Реклама
Наш надёжный хостинг партнёр
Купить рекламу